查看: 430|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter8 o% ^/ t1 @) P1 x, O, v
add chain=input connection-state=invalid action=drop \
5 b% ?7 q/ H4 _' M6 Y  [$ i& S( {  Ycomment=”丢弃非法连接packets” disabled=no
9 W9 N3 G4 n: K% L6 o$ H! Tadd chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
' b  S* {1 p/ A5 u- y. Mcomment=”限制总http连接数为90″ disabled=no2 C) }  B  [3 B& g" s8 n/ [
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
" B' u) m9 I$ O8 k. ]comment=”探测并丢弃端口扫描连接” disabled=no
0 g$ Q+ x; [- _% I2 kadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
. S8 H. `+ Q3 K+ Q" x  _action=tarpit comment=”压制DoS攻击” disabled=no
' Z8 d7 K$ s' o1 }$ s" I, Sadd chain=input protocol=tcp connection-limit=10,32 \7 @1 y/ X# I  o$ k8 z" m/ L
action=add-src-to-address-list address-list=black_list \
7 _% v7 r; Z/ z0 N1 Iaddress-list-timeout=1d comment=”探测DoS攻击” disabled=no2 r' V' l' y9 X3 {  G
add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
; ^5 h2 w' M9 e; Bdisabled=no
; Q/ q, @% n, f7 `  S/ B0 m: Fadd chain=input src-address-type=!unicast action=drop \
1 K% X) \# s1 b( @) }6 r( r  M& Icomment=”丢弃掉所有非单播数据” disabled=no
# ~- l$ @9 Z( @5 padd chain=input protocol=icmp action=jump jump-target=ICMP \0 L/ A/ }: W* Z: b* c- z( E3 ~0 n
comment=”跳转到ICMP链表” disabled=no
2 E& @$ _4 z! _2 C, [) S! gadd chain=input protocol=tcp action=jump jump-target=virus \! \& U6 p, _7 ^2 V. L
comment=”跳转到病毒链表” disabled=no
# A  Z- D) y1 P2 g8 Qadd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \- v" n% C% \6 B* m, J" Y/ I. ]* N
comment=”Ping应答限制为每秒5个包” disabled=no5 U/ G2 ]* D1 b$ x# R8 X# S& |
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
5 l- Y$ M+ W3 S2 Z) J. qcomment=”Traceroute限制为每秒5个包” disabled=no. f2 h$ g% e5 q  V9 [3 m7 U0 ?
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
& I  E2 ^3 |. k  K  Ecomment=”MTU线路探测限制为每秒5个包” disabled=no
7 s, k' y. \( S& q0 M. x$ c$ uadd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
4 y2 U4 d6 v% h0 G0 I# Scomment=”Ping请求限制为每秒5个包” disabled=no) B- w" @9 x  I! f& ]
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \- H+ k& x) v2 G5 r) B
comment=”Trace TTL限制为每秒5个包” disabled=no% U/ c7 W0 s- y2 [
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \! ]% W' Y! \5 N5 I5 T, N: R
disabled=no  r) c, w8 a/ H4 [; e$ g
add chain=forward connection-state=established action=accept \
4 Q3 O1 P# `( t4 rcomment=”接受以连接的数据包” disabled=no4 a# d0 G+ }0 T9 t6 O
add chain=forward connection-state=related action=accept \2 R/ e" l2 C- e8 Q
comment=”接受相关数据包” disabled=no
. R0 q) h, D" J  w4 l9 a: {add chain=forward connection-state=invalid action=drop \% D  a7 v1 {/ ?5 i7 o7 Z
comment=”丢弃非法数据包” disabled=no% K; j* m4 }; N3 a- x6 o( R# [( b
add chain=forward protocol=tcp connection-limit=50,32 action=drop \: _4 r$ W+ }9 Q
comment=”限制每个主机TCP连接数为50条” disabled=no3 _& w  s) }9 @% H
add chain=forward src-address-type=!unicast action=drop \
2 d" }, u' n) a! [comment=”丢弃掉所有非单播数据” disabled=no
9 R. O3 T2 {, N/ F0 jadd chain=forward protocol=icmp action=jump jump-target=ICMP \, s1 A" g# a% \# X
comment=”跳转到ICMP链表” disabled=no4 ?$ y2 K  n2 {
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \" U5 e4 L% W4 W
disabled=no
) z- i1 o" _) G0 Xadd chain=virus protocol=tcp dst-port=41 action=drop \
7 V; k. ?0 d5 G( [" _' vcomment=”DeepThroat.Trojan-1″ disabled=no
$ X2 m3 Q) i- b5 X9 d; u2 ^7 ^add chain=virus protocol=tcp dst-port=82 action=drop \" U6 q5 p3 z4 N9 F3 t1 l
comment=”Worm.NetSky.Y@mm” disabled=no2 H+ ]1 d" ^- H. V" D& u4 U: a
add chain=virus protocol=tcp dst-port=113 action=drop \
$ P; y) B' `- W. fcomment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no
8 H% y4 q7 \& K2 ~$ D- I" Oadd chain=virus protocol=tcp dst-port=2041 action=drop \$ b5 \$ A7 I* D: Q
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no. p+ N, s' Q$ g8 |& r- H5 W( y( Z
add chain=virus protocol=tcp dst-port=3150 action=drop \
7 {' K; k2 s' G: ]& U5 ucomment=”DeepThroat.Trojan-2″ disabled=no5 z0 h, T  O& g2 @( A# e3 N2 y
add chain=virus protocol=tcp dst-port=3067 action=drop \% n/ e5 b6 Y' ~8 \* [+ c
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no; p6 {7 u: A2 s( }$ u: T
add chain=virus protocol=tcp dst-port=3422 action=drop \
4 h) k+ }' r& C  v* Scomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no- v' u) s# }2 V% y6 O  v, A
add chain=virus protocol=tcp dst-port=6667 action=drop \
. b* p' h0 ^  g1 a# y$ k" ~comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
/ R- P$ z) o9 @$ n, tadd chain=virus protocol=tcp dst-port=6789 action=drop \! J9 {1 r6 n, m8 M
comment=”Worm.NetSky.S/T/U@mm” disabled=no
& i! R" f# I, g- w; P. Madd chain=virus protocol=tcp dst-port=8787 action=drop \
) M5 P( j; g1 G, }8 k! k  _) Ycomment=”Back.Orifice.2000.Trojan-1″ disabled=no8 @1 ~1 T3 v0 p& F. L4 f
add chain=virus protocol=tcp dst-port=8879 action=drop \
2 B. @! Z5 y7 p6 f) Jcomment=”Back.Orifice.2000.Trojan-2″ disabled=no6 o; R/ M* n& A+ h+ h% _: p
add chain=virus protocol=tcp dst-port=8967 action=drop \& r7 [/ g; Q% p! v6 |2 B$ X6 w
comment=”W32.Dabber.A/B-2″ disabled=no
0 }: \) Z6 ?: }  ]8 ^# T, hadd chain=virus protocol=tcp dst-port=9999 action=drop \
+ y0 K  i% z5 |comment=”W32.Dabber.A/B-3″ disabled=no( Q) b2 o  Z5 _7 x( y6 q
add chain=virus protocol=tcp dst-port=20034 action=drop \. _! T, x- j9 z
comment=”Block.NetBus.Trojan-2″ disabled=no$ h3 _) n/ Y: j" X0 P+ w
add chain=virus protocol=tcp dst-port=21554 action=drop \
) N7 @- m0 X* D3 g# a, C3 x* Ucomment=”GirlFriend.Trojan-1″ disabled=no
0 h6 d  e. p  }$ K) hadd chain=virus protocol=tcp dst-port=31666 action=drop \: \/ y1 A8 A% c- _( ]; p$ G% k' m1 ]- C
comment=”Back.Orifice.2000.Trojan-3″ disabled=no! J6 k( }3 n, Q( g- o
add chain=virus protocol=tcp dst-port=43958 action=drop \8 l# s" K- A" R# }& G
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no
# @& T. `* J% ?7 c* [add chain=virus protocol=tcp dst-port=999 action=drop \
( J. j  Y1 q  _; ~) Ucomment=”DeepThroat.Trojan-3″ disabled=no6 a$ k# `, r0 V2 k
add chain=virus protocol=tcp dst-port=6670 action=drop \
  x; D* E3 w- Q8 _6 Ncomment=”DeepThroat.Trojan-4″ disabled=no
" U7 }  X/ w% H: H3 W' D3 gadd chain=virus protocol=tcp dst-port=6771 action=drop \2 M: Y( r' R+ a$ F1 i6 {- i7 Q
comment=”DeepThroat.Trojan-5″ disabled=no( U" S5 O5 _- b
add chain=virus protocol=tcp dst-port=60000 action=drop \
0 f0 ^  m& k' |comment=”DeepThroat.Trojan-6″ disabled=no
1 H* U) u! {  L1 X, S: ^5 Jadd chain=virus protocol=tcp dst-port=2140 action=drop \+ ?- O! P9 j( z5 A  a# {
comment=”DeepThroat.Trojan-7″ disabled=no; r0 s& A: j. O/ l1 w
add chain=virus protocol=tcp dst-port=10067 action=drop \: B1 m( M; t3 o& T
comment=”Portal.of.Doom.Trojan-1″ disabled=no& F; W5 ]) o7 x0 q$ e
add chain=virus protocol=tcp dst-port=10167 action=drop \
( f% e) u# J% S. c  \comment=”Portal.of.Doom.Trojan-2″ disabled=no9 i1 K5 U( `+ \* B/ t- ]: y
add chain=virus protocol=tcp dst-port=3700 action=drop \+ U) h; o! J' S1 ?5 @8 u; E
comment=”Portal.of.Doom.Trojan-3″ disabled=no
7 @, [  K! ~! C9 Xadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \
+ x, j1 K! g; G6 I; \$ mcomment=”Portal.of.Doom.Trojan-4″ disabled=no
) Q0 o, l# t$ m6 a, ladd chain=virus protocol=tcp dst-port=6883 action=drop \; _* i4 X* [# L5 N
comment=”Delta.Source.Trojan-1″ disabled=no
$ V8 g  c$ g# d; Qadd chain=virus protocol=tcp dst-port=26274 action=drop \
7 X" f. h$ U4 n% c0 ncomment=”Delta.Source.Trojan-2″ disabled=no
6 n& n( G, O* i; aadd chain=virus protocol=tcp dst-port=4444 action=drop \9 _* T  ]! w6 R/ O- q- X9 d& W
comment=”Delta.Source.Trojan-3″ disabled=no
' P1 R4 @* ^) }- u9 Jadd chain=virus protocol=tcp dst-port=47262 action=drop \$ F" m; z+ X4 R1 l) F& c( P' p8 j3 ?
comment=”Delta.Source.Trojan-4″ disabled=no4 U4 a9 j  b5 p" Q6 H
add chain=virus protocol=tcp dst-port=3791 action=drop \
) W/ R$ K2 I, f+ dcomment=”Eclypse.Trojan-1″ disabled=no
& O% \' s  b, X7 W0 G! R; o$ eadd chain=virus protocol=tcp dst-port=3801 action=drop \
2 b9 e% a& U: t! V7 Pcomment=”Eclypse.Trojan-2″ disabled=no
+ o  W3 H! m3 Z2 H! Aadd chain=virus protocol=tcp dst-port=65390 action=drop \
9 T8 R% d$ l1 K. \: Qcomment=”Eclypse.Trojan-3″ disabled=no- R+ I- m- E$ s
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \! y5 c$ k! W: K2 h4 P$ ^
comment=”Y3K.RAT.Trojan-1″ disabled=no5 C( S, f5 m3 S( Y" B  n0 W7 \2 ~
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
& e4 d* p% M% \+ Rcomment=”Y3K.RAT.Trojan-2″ disabled=no2 B* C, b$ F+ i: b& o! U4 e
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \1 |/ @& Y5 P, M4 w; b; y! Y
comment=”NetSphere.Trojan-1″ disabled=no
( D" D" T1 ?4 |" d' N8 q' sadd chain=virus protocol=tcp dst-port=30133 action=drop \- [! S9 B0 z- u9 b
comment=”NetSphere.Trojan-2″ disabled=no
7 c$ `2 F6 w6 R. ^add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
  r9 W# ?; c' r3 c  m, tcomment=”NetMonitor.Trojan-1″ disabled=no
4 ~( {/ J' K# Qadd chain=virus protocol=tcp dst-port=7306-7308 action=drop \
  @9 V" L* F2 K8 h. fcomment=”NetMonitor.Trojan-2″ disabled=no; ?: Z% O9 m( L& m" s
add chain=virus protocol=tcp dst-port=79 action=drop \4 L8 q4 Q- H6 `5 r% o6 w
comment=”FireHotcker.Trojan-1″ disabled=no3 c) X6 x- D, M: d
add chain=virus protocol=tcp dst-port=5031 action=drop \" a& H+ S8 p: L, @
comment=”FireHotcker.Trojan-2″ disabled=no
# c( j. i. U2 B1 t, Q2 {add chain=virus protocol=tcp dst-port=5321 action=drop \5 J* ]% W; n" p' G, A: e8 X
comment=”FireHotcker.Trojan-3″ disabled=no: `7 `$ w" R8 \5 G! q% @
add chain=virus protocol=tcp dst-port=6400 action=drop \
: G" O  f$ a* `& a% _. wcomment=”TheThing.Trojan-1″ disabled=no
& P+ d8 z- z7 W4 P& d/ hadd chain=virus protocol=tcp dst-port=7777 action=drop \
! |# e" Y& T( J) J0 ?" n- Dcomment=”TheThing.Trojan-2″ disabled=no
/ W# e; Q0 o# c5 H, V5 [% nadd chain=virus protocol=tcp dst-port=1047 action=drop \' ]# T, k- u. M; B
comment=”GateCrasher.Trojan-1″ disabled=no
; L# [7 @% j- e6 r) X4 x3 `add chain=virus protocol=tcp dst-port=6969-6970 action=drop \8 n6 ~0 }, ?& R& M, [. |) p
comment=”GateCrasher.Trojan-2″ disabled=no  W7 x: r  x( X/ ]( h2 p
add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
7 z5 }5 m( B9 y+ @6 j% \, b- hdisabled=no1 W, j4 T5 i3 P7 `' p6 d% V9 t" `
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
+ n" G. H1 P3 x% y( H6 Qdisabled=no
' D3 D5 j# D$ Wadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
% X6 @/ |5 e( a5 ~" z: O3 idisabled=no( _: {; j* g( Z( C6 \' p# t
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
4 O, e* ^' s3 K8 w2 u0 Y6 ?* a4 a- h* Zdisabled=no5 A2 I3 I0 n1 q% W5 Z5 a: j
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \$ l% z- u5 I; Y* D) T; Y
comment=”SubSeven-5″ disabled=no! U7 N/ o# n  z. C' b
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \/ F1 f+ ~$ y8 s) S' m* h' f& L5 N  u
disabled=no7 J, I8 t( }& l7 [; c# x4 F7 ]: Y
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \' g3 H3 v& j* g
comment=”Moonpie.Trojan-1″ disabled=no4 B3 E* Y% w! z+ I4 |1 @2 k! ^
add chain=virus protocol=tcp dst-port=25982 action=drop \
5 E5 n; N* T" D7 ^* Gcomment=”Moonpie.Trojan-2″ disabled=no% A4 ~8 C8 g% m; o/ P" U
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \6 \/ F( y9 _3 W/ m+ n
comment=”NetSpy.Trojan-3″ disabled=no
% s. y8 _0 P" Eadd chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \
' b0 c: u3 u! s4 Qdisabled=no# E; `# ~% M1 T3 v% O6 E
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \0 K: D# s( m1 d
disabled=no3 a+ A5 E% C- U  T
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
! l& ~$ l5 @- rdisabled=no
( w7 [6 V- l' g! `( y% G* @( Eadd chain=virus protocol=tcp dst-port=19191 action=drop \
/ V9 W2 b0 y2 c: x$ ^comment=”Trojan.NianSeHoYian” disabled=no
# y1 E' J4 U* n1 k& y) Y, ladd chain=virus protocol=tcp dst-port=23444-23445 action=drop \
5 `; E4 W" h/ U) Vcomment=”NetBull.Trojan” disabled=no
& P- |& D8 J0 K+ }8 ]/ _) tadd chain=virus protocol=tcp dst-port=2583 action=drop \
7 w4 O7 ]6 M& H/ Ecomment=”WinCrash.Trojan-1″ disabled=no
- w0 d4 W6 k5 madd chain=virus protocol=tcp dst-port=3024 action=drop \
* Z; V; @; R. D: R: u0 s4 W/ f6 W- Ocomment=”WinCrash.Trojan-2″ disabled=no
) A' z9 D# J9 Radd chain=virus protocol=tcp dst-port=4092 action=drop \( w4 c/ F" a0 j% @
comment=”WinCrash.Trojan-3″ disabled=no$ P$ h; a# V6 S4 I% ^$ S
add chain=virus protocol=tcp dst-port=5714 action=drop \; [9 d9 q8 ~( H3 V# I' I
comment=”WinCrash.Trojan-4″ disabled=no4 r+ z+ T9 R9 I6 h: Q
/ ?7 q3 B& J6 l9 V+ P

4 w+ A5 t$ G$ ]' I( q- v

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \5 K* q1 ^! x6 c6 o7 w
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
# l" n  }" Q  ?1 _5 m3 N. H/ Aadd chain=virus protocol=tcp dst-port=1015 action=drop \. |% q7 Y4 e! ?( f; @3 X) B. \; t
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
' K+ o+ s& G: P4 d$ G5 nadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
# p3 I4 \$ U7 @( r- fcomment=”TransScout.Trojan-1″ disabled=no1 A/ S) \+ u  ~  o$ J$ Y2 k( X9 e
add chain=virus protocol=tcp dst-port=9878 action=drop \
! Y9 F/ y% `3 F8 ?5 j) xcomment=”TransScout.Trojan-2″ disabled=no
9 l- c' v; S& X- z" U( Fadd chain=virus protocol=tcp dst-port=2773 action=drop \
1 K0 Y0 j1 _% ocomment=”Backdoor.YAI..Trojan-1″ disabled=no
" Y# ^  k/ M% X7 padd chain=virus protocol=tcp dst-port=7215 action=drop \
; k1 O! A. o: M6 b8 A8 ocomment=”Backdoor.YAI.Trojan-2″ disabled=no' R% q5 }4 q3 r: q
add chain=virus protocol=tcp dst-port=54283 action=drop \+ x4 U8 r, a8 O# V* W
comment=”Backdoor.YAI.Trojan-3″ disabled=no1 G" i) d9 f& ?8 ~
add chain=virus protocol=tcp dst-port=1003 action=drop \/ l( T' }' a' p5 h5 r( `9 W
comment=”BackDoorTrojan-1″ disabled=no
2 z9 V3 N" C: d3 badd chain=virus protocol=tcp dst-port=5598 action=drop \
: T/ q# D" _# K6 z5 v2 w2 qcomment=”BackDoorTrojan-2″ disabled=no
1 S6 w3 v& m1 C; B/ y' B9 [: h3 `add chain=virus protocol=tcp dst-port=5698 action=drop \
- m( V( [5 x- u$ s- n3 Y: q2 p. ]- N/ wcomment=”BackDoorTrojan-3″ disabled=no
4 F; `$ T6 u1 o) a: n5 |7 c  fadd chain=virus protocol=tcp dst-port=31554 action=drop \$ o* l8 Y' c9 m& j* U
comment=”SchainwindlerTrojan-2″ disabled=no3 C$ V5 o: a4 X. r- {* J
add chain=virus protocol=tcp dst-port=18753 action=drop \
: D! x5 `) @( @: k) z* ?% Scomment=”Shaft.DDoS.Trojan-1″ disabled=no8 h+ Y- Y7 X9 h' f. d/ z3 }# ]
add chain=virus protocol=tcp dst-port=20432 action=drop \. y& v4 f2 j' v6 o/ ^
comment=”Shaft.DDoS.Trojan-2″ disabled=no
( I9 o" Z) K; @* U4 oadd chain=virus protocol=tcp dst-port=65000 action=drop \
' F2 U$ w. ]" o. B5 Hcomment=”Devil.DDoS.Trojan” disabled=no
& N" a, x% S8 S% @6 ladd chain=virus protocol=tcp dst-port=11831 action=drop \, Z! k5 f. E& E( w
comment=”LatinusTrojan-1″ disabled=no( x; y/ W& ]( H5 V
add chain=virus protocol=tcp dst-port=29559 action=drop \/ V" y3 K: ]2 G# }1 a
comment=”LatinusTrojan-2″ disabled=no
( m; J6 U+ R( zadd chain=virus protocol=tcp dst-port=1784 action=drop \
& m+ V8 J( Q1 }) _comment=”Snid.X2Trojan-1″ disabled=no
. R7 }: r) r" J0 E& m6 Jadd chain=virus protocol=tcp dst-port=3586 action=drop \
7 J0 s$ L7 i. F- G) xcomment=”Snid.X2Trojan-2″ disabled=no
3 ?, ]$ ~. O/ j/ U7 B7 {add chain=virus protocol=tcp dst-port=7609 action=drop \  b, ?7 P7 b. I8 T; w/ n- ]( b
comment=”Snid.X2Trojan-3″ disabled=no, U4 w& K5 z+ w6 O
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
6 `( V* n, t) y5 X' h9 F/ jcomment=”BionetTrojan-1″ disabled=no
0 x4 G$ V- i8 _/ q0 w; _add chain=virus protocol=tcp dst-port=12478 action=drop \
7 v9 Q1 y& t( w) Z1 Lcomment=”BionetTrojan-2″ disabled=no% ~5 ~; X$ {' U  k8 A4 @, {$ ^  ?
add chain=virus protocol=tcp dst-port=57922 action=drop \- A7 o& L' a! N0 y
comment=”BionetTrojan-3″ disabled=no
# a; S- Q  l4 N9 b; Qadd chain=virus protocol=tcp dst-port=3127 action=drop \
. w" c6 u: B9 b5 xcomment=”Worm.Novarg.a.Mydoom.a1.” disabled=no, A. n. `$ i- F
add chain=virus protocol=tcp dst-port=6777 action=drop \
2 S$ |0 k. _! ?" gcomment=”Worm.BBeagle.a.Bagle.a.” disabled=no
. l$ x6 ~2 v6 V+ k( eadd chain=virus protocol=tcp dst-port=8866 action=drop \
. ]1 U6 N  Q$ {comment=”Worm.BBeagle.b” disabled=no1 L3 }. N2 o, A' r% k
add chain=virus protocol=tcp dst-port=2745 action=drop \4 S; y& z% j% [) U* U1 |, `" m
comment=”Worm.BBeagle.c-g/j-l” disabled=no3 p" \$ c( r! A
add chain=virus protocol=tcp dst-port=2556 action=drop \
6 ]) v% K7 Q$ n7 Acomment=”Worm.BBeagle.p/q/r/n” disabled=no: i# D( z7 G+ X1 w  O- O2 `2 }
add chain=virus protocol=tcp dst-port=20742 action=drop \0 R6 N1 ~  S" ^1 W
comment=”Worm.BBEagle.m-2″ disabled=no
1 G, i0 h5 }4 l! F' wadd chain=virus protocol=tcp dst-port=4751 action=drop \
* a' s1 G0 X% y8 i* Scomment=”Worm.BBeagle.s/t/u/v” disabled=no* I+ A% {2 l, W& }
add chain=virus protocol=tcp dst-port=2535 action=drop \- d5 V9 H$ V* V
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no3 g  p# r7 T0 k, f8 V& M4 ^8 K
add chain=virus protocol=tcp dst-port=5238 action=drop \$ g0 \# ?8 E" h% J  i, B
comment=”Worm.LovGate.r.RpcExploit” disabled=no
$ I& S; _3 T  N& k( q8 eadd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \0 m4 H( w% g9 `" t6 f8 E5 L9 O
disabled=no
% H9 ^& S  Z. x) ~. o! kadd chain=virus protocol=tcp dst-port=5554 action=drop \
6 k; R7 P4 b+ D& ?! V7 S: Lcomment=”Worm.Sasser.b/c/f” disabled=no
. O( e% g/ Z1 I: Madd chain=virus protocol=tcp dst-port=9996 action=drop \
1 ~( K; _/ d+ [$ fcomment=”Worm.Sasser.b/c/f” disabled=no( K% u- S/ ~! U5 P+ A8 L" _/ S" r
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
6 Q. i3 x. q( B: w2 R* p# sdisabled=no
+ j6 c% Y5 J' {& Eadd chain=virus protocol=tcp dst-port=10168 action=drop \
4 P3 @6 {7 G/ ecomment=”Worm.Lovgate.a/b/c/d” disabled=no
! l2 l$ I1 Y9 Cadd chain=virus protocol=tcp dst-port=20808 action=drop \
' q3 z" L. o6 a) ecomment=”Worm.Lovgate.v.QQ” disabled=no
; a& l7 C* k; u' `1 nadd chain=virus protocol=tcp dst-port=1092 action=drop \
5 f5 _& W  i$ |* N& f1 K7 i: Ecomment=”Worm.Lovgate.f/g” disabled=no' h, Q0 ~% F7 ]
add chain=virus protocol=tcp dst-port=20168 action=drop \
8 l8 {1 K& b9 N9 U6 N& z' r! F1 v; ecomment=”Worm.Lovgate.f/g” disabled=no
' w' n9 n: x4 Z. E" h) h+ |- Padd chain=virus protocol=tcp dst-port=1363-1364 action=drop \
8 [# m  E. |- m, [, u9 Gcomment=”ndm.requester” disabled=no9 S/ A. w; w+ ~/ d! L8 c6 F
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \0 d( Z+ m0 h; f5 P9 P: p) o6 Y, M
disabled=no
0 B2 W: F. q2 r6 K3 Hadd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
# u2 O5 a0 b6 Z5 V" a" P+ g* {disabled=no' L+ B& N/ n: M0 b% m
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
* I9 t9 L3 D  E3 B9 l0 Qdisabled=no3 C! v  M. D0 b/ R, |
add chain=virus protocol=tcp dst-port=3410 action=drop \
6 ~) m/ R& D1 n6 Y5 n! _comment=”Backdoor.Optixprotocol” disabled=no
2 ]1 M5 P; F6 ]4 @7 badd chain=virus protocol=tcp dst-port=8888 action=drop \
5 m6 E4 J1 t8 l& B3 S3 Bcomment=”Worm.BBeagle.b” disabled=no
( |" M  p6 v& {) z5 E- e9 M1 eadd chain=virus protocol=udp dst-port=44444 action=drop \
2 }5 {4 I& a. o2 O( vcomment=”Delta.Source.Trojan-7″ disabled=no9 v- L$ L5 e6 A8 k& L( K, M- ?$ j+ q
add chain=virus protocol=udp dst-port=8998 action=drop \! y5 h; M+ q9 Z! v3 ]7 T: e
comment=”Worm.Sobig.f-3″ disabled=no" j; ~; S. Z8 h( D7 y1 o
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \' V, g2 C2 X4 [( y
disabled=no
! F2 n' t% C$ M! Cadd chain=virus protocol=tcp dst-port=3198 action=drop \
) Y! b6 r) |( Y  @, rcomment=”Worm.Novarg.a.Mydoom.a2.” disabled=no" [2 N" |* D" l  P5 U
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \: E1 z1 ~% E" e/ a
Worm” disabled=no
* k* b: H  |+ S: G; K* ~0 u' u# dadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \% X6 k0 I. Y# n; s. W2 E; F3 J
Worm” disabled=no
  M% `0 n0 N$ ~- R( wadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \% Z# h9 q& f9 e
Worm” disabled=no
' A  o3 M2 _) t5 s5 b( ^/ ip firewall connection tracking
$ E, L2 R' S& e1 x" uset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \$ z! ]$ Z) o  A1 M: k. y
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \& U' ?! C9 G# s3 e
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \2 v( E* q/ x; Q  b
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
  \% ?+ \# T# t5 }. Vudp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
2 l* {1 |" M1 c2 E/ z* ktcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-7-25 12:31

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表