查看: 405|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

566

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
TG-NET
Anywlan微信公众号
/ ip firewall filter
* x- p$ ]  V- d5 }+ ladd chain=input connection-state=invalid action=drop \0 ~+ a# F* v' e/ {, W# t. n( T
comment=”丢弃非法连接packets” disabled=no2 J2 [6 e& i, A( G' \
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
' N3 |( Z  ?9 ccomment=”限制总http连接数为90″ disabled=no& }3 u5 `' O0 |3 i" F) z
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \! x) d/ c1 r2 x% u" m1 u+ Y) u! h/ F
comment=”探测并丢弃端口扫描连接” disabled=no
' \1 {+ O# r( e3 J) Badd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \2 }4 l8 n2 ~0 j' b9 f
action=tarpit comment=”压制DoS攻击” disabled=no
) o: u. y. X+ V8 Eadd chain=input protocol=tcp connection-limit=10,32 \
3 o3 l+ R6 j, s7 z3 Zaction=add-src-to-address-list address-list=black_list \" _8 L  [( Q' J( ~8 B0 ^1 V( {
address-list-timeout=1d comment=”探测DoS攻击” disabled=no
* X* [) v! d0 l- [3 f  Zadd chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \, |/ F, I$ w4 [, I" B" `- z4 E
disabled=no
) W$ e7 {8 g8 O- Qadd chain=input src-address-type=!unicast action=drop \/ Y2 |$ l  u- q* v$ P- O+ y( J4 O
comment=”丢弃掉所有非单播数据” disabled=no4 V; b) B* Z0 P4 r( Z  K1 M
add chain=input protocol=icmp action=jump jump-target=ICMP \
, y0 S  \$ A7 L: S" _comment=”跳转到ICMP链表” disabled=no
3 A; h( u3 l; f9 B6 B$ k  u7 ?add chain=input protocol=tcp action=jump jump-target=virus \
- E0 T) _- K7 Mcomment=”跳转到病毒链表” disabled=no! a3 W0 q4 Z/ @! r3 W* ^
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
: b" x" ^8 x* m$ A! kcomment=”Ping应答限制为每秒5个包” disabled=no8 d" E5 A" Q6 x4 i# J, C. W3 S$ f5 n
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \9 r! B2 b5 `) S# K/ X7 R
comment=”Traceroute限制为每秒5个包” disabled=no: ]8 b. Y% `; R. B+ L, O  Z
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \- i; @: C0 m( [1 e- ^; Z/ [
comment=”MTU线路探测限制为每秒5个包” disabled=no* j: Y8 T& i" e5 y
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \* f% G8 c6 W, G6 E
comment=”Ping请求限制为每秒5个包” disabled=no
8 x3 d0 G* X- H1 g; R  \& Iadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
8 h: t  J4 T$ j  B' S4 B0 vcomment=”Trace TTL限制为每秒5个包” disabled=no
9 J8 V$ F% ?& s7 wadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \- W0 ?& S3 h% \/ U! ?1 Z  E8 O
disabled=no# ?/ K7 C8 F( Y5 |6 N6 Q, f
add chain=forward connection-state=established action=accept \8 J4 |* j2 R; G2 O/ P8 h) Z
comment=”接受以连接的数据包” disabled=no
; C- r* \  @2 _0 g# Y3 f9 O' aadd chain=forward connection-state=related action=accept \
# Z4 B2 V$ k7 u# y; {4 u7 ecomment=”接受相关数据包” disabled=no* b( [8 r) r" E7 Q
add chain=forward connection-state=invalid action=drop \# p" n! P3 }! g5 q. v0 v% q
comment=”丢弃非法数据包” disabled=no. A+ D# b! S' H( v+ M
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
9 R- d% D1 T  _comment=”限制每个主机TCP连接数为50条” disabled=no0 \; V# ]' T- p
add chain=forward src-address-type=!unicast action=drop \3 ], n+ k; G: O) v
comment=”丢弃掉所有非单播数据” disabled=no
' P" S7 j3 @) _3 J; X9 r: Cadd chain=forward protocol=icmp action=jump jump-target=ICMP \' a/ O- v* E$ x  u. P
comment=”跳转到ICMP链表” disabled=no% Q& H$ w- u9 R$ j& \! {  j, I
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \  Z# f$ A& r; U% U4 `' e
disabled=no9 `' m7 q/ \3 X' u3 l/ @
add chain=virus protocol=tcp dst-port=41 action=drop \
% _( G5 Q1 Y% s, j+ u3 J; @! Ccomment=”DeepThroat.Trojan-1″ disabled=no
" i' H6 l: v% [: }+ _3 y$ badd chain=virus protocol=tcp dst-port=82 action=drop \
9 ~, }" F* f8 l" ocomment=”Worm.NetSky.Y@mm” disabled=no3 Z+ N9 [( F! O& s# f2 R
add chain=virus protocol=tcp dst-port=113 action=drop \
8 W4 s! @4 N/ c- v7 hcomment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no2 V2 ^1 a1 C5 f5 @4 X. g, o+ e3 K% G8 ~
add chain=virus protocol=tcp dst-port=2041 action=drop \; A) |; i/ a- r" |$ |
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no
5 l: x1 c1 k  J9 D( ]add chain=virus protocol=tcp dst-port=3150 action=drop \
% f* ~' h: m1 ?# w3 l* G2 _3 Rcomment=”DeepThroat.Trojan-2″ disabled=no
5 e  e. F( s% f& |* ]7 |4 V0 t0 Iadd chain=virus protocol=tcp dst-port=3067 action=drop \5 A# \9 Y3 A: l* q# e
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
* s( X( I$ p9 B! _* B  K7 qadd chain=virus protocol=tcp dst-port=3422 action=drop \
) t8 j. p7 k: j$ xcomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
* j4 K( Y4 q. wadd chain=virus protocol=tcp dst-port=6667 action=drop \
7 g- T6 s5 H9 Z# Q& y3 \comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no6 a! h% Z8 J- d% q
add chain=virus protocol=tcp dst-port=6789 action=drop \) p, k; a  N, s: _0 ^2 }# ]
comment=”Worm.NetSky.S/T/U@mm” disabled=no
* Z/ A" C- d3 u7 u& Dadd chain=virus protocol=tcp dst-port=8787 action=drop \7 `. H2 }9 B# F' g8 F" Y: f
comment=”Back.Orifice.2000.Trojan-1″ disabled=no3 b1 \1 P- A, \0 W5 d+ {! `% R
add chain=virus protocol=tcp dst-port=8879 action=drop \
0 l9 N3 f+ e! Y* ]* S7 Q/ w7 rcomment=”Back.Orifice.2000.Trojan-2″ disabled=no' c6 D3 j' A6 A- h/ v
add chain=virus protocol=tcp dst-port=8967 action=drop \9 Q* U7 s( I6 j( L6 I% e) q- a2 i) L
comment=”W32.Dabber.A/B-2″ disabled=no
; S1 b5 J& @2 v  V# \- Dadd chain=virus protocol=tcp dst-port=9999 action=drop \
; h; m: D- s" u4 ccomment=”W32.Dabber.A/B-3″ disabled=no
# L$ M) Z% ]  `1 ~( q3 Ladd chain=virus protocol=tcp dst-port=20034 action=drop \  \0 h9 k+ i! I/ H
comment=”Block.NetBus.Trojan-2″ disabled=no
& M6 u' U7 o+ Tadd chain=virus protocol=tcp dst-port=21554 action=drop \
4 \2 a, b0 H& p; P8 Rcomment=”GirlFriend.Trojan-1″ disabled=no
2 [" D, d: Z& w5 j4 e8 m. jadd chain=virus protocol=tcp dst-port=31666 action=drop \
9 Q% Y; w7 Q6 n9 xcomment=”Back.Orifice.2000.Trojan-3″ disabled=no* a2 y! v8 w. ^+ x
add chain=virus protocol=tcp dst-port=43958 action=drop \3 T; r* P; }' m  y
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no
7 e5 v3 \* i( O( zadd chain=virus protocol=tcp dst-port=999 action=drop \5 X- i8 {6 j: k
comment=”DeepThroat.Trojan-3″ disabled=no
1 c  N* {* M! m- \add chain=virus protocol=tcp dst-port=6670 action=drop \
! ~; q1 d, l' j8 ~- P; ccomment=”DeepThroat.Trojan-4″ disabled=no
# x9 P( |7 A9 k6 p2 Tadd chain=virus protocol=tcp dst-port=6771 action=drop \
, T' t+ G1 c" g0 Q+ v  ^9 xcomment=”DeepThroat.Trojan-5″ disabled=no" u6 i; k4 @. q; R$ O& {
add chain=virus protocol=tcp dst-port=60000 action=drop \
, e1 R, N& r/ |0 I, z* ?comment=”DeepThroat.Trojan-6″ disabled=no0 Q4 B9 X7 S; x2 A$ p% A
add chain=virus protocol=tcp dst-port=2140 action=drop \
0 E  Y6 j3 A* e2 i+ x* }/ ecomment=”DeepThroat.Trojan-7″ disabled=no% ~1 ~7 R; q  M! s: L2 w3 ]% R
add chain=virus protocol=tcp dst-port=10067 action=drop \
" f5 B. h2 Y, h: Kcomment=”Portal.of.Doom.Trojan-1″ disabled=no& b6 w3 |  J& F+ i/ e
add chain=virus protocol=tcp dst-port=10167 action=drop \
0 A* p  Q# U4 e& }5 Ucomment=”Portal.of.Doom.Trojan-2″ disabled=no
0 i5 H5 R0 }2 l$ z) uadd chain=virus protocol=tcp dst-port=3700 action=drop \2 s# q9 x4 ^* e% H* _9 z* H/ K
comment=”Portal.of.Doom.Trojan-3″ disabled=no' p, O( u6 `& t
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \5 E! ], l0 G4 B; J( T3 K# s
comment=”Portal.of.Doom.Trojan-4″ disabled=no+ A  M8 K# Z) T( X! z9 z
add chain=virus protocol=tcp dst-port=6883 action=drop \
7 E$ [; q. o: \4 Ecomment=”Delta.Source.Trojan-1″ disabled=no
7 ?: V( z) ?# O3 |5 j+ Madd chain=virus protocol=tcp dst-port=26274 action=drop \
9 a0 s  A  y: h7 Pcomment=”Delta.Source.Trojan-2″ disabled=no$ g+ k% Q0 i% o* _9 h& T7 z
add chain=virus protocol=tcp dst-port=4444 action=drop \+ O  W+ s4 Z% v$ t
comment=”Delta.Source.Trojan-3″ disabled=no
" a: r) d- u" d/ O0 i" sadd chain=virus protocol=tcp dst-port=47262 action=drop \/ s# G/ ~/ `+ [( d) c
comment=”Delta.Source.Trojan-4″ disabled=no( t% B# |" p; `% A; P
add chain=virus protocol=tcp dst-port=3791 action=drop \
! q# t0 w. X: a8 N7 }% q. Dcomment=”Eclypse.Trojan-1″ disabled=no
) V5 o- c" B. A4 Eadd chain=virus protocol=tcp dst-port=3801 action=drop \/ I* N( [: f* {% `# F% j, z* M
comment=”Eclypse.Trojan-2″ disabled=no8 @$ C8 q4 d. Q9 c  H& h! p. ~
add chain=virus protocol=tcp dst-port=65390 action=drop \
. e) \, p* P1 N. G% I) r8 F  @: dcomment=”Eclypse.Trojan-3″ disabled=no
+ M7 |7 u# |8 X2 }) Oadd chain=virus protocol=tcp dst-port=5880-5882 action=drop \: q6 K* o$ S! M# v/ `/ ~+ P6 g
comment=”Y3K.RAT.Trojan-1″ disabled=no
9 g' ~1 Z, S- P0 f( o& Dadd chain=virus protocol=tcp dst-port=5888-5889 action=drop \
. H4 P- \& f6 Bcomment=”Y3K.RAT.Trojan-2″ disabled=no) y( X0 c0 }$ D% C
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
1 o3 I- D7 x6 u; F7 ccomment=”NetSphere.Trojan-1″ disabled=no. T( X8 o  L5 S' a9 i5 g$ e  R
add chain=virus protocol=tcp dst-port=30133 action=drop \
0 B0 Z- b, e9 ]comment=”NetSphere.Trojan-2″ disabled=no, ^. m' p* Z0 I
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
4 G% ~  ]6 ^7 O% S+ P+ S7 jcomment=”NetMonitor.Trojan-1″ disabled=no
7 F$ q* }$ \5 i" }3 ^add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
& S0 z) z+ @7 S! ?comment=”NetMonitor.Trojan-2″ disabled=no
: i  M+ b* p0 l1 w& p. A. b" d3 Z( Sadd chain=virus protocol=tcp dst-port=79 action=drop \" A8 Z7 S% |# i+ H" ~6 ~) w8 e
comment=”FireHotcker.Trojan-1″ disabled=no
. w3 q, C! ?6 f9 p  Xadd chain=virus protocol=tcp dst-port=5031 action=drop \
# l: Z+ r! K6 ]0 ^comment=”FireHotcker.Trojan-2″ disabled=no
% F" z* y# l) }: q% Y5 _- {add chain=virus protocol=tcp dst-port=5321 action=drop \
7 o" {/ z. L' X* K2 y) e& d5 Ucomment=”FireHotcker.Trojan-3″ disabled=no
2 z( Y  r/ F: badd chain=virus protocol=tcp dst-port=6400 action=drop \  D  p8 C9 n* _
comment=”TheThing.Trojan-1″ disabled=no
5 J: \7 K1 |9 p! Iadd chain=virus protocol=tcp dst-port=7777 action=drop \3 g  r( A' R7 x9 I4 G* I  r
comment=”TheThing.Trojan-2″ disabled=no
& O0 W! B8 F: l4 hadd chain=virus protocol=tcp dst-port=1047 action=drop \' q( U, y  ^0 k- N5 s7 y
comment=”GateCrasher.Trojan-1″ disabled=no
+ n% N0 l6 q: M0 q1 dadd chain=virus protocol=tcp dst-port=6969-6970 action=drop \
$ G- w* m1 e3 q: k5 y) }' }comment=”GateCrasher.Trojan-2″ disabled=no
& n  w, a3 F; m. o% badd chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \" j8 e# H( x' }& M9 B# P
disabled=no
% C; A) i/ v+ z3 h& e1 S* \add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \/ W6 \- g8 Y# R1 c0 `) n8 g
disabled=no
- S" I5 d  e  d" G$ tadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \% G/ o9 U/ v3 D/ Y# b1 o
disabled=no
" P0 |$ U# g4 N( eadd chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \: _8 w7 k2 M2 h! ~! ~0 x
disabled=no9 M) H% N8 a1 N1 n, Z- N. b
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
! y' X1 m! Z2 g& Q/ vcomment=”SubSeven-5″ disabled=no. i- p) Q, F2 {* m! e0 H
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \3 g2 \6 w# L+ R: t
disabled=no; w& V0 A* B, l# }! ^/ p; a* v8 y5 l
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
: `9 j2 {" f  p0 z& J9 }comment=”Moonpie.Trojan-1″ disabled=no- W/ B- n. ]) B
add chain=virus protocol=tcp dst-port=25982 action=drop \) C' n3 R: }; K8 R& e
comment=”Moonpie.Trojan-2″ disabled=no
# x8 n& q! K9 p* D2 L9 c, tadd chain=virus protocol=tcp dst-port=31337-31339 action=drop \7 |8 }) m8 ~! v1 e
comment=”NetSpy.Trojan-3″ disabled=no
9 |% K# h1 G' tadd chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \; H5 z, O6 l8 Y4 s  n& ?) x/ ?. a
disabled=no
) r' k- C1 i- _8 k/ b. L0 Ladd chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \, H! q' A& B5 O8 k0 p: w: |
disabled=no
* x; l. S+ X- `0 i6 u5 V% A7 X2 Z, Tadd chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \( i6 P# W+ k3 C0 V
disabled=no
2 }0 q6 U, v3 m" zadd chain=virus protocol=tcp dst-port=19191 action=drop \+ [; ~) n6 ^4 F6 s/ {" f+ ^' z, M$ b
comment=”Trojan.NianSeHoYian” disabled=no
  [& P* Q  c0 b- T' D4 Fadd chain=virus protocol=tcp dst-port=23444-23445 action=drop \: x( ~4 s% T# j7 `9 [7 l; P
comment=”NetBull.Trojan” disabled=no
+ C! O% p3 ]% f' Fadd chain=virus protocol=tcp dst-port=2583 action=drop \3 G- j& ]  j4 X$ N0 O
comment=”WinCrash.Trojan-1″ disabled=no# `- K+ r8 h+ s8 E5 g8 U: F
add chain=virus protocol=tcp dst-port=3024 action=drop \
, D$ _& J$ P' S; V: a5 c3 Xcomment=”WinCrash.Trojan-2″ disabled=no& }2 @% \% A  r7 g
add chain=virus protocol=tcp dst-port=4092 action=drop \
8 R3 H0 ?. t. F# W5 p5 [# J, J# Pcomment=”WinCrash.Trojan-3″ disabled=no
4 z) M8 P  A; ~  o' Y! cadd chain=virus protocol=tcp dst-port=5714 action=drop \
6 ]$ q5 l( K( S( |; tcomment=”WinCrash.Trojan-4″ disabled=no
: J- I  F: w6 b# P5 k( b* d" n2 G$ t2 R
/ x$ \* S3 O4 a" j3 K8 `

主题

好友

566

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \0 i/ E, g" T- z) I( c1 H0 C
comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no2 v, d3 i; d& B9 U% R3 c( h0 r
add chain=virus protocol=tcp dst-port=1015 action=drop \8 [! i& q. A- ]$ R, P. M  t
comment=”Doly1.0/1.35/1.5trojan-2″ disabled=no3 v& \$ i1 t( O6 Y+ @
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
) |/ ~- T3 z7 m2 Fcomment=”TransScout.Trojan-1″ disabled=no
. Z2 H# m  L# s6 Eadd chain=virus protocol=tcp dst-port=9878 action=drop \
1 v, b  h, w" M4 y2 }+ l# Lcomment=”TransScout.Trojan-2″ disabled=no. G; N( a. r* X
add chain=virus protocol=tcp dst-port=2773 action=drop \
2 R- q+ v* i5 Q- [comment=”Backdoor.YAI..Trojan-1″ disabled=no. a* j' |6 Q( {: n
add chain=virus protocol=tcp dst-port=7215 action=drop \
: H) I8 Y0 H% u' k' p* zcomment=”Backdoor.YAI.Trojan-2″ disabled=no
( l, n$ G' ^1 O- Vadd chain=virus protocol=tcp dst-port=54283 action=drop \& w  v) @; m; K) K- Y. n) h
comment=”Backdoor.YAI.Trojan-3″ disabled=no
6 c; ?' ^  E% Z1 C7 b3 {add chain=virus protocol=tcp dst-port=1003 action=drop \7 z) s$ b' l1 O' O7 t* o1 y4 _
comment=”BackDoorTrojan-1″ disabled=no
) K  I, V5 \  c; e* F% }( radd chain=virus protocol=tcp dst-port=5598 action=drop \1 F* ^4 e% w9 j9 O2 O
comment=”BackDoorTrojan-2″ disabled=no
; z6 M) e) z1 f6 l" S" u% H+ q0 h1 Aadd chain=virus protocol=tcp dst-port=5698 action=drop \
7 s, ]  R& m1 z' B- x  q, Hcomment=”BackDoorTrojan-3″ disabled=no; y# b# J- K9 @- U0 M* T
add chain=virus protocol=tcp dst-port=31554 action=drop \
3 v5 T/ J9 r5 P, B  d* g  F; icomment=”SchainwindlerTrojan-2″ disabled=no
& `4 Y) U+ @4 @1 B+ I. padd chain=virus protocol=tcp dst-port=18753 action=drop \5 J* U! R* Q% i) H+ a
comment=”Shaft.DDoS.Trojan-1″ disabled=no' X8 \: U& e& ]* Q
add chain=virus protocol=tcp dst-port=20432 action=drop \
' V/ m3 u9 C1 d% ycomment=”Shaft.DDoS.Trojan-2″ disabled=no% K( O3 b4 u. }4 O" ~. h
add chain=virus protocol=tcp dst-port=65000 action=drop \
3 U( Q; E- g5 y% [comment=”Devil.DDoS.Trojan” disabled=no
  r7 j! O+ m( E, a( kadd chain=virus protocol=tcp dst-port=11831 action=drop \
. }6 g( q  w  s$ rcomment=”LatinusTrojan-1″ disabled=no1 @) Y( \3 O. |7 B' C# @
add chain=virus protocol=tcp dst-port=29559 action=drop \
4 K5 y: }0 V( p9 d1 ?6 ]comment=”LatinusTrojan-2″ disabled=no+ y3 m  H" {6 x3 N
add chain=virus protocol=tcp dst-port=1784 action=drop \
4 G2 z+ {& W. x9 b" ]% O. Ocomment=”Snid.X2Trojan-1″ disabled=no! i! q( ^# X8 A, n" D2 V; m
add chain=virus protocol=tcp dst-port=3586 action=drop \
1 w4 e% ]( y6 ~4 e% m0 ]9 g) vcomment=”Snid.X2Trojan-2″ disabled=no
4 g# W7 T& e8 Q0 yadd chain=virus protocol=tcp dst-port=7609 action=drop \
/ c1 z- ^1 i6 Z% w) Ocomment=”Snid.X2Trojan-3″ disabled=no
) Z( h. M- I1 `( y: p. A# eadd chain=virus protocol=tcp dst-port=12348-12349 action=drop \1 ]! ?7 P9 m( J. s2 h
comment=”BionetTrojan-1″ disabled=no% I0 D. o3 {4 \  l& Z9 _
add chain=virus protocol=tcp dst-port=12478 action=drop \
- s0 ~+ }9 V" L& S, bcomment=”BionetTrojan-2″ disabled=no
* r" I. h! U9 Wadd chain=virus protocol=tcp dst-port=57922 action=drop \3 n) l/ [3 v* l# K$ ?. h
comment=”BionetTrojan-3″ disabled=no6 D9 w) k6 E% d& [8 L/ m, k
add chain=virus protocol=tcp dst-port=3127 action=drop \  y8 T* k; z" R# o: Y$ u
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
8 o6 L3 P" a1 V7 e: aadd chain=virus protocol=tcp dst-port=6777 action=drop \: t, f6 y7 `3 h/ C$ {  f+ [8 o. u" n
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no
) _/ ~& |. ~+ _$ A  w! `add chain=virus protocol=tcp dst-port=8866 action=drop \% Y+ l4 X2 [1 e5 ^+ G& H
comment=”Worm.BBeagle.b” disabled=no) G% Q( P  d  D* u: [( i
add chain=virus protocol=tcp dst-port=2745 action=drop \, r4 Z+ \! V! u+ @0 Q
comment=”Worm.BBeagle.c-g/j-l” disabled=no
% O& \' s1 X! L- j' l- I( zadd chain=virus protocol=tcp dst-port=2556 action=drop \& `7 v' P1 G+ _$ X! l" @3 Y% Y
comment=”Worm.BBeagle.p/q/r/n” disabled=no
* f  A, k' {0 j/ u7 |add chain=virus protocol=tcp dst-port=20742 action=drop \0 [, y% ?& \1 |7 ~3 I
comment=”Worm.BBEagle.m-2″ disabled=no  d3 T, ~* ^- H/ M7 z
add chain=virus protocol=tcp dst-port=4751 action=drop \& E' d" M! V( |3 e  u/ ~
comment=”Worm.BBeagle.s/t/u/v” disabled=no
, u) v! t, |( E! ladd chain=virus protocol=tcp dst-port=2535 action=drop \
' q! P8 f% v4 s; [comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
, [$ e' O  x; F& x5 Padd chain=virus protocol=tcp dst-port=5238 action=drop \3 w1 }2 u5 {* B9 g' A6 `, U# \1 Z
comment=”Worm.LovGate.r.RpcExploit” disabled=no
9 n; w" i( b0 b% Y/ f4 ^) z! Tadd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \) z& }! t- e- i3 t2 z
disabled=no" _: S, Y9 [, z
add chain=virus protocol=tcp dst-port=5554 action=drop \" N. h5 L9 l$ G+ g5 j  ?
comment=”Worm.Sasser.b/c/f” disabled=no
3 R- o  X+ e& e* H6 kadd chain=virus protocol=tcp dst-port=9996 action=drop \2 K) \& v' G# V8 D, @/ L5 y
comment=”Worm.Sasser.b/c/f” disabled=no3 T! E: l( l0 V8 o8 l
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
# I$ ~4 V4 Q. E6 q  {. i6 Idisabled=no/ u: \3 @6 U2 W+ i: d4 L
add chain=virus protocol=tcp dst-port=10168 action=drop \
6 J' y& x5 u. E; @  s3 R- tcomment=”Worm.Lovgate.a/b/c/d” disabled=no- ^. ]0 ]2 n8 W' n$ F
add chain=virus protocol=tcp dst-port=20808 action=drop \
# G, _8 L7 m+ ~1 M& Z* b8 l) w6 }comment=”Worm.Lovgate.v.QQ” disabled=no# s$ j3 J$ r2 f' R7 [
add chain=virus protocol=tcp dst-port=1092 action=drop \* c3 u- v4 D: M- d& t3 _
comment=”Worm.Lovgate.f/g” disabled=no6 n" Y+ u8 o% K& v8 P( E. l: f
add chain=virus protocol=tcp dst-port=20168 action=drop \
# O" M' i; z( h/ P6 ?6 qcomment=”Worm.Lovgate.f/g” disabled=no' a% D& S( V: N8 Y  g3 p0 I$ T
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \
8 E' I4 I& N" R6 K7 [/ ucomment=”ndm.requester” disabled=no
) o& l0 t' L; v6 ~2 madd chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \# k# }9 i- v) y; ^( R
disabled=no+ C  Z7 g& T% ]% s$ l/ T
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
, |. ]$ R2 p* \; F) p9 |3 k6 f6 ndisabled=no
/ a! E; d' m. A! tadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
, ?: J4 R- ^" J) U+ ~disabled=no
* W2 G! f; T+ d3 K# {0 g4 oadd chain=virus protocol=tcp dst-port=3410 action=drop \
4 O% y; I+ k  J/ Y/ L8 y$ ucomment=”Backdoor.Optixprotocol” disabled=no8 L2 o3 ^" l6 [$ t$ L$ @; z
add chain=virus protocol=tcp dst-port=8888 action=drop \
" g; L+ l/ }! }7 G. ^4 s7 d3 w' Xcomment=”Worm.BBeagle.b” disabled=no; i; b5 i1 Y" i0 ~
add chain=virus protocol=udp dst-port=44444 action=drop \
3 ]0 n7 w8 d' @" W+ Y$ Ccomment=”Delta.Source.Trojan-7″ disabled=no, b8 c, C8 T5 h' L* N
add chain=virus protocol=udp dst-port=8998 action=drop \: w' }+ ~  J- t3 T# [( @
comment=”Worm.Sobig.f-3″ disabled=no
' q' _* K4 i: i- cadd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \2 c* T& B: y$ X" z, O, }
disabled=no
, n$ u+ q8 w7 H& e# D+ Sadd chain=virus protocol=tcp dst-port=3198 action=drop \
: V2 q9 {( r7 y7 j+ x0 A/ H& Z; {comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no% I  N, K3 X9 m/ f# h
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \& s  u* T4 N6 z
Worm” disabled=no
% X4 W* K( R. |" E2 C2 F6 p. Ladd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \: e# X' S  V( r$ g2 H
Worm” disabled=no
9 h- e! n/ E# Q' N6 N$ N  n6 Nadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \! g* a+ t! Y+ R! I
Worm” disabled=no' Q6 ]- _" a6 s# L
/ ip firewall connection tracking
  p  F, \# V  O+ p( L8 ?+ l) m5 B3 zset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \/ S8 K- S6 s  _# }8 m, C1 _/ U3 O
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
/ M7 ^* x* |, ]9 htcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
2 R: e% R& T* U! j" D- K+ @4 o: _& x2 Dtcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \. o& N4 `' I, K5 ~0 d0 `
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
' Y; K7 M+ {, A0 ctcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-2-27 21:33

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表