PT. Hawk Teknologi Solusi

Silahkan Cari Disini

Minggu, 09 Agustus 2009

Lindungi jaringan anda dari daftar ip yang terindentifikasi pada dshield dan spamhaus

Pagi ini lagi-lagi smtp ku di buat mabok oleh traffic spam , iseng aku cari di google bagaimana fetch daftar ip sumber spam langsung di mikrotik ternyata ketemu link berikut:

http://forum.mikrotik.com/viewtopic.php?f=9&t=24427


berikut adalah contoh script + scheduling + firewall filter yang saya gunakan di router mikrotik 3.25:


# aug/09/2009 11:27:24 by RouterOS 3.25
#
/system script
add name=fetch-dshield-spamhaus policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="## Parse D\
SHIELD & Spamhaus feed and build an address-list.\r\
\n## Written by Sam Norris, ChangeIP.com 2008\r\
\n## Any comments or suggestions welcome in the forums.\r\
\n##\r\
\n## 06/03/08 - Initial list parsing.\r\
\n\r\
\n/tool fetch address=feeds.dshield.org host=feeds.dshield.org mode=http s\
rc-path=block.txt\r\
\n/tool fetch address=www.spamhaus.org host=www.spamhaus.org mode=http src\
-path=drop/drop.lasso\r\
\n\r\
\n##\r\
\n## DSHIELD Drop List\r\
\n##\r\
\n\r\
\n:if ( [/file get [/file find name=block.txt] size] > 0 ) do={\r\
\n\r\
\n /ip firewall address-list remove [/ip firewall address-list find list=\
dshield]\r\
\n\r\
\n :global content [/file get [/file find name=block.txt] contents] ;\r\
\n :global contentLen [ :len \$content ] ;\r\
\n\r\
\n :global lineEnd 0;\r\
\n :global line \"\";\r\
\n :global lastEnd 0;\r\
\n\r\
\n :do {\r\
\n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
\n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
\n :set lastEnd ( \$lineEnd + 1 ) ;\r\
\n\r\
\n :if ( [:pick \$line 0 1] != \"#\" ) do={\r\
\n\r\
\n :if ([:typeof [:toip [:pick \$line 0 [:find \$line \"\\t\"] ] ] ] !=\
\_\"nil\") do={\r\
\n :local pos1 [:find \$line \"\\t\" 0]\r\
\n :local pos2 [:find \$line \"\\t\" \$pos1]\r\
\n :local pos3 [:find \$line \"\\t\" \$pos2]\r\
\n :log info ( \"DShield Entry: \" . [:pick \$line 0 \$pos1 ] . \"/\"\
\_. [:pick \$line (\$pos2+1) \$pos3 ] )\r\
\n /ip firewall address-list add list=dshield address=( [:pick \$line\
\_0 \$pos1 ] . \"/\" . [:pick \$line (\$pos2+1) \$pos3 ] )\r\
\n } \r\
\n\r\
\n }\r\
\n\r\
\n } while (\$lineEnd < \$contentLen)\r\
\n\r\
\n}\r\
\n\r\
\n##\r\
\n## SPAMHAUS.ORG Drop List\r\
\n##\r\
\n\r\
\n:if ( [/file get [/file find name=drop.lasso] size] > 0 ) do={\r\
\n\r\
\n /ip firewall address-list remove [/ip firewall address-list find list=\
spamhaus.lasso]\r\
\n\r\
\n :global content [/file get [/file find name=drop.lasso] contents] ;\r\
\n :global contentLen [ :len \$content ] ;\r\
\n\r\
\n :global lineEnd 0;\r\
\n :global line \"\";\r\
\n :global lastEnd 0;\r\
\n\r\
\n :do {\r\
\n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
\n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
\n :set lastEnd ( \$lineEnd + 1 ) ;\r\
\n\r\
\n :if ( [:pick \$line 0 1] != \";\" ) do={\r\
\n\r\
\n :if ([:len [:pick \$line 0 [:find \$line \";\"] ] ] > 0 ) do={\r\
\n :local pos1 [:find \$line \";\" 0]\r\
\n :local entry [:pick \$line 0 (\$pos1-1) ]\r\
\n :if ( [:len \$entry ] > 0 ) do={\r\
\n :log info \"Lasso Entry: \$entry\"\r\
\n /ip firewall address-list add list=spamhaus.lasso address=\$ent\
ry\r\
\n }\r\
\n } \r\
\n\r\
\n }\r\
\n\r\
\n } while (\$lineEnd < \$contentLen)\r\
\n\r\
\n}"
# aug/09/2009 11:27:47 by RouterOS 3.25
#
/system scheduler
add comment="" disabled=no interval=12h name=fecth-dshield-spamhaus on-event=\
fetch-dshield-spamhaus start-date=jan/01/1970 start-time=06:00:00
# aug/09/2009 11:33:37 by RouterOS 3.25
#
/ip firewall filter
add action=drop chain=forward comment="### DROP Spamhaus-Lasso" disabled=no \
src-address-list=spamhaus.lasso
add action=drop chain=forward comment="### DROP Dshield" \
disabled=no src-address-list=dshield
#

1 komentar:

awarmanf mengatakan...

Masalahnya pakai script mikrotik kadang beda versi sudah tidak compatible. Saya lebih suka execute scriptnya di linux, setelah jadi "export" ke mikrotik kemudian execute :).