查看: 397|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

566

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
TG-NET
Anywlan微信公众号
/ ip firewall filter
) F7 Z/ m' F6 ~. s# _add chain=input connection-state=invalid action=drop \" s: C2 |+ p+ }
comment=”丢弃非法连接packets” disabled=no3 F  U  M- o+ d/ K1 i
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \! y, j- w" P" J  z- _
comment=”限制总http连接数为90″ disabled=no9 L+ X2 |3 q7 Z4 @
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
$ y. }4 j9 q1 @" H$ e/ Jcomment=”探测并丢弃端口扫描连接” disabled=no
% x; ^) D. ?% i; K. N3 S$ radd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
6 D3 f& m* Q- \% b- b" D: g- X+ eaction=tarpit comment=”压制DoS攻击” disabled=no
: I  w. a: W& t8 m" t' q& l' s/ dadd chain=input protocol=tcp connection-limit=10,32 \
/ N, o0 g. t4 s7 K$ taction=add-src-to-address-list address-list=black_list \
9 K8 d  f* Y0 xaddress-list-timeout=1d comment=”探测DoS攻击” disabled=no
6 u1 X. x& e6 }2 |, u8 }% nadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
+ n+ `) O1 V8 o  g2 Q/ odisabled=no7 y1 f9 a  U# d/ g3 y2 I4 s& r3 ?
add chain=input src-address-type=!unicast action=drop \
7 P& f# F/ e" S( S. F) ~8 m4 K1 ^' Zcomment=”丢弃掉所有非单播数据” disabled=no
7 j( D$ v6 L7 D' n/ dadd chain=input protocol=icmp action=jump jump-target=ICMP \; ^# b+ X6 o* G# q0 r# O( O( C3 i/ q
comment=”跳转到ICMP链表” disabled=no
" T- W/ Y- \% aadd chain=input protocol=tcp action=jump jump-target=virus \
& _. H% x! J' l5 n$ vcomment=”跳转到病毒链表” disabled=no
0 e9 \. D7 w0 M' g! Z6 U9 {0 ^add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
  G! J1 M- P2 K* X$ j9 L; C1 U9 D/ zcomment=”Ping应答限制为每秒5个包” disabled=no, f( B3 C. _, f3 M7 V0 l
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \3 b# y- C0 r+ M* l3 z
comment=”Traceroute限制为每秒5个包” disabled=no: W# _6 L. a1 Y9 A. Z$ e9 b1 Z& W% i
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
4 p+ l& s1 P7 M9 _comment=”MTU线路探测限制为每秒5个包” disabled=no9 V2 o# X, s$ c7 Y  a; \7 B
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \& J, ~  @) K% R
comment=”Ping请求限制为每秒5个包” disabled=no
; k/ h8 ?$ X: T  l5 n- Sadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \9 m1 \& m: W/ _' y
comment=”Trace TTL限制为每秒5个包” disabled=no
2 U+ i; ^& v- i& e' Y' Eadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
# {1 n8 n+ I* g  [# o, Jdisabled=no
- A# A5 W7 f# r: B) xadd chain=forward connection-state=established action=accept \
! M/ y( v  a' [comment=”接受以连接的数据包” disabled=no
7 M% C; m6 a& madd chain=forward connection-state=related action=accept \
; C( ?9 V: v+ G6 acomment=”接受相关数据包” disabled=no
/ p* z- s; F5 ?, i0 `! i# i+ J! gadd chain=forward connection-state=invalid action=drop \2 |5 B# Y! T" D+ A3 ?. F0 v" N: w  o
comment=”丢弃非法数据包” disabled=no6 z# P) ?* e8 F) D, _
add chain=forward protocol=tcp connection-limit=50,32 action=drop \5 n# B3 l1 r+ g4 o6 r* v! U/ a: ^
comment=”限制每个主机TCP连接数为50条” disabled=no
+ |/ s0 g/ z* Dadd chain=forward src-address-type=!unicast action=drop \
% P- F6 L! }3 c: ucomment=”丢弃掉所有非单播数据” disabled=no  ]( v8 K0 S  T* @1 D
add chain=forward protocol=icmp action=jump jump-target=ICMP \
0 W. e8 k" V) @& J3 Z1 Wcomment=”跳转到ICMP链表” disabled=no
. S" D8 h. Z* c& vadd chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \: U& k( p" a* Z) d0 G0 \
disabled=no1 \2 J# A0 g+ @9 l9 |6 ^) F
add chain=virus protocol=tcp dst-port=41 action=drop \
: O* [6 x8 j1 n: P8 D/ Jcomment=”DeepThroat.Trojan-1″ disabled=no
0 H" R" v7 y: \" s) ]2 x& tadd chain=virus protocol=tcp dst-port=82 action=drop \. L5 ~( ]# J) ~3 K( \3 L
comment=”Worm.NetSky.Y@mm” disabled=no0 a4 V$ P5 i1 c% J
add chain=virus protocol=tcp dst-port=113 action=drop \; Z, ]" m/ Y: h; D8 m5 Q! P, R
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no" k8 V$ ^# \* g1 Y
add chain=virus protocol=tcp dst-port=2041 action=drop \6 x) F1 F4 _; x; d
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no
! B- r1 o- R8 B4 y9 f) `add chain=virus protocol=tcp dst-port=3150 action=drop \7 A& g" }6 `- m- H
comment=”DeepThroat.Trojan-2″ disabled=no8 |3 r( F2 T( b4 a
add chain=virus protocol=tcp dst-port=3067 action=drop \! a. D+ L9 m6 Q( |! k
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no/ \! K' ^- \- _9 S& ]  k5 _
add chain=virus protocol=tcp dst-port=3422 action=drop \
  n4 N7 i' w- k- h) X% ?7 y- |5 rcomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
5 n0 z8 a6 _& s0 d# madd chain=virus protocol=tcp dst-port=6667 action=drop \+ f; I' X8 ]* V) i% @2 b
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no1 v' d- }/ |, \; Z8 d
add chain=virus protocol=tcp dst-port=6789 action=drop \  b9 x  J8 C4 K8 g! s+ F! P* C6 o
comment=”Worm.NetSky.S/T/U@mm” disabled=no
: {7 j1 d, k9 D; |6 n, ?. Oadd chain=virus protocol=tcp dst-port=8787 action=drop \
- [* V5 @0 `; u& Tcomment=”Back.Orifice.2000.Trojan-1″ disabled=no
5 f8 l- `! U( i! |- \$ ?7 badd chain=virus protocol=tcp dst-port=8879 action=drop \
0 h7 A6 A5 h6 H, o) i' r2 a% l" \comment=”Back.Orifice.2000.Trojan-2″ disabled=no9 y( C2 r* r; _5 E) w2 [! C
add chain=virus protocol=tcp dst-port=8967 action=drop \
) y$ q. b" t- K+ ^5 M5 bcomment=”W32.Dabber.A/B-2″ disabled=no
/ _0 d. J$ f+ o9 ^add chain=virus protocol=tcp dst-port=9999 action=drop \# ]: B) e5 Q7 r* \4 m% B
comment=”W32.Dabber.A/B-3″ disabled=no: f: ?3 `$ X+ ]- C0 p5 i9 f
add chain=virus protocol=tcp dst-port=20034 action=drop \
3 q7 B: {1 S; W: Hcomment=”Block.NetBus.Trojan-2″ disabled=no' X/ d" g" R9 K) N% |
add chain=virus protocol=tcp dst-port=21554 action=drop \# V7 E: K( O( Z1 ~3 j3 }
comment=”GirlFriend.Trojan-1″ disabled=no
) A7 w1 O7 e" d, k+ \add chain=virus protocol=tcp dst-port=31666 action=drop \
/ {! J0 O5 l$ O# g4 Icomment=”Back.Orifice.2000.Trojan-3″ disabled=no
, Y, V% s5 p( n# Gadd chain=virus protocol=tcp dst-port=43958 action=drop \. J' a: W( H" X% ~
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no( F- [' p! ^5 X, p1 m" F
add chain=virus protocol=tcp dst-port=999 action=drop \
  h2 m" H$ A: i9 L: R4 \3 Jcomment=”DeepThroat.Trojan-3″ disabled=no
  h1 T) y: a( U, K  Q  aadd chain=virus protocol=tcp dst-port=6670 action=drop \
1 d4 E- y; @5 a* V1 qcomment=”DeepThroat.Trojan-4″ disabled=no
+ U2 `; P0 ~/ s- ?( c# u; m& Gadd chain=virus protocol=tcp dst-port=6771 action=drop \' r4 Z" X2 T7 c% w! f2 ~. n
comment=”DeepThroat.Trojan-5″ disabled=no4 x& S) H6 T4 }
add chain=virus protocol=tcp dst-port=60000 action=drop \
4 y- _5 F  _6 S- L1 W$ xcomment=”DeepThroat.Trojan-6″ disabled=no
, W7 _; @5 j# L6 [. M$ g8 f: dadd chain=virus protocol=tcp dst-port=2140 action=drop \( L- w: j1 T( K5 e9 a
comment=”DeepThroat.Trojan-7″ disabled=no
& n, b0 F" h6 [$ Z% }* kadd chain=virus protocol=tcp dst-port=10067 action=drop \! |5 N# o9 D) s8 l9 X% F
comment=”Portal.of.Doom.Trojan-1″ disabled=no
1 }' F1 X. @' o* w+ B- s$ m" ~add chain=virus protocol=tcp dst-port=10167 action=drop \
1 V0 W# @7 F& t9 Ecomment=”Portal.of.Doom.Trojan-2″ disabled=no
4 y5 i6 t& |3 l; K1 Vadd chain=virus protocol=tcp dst-port=3700 action=drop \
2 ]' B- d" b7 l6 p8 n6 o; r8 Ocomment=”Portal.of.Doom.Trojan-3″ disabled=no  s6 v1 I0 d' N+ [3 O
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
$ s+ v2 h$ l+ Q. b7 rcomment=”Portal.of.Doom.Trojan-4″ disabled=no) o4 A7 x4 ?! y+ ?9 |7 b( q6 G
add chain=virus protocol=tcp dst-port=6883 action=drop \
. B$ ?' S: Z9 ?% C; O: Lcomment=”Delta.Source.Trojan-1″ disabled=no
9 W" s" L+ f; `7 r$ P5 hadd chain=virus protocol=tcp dst-port=26274 action=drop \' R* b! M! T7 _2 q
comment=”Delta.Source.Trojan-2″ disabled=no: Z- ?9 K. @6 _9 D
add chain=virus protocol=tcp dst-port=4444 action=drop \2 Q$ u4 C7 g! Q7 Y) O; X
comment=”Delta.Source.Trojan-3″ disabled=no
: [$ ?! l: e6 p2 f" C5 v5 Badd chain=virus protocol=tcp dst-port=47262 action=drop \) a& B: v& R: g% k$ _
comment=”Delta.Source.Trojan-4″ disabled=no6 u  p. D% r3 }( W' w" T) l' T
add chain=virus protocol=tcp dst-port=3791 action=drop \
& X1 y/ c: N- s$ q* d- tcomment=”Eclypse.Trojan-1″ disabled=no
" \' \0 B# p7 C" G( a, ?add chain=virus protocol=tcp dst-port=3801 action=drop \
, F" O" X0 N! U  _6 Q( z% q' [comment=”Eclypse.Trojan-2″ disabled=no& h/ K/ o- w5 }! G2 f
add chain=virus protocol=tcp dst-port=65390 action=drop \: P8 D. Q! H5 h9 x
comment=”Eclypse.Trojan-3″ disabled=no
7 A' B* L+ \; Hadd chain=virus protocol=tcp dst-port=5880-5882 action=drop \
6 }( N+ C; f, I6 V" g4 ?comment=”Y3K.RAT.Trojan-1″ disabled=no. H! W7 x0 t; ?! b- i$ L/ f. A1 v
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \$ T) j; R/ c* @" C% C
comment=”Y3K.RAT.Trojan-2″ disabled=no# n0 m: ~9 {6 u. ^3 |( T1 g: [
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
# D( t# {. {& ^% c0 K, e8 Fcomment=”NetSphere.Trojan-1″ disabled=no0 p4 u0 `" u# G) h+ n, U1 m
add chain=virus protocol=tcp dst-port=30133 action=drop \
7 F7 p* k: I  [* b! ]2 X" _, b2 v: ^" ocomment=”NetSphere.Trojan-2″ disabled=no
/ u& O) ]1 V6 @* ]" _; |; Y' Dadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
* w3 Z& q$ |' M/ W3 r% Mcomment=”NetMonitor.Trojan-1″ disabled=no
4 r. L$ c: b2 F8 P# p: W2 Z4 Nadd chain=virus protocol=tcp dst-port=7306-7308 action=drop \
1 z' U8 h% O  j* G4 m6 ^% tcomment=”NetMonitor.Trojan-2″ disabled=no
" p, o# O* T. d: Xadd chain=virus protocol=tcp dst-port=79 action=drop \
0 b+ I; t% |: b4 {7 [" ecomment=”FireHotcker.Trojan-1″ disabled=no8 t" s3 x( L2 g7 h
add chain=virus protocol=tcp dst-port=5031 action=drop \
: R( ~9 x: `: v' H. r" Wcomment=”FireHotcker.Trojan-2″ disabled=no
6 [( e% Q  o& z' d/ badd chain=virus protocol=tcp dst-port=5321 action=drop \
8 P+ ], g/ N, d# ?2 `5 w) G6 B( L) ncomment=”FireHotcker.Trojan-3″ disabled=no
, `: d5 I5 O+ [! c3 i  W  Kadd chain=virus protocol=tcp dst-port=6400 action=drop \
: o) c- Y/ A; f) acomment=”TheThing.Trojan-1″ disabled=no
- L1 g- h3 q# ?, }add chain=virus protocol=tcp dst-port=7777 action=drop \0 B' N( ], u$ h' I
comment=”TheThing.Trojan-2″ disabled=no. T+ V5 C  E* ]8 u* q
add chain=virus protocol=tcp dst-port=1047 action=drop \
0 b" S9 b" [* P4 e- v7 x' ycomment=”GateCrasher.Trojan-1″ disabled=no" j, v+ J  I) H+ X! }
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \3 j) S, A- i9 q  v9 s
comment=”GateCrasher.Trojan-2″ disabled=no
- Q/ L$ z3 F$ E' z9 _add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \2 g: }; Z) O% Y7 @, J1 l: k
disabled=no* K, t9 I1 H0 S- ?( j
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
9 t1 Y( e  ?. U# B+ `+ `disabled=no
5 z1 }) M/ y% C  j% n  E3 _. Qadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \; z/ U( i0 D9 E$ T
disabled=no
/ ]* V' I3 T) O; zadd chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \9 l: A8 j6 u4 i* ]; k
disabled=no
& c. O% d7 P" e$ ]& Nadd chain=virus protocol=tcp dst-port=6711-6713 action=drop \4 U8 r" O+ n! Q: Y
comment=”SubSeven-5″ disabled=no
5 C3 c6 v. z! c1 {% Ladd chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
5 {- R7 q1 _$ B6 n: p/ ]# J! Tdisabled=no2 H3 H# ]: @& R* O' ]8 T3 {- n
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
; C' n% U+ P& A& N! l# F- `% Jcomment=”Moonpie.Trojan-1″ disabled=no" I+ _2 X* Z" s- o* f- v
add chain=virus protocol=tcp dst-port=25982 action=drop \
  G. F$ v+ I! o" k( j+ mcomment=”Moonpie.Trojan-2″ disabled=no
" O% S; A; b1 L& Iadd chain=virus protocol=tcp dst-port=31337-31339 action=drop \
1 }. n$ L. M7 D! w; E( ycomment=”NetSpy.Trojan-3″ disabled=no2 ~7 P% ^1 F& l3 A; ^9 p
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \
' A) l; N, i" V2 ?  {: B8 Rdisabled=no) b6 r. x: p+ @# [7 p
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \* }6 I8 x  V# L# z5 K9 W5 _' X$ ~
disabled=no: Z( N! y; v$ J" e
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
/ @4 q0 I  n8 q. ldisabled=no
/ H  l1 H3 r( l3 w* aadd chain=virus protocol=tcp dst-port=19191 action=drop \* }" m& W5 J: @' _6 V
comment=”Trojan.NianSeHoYian” disabled=no; @1 T5 i1 W/ @  Z; g) @1 Z* b
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
* N. Q6 {1 d0 ]& D+ Bcomment=”NetBull.Trojan” disabled=no
8 N1 _: b: O  ~$ L3 y! \" Madd chain=virus protocol=tcp dst-port=2583 action=drop \3 ^6 v% W+ r! p* @+ J, P  d
comment=”WinCrash.Trojan-1″ disabled=no
* Y! n6 E! t" @$ |% `' xadd chain=virus protocol=tcp dst-port=3024 action=drop \
, S6 _* Q8 y; q( F( V( ycomment=”WinCrash.Trojan-2″ disabled=no
7 a' u: |, ?% ?7 madd chain=virus protocol=tcp dst-port=4092 action=drop \3 t  R  N! t  y# i
comment=”WinCrash.Trojan-3″ disabled=no; V2 T$ e$ h: \+ ^8 e( E" l$ F
add chain=virus protocol=tcp dst-port=5714 action=drop \
* y" S# x4 N2 _0 l* Ncomment=”WinCrash.Trojan-4″ disabled=no( i: @& Q1 `6 d! t
* z' K5 t# X* @/ W
& t# H0 _+ i$ T

主题

好友

566

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
7 Z6 V' A  z* P* fcomment=”Doly1.0/1.35/1.5trojan-1″ disabled=no/ ]! b0 R2 P! E' D3 c2 g
add chain=virus protocol=tcp dst-port=1015 action=drop \, Z; t5 g! w2 |0 \9 F: g
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
$ ?2 V& _* h! `( z, }% L% jadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
' |( R: B2 P- k& tcomment=”TransScout.Trojan-1″ disabled=no
- o5 ?' d5 H/ Q9 A% q* padd chain=virus protocol=tcp dst-port=9878 action=drop \
  I- w1 \% D& t% Ucomment=”TransScout.Trojan-2″ disabled=no
0 ~/ f2 D; h, K( }2 [add chain=virus protocol=tcp dst-port=2773 action=drop \
3 d7 ^7 e7 e% Z* X; B( l# c; ?comment=”Backdoor.YAI..Trojan-1″ disabled=no
, @3 I2 ?" T& V4 J& wadd chain=virus protocol=tcp dst-port=7215 action=drop \7 H) V" X+ |1 t5 s
comment=”Backdoor.YAI.Trojan-2″ disabled=no
' H# h5 n! ]6 U/ d( n3 }' tadd chain=virus protocol=tcp dst-port=54283 action=drop \2 d0 S  e  j' `
comment=”Backdoor.YAI.Trojan-3″ disabled=no
  p# |- ?* S7 w+ iadd chain=virus protocol=tcp dst-port=1003 action=drop \& {" q6 I1 `7 U, b; |! {% E+ N  d" D
comment=”BackDoorTrojan-1″ disabled=no
% U. a& m- v1 [7 W3 Iadd chain=virus protocol=tcp dst-port=5598 action=drop \
3 x8 ^  I+ j  B# acomment=”BackDoorTrojan-2″ disabled=no1 B) S5 K: o" x# ]3 f) e
add chain=virus protocol=tcp dst-port=5698 action=drop \% i9 H& Q! }9 a- `) ~. |
comment=”BackDoorTrojan-3″ disabled=no  `- q" {. G& Y0 x) I
add chain=virus protocol=tcp dst-port=31554 action=drop \1 w8 b; U2 T: l
comment=”SchainwindlerTrojan-2″ disabled=no( c0 P% O- t: ]  z) P4 ]
add chain=virus protocol=tcp dst-port=18753 action=drop \
! h3 O* Q5 j: P& g$ ^. L% Ucomment=”Shaft.DDoS.Trojan-1″ disabled=no: H6 W0 X4 n$ O6 |
add chain=virus protocol=tcp dst-port=20432 action=drop \9 H5 y8 X3 o: e: P7 l6 H$ x0 o2 n9 |
comment=”Shaft.DDoS.Trojan-2″ disabled=no
  \/ c  I0 G2 `. [add chain=virus protocol=tcp dst-port=65000 action=drop \
; R* E$ V2 ]# P  i+ C0 ycomment=”Devil.DDoS.Trojan” disabled=no. W4 W. ]; X9 s: a" h( ~
add chain=virus protocol=tcp dst-port=11831 action=drop \
9 R: {" Q. T, zcomment=”LatinusTrojan-1″ disabled=no- M' x2 F) }% D/ |0 X/ a7 R
add chain=virus protocol=tcp dst-port=29559 action=drop \
# I$ l) `9 |) O# t- Pcomment=”LatinusTrojan-2″ disabled=no& M- t3 }3 F& g
add chain=virus protocol=tcp dst-port=1784 action=drop \, Z9 K4 J% ~4 {8 O1 V
comment=”Snid.X2Trojan-1″ disabled=no
' d( Z4 }* r- {" j( w, Ladd chain=virus protocol=tcp dst-port=3586 action=drop \; c1 i% |. u! _# E( {+ l
comment=”Snid.X2Trojan-2″ disabled=no
, h8 V/ k6 s3 H# Zadd chain=virus protocol=tcp dst-port=7609 action=drop \
, f0 I. C  \  @9 T+ B0 A& ccomment=”Snid.X2Trojan-3″ disabled=no
' E$ k+ G$ c8 Z5 Q  O: d9 Uadd chain=virus protocol=tcp dst-port=12348-12349 action=drop \. ]3 p3 b0 `" H# q
comment=”BionetTrojan-1″ disabled=no
( r8 A: d8 ]; B8 k& E! F; b& g, Padd chain=virus protocol=tcp dst-port=12478 action=drop \
2 i( Q" d7 p% L0 Dcomment=”BionetTrojan-2″ disabled=no. f6 W' R# q  B' o" W4 {* b
add chain=virus protocol=tcp dst-port=57922 action=drop \/ d8 ]1 ]; A. O
comment=”BionetTrojan-3″ disabled=no1 |, {5 z! P! n  k! e
add chain=virus protocol=tcp dst-port=3127 action=drop \  F/ A  e8 D, x# G# |
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
0 K! w& ?/ f+ \' Y+ j- Gadd chain=virus protocol=tcp dst-port=6777 action=drop \) p- q) M. m4 U# O+ l
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no; _8 P4 R- S" W& Y# R
add chain=virus protocol=tcp dst-port=8866 action=drop \( d& [/ ?, ]  @. Q* i
comment=”Worm.BBeagle.b” disabled=no
" c; x6 C4 h3 o( \& Dadd chain=virus protocol=tcp dst-port=2745 action=drop \7 i! a) D! H0 k7 K# N9 W6 S
comment=”Worm.BBeagle.c-g/j-l” disabled=no" u* b$ d9 l% q
add chain=virus protocol=tcp dst-port=2556 action=drop \
9 w1 T8 h- y2 \4 Wcomment=”Worm.BBeagle.p/q/r/n” disabled=no  r7 e! d$ b, C1 h) d) r
add chain=virus protocol=tcp dst-port=20742 action=drop \$ e' P% o# \% _5 h% V) K
comment=”Worm.BBEagle.m-2″ disabled=no
( Q5 s0 [; n# r/ S- u: O% hadd chain=virus protocol=tcp dst-port=4751 action=drop \
0 f: R: i7 s8 u+ g5 ncomment=”Worm.BBeagle.s/t/u/v” disabled=no
( ?# s$ {' T; e0 I  I6 nadd chain=virus protocol=tcp dst-port=2535 action=drop \
9 G; N6 y- L4 M6 r( i/ _+ j- Jcomment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no9 b4 _9 y+ W5 N& u# j- ^. m
add chain=virus protocol=tcp dst-port=5238 action=drop \3 [+ k+ M3 N' J9 n' J" L' E
comment=”Worm.LovGate.r.RpcExploit” disabled=no
: y9 E4 U, [$ d4 G, m6 C% X7 {/ r9 b0 badd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \
9 t) a/ D1 o3 W  g& jdisabled=no
- K9 A/ b) V) S& L& n5 w  ]$ ~% _7 badd chain=virus protocol=tcp dst-port=5554 action=drop \( u0 n: r/ f! ]; p- X( ]
comment=”Worm.Sasser.b/c/f” disabled=no
4 P" C  {+ q& w6 Y: R0 aadd chain=virus protocol=tcp dst-port=9996 action=drop \
% D. R! H" P( A; T& n5 acomment=”Worm.Sasser.b/c/f” disabled=no
! s* m! x4 r. F: yadd chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
  N/ g2 {/ N, A3 Udisabled=no/ n; C5 ]  i1 l" Y5 @6 v7 W
add chain=virus protocol=tcp dst-port=10168 action=drop \4 z# O/ K2 {6 G2 K  x) E; `7 v/ N1 E
comment=”Worm.Lovgate.a/b/c/d” disabled=no
8 F. k/ [& v  r1 e  [8 j" tadd chain=virus protocol=tcp dst-port=20808 action=drop \, S, ^9 c3 b( ?) s* d/ O$ Z
comment=”Worm.Lovgate.v.QQ” disabled=no) X' y& c* a& p# U; O
add chain=virus protocol=tcp dst-port=1092 action=drop \- r$ h# b0 T) A; d0 Y- F0 e) x
comment=”Worm.Lovgate.f/g” disabled=no
- i5 Q2 Y* E6 \: H" I6 eadd chain=virus protocol=tcp dst-port=20168 action=drop \
  l9 Z* d  v3 a! a/ ^& b  Scomment=”Worm.Lovgate.f/g” disabled=no/ ]" Y' k$ x8 p1 i1 _0 w; F1 W
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \! y5 F7 v* m  v! O# J) k7 `
comment=”ndm.requester” disabled=no) I; X- y' r3 u/ ?
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \1 o) l0 e$ ^/ s. C; G8 i
disabled=no* p! z% F" y( N; l/ z; d1 ?
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \. y) B* f2 ?; `, S3 A1 R6 h
disabled=no# D' E0 Z" C, l( ~8 U
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \6 S/ L. L+ |' K6 U8 j
disabled=no+ `; D3 x. Y' Q+ e
add chain=virus protocol=tcp dst-port=3410 action=drop \
3 c  D+ o% `' xcomment=”Backdoor.Optixprotocol” disabled=no
+ P  {6 n1 a6 b( U" A$ ?! {1 H8 D! ladd chain=virus protocol=tcp dst-port=8888 action=drop \* D# n- F# o9 P
comment=”Worm.BBeagle.b” disabled=no, v. W0 ~  r0 B3 j; P# w
add chain=virus protocol=udp dst-port=44444 action=drop \
4 a( ]& m0 i. a5 C9 g) V  Z' tcomment=”Delta.Source.Trojan-7″ disabled=no' B+ O' f+ C/ a' g: p! Z: Y
add chain=virus protocol=udp dst-port=8998 action=drop \$ o' D; r+ P' k; `- ?: F
comment=”Worm.Sobig.f-3″ disabled=no, v- p( s- c9 A3 q  Y% a; N
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
+ l- J+ y" _3 Gdisabled=no
# X+ O* _% [+ f( c: l" `) nadd chain=virus protocol=tcp dst-port=3198 action=drop \
1 {+ Z9 q3 g7 N' c8 Tcomment=”Worm.Novarg.a.Mydoom.a2.” disabled=no9 t2 R8 [* F5 m
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \
) b/ \# c) f( jWorm” disabled=no4 b9 `! Y! N' B) }; i; W
add chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
1 t# w8 M5 k1 e/ r1 H7 J* cWorm” disabled=no7 L9 p( o1 q! P) ^7 n
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
2 W) M% V! F2 d% e' k! wWorm” disabled=no6 n$ w8 y/ k* Q! Z7 y2 ^
/ ip firewall connection tracking
! c2 W& r' K$ u8 W6 a) {; O/ X) }+ Yset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \/ c3 ^* B! m) ?# @1 ~
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
! u# M; Z( j1 htcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
5 C3 r0 W# F! {: n/ p. N/ Ktcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
' A6 ], _' @; k2 E3 Z% gudp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
! H8 R: |" u5 L: A2 S9 Ptcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-1-19 02:17

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表