{"id":966,"date":"2020-10-12T22:00:20","date_gmt":"2020-10-12T20:00:20","guid":{"rendered":"https:\/\/www.main.tk\/?page_id=966"},"modified":"2021-05-22T10:19:16","modified_gmt":"2021-05-22T08:19:16","slug":"polaczenia-wan-z-niepublicznych-adresow","status":"publish","type":"page","link":"http:\/\/www.main.tk\/?page_id=966","title":{"rendered":"Blokowanie po\u0142\u0105cze\u0144 WAN z niepublicznych adres\u00f3w"},"content":{"rendered":"\n

Wst\u0119p<\/span><\/h2>\n\n\n\n

Pule niepublicznych adres\u00f3w zosta\u0142y okre\u015blone w konkretnym celu i mog\u0105 by\u0107 mylnie lub celowo wykorzystywane w niekoniecznie zrozumia\u0142ych i czystych celach.<\/p>\n\n\n\n

Pule adres\u00f3w<\/span><\/h2>\n\n\n\n

List\u0119 adres\u00f3w niepublicznych czyli wykorzystywanych zamieszczam poni\u017cej. Mo\u017cna j\u0105 skopiowa\u0107 bezpo\u015brednio do pliku o nazwie not_public_addresses<\/em>. rsc, gdy\u017c jest w odpowiednim formacie jaki mo\u017cemy zaimportowa\u0107 do routera Mikrotik.<\/p>\n\n\n\n

\/ip firewall address-list\n add address=0.0.0.0\/8 comment=RFC6890 list=NotPublic\n add address=10.0.0.0\/8 comment=RFC6890 list=NotPublic\n add address=100.64.0.0\/10 comment=RFC6890 list=NotPublic\n add address=127.0.0.0\/8 comment=RFC6890 list=NotPublic\n add address=169.254.0.0\/16 comment=RFC6890 list=NotPublic\n add address=172.16.0.0\/12 comment=RFC6890 list=NotPublic\n add address=192.0.0.0\/24 comment=RFC6890 list=NotPublic\n add address=192.0.2.0\/24 comment=RFC6890 list=NotPublic\n add address=192.168.0.0\/16 comment=RFC6890 list=NotPublic\n add address=192.88.99.0\/24 comment=RFC3068 list=NotPublic\n add address=198.18.0.0\/15 comment=RFC6890 list=NotPublic\n add address=198.51.100.0\/24 comment=RFC6890 list=NotPublic\n add address=203.0.113.0\/24 comment=RFC6890 list=NotPublic\n add address=224.0.0.0\/4 comment=RFC4601 list=NotPublic\n add address=240.0.0.0\/4 comment=RFC6890 list=NotPublic<\/span><\/pre>\n\n\n\n
Import tak utworzonego pliku odbywa si\u0119 w identyczny spos\u00f3b jak w opisie Blokowanie adres\u00f3w IP pod\u0142ug kraj\u00f3w<\/a><\/em> w punkcie Pule adresowe<\/span><\/em>.<\/p>\n\n\n\n
Regu\u0142a firewalla<\/h2>\n\n\n\n
Gdy mamy ju\u017c zaimportowan\u0105 pul\u0119 adresow\u0105 mo\u017cemy doda\u0107 odpowiedni\u0105 regu\u0142\u0119 firewalla, kt\u00f3re b\u0119dzie blokowa\u0107 po\u0142\u0105czenia z adres\u00f3w puli niepublicznej pojawiaj\u0105ce si\u0119 na interfejsie WAN. Obja\u015bni\u0119 to na trzech zrzutach konkretnej regu\u0142y zaimplementowanej w firewallu.<\/p>\n\n\n\n
\"\"\/
W zak\u0142adce General<\/strong> wybieramy ruch przychodz\u0105cy input<\/strong> oraz interfejs WAN jakim u nas jest ether1<\/strong><\/em><\/span><\/figcaption><\/figure>\n\n\n\n
\"\"\/
W zak\u0142adce Advanced <\/strong>wybieramy wcze\u015bniej dodan\u0105 list\u0119 adres\u00f3w NotPublic<\/strong><\/em><\/span><\/figcaption><\/figure>\n\n\n\n
\"\"\/
W zak\u0142adce Action<\/strong> wybieramy oczywi\u015bcie akcj\u0119 drop<\/strong><\/em><\/span><\/figcaption><\/figure>\n\n\n\n
Po klikni\u0119ciu Ok<\/span><\/em> regu\u0142a zostanie dodana na ko\u0144cu listy regu\u0142 firewalla. Powinni\u015bmy j\u0105 teraz przeci\u0105gn\u0105\u0107 na pozycj\u0119 tu\u017c za regu\u0142ami odrzucaj\u0105cymi pakiety invalid<\/span><\/em>.<\/p>\n\n\n\n
Podsumowanie<\/h2>\n\n\n\n
W ten prosty spos\u00f3b mamy rozwi\u0105zany jeden z problem\u00f3w. Zapraszam do nast\u0119pnych opis\u00f3w.<\/p>\n","protected":false},"excerpt":{"rendered":"
Wst\u0119p Pule niepublicznych adres\u00f3w zosta\u0142y okre\u015blone w konkretnym celu i mog\u0105 by\u0107 mylnie lub celowo wykorzystywane w niekoniecznie zrozumia\u0142ych i czystych celach. Pule adres\u00f3w List\u0119 adres\u00f3w niepublicznych czyli wykorzystywanych zamieszczam poni\u017cej. Mo\u017cna j\u0105 skopiowa\u0107 bezpo\u015brednio do pliku o nazwie not_public_addresses. rsc, gdy\u017c jest w odpowiednim formacie jaki mo\u017cemy zaimportowa\u0107 do routera Mikrotik. \/ip firewall address-list add address=0.0.0.0\/8 comment=RFC6890 list=NotPublic add address=10.0.0.0\/8 comment=RFC6890 list=NotPublic add address=100.64.0.0\/10 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":562,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-966","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/pages\/966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.main.tk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=966"}],"version-history":[{"count":16,"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/pages\/966\/revisions"}],"predecessor-version":[{"id":1450,"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/pages\/966\/revisions\/1450"}],"up":[{"embeddable":true,"href":"http:\/\/www.main.tk\/index.php?rest_route=\/wp\/v2\/pages\/562"}],"wp:attachment":[{"href":"http:\/\/www.main.tk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}