资 源 简 介
This projects aims to prevent access to your internal network from ip scanners and port scanners.
Prerequisites to work:
1. A Routerboard device (or RouterOS installed on any device) acting as a firewall for your internal network
1. An available linux PC (or server)
1. /ip firewall filter : add your allow rules first and after that drop any connection from outside example:
1)chain=forward action=accept connection-state=related2)chain=input action=accept connection-state=established3)chain=input action=accept connection-state=related4)chain=forward action=accept connection-state=new src-address-list=internal5)chain=forward action=accept protocol=tcp dst-address=192.168.1.10 dst-port=806)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=257)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=1108)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=143...100)chain=forward action=drop dst-address-list=i
