直接接數據機的端口收到來至區網的封包 , 算正常嘛?


chrisintaipei wrote:
請問有辦法這樣嗎:
192.168.0.1 - 192.168.0.100 -> DNS server 8.8.8.8
192.168.0.101 - 192.168.0.254 -> DNS server 114.114.114.114
chrisintaipei wrote:
請問有辦法這樣嗎:
192.168.0.1 - 192.168.0.100 -> DNS server 8.8.8.8
192.168.0.101 - 192.168.0.254 -> DNS server 114.114.114.114..(恕刪)
chrisintaipei wrote:
類似這樣嗎?但 address 只能輸入單個或 192.168.0.0/24 這樣,同網段沒法切開?
/ip dhcp-server network
add address=192.168.0.0/25 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.0.128/25 dns-server=114.114.114.114 gateway=192.168.0.1
top100011 wrote:
請問各位大大,最近發現有被 DNS 攻擊,但本身我有台主機(192.168.11.100)有做 DNS 伺服器
如果以下列指令做防護的話,會影響到我 DNS 伺服主機運作嗎?
煩請大大幫我確認下,還是有更好的防護方式呢?
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=all-ppp protocol=tcp
add action=drop chain=input dst-port=53 in-interface=all-ppp protocol=udp