ICMP merupakah salah satu protocol yang dipergunakan untuk komunikasi antar perangkat jaringan. Namun tidak semua ICMP baik ada juga yang tidak baik seperti trafik flooding, trafik rougue (dhcp rogue, dns rogue).
Berikut ICMP type dan code yang harus diperbolehkan selain itu wajib diblok.
Berikut ICMP type dan code yang harus diperbolehkan selain itu wajib diblok.
/ip firewall filter
add action=jump chain=forward comment="Accept Important ICMP Types" jump-target=ICMP protocol=icmp
add action=jump chain=input jump-target=ICMP protocol=icmp
add action=accept chain=ICMP comment="Echo Reply" icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment="Allow Echo Request" icmp-options=8:0 protocol=icmp
add action=accept chain=ICMP comment="Allow Time Exceeded" icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment="Net Unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=ICMP comment="Port Unreachable" icmp-options=3:3 protocol=icmp
add action=accept chain=ICMP comment="Host Unreachable Fragmentation Required" icmp-options=3:4 protocol=icmp
add action=return chain=ICMP protocol=icmp
add action=drop chain=forward comment="Deny All Other Types" protocol=icmp
add action=drop chain=input comment="Deny All Other Types" protocol=icmp
- Code Fields
- Type 0 — Echo Reply
- Type 1 — Unassigned
- Type 2 — Unassigned
- Type 3 — Destination Unreachable
- Type 4 — Source Quench (Deprecated)
- Type 5 — Redirect
- Type 6 — Alternate Host Address (Deprecated)
- Type 7 — Unassigned
- Type 8 — Echo
- Type 9 — Router Advertisement
- Type 10 — Router Selection
- Type 11 — Time Exceeded
- Type 12 — Parameter Problem
- Type 13 — Timestamp
- Type 14 — Timestamp Reply
- Type 15 — Information Request (Deprecated)
- Type 16 — Information Reply (Deprecated)
- Type 17 — Address Mask Request (Deprecated)
- Type 18 — Address Mask Reply (Deprecated)
- Type 19 — Reserved (for Security)
- Types 20-29 — Reserved (for Robustness Experiment)
- Type 30 — Traceroute (Deprecated)
- Type 31 — Datagram Conversion Error (Deprecated)
- Type 32 — Mobile Host Redirect (Deprecated)
- Type 33 — IPv6 Where-Are-You (Deprecated)
- Type 34 — IPv6 I-Am-Here (Deprecated)
- Type 35 — Mobile Registration Request (Deprecated)
- Type 36 — Mobile Registration Reply (Deprecated)
- Type 37 — Domain Name Request (Deprecated)
- Type 38 — Domain Name Reply (Deprecated)
- Type 39 — SKIP (Deprecated)
- Type 40 — Photuris
- Type 41 — ICMP messages utilized by experimental mobility protocols such as Seamoby
- Type 42 — Extended Echo Request
- Type 43 — Extended Echo Reply
- Types 44-252 — Unassigned
- Type 253 — RFC3692-style Experiment 1
- Type 254 — RFC3692-style Experiment 2
- ICMP Extension Object Classes and Class Sub-types
Sumber:
- https://github.com/misterkrittin/Scripts-MikroTik/blob/main/%5BScript-MikroTik%5D%20Accept%20Important%20ICMP%20Types.txt
- https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- https://medium.com/kernel-space/demystifying-icmp-types-and-codes-bfb2a95deb9e
Comments
Post a Comment