查看: 435|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter
7 P' N; r5 y7 `: yadd chain=input connection-state=invalid action=drop \
+ Z2 l6 E8 o- k4 k0 J1 N; }comment=”丢弃非法连接packets” disabled=no; U, J$ u9 V9 d' p2 ]+ k
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \. L/ e0 P; q/ c! z
comment=”限制总http连接数为90″ disabled=no% J" e$ y* o7 y7 n1 F
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
' a  J0 z( @" K! y6 p$ Wcomment=”探测并丢弃端口扫描连接” disabled=no* ]! X( i6 w6 L1 }  P: w' h
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
7 f  r  k" ]; ~4 e3 n3 O0 j: |action=tarpit comment=”压制DoS攻击” disabled=no& B7 R, `/ c8 g' h
add chain=input protocol=tcp connection-limit=10,32 \- d: R# ?2 A0 l% k+ L* _; Y
action=add-src-to-address-list address-list=black_list \
, L: x: F3 G- J" t/ Q: M, d" vaddress-list-timeout=1d comment=”探测DoS攻击” disabled=no3 U; n( b; o/ t4 x+ [
add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \% l2 H! {" w9 L% u
disabled=no
# F. P( L9 b3 P+ m5 w0 O7 p9 madd chain=input src-address-type=!unicast action=drop \' D) _$ S6 V6 r* _
comment=”丢弃掉所有非单播数据” disabled=no
- U! j$ L: J# `8 p- c3 x+ Z( n4 G& Uadd chain=input protocol=icmp action=jump jump-target=ICMP \3 R  N. A8 ?5 A( u0 ?, @+ V
comment=”跳转到ICMP链表” disabled=no
4 \& m, ~9 s( ?; z* @; ^: `add chain=input protocol=tcp action=jump jump-target=virus \
2 a& J- @1 n; `) s4 |0 h0 B; Ecomment=”跳转到病毒链表” disabled=no& _7 I& {2 g0 O% }9 y, ?& C. u
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
# J6 `& G3 N6 k9 X+ Xcomment=”Ping应答限制为每秒5个包” disabled=no
7 O  U' K$ L& T/ hadd chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \8 R% w* X$ M0 C: \$ _' q( ^
comment=”Traceroute限制为每秒5个包” disabled=no2 s& `; ^  P/ m! T/ h6 V* o
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \& B9 s4 l& {( O& O
comment=”MTU线路探测限制为每秒5个包” disabled=no
1 G5 X/ U; _0 _2 C' j' Eadd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
/ a$ q/ s6 s9 K* k. i+ J. B* c8 Ycomment=”Ping请求限制为每秒5个包” disabled=no
4 N5 m4 ^8 V4 Z, w! }7 e$ Zadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
; p0 n! M+ D6 B- k( {comment=”Trace TTL限制为每秒5个包” disabled=no1 U) w. Q* u3 m+ d& ~4 ]
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \! r4 f- Q0 _. J
disabled=no% Z- {% b- \+ h3 v. m$ A8 l' W
add chain=forward connection-state=established action=accept \" t: [& I, I( K$ U1 w6 g) ~' d
comment=”接受以连接的数据包” disabled=no% |; a% X; b: w
add chain=forward connection-state=related action=accept \
8 U! M9 D+ W- i; _comment=”接受相关数据包” disabled=no- I  f& ?! u  A* L9 ?: u0 L- q
add chain=forward connection-state=invalid action=drop \
' x4 d' e$ ?/ ~% Lcomment=”丢弃非法数据包” disabled=no# p2 A$ w* s( H$ c6 w
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
8 g* O, W; s5 e3 i9 n+ vcomment=”限制每个主机TCP连接数为50条” disabled=no. n2 S  s1 |" W
add chain=forward src-address-type=!unicast action=drop \' d+ M! C+ ?- J2 t* R
comment=”丢弃掉所有非单播数据” disabled=no- @" T% r6 o6 e3 {' ~
add chain=forward protocol=icmp action=jump jump-target=ICMP \
& t' w) r2 _6 mcomment=”跳转到ICMP链表” disabled=no- r8 p' A" z+ s) q: U; I0 @
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \+ D6 \6 z! R0 i7 U6 c$ a$ D; ~" ~
disabled=no& R3 A. U/ r' X4 e
add chain=virus protocol=tcp dst-port=41 action=drop \  y) N, x) ~% O1 }9 y+ o+ s7 \
comment=”DeepThroat.Trojan-1″ disabled=no
; i' X( p5 J3 p& Uadd chain=virus protocol=tcp dst-port=82 action=drop \' F( }. k' M$ j5 t
comment=”Worm.NetSky.Y@mm” disabled=no
- Z3 r3 N) [4 ?& B* Iadd chain=virus protocol=tcp dst-port=113 action=drop \3 ^& Q4 g& w$ d5 c/ N
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no
( y2 f" H. {- B+ a3 ]. r  Iadd chain=virus protocol=tcp dst-port=2041 action=drop \
$ D6 e/ _: V7 X$ _, m, u  E, f" w$ Ycomment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no& a7 p/ |* e6 m+ S! p
add chain=virus protocol=tcp dst-port=3150 action=drop \
8 l# j$ Q' w" ^4 x5 E( y1 I1 |comment=”DeepThroat.Trojan-2″ disabled=no
# S3 z0 b- ^: B4 Q2 Padd chain=virus protocol=tcp dst-port=3067 action=drop \) [2 L  c9 r- h4 }$ K# O
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no9 Q2 B+ J- G8 P; q6 G7 Y
add chain=virus protocol=tcp dst-port=3422 action=drop \
7 {' c' c& x0 a# M9 ~0 Zcomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
8 @' _% i7 ~  Q, e  b% Madd chain=virus protocol=tcp dst-port=6667 action=drop \% G# l- Q& Z" T, R
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
. r1 w" i6 g+ u6 s! ~0 B9 Q; h% zadd chain=virus protocol=tcp dst-port=6789 action=drop \2 G6 N1 T+ V2 ~8 N5 S
comment=”Worm.NetSky.S/T/U@mm” disabled=no# `$ f. V/ c2 L) ?+ s
add chain=virus protocol=tcp dst-port=8787 action=drop \
- C* U9 \; m" e" Q" j% bcomment=”Back.Orifice.2000.Trojan-1″ disabled=no/ R" k7 h- t% _, J' f9 X3 k, C
add chain=virus protocol=tcp dst-port=8879 action=drop \8 h  U. _0 `% a. x; m
comment=”Back.Orifice.2000.Trojan-2″ disabled=no
; p( _+ A# {" }# Z9 Cadd chain=virus protocol=tcp dst-port=8967 action=drop \- I7 ?2 V: B$ l+ n9 p7 d0 r
comment=”W32.Dabber.A/B-2″ disabled=no" q$ a% c, l; g  |9 I0 u
add chain=virus protocol=tcp dst-port=9999 action=drop \
0 f$ a) t0 C# \, L, }4 A4 g& Wcomment=”W32.Dabber.A/B-3″ disabled=no
5 N8 |1 J3 D, Xadd chain=virus protocol=tcp dst-port=20034 action=drop \
9 B, V: W7 |+ W- gcomment=”Block.NetBus.Trojan-2″ disabled=no, q( Q5 i, d2 {6 T# C  z' l* [
add chain=virus protocol=tcp dst-port=21554 action=drop \
8 ]4 W2 {# {' `) w6 E! O7 Ecomment=”GirlFriend.Trojan-1″ disabled=no/ w9 _4 L' x5 u) O* n
add chain=virus protocol=tcp dst-port=31666 action=drop \$ v+ q, M; q9 O& i
comment=”Back.Orifice.2000.Trojan-3″ disabled=no* r2 C. j8 p! ]5 O
add chain=virus protocol=tcp dst-port=43958 action=drop \4 K# W; P3 F/ c
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no) N! `: M; x, Z* c2 w/ r
add chain=virus protocol=tcp dst-port=999 action=drop \
2 _, Y& ]! `3 c4 p3 @4 bcomment=”DeepThroat.Trojan-3″ disabled=no1 [- l7 _. @  F) N" [5 A
add chain=virus protocol=tcp dst-port=6670 action=drop \
# V( ]8 j7 v, t7 t/ x% u6 Jcomment=”DeepThroat.Trojan-4″ disabled=no' T9 T% c' i- V
add chain=virus protocol=tcp dst-port=6771 action=drop \8 A6 D! P) s  d# |! _# U$ |
comment=”DeepThroat.Trojan-5″ disabled=no6 C- X! S! T: x- V# [7 _$ `
add chain=virus protocol=tcp dst-port=60000 action=drop \
( {, ~) Y; I( r* u4 s4 G1 xcomment=”DeepThroat.Trojan-6″ disabled=no( g! I6 f4 p& c3 k, N* a$ h+ J3 _
add chain=virus protocol=tcp dst-port=2140 action=drop \6 J1 ^: T$ d3 H* f
comment=”DeepThroat.Trojan-7″ disabled=no
, x  Y- T% D0 R3 F- kadd chain=virus protocol=tcp dst-port=10067 action=drop \
9 C2 n2 ^) L8 x* ]* [  ~; {7 Gcomment=”Portal.of.Doom.Trojan-1″ disabled=no, f7 o  _) e2 c, v, }% m/ G6 L/ i0 N
add chain=virus protocol=tcp dst-port=10167 action=drop \( o( g% E' \) Y$ _8 J
comment=”Portal.of.Doom.Trojan-2″ disabled=no
, Z- o# U( j$ N1 Kadd chain=virus protocol=tcp dst-port=3700 action=drop \' O# W! X, t! k
comment=”Portal.of.Doom.Trojan-3″ disabled=no
" H# s+ F  D; q/ radd chain=virus protocol=tcp dst-port=9872-9875 action=drop \( M$ x- Z" t; {( h- t
comment=”Portal.of.Doom.Trojan-4″ disabled=no
) q( d3 F* n. m9 A% f* Y: H: ^1 Kadd chain=virus protocol=tcp dst-port=6883 action=drop \
7 m8 H# Y8 u( k! ?$ c+ c. acomment=”Delta.Source.Trojan-1″ disabled=no
! U- x3 ?/ R8 hadd chain=virus protocol=tcp dst-port=26274 action=drop \
6 O  I% K: P: N/ Z" Ncomment=”Delta.Source.Trojan-2″ disabled=no
  D) z7 j  D$ O+ E- E/ Eadd chain=virus protocol=tcp dst-port=4444 action=drop \
7 D5 G$ W) v2 {1 Ocomment=”Delta.Source.Trojan-3″ disabled=no
6 v' O0 n& B. X% @' Tadd chain=virus protocol=tcp dst-port=47262 action=drop \
9 V. b) I5 F. C: P7 P4 l5 t( Scomment=”Delta.Source.Trojan-4″ disabled=no
9 A* A8 c! C+ f4 P% gadd chain=virus protocol=tcp dst-port=3791 action=drop \9 M4 q9 P" W, G; \' C
comment=”Eclypse.Trojan-1″ disabled=no
, C0 V% [3 G6 h1 p" @( Z& u6 Dadd chain=virus protocol=tcp dst-port=3801 action=drop \8 V  ^% E; c; b: _* l" ]
comment=”Eclypse.Trojan-2″ disabled=no! c9 k5 h3 [- f3 z; u
add chain=virus protocol=tcp dst-port=65390 action=drop \
/ U2 z( \9 L; S2 [: s, q0 a; O2 ucomment=”Eclypse.Trojan-3″ disabled=no
* c2 H6 x. b# L+ O( Sadd chain=virus protocol=tcp dst-port=5880-5882 action=drop \+ R7 c! |2 ~, m8 r# q
comment=”Y3K.RAT.Trojan-1″ disabled=no* k# i' W0 V! L8 S
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \* X. ~  S/ h; @, |* w
comment=”Y3K.RAT.Trojan-2″ disabled=no
" T0 m8 o( ?. X9 l! |add chain=virus protocol=tcp dst-port=30100-30103 action=drop \( P/ e+ H, f1 Y3 h
comment=”NetSphere.Trojan-1″ disabled=no
( `/ N* L* r5 q. z8 V3 y3 q  G+ Vadd chain=virus protocol=tcp dst-port=30133 action=drop \1 r8 t* S7 i% D: ]; W* b/ \4 I
comment=”NetSphere.Trojan-2″ disabled=no
2 H9 m/ S' T* I7 T  V8 L1 dadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
( S: u" X; `, m9 U5 Ycomment=”NetMonitor.Trojan-1″ disabled=no
) q$ h/ [- f+ ^4 c; F/ ^& u5 t/ ladd chain=virus protocol=tcp dst-port=7306-7308 action=drop \# r+ k7 t8 K$ c3 e$ V
comment=”NetMonitor.Trojan-2″ disabled=no$ X& o7 X! ]8 i
add chain=virus protocol=tcp dst-port=79 action=drop \# \1 v. o( ~! K* g" n
comment=”FireHotcker.Trojan-1″ disabled=no' L1 D" z* s! A. z3 [* h& U
add chain=virus protocol=tcp dst-port=5031 action=drop \7 @( R! j9 m$ O! ^' R& z6 w1 C9 Y
comment=”FireHotcker.Trojan-2″ disabled=no
% [& a* [! f/ S+ M% v) zadd chain=virus protocol=tcp dst-port=5321 action=drop \
6 e) |" f  P  [' w  F; ecomment=”FireHotcker.Trojan-3″ disabled=no
, c1 u' v) k0 R4 j$ Oadd chain=virus protocol=tcp dst-port=6400 action=drop \+ q6 O: `) q  l7 @: N# e
comment=”TheThing.Trojan-1″ disabled=no
, s  q3 {8 F3 Y- w" c. ?add chain=virus protocol=tcp dst-port=7777 action=drop \
0 ^) k1 k& e) ncomment=”TheThing.Trojan-2″ disabled=no; {' Q3 \) R, L2 A/ U+ C
add chain=virus protocol=tcp dst-port=1047 action=drop \
9 e# F" W+ B5 v! m- X0 H3 ycomment=”GateCrasher.Trojan-1″ disabled=no
/ U6 E5 u, ^' d& x2 xadd chain=virus protocol=tcp dst-port=6969-6970 action=drop \
$ l2 g+ c) V/ ^. D, g: j9 U' ~comment=”GateCrasher.Trojan-2″ disabled=no6 T1 W2 Q$ a: B% s& @/ `* w
add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \( h( ~/ p" b" a- J: I
disabled=no9 O. Y2 s+ O. c/ @- O" S% J
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \9 C' R3 t! ?4 D1 o. b
disabled=no2 z. _: L! N) Y" p! U
add chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
8 f: E6 z% B  U5 |! Y0 u- R4 C! T4 pdisabled=no; @( b2 R6 T& U* O
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \+ l- G& ]" @" V0 p" `% [
disabled=no
+ a5 I+ q# o1 t& d$ eadd chain=virus protocol=tcp dst-port=6711-6713 action=drop \" ^  H& C4 U1 u+ L3 k
comment=”SubSeven-5″ disabled=no
8 q9 _2 B0 t& _3 |add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \/ {, {7 j4 J* W4 O, R
disabled=no
6 A2 T7 q$ m- R6 b% Hadd chain=virus protocol=tcp dst-port=25685-25686 action=drop \! y: x" G3 `- d: @7 f
comment=”Moonpie.Trojan-1″ disabled=no
( B9 w1 }: G% X4 H/ j0 x9 hadd chain=virus protocol=tcp dst-port=25982 action=drop \
7 c$ B( v0 C, B+ H5 `comment=”Moonpie.Trojan-2″ disabled=no- n( Q. W) i! y0 j6 d5 G
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
! V4 Z  m* ~0 x) B/ Wcomment=”NetSpy.Trojan-3″ disabled=no  U4 F% [8 O: i- e2 P& Z  r# g5 F
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \1 j  x" a/ i6 L9 j
disabled=no
$ j; U, m  s" c- ^add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
1 N& }4 c! ~( N- C9 Ddisabled=no9 n3 x: J/ n' w- V% A, J
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
3 o# l0 Q5 |4 J4 ~# D4 Jdisabled=no
" M" `$ U% ?) {3 @# nadd chain=virus protocol=tcp dst-port=19191 action=drop \
0 Z# s6 o9 t/ F; Zcomment=”Trojan.NianSeHoYian” disabled=no
! ~* ^7 f" j; k5 H2 Qadd chain=virus protocol=tcp dst-port=23444-23445 action=drop \# }: b5 s. G% {' b$ Z$ o$ {2 _9 B
comment=”NetBull.Trojan” disabled=no4 p5 U, h4 M7 a
add chain=virus protocol=tcp dst-port=2583 action=drop \! B' S, O8 t8 ~; G
comment=”WinCrash.Trojan-1″ disabled=no: l* F1 M/ B+ r9 w
add chain=virus protocol=tcp dst-port=3024 action=drop \
5 o5 C4 o$ h% \0 wcomment=”WinCrash.Trojan-2″ disabled=no
; J& [6 H9 x1 y- `# @$ J. r+ Ladd chain=virus protocol=tcp dst-port=4092 action=drop \# K7 X$ Z5 k& A7 |6 }4 ^9 K
comment=”WinCrash.Trojan-3″ disabled=no
$ {0 B) p3 I$ u8 R$ Aadd chain=virus protocol=tcp dst-port=5714 action=drop \
+ @+ @: t5 P0 A2 l& Q, M7 b9 Xcomment=”WinCrash.Trojan-4″ disabled=no1 v! c4 h* U- v. ~7 P

2 `5 x. Q# |: ^+ H+ Q3 @& @- P" F7 ]$ K8 x6 K/ u- d) v

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \. [+ v* z4 ?! K3 T, S. t
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no+ d0 Q: A; m* W; P7 n4 @- y6 I
add chain=virus protocol=tcp dst-port=1015 action=drop \( b  O) u7 H1 m* u. `& l
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
4 v: \; ^+ l5 g) tadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \% d4 d$ m) L/ q7 y- Z8 u
comment=”TransScout.Trojan-1″ disabled=no
7 v% s: |9 d/ x8 w; b3 Zadd chain=virus protocol=tcp dst-port=9878 action=drop \
5 |: A8 M$ _0 z5 ~) t( `comment=”TransScout.Trojan-2″ disabled=no7 G5 |9 C5 l0 v3 \0 v6 I; H9 P
add chain=virus protocol=tcp dst-port=2773 action=drop \
! K! h; f' S8 }5 J5 P  Q' n/ V. acomment=”Backdoor.YAI..Trojan-1″ disabled=no5 T. V; E6 x0 X  v
add chain=virus protocol=tcp dst-port=7215 action=drop \$ w  I. z& `+ {% z$ m0 }+ ]
comment=”Backdoor.YAI.Trojan-2″ disabled=no
# ?$ j) S; \+ X' |( Wadd chain=virus protocol=tcp dst-port=54283 action=drop \
. ~: o2 m+ i7 l8 D5 pcomment=”Backdoor.YAI.Trojan-3″ disabled=no
, c, p, q( e$ D" Aadd chain=virus protocol=tcp dst-port=1003 action=drop \
+ w8 N; }# r8 S2 ncomment=”BackDoorTrojan-1″ disabled=no( T5 ?& z# S6 \1 l" C9 b
add chain=virus protocol=tcp dst-port=5598 action=drop \: K2 N8 p, E, Q5 B
comment=”BackDoorTrojan-2″ disabled=no- s8 ^' v1 q7 H( B; w
add chain=virus protocol=tcp dst-port=5698 action=drop \+ p" q$ C" }! F. f# N
comment=”BackDoorTrojan-3″ disabled=no* `4 e. z1 p/ ?. f( p3 i' p
add chain=virus protocol=tcp dst-port=31554 action=drop \
7 ^. Y! [9 }) J2 z1 C* Vcomment=”SchainwindlerTrojan-2″ disabled=no
) d5 B( q, v* q; D' Qadd chain=virus protocol=tcp dst-port=18753 action=drop \
4 ?$ E! F0 U# S/ o* Q: Vcomment=”Shaft.DDoS.Trojan-1″ disabled=no
7 \; _$ ~0 z8 t3 i* A. o2 Iadd chain=virus protocol=tcp dst-port=20432 action=drop \- O) U9 y0 k$ O/ Y& Y
comment=”Shaft.DDoS.Trojan-2″ disabled=no
& J8 O, e, j5 m( a- ]add chain=virus protocol=tcp dst-port=65000 action=drop \
- J0 U) V& D8 T. s# C4 E3 x' {comment=”Devil.DDoS.Trojan” disabled=no2 H2 ]1 J9 }2 s
add chain=virus protocol=tcp dst-port=11831 action=drop \
# u# m: `: N- n0 H! ~  ocomment=”LatinusTrojan-1″ disabled=no/ n6 A$ v$ h  M  N
add chain=virus protocol=tcp dst-port=29559 action=drop \
2 O+ e' {) R; N0 Z) M1 V8 u" }comment=”LatinusTrojan-2″ disabled=no- d6 y+ \1 U7 L+ p* k' i
add chain=virus protocol=tcp dst-port=1784 action=drop \; P+ y" j  U5 i+ c/ ]
comment=”Snid.X2Trojan-1″ disabled=no
* \' H, F, T2 S5 Aadd chain=virus protocol=tcp dst-port=3586 action=drop \
2 Q: S! l: m: q4 p5 o0 Q$ E% Kcomment=”Snid.X2Trojan-2″ disabled=no& q8 Z  p- j/ h
add chain=virus protocol=tcp dst-port=7609 action=drop \2 P" }# \. I% ]. {
comment=”Snid.X2Trojan-3″ disabled=no; y3 r1 ^- V% J! F5 S+ c/ V; H7 c
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
9 a" G- c5 u: n- p+ Zcomment=”BionetTrojan-1″ disabled=no
6 O, D5 J" H' j) y% {3 a* madd chain=virus protocol=tcp dst-port=12478 action=drop \
: G- w. `8 q1 v4 @9 V1 ]comment=”BionetTrojan-2″ disabled=no/ h" E9 k5 Y0 D1 V  E
add chain=virus protocol=tcp dst-port=57922 action=drop \* i9 D* u& U* A5 S! ~. e% u
comment=”BionetTrojan-3″ disabled=no  m3 y' ~' I7 f3 U
add chain=virus protocol=tcp dst-port=3127 action=drop \+ N5 D' |: J8 A& T8 P
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
' k3 k7 \/ M: f  w& E+ d5 ^add chain=virus protocol=tcp dst-port=6777 action=drop \
$ T( H7 u" O4 ]; Pcomment=”Worm.BBeagle.a.Bagle.a.” disabled=no+ ~6 g, N$ o4 s2 b9 M9 v
add chain=virus protocol=tcp dst-port=8866 action=drop \
$ O& D3 z; H2 M5 ~9 Bcomment=”Worm.BBeagle.b” disabled=no
4 ]2 s/ z; O% n7 h+ c9 G* n: zadd chain=virus protocol=tcp dst-port=2745 action=drop \. _) R3 E* K$ f6 z
comment=”Worm.BBeagle.c-g/j-l” disabled=no
- Y' k$ w& o; w% }( I+ tadd chain=virus protocol=tcp dst-port=2556 action=drop \+ y. ^! o* T; |0 Z( P; j6 a( a
comment=”Worm.BBeagle.p/q/r/n” disabled=no
+ ~! ?+ f' C* v' p2 iadd chain=virus protocol=tcp dst-port=20742 action=drop \$ L1 J( H5 h" \% I$ f
comment=”Worm.BBEagle.m-2″ disabled=no6 H+ m' z) _" ]' P) r
add chain=virus protocol=tcp dst-port=4751 action=drop \
0 l6 S2 y, ?- q" C  k+ m7 {comment=”Worm.BBeagle.s/t/u/v” disabled=no
# V3 R8 D) c3 H* H: m; Z3 oadd chain=virus protocol=tcp dst-port=2535 action=drop \& @* t  e8 [+ i% ]4 x
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no; _2 \& L2 w/ z0 f5 O* H
add chain=virus protocol=tcp dst-port=5238 action=drop \$ Y, K7 W) @1 }8 \$ e
comment=”Worm.LovGate.r.RpcExploit” disabled=no
" V* x) O0 q' \; e6 wadd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \
8 ?5 V( \0 [6 ~* kdisabled=no& y8 {' p0 ~% A- U9 m) G6 P/ c
add chain=virus protocol=tcp dst-port=5554 action=drop \
2 j& I7 }. n; n2 n1 N3 Ucomment=”Worm.Sasser.b/c/f” disabled=no! U8 i+ ^) n3 ~3 [
add chain=virus protocol=tcp dst-port=9996 action=drop \& j& K) p; P. I, Q/ D& _& b% c. O
comment=”Worm.Sasser.b/c/f” disabled=no
* g, G) b6 ?8 j* L+ u8 R8 h/ D9 Gadd chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \2 z7 R! C4 p, p, q. N/ a
disabled=no5 e7 o% ~; N; d: f! \* }! v
add chain=virus protocol=tcp dst-port=10168 action=drop \% m2 Q, D5 K- j" B2 e
comment=”Worm.Lovgate.a/b/c/d” disabled=no2 j6 C2 K  J0 n- S1 D) V8 D9 d
add chain=virus protocol=tcp dst-port=20808 action=drop \1 j* K* l7 e+ e3 d
comment=”Worm.Lovgate.v.QQ” disabled=no) I' p) G, ]/ T0 s6 @" E! Q& f
add chain=virus protocol=tcp dst-port=1092 action=drop \
& g; ^9 v0 u) L. [4 f, e0 U' s: Ncomment=”Worm.Lovgate.f/g” disabled=no
& x$ l  K1 j& p5 O! _6 C5 Wadd chain=virus protocol=tcp dst-port=20168 action=drop \
/ o. ?$ p! _- R# `& b8 S2 Q- U% \comment=”Worm.Lovgate.f/g” disabled=no
- q) ]/ N# c- j+ O: ^+ Jadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \
- Q7 e% l+ O2 i7 d* L2 |comment=”ndm.requester” disabled=no2 V' O) k8 c# ^  [
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \" _# Q: B. r( c5 ^$ l
disabled=no
; U+ ]- f, v, R$ e1 padd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
* Q' v! W3 w9 ^* ^: H3 \" U* adisabled=no
4 c! p8 @1 K( p- r: R1 z* nadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
2 c& W) b6 b$ F. zdisabled=no" B1 G9 ^  R; o7 N/ H! r6 R6 R! y
add chain=virus protocol=tcp dst-port=3410 action=drop \
) _! f9 n( d4 ^6 F6 K* w0 k, S0 ]comment=”Backdoor.Optixprotocol” disabled=no, D  {, {) m0 H8 L
add chain=virus protocol=tcp dst-port=8888 action=drop \
% T' h& i4 v7 U$ ?+ ~/ mcomment=”Worm.BBeagle.b” disabled=no
6 y% e3 u1 o+ A; ]% E- i1 }add chain=virus protocol=udp dst-port=44444 action=drop \
1 b) o7 w  |  }3 k' [! W6 K* A: Dcomment=”Delta.Source.Trojan-7″ disabled=no
: C) t5 y/ v. Madd chain=virus protocol=udp dst-port=8998 action=drop \
  ^/ P. a+ t& v5 y. }comment=”Worm.Sobig.f-3″ disabled=no
9 {9 ~; L3 t0 v) l. k/ Z3 h: Xadd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \  z- r( j0 W2 i9 c; P& m4 V+ u7 [- R
disabled=no! k3 d1 z; E) M) C! o' A9 S7 b# D
add chain=virus protocol=tcp dst-port=3198 action=drop \. n/ B3 a5 k& X, V$ E8 g  H$ `% D
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no
6 M6 d' w: D6 b+ y7 Radd chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \0 Y& Q9 H# J) k) s
Worm” disabled=no3 v& K% Y& ^: J- S
add chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \9 q5 R; ^1 @; b. m1 f. c+ w+ T+ T5 y
Worm” disabled=no6 x/ U' H8 L" ^$ X) n1 e$ J
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
  s, z2 w+ l4 HWorm” disabled=no3 v! M. q# M9 P/ x5 M+ Y
/ ip firewall connection tracking( z* `0 A) ?$ ]$ x
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \) u, G9 m" i* q( c! P
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \. U" o9 D! l3 A6 W$ c! H2 M
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \7 ~8 G/ \% p+ q! u3 C! b
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \6 ^$ M: J/ a: {& k: f5 V0 M0 M
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
* O  N1 S# d! e* k( ]tcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

关闭

站长推荐 上一条 /1 下一条

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图

GMT+8, 2017-8-19 07:45

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表