Escolar Documentos
Profissional Documentos
Cultura Documentos
# Etapa2
# Configurando IPs de rede interna
/ ip address
add address=192.168.36.129/24 interface=Link_A comment="" disable=no
add address=142.86.92.152/24 interface=Link_B comment="" disable=no
# Etapa3
# Configurando Roteador
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.36.2,142.86.92.200 scope=255 target-scope=10
comment="Tolerancia a Falhas" disabled=no
# Etapa4
# Configurando Regras de filtragem do firewall
/ ip firewall filter
add chain=input protocol=icmp icmp-options=8:0-255 action=log log-prefix="Bloqueio Ping
Para o Servidor" comment="Bloqueio Ping Para o Servidor" disabled=yes
add chain=input protocol=icmp icmp-options=8:0-255 action=drop comment="" disabled=yes
add chain=input in-interface=Externa protocol=tcp dst-port=8080 action=log log-prefix=""
comment="Bloqueio do Proxy Externo" disabled=no
add chain=input in-interface=Externa protocol=tcp dst-port=8080 action=drop comment=""
disabled=no
add chain=forward src-address=80.80.1.0/24 p2p=warez action=log log-prefix=""
comment="Quebra de Criptografia ares" disabled=no
add chain=forward src-address=80.80.1.0/24 p2p=warez action=drop comment="" disabled=no
add chain=forward src-address=175.0.0.0/8 dst-address=175.0.0.0/8 action=log log-prefix=""
comment="Bloqueia tr fego entre clientes na rede" disabled=no
add chain=forward src-address=175.0.0.0/8 dst-address=175.0.0.0/8 action=drop comment=""
disabled=no
add chain=virus protocol=tcp dst-port=445 action=log log-prefix="" comment="Bloqueio de
VIRUS conhecidos" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=445 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=593 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=log log-prefix="" comment=""
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=log log-prefix="" comment=""
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=log log-prefix="" comment="" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=log log-prefix="" comment="Drop
Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=log log-prefix="" comment="Drop
Messenger Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=445 action=log log-prefix="" comment="Drop Blaster
Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=445 action=log log-prefix="" comment="Drop Blaster
Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=593 action=log log-prefix="" comment="________"
disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=log log-prefix=""
comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=log log-prefix="" comment="Drop MyDoom"
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=log log-prefix="" comment="________"
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=log log-prefix="" comment="ndm requester"
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=log log-prefix="" comment="ndm server"
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=log log-prefix="" comment="screen cast"
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=log log-prefix="" comment="hromgrafx"
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=log log-prefix="" comment="cichlid"
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=log log-prefix="" comment="Worm"
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=log log-prefix="" comment="Bagle Virus"
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=log log-prefix="" comment="Drop
Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=log log-prefix="" comment="Drop Beagle"
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=log log-prefix="" comment="Drop Beagle.CK" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=log log-prefix="" comment="Drop
porta proxy" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=log log-prefix="" comment="Drop Backdoor
OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=log log-prefix="" comment="Worm"
disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=4444 action=log log-prefix="" comment="Worm"
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=log log-prefix="" comment="Drop Sasser"
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=log log-prefix="" comment="Drop Beagle.B"
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=log log-prefix="" comment="Drop Dabber.AB" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="" disabled=no
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=log log-prefix="" comment="Drop Sasser"
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=log log-prefix="" comment="Drop Beagle.B"
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=log log-prefix="" comment="Drop Dabber.AB" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=log log-prefix="" comment="Drop
Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=log log-prefix="" comment="Drop
MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=log log-prefix="" comment="Drop NetBus"
disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=log log-prefix="" comment="Drop Kuang2"
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=log log-prefix="" comment="Drop
SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=log log-prefix="" comment="Drop PhatBot,
Agobot, Gaobot" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="" disabled=no
add chain=forward dst-address=69.5.88.0/24 action=log log-prefix="" comment="Bloqueio Site
www.megaclick.com" disabled=no
add chain=forward dst-address=69.5.88.0/24 action=drop comment="" disabled=no
add chain=forward dst-address=204.16.252.0/24 action=log log-prefix="" comment="Bloqueio
Virus Orkut" disabled=no
add chain=forward dst-address=204.16.252.0/24 action=drop comment="" disabled=no
add chain=forward dst-address=82.204.219.0/24 action=log log-prefix="" comment="Virus msn"
disabled=no
add chain=forward dst-address=82.204.219.0/24 action=drop comment="" disabled=no
# Etapa6
# Configurando Regras de NAT do Firewall
/ ip firewall nat
add chain=dstnat src-address=175.0.2.2 action=dst-nat to-addresses=200.221.2.45 to-ports=065535 comment="REDIRECIONA CLIENTE BLOQUEADO PARA TELA DE AVISO" disabled=yes
add chain=dstnat in-interface=Interna dst-address=200.201.160.0/24 protocol=tcp dst-port=80
action=accept comment="Repassa tr fego programas da Caixa Econ mica" disabled=yes
add chain=dstnat in-interface=Interna dst-address=200.201.166.0/24 protocol=tcp dst-port=80
action=accept comment="" disabled=yes
add chain=dstnat in-interface=Interna dst-address=200.201.173.0/24 protocol=tcp dst-port=80
action=accept comment="" disabled=yes
add chain=dstnat in-interface=Interna dst-address=200.201.174.0/24 protocol=tcp dst-port=80
action=accept comment="" disabled=yes
add chain=srcnat out-interface=Link_A action=masquerade comment="NAT - Network Address
Translator" disabled=no
add chain=srcnat out-interface=Link_B action=masquerade comment="" disabled=no
add chain=dstnat in-interface=Interna action=redirect to-ports=8080 comment="" disabled=no
# Etapa7
# Configurando Servicos do Sistema
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=yes
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
# Etapa8
# Configurando do Servidor de DNS
/ ip dns
set primary-dns=192.168.36.2 secondary-dns=142.86.92.1 allow-remote-requests=yes cache-
size=4096KiB cache-max-ttl=1w
# Etapa9
# Configurando Servidor Proxy
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximalserver-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
# Etapa10
# Configurando regras de acesso ao proxy
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
# Etapa11
# Configurando Web-Proxy
# Etapa11-1 Configurando Cache
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" disabled=no
add url="https://" action=deny comment="no cache dynamic https pages" disabled=no
add url="http*youtube*get_video*" action=allow comment="youtube" disabled=no
# Etapa12
# Configurando Queue
# Configurando Simple Queue
/ queue simple
add name="Cache Full" dst-address=0.0.0.0/0 interface=all parent=none packetmarks=proxyfull direction=both priority=8 queue=default-small/default-small limit-at=0/0
# Etapa13