查看: 469|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter
7 v* e& d3 |1 y6 s! P3 e7 W, X9 Dadd chain=input connection-state=invalid action=drop \! j) v0 X3 J* c( Q% ]
comment=”丢弃非法连接packets” disabled=no7 N/ a6 J, Y) s% ]+ f8 f+ l
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
2 B# ]2 H3 T6 R- Jcomment=”限制总http连接数为90″ disabled=no
! n8 k+ E+ y/ @. u* ?2 q2 F/ sadd chain=input protocol=tcp psd=21,3s,3,1 action=drop \6 Q$ M* ]  D1 c5 P4 Y) p2 r
comment=”探测并丢弃端口扫描连接” disabled=no1 P) i* m8 }( @& c  b
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \7 o( x" R# b1 _5 Q9 E/ s
action=tarpit comment=”压制DoS攻击” disabled=no4 ^% h5 ?  l4 Z3 L2 L
add chain=input protocol=tcp connection-limit=10,32 \' j9 b- F, W+ p% d; Y5 r% Q
action=add-src-to-address-list address-list=black_list \
" H" [5 |: _! e5 p+ ?1 yaddress-list-timeout=1d comment=”探测DoS攻击” disabled=no
( g$ k; }' T" E: S. ^8 x& H! Dadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
9 @) E# {$ T  u! Y* {! cdisabled=no
$ f/ F: @% Q; m) x2 ^' w, Nadd chain=input src-address-type=!unicast action=drop \
; m7 e( H5 z/ C% fcomment=”丢弃掉所有非单播数据” disabled=no
$ O: t  }# Y* Oadd chain=input protocol=icmp action=jump jump-target=ICMP \
- w( j7 T: O; [0 r  p1 ^4 y" T% ecomment=”跳转到ICMP链表” disabled=no) w$ w  X5 Y0 x  @! m0 [& O9 ^
add chain=input protocol=tcp action=jump jump-target=virus \! }$ Z8 T4 y6 U, R  x0 S! D
comment=”跳转到病毒链表” disabled=no
7 U' ^! \9 q% R1 E  f& m  ?: ^add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \6 d4 v; ~7 \2 c0 }' f
comment=”Ping应答限制为每秒5个包” disabled=no* q5 [1 m3 d1 |2 h1 Z+ h, a( l& @
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
  O0 v: L8 V5 g# j7 s- s4 \comment=”Traceroute限制为每秒5个包” disabled=no* m! j! M/ s: r& m* X
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
0 \5 j1 @" B6 m9 K" a5 v3 vcomment=”MTU线路探测限制为每秒5个包” disabled=no2 E$ y+ s8 h5 n7 g. w5 Q0 p
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
$ V3 o  }8 o, ?' d3 s: ]comment=”Ping请求限制为每秒5个包” disabled=no
5 {2 K% e8 m! D  i0 S. o9 aadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
" v- ]6 B5 z! H& T' [8 G5 e9 Hcomment=”Trace TTL限制为每秒5个包” disabled=no
, [: e6 L* y0 \# ~4 cadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
- `- X0 T2 G9 R+ d1 }disabled=no' M  G# O* p$ o( d, k9 q9 Z5 i
add chain=forward connection-state=established action=accept \# S+ D) L& \, n/ ?
comment=”接受以连接的数据包” disabled=no
+ J7 i  y, k/ D) z2 p0 Madd chain=forward connection-state=related action=accept \" s5 ^, I5 z  l! {+ J( k( ^
comment=”接受相关数据包” disabled=no
. _4 E5 {5 l. ]! {: s- ladd chain=forward connection-state=invalid action=drop \' z' u2 u9 j5 s& R
comment=”丢弃非法数据包” disabled=no7 g# h7 I' e* n2 c  L
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
4 p) L' o5 x0 {! I3 w' B  X( wcomment=”限制每个主机TCP连接数为50条” disabled=no  j! F, w1 N$ g0 e1 A3 K
add chain=forward src-address-type=!unicast action=drop \: k- W" o9 c; H1 I8 S2 b7 |
comment=”丢弃掉所有非单播数据” disabled=no2 L8 A4 M, k. C8 F
add chain=forward protocol=icmp action=jump jump-target=ICMP \8 y* N' d" ~  Z0 P6 q7 i
comment=”跳转到ICMP链表” disabled=no
. X2 K3 [  d) d( r' O2 n! E" dadd chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \! e5 s# S4 |2 e5 ?+ C0 f/ G, x
disabled=no
6 _+ _/ b; U, {5 R- Z$ o) t1 iadd chain=virus protocol=tcp dst-port=41 action=drop \" f# A  ]+ C, J3 [
comment=”DeepThroat.Trojan-1″ disabled=no. j% G& s) v+ }
add chain=virus protocol=tcp dst-port=82 action=drop \; n) i4 Z& E2 }( v) G1 ^
comment=”Worm.NetSky.Y@mm” disabled=no
( \! S! @5 |& n2 \  W2 ^+ J& P% A8 d: ladd chain=virus protocol=tcp dst-port=113 action=drop \5 G, \) Y/ A, _, p2 p
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no- C7 R6 G: H0 X1 m; D7 ^+ s
add chain=virus protocol=tcp dst-port=2041 action=drop \
# R* b0 F5 C2 Dcomment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no
1 ^! z( Z& \  E1 `9 K' Z& ]4 fadd chain=virus protocol=tcp dst-port=3150 action=drop \" v% [9 P/ ]3 O. y8 c: t/ J) I" w
comment=”DeepThroat.Trojan-2″ disabled=no
* M3 U# d8 S6 x+ hadd chain=virus protocol=tcp dst-port=3067 action=drop \
7 Y4 \+ [- F4 M0 ^comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
( @" u/ m8 h: M8 y7 r+ L+ M( _6 Sadd chain=virus protocol=tcp dst-port=3422 action=drop \9 [* r- L$ @3 j" @0 ?& ?6 Q
comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no" b: T8 m- {0 P$ T$ D
add chain=virus protocol=tcp dst-port=6667 action=drop \
  i8 ]- N8 g# l/ T# O# lcomment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
3 i: F% ^% x& w6 b0 Q% x6 ?0 j8 ^add chain=virus protocol=tcp dst-port=6789 action=drop \/ E: L3 Y) q# j. H' n
comment=”Worm.NetSky.S/T/U@mm” disabled=no4 q6 B/ k# ], M# U
add chain=virus protocol=tcp dst-port=8787 action=drop \; x) `8 }, @$ \$ M5 k! C& o
comment=”Back.Orifice.2000.Trojan-1″ disabled=no# \+ o6 n0 j6 Y; n6 }9 _
add chain=virus protocol=tcp dst-port=8879 action=drop \9 T/ `( n, k  [5 [: K
comment=”Back.Orifice.2000.Trojan-2″ disabled=no
* f$ f( m& w. }- R" ~* Q# I& s; {add chain=virus protocol=tcp dst-port=8967 action=drop \) ]/ ]7 `# }  A( e4 I
comment=”W32.Dabber.A/B-2″ disabled=no1 g6 V1 }! O4 X2 \& \4 y
add chain=virus protocol=tcp dst-port=9999 action=drop \
  P0 r" l0 Y# ]1 Ocomment=”W32.Dabber.A/B-3″ disabled=no. T& N9 P( ?. m
add chain=virus protocol=tcp dst-port=20034 action=drop \
& k( L( B/ b2 H& g1 Gcomment=”Block.NetBus.Trojan-2″ disabled=no
: [. P: M" t0 k  madd chain=virus protocol=tcp dst-port=21554 action=drop \* l8 T, l$ f) G) Z
comment=”GirlFriend.Trojan-1″ disabled=no
. t- W' E7 C  V3 ]add chain=virus protocol=tcp dst-port=31666 action=drop \
' ?' S) J; _; ^  V0 {3 b* z6 ^comment=”Back.Orifice.2000.Trojan-3″ disabled=no
: C5 F/ \# r, [( {1 Wadd chain=virus protocol=tcp dst-port=43958 action=drop \
; _5 C( H: o) [4 c8 O( Bcomment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no. ?; ^4 b. S. `" l  M. Y
add chain=virus protocol=tcp dst-port=999 action=drop \/ A5 A5 D  H! [' e" j/ [
comment=”DeepThroat.Trojan-3″ disabled=no
' x8 M2 S1 r- Aadd chain=virus protocol=tcp dst-port=6670 action=drop \
. [7 E" n& C' t% Bcomment=”DeepThroat.Trojan-4″ disabled=no4 q8 I6 N) n/ b- a6 E
add chain=virus protocol=tcp dst-port=6771 action=drop \
  D3 B; ^0 s/ y0 x: }/ hcomment=”DeepThroat.Trojan-5″ disabled=no6 [" c# e9 j9 Z2 n! e$ P
add chain=virus protocol=tcp dst-port=60000 action=drop \
  e7 z2 Z. F' b+ `comment=”DeepThroat.Trojan-6″ disabled=no1 j0 O9 @% g8 n2 V9 X4 w$ E
add chain=virus protocol=tcp dst-port=2140 action=drop \
. T9 T+ w) p- t: J' t3 Rcomment=”DeepThroat.Trojan-7″ disabled=no
" w  k) v' k  z7 g  u2 w: Radd chain=virus protocol=tcp dst-port=10067 action=drop \
; x* `; @2 F( ?3 I! ^7 x+ Dcomment=”Portal.of.Doom.Trojan-1″ disabled=no  z3 w* u& c0 H8 _. Z* v, l
add chain=virus protocol=tcp dst-port=10167 action=drop \
! N5 W7 S$ O' ]& B  vcomment=”Portal.of.Doom.Trojan-2″ disabled=no
! S9 C; \7 ?1 G7 t  madd chain=virus protocol=tcp dst-port=3700 action=drop \
/ C- t8 a, i) dcomment=”Portal.of.Doom.Trojan-3″ disabled=no0 s. W( J) H7 w! w1 K% x5 P5 L
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \) s2 ?+ j2 A; {7 T
comment=”Portal.of.Doom.Trojan-4″ disabled=no9 i$ t5 _2 H( e, l/ i7 O& E2 R
add chain=virus protocol=tcp dst-port=6883 action=drop \' p9 W0 M3 W, F( [2 {' L
comment=”Delta.Source.Trojan-1″ disabled=no
+ N( }2 p  q" ^5 z" Uadd chain=virus protocol=tcp dst-port=26274 action=drop \
  B! ^4 b* u' Q' R' ?$ ?6 Ocomment=”Delta.Source.Trojan-2″ disabled=no6 V2 }( N: o1 P- ^  p' Q0 X
add chain=virus protocol=tcp dst-port=4444 action=drop \5 ?' v# ^5 ?8 ^/ x# |1 ?% x
comment=”Delta.Source.Trojan-3″ disabled=no
9 [5 m& `3 N7 m* qadd chain=virus protocol=tcp dst-port=47262 action=drop \1 V, E, X; V; q& r% Q$ D4 F
comment=”Delta.Source.Trojan-4″ disabled=no# _, P7 q$ }! I8 z& G! k# E. J
add chain=virus protocol=tcp dst-port=3791 action=drop \3 z2 g1 c3 z6 U
comment=”Eclypse.Trojan-1″ disabled=no
4 H2 l# M- O1 @% S3 z/ Eadd chain=virus protocol=tcp dst-port=3801 action=drop \
+ P1 I8 |, {: d/ L, N/ c1 Xcomment=”Eclypse.Trojan-2″ disabled=no
% f" J% W3 R& ~! M5 D' padd chain=virus protocol=tcp dst-port=65390 action=drop \: K; M+ {+ G- t2 n' f3 M
comment=”Eclypse.Trojan-3″ disabled=no& Z. y2 ]) G9 F: ?8 m3 c# r9 c7 F
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \: p4 [4 y6 G  L7 }
comment=”Y3K.RAT.Trojan-1″ disabled=no/ I' N' f. P: t0 f( T$ {
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
1 H3 `- S" X" m! x8 Ncomment=”Y3K.RAT.Trojan-2″ disabled=no/ r. }, ]% u3 z$ x4 U
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \7 h. j' R& r$ ^- ~- ]! O, u' N) H: o
comment=”NetSphere.Trojan-1″ disabled=no! z% K; |  [. L) f  K* l7 S
add chain=virus protocol=tcp dst-port=30133 action=drop \0 N$ H* z6 P  i2 \  P
comment=”NetSphere.Trojan-2″ disabled=no
2 |7 p* E) r5 U7 j+ Wadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \8 T8 i: j' J5 r5 z% U
comment=”NetMonitor.Trojan-1″ disabled=no1 v& \2 \- q& Z$ [# Q: K5 [+ P
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \. u: N! Q8 i* V7 @! P7 P3 f2 b; C
comment=”NetMonitor.Trojan-2″ disabled=no
7 C) w& p. k/ l; H4 Madd chain=virus protocol=tcp dst-port=79 action=drop \
: y- Z  t1 Y; |+ icomment=”FireHotcker.Trojan-1″ disabled=no
( }& U. W6 |# p4 J( h2 {! x, n# badd chain=virus protocol=tcp dst-port=5031 action=drop \& d8 ?/ |) C( X* ]& M& K
comment=”FireHotcker.Trojan-2″ disabled=no
0 B) e& J( P4 ^& I, G# Z$ @/ Sadd chain=virus protocol=tcp dst-port=5321 action=drop \
) k; A/ `6 H6 G2 E2 gcomment=”FireHotcker.Trojan-3″ disabled=no
0 J: W% Q5 G( Tadd chain=virus protocol=tcp dst-port=6400 action=drop \. `2 \8 T7 s' k8 [
comment=”TheThing.Trojan-1″ disabled=no2 ?' h9 E: r- \
add chain=virus protocol=tcp dst-port=7777 action=drop \
' Y$ s* k- g3 F. w9 @# Rcomment=”TheThing.Trojan-2″ disabled=no0 M. a2 [' l: W( ^. P* a
add chain=virus protocol=tcp dst-port=1047 action=drop \
! L1 K/ g/ U  t: m0 ~comment=”GateCrasher.Trojan-1″ disabled=no* _3 a& [" g& ]* N, r; r( c$ \( i* ?/ k
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \+ \$ s+ N0 ~( d) K1 H
comment=”GateCrasher.Trojan-2″ disabled=no1 i0 `: D6 t, Q9 q% L& i
add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
, @6 M: ^3 h$ E+ a8 A  W6 M7 Y& ?3 ndisabled=no8 h. s4 r; ]* Z- J; F& t
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
8 P* b. s& C! z" d2 p8 `/ Jdisabled=no5 M" s" l8 q- {8 ?
add chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
1 y: k, C  j  t$ w# vdisabled=no5 K, D; U8 Y& R8 w1 X% p3 p& o. x, g4 `
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \; Z& Y9 i* \; X1 k
disabled=no
3 a. R/ x. A7 h  E8 d" |- R9 ]add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
0 t+ d5 [+ h% }( e* Acomment=”SubSeven-5″ disabled=no$ |6 l8 t* N3 @! @
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
# s# h. J4 q! G) {7 Zdisabled=no
. g1 D+ t2 G8 f$ g2 r# q3 Madd chain=virus protocol=tcp dst-port=25685-25686 action=drop \2 _" P% P  [, N
comment=”Moonpie.Trojan-1″ disabled=no- C$ A3 ~. q  l; Q9 _
add chain=virus protocol=tcp dst-port=25982 action=drop \
& O9 O: x: C$ n. ocomment=”Moonpie.Trojan-2″ disabled=no  I. ], Y, I: g- Y8 U0 e
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
$ d% k+ m5 M: |. L3 U. o4 @5 h2 Mcomment=”NetSpy.Trojan-3″ disabled=no
8 \$ X& Z! C6 `' x6 @add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \
! j1 ~, g5 u8 d; {! \disabled=no' A6 {5 w0 B, ?! u
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
/ g5 a4 w3 v7 O" Ddisabled=no
$ d) i" B/ t3 x2 Jadd chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
6 Y& E7 o9 U0 Adisabled=no3 E! E, n8 v9 F; T" s8 a; x
add chain=virus protocol=tcp dst-port=19191 action=drop \; T1 c" b8 d& I( Y9 A
comment=”Trojan.NianSeHoYian” disabled=no
0 D: j/ N& w' Madd chain=virus protocol=tcp dst-port=23444-23445 action=drop \! m4 B. l& ~5 A% g* ^& b3 u
comment=”NetBull.Trojan” disabled=no: A- R7 h0 K# ^2 n1 G  ]1 t
add chain=virus protocol=tcp dst-port=2583 action=drop \, O3 y* I' [9 ~. n! i) a
comment=”WinCrash.Trojan-1″ disabled=no
. j7 s- T- ~8 f! R" l5 Iadd chain=virus protocol=tcp dst-port=3024 action=drop \) w" A0 D0 M( _! B
comment=”WinCrash.Trojan-2″ disabled=no: w! n1 K2 q7 ]+ Y/ N
add chain=virus protocol=tcp dst-port=4092 action=drop \0 [! ^9 s! K$ |# y) `; L
comment=”WinCrash.Trojan-3″ disabled=no
, t8 f4 t& l4 x! X9 ~9 Q$ X$ p. xadd chain=virus protocol=tcp dst-port=5714 action=drop \
# W. ?7 v4 v$ Q  }3 D1 p% [" J0 O6 xcomment=”WinCrash.Trojan-4″ disabled=no: Q  E7 G' d$ d2 k
9 I# @9 e1 w+ u( D! B

: l% v4 f2 @$ Q! |

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \" m, y' D, N, b
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no6 R( w& \- G/ |9 P* t
add chain=virus protocol=tcp dst-port=1015 action=drop \
5 g1 H2 }- _0 F& T  b9 @3 t/ |comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
5 G, m& V% K7 u* r) @) h0 z7 H, sadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \. }' U% e( i5 m! O5 j" i
comment=”TransScout.Trojan-1″ disabled=no: y# G! w  n% ^& V' b0 T- H
add chain=virus protocol=tcp dst-port=9878 action=drop \
; y4 ]$ t( d9 X# H5 d" ?, g2 mcomment=”TransScout.Trojan-2″ disabled=no
0 F! m8 F1 R. S  \' cadd chain=virus protocol=tcp dst-port=2773 action=drop \
, V; u6 P: j* }3 \% A7 T7 p$ dcomment=”Backdoor.YAI..Trojan-1″ disabled=no
: ~; n4 q  ?- X: z* ]% E5 ]) Badd chain=virus protocol=tcp dst-port=7215 action=drop \
% V0 j' e- A, h, @% a/ M" ncomment=”Backdoor.YAI.Trojan-2″ disabled=no
# [* a, G1 Q: Xadd chain=virus protocol=tcp dst-port=54283 action=drop \
" ~+ s+ k" W8 ?) a$ Icomment=”Backdoor.YAI.Trojan-3″ disabled=no
; d/ D" G+ t& V8 Tadd chain=virus protocol=tcp dst-port=1003 action=drop \* H- k) C+ r( d
comment=”BackDoorTrojan-1″ disabled=no. k% ~3 t( x" e
add chain=virus protocol=tcp dst-port=5598 action=drop \- f3 o. z! F& B# x
comment=”BackDoorTrojan-2″ disabled=no: S4 u6 I) X2 y% w  o1 Q$ x" O
add chain=virus protocol=tcp dst-port=5698 action=drop \8 \* A$ B' _& \5 E" d
comment=”BackDoorTrojan-3″ disabled=no# E/ u6 x! [0 w8 z5 `5 k
add chain=virus protocol=tcp dst-port=31554 action=drop \5 t! Y; A7 B0 ?. I8 ^
comment=”SchainwindlerTrojan-2″ disabled=no
, g* }* {4 L! t+ L* a2 fadd chain=virus protocol=tcp dst-port=18753 action=drop \9 x! U* x- o+ {1 O
comment=”Shaft.DDoS.Trojan-1″ disabled=no
7 ]  }* ]7 J( j- S1 ?add chain=virus protocol=tcp dst-port=20432 action=drop \
( t) k3 J- w0 xcomment=”Shaft.DDoS.Trojan-2″ disabled=no
/ h( H* C* z# G5 |% ]add chain=virus protocol=tcp dst-port=65000 action=drop \' r$ k4 }+ x9 z
comment=”Devil.DDoS.Trojan” disabled=no
6 T! v( T7 b4 z1 Y& cadd chain=virus protocol=tcp dst-port=11831 action=drop \
; P7 w' P" P8 H2 m" s/ m0 Wcomment=”LatinusTrojan-1″ disabled=no
8 a# Z) s! b6 D3 H! |add chain=virus protocol=tcp dst-port=29559 action=drop \# S0 x1 k7 P! D+ T* T' P9 t2 |0 X
comment=”LatinusTrojan-2″ disabled=no0 y( Z! _* L6 T
add chain=virus protocol=tcp dst-port=1784 action=drop \
$ Z; e$ g  J( t: p% b$ E. Rcomment=”Snid.X2Trojan-1″ disabled=no
! K& [* X# @( J# V. n: r8 ladd chain=virus protocol=tcp dst-port=3586 action=drop \, B5 f4 P$ ^7 I' J
comment=”Snid.X2Trojan-2″ disabled=no
" r3 v, R3 k1 R9 H) Fadd chain=virus protocol=tcp dst-port=7609 action=drop \
* f! [) `0 U$ s' t1 x: Mcomment=”Snid.X2Trojan-3″ disabled=no8 F% I" l+ \# ^+ _7 q6 T- w4 m
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
  c& M( W# @7 F. K. u% Vcomment=”BionetTrojan-1″ disabled=no: z* a# T' r' m9 `- o
add chain=virus protocol=tcp dst-port=12478 action=drop \1 N( h2 k# Z. i  L9 N4 j, u# ]
comment=”BionetTrojan-2″ disabled=no
6 _$ b4 a1 J: {add chain=virus protocol=tcp dst-port=57922 action=drop \
: r  z- r7 K- T$ I2 M! bcomment=”BionetTrojan-3″ disabled=no% b5 |* o2 z# g* i3 \
add chain=virus protocol=tcp dst-port=3127 action=drop \
# ~4 K. Z8 v3 x+ ~+ _comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no6 u  y% e) {3 C/ `" ?
add chain=virus protocol=tcp dst-port=6777 action=drop \  \; o. I! J- t
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no) c! T' p! S; M! G0 v* @* E
add chain=virus protocol=tcp dst-port=8866 action=drop \
0 \( f# I7 L+ D9 scomment=”Worm.BBeagle.b” disabled=no
7 J8 J5 a& X5 ~! L- p4 z& k. xadd chain=virus protocol=tcp dst-port=2745 action=drop \4 Y% \$ W! {! @, b) P2 q+ I, b
comment=”Worm.BBeagle.c-g/j-l” disabled=no: Z3 P) G. I+ _' d7 {
add chain=virus protocol=tcp dst-port=2556 action=drop \" z* a- C# {/ c3 F/ Y7 S
comment=”Worm.BBeagle.p/q/r/n” disabled=no
; f' V0 Q0 x3 V5 S1 J' Wadd chain=virus protocol=tcp dst-port=20742 action=drop \
% D; Y4 o/ C" M8 j( Rcomment=”Worm.BBEagle.m-2″ disabled=no
& y$ y9 U' t6 o' G% z  I/ Gadd chain=virus protocol=tcp dst-port=4751 action=drop \
( u6 @7 b* T5 ]4 t: `comment=”Worm.BBeagle.s/t/u/v” disabled=no
; i0 t" @& f9 y% [2 J5 t1 }add chain=virus protocol=tcp dst-port=2535 action=drop \$ i" A/ P& i3 I, n  E
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no  u$ Y# ^* h. `
add chain=virus protocol=tcp dst-port=5238 action=drop \
9 H; }( a# Y) p+ A4 ecomment=”Worm.LovGate.r.RpcExploit” disabled=no8 n/ O, O* F. Q" [0 M5 e# q
add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \- r. l! G6 f/ n* t2 I! B
disabled=no& U3 f  F' [/ u0 E# F
add chain=virus protocol=tcp dst-port=5554 action=drop \
1 ~; i0 d6 f; c5 ycomment=”Worm.Sasser.b/c/f” disabled=no0 X' M! P3 X5 {: q7 J3 _
add chain=virus protocol=tcp dst-port=9996 action=drop \
3 E- J: F5 [* Qcomment=”Worm.Sasser.b/c/f” disabled=no
4 P( g, _+ ~& }: `6 h" o3 |add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
$ Z' m7 d; _7 |0 Qdisabled=no
6 J2 Q2 ~+ {0 ~8 o7 {- ^  b3 padd chain=virus protocol=tcp dst-port=10168 action=drop \" O7 r7 |6 Y; b) j8 o& V+ W. z9 w% N
comment=”Worm.Lovgate.a/b/c/d” disabled=no
, p. B% V; J9 N7 U' u1 ?5 E- H! Aadd chain=virus protocol=tcp dst-port=20808 action=drop \
2 _% p/ x8 W0 c  L, Q! ]$ Icomment=”Worm.Lovgate.v.QQ” disabled=no% ~  b9 `& i6 P0 ]+ w: }
add chain=virus protocol=tcp dst-port=1092 action=drop \6 R" {+ V3 c9 s: _/ g
comment=”Worm.Lovgate.f/g” disabled=no
% {- R, z# x% @add chain=virus protocol=tcp dst-port=20168 action=drop \
0 L" R2 Q* [8 u! p3 I. N  o3 ?comment=”Worm.Lovgate.f/g” disabled=no
8 \* x( O; J8 a2 D1 A0 T# T2 G8 V) j3 Wadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \3 H# x- y7 c. f9 Z  A9 l7 ~
comment=”ndm.requester” disabled=no! w0 ^: q! Y" _9 m" ~( ^
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \
; ?% [5 H9 {4 a1 |/ |$ o0 S8 Ldisabled=no
' z: J% p5 S$ s+ M3 C! radd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \: ~- Z2 W* |; l8 F! y$ b0 V# `
disabled=no
, G' ]8 F. ?& q. Qadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
2 q  _( E7 w2 V! y6 U) w  xdisabled=no2 p4 A8 ?1 g* _8 f
add chain=virus protocol=tcp dst-port=3410 action=drop \  B  {2 ]7 p- g
comment=”Backdoor.Optixprotocol” disabled=no9 H) r  B- T6 Y* @& _! [: {6 M
add chain=virus protocol=tcp dst-port=8888 action=drop \
, z( s6 F# V! x0 P* r5 xcomment=”Worm.BBeagle.b” disabled=no
' D  \+ H7 u, Z( L( s' Wadd chain=virus protocol=udp dst-port=44444 action=drop \7 i4 E) @0 d  l$ E
comment=”Delta.Source.Trojan-7″ disabled=no$ b% Q0 c8 b, z$ L0 X
add chain=virus protocol=udp dst-port=8998 action=drop \
2 V( b" m/ w, S$ A2 X; F$ N# kcomment=”Worm.Sobig.f-3″ disabled=no% i1 A2 t" [2 o, n+ |+ Y; U: d
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
9 i% b6 m% z" h. Z0 z% Bdisabled=no1 w/ m7 W7 \* h! n; P. \
add chain=virus protocol=tcp dst-port=3198 action=drop \8 o! x8 t9 \& d0 k) X
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no" O3 g+ |; ~' U9 i
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \! h' x) Z, p4 V
Worm” disabled=no. j& w) ?% w/ p0 F3 \* o* y6 D
add chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
; h* e- ]$ @$ S0 M+ o+ G9 s$ EWorm” disabled=no& V8 |5 a% E% w& {- h
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \) c6 P+ e) b; _: K3 g. y! x8 o3 }
Worm” disabled=no4 ]  L3 K, D1 e
/ ip firewall connection tracking$ c3 b7 s$ I$ H
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
- z$ J; E2 q5 n' R$ l- Ntcp-established-timeout=10h tcp-fin-wait-timeout=2m \
; U& `0 E; A; Y8 \/ Htcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \5 ~# u: q7 c$ T! V1 y- b! G
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
- E- b& z  p3 x- M0 {udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \; s  i7 A" `6 s9 n' a7 q' {; I
tcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 加入

本版积分规则

关闭

站长推荐 上一条 /1 下一条

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图

GMT+8, 2018-5-25 07:41

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表