Limiting Packet ICMP (Ping) Over Than MTU (1500)

Posted: July 16, 2010 in MikroTik

Dear Bro n Sista,

Kali ini gue mw sharing,, script mikrotik untuk limitasi packet icmp (ping) yang melebihi MTU (1500). Ok langsung saja.
Rulenya sbb :
1. Packet ICMP < 1500 (MTU) akan diterima oleh router
2. Packet ICMP > 1500 (MTU), akan di-denied atau reject.

Ping router ICMP Packet 1400 bytes
hasilnya :

widodo@widodo-desktop:~$ ping 10.8.8.226 -s 1400
PING 10.8.8.226 (10.8.8.226) 1400(1428) bytes of data.
1408 bytes from 10.8.8.226: icmp_seq=1 ttl=64 time=0.735 ms
1408 bytes from 10.8.8.226: icmp_seq=3 ttl=64 time=0.692 ms


OK, sekarang kita beri scriptnya :

/ip firewall filter add action=reject chain=input comment=”” disabled=yes icmp-options=8:0-255 \ packet-size=!50-1530 protocol=icmp reject-with=icmp-admin-prohibited


Catatan : Karena kita mau block/reject packet ICMP diatas 1500, berarti packet 1500 masih bisa di ping, maka untuk settingannya optimal MTU + 30 bytes. CMIIW

OK kita test ping packet 1510 bytes

widodo@widodo-desktop:~$ ping 10.8.8.226 -s 1510
PING 10.8.8.226 (10.8.8.226) 1510(1538) bytes of data.
From 10.8.8.226 icmp_seq=1 Packet filtered
From 10.8.8.226 icmp_seq=2 Packet filtered

dan Hasilnya, ping di blok

Advertisements
Comments
  1. jipaw says:

    maaf mas,, kok habis aq aply rulenya kok aq gak bisa akses mikrotik lewat winbox yach???
    pa da yang salah????

  2. Budi says:

    iya nih mas ko sama udah diapply rulenya jadi ga bisa akses lewat winbox..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s