查看: 411|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter  a7 i5 P3 i- R7 t4 Q* k6 Y+ v" G
add chain=input connection-state=invalid action=drop \
) x2 p6 F; l0 o) e1 ]4 R/ Zcomment=”丢弃非法连接packets” disabled=no
: T1 m; F/ |" L+ s, h/ A6 s7 i& _add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \3 u6 b$ Q* m) T+ Q* H% V5 d
comment=”限制总http连接数为90″ disabled=no
+ y' p7 K$ k* d' g6 |add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
. v2 P5 W( w3 U  ~  g( b; e5 hcomment=”探测并丢弃端口扫描连接” disabled=no
$ x+ ?- G, }3 |* S& ~add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
# L! l# n0 }6 saction=tarpit comment=”压制DoS攻击” disabled=no! w) F/ n6 n) r# _3 G* b" B3 `6 o
add chain=input protocol=tcp connection-limit=10,32 \- V: A- K" c' h* ]+ q4 V' Z
action=add-src-to-address-list address-list=black_list \
7 E( G- R* i+ t6 v0 |! m, ]) ~address-list-timeout=1d comment=”探测DoS攻击” disabled=no
: g0 q; n9 J0 e4 t  iadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \: ~, g2 X; X" Y+ h& |7 F: y
disabled=no! P5 ~  |% [7 ?2 ?
add chain=input src-address-type=!unicast action=drop \; S1 i3 s; w9 M) F
comment=”丢弃掉所有非单播数据” disabled=no6 N# u% X2 h6 E) o7 y
add chain=input protocol=icmp action=jump jump-target=ICMP \& @0 Z! X" A& d+ p
comment=”跳转到ICMP链表” disabled=no
' O6 T% M5 x* r* ~add chain=input protocol=tcp action=jump jump-target=virus \' r. I. {# ^& p6 v( j
comment=”跳转到病毒链表” disabled=no) V( t+ a1 t! y
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
! m  a) E) F1 L/ Qcomment=”Ping应答限制为每秒5个包” disabled=no
* {( A$ D$ J. R/ C2 {add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \( U7 b) ]4 F$ a% S0 `, ?8 L
comment=”Traceroute限制为每秒5个包” disabled=no5 Q- k9 V$ ?+ `2 x& g& f
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
; N  z  \: a3 H9 ~: t% Mcomment=”MTU线路探测限制为每秒5个包” disabled=no& {' y2 ]4 S- E& h( }/ `
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
4 J7 d0 p! m  G/ |comment=”Ping请求限制为每秒5个包” disabled=no
3 _7 |8 D8 P; y7 Nadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \7 }0 x4 G+ O: f7 U9 Z
comment=”Trace TTL限制为每秒5个包” disabled=no: B$ e6 C* ~1 J+ e
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \5 {8 q6 w  f& u9 [, G' C0 |  {3 S
disabled=no# Z3 Y$ G; s: a$ x
add chain=forward connection-state=established action=accept \8 C! @7 [/ d  Q9 J
comment=”接受以连接的数据包” disabled=no
/ C  b) `9 J/ s8 R% Fadd chain=forward connection-state=related action=accept \2 s8 x; B* }8 L& j/ I
comment=”接受相关数据包” disabled=no1 H; _/ b' `+ C2 g& X4 x! o
add chain=forward connection-state=invalid action=drop \
. ?8 g: o* y. s, {8 a0 l. Rcomment=”丢弃非法数据包” disabled=no
0 @7 J4 p8 J4 Q7 Jadd chain=forward protocol=tcp connection-limit=50,32 action=drop \0 J& A- o' _$ {
comment=”限制每个主机TCP连接数为50条” disabled=no
0 ^' Y0 S) R) z/ a; m0 ?add chain=forward src-address-type=!unicast action=drop \0 y% q) V. C2 K
comment=”丢弃掉所有非单播数据” disabled=no1 ^& `) T4 r+ G5 I/ f5 E+ o
add chain=forward protocol=icmp action=jump jump-target=ICMP \+ L$ K: C4 U! D! B6 K8 ]- k0 D3 o
comment=”跳转到ICMP链表” disabled=no+ }! D5 W( ?7 h: Q  C6 Y
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \- \9 ]& `2 ^& N! Y. B; f8 g
disabled=no% x- A. q: B  x& o  [' z/ F: w
add chain=virus protocol=tcp dst-port=41 action=drop \
3 h8 k; f' A% F, C- }comment=”DeepThroat.Trojan-1″ disabled=no
9 v9 p( c3 m+ C0 Cadd chain=virus protocol=tcp dst-port=82 action=drop \
' f) Y0 H9 m; b$ I3 y1 w  g% ecomment=”Worm.NetSky.Y@mm” disabled=no' V/ C5 T. c5 z9 V
add chain=virus protocol=tcp dst-port=113 action=drop \
  X4 j( D$ K9 @% \1 n' Mcomment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no/ H7 }4 a5 n5 L7 d0 A+ ?/ v+ w
add chain=virus protocol=tcp dst-port=2041 action=drop \
) w6 }& `  G9 d( X' s8 qcomment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no) o* C( R7 ^' L0 ]
add chain=virus protocol=tcp dst-port=3150 action=drop \
* p- ~/ z7 A1 V4 B  acomment=”DeepThroat.Trojan-2″ disabled=no2 c& J6 K  U6 J% z# y
add chain=virus protocol=tcp dst-port=3067 action=drop \
# X/ t8 Y* d9 q" c2 O0 qcomment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
3 H" }; t% L8 V; p, uadd chain=virus protocol=tcp dst-port=3422 action=drop \( @5 s2 V" J* D* |: a/ V' {
comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no- H8 I7 z! ]/ K' }
add chain=virus protocol=tcp dst-port=6667 action=drop \
- m0 F( @( f4 hcomment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no; w' Z) ~; z! f
add chain=virus protocol=tcp dst-port=6789 action=drop \
7 |* Y. g; Q/ M: l8 o& G% s# _comment=”Worm.NetSky.S/T/U@mm” disabled=no
6 p' l6 V7 \  B+ q" Eadd chain=virus protocol=tcp dst-port=8787 action=drop \+ ^# w# A- m3 P( {8 v+ V
comment=”Back.Orifice.2000.Trojan-1″ disabled=no
- t, o% j$ n: g9 ladd chain=virus protocol=tcp dst-port=8879 action=drop \/ F0 Q7 o1 x  g3 M/ c0 G! H
comment=”Back.Orifice.2000.Trojan-2″ disabled=no
/ C; H: m; |" vadd chain=virus protocol=tcp dst-port=8967 action=drop \0 D5 `4 x9 E( p; N
comment=”W32.Dabber.A/B-2″ disabled=no
6 V/ Y0 q( R2 |' o" r5 jadd chain=virus protocol=tcp dst-port=9999 action=drop \
4 w" c, F2 s* \4 ], R2 A( tcomment=”W32.Dabber.A/B-3″ disabled=no
* q: a6 r& ~2 p8 k; [# m3 `! |add chain=virus protocol=tcp dst-port=20034 action=drop \, C6 U/ y5 c+ d! v1 O
comment=”Block.NetBus.Trojan-2″ disabled=no
  E- M( w8 @7 A& B4 C. s2 yadd chain=virus protocol=tcp dst-port=21554 action=drop \
9 n0 g7 {6 F4 ^" N" a: |% b% tcomment=”GirlFriend.Trojan-1″ disabled=no8 Y, V, d2 ^* Q1 {$ e6 b
add chain=virus protocol=tcp dst-port=31666 action=drop \
; K2 |  _  r/ c5 ^0 S) K# ?comment=”Back.Orifice.2000.Trojan-3″ disabled=no2 W  e" p# Q0 K6 z) R% j0 B
add chain=virus protocol=tcp dst-port=43958 action=drop \
8 z; p" R3 `9 A7 b* p; ycomment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no% t: r/ k/ H1 h. {% D9 \
add chain=virus protocol=tcp dst-port=999 action=drop \
8 e5 [; V7 ?* Z) G* e" }  rcomment=”DeepThroat.Trojan-3″ disabled=no
- t( g/ j/ s& ^4 N5 L0 W+ b. [# dadd chain=virus protocol=tcp dst-port=6670 action=drop \
+ E5 R3 _& l& L' q7 }: T6 |, q+ Kcomment=”DeepThroat.Trojan-4″ disabled=no3 D0 v7 @+ r1 Y, Y6 l
add chain=virus protocol=tcp dst-port=6771 action=drop \
' t5 F5 Z' v6 i3 F( B3 x  Z' Y+ v, T3 Wcomment=”DeepThroat.Trojan-5″ disabled=no/ w' t: e8 X% _+ u% }5 h
add chain=virus protocol=tcp dst-port=60000 action=drop \
- P* K" K( g, C7 M& Dcomment=”DeepThroat.Trojan-6″ disabled=no
3 L' v! \" Z8 {8 v( Cadd chain=virus protocol=tcp dst-port=2140 action=drop \; x+ C9 z0 x, c! |" M: S3 ]' P7 A
comment=”DeepThroat.Trojan-7″ disabled=no
+ x! c3 g. H) q: r) h* ]- J3 w! Z) c( `add chain=virus protocol=tcp dst-port=10067 action=drop \
6 ^: O' Y4 e6 y+ b5 P  Pcomment=”Portal.of.Doom.Trojan-1″ disabled=no! c( E- B; W) F- x- o. D. q) c
add chain=virus protocol=tcp dst-port=10167 action=drop \6 g2 k- W9 @1 d; G, z$ E5 ^; f( l+ L
comment=”Portal.of.Doom.Trojan-2″ disabled=no
9 C. ?# l. A7 ?: S5 P* `- ladd chain=virus protocol=tcp dst-port=3700 action=drop \
* `% I) O3 r5 T8 Q! u8 y6 Y% wcomment=”Portal.of.Doom.Trojan-3″ disabled=no
$ D- V# [! x% w* q: g( Vadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \- v  T% W' Y* D
comment=”Portal.of.Doom.Trojan-4″ disabled=no9 W2 z7 b+ q! X, z' M5 T: r5 G
add chain=virus protocol=tcp dst-port=6883 action=drop \0 D/ M: w5 N5 H5 Z
comment=”Delta.Source.Trojan-1″ disabled=no; c- H8 D. m' G, T9 m
add chain=virus protocol=tcp dst-port=26274 action=drop \
$ U! M3 b5 }. T, Y3 ~comment=”Delta.Source.Trojan-2″ disabled=no3 @5 l. o3 @- r9 _
add chain=virus protocol=tcp dst-port=4444 action=drop \
! e7 G; c& Y5 K0 ^9 ]comment=”Delta.Source.Trojan-3″ disabled=no
: t7 d; N" ~' N  z0 ]; uadd chain=virus protocol=tcp dst-port=47262 action=drop \, ^5 N4 x  V3 `. V
comment=”Delta.Source.Trojan-4″ disabled=no
( T8 H3 a. ~8 Q2 K# }add chain=virus protocol=tcp dst-port=3791 action=drop \
2 M1 S* B3 {* {" M4 `. D: D) ^comment=”Eclypse.Trojan-1″ disabled=no! J# q7 D. U0 N; L- K8 i0 f5 j
add chain=virus protocol=tcp dst-port=3801 action=drop \
; A) \: r8 J/ g1 L, Ocomment=”Eclypse.Trojan-2″ disabled=no
- `( Q) F: h% H: o7 E% M: vadd chain=virus protocol=tcp dst-port=65390 action=drop \# A7 U2 y. v0 Y$ ]1 }0 i
comment=”Eclypse.Trojan-3″ disabled=no: D; D" P' X6 A% ~' C
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \- @" ^( r* T0 C3 D
comment=”Y3K.RAT.Trojan-1″ disabled=no* _/ o" F1 V1 y. Z. k0 G  w& X
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \: G; M0 @$ J% {% Z' x6 C
comment=”Y3K.RAT.Trojan-2″ disabled=no5 q6 I7 V1 p4 x/ H8 I
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \2 u" p( z5 I0 E
comment=”NetSphere.Trojan-1″ disabled=no# W9 |/ g3 \9 ?7 p
add chain=virus protocol=tcp dst-port=30133 action=drop \$ d: j8 H/ V6 C; ]6 |( Q
comment=”NetSphere.Trojan-2″ disabled=no/ W: b, p% D9 r7 F/ }3 x- Q5 @
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \" f% x# w' e, H' ^% C  _' s
comment=”NetMonitor.Trojan-1″ disabled=no8 I# y8 Z) L, c3 A4 ]
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \7 r$ [" z4 a' K/ L% h* B
comment=”NetMonitor.Trojan-2″ disabled=no
# o* w- g! V4 Y2 E* badd chain=virus protocol=tcp dst-port=79 action=drop \; d! W% n( {- G
comment=”FireHotcker.Trojan-1″ disabled=no0 H; \, ^4 H7 i$ b7 e( B
add chain=virus protocol=tcp dst-port=5031 action=drop \; G3 g$ u/ d, K0 S/ ^3 G
comment=”FireHotcker.Trojan-2″ disabled=no$ l* z( o. E3 I9 n' u6 [
add chain=virus protocol=tcp dst-port=5321 action=drop \
% [) _% J) u% {1 [2 scomment=”FireHotcker.Trojan-3″ disabled=no  D4 V' C: w2 q3 Q0 K
add chain=virus protocol=tcp dst-port=6400 action=drop \
2 d- r2 A* M6 C# g# ncomment=”TheThing.Trojan-1″ disabled=no# K) z3 m" b; o. h/ b
add chain=virus protocol=tcp dst-port=7777 action=drop \% i, \1 D* {! n8 n' z) o6 G+ l
comment=”TheThing.Trojan-2″ disabled=no
3 H' Z/ _( ~9 F$ [6 G5 aadd chain=virus protocol=tcp dst-port=1047 action=drop \% I" h: q5 g! ~& J- r% a
comment=”GateCrasher.Trojan-1″ disabled=no
3 k) E' d4 [+ B4 F5 u  y( Padd chain=virus protocol=tcp dst-port=6969-6970 action=drop \9 t' |& ~5 L3 [7 ?7 j
comment=”GateCrasher.Trojan-2″ disabled=no
( ^' u" B  }+ q* _# sadd chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \5 I' g$ P; e2 u" D
disabled=no
$ Z' L5 m& B3 N% v7 {1 ~* Aadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \. z4 D, E- Z% R# f
disabled=no
; O8 S3 ]/ f/ s/ W. ^6 C% e( ~add chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
. _* S9 W6 i2 s' s; D# ]( b' _. ddisabled=no" P* i4 T! f  i
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
) Q, D& u1 t( H; kdisabled=no
/ d- b5 s/ A- r6 y- nadd chain=virus protocol=tcp dst-port=6711-6713 action=drop \' Y6 o( J  w* r  j! s
comment=”SubSeven-5″ disabled=no+ F6 C6 l3 h6 h5 L# p  v1 z) D0 i0 U
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \  g# p$ w9 V3 |  ^
disabled=no, e% _4 }- p( H  o& K( N" C
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
6 I  F- N* D; F# b# Y2 @( \1 Xcomment=”Moonpie.Trojan-1″ disabled=no
* J" A6 `3 _( b* J( F/ u. Badd chain=virus protocol=tcp dst-port=25982 action=drop \
+ F/ h) M3 d. w2 [" Wcomment=”Moonpie.Trojan-2″ disabled=no
# A$ x% n7 p9 N+ _; Iadd chain=virus protocol=tcp dst-port=31337-31339 action=drop \% a0 _  q; Z  J, j
comment=”NetSpy.Trojan-3″ disabled=no/ f+ t- @0 e  x5 o' C. k
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \: s- E$ b: F- A! s' ~' I- ?
disabled=no" H8 m. U  J! b. d
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \+ M0 ?8 ]' Z8 Y8 U; ]* I
disabled=no2 K% _1 Z" h9 Z2 O  u% F" E& I% j
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
& }/ k& \3 P- R( _, K+ u& Qdisabled=no
3 D" f  G* X  L8 badd chain=virus protocol=tcp dst-port=19191 action=drop \) Y# [3 i3 v: W- F% g
comment=”Trojan.NianSeHoYian” disabled=no
2 b- P* ~3 N' D4 H. p2 ladd chain=virus protocol=tcp dst-port=23444-23445 action=drop \
3 Z7 w$ {: V7 W% Y6 ocomment=”NetBull.Trojan” disabled=no
: |% s* I1 ]8 fadd chain=virus protocol=tcp dst-port=2583 action=drop \
; R: ^6 y% S$ pcomment=”WinCrash.Trojan-1″ disabled=no
7 [9 G5 w* f" Padd chain=virus protocol=tcp dst-port=3024 action=drop \; E0 ^+ I. g1 e8 y
comment=”WinCrash.Trojan-2″ disabled=no) Y' d; z; o6 a
add chain=virus protocol=tcp dst-port=4092 action=drop \( C# a1 K: [* _7 J$ ]8 o
comment=”WinCrash.Trojan-3″ disabled=no
  U) O* i; k7 V$ gadd chain=virus protocol=tcp dst-port=5714 action=drop \
; K$ Z5 K0 o0 n3 F1 S: S. Acomment=”WinCrash.Trojan-4″ disabled=no
7 @/ W$ `3 Y. w# \* A
( R' v& G3 a( o5 b
+ ^; i9 `9 Q3 n6 b# S+ Z2 @

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \5 r. ?, W( W  t8 P
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no5 I7 Y% l+ a, r$ j
add chain=virus protocol=tcp dst-port=1015 action=drop \
/ }4 K: s3 F) c5 x9 Fcomment=”Doly1.0/1.35/1.5trojan-2″ disabled=no2 j$ D/ }! h2 b+ z4 ^& W* R  d
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \+ m" L  i  S: o# Z" r) }
comment=”TransScout.Trojan-1″ disabled=no
3 f  I. |, l$ t' G9 O- {* u+ a: j, z- I! sadd chain=virus protocol=tcp dst-port=9878 action=drop \2 V; g% G2 F& m5 `% [: K4 H
comment=”TransScout.Trojan-2″ disabled=no7 H0 h1 R  g9 Z0 ~- I
add chain=virus protocol=tcp dst-port=2773 action=drop \  Q: G5 e& c, T+ Q' X& N
comment=”Backdoor.YAI..Trojan-1″ disabled=no' {2 k2 J) x$ V7 c# K
add chain=virus protocol=tcp dst-port=7215 action=drop \0 J; Y, T# q( M/ b2 B
comment=”Backdoor.YAI.Trojan-2″ disabled=no
/ E: `& \5 l2 A' r) P# D2 sadd chain=virus protocol=tcp dst-port=54283 action=drop \, _  @+ S! k9 N0 h9 o
comment=”Backdoor.YAI.Trojan-3″ disabled=no! E$ |% P! N' t) P7 [2 i3 X& |  Q
add chain=virus protocol=tcp dst-port=1003 action=drop \2 A9 U1 f. y' c% R9 ^4 C
comment=”BackDoorTrojan-1″ disabled=no
. G+ H) x% n0 b1 k' Dadd chain=virus protocol=tcp dst-port=5598 action=drop \
) s( y4 d7 P3 O& s: K1 o* ?$ Z8 Vcomment=”BackDoorTrojan-2″ disabled=no4 E4 g( \! S& Q; f7 l" i) `  a( n
add chain=virus protocol=tcp dst-port=5698 action=drop \
: }" t5 n4 e& W% ~comment=”BackDoorTrojan-3″ disabled=no
/ ^+ i1 d9 {. l- Qadd chain=virus protocol=tcp dst-port=31554 action=drop \
, |2 o7 y3 j0 \/ o. s+ c2 ?# Vcomment=”SchainwindlerTrojan-2″ disabled=no
. o& @0 S- H! t; H! [, i! eadd chain=virus protocol=tcp dst-port=18753 action=drop \
7 f! U  g+ y% ?* w: K7 Ucomment=”Shaft.DDoS.Trojan-1″ disabled=no
$ ]( ^: }' Q2 H8 M: J% @4 ?add chain=virus protocol=tcp dst-port=20432 action=drop \
1 [6 j) U5 q5 icomment=”Shaft.DDoS.Trojan-2″ disabled=no% z: ~, W3 ^* e6 c3 A! T
add chain=virus protocol=tcp dst-port=65000 action=drop \
( m9 {/ P; A5 Q/ F; {7 m: ]; Qcomment=”Devil.DDoS.Trojan” disabled=no4 J0 D4 t6 `) O7 `! B+ K
add chain=virus protocol=tcp dst-port=11831 action=drop \
; E3 ?% ^! C, \9 D9 _( b$ q+ ?9 Hcomment=”LatinusTrojan-1″ disabled=no
5 M6 G  }+ j: C& ~  v  ~% zadd chain=virus protocol=tcp dst-port=29559 action=drop \9 ^9 u, a8 {( @5 t# c
comment=”LatinusTrojan-2″ disabled=no
1 S3 h1 B4 d5 K- c, L* f- Ladd chain=virus protocol=tcp dst-port=1784 action=drop \
- e# y, b4 Q9 w) z  p2 p0 [* Fcomment=”Snid.X2Trojan-1″ disabled=no5 K: w4 W/ n; d7 G) [: w# _
add chain=virus protocol=tcp dst-port=3586 action=drop \
# F/ d! c) B& f, T9 U- Wcomment=”Snid.X2Trojan-2″ disabled=no/ C' O' T3 ?' l8 X2 Q: x0 G) K& P% K
add chain=virus protocol=tcp dst-port=7609 action=drop \
5 N: A3 {4 a2 a. Mcomment=”Snid.X2Trojan-3″ disabled=no- c' |) S' p6 M; |4 r
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \. z: ]# ?% e( g4 F) o& O
comment=”BionetTrojan-1″ disabled=no
' H/ q  N+ Q6 A! h1 a6 Q1 L# Uadd chain=virus protocol=tcp dst-port=12478 action=drop \7 h7 p4 u9 H/ `9 A6 J( S
comment=”BionetTrojan-2″ disabled=no0 q0 A6 R/ ^; l* i/ z' [' X
add chain=virus protocol=tcp dst-port=57922 action=drop \. {4 ~5 n. D" y6 ]
comment=”BionetTrojan-3″ disabled=no
  E$ a# c+ ?- C& F0 kadd chain=virus protocol=tcp dst-port=3127 action=drop \
4 B8 O7 f* h0 R" c' rcomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no% l3 E, L  X8 N. G/ t2 }" B; n
add chain=virus protocol=tcp dst-port=6777 action=drop \
- a" w& _' G6 C& m( N* X1 {9 bcomment=”Worm.BBeagle.a.Bagle.a.” disabled=no4 @3 z9 p$ o) S* c1 Q1 J
add chain=virus protocol=tcp dst-port=8866 action=drop \
) {# J' j" g7 H+ e9 Y3 Pcomment=”Worm.BBeagle.b” disabled=no0 N. y0 p& {+ T9 j% R' G
add chain=virus protocol=tcp dst-port=2745 action=drop \3 T  [: L& m" W) l; X% J8 h
comment=”Worm.BBeagle.c-g/j-l” disabled=no
  P1 y) b' p+ O/ O; Qadd chain=virus protocol=tcp dst-port=2556 action=drop \0 h7 e: v1 [! j* ]6 Z9 Q& C
comment=”Worm.BBeagle.p/q/r/n” disabled=no4 T) H; g5 ~% _, m! u4 h
add chain=virus protocol=tcp dst-port=20742 action=drop \2 `' b9 X7 X7 h( a4 S
comment=”Worm.BBEagle.m-2″ disabled=no# U1 ^: X7 C7 S7 K9 t0 c' N
add chain=virus protocol=tcp dst-port=4751 action=drop \/ C& F& @% N) _
comment=”Worm.BBeagle.s/t/u/v” disabled=no
, l9 L1 E! B9 N1 x8 }add chain=virus protocol=tcp dst-port=2535 action=drop \
. {) l3 j0 a! I/ c) w8 {! Kcomment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
9 N0 C( U' }/ a% |5 w0 M( f" Badd chain=virus protocol=tcp dst-port=5238 action=drop \& D  J) E' k) \" c; N
comment=”Worm.LovGate.r.RpcExploit” disabled=no
4 F* E" x! H' F* L: ?add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \; Q2 z( }( m: r; ]1 D( Q: s3 Q
disabled=no
& ~- M  l+ Q$ ]/ S2 a, P% e! }add chain=virus protocol=tcp dst-port=5554 action=drop \+ c' l, b' j8 ~% h
comment=”Worm.Sasser.b/c/f” disabled=no
. D* r3 Y; o+ O2 z: M) Nadd chain=virus protocol=tcp dst-port=9996 action=drop \7 Z0 z5 Y$ J+ h" y# H
comment=”Worm.Sasser.b/c/f” disabled=no5 _4 |) k6 G. ?% @
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
6 K# h1 M1 u4 t* h6 ?disabled=no4 D9 S; N3 [! D$ @4 {- I
add chain=virus protocol=tcp dst-port=10168 action=drop \
0 |- w, D+ n6 Qcomment=”Worm.Lovgate.a/b/c/d” disabled=no1 J1 {, z( P2 f4 z( d
add chain=virus protocol=tcp dst-port=20808 action=drop \; {! h; s/ t" m
comment=”Worm.Lovgate.v.QQ” disabled=no9 R+ k# e* t; _1 h! i% D+ A
add chain=virus protocol=tcp dst-port=1092 action=drop \, ?2 a7 y2 a0 A/ G7 K
comment=”Worm.Lovgate.f/g” disabled=no2 m" B' k3 L! S3 [" A) A
add chain=virus protocol=tcp dst-port=20168 action=drop \
" j. U. C) |, \, v1 i2 \6 I; N. m& Z+ {comment=”Worm.Lovgate.f/g” disabled=no
) d8 m1 B0 g! H! zadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \
! ]" }: Z  i" ~+ P% F' gcomment=”ndm.requester” disabled=no$ F2 l2 }6 |& ^7 F3 R; X& p
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \
+ Q# B* u6 O' S  n0 sdisabled=no; P( d! I! J3 q  L* V3 s6 U
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
5 A) k# \+ B0 G8 @! ^disabled=no
; S! D% f, u& P+ padd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \1 z2 T4 w9 C' m, T" H" w6 b# H
disabled=no
2 N. {) [" i2 s3 @add chain=virus protocol=tcp dst-port=3410 action=drop \# S" K) Q; {- l+ D
comment=”Backdoor.Optixprotocol” disabled=no
9 m7 b- ^8 w- J; l3 l' l; M. cadd chain=virus protocol=tcp dst-port=8888 action=drop \+ b' g6 c, b1 S8 @
comment=”Worm.BBeagle.b” disabled=no
% V) E& s9 u, I, s0 Qadd chain=virus protocol=udp dst-port=44444 action=drop \
. i$ v! |6 x1 a/ K- p3 y( K8 vcomment=”Delta.Source.Trojan-7″ disabled=no# D# s0 R# L5 u/ k- p$ y6 }3 I
add chain=virus protocol=udp dst-port=8998 action=drop \
# U+ F  ]& c5 S& rcomment=”Worm.Sobig.f-3″ disabled=no& ]2 Q& `) {8 }4 r8 h& B$ H
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
" T" K) U$ m& ?6 w4 pdisabled=no" l* \% f0 O# l  T& T
add chain=virus protocol=tcp dst-port=3198 action=drop \
, g8 s, w4 l4 D# t  f8 L) ccomment=”Worm.Novarg.a.Mydoom.a2.” disabled=no
) |1 e6 t' |! y: v9 ]' V3 @add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \" O% U4 x/ a) L
Worm” disabled=no
$ ?# N. B$ H! h5 p% J( J& M3 xadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
) T9 }3 P, H7 u7 U2 m3 h; c# KWorm” disabled=no/ W( w$ F# v5 s8 j: C/ Z' ?) L
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \/ c8 s  ?% g# c. N& T% k8 y( S
Worm” disabled=no
" E0 ~  \- b) x: s- T/ ip firewall connection tracking7 q8 s: \+ m, X- ]# O$ L
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \+ Z( p9 S' [  Z# Y7 t& G6 z7 r
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \" ^5 }+ P* s! e0 h4 b$ ^
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
; |5 @, ]8 D6 ^4 r9 Atcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \0 J6 o- v& W* d$ g1 R; w' @1 P9 A) T/ Z
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
: {5 [" t& x  z3 g6 [: Qtcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-3-29 21:14

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表