防止vpn-server被陌生人trying
[i=s] 本帖最後由 gfx86674 於 2016-5-14 11:47 編輯 [/i][color=Red]您的PPTP/SSTP/L2TP/OVPN-Server常常被陌生人trying嗎?[/color]
[img]http://i.imgur.com/4Ng3GXi.jpg[/img]
[color=Blue]是的話,您應該建立基本的VPN防護.[/color]
首先,您應透過防火牆把這些嘗試使用vpn-server的ip列入觀察名單.
[color=Red][size=4]請注意SSTP與OVPN ,您使用的連接埠可能會不一樣...[/size][/color][code]/ip firewall filter
add action=accept chain=input src-address-list=mobile
add action=accept chain=input src-address-list=temp \
dst-port=1723,443,1194 protocol=tcp
add action=accept chain=input src-address-list=temp \
dst-port=500,1701,4500 protocol=udp
add action=drop chain=input src-address-list="port scanners"
# PPTP #
add action=add-src-to-address-list address-list=temp address-list-timeout=1m20s \
chain=input dst-port=1723 protocol=tcp
# SSTP #
add action=add-src-to-address-list address-list=temp address-list-timeout=1m20s \
chain=input dst-port=443 protocol=tcp
# L2TP #
add action=add-src-to-address-list address-list=temp address-list-timeout=1m20s \
chain=input dst-port=500,1701,4500 protocol=udp
# OVPN #
add action=add-src-to-address-list address-list=temp address-list-timeout=1m20s \
chain=input dst-port=1194 protocol=tcp[/code]在/system schedule新增 Vpn-points [color=Pink](VPN檢查哨)[/color] ,每分鐘驗證一次.
[img]http://i.imgur.com/FNg5zRK.png[/img]
script:[url=https://dl.dropboxusercontent.com/u/34743921/vpncheck.txt]https://dl.dropboxusercontent.com/u/34743921/vpncheck.txt[/url]
透過檢查哨檢查,不該對Router進行連線的陌生ip一律進port scanners封鎖掉.
[img]http://i.imgur.com/RYqDcGk.png[/img] 非常好的参考素材,谢谢分享 gfx86674 師兄, vpncheck.txt 不能下載了, 請問有沒有其他網能下載 ? 謝謝 ~ Any updated method ?
頁:
[1]