Monday, June 23, 2014

Implementation of Firewall Filters

Implementation of Firewall Filters


In general, firewall filtering is usually done by defining the IP address, both the src-address and dst-address. Suppose you want to block client computer that has a certain ip or when doing block certain web based ip to the web. Firewalls are not only used to block the client that can not access a particular resource, but it is also used to protect the local network from external threats, such as viruses or hacker attacks. Usually the attack from the internet is done from a lot of IP so that it will be difficult for us to do only with the protection of IP based. Well, actually there are many ways in addition to filtering based on IP Addres, for example based on protocol and port. Here's an example of implementation by utilizing some of the parameters in the filter firewall features.

Protocol and Port
The use of ports and protocols is usually combined with an IP address. Suppose you want the client can not browse, but can still FTP, then you can create a firewall rule that performs block TCP port 80. When you click the drop down in the protocol, it will display any protocol option that will we filter. This parameter will we need when we want to block the application where the application uses a specific protocol and port.



Interface
Interface outline there are 2, the input interface and output interface. How to determine this is to look at the interface where the trafick entered into the router, and which interface traffick from the exit to leave the router. Suppose you connect to the internet through a router proxy, then you ping www.mikrotik.co.id from your laptop, then the input interface is the interface connected to your laptop, and the output interface is the interface connected to the Internet. An example application is when you want to maintain the security of the router, you do not want the router can be accessed from the internet. Of these cases you can do filter the incoming connection to the router with a direct in-interface option on the interface connected to the Internet.



P2P parameter
There is actually a fairly easy way and simple to perform such filtering against traffick P2P torrent or eDonkey. If you previously used a lot of rules, you can simplify the P2P parameters specify filters in the firewall rule. If you click on the drop down, it would appear that p2p program information can be filtered by the firewall.



Mangle
We usually make a mangle to mark packets / connections, then we use for bandwidth management. But we also can make a mangle to perform filtering. Firewall filters can not perform tagging in packets or connections, but we can combine firewall mangle and filter. First, we mark the first packet or connection with mangle, then we define in the firewall filters.



Connection State
If you do not want any packet - invalid packet passing on your network, you can also perform filtering by defining the parameters of the connection state. Invalid package is a package that has no connection and is not useful so it will only burden the network resources. We can do drop the package - this package by defining the parameters of the connection state.



Address List
There are times when we want to do filtering against some ip that is not sequential or random. If we make a rule one by one, it will become tiresome. With these conditions, we can apply the IP grouping makes "address list". First, make a list of ip in the address list, and then apply the filter in your rule. Options for adding the "Address List" in the firewall on the Advanced tab. There are two types of address list, "Src. Address List" and "Dst. Address List. Src Address List is a list of resources that connect to ip, ip Dst Address List is a goal to be accessible.



Layer 7 Protocol
If you are familiar with regexp, you can also apply filtering on layer7 using firewall filters. In the proxy, adding regexp can be done in the menu Layer 7 Protocol. Once you add regexp, you can perform filtering with Layer 7 Protocol defines the filter rule you created. Please note that the use RegExp, will require higher CPU recource than usual rule.




Content
When we want to do block the website, one of the steps are quite easy to do this is to perform a filter based on content. Content is the string that is displayed on the web page. That way, the website that has a string kida fill in the content will be filtered by the firewall. Suppose we want to block www.facebook.com then simply browse content with a string parameter "facebook" and drop action, the website either HTTP or HTTPS facebook inaccessible.



Mac address
When we do a filter by IP address, a user sometimes naughty by replacing ip address. To overcome this mischief, we can apply filtering by mac-address. We record the mac address used information that user, then we add the parameters Src. Mac Address in firewall rule us. With so long as the user is still using the same device, he continued to be changed ip filter though.



Time
One alternative solution other than we have to bother making a scheduler and scripts, we can utilize the time in firewall feature filters. This feature will determine when a firewall rule is executed. Not only to determine hours, this feature can also be used to determine any day of the rule runs. Suppose we want to block facebook in office hours, then we can create a firewall rule to block facebook run from 08:00 to 16:00 hours apart on Saturday and Sunday. Before you create a firewall rule with the parameter "time", make sure you've set NTP on your router so that the router time according to real time.



When you create a firewall rule, try to create a specific rule. The more specific rule that we make, the more optimal the rule also will run.

http://freaks.co.id

No comments:

Post a Comment