######################################################################################################### # Rick Frey Consulting ICMP Protection Chain # ######################################################################################################### # Author: Rick Frey # # email: rickfrey1000@gmail.com # # Username in MikroTik Forum is rickfrey # ######################################################################################################### # License # # This script has been created for use by the general public and may be used freely. # ######################################################################################################### ######################################################################################################### # Features # - Protects against multiple types of ICMP attacks including SMURF attacks ######################################################################################################### /ip firewall filter add action=jump chain=input comment="Jump to RFC ICMP Protection Chain" jump-target="RFC ICMP Protection" protocol=icmp add action=jump chain=forward comment="Jump to RFC ICMP Protection Chain" jump-target="RFC ICMP Protection" protocol=icmp add action=add-dst-to-address-list address-list="Suspected SMURF Attacks" address-list-timeout=none-dynamic chain="RFC ICMP Protection" comment=\ "Detect Suspected SMURF Attacks" dst-address-type=broadcast log=yes log-prefix="FW-SMURF Attacks" protocol=icmp add action=drop chain="RFC ICMP Protection" comment="Drop Suspected SMURF Attacks" dst-address-list="Suspected SMURF Attacks" protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Accept Echo Requests" icmp-options=8:0 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Accept Echo Replys" icmp-options=0:0 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Accept Destination Network Unreachable" icmp-options=3:0 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Accept Destination Host Unreachable" icmp-options=3:1 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Accept Destination Port Unreachable" icmp-options=3:3 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Fragmentation Messages" icmp-options=3:4 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Source Route Failed" icmp-options=3:5 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Network Admin Prohibited" icmp-options=3:9 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Host Admin Prohibited" icmp-options=3:10 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Router Advertisemnet" icmp-options=9:0 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Router Solicitation" icmp-options=9:10 protocol=icmp add action=accept chain="RFC ICMP Protection" comment="Time Exceeded" icmp-options=11:0-1 protocol=icmp add action=accept chain="RFC ICMP Protection" comment=Traceroute icmp-options=30:0 protocol=icmp add action=drop chain="RFC ICMP Protection" comment="Drop ALL other ICMP Messages" log=yes log-prefix="FW-ICMP Protection" protocol=icmp