查看: 426|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter. L. G3 M3 c$ d4 y6 }( E$ ^
add chain=input connection-state=invalid action=drop \
5 P6 N+ F$ T5 N+ i5 ~comment=”丢弃非法连接packets” disabled=no# B% [! ^1 M6 ~4 c1 V- V; b& g
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
! ?2 Y. j; t# [: l1 tcomment=”限制总http连接数为90″ disabled=no6 k9 e8 x+ L  X3 s
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \3 j. [8 ?: Y) _2 L3 X
comment=”探测并丢弃端口扫描连接” disabled=no
# n( H& r9 g/ P, i* i' fadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \; X+ A2 Q) W4 u1 f+ ~; ]
action=tarpit comment=”压制DoS攻击” disabled=no
0 Y/ q$ K/ Y) B' Xadd chain=input protocol=tcp connection-limit=10,32 \" @) F/ u" V" b' X  A* I
action=add-src-to-address-list address-list=black_list \
+ T7 T/ B' G  t: w5 Gaddress-list-timeout=1d comment=”探测DoS攻击” disabled=no
0 S5 E" A' @- R0 Hadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
8 X4 U+ T/ s5 M; i" \+ {! udisabled=no
8 m; l0 i( C" n6 j: {. a, ^add chain=input src-address-type=!unicast action=drop \: l& C9 \1 e! R/ u. x6 D1 n( h' P
comment=”丢弃掉所有非单播数据” disabled=no4 a5 i# ]1 B5 N7 [0 G
add chain=input protocol=icmp action=jump jump-target=ICMP \
+ a% X* b" i7 J# O8 }comment=”跳转到ICMP链表” disabled=no
- b5 l3 n8 m! O% `) [0 {. `9 madd chain=input protocol=tcp action=jump jump-target=virus \
8 m- N9 ~( i4 t$ s4 ?4 a3 ccomment=”跳转到病毒链表” disabled=no+ o; {1 v/ l# A9 {% q
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \4 N8 d- {: C6 b& C  w# u! u
comment=”Ping应答限制为每秒5个包” disabled=no4 ~5 c- b  c& ~! A) b
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
1 X& O; t$ V5 Icomment=”Traceroute限制为每秒5个包” disabled=no
& r6 ]" q/ t/ J) W9 `' Vadd chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
% ~. U* J6 [$ i/ T; B8 q* L; I9 Ocomment=”MTU线路探测限制为每秒5个包” disabled=no$ a( n; q0 Q5 ?+ F
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \" y, p) `  U+ W8 n) W$ g& _# T
comment=”Ping请求限制为每秒5个包” disabled=no
8 I# [  N. L' m# l7 L7 q' Q  o2 Wadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \/ ~7 B$ |5 v$ s
comment=”Trace TTL限制为每秒5个包” disabled=no. U8 \; c. A' z2 y4 M6 T
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \! W# J! Q% I, j7 ]' o- m- V* M# h
disabled=no
( q) I' x+ r" l% madd chain=forward connection-state=established action=accept \% R* `. x# n4 r, K" A, Y' M
comment=”接受以连接的数据包” disabled=no
' r" v; M0 V: T+ Y$ U' l3 s3 d  yadd chain=forward connection-state=related action=accept \
2 {) G7 I/ ^; ^9 w" N+ Y" |comment=”接受相关数据包” disabled=no
, t! r! H) n- [9 b; Tadd chain=forward connection-state=invalid action=drop \
/ i: J5 |' s0 ~3 f, P( J. \comment=”丢弃非法数据包” disabled=no* T7 o( o- z8 O8 }0 G/ x# }
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
) m) t# v! F& g2 `1 ]( z5 Q' tcomment=”限制每个主机TCP连接数为50条” disabled=no
; y0 m2 \5 S6 @9 [0 x/ t9 c! kadd chain=forward src-address-type=!unicast action=drop \" a" m, y$ c7 [# W, T9 Q" T
comment=”丢弃掉所有非单播数据” disabled=no* R0 f- s. \- Q4 k
add chain=forward protocol=icmp action=jump jump-target=ICMP \2 T5 a8 o; `8 f$ o
comment=”跳转到ICMP链表” disabled=no- u. R! \7 s6 Q* Y7 m  T
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \
2 A' r& [: R' {9 p( ]+ Odisabled=no2 g7 P. E. y* Q& Q- w
add chain=virus protocol=tcp dst-port=41 action=drop \
) ?( b) Y7 e8 f0 H  t9 qcomment=”DeepThroat.Trojan-1″ disabled=no# U1 r* Q$ t1 ~, |8 ?
add chain=virus protocol=tcp dst-port=82 action=drop \
2 X$ V& o% Q  }. S. E( Q1 Hcomment=”Worm.NetSky.Y@mm” disabled=no
  y; C2 B7 ?- V  c) fadd chain=virus protocol=tcp dst-port=113 action=drop \9 o+ z  l. D  [2 K1 @+ @7 R- P* i/ [
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no
3 f: F7 S( S1 O. d& ~0 c2 Madd chain=virus protocol=tcp dst-port=2041 action=drop \! B+ K; Z5 A1 T1 a
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no4 Q) @# T8 O) s, D$ A- }3 l
add chain=virus protocol=tcp dst-port=3150 action=drop \
5 v3 Z7 B' x5 M5 acomment=”DeepThroat.Trojan-2″ disabled=no
* r. u! a2 B. a8 M( x3 Aadd chain=virus protocol=tcp dst-port=3067 action=drop \
7 M% I# L5 O3 b' ^" _: \comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no  B. \. D, D. w, y( O' x
add chain=virus protocol=tcp dst-port=3422 action=drop \: q+ K- \6 l4 u
comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no; L7 T4 z' B+ N8 E( I# q. _
add chain=virus protocol=tcp dst-port=6667 action=drop \
2 q7 f- N& m* \) ]comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
& G8 b9 G0 i, `; |- g9 W8 Z! i( Nadd chain=virus protocol=tcp dst-port=6789 action=drop \
1 e" ~* z  E% }  k" J* s; v4 s& Ccomment=”Worm.NetSky.S/T/U@mm” disabled=no/ Y- j, o, m! f7 c
add chain=virus protocol=tcp dst-port=8787 action=drop \; z6 K: l" l8 h" ?; E" m% t
comment=”Back.Orifice.2000.Trojan-1″ disabled=no, ~; ~4 Z  y  Z' j2 @& n
add chain=virus protocol=tcp dst-port=8879 action=drop \) S$ m+ \( @8 l9 y; Y* O
comment=”Back.Orifice.2000.Trojan-2″ disabled=no" v! f* F2 L& c$ a: ^4 v
add chain=virus protocol=tcp dst-port=8967 action=drop \+ F( z/ }( f3 R/ Q& O3 `
comment=”W32.Dabber.A/B-2″ disabled=no
1 ]) p/ |3 l( t9 z+ M+ A8 Vadd chain=virus protocol=tcp dst-port=9999 action=drop \  |; @- {3 @8 d6 t
comment=”W32.Dabber.A/B-3″ disabled=no  W6 O4 N; x7 j
add chain=virus protocol=tcp dst-port=20034 action=drop \
- j, M9 K% M6 B8 d. lcomment=”Block.NetBus.Trojan-2″ disabled=no
/ s4 J) W7 u3 aadd chain=virus protocol=tcp dst-port=21554 action=drop \
4 d! b) u0 ?+ M' P2 u1 Ccomment=”GirlFriend.Trojan-1″ disabled=no4 y5 f0 W2 H: g; V6 L% c5 L
add chain=virus protocol=tcp dst-port=31666 action=drop \
$ P- f! u5 h5 ucomment=”Back.Orifice.2000.Trojan-3″ disabled=no
/ c" Q1 u+ u0 }" oadd chain=virus protocol=tcp dst-port=43958 action=drop \
" L1 g5 i/ w/ y5 a& e! O7 Ccomment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no( t: V" k2 I: t: P5 V0 o& p0 u
add chain=virus protocol=tcp dst-port=999 action=drop \, Y' W& B8 T) q9 W% m) Y
comment=”DeepThroat.Trojan-3″ disabled=no" U3 c3 X8 B* ?: `. G: Z, Q
add chain=virus protocol=tcp dst-port=6670 action=drop \$ C( Z3 x; n! B8 G( J
comment=”DeepThroat.Trojan-4″ disabled=no
+ b- }7 c+ {0 z/ t5 F5 [add chain=virus protocol=tcp dst-port=6771 action=drop \
) o% m+ F$ i% X  ?, ncomment=”DeepThroat.Trojan-5″ disabled=no
  R, y7 A* M8 I5 G6 ladd chain=virus protocol=tcp dst-port=60000 action=drop \* a; a9 _) d7 p
comment=”DeepThroat.Trojan-6″ disabled=no
2 E# ]) R5 _8 _/ z; k* tadd chain=virus protocol=tcp dst-port=2140 action=drop \
- ]2 G  a5 V5 W7 }comment=”DeepThroat.Trojan-7″ disabled=no9 F+ U+ C. ^* e, X" @9 }% u0 h1 C! Q
add chain=virus protocol=tcp dst-port=10067 action=drop \
9 D5 }* ^/ ?! {( h# |/ {comment=”Portal.of.Doom.Trojan-1″ disabled=no
( u, n! |& n! Uadd chain=virus protocol=tcp dst-port=10167 action=drop \
8 ?- J) O# r/ g' p9 v6 s- R5 Hcomment=”Portal.of.Doom.Trojan-2″ disabled=no
: H5 Y2 A4 d6 t: L6 k9 Zadd chain=virus protocol=tcp dst-port=3700 action=drop \
$ f5 B7 ], X3 ]  Xcomment=”Portal.of.Doom.Trojan-3″ disabled=no
- N9 |  B! A: j" ~# l+ {2 E# Sadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \+ _1 k2 y* e* W, ]3 Y5 m# _& z
comment=”Portal.of.Doom.Trojan-4″ disabled=no
8 Z- w8 i) x: Z# yadd chain=virus protocol=tcp dst-port=6883 action=drop \( t" G  W- [2 T3 k
comment=”Delta.Source.Trojan-1″ disabled=no
' N6 x" u& b4 ^$ hadd chain=virus protocol=tcp dst-port=26274 action=drop \
  |) a8 U, P, ~+ \3 c% dcomment=”Delta.Source.Trojan-2″ disabled=no
8 n8 v8 u9 ~% z% z* q5 \4 f$ q1 ladd chain=virus protocol=tcp dst-port=4444 action=drop \
, W# v9 ^# I# Dcomment=”Delta.Source.Trojan-3″ disabled=no
! l3 p; n" y2 W1 gadd chain=virus protocol=tcp dst-port=47262 action=drop \
* b! Q' T. Z0 F2 ycomment=”Delta.Source.Trojan-4″ disabled=no
. ?4 ~4 e& U8 |add chain=virus protocol=tcp dst-port=3791 action=drop \
4 v" m, H7 j4 u0 q; tcomment=”Eclypse.Trojan-1″ disabled=no
0 i+ f' D# G5 H4 {add chain=virus protocol=tcp dst-port=3801 action=drop \
# N5 x( O& W  @( H8 E! {' Q( ccomment=”Eclypse.Trojan-2″ disabled=no+ W2 B& o! a# D1 n' J
add chain=virus protocol=tcp dst-port=65390 action=drop \  g" F& @% {! e' b& H+ L
comment=”Eclypse.Trojan-3″ disabled=no) W7 j7 S" B2 ?3 {8 v' \  D# ]
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \# h: w9 q: _4 h& P# [
comment=”Y3K.RAT.Trojan-1″ disabled=no' @: C( `* o6 g& M- e  v* H2 ]) \
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
1 e' n3 [3 Q0 r8 o! n0 A4 U" Y) `% Zcomment=”Y3K.RAT.Trojan-2″ disabled=no
3 z/ T2 r1 v3 d+ l+ l8 q9 t8 ~/ [6 Dadd chain=virus protocol=tcp dst-port=30100-30103 action=drop \: B) ~9 I- ?2 u# P; I; M; I* n; v
comment=”NetSphere.Trojan-1″ disabled=no7 j# {0 Y3 A: v  \' d/ O+ U  n; m% F1 u
add chain=virus protocol=tcp dst-port=30133 action=drop \3 g, {& J' X6 ^; y) w+ f8 [
comment=”NetSphere.Trojan-2″ disabled=no
- o8 `; _3 r3 kadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
6 c, t  M# f# [/ b* b1 h. x/ Ecomment=”NetMonitor.Trojan-1″ disabled=no
' {5 E' ~4 s. M8 y4 o8 sadd chain=virus protocol=tcp dst-port=7306-7308 action=drop \" |  L" ?6 f, y) K0 v
comment=”NetMonitor.Trojan-2″ disabled=no# _& Z% g; ]* v
add chain=virus protocol=tcp dst-port=79 action=drop \
! ?& n3 d) b, R, D( v$ I! Mcomment=”FireHotcker.Trojan-1″ disabled=no
0 j4 C; W& }5 {: `& Fadd chain=virus protocol=tcp dst-port=5031 action=drop \; p0 H: o' \) h4 R
comment=”FireHotcker.Trojan-2″ disabled=no$ r* r8 ?6 z8 C; B
add chain=virus protocol=tcp dst-port=5321 action=drop \
+ K3 M3 c4 F! icomment=”FireHotcker.Trojan-3″ disabled=no
. }# s; M9 X6 J6 |( n% q8 ~: nadd chain=virus protocol=tcp dst-port=6400 action=drop \
  h' J5 ]7 y- Ncomment=”TheThing.Trojan-1″ disabled=no/ I6 T$ H7 L" |' ]1 n# N
add chain=virus protocol=tcp dst-port=7777 action=drop \3 W' {. O; d- r: u/ E$ ]' s
comment=”TheThing.Trojan-2″ disabled=no6 d1 Y" I/ z) q9 J$ d
add chain=virus protocol=tcp dst-port=1047 action=drop \- e- \6 ~# S3 _- U+ `  Z
comment=”GateCrasher.Trojan-1″ disabled=no
  q; P* b, W+ y7 [: m% A  ^add chain=virus protocol=tcp dst-port=6969-6970 action=drop \- y# a2 s9 [$ K% j5 Y
comment=”GateCrasher.Trojan-2″ disabled=no
) N! u; p$ O. Wadd chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
4 F  l! T3 H2 ~3 u% Sdisabled=no
  R: H7 L( i6 v( r7 w6 vadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \( ]; {( v: N3 y) h
disabled=no' Z9 c, e+ ?; g1 x" P7 Z! V; ]
add chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
4 P+ ~6 _+ L* I$ F  K% V7 sdisabled=no
' B( p: K7 s8 ^# madd chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
2 W3 J" P0 O: ?: `  x6 cdisabled=no
# F7 n: `. z# I' C, Tadd chain=virus protocol=tcp dst-port=6711-6713 action=drop \
: a! z1 Q( Q8 R& `8 x7 G, hcomment=”SubSeven-5″ disabled=no. ~; w, L- `  p9 V, D. q3 y! p
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \- T* ~+ g% K$ f
disabled=no
2 s% S/ ~" b9 j. x5 L& h' ?, Dadd chain=virus protocol=tcp dst-port=25685-25686 action=drop \& ^0 q" S! F; T8 P) w3 J! \1 F
comment=”Moonpie.Trojan-1″ disabled=no
# M6 T" w0 z9 {6 u% F" O1 I0 ladd chain=virus protocol=tcp dst-port=25982 action=drop \0 ?' g$ {8 I, {9 f- g$ E" O$ B
comment=”Moonpie.Trojan-2″ disabled=no( r! P1 S+ H/ J1 Y; J
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \' v& A! p3 c, g& I  ]6 m3 s4 H
comment=”NetSpy.Trojan-3″ disabled=no# C8 u; ?/ e% }" A
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \) |1 h. @8 J3 o3 s3 |3 y0 F
disabled=no
' a6 ~8 L5 d. s: E5 v  Kadd chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
) A2 y! n% P6 f  b6 ]disabled=no& u; g3 Q. v3 N  D, d. m: V
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \' @7 `' R% |$ p- o% J
disabled=no
$ t) w1 K$ h' P. g# ]add chain=virus protocol=tcp dst-port=19191 action=drop \
, a9 c. p1 w6 n. J7 |- p# Jcomment=”Trojan.NianSeHoYian” disabled=no
% w+ C% n, O! Y6 h! m$ t5 ?, `add chain=virus protocol=tcp dst-port=23444-23445 action=drop \3 s; @4 |6 J$ n+ W' h( |6 N
comment=”NetBull.Trojan” disabled=no2 Q5 M; M$ g6 U1 }7 x6 g
add chain=virus protocol=tcp dst-port=2583 action=drop \  V4 x0 W- A4 p: B, p! Z1 N
comment=”WinCrash.Trojan-1″ disabled=no
1 M! r7 F4 K, G: V4 E( Zadd chain=virus protocol=tcp dst-port=3024 action=drop \
1 p  K0 _; O/ {  k  w& \" ]comment=”WinCrash.Trojan-2″ disabled=no! h- r4 e. w$ m, v) ?% w& |
add chain=virus protocol=tcp dst-port=4092 action=drop \. {7 u3 ~, I9 R( k  J  S' P+ d
comment=”WinCrash.Trojan-3″ disabled=no
5 g4 ^8 x4 W( s: G0 n' p) Badd chain=virus protocol=tcp dst-port=5714 action=drop \
$ C- e8 `- [+ \comment=”WinCrash.Trojan-4″ disabled=no
$ i& I5 @1 l7 e9 I1 Y! I
2 E5 ?% {+ a# Q5 s5 r' x. k5 t# \* ^* Z5 X

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \% E) R) p0 Z- `! Q5 r
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
7 l* }  u5 C/ h6 nadd chain=virus protocol=tcp dst-port=1015 action=drop \
5 }: ?" k1 T) f0 P1 u3 w3 ]comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
/ K3 L6 a2 J9 n' }  s5 O$ d1 dadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
2 ?! S: {' D# U1 ]5 o* u* ^8 S8 D7 v: o6 ccomment=”TransScout.Trojan-1″ disabled=no
5 q" G9 C( a5 B( h& Wadd chain=virus protocol=tcp dst-port=9878 action=drop \& @4 q2 p: _) X8 ~/ M
comment=”TransScout.Trojan-2″ disabled=no
7 w' H1 V. `: Madd chain=virus protocol=tcp dst-port=2773 action=drop \! s1 J0 p8 Z  |/ f
comment=”Backdoor.YAI..Trojan-1″ disabled=no
  X6 w! r* v8 p3 m+ r1 e/ ladd chain=virus protocol=tcp dst-port=7215 action=drop \" y( [; d% F- G: q
comment=”Backdoor.YAI.Trojan-2″ disabled=no
7 M' s' F( i' }' Yadd chain=virus protocol=tcp dst-port=54283 action=drop \
+ `- w1 V; N# A; O5 e7 d  dcomment=”Backdoor.YAI.Trojan-3″ disabled=no$ f2 ~; c  Q/ U! `
add chain=virus protocol=tcp dst-port=1003 action=drop \
  L3 r  F1 _4 Z/ R% Tcomment=”BackDoorTrojan-1″ disabled=no
4 P1 t& e- L5 I& g3 Z, Aadd chain=virus protocol=tcp dst-port=5598 action=drop \
& @+ q8 e0 F# ^0 C; ~2 ]7 Fcomment=”BackDoorTrojan-2″ disabled=no& K; w+ i2 r3 ~/ [5 |' H
add chain=virus protocol=tcp dst-port=5698 action=drop \
2 c. S: V5 `6 p) X  A# ccomment=”BackDoorTrojan-3″ disabled=no
& T+ H, h  d7 J9 v& Padd chain=virus protocol=tcp dst-port=31554 action=drop \
7 ~1 Y! Q3 X( _6 R+ A1 W# _comment=”SchainwindlerTrojan-2″ disabled=no
! L( s3 y7 L- Q0 v- B- Aadd chain=virus protocol=tcp dst-port=18753 action=drop \
9 C1 W) X7 D0 P: Kcomment=”Shaft.DDoS.Trojan-1″ disabled=no
+ ^, z* h5 Q) X' _8 v7 ladd chain=virus protocol=tcp dst-port=20432 action=drop \
5 e# k9 I- E7 r4 j" Jcomment=”Shaft.DDoS.Trojan-2″ disabled=no
1 A% X4 P. Z3 t6 S2 E& U9 Uadd chain=virus protocol=tcp dst-port=65000 action=drop \
* P( _! l1 H* q, i/ r* i! ~2 w9 Xcomment=”Devil.DDoS.Trojan” disabled=no
) S' J& o4 b- f4 v/ Xadd chain=virus protocol=tcp dst-port=11831 action=drop \; z# Z/ Y% {% c7 N7 y
comment=”LatinusTrojan-1″ disabled=no( K. t9 t4 ^& h' o
add chain=virus protocol=tcp dst-port=29559 action=drop \4 p8 \( O" A/ a3 [
comment=”LatinusTrojan-2″ disabled=no
* E& Y. s5 D5 f% ^: J6 Q0 R% yadd chain=virus protocol=tcp dst-port=1784 action=drop \
7 P) e5 x* a+ g- scomment=”Snid.X2Trojan-1″ disabled=no5 ^% S7 |& ?% {8 \
add chain=virus protocol=tcp dst-port=3586 action=drop \* O+ _. s4 }. _" m" u$ k
comment=”Snid.X2Trojan-2″ disabled=no( C3 e( ^# d+ P4 P/ W8 ?
add chain=virus protocol=tcp dst-port=7609 action=drop \" r/ j! f- F" v  K3 u
comment=”Snid.X2Trojan-3″ disabled=no% w8 n; _9 O" P& i8 h- h% _" G
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \* R3 o; }+ p! X& ?/ ?
comment=”BionetTrojan-1″ disabled=no0 x& F4 B5 W& x  q. |% U+ ~
add chain=virus protocol=tcp dst-port=12478 action=drop \
/ J4 ]4 R1 ?9 d) }. `3 _9 z; Gcomment=”BionetTrojan-2″ disabled=no
+ W% Q1 c# n9 ]0 U. d8 tadd chain=virus protocol=tcp dst-port=57922 action=drop \4 d8 K: G0 c& `( l6 \
comment=”BionetTrojan-3″ disabled=no
2 F5 r0 v# R7 \$ nadd chain=virus protocol=tcp dst-port=3127 action=drop \
0 b0 X6 _' A/ m( O% gcomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
( \1 s, E! f! a/ o* n5 |$ wadd chain=virus protocol=tcp dst-port=6777 action=drop \
# v* U7 h+ {7 G' ]. Ncomment=”Worm.BBeagle.a.Bagle.a.” disabled=no
. ], y5 ~! r7 x+ eadd chain=virus protocol=tcp dst-port=8866 action=drop \
! |+ [$ l1 s) `8 J* Z2 U, kcomment=”Worm.BBeagle.b” disabled=no* Z  N% A2 A6 u3 l( \% r3 F. L, M+ g
add chain=virus protocol=tcp dst-port=2745 action=drop \
/ H  p7 @8 ~5 |$ i$ w6 |comment=”Worm.BBeagle.c-g/j-l” disabled=no: R, ^* @' F. k& O' G' h( L; \
add chain=virus protocol=tcp dst-port=2556 action=drop \
) r/ I( P  p5 U! G) K* \comment=”Worm.BBeagle.p/q/r/n” disabled=no
3 s, Q) ]# {+ j3 H3 a8 u7 B4 [add chain=virus protocol=tcp dst-port=20742 action=drop \
" U7 q( x) p% c0 s' h: J- X0 M( ncomment=”Worm.BBEagle.m-2″ disabled=no6 t3 J+ p* c# d5 M3 S: [+ q0 x1 m
add chain=virus protocol=tcp dst-port=4751 action=drop \
+ G$ q$ Y8 [9 [$ ^comment=”Worm.BBeagle.s/t/u/v” disabled=no
9 }/ `$ x9 L3 x" yadd chain=virus protocol=tcp dst-port=2535 action=drop \+ G5 `4 L! k/ }$ I
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
  ]3 a. [, L/ d9 F4 f! Cadd chain=virus protocol=tcp dst-port=5238 action=drop \8 d* l2 f& @+ f9 `
comment=”Worm.LovGate.r.RpcExploit” disabled=no
0 Y$ q1 h6 n- f( ]add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \1 y2 L8 ?- P+ p% U; F* O7 ~
disabled=no
$ O# A' X, m; ~7 Z, e* oadd chain=virus protocol=tcp dst-port=5554 action=drop \
5 ]& K" w6 B3 C2 Y# Zcomment=”Worm.Sasser.b/c/f” disabled=no: o8 u& V1 X7 f: S4 ^6 y% ~
add chain=virus protocol=tcp dst-port=9996 action=drop \- m. U0 g, Y2 n4 o$ j4 T
comment=”Worm.Sasser.b/c/f” disabled=no- P3 ~, h9 T1 A( a' o
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
" u  @3 S6 Z* o  m0 q/ x+ ~. ddisabled=no) _+ d; a  ]( k" L1 B. f' g" }2 a
add chain=virus protocol=tcp dst-port=10168 action=drop \
9 u: |/ ~% t% ?2 ]  ^, e& ~comment=”Worm.Lovgate.a/b/c/d” disabled=no
6 E- h5 f/ }% b& zadd chain=virus protocol=tcp dst-port=20808 action=drop \
: T5 ^, t; r* N" H1 W1 F2 \* h* rcomment=”Worm.Lovgate.v.QQ” disabled=no
" W: O3 }. }+ j( A8 C- B& L+ qadd chain=virus protocol=tcp dst-port=1092 action=drop \
, r! R$ g3 h4 R- [4 \: m- D6 rcomment=”Worm.Lovgate.f/g” disabled=no
" Z5 v% Y8 d+ n' r% `" nadd chain=virus protocol=tcp dst-port=20168 action=drop \9 M! V# }' O/ z* F2 w) x6 I/ V
comment=”Worm.Lovgate.f/g” disabled=no% o& M. @# d' i& V6 j* ?
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \. G7 F; a" J# a8 I- @: [
comment=”ndm.requester” disabled=no/ D1 g; u& P$ a+ [" Z
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \
& |  L8 }) l6 U7 ddisabled=no: K; V- y, S$ [; A" ]& \9 a7 t% g. m7 |
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \! q* ]8 K8 E. ?* k, ^7 P- U' P
disabled=no
; d" o& `8 K  e+ V& ?1 badd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \, p0 r) M* a/ z! E( d" ]
disabled=no
6 I" \9 Y- X: Z8 sadd chain=virus protocol=tcp dst-port=3410 action=drop \: L0 [4 P; L6 V! i! n3 T
comment=”Backdoor.Optixprotocol” disabled=no
/ Q  x& Q8 d; Q: v" sadd chain=virus protocol=tcp dst-port=8888 action=drop \9 _# C2 l0 F. q/ e* A$ J
comment=”Worm.BBeagle.b” disabled=no' E3 }- r' p5 v/ j! E( }6 d
add chain=virus protocol=udp dst-port=44444 action=drop \3 ~; u1 N) [/ I" Z0 s. v
comment=”Delta.Source.Trojan-7″ disabled=no1 {+ @$ Y( K* h0 e) x$ t
add chain=virus protocol=udp dst-port=8998 action=drop \$ ?2 s  T* Q1 V' J% ~1 g
comment=”Worm.Sobig.f-3″ disabled=no
" \, B3 j  X6 A/ vadd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
$ ~0 o% Y* y2 _& G) J% ldisabled=no
* U9 }6 X. c9 i& J5 f4 e( _: @add chain=virus protocol=tcp dst-port=3198 action=drop \  C* K. P0 Z$ r
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no( [0 g8 z1 i! `0 c4 f/ ]
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \
, G3 o# ^& \* WWorm” disabled=no( I0 ^( u" Q4 K% h/ U4 j
add chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \3 B% A* ]. p7 F) }8 q
Worm” disabled=no
+ w8 a8 `% \3 y7 A2 iadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
: q* |6 m  r/ I, HWorm” disabled=no
; i6 S4 M* J' n2 j1 {  Q. Q/ ip firewall connection tracking( U  U& p0 }- s. f2 j7 i' R- c* Q, e
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
) b7 p. C$ D) i: Utcp-established-timeout=10h tcp-fin-wait-timeout=2m \0 c2 O/ o5 ~/ q! O  H/ H
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
. X) t: e5 k8 a# q7 k) A% _7 htcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \( j- k! I- N% D3 Y
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
5 K' U8 E  f$ E7 l' N  R' I$ Z2 xtcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-6-26 15:00

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表