查看: 448|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter
: p' L4 }6 _! B: t7 w- kadd chain=input connection-state=invalid action=drop \) t% x  R& G$ r( d; s4 E. y+ X
comment=”丢弃非法连接packets” disabled=no
* R8 [$ c, E% ]0 M" L4 vadd chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
' V" I- ~% r# jcomment=”限制总http连接数为90″ disabled=no4 T. }' z7 a- }' @, z  o
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
9 G9 a) r* G4 Ncomment=”探测并丢弃端口扫描连接” disabled=no
$ K$ A/ s3 c! E% C, Vadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \9 V4 `$ y5 R0 V1 {3 d: N0 L1 m. F
action=tarpit comment=”压制DoS攻击” disabled=no% o5 T5 C1 W  E* o
add chain=input protocol=tcp connection-limit=10,32 \( ?* B2 y: Q. b  s+ V+ `
action=add-src-to-address-list address-list=black_list \
9 z/ a/ X1 m( [5 Z- W1 [address-list-timeout=1d comment=”探测DoS攻击” disabled=no
1 p' o7 c$ H8 B  Oadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
5 c7 }8 {7 ]4 ^2 q6 O2 mdisabled=no6 u; l2 t, @& e8 q: K
add chain=input src-address-type=!unicast action=drop \5 M% k2 N$ I- A* o
comment=”丢弃掉所有非单播数据” disabled=no6 {0 d' I6 A0 f3 l' [
add chain=input protocol=icmp action=jump jump-target=ICMP \6 f' }6 @  w% e. ~- p$ A
comment=”跳转到ICMP链表” disabled=no
* _# `' n2 V- K3 f& O* @add chain=input protocol=tcp action=jump jump-target=virus \# j# ^" B& W4 R9 [2 b; I
comment=”跳转到病毒链表” disabled=no
  k" P- C9 ?6 p: @* d2 x- Sadd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \/ ~. E/ H1 M/ _) r, X
comment=”Ping应答限制为每秒5个包” disabled=no
) _  q8 S4 p8 `- t  \1 l& y/ dadd chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \& c' E4 N& _3 F% E2 M
comment=”Traceroute限制为每秒5个包” disabled=no
  N  x- M$ n6 @add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
7 ~3 R8 k: o! y( [5 V( Wcomment=”MTU线路探测限制为每秒5个包” disabled=no3 Y( P# M. Z5 s3 u; Q  o
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \( M$ e6 ?1 C8 E: X0 p) z
comment=”Ping请求限制为每秒5个包” disabled=no
2 G3 u4 Y% C( t! N6 W. G# H0 U9 s" jadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
& t, B6 d1 r& k# f% r& Ccomment=”Trace TTL限制为每秒5个包” disabled=no
# H$ K% r4 F) X1 q! u  Fadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
; I" ~' A4 n  A5 U0 X+ M4 Jdisabled=no2 Y5 `  S9 I) n) Q% |0 f
add chain=forward connection-state=established action=accept \4 [6 I0 ~# G* P; F
comment=”接受以连接的数据包” disabled=no, g8 n/ }6 Y( u+ C* f4 ?, w" K2 C
add chain=forward connection-state=related action=accept \
3 ^$ v  U, Z1 B: y- A& ocomment=”接受相关数据包” disabled=no
. k- B9 }, S' P1 x2 j0 A6 ~, v& U& _add chain=forward connection-state=invalid action=drop \! |% B% q+ I4 a' |, c; f9 V8 v
comment=”丢弃非法数据包” disabled=no4 H' s: l( v# D9 q8 B" C8 T
add chain=forward protocol=tcp connection-limit=50,32 action=drop \7 e% c  b" _& v6 t& \
comment=”限制每个主机TCP连接数为50条” disabled=no
9 ?( F7 B5 C4 u6 f7 y. S3 \$ Sadd chain=forward src-address-type=!unicast action=drop \+ N- F: L! K( I7 [5 e6 G5 O
comment=”丢弃掉所有非单播数据” disabled=no9 ^& O& C7 s" r; L3 V5 u7 I( q
add chain=forward protocol=icmp action=jump jump-target=ICMP \
) T2 ~; G; I. v  C- s9 G# Pcomment=”跳转到ICMP链表” disabled=no! Y8 q+ W* K+ r/ P3 K! Z/ P
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \2 J0 \1 A- @% L* m, B( [% o6 Q
disabled=no; o; w/ W4 t2 p- U6 c
add chain=virus protocol=tcp dst-port=41 action=drop \
; ?& X0 H+ m" v3 ycomment=”DeepThroat.Trojan-1″ disabled=no
4 Q" `; J3 ?, A! o0 W: `- A' Vadd chain=virus protocol=tcp dst-port=82 action=drop \, j8 g( \6 Z6 q, ]" z1 @4 H9 O
comment=”Worm.NetSky.Y@mm” disabled=no
2 Z) J& w2 Y) ^4 U5 {; {" S' z0 ]( Fadd chain=virus protocol=tcp dst-port=113 action=drop \9 @. ~/ ]( V+ E. ^' T
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no
, A( Y, H5 X; p5 sadd chain=virus protocol=tcp dst-port=2041 action=drop \* C6 v5 B% J  R( Z! C
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no2 s: \! X& v- p; h4 O
add chain=virus protocol=tcp dst-port=3150 action=drop \
0 U! c: Z+ {6 n9 S7 j  Xcomment=”DeepThroat.Trojan-2″ disabled=no
. U" n. `, d' i+ q" `add chain=virus protocol=tcp dst-port=3067 action=drop \
' l% p0 I+ t8 E* ?) ycomment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no7 |1 w! p, S' p7 }
add chain=virus protocol=tcp dst-port=3422 action=drop \1 P7 I4 d5 K/ }5 X8 V* ^, l
comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no! U0 s. a% u9 w* |' P$ p9 }
add chain=virus protocol=tcp dst-port=6667 action=drop \
+ q0 b0 z+ t+ o; n# J. g# c& vcomment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no7 ~  C+ r- g3 ^1 X' ?% t
add chain=virus protocol=tcp dst-port=6789 action=drop \% x7 s1 d% |! ~6 b5 T3 ~  Z
comment=”Worm.NetSky.S/T/U@mm” disabled=no
9 `- l) l, U1 m) m" _' ?+ f6 C2 oadd chain=virus protocol=tcp dst-port=8787 action=drop \
' [2 f# {$ Z3 E& ]; s  h$ pcomment=”Back.Orifice.2000.Trojan-1″ disabled=no' _, j3 L( b, h; a
add chain=virus protocol=tcp dst-port=8879 action=drop \8 |1 C5 u8 ~: E4 y( I
comment=”Back.Orifice.2000.Trojan-2″ disabled=no5 |/ m8 P! {. p) r  P
add chain=virus protocol=tcp dst-port=8967 action=drop \2 e/ V" A; p0 Z; Q& O
comment=”W32.Dabber.A/B-2″ disabled=no) T" ^5 q$ u$ @$ y& v
add chain=virus protocol=tcp dst-port=9999 action=drop \
1 o( j3 s2 B' S2 v% P- h# [comment=”W32.Dabber.A/B-3″ disabled=no3 D7 A4 w" ^1 I; W
add chain=virus protocol=tcp dst-port=20034 action=drop \& q/ Q, B5 m9 \0 o+ C
comment=”Block.NetBus.Trojan-2″ disabled=no
6 d- K7 l. G" m2 Uadd chain=virus protocol=tcp dst-port=21554 action=drop \
" G; I% y. e$ M2 d% o1 ]( Scomment=”GirlFriend.Trojan-1″ disabled=no, b: t3 ^6 C( m( b8 A
add chain=virus protocol=tcp dst-port=31666 action=drop \0 x% L8 B) K1 N% g
comment=”Back.Orifice.2000.Trojan-3″ disabled=no
+ C5 H2 m- A+ ^9 \) N% Nadd chain=virus protocol=tcp dst-port=43958 action=drop \
6 P; S1 K* q8 i. H6 b: gcomment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no2 Y/ P* N3 R& ]9 I. g
add chain=virus protocol=tcp dst-port=999 action=drop \
4 X/ F0 }$ y7 n8 ^- q3 bcomment=”DeepThroat.Trojan-3″ disabled=no8 |% x7 N. D$ h1 H* g) C% z& `
add chain=virus protocol=tcp dst-port=6670 action=drop \
" \- f* ^0 a; P& Tcomment=”DeepThroat.Trojan-4″ disabled=no
# n8 Q1 T6 q  j$ Z6 ]add chain=virus protocol=tcp dst-port=6771 action=drop \
( q& K/ O8 C7 K) P! m: zcomment=”DeepThroat.Trojan-5″ disabled=no
7 G8 H( T! ^: |5 s4 Hadd chain=virus protocol=tcp dst-port=60000 action=drop \( O* N+ N) t9 M4 D
comment=”DeepThroat.Trojan-6″ disabled=no4 N! _* \, M9 ?0 k' z
add chain=virus protocol=tcp dst-port=2140 action=drop \9 D3 G, x* b* o/ M0 ~; s
comment=”DeepThroat.Trojan-7″ disabled=no, q3 e  e9 c% C9 F* V" j$ \0 W
add chain=virus protocol=tcp dst-port=10067 action=drop \
% h/ m' m$ d7 N2 \7 i! tcomment=”Portal.of.Doom.Trojan-1″ disabled=no4 x  w! V$ z( _! c0 k7 v) A
add chain=virus protocol=tcp dst-port=10167 action=drop \# N1 i1 ]5 ^& G8 e
comment=”Portal.of.Doom.Trojan-2″ disabled=no
+ o# }5 r2 f3 A- b9 y. g9 ~  vadd chain=virus protocol=tcp dst-port=3700 action=drop \7 b# }. k8 x- ^2 J' C6 x* B2 H
comment=”Portal.of.Doom.Trojan-3″ disabled=no" m* t( A' O7 A
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \* L7 R' q" @: ^  n
comment=”Portal.of.Doom.Trojan-4″ disabled=no6 l8 G% P6 K2 P" ]: w- c' g
add chain=virus protocol=tcp dst-port=6883 action=drop \
' Y3 i( B: Z5 |( m) i/ ?5 @" w1 D% b0 [comment=”Delta.Source.Trojan-1″ disabled=no
  r- G& I, P3 y% e3 tadd chain=virus protocol=tcp dst-port=26274 action=drop \
1 C9 r4 S" D6 V' m) J5 Acomment=”Delta.Source.Trojan-2″ disabled=no8 a- D% L; \! t
add chain=virus protocol=tcp dst-port=4444 action=drop \
  L! t0 P. [; |1 Icomment=”Delta.Source.Trojan-3″ disabled=no& q& @1 ?0 E/ A
add chain=virus protocol=tcp dst-port=47262 action=drop \
9 A% U# [# [- I7 k/ r; R, z; \comment=”Delta.Source.Trojan-4″ disabled=no
: r$ x; Q. V/ r& v* k5 s, ]add chain=virus protocol=tcp dst-port=3791 action=drop \
! I- V0 \+ ?1 e8 hcomment=”Eclypse.Trojan-1″ disabled=no, j1 V: r. c9 t9 R9 |) h4 m5 {
add chain=virus protocol=tcp dst-port=3801 action=drop \8 }! E9 H/ Z9 M+ z
comment=”Eclypse.Trojan-2″ disabled=no
( J& q8 z; q, o* l6 S- |add chain=virus protocol=tcp dst-port=65390 action=drop \
( P+ R3 k9 s; K  Z+ `comment=”Eclypse.Trojan-3″ disabled=no
; V) S9 S* `6 g% W% c/ Qadd chain=virus protocol=tcp dst-port=5880-5882 action=drop \
4 @% f4 b' e: q$ C- rcomment=”Y3K.RAT.Trojan-1″ disabled=no
( _, D9 A  h* V( F" u/ k6 Wadd chain=virus protocol=tcp dst-port=5888-5889 action=drop \
8 g1 b$ q, U7 {: Jcomment=”Y3K.RAT.Trojan-2″ disabled=no3 y2 t3 Q6 A, F  o$ E" P1 @8 g
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \* L8 k" t, c9 e# \* E! C
comment=”NetSphere.Trojan-1″ disabled=no7 L: V0 D+ P. Y
add chain=virus protocol=tcp dst-port=30133 action=drop \
) @# W4 Q. E! k' Acomment=”NetSphere.Trojan-2″ disabled=no
6 f3 H+ c' D8 G+ f+ j" r+ Aadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \; o% [2 h; Y5 k: S4 e8 g1 w
comment=”NetMonitor.Trojan-1″ disabled=no! T% h! l; K5 u! `: K/ F
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \' N! O! ~1 e7 {
comment=”NetMonitor.Trojan-2″ disabled=no
- k0 y3 M4 L& S' R% d, Kadd chain=virus protocol=tcp dst-port=79 action=drop \
+ U- I9 a$ ^" {1 {. w8 D: B. z; |$ @# {comment=”FireHotcker.Trojan-1″ disabled=no
9 X" g" |$ _" ]6 C; m* @0 P' U+ `add chain=virus protocol=tcp dst-port=5031 action=drop \
' {) \6 u7 k- s6 x# Xcomment=”FireHotcker.Trojan-2″ disabled=no2 [( Z1 |( U* W& R! \; V* n; Z
add chain=virus protocol=tcp dst-port=5321 action=drop \& i. F& `! w& h* h. p
comment=”FireHotcker.Trojan-3″ disabled=no: T6 J. `: o. h9 p0 n
add chain=virus protocol=tcp dst-port=6400 action=drop \( |. Q) h. Y6 n" E" a
comment=”TheThing.Trojan-1″ disabled=no9 ^4 `5 @3 Y& i4 S. Y! y8 i
add chain=virus protocol=tcp dst-port=7777 action=drop \( M# C$ H, k' S: g/ _! {6 V
comment=”TheThing.Trojan-2″ disabled=no$ C- U( s- b- U- T1 ^  p' s+ |3 a
add chain=virus protocol=tcp dst-port=1047 action=drop \, R8 r5 A5 W$ T( ]5 ]: F
comment=”GateCrasher.Trojan-1″ disabled=no% P8 g. H" V. N/ g" h
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
% T- W: {" j4 icomment=”GateCrasher.Trojan-2″ disabled=no
) H7 b) y$ E! @) q: n( u' \' }add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
0 M7 S4 b( P+ N, {$ J( cdisabled=no
3 K* L5 P3 p$ ]' tadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
) H' k, p% y+ t6 H  Kdisabled=no
6 Y& \  C. L7 Oadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
2 h3 l9 _* Q0 D/ _$ _/ y  ^disabled=no# D# s+ w7 P. [, @+ m  A
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
9 s; C# E3 ], n+ {" I# d) pdisabled=no7 z& \8 U0 A1 O, q5 c! T, p
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \/ c. ]) M, S: Y0 f
comment=”SubSeven-5″ disabled=no% J) a/ k1 l( J6 J
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \3 K5 ?( x6 j" ^) v0 w: n
disabled=no
0 @) l8 |+ M6 q" }9 j; kadd chain=virus protocol=tcp dst-port=25685-25686 action=drop \
" o  P2 ^1 u# d" [comment=”Moonpie.Trojan-1″ disabled=no
+ J# [7 A2 |/ e" L! eadd chain=virus protocol=tcp dst-port=25982 action=drop \
1 \) d+ D$ \+ v# `3 C. hcomment=”Moonpie.Trojan-2″ disabled=no% q5 H0 \1 K! {9 U8 I% j
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \$ r6 P1 V5 P/ i, L: w, v, I0 i; S
comment=”NetSpy.Trojan-3″ disabled=no
; v. Y4 L3 t, x0 Y0 cadd chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \
2 v, T- K- ~+ n$ @5 Mdisabled=no
( |- ?% V% X8 k+ Qadd chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
( ]3 @, }3 r+ g, Ldisabled=no
: X# J/ N3 N+ Q% _* C8 e3 k4 Xadd chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \8 \" j: O. U5 P, x7 p1 W
disabled=no( E5 X' \% J/ B, d( P. L  C
add chain=virus protocol=tcp dst-port=19191 action=drop \7 W( J. ]" K( G$ |
comment=”Trojan.NianSeHoYian” disabled=no' L; c( G& R1 l3 l. _
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \' P/ J% I: a! b5 `' s  g
comment=”NetBull.Trojan” disabled=no$ y) G0 p) r8 `* I
add chain=virus protocol=tcp dst-port=2583 action=drop \
2 u0 P+ X. `1 o0 Q% f0 Dcomment=”WinCrash.Trojan-1″ disabled=no5 n8 [' l3 a; a2 l1 N2 G& d! Q# Q
add chain=virus protocol=tcp dst-port=3024 action=drop \
: e6 k/ N% x: y8 S- _comment=”WinCrash.Trojan-2″ disabled=no1 j6 {: v3 r: Y$ a; Y
add chain=virus protocol=tcp dst-port=4092 action=drop \5 v: V) I" t4 w2 v
comment=”WinCrash.Trojan-3″ disabled=no( w4 ?% p$ S* D' P
add chain=virus protocol=tcp dst-port=5714 action=drop \( d$ }3 D0 [, ], q: F
comment=”WinCrash.Trojan-4″ disabled=no3 L  v9 N3 K# \+ N
: |) t$ P# L# P9 t9 y
9 c, F. i, `9 z

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
2 c2 \) z" Q$ G/ ^1 t0 Ucomment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
% Q7 A+ }8 C0 E9 z" Tadd chain=virus protocol=tcp dst-port=1015 action=drop \' W7 x2 u" T) l' N- R2 t
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no! P1 U- [; C5 i. V4 o
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
6 R5 G7 Q# d' N- Lcomment=”TransScout.Trojan-1″ disabled=no
( p& r0 g9 [7 l' g! b, r/ aadd chain=virus protocol=tcp dst-port=9878 action=drop \6 c& f" N- s  q
comment=”TransScout.Trojan-2″ disabled=no
- E6 B4 O/ a6 Z+ x' i/ `* \6 ~) \$ Nadd chain=virus protocol=tcp dst-port=2773 action=drop \+ t  |$ d# e' S6 f9 j. Y2 V
comment=”Backdoor.YAI..Trojan-1″ disabled=no
, }! N/ a! v3 p( Wadd chain=virus protocol=tcp dst-port=7215 action=drop \
8 Q& {0 z6 V2 e& \1 X1 q" F( Wcomment=”Backdoor.YAI.Trojan-2″ disabled=no1 W' L  }! D% l1 b1 Y2 I2 T
add chain=virus protocol=tcp dst-port=54283 action=drop \7 P5 Y1 ?, o  e7 ~; A/ B
comment=”Backdoor.YAI.Trojan-3″ disabled=no
' J6 O0 [+ d& |& E! h4 Q. Cadd chain=virus protocol=tcp dst-port=1003 action=drop \: Z. l/ M2 s' Y7 w% r
comment=”BackDoorTrojan-1″ disabled=no. w- s! [1 _; z3 p9 t/ e
add chain=virus protocol=tcp dst-port=5598 action=drop \
& s2 V2 s  k! b( E) Hcomment=”BackDoorTrojan-2″ disabled=no
' X' _! i3 m: I6 [add chain=virus protocol=tcp dst-port=5698 action=drop \
/ c/ A  G6 \  }3 @9 T8 ]comment=”BackDoorTrojan-3″ disabled=no
. m$ i: A/ \; t& Nadd chain=virus protocol=tcp dst-port=31554 action=drop \4 G0 N: u: {7 q9 v  p  ~1 Z' }
comment=”SchainwindlerTrojan-2″ disabled=no. o1 D7 Z0 O' _4 _' d; h
add chain=virus protocol=tcp dst-port=18753 action=drop \
% X) o) s1 U, Z6 [+ Y3 x9 k; mcomment=”Shaft.DDoS.Trojan-1″ disabled=no7 h% i$ |2 i: `  b( Y3 m
add chain=virus protocol=tcp dst-port=20432 action=drop \2 i( J7 c" Q) x+ ~) u4 i" [( t7 s8 m: [
comment=”Shaft.DDoS.Trojan-2″ disabled=no! z0 W- R/ u+ k0 f2 [6 h) S
add chain=virus protocol=tcp dst-port=65000 action=drop \
) @6 S- g# {/ L: t1 A; Wcomment=”Devil.DDoS.Trojan” disabled=no1 k/ X  A7 K3 s1 q5 r: M+ L
add chain=virus protocol=tcp dst-port=11831 action=drop \
' m0 j" O9 p9 y- ?1 H3 b# P/ gcomment=”LatinusTrojan-1″ disabled=no
; x3 w  T: d9 v5 W5 q3 O- qadd chain=virus protocol=tcp dst-port=29559 action=drop \8 g. O8 s5 h1 X, W
comment=”LatinusTrojan-2″ disabled=no
. @+ ^. R! f2 K; L' `add chain=virus protocol=tcp dst-port=1784 action=drop \
" g3 j- a" F  `comment=”Snid.X2Trojan-1″ disabled=no) U. c! {- R5 U  j& s$ e
add chain=virus protocol=tcp dst-port=3586 action=drop \
0 I6 k7 G4 _+ {1 \) [7 B: h6 Vcomment=”Snid.X2Trojan-2″ disabled=no0 v* ~1 `+ J7 F3 O
add chain=virus protocol=tcp dst-port=7609 action=drop \3 }( o7 f5 d3 @0 }4 a
comment=”Snid.X2Trojan-3″ disabled=no$ z( @$ P) e  P: H% M7 ~
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \0 k1 `# U; o7 {7 A% L0 S
comment=”BionetTrojan-1″ disabled=no
9 e; f  w4 W) Sadd chain=virus protocol=tcp dst-port=12478 action=drop \
0 V( A+ b/ t2 X$ l1 m6 Y' P$ Scomment=”BionetTrojan-2″ disabled=no
7 {2 d* G% v7 ?* Gadd chain=virus protocol=tcp dst-port=57922 action=drop \) p$ Q) c, _4 m: t7 e- |
comment=”BionetTrojan-3″ disabled=no
( B) b( k5 c# ]* j6 eadd chain=virus protocol=tcp dst-port=3127 action=drop \
' J7 N$ j. x+ V: _1 \; A6 icomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
4 J1 n  o, v* d) |% Q8 Y, oadd chain=virus protocol=tcp dst-port=6777 action=drop \
. d: e, o2 i3 y7 v9 m! A6 Q- ?( Zcomment=”Worm.BBeagle.a.Bagle.a.” disabled=no% `7 b' j- P* s/ }
add chain=virus protocol=tcp dst-port=8866 action=drop \& _% ]% D$ {2 {. s: {; y5 {3 X7 j; P
comment=”Worm.BBeagle.b” disabled=no+ Y+ W  A! n' q+ p5 `3 q
add chain=virus protocol=tcp dst-port=2745 action=drop \
" a" B/ ]1 x0 pcomment=”Worm.BBeagle.c-g/j-l” disabled=no
- G& l$ U: v2 Aadd chain=virus protocol=tcp dst-port=2556 action=drop \
% `) h4 C9 i2 A+ W  Y  D4 |comment=”Worm.BBeagle.p/q/r/n” disabled=no, K3 V' q0 r9 X9 Q/ f" G
add chain=virus protocol=tcp dst-port=20742 action=drop \, K" o/ `! w0 L& U) I" ]$ n6 S) r
comment=”Worm.BBEagle.m-2″ disabled=no  l+ }" C$ Q* s8 |
add chain=virus protocol=tcp dst-port=4751 action=drop \
& ]0 T* I) B! x7 Q( k9 b* Pcomment=”Worm.BBeagle.s/t/u/v” disabled=no
; J& h! O: m! G: C$ gadd chain=virus protocol=tcp dst-port=2535 action=drop \
8 x+ u: E5 x* e* F# i4 gcomment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no5 w9 E5 }4 [" q; }
add chain=virus protocol=tcp dst-port=5238 action=drop \" P" f# N. a& b% ]) V$ X
comment=”Worm.LovGate.r.RpcExploit” disabled=no# R7 I! s/ {; K) q5 U
add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \! p1 s4 s. r/ f' c
disabled=no! n; B  [$ f# E3 w
add chain=virus protocol=tcp dst-port=5554 action=drop \/ Q4 n/ f! b- k4 P- j' B# Z2 d2 \
comment=”Worm.Sasser.b/c/f” disabled=no' p! T2 f7 J! w) ?, E9 l
add chain=virus protocol=tcp dst-port=9996 action=drop \
% T1 e9 o4 {: h/ [6 ?comment=”Worm.Sasser.b/c/f” disabled=no
' `; [' G6 ^$ W& _2 t5 b! L7 ]! j! radd chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
& F5 L" _6 N% D. Pdisabled=no
0 f* C2 B, |5 ?+ C4 T! `( k# k) xadd chain=virus protocol=tcp dst-port=10168 action=drop \
& o0 V5 P6 V- bcomment=”Worm.Lovgate.a/b/c/d” disabled=no
% [5 O. W+ o1 ~" tadd chain=virus protocol=tcp dst-port=20808 action=drop \( H; p8 ~% B# C5 Q
comment=”Worm.Lovgate.v.QQ” disabled=no
9 Y$ h1 I7 H% Q% s  f3 v: P9 R7 xadd chain=virus protocol=tcp dst-port=1092 action=drop \* Z' p7 T8 M  C5 T  d
comment=”Worm.Lovgate.f/g” disabled=no
4 e& F  j% ^8 ]add chain=virus protocol=tcp dst-port=20168 action=drop \, D  L' G7 s# t1 v3 ~! E4 D0 k
comment=”Worm.Lovgate.f/g” disabled=no
: g4 Z- }6 y6 xadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \, B1 L: x4 @  A2 ]% a
comment=”ndm.requester” disabled=no
( n2 [3 Y2 Q' \2 N$ g) Zadd chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \" b, Z2 }* F5 A9 ?. C% b3 a
disabled=no
; Z+ l6 ?+ n7 V+ b' Y) m. z' u4 aadd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \# p) |" x2 m' N. j
disabled=no9 A- e) P) l4 S& l2 \9 w6 s
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
) O3 W. G5 N6 y) S2 D* Idisabled=no
! w0 g* S6 i/ h  G- T7 cadd chain=virus protocol=tcp dst-port=3410 action=drop \! S, `" s1 z, V
comment=”Backdoor.Optixprotocol” disabled=no
4 @0 }4 v; l" ~; u- M  F% y* oadd chain=virus protocol=tcp dst-port=8888 action=drop \
' J" w) l  D8 b: `+ a- R  @comment=”Worm.BBeagle.b” disabled=no
! y) Q% ~2 V% `: ?add chain=virus protocol=udp dst-port=44444 action=drop \
( `& k' b( X) I( f1 I3 ]comment=”Delta.Source.Trojan-7″ disabled=no6 l# ^( J! H7 K; {8 t
add chain=virus protocol=udp dst-port=8998 action=drop \, L. j; b5 k8 a  \7 T7 Q8 b
comment=”Worm.Sobig.f-3″ disabled=no. g; W* q( O) S3 g% }
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \. v3 p* B& S/ W# r" W
disabled=no$ `+ b. v( S! [' ?- g7 n; Q) J
add chain=virus protocol=tcp dst-port=3198 action=drop \
4 O7 c5 ?( S; k' fcomment=”Worm.Novarg.a.Mydoom.a2.” disabled=no# {! @9 X2 k: ]8 k+ C( T
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \1 p7 R  x' W8 r  p& p+ d( L
Worm” disabled=no
, r0 n4 t7 ?$ m0 l$ I- Qadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
2 c8 O+ O; u$ Q1 h, L/ AWorm” disabled=no! A1 ~) m7 \5 B6 {- }" ]
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \4 t* I* B% Q* I3 @3 t+ x; K
Worm” disabled=no; r3 y) X. G/ a* S
/ ip firewall connection tracking
3 e& d2 s, T. q2 [2 }8 E' l5 Pset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
  ]& e" g! c) f% u4 }' N' e5 Q) Ltcp-established-timeout=10h tcp-fin-wait-timeout=2m \
7 j2 t$ t6 h  F+ K! \( t  z$ Vtcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \8 f/ _2 h6 O8 X; P5 F
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \$ `' {: Y8 @, H5 j, G! `
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
# T  o6 ^* R8 Vtcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图

GMT+8, 2017-11-24 19:11

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表