RFC ICMP Protection Chain


The text file version is located here: RFC_ICMP_Protection_Chain

###################################################################################################
# Rick Frey Consulting ICMP Protection Chain #
#########################################################################################################
# Author: Rick Frey #
# email: rickfrey1000@gmail.com #
# Username in MikroTik Forum is rickfrey #
#########################################################################################################
# License #
# This script has been created for use by the general public and may be used freely. #
#########################################################################################################
#########################################################################################################
# Features
# – Protects against multiple types of ICMP attacks including SMURF attacks
#########################################################################################################
/ip firewall filter
add action=jump chain=input comment=”Jump to RFC ICMP Protection Chain” jump-target=”RFC ICMP Protection” protocol=icmp
add action=jump chain=forward comment=”Jump to RFC ICMP Protection Chain” jump-target=”RFC ICMP Protection” protocol=icmp
add action=add-dst-to-address-list address-list=”Suspected SMURF Attacks” address-list-timeout=none-dynamic chain=”RFC ICMP Protection” comment=\
“Detect Suspected SMURF Attacks” dst-address-type=broadcast log=yes log-prefix=”FW-SMURF Attacks” protocol=icmp
add action=drop chain=”RFC ICMP Protection” comment=”Drop Suspected SMURF Attacks” dst-address-list=”Suspected SMURF Attacks” protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Echo Requests” icmp-options=8:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Echo Replys” icmp-options=0:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Network Unreachable” icmp-options=3:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Host Unreachable” icmp-options=3:1 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Port Unreachable” icmp-options=3:3 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Fragmentation Messages” icmp-options=3:4 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Source Route Failed” icmp-options=3:5 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Network Admin Prohibited” icmp-options=3:9 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Host Admin Prohibited” icmp-options=3:10 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Router Advertisemnet” icmp-options=9:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Router Solicitation” icmp-options=9:10 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Time Exceeded” icmp-options=11:0-1 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=Traceroute icmp-options=30:0 protocol=icmp
add action=drop chain=”RFC ICMP Protection” comment=”Drop ALL other ICMP Messages” log=yes log-prefix=”FW-ICMP Protection” protocol=icmp

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.