查看: 442|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter
, d& K7 v! h# Cadd chain=input connection-state=invalid action=drop \. I/ W9 B0 h) Y) h: P" A
comment=”丢弃非法连接packets” disabled=no4 r3 N$ @" }' p( c1 r
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
; w7 U3 G; O- D4 m# U  ucomment=”限制总http连接数为90″ disabled=no
( V6 d. t$ I. l" l7 J, Vadd chain=input protocol=tcp psd=21,3s,3,1 action=drop \. j' [5 E4 O9 G
comment=”探测并丢弃端口扫描连接” disabled=no% n7 J: F# d/ p8 N
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \; r+ C- j. C1 x" ^
action=tarpit comment=”压制DoS攻击” disabled=no" q1 D; B5 m; A
add chain=input protocol=tcp connection-limit=10,32 \
! h  ^, n+ x! C* jaction=add-src-to-address-list address-list=black_list \* ~& \& R  i$ `. Q6 ]
address-list-timeout=1d comment=”探测DoS攻击” disabled=no
" \& `# l8 X: o; h1 w% u; Vadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
& h2 b" N0 X5 X; bdisabled=no1 X1 B7 ~9 c4 }
add chain=input src-address-type=!unicast action=drop \3 O3 Y4 O% A4 L- H
comment=”丢弃掉所有非单播数据” disabled=no2 ?  k( D- t9 P0 t+ d% h
add chain=input protocol=icmp action=jump jump-target=ICMP \: U3 X2 J* h" r; |: ]2 m+ P
comment=”跳转到ICMP链表” disabled=no
+ ~5 A0 u# H9 {. Sadd chain=input protocol=tcp action=jump jump-target=virus \
% P1 y& B8 r5 s3 V1 W4 {! ccomment=”跳转到病毒链表” disabled=no
% Z# i: t2 ^* ?9 ~* M" N1 }add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
  G8 k! s: o5 C/ N+ @comment=”Ping应答限制为每秒5个包” disabled=no
1 ~6 x- ^) f' W- w! w) ?add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \0 q. ^* [  o9 K0 x0 X! d: S
comment=”Traceroute限制为每秒5个包” disabled=no& O9 D. F" c3 s# k2 A
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \7 `( C' v) N) o! @: D
comment=”MTU线路探测限制为每秒5个包” disabled=no
' l: C  q' J9 ?add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
% L# j; J/ p" q" e) C" T4 lcomment=”Ping请求限制为每秒5个包” disabled=no2 [. P: }3 `1 ^  n! g4 v
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \4 B) s( b7 {; Y' ~/ r- h9 p
comment=”Trace TTL限制为每秒5个包” disabled=no3 T+ z# u: |2 B2 o# `& A8 p+ E
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \6 q# V9 n9 N# i' ?9 h7 Y0 K
disabled=no
! `$ e8 e9 p* v0 Hadd chain=forward connection-state=established action=accept \3 B' o, a6 `6 \& y6 q0 @' r
comment=”接受以连接的数据包” disabled=no" n/ D" f8 v, _) g6 ~9 Q
add chain=forward connection-state=related action=accept \
* A2 _3 ~$ w% E- Z5 Y8 g$ N: Rcomment=”接受相关数据包” disabled=no
* n; X# U  p/ Y; Eadd chain=forward connection-state=invalid action=drop \
' {* }- S- v$ r8 G8 Q/ N  Icomment=”丢弃非法数据包” disabled=no
& a- S/ q. O) a  Q8 s; S5 I! n9 ]3 Gadd chain=forward protocol=tcp connection-limit=50,32 action=drop \. Z3 l# g9 T: M" n& E2 L9 y$ i
comment=”限制每个主机TCP连接数为50条” disabled=no
, a2 F* z- e5 S; Kadd chain=forward src-address-type=!unicast action=drop \
: e0 d4 z6 u2 s7 ~comment=”丢弃掉所有非单播数据” disabled=no
! B4 ~; p' g, ~8 t# q( iadd chain=forward protocol=icmp action=jump jump-target=ICMP \% Q; z4 N# C* B! Z: m/ K7 h4 m
comment=”跳转到ICMP链表” disabled=no. b$ g' z+ c) Q4 X6 y
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \7 b; z+ L  l4 i8 m7 }
disabled=no4 e4 |$ y; a$ l3 d/ u
add chain=virus protocol=tcp dst-port=41 action=drop \& o5 ^( i- N6 r/ I
comment=”DeepThroat.Trojan-1″ disabled=no
% G" _$ f6 P, N1 Y# N* Kadd chain=virus protocol=tcp dst-port=82 action=drop \( A6 W0 ?, C5 B& N
comment=”Worm.NetSky.Y@mm” disabled=no/ v' w( W6 @3 O& h0 v8 T
add chain=virus protocol=tcp dst-port=113 action=drop \
9 Z9 c) ^% i4 K4 F2 `$ O2 r. Ncomment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no# ]" a" R. _9 r6 w: H4 |
add chain=virus protocol=tcp dst-port=2041 action=drop \
5 }2 z- U/ M# g3 U7 }comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no
6 N; s; M7 T  c; Y! n: iadd chain=virus protocol=tcp dst-port=3150 action=drop \7 a. P9 C7 B! ~
comment=”DeepThroat.Trojan-2″ disabled=no7 Z; m7 t1 e9 d% l, H
add chain=virus protocol=tcp dst-port=3067 action=drop \2 W* v/ |) O/ m: T8 g1 J
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no6 {% l# s1 I) C' J
add chain=virus protocol=tcp dst-port=3422 action=drop \
$ t% w" W, ]/ z. i1 ?$ O' P5 a3 Ccomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no$ J' j% O  f( S9 a( G8 q% Q" J
add chain=virus protocol=tcp dst-port=6667 action=drop \' `( E9 z8 ?- Q+ d: g
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no2 n) C, {) D9 e7 J/ \3 E5 P' J5 T
add chain=virus protocol=tcp dst-port=6789 action=drop \
) ]/ K3 R: N- e' icomment=”Worm.NetSky.S/T/U@mm” disabled=no* D. }% \) }4 Z6 i4 G
add chain=virus protocol=tcp dst-port=8787 action=drop \
. A5 n3 ^& E% h  \/ T$ d6 h7 p6 hcomment=”Back.Orifice.2000.Trojan-1″ disabled=no# R: l9 h. f. ?8 R" u! A1 n8 Q
add chain=virus protocol=tcp dst-port=8879 action=drop \
0 c* k6 u  r1 V2 S0 J1 E  D& jcomment=”Back.Orifice.2000.Trojan-2″ disabled=no
$ Q- e9 N4 A) E) W: wadd chain=virus protocol=tcp dst-port=8967 action=drop \
8 n$ I9 \1 K8 l6 {, m1 \comment=”W32.Dabber.A/B-2″ disabled=no
. m) T- [* |. O( iadd chain=virus protocol=tcp dst-port=9999 action=drop \/ b  k0 x' P, c6 O3 ^' z# j. X+ C+ M' y
comment=”W32.Dabber.A/B-3″ disabled=no
# ]# v" u$ |5 a1 a1 C5 ?( F1 Wadd chain=virus protocol=tcp dst-port=20034 action=drop \
& S6 s; G6 i! O8 j/ w+ C* m( U" Gcomment=”Block.NetBus.Trojan-2″ disabled=no* o, p* c. n" t! G
add chain=virus protocol=tcp dst-port=21554 action=drop \6 h# s: t3 @/ Q) P! L6 M0 \4 M
comment=”GirlFriend.Trojan-1″ disabled=no
/ S" A5 q  j! ?add chain=virus protocol=tcp dst-port=31666 action=drop \. ~& _9 z) k8 ~/ V
comment=”Back.Orifice.2000.Trojan-3″ disabled=no7 v' `8 P% Y1 _; j$ t
add chain=virus protocol=tcp dst-port=43958 action=drop \8 @. q% s" u4 s4 t" i& P2 R
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no
& g/ H( i9 F9 [4 e/ Y6 \5 J( wadd chain=virus protocol=tcp dst-port=999 action=drop \! q' z4 _' ?% L3 J; z7 g) r# {
comment=”DeepThroat.Trojan-3″ disabled=no
, e+ A  t5 b) R$ Radd chain=virus protocol=tcp dst-port=6670 action=drop \& I# U7 f6 w* _
comment=”DeepThroat.Trojan-4″ disabled=no1 l9 n, i& q5 F, P+ {9 x3 H7 Y( M
add chain=virus protocol=tcp dst-port=6771 action=drop \& U$ \0 G3 ^3 i2 W
comment=”DeepThroat.Trojan-5″ disabled=no4 c! Y6 j) r6 [2 u; s
add chain=virus protocol=tcp dst-port=60000 action=drop \6 A; @  z7 B" t) j/ ?; s
comment=”DeepThroat.Trojan-6″ disabled=no& ^4 W. K; P8 n+ N
add chain=virus protocol=tcp dst-port=2140 action=drop \
) d6 K3 c) }5 ]comment=”DeepThroat.Trojan-7″ disabled=no
' B$ n0 f  L6 w% K& |" E) Y4 t" L- Tadd chain=virus protocol=tcp dst-port=10067 action=drop \
2 O9 b) ~/ M1 U2 xcomment=”Portal.of.Doom.Trojan-1″ disabled=no
" [  [+ ~) Y% g' @$ m$ v5 n7 ?add chain=virus protocol=tcp dst-port=10167 action=drop \$ Q- m8 f* U  z0 |
comment=”Portal.of.Doom.Trojan-2″ disabled=no
) X0 w* Z0 J% G8 e. cadd chain=virus protocol=tcp dst-port=3700 action=drop \
# C0 W1 n) Z- Lcomment=”Portal.of.Doom.Trojan-3″ disabled=no
' V& h; M/ }; |0 e$ S/ u) J2 Cadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \
" W4 C/ U+ d, y( pcomment=”Portal.of.Doom.Trojan-4″ disabled=no
2 a' N5 D0 O! ?! radd chain=virus protocol=tcp dst-port=6883 action=drop \! [* _1 Q" d! l
comment=”Delta.Source.Trojan-1″ disabled=no. s" r# L7 U9 }  |0 b$ k' z, o
add chain=virus protocol=tcp dst-port=26274 action=drop \; V7 `, l4 c3 a8 y) z0 X
comment=”Delta.Source.Trojan-2″ disabled=no
! y5 N- q% i$ h1 [add chain=virus protocol=tcp dst-port=4444 action=drop \  F2 x, _' n- b+ K' l
comment=”Delta.Source.Trojan-3″ disabled=no
0 F3 @1 P4 \; I3 l/ ~7 B4 K+ n5 i; K& n2 eadd chain=virus protocol=tcp dst-port=47262 action=drop \
/ p3 w  j: ?2 I7 _6 o7 r0 pcomment=”Delta.Source.Trojan-4″ disabled=no# Q/ o5 s( J4 k' s
add chain=virus protocol=tcp dst-port=3791 action=drop \! U9 R' ^9 A2 j$ P9 L8 f
comment=”Eclypse.Trojan-1″ disabled=no8 j5 d( ?* f2 }
add chain=virus protocol=tcp dst-port=3801 action=drop \2 z0 g4 S- f  b+ W! C
comment=”Eclypse.Trojan-2″ disabled=no1 C- C# T9 n7 ?1 H/ t5 U7 _. g
add chain=virus protocol=tcp dst-port=65390 action=drop \
" j' \/ u6 |/ k7 n0 x  ocomment=”Eclypse.Trojan-3″ disabled=no
1 H& ~- j, ^- \) T2 o+ K5 G. [add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
" H* j7 {: O$ L4 F3 q$ U, [comment=”Y3K.RAT.Trojan-1″ disabled=no
! M$ R* s9 l1 |+ Padd chain=virus protocol=tcp dst-port=5888-5889 action=drop \: m$ e" K% K0 t' }, o
comment=”Y3K.RAT.Trojan-2″ disabled=no3 S2 [# P$ [' X4 W. t% K0 f5 {5 |* r
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
2 I3 h& m! O# W7 Qcomment=”NetSphere.Trojan-1″ disabled=no7 c9 N& e+ n) {1 E) I  u
add chain=virus protocol=tcp dst-port=30133 action=drop \
2 r6 S1 C7 B2 D. qcomment=”NetSphere.Trojan-2″ disabled=no
" U8 J; r5 Y8 _; b* tadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
: K, @1 D( s# ^1 K# L- Wcomment=”NetMonitor.Trojan-1″ disabled=no
' N0 Z. ?  j7 ?* \6 tadd chain=virus protocol=tcp dst-port=7306-7308 action=drop \
5 Z* X/ [: |0 L$ ecomment=”NetMonitor.Trojan-2″ disabled=no
# l9 h; b/ p! L) J. K2 }2 Hadd chain=virus protocol=tcp dst-port=79 action=drop \7 A3 s* W$ o7 w' Q. ~
comment=”FireHotcker.Trojan-1″ disabled=no  ^% ^) ~- @' a, ?- {: a: M
add chain=virus protocol=tcp dst-port=5031 action=drop \
1 v$ ?% W: O. wcomment=”FireHotcker.Trojan-2″ disabled=no
2 K+ w+ `, a6 I! P+ \8 l4 Wadd chain=virus protocol=tcp dst-port=5321 action=drop \; ~3 k# }+ j% a) ]) h: p( _' O
comment=”FireHotcker.Trojan-3″ disabled=no: v0 {, H+ X. g4 N
add chain=virus protocol=tcp dst-port=6400 action=drop \
1 {7 N& y. k* m$ zcomment=”TheThing.Trojan-1″ disabled=no6 w. w( r: @8 ?& C4 ^
add chain=virus protocol=tcp dst-port=7777 action=drop \( S* C( q8 K7 T' k
comment=”TheThing.Trojan-2″ disabled=no3 x( I/ g$ ]% h0 ^0 @8 a2 O
add chain=virus protocol=tcp dst-port=1047 action=drop \# `% e$ j0 a3 h( G! Y0 j$ l
comment=”GateCrasher.Trojan-1″ disabled=no
- z; P# V& ~9 H* p8 zadd chain=virus protocol=tcp dst-port=6969-6970 action=drop \
5 k. b: t; {0 m3 v' M! ?8 Y$ A* Ycomment=”GateCrasher.Trojan-2″ disabled=no
" R7 e  d: A  q6 |- `add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \: B! Z& I  r( s9 A  V
disabled=no5 P* \' C5 v) `5 T  J6 O
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
* @+ O& h6 R0 v' }( w5 c' Vdisabled=no
+ D' ?0 ^2 {! ^9 _$ P; t3 `6 Tadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
, B( _2 _( a- u# e3 N( D  E: t: K8 s2 pdisabled=no+ b' w) v* _0 L9 d, e
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
. g8 }2 s/ N2 \% T: b7 U' @. `disabled=no" e5 a( X& @* h% o0 n
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \6 X" W( f& B- H) b8 g
comment=”SubSeven-5″ disabled=no6 q! [4 h/ a& ~
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
% s8 f/ N: l; g1 p& Fdisabled=no
% v2 `$ o( f% |) A& B. k3 Madd chain=virus protocol=tcp dst-port=25685-25686 action=drop \2 R) S  B& n8 q9 M; N. z; K" ^: f
comment=”Moonpie.Trojan-1″ disabled=no: }2 [' q- k, ~& B+ C6 i
add chain=virus protocol=tcp dst-port=25982 action=drop \# h3 w; p5 S; ~* K2 v7 t" J2 s
comment=”Moonpie.Trojan-2″ disabled=no  h+ H) w% }. F$ _  `  c7 g5 T
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \" e: y/ S  n0 P1 Z& H
comment=”NetSpy.Trojan-3″ disabled=no
9 U2 \$ n: R' `" ~" k/ t/ Tadd chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \' P, Q8 b$ k5 r* M, j5 p3 t, M
disabled=no
$ h  [- N! ^4 K* p  ?. Z& madd chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \/ N9 G4 R! ~. {/ x* C
disabled=no
  h; j% T# J$ B: {% Sadd chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \4 K8 [3 j# v, p2 F) a5 j, q+ S$ l9 O
disabled=no: m/ _. F% `0 }" o. d
add chain=virus protocol=tcp dst-port=19191 action=drop \$ D7 l. Y8 d0 l% h1 i: B  O5 R
comment=”Trojan.NianSeHoYian” disabled=no
* O+ O" d% u( D0 k: Z) badd chain=virus protocol=tcp dst-port=23444-23445 action=drop \1 L7 l( M! @4 m) j; d4 k
comment=”NetBull.Trojan” disabled=no$ V, a8 E! C% N1 d0 T$ T
add chain=virus protocol=tcp dst-port=2583 action=drop \" P8 y$ o8 l% `
comment=”WinCrash.Trojan-1″ disabled=no1 a- w4 a) F0 ]1 a- }2 n" T9 V/ u  Q
add chain=virus protocol=tcp dst-port=3024 action=drop \
# N) D, Z0 ~* ~3 t( o( dcomment=”WinCrash.Trojan-2″ disabled=no
. T5 Z% F9 {! l3 g- w' `add chain=virus protocol=tcp dst-port=4092 action=drop \" u" W; b: @' Y  \: N4 m
comment=”WinCrash.Trojan-3″ disabled=no
% R& \7 e8 ^$ d1 C3 e$ eadd chain=virus protocol=tcp dst-port=5714 action=drop \0 j# E! G3 ]+ L- y/ E+ z
comment=”WinCrash.Trojan-4″ disabled=no# A5 o8 b( b) k7 b

4 Q& {" C& b, @$ e8 M
* S' G' M: \4 M4 b7 l. \

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
- m. u# j# x* M1 |/ ~comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
3 r1 P+ o; G$ Nadd chain=virus protocol=tcp dst-port=1015 action=drop \( j& s2 W! S. r5 `& p
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
# g0 r" w* O( |  ]7 }: Radd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
# `+ d! z: J  t0 s( rcomment=”TransScout.Trojan-1″ disabled=no/ d( T* Q* s. E. m) j
add chain=virus protocol=tcp dst-port=9878 action=drop \/ K! T) d: b( |/ C0 J9 I3 e
comment=”TransScout.Trojan-2″ disabled=no0 f: S$ Z, J9 z: c2 Y3 b' x: C; b
add chain=virus protocol=tcp dst-port=2773 action=drop \, r1 L5 G6 p( Z. {
comment=”Backdoor.YAI..Trojan-1″ disabled=no
: a0 [& A) c1 {3 jadd chain=virus protocol=tcp dst-port=7215 action=drop \
; n5 K+ m. g" B0 i6 }comment=”Backdoor.YAI.Trojan-2″ disabled=no
4 {' c8 E; l/ b) gadd chain=virus protocol=tcp dst-port=54283 action=drop \
6 C" X! o7 Q; s- j) O( B5 Ucomment=”Backdoor.YAI.Trojan-3″ disabled=no: t, ~# D' x/ B/ _, d% R
add chain=virus protocol=tcp dst-port=1003 action=drop \( B  x( G% f+ e) ~
comment=”BackDoorTrojan-1″ disabled=no' V$ O6 h% {# F' ^8 R
add chain=virus protocol=tcp dst-port=5598 action=drop \9 s+ ^8 b0 x. H' ~5 M
comment=”BackDoorTrojan-2″ disabled=no# ^' T! G& b% `
add chain=virus protocol=tcp dst-port=5698 action=drop \
( {# J/ {2 c4 J% @2 Kcomment=”BackDoorTrojan-3″ disabled=no6 j1 `' G, m# m% K0 a
add chain=virus protocol=tcp dst-port=31554 action=drop \
) A! ~+ u4 R3 t4 Wcomment=”SchainwindlerTrojan-2″ disabled=no& J0 D5 C! i/ t  I  Q" ]4 f* G
add chain=virus protocol=tcp dst-port=18753 action=drop \
: G5 P1 @, k) ~3 A3 L! g8 j& v: X% D, q4 |comment=”Shaft.DDoS.Trojan-1″ disabled=no
9 X; P( ]% V  ~% e4 i, tadd chain=virus protocol=tcp dst-port=20432 action=drop \
. H. m- O8 O+ Kcomment=”Shaft.DDoS.Trojan-2″ disabled=no7 a: b- ~9 j6 H8 w4 I2 y2 w! f
add chain=virus protocol=tcp dst-port=65000 action=drop \
, v1 h- @0 N# }0 r9 V( T4 dcomment=”Devil.DDoS.Trojan” disabled=no
/ F# x0 L) b7 O+ o9 Iadd chain=virus protocol=tcp dst-port=11831 action=drop \" x7 h) B+ [* e8 Y6 W9 p9 h8 ?( l
comment=”LatinusTrojan-1″ disabled=no
% y$ L9 R  Q# \3 {# Wadd chain=virus protocol=tcp dst-port=29559 action=drop \% T" O( k# s) e
comment=”LatinusTrojan-2″ disabled=no: o* x$ |$ o, Q" D& n5 ~
add chain=virus protocol=tcp dst-port=1784 action=drop \1 x) o0 [+ M; p. j2 p0 q  {$ l. h7 D
comment=”Snid.X2Trojan-1″ disabled=no4 D* i- ^: u3 j
add chain=virus protocol=tcp dst-port=3586 action=drop \+ L; S. [2 [: F
comment=”Snid.X2Trojan-2″ disabled=no
" M# K4 q; Q7 c# k. N& V1 U; C9 |( Dadd chain=virus protocol=tcp dst-port=7609 action=drop \
: Q+ M1 e/ x) A' P9 Ncomment=”Snid.X2Trojan-3″ disabled=no7 _1 q# |2 Q) z7 R2 k* p
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \4 J, a' E; _. V" O# a2 x& I
comment=”BionetTrojan-1″ disabled=no- f8 A8 K, T, F
add chain=virus protocol=tcp dst-port=12478 action=drop \
9 @5 O4 e0 A' J! Hcomment=”BionetTrojan-2″ disabled=no9 T0 i1 e1 [1 i; x- z& W
add chain=virus protocol=tcp dst-port=57922 action=drop \5 a& g9 I$ ^, _( D) b
comment=”BionetTrojan-3″ disabled=no& c4 |, {% [; r3 H. \& ?' E
add chain=virus protocol=tcp dst-port=3127 action=drop \
# {5 T. ]  Y# \: ]0 z- xcomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no( s( w- T& x- S5 I( E% Q/ c
add chain=virus protocol=tcp dst-port=6777 action=drop \' [& v2 T2 @3 f0 x
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no
& u7 u; Y9 V8 A* X3 W  I7 }& wadd chain=virus protocol=tcp dst-port=8866 action=drop \
# j+ E2 c; K1 i/ \# z5 |comment=”Worm.BBeagle.b” disabled=no( y2 ?, W1 E( v9 j+ \# q
add chain=virus protocol=tcp dst-port=2745 action=drop \, C; e- z+ x; T- J& c4 K7 t
comment=”Worm.BBeagle.c-g/j-l” disabled=no
3 U" X! [: a1 a2 Hadd chain=virus protocol=tcp dst-port=2556 action=drop \; ~9 O5 X, q. ~
comment=”Worm.BBeagle.p/q/r/n” disabled=no2 T! M0 E. k) s' e* m. C1 w; a+ i
add chain=virus protocol=tcp dst-port=20742 action=drop \; c' F2 Z, |! ?0 A) `
comment=”Worm.BBEagle.m-2″ disabled=no) o: q, o( h+ y, ?, e* F2 W( |
add chain=virus protocol=tcp dst-port=4751 action=drop \
, n8 |8 f* a4 s2 D# m0 I  {comment=”Worm.BBeagle.s/t/u/v” disabled=no
0 K6 A( |* h4 y2 n6 [2 b( m2 wadd chain=virus protocol=tcp dst-port=2535 action=drop \$ ]' J5 [  Z) U
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
0 v+ _* ], h2 Eadd chain=virus protocol=tcp dst-port=5238 action=drop \% \+ ]) O% s, ]( I/ x! [4 r
comment=”Worm.LovGate.r.RpcExploit” disabled=no. u) [  Q0 i3 Z8 Z# o
add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \8 F& ~2 J% A3 E3 W1 N- p
disabled=no
- i* c: Z9 v* f& eadd chain=virus protocol=tcp dst-port=5554 action=drop \$ _1 z4 z) S2 u
comment=”Worm.Sasser.b/c/f” disabled=no
+ j9 h: _' Y3 @$ eadd chain=virus protocol=tcp dst-port=9996 action=drop \
4 i$ p0 E* F, v9 lcomment=”Worm.Sasser.b/c/f” disabled=no6 ~. c2 c  u" ^3 N3 {) S6 `: R$ l: M  W
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \& Q) B0 U5 j. I* M- U) y6 ^
disabled=no
) @! o) d4 f$ V: {4 dadd chain=virus protocol=tcp dst-port=10168 action=drop \! J9 B' I, U" Z. {
comment=”Worm.Lovgate.a/b/c/d” disabled=no
# U# A8 t! _1 zadd chain=virus protocol=tcp dst-port=20808 action=drop \/ s) C, ~; ^) w$ f" e1 h9 ~: X. r
comment=”Worm.Lovgate.v.QQ” disabled=no
; E4 g1 [' Q# Qadd chain=virus protocol=tcp dst-port=1092 action=drop \( f( B$ ^# ?& J- o# V8 J' W9 o, [
comment=”Worm.Lovgate.f/g” disabled=no/ q5 ~0 V+ `; v6 W! P
add chain=virus protocol=tcp dst-port=20168 action=drop \; p2 n+ _3 N; D5 K, X
comment=”Worm.Lovgate.f/g” disabled=no
' ~( A8 ]; ^' x0 b8 j2 Zadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \: F7 l+ M9 G8 ^0 z5 X8 m# i
comment=”ndm.requester” disabled=no
( y" }7 C/ x2 I- x5 f4 M! Tadd chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \4 F0 ]: A3 \! D4 r! ^6 d
disabled=no- a# \5 z9 U3 R) F. l& n/ _, C9 T
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \: Q8 {1 }" K/ T, m* A) _, ]
disabled=no
& b/ W  O4 R* R3 z: Zadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
( ~+ o7 O6 V+ V% B, adisabled=no
" @/ \' x4 x" k# H1 |add chain=virus protocol=tcp dst-port=3410 action=drop \) P  L& p+ q  _8 x
comment=”Backdoor.Optixprotocol” disabled=no" E* a: p7 ]$ X, z+ F
add chain=virus protocol=tcp dst-port=8888 action=drop \4 A) o3 C- b1 X0 }, u! ^
comment=”Worm.BBeagle.b” disabled=no; `0 A5 Q: h3 G1 L2 g; t
add chain=virus protocol=udp dst-port=44444 action=drop \
! j! A+ g, K8 d6 y- A- Fcomment=”Delta.Source.Trojan-7″ disabled=no
+ X' e4 d, l% q& |add chain=virus protocol=udp dst-port=8998 action=drop \* E- Y! Q2 |$ o% f0 e$ H$ a$ n
comment=”Worm.Sobig.f-3″ disabled=no  A$ f/ O5 \+ `, z% @; l
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \! \5 p. m( V# y* D. w3 V0 `6 U" v
disabled=no! W% Y  T( s7 Z! }% s0 n7 ^
add chain=virus protocol=tcp dst-port=3198 action=drop \& t0 |/ ?/ h3 [& h2 x* ?- r
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no
1 E) J) V/ h) S% ~. Uadd chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \
! p' s9 u) ^* G+ V* x" RWorm” disabled=no5 t& R* m- w8 z( \& x- b9 u6 F
add chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
7 n* k$ O% }3 I( Y% O9 d, ]Worm” disabled=no
$ x8 t$ a- `* s1 q1 m& yadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \" R: v3 g* _$ {9 ]
Worm” disabled=no
1 r+ w! I8 j' ]4 Q( `; K# U/ ip firewall connection tracking5 Q. p. N4 H% ?- o. L5 m  Y
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \) \- {3 {' Y; [5 N4 k7 u
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
- O/ H; W& u9 c  m  atcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \9 F& k# c& Q/ y5 P
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
% |2 y7 Z8 `' r# vudp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
* j( B0 }1 H  V- B8 ltcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图

GMT+8, 2017-9-23 08:03

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表