Miro Manglaviti Mikrotik 22 June 2022

<!DOCTYPE html> <html> <head> </head> <body> <p><strong>Visualizza received routes</strong> <br />ip route print where received-from=<peer_name><br />ipv6 route print where received-from=<peer_name><br />ip route print where received-from=PEER_GGAMAUR_V4_1<br /><strong>V7<br /></strong>/ip/route/print where gateway="185.54.80.1"</p> <p><strong>Visualizza GW per una route</strong><br />ip route print where dst-address in <ip/sb><br />ipv6 route print where dst-address in <ip/sb><br />ip route print where dst-address in 130.59.138.0/24</p> <p><strong>Visualizza le routes inviate</strong><br />routing bgp advertisements print <Nome del peer><br />routing bgp advertisements print ROUTE-SERVER_V6-SWISS_IX.RS1<br />routing bgp advertisements print PEER_GGAMAUR_V4_1<br /><strong>V7</strong><br />/routing/bgp/advertisements print where peer=PEER_MICROSOFT_V4-1 (<strong>ricordarsi di leggere il nome della sessione e non della connessione</strong>)<br /><br /></p> <p> <strong>Visualizza una rotta a un IP</strong><br />/ip route print where 159.148.147.204 in dst-address</p> <div><strong>Impostare in blocco l'affinity su tutti i peer ebgp</strong></div> <div> </div> <div>/routing/bgp/connection> set [find local.role=ebgp] input.affinity=main output.affinity=main</div> <div> </div> <div><strong>Filtro firewall port scanning</strong></div> <div> </div> <div>/ip firewall filter</div> <div>add action=reject chain=input protocol=tcp reject-with=tcp-reset </div> <div> src-address-list="port scanners"</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input </div> <div> protocol=tcp psd=21,3s,3,1</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input </div> <div> protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input protocol=tcp </div> <div> tcp-flags=fin,syn</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input protocol=tcp </div> <div> tcp-flags=syn,rst</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input protocol=</div> <div> tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input protocol=tcp </div> <div> tcp-flags=fin,syn,rst,psh,ack,urg</div> <div>add action=add-src-to-address-list address-list="port scanners" </div> <div> address-list-timeout=2w chain=input protocol=tcp </div> <div> tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg</div> <div> </div> <div>[admin@MINAP] > /routing bgp advertisements print where<br />0 peer=PEER_HE_V6-1 dst=2a02:4460::/32 afi=ipv6 nexthop=2001:7f8:c5::a520:2032:1 origin=0 as-path=sequence 202032 8224 communities=64555:10000 <br /><br />[admin@MINAP] > /routing bgp advertisements print where<br />0 peer=PEER_HE_V4-1 dst=185.54.80.0/22 afi=ip nexthop=185.1.114.53 origin=0 as-path=sequence 202032 13097 communities=64555:10000</div> </body> </html>

Home

About Us

Services

Solutions

Systems Architecture

Support

FAQ

News

Comandi basici BGP su MikroTik