Information is over rated. Go with your gut feeling and adjust as needed.
----- Original Message ----- From: "Ryan Spott" <rsp...@cspott.com> To: "WISPA General List" <wireless@wispa.org> Sent: Monday, April 19, 2010 2:01 PM Subject: Re: [WISPA] Customers routers backwards? I am just platform agnostic when it comes to information.. :) ryan On Mon, Apr 19, 2010 at 10:55 AM, Josh Luthman <j...@imaginenetworksllc.com>wrote: > He said Mikrotik but thanks for the notes =P > > /ip firewall filter > add action=drop chain=input comment="" disabled=no port=68 protocol=udp \ > src-address=192.168.1.1 > add action=drop chain=input comment="" disabled=no dst-address=\ > 192.168.1.1 port=68 protocol=udp > add action=drop chain=input comment="" disabled=no port=67 protocol=udp \ > src-address=192.168.1.1 > add action=drop chain=input comment="" disabled=no dst-address=\ > 192.168.1.1 port=67 protocol=udp > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > “Success is not final, failure is not fatal: it is the courage to continue > that counts.” > --- Winston Churchill > > > On Mon, Apr 19, 2010 at 1:45 PM, Rubens Kuhl <rube...@gmail.com> wrote: > > > These are filters that I've designed for AirOS 3.x (Ubiquiti) but you > > can get the general idea which is to allow only unicast traffic and > > specific broadcast traffic, and then drop everything else. Rules are > > backward enumerated and the idea is to have the unicast traffic as the > > first match. > > > > > > > > rc.poststart > > ----------------- > > #/bin/sh > > GW_MAC="xx:xx:xx:xx:xx:xx" > > CMD="ebtables -t nat -I PREROUTING 1" > > $CMD -i eth0 -j DROP > > $CMD -i eth0 -p IPV4 -d Broadcast --ip-proto UDP --ip-sport 67 > > --ip-dport 68 -j ACCEPT > > $CMD -i eth0 -p ARP -d Broadcast -j ACCEPT > > $CMD -i eth0 -p ARP -d $GW_MAC -j ACCEPT > > $CMD -i eth0 -p IPV4 -d $GW_MAC -j ACCEPT > > $CMD -i ath0 -j ACCEPT > > ebtables -I INPUT 1 -i eth0 -j DROP > > > > > > rc.prestop > > -------------- > > #/bin/sh > > ebtables -t nat -D PREROUTING 1:6 > > ebtables -D INPUT 1 > > > > Rubens > > > > On Mon, Apr 19, 2010 at 2:37 PM, Ryan Ghering <rgher...@gmail.com> > wrote: > > > We've had this happen a efw times and its very time consuming to find > > > and stop. I.e the customer plays with cables and ens up sending DHCP > > > into the network > > > > > > anyone know of a way with mikrotik routers to stop this, we use > > > mikrotik for our core router and tower side bridges, I'd love to put a > > > firewall setup on them to stop this. and track down. > > > > > > Thanks -- > > > Ryan Ghering > > > Network Operations - Plains.Net > > > Office: 970-848-0475 - Cell: 970-630-1879 > > > > > > > > > > > > -------------------------------------------------------------------------------- > > > WISPA Wants You! Join today! > > > http://signup.wispa.org/ > > > > > > -------------------------------------------------------------------------------- > > > > > > WISPA Wireless List: wireless@wispa.org > > > > > > Subscribe/Unsubscribe: > > > http://lists.wispa.org/mailman/listinfo/wireless > > > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > > > > -------------------------------------------------------------------------------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > -------------------------------------------------------------------------------- > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
