查看: 417|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
Anywlan微信公众号
/ ip firewall filter
1 [, `: w- T0 Tadd chain=input connection-state=invalid action=drop \! k* A2 A6 M7 L% V) {
comment=”丢弃非法连接packets” disabled=no$ i0 W0 b# ?0 x9 M% q& M" n6 R
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
+ G) ?( F# N( Mcomment=”限制总http连接数为90″ disabled=no
" g% c9 w- A1 [- j0 sadd chain=input protocol=tcp psd=21,3s,3,1 action=drop \; o7 K4 b3 w  ~" P9 \
comment=”探测并丢弃端口扫描连接” disabled=no
+ s- _) r( k: Fadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
# U, ~1 v. X3 @2 L* gaction=tarpit comment=”压制DoS攻击” disabled=no
3 I& Z6 ]4 X; a' D4 uadd chain=input protocol=tcp connection-limit=10,32 \9 ?6 Y# J7 R! j& N$ @  z
action=add-src-to-address-list address-list=black_list \  r  U% `. `& J: S: \
address-list-timeout=1d comment=”探测DoS攻击” disabled=no% }8 O! A( Z7 @* x  x; |
add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \3 o4 Y7 M( n, p- b2 O5 u5 B
disabled=no6 C- I* [! [4 v3 J" o- b
add chain=input src-address-type=!unicast action=drop \5 g5 b! f. I1 J
comment=”丢弃掉所有非单播数据” disabled=no# G. w  I2 c; z6 h! M
add chain=input protocol=icmp action=jump jump-target=ICMP \
: S/ A+ r2 K3 v8 o, z( u& vcomment=”跳转到ICMP链表” disabled=no
; y) D" G: z# X) iadd chain=input protocol=tcp action=jump jump-target=virus \
% J/ m$ c! A% Z4 qcomment=”跳转到病毒链表” disabled=no' M0 N% \6 H5 e, q- y; ^6 P
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \( I) S! F8 X# y' O
comment=”Ping应答限制为每秒5个包” disabled=no- G. A% g1 |8 O
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
5 p$ d5 a* ~1 t) Z( Ocomment=”Traceroute限制为每秒5个包” disabled=no! v# ]/ `3 Q& U$ T
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \$ N9 U8 s- E+ A4 y( I; k7 R
comment=”MTU线路探测限制为每秒5个包” disabled=no
( k6 ~% \& ~, s! ]/ \0 ladd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
/ K4 }: m! j. Qcomment=”Ping请求限制为每秒5个包” disabled=no
- D' F& f, Y! j. ]7 a3 V5 T4 Zadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
2 I3 }9 C! I* [) Fcomment=”Trace TTL限制为每秒5个包” disabled=no
1 q! p' x' U* Jadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
% j7 M0 Q) G. ydisabled=no
! P* l8 c4 v3 x0 H) @add chain=forward connection-state=established action=accept \
% o! S' Z3 q* E, K: ]5 [& Ncomment=”接受以连接的数据包” disabled=no5 S: K( R/ d) }5 f) B
add chain=forward connection-state=related action=accept \( u  b- k) P% Z3 D: S5 `* m$ S
comment=”接受相关数据包” disabled=no
3 P0 q: @- Q% D+ g- |add chain=forward connection-state=invalid action=drop \
% ?. c8 V9 {; t. X3 s; o+ h+ k' H- D$ Kcomment=”丢弃非法数据包” disabled=no
: X+ d" f4 Z" q% iadd chain=forward protocol=tcp connection-limit=50,32 action=drop \
- s) w4 p# k5 \2 ], I6 gcomment=”限制每个主机TCP连接数为50条” disabled=no
4 Z' Y, |9 i$ S/ ^, W. t6 ~add chain=forward src-address-type=!unicast action=drop \' G6 n, ~' f: f9 ]0 C  d
comment=”丢弃掉所有非单播数据” disabled=no9 n' i5 W# s! j8 G3 B
add chain=forward protocol=icmp action=jump jump-target=ICMP \2 \  U4 |) W( ~8 Y7 S
comment=”跳转到ICMP链表” disabled=no, }* ?, Q% l% M. \
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \
' p' z$ J$ C7 D5 E% L/ wdisabled=no: }1 I3 a/ G% B& d0 d
add chain=virus protocol=tcp dst-port=41 action=drop \3 K# n1 H/ a" L8 m# ^$ ^  _
comment=”DeepThroat.Trojan-1″ disabled=no, J: @+ b% Q. ~
add chain=virus protocol=tcp dst-port=82 action=drop \
& S( y8 A. b) n) Y; qcomment=”Worm.NetSky.Y@mm” disabled=no, A' z" S6 R: @% h8 G& h6 n( I
add chain=virus protocol=tcp dst-port=113 action=drop \. F9 n; E: @; \/ o1 N
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no7 X7 j* a* o. M* f
add chain=virus protocol=tcp dst-port=2041 action=drop \
% U2 [9 e3 ^* r* y% @7 D7 ]) ccomment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no- f% t  ~6 p7 ?3 g, |/ v
add chain=virus protocol=tcp dst-port=3150 action=drop \
( u7 S, u: m: ^5 V# R, C  bcomment=”DeepThroat.Trojan-2″ disabled=no, G1 w% ?& J1 ?6 N; k
add chain=virus protocol=tcp dst-port=3067 action=drop \, \6 G! p& H' P9 q. J  v
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
- ], |5 X4 S+ N1 J+ U, uadd chain=virus protocol=tcp dst-port=3422 action=drop \& Y) G: z) U- k0 o1 b- Y
comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
6 |- l$ g3 C: X- L2 h1 Sadd chain=virus protocol=tcp dst-port=6667 action=drop \( ^$ q1 h! i- M7 o1 U4 q
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
4 G" D9 E" N& a: J; Vadd chain=virus protocol=tcp dst-port=6789 action=drop \
, I0 h+ W( S" p0 d+ {comment=”Worm.NetSky.S/T/U@mm” disabled=no
( E+ O- @9 a, ^& j+ `6 U8 d( zadd chain=virus protocol=tcp dst-port=8787 action=drop \# w1 Y  [. q3 i/ `! V% y8 |$ m3 M
comment=”Back.Orifice.2000.Trojan-1″ disabled=no9 [) w, Z. `! A) O/ u0 q
add chain=virus protocol=tcp dst-port=8879 action=drop \
; h5 p* ~' Z3 w$ l* u) ccomment=”Back.Orifice.2000.Trojan-2″ disabled=no
! y! F, E; h/ X' B# r  i# s& nadd chain=virus protocol=tcp dst-port=8967 action=drop \
: P7 R; o. s  @1 acomment=”W32.Dabber.A/B-2″ disabled=no
4 ?* l- k0 u& V+ `& jadd chain=virus protocol=tcp dst-port=9999 action=drop \9 W, H- r6 I+ ?$ ?
comment=”W32.Dabber.A/B-3″ disabled=no
  d" D! X; w1 {! C# [$ Uadd chain=virus protocol=tcp dst-port=20034 action=drop \
$ S) V* I8 U- C3 `3 L. Ncomment=”Block.NetBus.Trojan-2″ disabled=no7 J4 v" g5 x) C" ^/ f" d! y
add chain=virus protocol=tcp dst-port=21554 action=drop \7 o: N/ \# t: x) S- Y7 n
comment=”GirlFriend.Trojan-1″ disabled=no
+ k2 J3 E9 E( U% ?, k9 m7 iadd chain=virus protocol=tcp dst-port=31666 action=drop \
# n# y9 q( D9 b6 z% u6 c2 icomment=”Back.Orifice.2000.Trojan-3″ disabled=no& V" h; p% \# `! I1 F& }6 N, Q
add chain=virus protocol=tcp dst-port=43958 action=drop \
0 w! y. X% q( C5 ocomment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no& x: M* i( M4 k% Y5 d/ i) Y$ [* z
add chain=virus protocol=tcp dst-port=999 action=drop \- ~2 a  ]8 H" y2 v
comment=”DeepThroat.Trojan-3″ disabled=no% v! z$ j0 U; D6 d7 a( b
add chain=virus protocol=tcp dst-port=6670 action=drop \- X; p3 s/ v: w; R! u6 A
comment=”DeepThroat.Trojan-4″ disabled=no2 U: j; T3 y8 y0 q7 F, J
add chain=virus protocol=tcp dst-port=6771 action=drop \
2 F! k9 L% {3 W: l3 Jcomment=”DeepThroat.Trojan-5″ disabled=no; E& A7 S9 E5 c4 H, w  Z
add chain=virus protocol=tcp dst-port=60000 action=drop \
9 Q3 L# ~7 h: L. T! {5 gcomment=”DeepThroat.Trojan-6″ disabled=no
+ @! Z8 R* ]% [: i" M7 Aadd chain=virus protocol=tcp dst-port=2140 action=drop \
+ L# F/ y& t: r+ T  z4 l- b* icomment=”DeepThroat.Trojan-7″ disabled=no9 E+ R+ G2 H' P6 f6 O
add chain=virus protocol=tcp dst-port=10067 action=drop \
+ A" U! d  ?6 H  q  ^! Q/ ncomment=”Portal.of.Doom.Trojan-1″ disabled=no
; Z& `' f6 Q4 D" g4 F& Q6 Badd chain=virus protocol=tcp dst-port=10167 action=drop \1 }1 {: w" r$ e5 a! f: s+ _. C
comment=”Portal.of.Doom.Trojan-2″ disabled=no* y0 V1 I0 r2 @9 T$ z
add chain=virus protocol=tcp dst-port=3700 action=drop \! Z& h4 h9 i8 Y9 X; o; \
comment=”Portal.of.Doom.Trojan-3″ disabled=no
  U( l* C9 I. b5 T) p# \" n4 C/ zadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \# V' P4 k: n. ?
comment=”Portal.of.Doom.Trojan-4″ disabled=no( X2 _$ s" o$ }& w$ y
add chain=virus protocol=tcp dst-port=6883 action=drop \# ~( i3 x- j, d+ V! O
comment=”Delta.Source.Trojan-1″ disabled=no& I; o1 L/ ?$ |3 \+ T" x
add chain=virus protocol=tcp dst-port=26274 action=drop \- F4 }# q* u. q! s, P
comment=”Delta.Source.Trojan-2″ disabled=no( q; ]3 b7 ~7 M) G" M- A9 Z& _* ^+ |
add chain=virus protocol=tcp dst-port=4444 action=drop \
) z( R3 M- f$ E9 U4 @; Gcomment=”Delta.Source.Trojan-3″ disabled=no
% w5 Q, z5 I% Z8 O# dadd chain=virus protocol=tcp dst-port=47262 action=drop \
5 }( A' z% g0 W0 kcomment=”Delta.Source.Trojan-4″ disabled=no% |. {( O( w! h& a- S! D
add chain=virus protocol=tcp dst-port=3791 action=drop \
( J/ F: o& @: tcomment=”Eclypse.Trojan-1″ disabled=no
1 z/ d0 z: ?& f4 M1 Q9 N; Oadd chain=virus protocol=tcp dst-port=3801 action=drop \4 r) w$ r+ R7 W0 v
comment=”Eclypse.Trojan-2″ disabled=no
, U9 ^& Z5 v) G- Y2 ^) N' C  nadd chain=virus protocol=tcp dst-port=65390 action=drop \  N3 }) s- N! a; G) M8 I+ E
comment=”Eclypse.Trojan-3″ disabled=no
$ H9 e4 S1 t# a2 x$ j7 B7 v+ p1 cadd chain=virus protocol=tcp dst-port=5880-5882 action=drop \5 B) c0 g) d7 I
comment=”Y3K.RAT.Trojan-1″ disabled=no% Q  O9 u! ]/ q! Y
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
/ h* q% U. n9 @7 S  w9 `% h7 @comment=”Y3K.RAT.Trojan-2″ disabled=no
( h! e  g! l8 o  |add chain=virus protocol=tcp dst-port=30100-30103 action=drop \( \9 j0 i7 j$ }' p! W* T- \" G6 ]
comment=”NetSphere.Trojan-1″ disabled=no. }! P3 F! ^  [
add chain=virus protocol=tcp dst-port=30133 action=drop \2 ^9 r; A4 l" b0 H+ C- j
comment=”NetSphere.Trojan-2″ disabled=no2 s; d2 B3 O5 ~9 y) k" w
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \7 l* G7 x/ e+ ]9 I
comment=”NetMonitor.Trojan-1″ disabled=no  W- L4 A+ l$ U; U# P3 V$ A& w
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
4 [, E* e3 k8 s$ O) {3 Dcomment=”NetMonitor.Trojan-2″ disabled=no
0 x; q" a& k7 K/ {6 O1 radd chain=virus protocol=tcp dst-port=79 action=drop \1 n. I; h# W6 Y0 q
comment=”FireHotcker.Trojan-1″ disabled=no- q+ @+ X/ V+ x9 }  H( O
add chain=virus protocol=tcp dst-port=5031 action=drop \
* U- h; |2 p( Q- ]comment=”FireHotcker.Trojan-2″ disabled=no1 [8 g. @/ }0 n' h. s( O
add chain=virus protocol=tcp dst-port=5321 action=drop \' A, j( _4 B: \" ?0 E( p
comment=”FireHotcker.Trojan-3″ disabled=no' a/ u6 I4 u5 k$ V% m3 i+ n
add chain=virus protocol=tcp dst-port=6400 action=drop \
& K: v- `1 ^, d6 _comment=”TheThing.Trojan-1″ disabled=no
8 S" R' L/ W( y+ i5 b: _% h+ qadd chain=virus protocol=tcp dst-port=7777 action=drop \# h! F  u- `9 w
comment=”TheThing.Trojan-2″ disabled=no$ U/ h8 O1 R4 e+ @- D( N: s4 m' J
add chain=virus protocol=tcp dst-port=1047 action=drop \
5 p. H$ F( Y% x( k- [, E2 |. k/ [comment=”GateCrasher.Trojan-1″ disabled=no
# {1 w1 S. V+ v  x& L. @0 Ladd chain=virus protocol=tcp dst-port=6969-6970 action=drop \8 I' ?$ V6 L- g5 w' L. f2 j4 r
comment=”GateCrasher.Trojan-2″ disabled=no
" j8 e$ O& v2 d, jadd chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \  p8 x  j- }) N7 G+ h# A, I
disabled=no' E( M/ |1 j9 I1 b, v2 t1 `+ a/ R
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
: e: g8 i, r, A- |, B( T  Hdisabled=no
, p( c4 h4 Q7 i) h; Y$ h2 ?7 Y; Y$ Padd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \3 A2 @, x! ^3 J1 p+ H, }
disabled=no
' o: {4 p2 Q3 c) ~add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \; M: m3 g8 r# l  W' _) r
disabled=no
1 D: o7 @/ T/ j/ ~0 p" r9 ?) madd chain=virus protocol=tcp dst-port=6711-6713 action=drop \
$ v- W( l: P: M' J( W+ A4 R7 ucomment=”SubSeven-5″ disabled=no( `* t3 R& Q3 C) t& O
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
$ `* V1 H, q" V: j; t1 Odisabled=no! M2 O( s7 C: x6 k: D( R
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \% O) g" Y6 z- b: O
comment=”Moonpie.Trojan-1″ disabled=no
7 h9 ?/ ~9 q# K; e; z, wadd chain=virus protocol=tcp dst-port=25982 action=drop \
, X& X) `% C3 M+ {* [1 Hcomment=”Moonpie.Trojan-2″ disabled=no7 N, p# K, [; b1 C1 r" \
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
* A6 `' Z: w0 J# mcomment=”NetSpy.Trojan-3″ disabled=no' o0 r4 o' _, X, n  X% m
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \4 i2 |$ |* c7 u
disabled=no7 I* j2 K. [0 l1 B9 D
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
. ~7 C$ h5 b& a9 Y. fdisabled=no6 r$ V3 C9 A: c' x5 i  P
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \+ L' M# I% d8 G" \
disabled=no
* d% v6 D1 r1 E5 I/ s7 s3 f9 Aadd chain=virus protocol=tcp dst-port=19191 action=drop \
8 m7 c( P8 D( D; X1 Mcomment=”Trojan.NianSeHoYian” disabled=no; `( b; |! l$ C! a5 {
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
/ M; w7 [# U# U( ocomment=”NetBull.Trojan” disabled=no
6 `8 f( ]9 I2 e4 ?4 k2 I" Dadd chain=virus protocol=tcp dst-port=2583 action=drop \  M$ C' i/ ~3 o4 _6 [- M4 E- V
comment=”WinCrash.Trojan-1″ disabled=no. G6 f: e8 {: f- |1 y& _/ k
add chain=virus protocol=tcp dst-port=3024 action=drop \# o( y& R/ t6 N/ D6 M7 E
comment=”WinCrash.Trojan-2″ disabled=no
$ f5 K+ s! s: j% vadd chain=virus protocol=tcp dst-port=4092 action=drop \
, L8 R/ k" c! ]2 q5 O+ ucomment=”WinCrash.Trojan-3″ disabled=no
: d2 `; }; T  d9 ]add chain=virus protocol=tcp dst-port=5714 action=drop \6 r3 m3 a" z+ U) V. j/ |
comment=”WinCrash.Trojan-4″ disabled=no
- H$ }( x  q) e- n; w; X7 Y" q: s9 u( W( @) Y
$ Z2 e9 g' D" T3 P

主题

好友

567

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
2 O& `. _' H+ a0 ~; ^comment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
6 ~7 }4 e; V3 k; E" j7 }( Qadd chain=virus protocol=tcp dst-port=1015 action=drop \
$ d# }4 S% N  mcomment=”Doly1.0/1.35/1.5trojan-2″ disabled=no- n" Z3 \) n1 V& u. I& j- w
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \$ h4 K" \( Y3 l4 i5 _7 H
comment=”TransScout.Trojan-1″ disabled=no
2 _2 F  X8 z) j7 A7 T' L# wadd chain=virus protocol=tcp dst-port=9878 action=drop \  o3 p% O4 }7 |1 G" ~
comment=”TransScout.Trojan-2″ disabled=no
+ J6 F+ ~) w8 k: Tadd chain=virus protocol=tcp dst-port=2773 action=drop \
6 c) e& k: q: ~( Wcomment=”Backdoor.YAI..Trojan-1″ disabled=no
' ]# r9 ~+ N( c2 Z% }. Sadd chain=virus protocol=tcp dst-port=7215 action=drop \( p) t$ O# A$ X# J/ r
comment=”Backdoor.YAI.Trojan-2″ disabled=no" b) o/ ]. V& h) p
add chain=virus protocol=tcp dst-port=54283 action=drop \* c% X1 m& X. J9 R
comment=”Backdoor.YAI.Trojan-3″ disabled=no
/ A& X3 e$ r* l+ a5 X6 G# v5 _9 B2 |) ]7 Hadd chain=virus protocol=tcp dst-port=1003 action=drop \% J( \" p; m4 I# l0 k
comment=”BackDoorTrojan-1″ disabled=no8 \0 A7 |0 E' |" Z/ Q
add chain=virus protocol=tcp dst-port=5598 action=drop \' C0 @" A5 H1 K0 w4 Z/ \
comment=”BackDoorTrojan-2″ disabled=no
2 j( R/ C3 j! I; J* tadd chain=virus protocol=tcp dst-port=5698 action=drop \- ~( e: a) X  L  g+ j$ v+ x9 \
comment=”BackDoorTrojan-3″ disabled=no
3 \, s% I, r# `( J7 b- l  f( Xadd chain=virus protocol=tcp dst-port=31554 action=drop \/ H* J( y" Z2 S5 r7 I4 |) [( _& l
comment=”SchainwindlerTrojan-2″ disabled=no
% ^' U. z+ h0 s/ J3 Nadd chain=virus protocol=tcp dst-port=18753 action=drop \3 t8 k7 g. ~5 {+ F9 Z+ I
comment=”Shaft.DDoS.Trojan-1″ disabled=no
. E+ m8 H8 w" ?add chain=virus protocol=tcp dst-port=20432 action=drop \* A$ V4 H4 f/ @9 |% R
comment=”Shaft.DDoS.Trojan-2″ disabled=no# ^  V3 d7 _/ e
add chain=virus protocol=tcp dst-port=65000 action=drop \
/ I: x4 ]6 ?" F: y& K5 D) t8 Hcomment=”Devil.DDoS.Trojan” disabled=no0 g& T- }9 O  ^* g2 m; g
add chain=virus protocol=tcp dst-port=11831 action=drop \
1 G0 F  |2 Y! j/ D3 dcomment=”LatinusTrojan-1″ disabled=no
; Z6 l% [9 w; {% Dadd chain=virus protocol=tcp dst-port=29559 action=drop \
9 a  V6 I/ ]# ?/ Y) E  Y' K' Ecomment=”LatinusTrojan-2″ disabled=no
2 o+ p" r& b/ d% d" X. E1 Qadd chain=virus protocol=tcp dst-port=1784 action=drop \0 {) O; L9 ~# P8 |
comment=”Snid.X2Trojan-1″ disabled=no
0 l! a6 |1 }4 A4 o/ K2 N2 @add chain=virus protocol=tcp dst-port=3586 action=drop \" U! S+ {& P$ Q* k" ~
comment=”Snid.X2Trojan-2″ disabled=no4 e3 w$ o, C8 h# D6 r" V; D" h* @
add chain=virus protocol=tcp dst-port=7609 action=drop \
$ }- m+ b( P% e6 _( Vcomment=”Snid.X2Trojan-3″ disabled=no
5 b, R9 J: m3 U3 i" [1 hadd chain=virus protocol=tcp dst-port=12348-12349 action=drop \
( J& a0 V9 G) u% J' ?+ zcomment=”BionetTrojan-1″ disabled=no
7 s  p' U$ u' [3 e% m4 e' Xadd chain=virus protocol=tcp dst-port=12478 action=drop \
1 e2 G5 E& {& M8 B/ ]$ C% E; u5 gcomment=”BionetTrojan-2″ disabled=no! N( Y" n. c, Z- y6 \  C6 U
add chain=virus protocol=tcp dst-port=57922 action=drop \# c; B& u' U0 N
comment=”BionetTrojan-3″ disabled=no6 a5 u# h) L& }' o# u+ v
add chain=virus protocol=tcp dst-port=3127 action=drop \( N: N( |; p' x) p. ]& }. x. e# L" U0 z
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
: N$ K* k0 Y  S' Y& k. ?$ kadd chain=virus protocol=tcp dst-port=6777 action=drop \
3 H: z' h* ~. J% I. hcomment=”Worm.BBeagle.a.Bagle.a.” disabled=no/ C& o/ q# n& N  j7 V$ w! b# H
add chain=virus protocol=tcp dst-port=8866 action=drop \' r$ x$ M1 a" f
comment=”Worm.BBeagle.b” disabled=no
: i4 Y3 C# z+ Jadd chain=virus protocol=tcp dst-port=2745 action=drop \
8 C* k$ c! D4 t- Ocomment=”Worm.BBeagle.c-g/j-l” disabled=no
: y+ D3 m, ^( K/ padd chain=virus protocol=tcp dst-port=2556 action=drop \
' t! A! A' K. H% xcomment=”Worm.BBeagle.p/q/r/n” disabled=no; @! @9 v8 g8 u' G
add chain=virus protocol=tcp dst-port=20742 action=drop \" \. I" W+ Q( |! r, p! K0 o
comment=”Worm.BBEagle.m-2″ disabled=no: J' y! l8 K2 |- H: n9 i
add chain=virus protocol=tcp dst-port=4751 action=drop \
7 [0 i3 y' C5 w4 \5 ^comment=”Worm.BBeagle.s/t/u/v” disabled=no
$ u8 S# Z- Q& L* l& m/ V! T6 Qadd chain=virus protocol=tcp dst-port=2535 action=drop \1 h) t: J+ F' |0 ^3 E
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
. k$ o2 z% H3 J, E9 z3 ]add chain=virus protocol=tcp dst-port=5238 action=drop \
" [7 p; S* V% ~/ f' Gcomment=”Worm.LovGate.r.RpcExploit” disabled=no
- A8 B2 d3 v- X8 P( Eadd chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \
% e- h6 v/ C4 C1 Gdisabled=no7 x: w" @) y5 V9 i& A* k* M0 T* i
add chain=virus protocol=tcp dst-port=5554 action=drop \
7 k$ k$ V$ g; G# N; `comment=”Worm.Sasser.b/c/f” disabled=no
! P- z4 y! T$ l4 padd chain=virus protocol=tcp dst-port=9996 action=drop \3 r2 Y4 r& E" z; t
comment=”Worm.Sasser.b/c/f” disabled=no
* X. ]4 o$ n  S9 d! }" wadd chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
* s/ _4 n7 D5 }# w4 Idisabled=no( X# f; b, \9 S0 E, u. \
add chain=virus protocol=tcp dst-port=10168 action=drop \; Z( r& W; F9 L; U4 Q0 _
comment=”Worm.Lovgate.a/b/c/d” disabled=no' k8 u) R  J& T
add chain=virus protocol=tcp dst-port=20808 action=drop \
5 p$ i) q# W: @, Ncomment=”Worm.Lovgate.v.QQ” disabled=no
# S" b/ K* c2 Q5 A3 F. A0 K' ladd chain=virus protocol=tcp dst-port=1092 action=drop \
& e' [  X$ E$ A+ |comment=”Worm.Lovgate.f/g” disabled=no0 ?; w0 Q7 ^' f
add chain=virus protocol=tcp dst-port=20168 action=drop \$ d8 t3 [  \' k6 r2 k' N! Q. z
comment=”Worm.Lovgate.f/g” disabled=no+ q0 G) k# q. \/ \  X* x
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \" |2 j8 r% }2 L0 x2 S+ P" k/ z7 s
comment=”ndm.requester” disabled=no
1 w: z: w  F3 {; `) G  xadd chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \! K2 r8 d8 Z' ~* u5 O( S
disabled=no
7 ^$ X1 c" R6 o! iadd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
' Y+ ^  `/ d! [* |$ Idisabled=no
' p! H. n  B& L$ n: Badd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
5 s$ w6 e# ?+ Vdisabled=no3 |  B1 ~0 D. {1 W
add chain=virus protocol=tcp dst-port=3410 action=drop \
0 e: S1 q6 N% r# e1 H  Q7 k9 zcomment=”Backdoor.Optixprotocol” disabled=no
) h% F; R* g' g( Q) }7 Cadd chain=virus protocol=tcp dst-port=8888 action=drop \
/ z8 X, v3 D; \# L' V# ~comment=”Worm.BBeagle.b” disabled=no& {: \" X( k. ^, P% F( j. `9 |
add chain=virus protocol=udp dst-port=44444 action=drop \
8 L! `0 N7 Q" Ycomment=”Delta.Source.Trojan-7″ disabled=no3 T8 \4 W% o4 ?8 F3 y
add chain=virus protocol=udp dst-port=8998 action=drop \& W- |. O) j0 v- Q7 W3 y5 ~! t* X2 g6 \1 W
comment=”Worm.Sobig.f-3″ disabled=no
6 l! ]& A) w$ H/ x0 Xadd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \- d+ [9 ?# Z4 N) p. s3 p- i. f; k5 B
disabled=no
2 o- K- o* A$ j: A- iadd chain=virus protocol=tcp dst-port=3198 action=drop \" \2 T- P) |9 J) d+ s3 [. [
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no, Y3 E% {0 z6 g' I& }
add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \  B/ V* ]. `, g5 d1 j  ~
Worm” disabled=no
2 R) V% ~; r& l: _1 G7 Badd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
2 V/ b  G! v3 ?9 FWorm” disabled=no
* d  {* P+ }/ {9 @9 s# z( `, x5 fadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
) ?; ^3 M' J' i3 j( i; X4 QWorm” disabled=no: V9 F' y" R8 u/ ^( ~, C
/ ip firewall connection tracking
; H$ j8 N4 y* vset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \- G8 M& }0 v. [1 K: n
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \; u. L) A9 c2 H$ a7 \' m* n4 t
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \8 M8 r1 J4 W9 F1 `4 g
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \) {7 v  N/ Q: E* i
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \7 \9 F. F0 O/ C, {) U# Y
tcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2017-4-25 08:44

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表