WIKI Liberasys

Outils pour utilisateurs

Outils du site

Piste :
mikrotikvoip:mikrotik_voip_script

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
mikrotikvoip:mikrotik_voip_script [2019/04/27 12:17] ghussonmikrotikvoip:mikrotik_voip_script [2019/04/27 12:27] (Version actuelle) ghusson
Ligne 11: Ligne 11:
 #     shoud be                                                         # #     shoud be                                                         #
 ######################################################################## ########################################################################
- 
- 
-# Initialise variables 
-:global internalIp; 
-:global internalInterface; 
-:global externalIp; 
-:global externalInterface; 
-:global voipHttpsPort; 
-:global voipHttpPort; 
-:global voipSIPPort; 
-:global voipSIPsPort; 
-:global voipTunnelPort; 
-:global voipMediaPort; 
-:global initialNatRulesPosition; 
  
 # Set variables (change them !!!!) # Set variables (change them !!!!)
-:set internalIp "192.168.0.10"; +:global internalIp "192.168.0.10"; 
-:set internalInterface "bridge-internal"; +:global internalInterface "bridge-internal"; 
-:set externalIp "1.2.3.4"; +:global externalIp "1.2.3.4"; 
-:set externalInterface "bridge-internet"; +:global externalInterface "bridge-internet"; 
-:set voipHttpsPort 443; +:global voipHttpsPort 443; 
-:set voipHttpPort 80; +:global voipHttpPort 80; 
-:set voipSIPPort 5060; +:global voipSIPPort 5060; 
-:set voipSIPsPort ($voipSIPPort + 1); +:global voipSIPsPort ($voipSIPPort + 1); 
-:set voipTunnelPort 5090; +:global voipTunnelPort 5090; 
-:set voipMediaPort "9000-10999"; +:global voipMediaPort "9000-10999"; 
-:set initialNatRulesPosition 0;+:global initialNatRulesPosition 0;
  
 # Clean previously defined rules # Clean previously defined rules
Ligne 118: Ligne 104:
 # Add drop rule for IP that have been added to "blacklist-sip" # Add drop rule for IP that have been added to "blacklist-sip"
 # address list # address list
-add action=drop \+/ip firewall filter add action=drop \
   chain=forward \   chain=forward \
-  src-address-list=blacklist-sip +  src-address-list=blacklist-sip \ 
-  comment="blacklist-sip DROP" \+  comment="blacklist-sip DROP (#VOIPscript)" \
  
 # Add drop rule for IP that have been added to "blacklist-3cxtunnel" # Add drop rule for IP that have been added to "blacklist-3cxtunnel"
 # address list # address list
-add action=drop \+/ip firewall filter add action=drop \
   chain=forward \   chain=forward \
-  src-address-list=blacklist-3cxtunnel +  src-address-list=blacklist-3cxtunnel \ 
-  comment="blacklist-3cxtunnel DROP"+  comment="blacklist-3cxtunnel DROP (#VOIPscript)"
  
 # Add an IP to "sip-blacklist" address list, based on connection # Add an IP to "sip-blacklist" address list, based on connection
 # number (max 10 SIP sessions per IP) and packet rate (max 100 packets # number (max 10 SIP sessions per IP) and packet rate (max 100 packets
 # in 1mn) - adapt it to your field use. # in 1mn) - adapt it to your field use.
-add action=add-src-to-address-list \+/ip firewall filter add action=add-src-to-address-list \
   chain=forward \   chain=forward \
-  protocol=udp+  protocol=udp \
   dst-port=5060 \   dst-port=5060 \
   connection-limit=10,32 \   connection-limit=10,32 \
   connection-state=invalid,new,untracked \   connection-state=invalid,new,untracked \
   limit=100/1m,0:packet \   limit=100/1m,0:packet \
-  address-list=blacklist-sip+  address-list=blacklist-sip \
   address-list-timeout=3h \   address-list-timeout=3h \
   log=yes \   log=yes \
   log-prefix=hacker-sip \   log-prefix=hacker-sip \
-  comment="Add SIP hacker IP to blacklist-sip"+  comment="Add SIP hacker IP to blacklist-sip (#VOIPscript)"
  
 # Add an IP to "blacklist-3cxtunnel" address list, based on connection # Add an IP to "blacklist-3cxtunnel" address list, based on connection
 # rate (max 4 tunnels per IP) - adapt it to your field use. # rate (max 4 tunnels per IP) - adapt it to your field use.
-add action=add-src-to-address-list \+/ip firewall filter add action=add-src-to-address-list \
   chain=forward \   chain=forward \
-  protocol=udp+  protocol=udp \
   dst-port=5060 \   dst-port=5060 \
   connection-limit=4,32 \   connection-limit=4,32 \
   connection-state=invalid,new,untracked \   connection-state=invalid,new,untracked \
-  address-list=blacklist-3cxtunnel+  address-list=blacklist-3cxtunnel \
   address-list-timeout=3h \   address-list-timeout=3h \
   log=yes \   log=yes \
   log-prefix=hacker-3cxtnl \   log-prefix=hacker-3cxtnl \
-  comment="Add SIP hacker IP to iblacklist-3cxtunnel"+  comment="Add SIP hacker IP to iblacklist-3cxtunnel (#VOIPscript)"
  
 # Reference documentation for connection-limit and limit: # Reference documentation for connection-limit and limit:
mikrotikvoip/mikrotik_voip_script.1556367447.txt.gz · Dernière modification : 2019/04/27 12:17 de ghusson