查看: 420|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter4 O/ Y+ F9 U6 `
add chain=input connection-state=invalid action=drop \: X2 m$ W2 d5 j' r8 \
comment=”丢弃非法连接packets” disabled=no
$ k7 I' z4 ~" Kadd chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \$ r4 X3 O) a  z) ^5 ]
comment=”限制总http连接数为90″ disabled=no
3 G4 x7 r" }; b1 Y) i- s* Qadd chain=input protocol=tcp psd=21,3s,3,1 action=drop \8 H3 w1 a! m- g* p
comment=”探测并丢弃端口扫描连接” disabled=no
) U) Q# B! Q; J9 h+ Ladd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \* V6 ?2 F# A+ T5 f! U
action=tarpit comment=”压制DoS攻击” disabled=no
9 e5 m: u6 b5 j, H, Y2 K4 Kadd chain=input protocol=tcp connection-limit=10,32 \
5 W1 z8 d# T+ |) T+ m, ~6 Laction=add-src-to-address-list address-list=black_list \: I1 Z! h0 D- t0 v& z! N
address-list-timeout=1d comment=”探测DoS攻击” disabled=no1 y0 x, t0 G. R3 z- m( d
add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \: w5 E/ Z2 D+ P
disabled=no
4 g2 x- J  x2 k- ?! p: @add chain=input src-address-type=!unicast action=drop \
( h0 m2 Q5 _- g; p5 T6 Q3 bcomment=”丢弃掉所有非单播数据” disabled=no6 _5 F$ d- I& j8 C! K) R5 ], d
add chain=input protocol=icmp action=jump jump-target=ICMP \3 G6 U/ e( a9 N8 ?/ Q  w' C
comment=”跳转到ICMP链表” disabled=no9 v+ l. Y# s( p! Q+ T; o
add chain=input protocol=tcp action=jump jump-target=virus \9 y) u3 W7 z9 V5 r# [4 k
comment=”跳转到病毒链表” disabled=no
$ z% w+ @- X5 o/ e2 ?# radd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \& w2 u5 e# I, J( O5 z4 X* \: U
comment=”Ping应答限制为每秒5个包” disabled=no0 _5 L& f- u$ N7 k# k* E9 o6 {
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \; U6 K  ~. ]  X) R  c
comment=”Traceroute限制为每秒5个包” disabled=no
7 }3 X* o" L7 d% P/ y( N6 }/ aadd chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \) T, q6 y2 v' f, r9 Y3 [
comment=”MTU线路探测限制为每秒5个包” disabled=no
; I8 T* v, G! Padd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
0 l. ~  u# T: q. Jcomment=”Ping请求限制为每秒5个包” disabled=no
6 N6 l  P% I9 i8 _7 O% e- f- \add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
* Y" Q2 N* g& g+ c6 j8 u" Icomment=”Trace TTL限制为每秒5个包” disabled=no
) a1 ?# w7 ~! |8 m2 vadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
' }  Z& n1 J. s1 G, R2 odisabled=no
2 P! h. G$ p! S2 w9 nadd chain=forward connection-state=established action=accept \+ Q# E2 a" P2 m1 j  @7 C& a
comment=”接受以连接的数据包” disabled=no1 k3 Y4 w0 e: H8 m" |
add chain=forward connection-state=related action=accept \
0 S9 I! H! ^6 i$ \# }comment=”接受相关数据包” disabled=no
9 j0 R' l5 p* M6 J# X# hadd chain=forward connection-state=invalid action=drop \
: @2 y: e- O& C& H% D- jcomment=”丢弃非法数据包” disabled=no
; h% V$ C  Z6 e/ ?+ oadd chain=forward protocol=tcp connection-limit=50,32 action=drop \# ~0 F9 `/ U$ F+ h7 X0 f
comment=”限制每个主机TCP连接数为50条” disabled=no( {) \2 B$ n# D- ]* J* S. W) g9 z
add chain=forward src-address-type=!unicast action=drop \
! ^! {+ l6 n/ e% D/ Wcomment=”丢弃掉所有非单播数据” disabled=no
' P5 |# c( Y# J" E  T, Jadd chain=forward protocol=icmp action=jump jump-target=ICMP \# ^# ^9 G. R9 P! U# u8 \
comment=”跳转到ICMP链表” disabled=no
% Z; F( U% l8 C, n: J$ x% j* r$ Badd chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \
/ [$ w5 W& g  G; \5 A$ v6 V. U5 E. Udisabled=no
) i9 f' ^$ P1 w8 ]9 _+ padd chain=virus protocol=tcp dst-port=41 action=drop \7 k8 w) {( I8 j1 E9 j6 ~
comment=”DeepThroat.Trojan-1″ disabled=no4 \# L7 I9 Y8 P0 m0 s) k$ O5 S
add chain=virus protocol=tcp dst-port=82 action=drop \7 [- ]. q+ g. i) t* q8 H
comment=”Worm.NetSky.Y@mm” disabled=no
) b4 L9 y5 M  b5 b- E$ Padd chain=virus protocol=tcp dst-port=113 action=drop \3 g9 L% H9 F$ t$ W* D; u
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no; _9 f! O) i* u2 V/ I' V
add chain=virus protocol=tcp dst-port=2041 action=drop \: o  Y) h/ o* d% [; N
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no, r8 X, B0 c4 v8 Z6 D7 U
add chain=virus protocol=tcp dst-port=3150 action=drop \
' E8 k3 m5 I4 x. d# }comment=”DeepThroat.Trojan-2″ disabled=no
' M( K0 i  ?6 Y! r& F/ {  \2 k) ^add chain=virus protocol=tcp dst-port=3067 action=drop \
+ R+ f  E& ]. T" x" @comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
) Z$ o% k+ Z) }% H2 i0 Eadd chain=virus protocol=tcp dst-port=3422 action=drop \
/ v2 v0 K. r0 j' r) w7 ecomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
/ t8 f# D& {! c2 |7 E9 \- vadd chain=virus protocol=tcp dst-port=6667 action=drop \+ c" J/ e! T9 B' A3 N5 ~
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
) g! `6 l* Q1 S% t6 j' cadd chain=virus protocol=tcp dst-port=6789 action=drop \
( P3 i( v5 G( rcomment=”Worm.NetSky.S/T/U@mm” disabled=no
3 F# Q6 a% I& w5 k( t7 T) b& ?add chain=virus protocol=tcp dst-port=8787 action=drop \
' k  W- X7 m$ A6 s% W1 H3 y: g* \comment=”Back.Orifice.2000.Trojan-1″ disabled=no
$ P& q) [8 ~. E* h; Dadd chain=virus protocol=tcp dst-port=8879 action=drop \( Z: N% d" ]0 K1 b/ r1 m2 s4 E% ^
comment=”Back.Orifice.2000.Trojan-2″ disabled=no6 o& ~5 y4 g0 r) U, O8 j
add chain=virus protocol=tcp dst-port=8967 action=drop \+ h4 o( q3 }7 {
comment=”W32.Dabber.A/B-2″ disabled=no+ ]) t3 t! {0 }+ w( d
add chain=virus protocol=tcp dst-port=9999 action=drop \
+ g( H; M. I8 |- {" X: `5 s9 Zcomment=”W32.Dabber.A/B-3″ disabled=no0 W8 ]/ X$ O1 ?( I6 W% C- A
add chain=virus protocol=tcp dst-port=20034 action=drop \
) C: g% G& y( w; l) Pcomment=”Block.NetBus.Trojan-2″ disabled=no0 E3 V3 L6 Q0 u; h( ^
add chain=virus protocol=tcp dst-port=21554 action=drop \
: g1 s/ }( r, w% B2 b( vcomment=”GirlFriend.Trojan-1″ disabled=no# x/ g8 l% Q2 Y6 @4 n: \& [! {
add chain=virus protocol=tcp dst-port=31666 action=drop \
9 B, f! s' U: q& Tcomment=”Back.Orifice.2000.Trojan-3″ disabled=no: |. [9 E+ n& Q! y) L
add chain=virus protocol=tcp dst-port=43958 action=drop \1 m  T# c0 |% p2 L) _  c% b: j
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no
1 w3 G& V2 ?6 Aadd chain=virus protocol=tcp dst-port=999 action=drop \
& w4 D5 x$ {+ bcomment=”DeepThroat.Trojan-3″ disabled=no( j! u9 \) s# Z9 V  J. g  n$ U9 u
add chain=virus protocol=tcp dst-port=6670 action=drop \/ T4 a! Y% i* f7 }: ?
comment=”DeepThroat.Trojan-4″ disabled=no% b2 |9 B7 Y7 j( D9 a5 Q
add chain=virus protocol=tcp dst-port=6771 action=drop \; U( Z4 r2 Q8 T! |& f+ I
comment=”DeepThroat.Trojan-5″ disabled=no
' j8 `. B( ]" D0 Y# W. [; B4 Dadd chain=virus protocol=tcp dst-port=60000 action=drop \
+ f" {7 L8 B* p8 ecomment=”DeepThroat.Trojan-6″ disabled=no
+ _. p' A% o3 k! H0 madd chain=virus protocol=tcp dst-port=2140 action=drop \
" k. D: b! `! wcomment=”DeepThroat.Trojan-7″ disabled=no
# P/ {$ G4 ^( Zadd chain=virus protocol=tcp dst-port=10067 action=drop \
' k% [& h! L7 O0 ~! b' scomment=”Portal.of.Doom.Trojan-1″ disabled=no
5 j3 d# m4 f8 Z0 X  Z2 Vadd chain=virus protocol=tcp dst-port=10167 action=drop \
& r6 v" b) _0 P+ p0 |comment=”Portal.of.Doom.Trojan-2″ disabled=no' y  Q) ~1 T8 p( O
add chain=virus protocol=tcp dst-port=3700 action=drop \
* C5 A) n; f# ?comment=”Portal.of.Doom.Trojan-3″ disabled=no
# }! E- l7 X1 A9 b9 Cadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \
' Y5 i6 x1 Z, z9 gcomment=”Portal.of.Doom.Trojan-4″ disabled=no9 ^1 l; ]* f3 y4 ^; Q( w1 X
add chain=virus protocol=tcp dst-port=6883 action=drop \
" X& j- [$ r2 k' J7 t" vcomment=”Delta.Source.Trojan-1″ disabled=no
) M& F# d1 s2 x$ X4 a) Oadd chain=virus protocol=tcp dst-port=26274 action=drop \  k! W) W4 y9 U6 I. M
comment=”Delta.Source.Trojan-2″ disabled=no
8 h& ~* }  v* D+ U  R, yadd chain=virus protocol=tcp dst-port=4444 action=drop \8 ~6 b* c6 c! N
comment=”Delta.Source.Trojan-3″ disabled=no
/ s8 l# m# N' S4 g  vadd chain=virus protocol=tcp dst-port=47262 action=drop \
6 O9 u! ^% l( S- |  S: h  }. z5 Y1 Jcomment=”Delta.Source.Trojan-4″ disabled=no1 \; \7 `1 h4 V+ c+ X
add chain=virus protocol=tcp dst-port=3791 action=drop \
) [; {% V3 B, ]2 vcomment=”Eclypse.Trojan-1″ disabled=no
/ b" G) k  {' c2 K+ E, t' Hadd chain=virus protocol=tcp dst-port=3801 action=drop \
2 t$ r( |* H) t  w. I3 K! L* u: J% Vcomment=”Eclypse.Trojan-2″ disabled=no. Q0 N/ k, p) D" S) R' }! p
add chain=virus protocol=tcp dst-port=65390 action=drop \$ `3 z$ w  H6 Z8 ~
comment=”Eclypse.Trojan-3″ disabled=no* W4 m/ G" \1 X  K/ M: N: d
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \5 d; e, F* D, }& z3 t
comment=”Y3K.RAT.Trojan-1″ disabled=no' h( H7 x# E, u1 h
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
! l0 T$ z( C9 B0 x6 zcomment=”Y3K.RAT.Trojan-2″ disabled=no- x! H% B. v: d+ l, ~. {7 g& N
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
" N5 G; k* v; ?/ H! Mcomment=”NetSphere.Trojan-1″ disabled=no
" h3 w; {0 e7 i. S6 Wadd chain=virus protocol=tcp dst-port=30133 action=drop \$ R2 L$ x# o/ D$ e
comment=”NetSphere.Trojan-2″ disabled=no
7 X% u2 O( K, L3 u. xadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
% l, ~* f! l& K! r4 _' A+ U+ ]comment=”NetMonitor.Trojan-1″ disabled=no
' M4 V' {; A" o& k- vadd chain=virus protocol=tcp dst-port=7306-7308 action=drop \& M6 R2 [2 \: }6 X5 n/ y
comment=”NetMonitor.Trojan-2″ disabled=no. {7 [4 M) z! k: L  V  R" i
add chain=virus protocol=tcp dst-port=79 action=drop \
2 I/ N  Y7 n$ p- ]; R$ Bcomment=”FireHotcker.Trojan-1″ disabled=no& i4 O" g: q6 S9 W
add chain=virus protocol=tcp dst-port=5031 action=drop \* t- |  @: o+ r" H: H. t
comment=”FireHotcker.Trojan-2″ disabled=no5 J  b7 C" M* W
add chain=virus protocol=tcp dst-port=5321 action=drop \
3 S' |* v2 a7 J0 kcomment=”FireHotcker.Trojan-3″ disabled=no; d: d% X2 Q7 v& B2 R( {- }; R: X
add chain=virus protocol=tcp dst-port=6400 action=drop \; G0 c0 z& v/ k! U% _& p8 V
comment=”TheThing.Trojan-1″ disabled=no' u5 n! D; u7 w- [. [+ B
add chain=virus protocol=tcp dst-port=7777 action=drop \
; g3 I9 u& |. O5 G9 \& d# s3 t* kcomment=”TheThing.Trojan-2″ disabled=no
. _6 J1 Y1 a7 A& Q! d$ aadd chain=virus protocol=tcp dst-port=1047 action=drop \+ M# c8 N0 d% [
comment=”GateCrasher.Trojan-1″ disabled=no
% B  K  h. Z. Y0 Z1 p! z. ^add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
/ p- }5 R" p# K& F7 O+ bcomment=”GateCrasher.Trojan-2″ disabled=no
( N  c. e) s' qadd chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \% d  V& a) O" [
disabled=no
& ^* b" R. M1 x  R8 p0 |add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \" }: `+ p( Z8 X$ V1 N
disabled=no/ _6 s% l  a/ ~: G- x
add chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
% x" _. o9 L+ P; Ldisabled=no. L* s8 q! S: R( Z7 m
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
4 z4 W; W: W8 a1 @5 b! Udisabled=no
$ }/ {4 l0 ]' v, m3 j1 padd chain=virus protocol=tcp dst-port=6711-6713 action=drop \: G" K2 ^3 q3 A  V# `" Z+ r
comment=”SubSeven-5″ disabled=no
. z# V" s5 |7 R2 e4 Vadd chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
3 o4 ^8 v: a% ^9 y! W2 V* jdisabled=no
$ [# L% Q& R% c8 \! xadd chain=virus protocol=tcp dst-port=25685-25686 action=drop \' K9 e! u; C; H8 C; S$ Z. v# E/ J$ k
comment=”Moonpie.Trojan-1″ disabled=no
$ R7 F) d+ K" l1 aadd chain=virus protocol=tcp dst-port=25982 action=drop \3 U  l7 B! z' v! J- V2 a2 o% `
comment=”Moonpie.Trojan-2″ disabled=no5 s$ C( t2 `3 ?. _6 y- B" t% I1 q/ [
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
  n4 x8 H4 ~+ E7 l6 k- a1 U" ncomment=”NetSpy.Trojan-3″ disabled=no' Z1 b* D' e3 }- t0 O
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \. ~. Y; {8 L5 r8 l, w5 J# r
disabled=no( u" _8 ~! ^1 \
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
% {6 O5 M' e9 q* j" C3 H9 Qdisabled=no/ S$ Q9 @: U7 U: C7 W" c$ M4 }
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \9 Y  A" D, m2 j0 p4 D3 W0 I9 ^
disabled=no9 l; _! x/ c# j9 E" U( W) L- r- \
add chain=virus protocol=tcp dst-port=19191 action=drop \
7 U" h3 h1 U) g9 C, Scomment=”Trojan.NianSeHoYian” disabled=no) H# ]2 ~2 |* J2 \" F/ k
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
  u% Z: B! t4 }. d8 I$ \6 Bcomment=”NetBull.Trojan” disabled=no+ T5 _+ s& ?5 R0 P  G4 v, L
add chain=virus protocol=tcp dst-port=2583 action=drop \
+ K+ b* Q/ D  v0 a8 G- F5 Xcomment=”WinCrash.Trojan-1″ disabled=no* F; B5 e  a8 ^$ l% p+ f
add chain=virus protocol=tcp dst-port=3024 action=drop \
2 N" M3 Z+ g+ K$ ]/ q. {. m. tcomment=”WinCrash.Trojan-2″ disabled=no, c: j" G2 M; M7 b4 ?, u! v1 Z5 ]
add chain=virus protocol=tcp dst-port=4092 action=drop \" t2 Q9 p+ k; j+ G  ^3 l1 `
comment=”WinCrash.Trojan-3″ disabled=no
$ }  |# E/ H$ \6 q8 Tadd chain=virus protocol=tcp dst-port=5714 action=drop \, Q3 n7 ?/ d) @% |$ t
comment=”WinCrash.Trojan-4″ disabled=no1 H2 m! K: \2 k9 G

0 U# s! o+ ?$ G9 q* \- E% C. S( S& U9 J9 I8 P) T

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \& D# l( d) b1 q* c' \
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no4 S8 ]4 x+ f: |! ]
add chain=virus protocol=tcp dst-port=1015 action=drop \' R2 e0 t$ |3 h1 a8 y% i
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
' c4 T, M4 W% X) Y# Zadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
4 L" s5 y8 R7 r6 Bcomment=”TransScout.Trojan-1″ disabled=no* P1 |/ O/ y# S8 A: U/ C" e8 y4 f5 S
add chain=virus protocol=tcp dst-port=9878 action=drop \6 m6 b6 Q& l- ^2 ]
comment=”TransScout.Trojan-2″ disabled=no
& {8 s$ v9 P1 U- Y  I8 ~, nadd chain=virus protocol=tcp dst-port=2773 action=drop \& I4 j/ y. q' h0 k% a! E
comment=”Backdoor.YAI..Trojan-1″ disabled=no6 ]' J; U) b* U3 ^
add chain=virus protocol=tcp dst-port=7215 action=drop \
- G0 E, v5 B* e, z- t- k( Y+ c( Tcomment=”Backdoor.YAI.Trojan-2″ disabled=no% I; G2 ?0 ]( }1 I! c" E8 z
add chain=virus protocol=tcp dst-port=54283 action=drop \
3 t4 q% X  ]2 X% G6 q9 n$ Ecomment=”Backdoor.YAI.Trojan-3″ disabled=no
* `# R  m8 p( V: ^  }6 I  z$ z( Xadd chain=virus protocol=tcp dst-port=1003 action=drop \6 ]; H3 d( F4 g+ r( \
comment=”BackDoorTrojan-1″ disabled=no
; M4 D8 j; ^8 M( `9 [add chain=virus protocol=tcp dst-port=5598 action=drop \2 ?: I) N1 m& T4 R+ v( q; p
comment=”BackDoorTrojan-2″ disabled=no6 Q/ C" [: `9 C$ d& f0 O
add chain=virus protocol=tcp dst-port=5698 action=drop \9 a9 ]* A. u  Y, R
comment=”BackDoorTrojan-3″ disabled=no, ]( |- x+ o' |, O* j: v5 t- }, v
add chain=virus protocol=tcp dst-port=31554 action=drop \
) |: O5 E: G6 T# }4 ~/ X: Bcomment=”SchainwindlerTrojan-2″ disabled=no
/ ]: g( y# Q" ]add chain=virus protocol=tcp dst-port=18753 action=drop \1 O5 k5 z1 J- U0 ]/ b' Y/ L$ p8 Y
comment=”Shaft.DDoS.Trojan-1″ disabled=no! Y4 i# V, N7 Y5 W3 H0 G! {( z
add chain=virus protocol=tcp dst-port=20432 action=drop \2 `. [1 A" z. B
comment=”Shaft.DDoS.Trojan-2″ disabled=no$ r9 ]  M( y) k% c
add chain=virus protocol=tcp dst-port=65000 action=drop \4 `' Q8 o% V% H. N) Y+ T
comment=”Devil.DDoS.Trojan” disabled=no
3 \$ K% K  s3 [. ]4 k- uadd chain=virus protocol=tcp dst-port=11831 action=drop \
0 i8 \+ e( B3 k# |comment=”LatinusTrojan-1″ disabled=no1 ?$ F) p* t% P
add chain=virus protocol=tcp dst-port=29559 action=drop \; S/ Z( Y" I- Q1 u; B
comment=”LatinusTrojan-2″ disabled=no. r7 s6 D' u+ Z% }8 s/ M; Q
add chain=virus protocol=tcp dst-port=1784 action=drop \! g) N0 S) n' P- [% y. H3 w2 \, c
comment=”Snid.X2Trojan-1″ disabled=no
7 ^) U% T3 Z& `& d' o. _% m4 r& @4 [" iadd chain=virus protocol=tcp dst-port=3586 action=drop \
% Z6 `0 N3 h  E" h) W8 Z$ j6 xcomment=”Snid.X2Trojan-2″ disabled=no' n6 D$ a; D. j& a7 [; d3 @$ }$ q6 ]7 H
add chain=virus protocol=tcp dst-port=7609 action=drop \8 ~: @) q# ?7 Y- g2 p+ p$ M
comment=”Snid.X2Trojan-3″ disabled=no
0 j" B! V( |4 S% e! C3 C0 Iadd chain=virus protocol=tcp dst-port=12348-12349 action=drop \7 r& x$ d& j5 u. U* t# [$ [
comment=”BionetTrojan-1″ disabled=no2 N9 Z) R2 |! X, M; |# [- E" _
add chain=virus protocol=tcp dst-port=12478 action=drop \8 V1 w% `! _* E* l( u- ]0 ~
comment=”BionetTrojan-2″ disabled=no
" J. x  P, N8 ^% ~' Zadd chain=virus protocol=tcp dst-port=57922 action=drop \
: ^8 @* c0 {: N5 }! e5 I6 pcomment=”BionetTrojan-3″ disabled=no
( T7 b$ V4 X0 M" `add chain=virus protocol=tcp dst-port=3127 action=drop \
" v  N9 q1 J. W& T2 U2 Z) y2 O8 scomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
4 |- i$ R8 ^2 |& S+ cadd chain=virus protocol=tcp dst-port=6777 action=drop \- H/ B$ ^5 i4 f* f# s
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no
4 D1 R# |) Z/ l$ u0 [$ Yadd chain=virus protocol=tcp dst-port=8866 action=drop \
( i5 A" f6 A- G0 \5 E, h2 |$ pcomment=”Worm.BBeagle.b” disabled=no3 o4 y( T" n/ v" W+ c+ U9 ?+ `
add chain=virus protocol=tcp dst-port=2745 action=drop \
( o3 K- k, y' |1 qcomment=”Worm.BBeagle.c-g/j-l” disabled=no
/ w3 w' H0 j1 _0 p: ^* }add chain=virus protocol=tcp dst-port=2556 action=drop \% L; u6 D7 H+ D7 Y+ z+ @
comment=”Worm.BBeagle.p/q/r/n” disabled=no
6 G9 K, s6 I6 V! B! W) H# Hadd chain=virus protocol=tcp dst-port=20742 action=drop \
* s, ^/ x* |8 W0 `0 K0 jcomment=”Worm.BBEagle.m-2″ disabled=no
: y3 R0 {% T9 {2 l+ r" Y3 c( ?add chain=virus protocol=tcp dst-port=4751 action=drop \
. D* z$ W2 s$ V. a0 [7 Ecomment=”Worm.BBeagle.s/t/u/v” disabled=no' `8 H: }" h$ X3 N  ?
add chain=virus protocol=tcp dst-port=2535 action=drop \
% J( o% E7 i! X! P* D' @comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no( U' ^/ M0 o1 k0 ]4 y
add chain=virus protocol=tcp dst-port=5238 action=drop \
6 ?! D0 z, x, k+ s- @0 Ycomment=”Worm.LovGate.r.RpcExploit” disabled=no
" l& C, \% N, ?3 H7 L" F7 P$ Hadd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \- |  I9 J$ R6 u1 d0 J' X6 J
disabled=no! H4 x8 ~7 F0 d2 Q$ q
add chain=virus protocol=tcp dst-port=5554 action=drop \/ m3 {0 u5 n% u5 ?4 H2 {
comment=”Worm.Sasser.b/c/f” disabled=no
5 i, ^  C& ^$ c. ^0 {8 v1 p; `8 V' badd chain=virus protocol=tcp dst-port=9996 action=drop \
, Y, Z& k! D) Q( N5 Ccomment=”Worm.Sasser.b/c/f” disabled=no
8 r6 C2 ~: h" R" Zadd chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \2 s- m- ~0 F  I$ M1 Y7 }
disabled=no
% E5 U- _# k3 I7 b9 Fadd chain=virus protocol=tcp dst-port=10168 action=drop \' H5 j5 _3 f# X- h
comment=”Worm.Lovgate.a/b/c/d” disabled=no- I& I( q5 H" x. c7 b1 W2 b+ M
add chain=virus protocol=tcp dst-port=20808 action=drop \
! e( X2 v! {1 Kcomment=”Worm.Lovgate.v.QQ” disabled=no& y/ Z( R$ q' U4 M7 C  U& R2 |- l
add chain=virus protocol=tcp dst-port=1092 action=drop \
( r) _: U+ [1 \0 G4 ecomment=”Worm.Lovgate.f/g” disabled=no- k) W$ T1 Q7 K9 H7 @# h
add chain=virus protocol=tcp dst-port=20168 action=drop \
4 k2 M! D7 x* p  g' J4 v4 p( wcomment=”Worm.Lovgate.f/g” disabled=no
7 Q" C# z- I) m. e: Hadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \
: `0 Z. A8 G" Y! B# @# l+ i& ~* vcomment=”ndm.requester” disabled=no+ Z* [: ]8 Q$ W" |" ?- A
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \3 u) [: W6 R$ S% L4 `7 a
disabled=no
0 L1 q; K; b$ [* m3 C2 _add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \& d( C; b$ R3 z) A% e/ q7 W. v& }
disabled=no+ ]; }* K9 T$ C' }9 T% q  O+ X
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \6 ~$ @1 c& L5 E  w4 C, L
disabled=no  [3 W/ Q0 ~6 T# @- K3 b  m5 p
add chain=virus protocol=tcp dst-port=3410 action=drop \) X# }7 t/ R$ w+ w6 `
comment=”Backdoor.Optixprotocol” disabled=no
8 i4 `2 b; b% B" L" B1 Aadd chain=virus protocol=tcp dst-port=8888 action=drop \  t2 _, c+ T6 w9 {
comment=”Worm.BBeagle.b” disabled=no
' O9 D2 \% h; _/ uadd chain=virus protocol=udp dst-port=44444 action=drop \( q" P5 d4 ^. u; ?! P
comment=”Delta.Source.Trojan-7″ disabled=no/ E6 [# b4 Q6 @; s
add chain=virus protocol=udp dst-port=8998 action=drop \5 r/ X$ O5 j/ c- S6 {
comment=”Worm.Sobig.f-3″ disabled=no
# G1 i4 v( d8 X3 z9 C* P/ x) ladd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \% U: ]( b4 b, v8 W' V9 ~
disabled=no
. y" o; x0 y% q- f& yadd chain=virus protocol=tcp dst-port=3198 action=drop \
4 K. W% u" ]. ]; U6 \3 |$ Hcomment=”Worm.Novarg.a.Mydoom.a2.” disabled=no% ^1 K5 Z2 N* y' ?+ o/ t; p' K$ g- b& m
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \
2 q( F( {2 m" i8 O6 T& N6 ]/ wWorm” disabled=no
9 U7 X: {% i0 K1 Cadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
% j' j( k2 N: z8 @# D- e# g/ uWorm” disabled=no6 |: c1 m% D) p" g/ `  \9 w% i
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \' M/ e: P. Y2 R0 s
Worm” disabled=no* w$ h% d% O+ O( V8 M
/ ip firewall connection tracking" V. f5 Y! ~9 p) t$ n& O9 P
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \; _* k$ z& ?# [0 p* [
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \7 R7 l9 r, g7 n# p" D
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \$ w( _3 G8 O& i! M3 X# b/ ?2 p  K+ x
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
! Z0 f! o, J* sudp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \# i9 l4 d/ D1 U- A2 \
tcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-5-24 04:46

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表