查看: 392|回复: 1

[RouterOS] ROS防火墙脚本

[复制链接]

主题

好友

562

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
TG-NET
Anywlan微信公众号
/ ip firewall filter
6 `. A( A+ B7 H1 B) M8 Qadd chain=input connection-state=invalid action=drop \
+ y/ R! \' T9 Mcomment=”丢弃非法连接packets” disabled=no
( O! P; {- R: y2 z& S9 Gadd chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
6 S7 N+ p/ O# k* y9 @# Ucomment=”限制总http连接数为90″ disabled=no( i# L* P. h# N
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
: s# R) |( w$ [1 u- l7 Ucomment=”探测并丢弃端口扫描连接” disabled=no
* R" Z! P8 v2 {6 \% b+ e; _add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
5 d( z0 ?0 g* naction=tarpit comment=”压制DoS攻击” disabled=no: ]+ G) u3 I+ `% t1 D; G
add chain=input protocol=tcp connection-limit=10,32 \2 W% c- t  b/ `  `4 _
action=add-src-to-address-list address-list=black_list \$ i, ]. {! N% E' z6 {9 I* K
address-list-timeout=1d comment=”探测DoS攻击” disabled=no
( C4 `' G4 i5 w! e4 c+ }add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \* f2 n- J  q2 H* O) ?# ~& }
disabled=no$ `0 R6 T( f! n6 v! z
add chain=input src-address-type=!unicast action=drop \2 v6 \% b6 u" t& i
comment=”丢弃掉所有非单播数据” disabled=no  y' L0 d9 r6 N: R1 z
add chain=input protocol=icmp action=jump jump-target=ICMP \
4 j7 Z- K, a5 v: v2 l( Kcomment=”跳转到ICMP链表” disabled=no
" F/ k- Y8 }) \8 C% I" Oadd chain=input protocol=tcp action=jump jump-target=virus \
7 w- C7 F! c5 a# P5 `. xcomment=”跳转到病毒链表” disabled=no
! T' u! z8 z) ?7 b! ~9 ~& madd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \  U! {/ r8 r/ A+ Y( r6 M2 ~/ v
comment=”Ping应答限制为每秒5个包” disabled=no9 [2 C9 w+ C$ i6 C( u9 c7 a. A
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
, g7 F3 g; S0 e. Icomment=”Traceroute限制为每秒5个包” disabled=no' M, @/ H1 V; u1 X" z: a
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \; `# N+ C. _# _3 {) W, K
comment=”MTU线路探测限制为每秒5个包” disabled=no. f5 d- g( }  N6 S
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
$ ]' v8 x6 N( @* K1 _8 Lcomment=”Ping请求限制为每秒5个包” disabled=no+ d6 V/ v, u7 g& G% U, O
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
5 ^  j8 a1 Q! F+ L, U) y9 ?comment=”Trace TTL限制为每秒5个包” disabled=no
* C3 ^) q2 n9 [' ~* eadd chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
8 K/ I+ @' X8 `9 H3 _  pdisabled=no7 P. e/ y9 z6 K4 K' W- Y( x
add chain=forward connection-state=established action=accept \
0 L  ~: A5 E7 @1 a. M7 ^5 j# B6 Gcomment=”接受以连接的数据包” disabled=no
8 r; M, r0 N1 Iadd chain=forward connection-state=related action=accept \
% }$ q$ y# K* ]; n% |1 s8 S6 i, Lcomment=”接受相关数据包” disabled=no
5 ?  n5 w3 s. y- tadd chain=forward connection-state=invalid action=drop \; P# ]$ w. C+ j2 M
comment=”丢弃非法数据包” disabled=no
& g- G1 q1 r9 ^* wadd chain=forward protocol=tcp connection-limit=50,32 action=drop \) x+ B: m& x0 S  A, |+ ]
comment=”限制每个主机TCP连接数为50条” disabled=no' G' v, f: k+ [! @. _
add chain=forward src-address-type=!unicast action=drop \. H% e$ }1 r6 t# g% S6 w* j
comment=”丢弃掉所有非单播数据” disabled=no* `& H) |: O6 o& U9 x$ s( c
add chain=forward protocol=icmp action=jump jump-target=ICMP \
  D& |) m  D" ]4 s! _- ~comment=”跳转到ICMP链表” disabled=no5 t3 c. s  e; o
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \
8 y" e" W$ e# N' f% Idisabled=no0 `$ H  X% o  b4 {4 Q2 f0 S/ V
add chain=virus protocol=tcp dst-port=41 action=drop \
; o4 g2 L' X9 L/ G: {# Xcomment=”DeepThroat.Trojan-1″ disabled=no6 E1 s  R) x4 ?: O- R/ d, p
add chain=virus protocol=tcp dst-port=82 action=drop \$ t/ ~- e2 T3 I' V  d
comment=”Worm.NetSky.Y@mm” disabled=no
# J, U' d* _. ^, `add chain=virus protocol=tcp dst-port=113 action=drop \; q3 t7 h5 e" ^/ \; r8 C& X* [8 s
comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no4 ~- _5 D; z$ h% C, {# ?
add chain=virus protocol=tcp dst-port=2041 action=drop \; m5 z" N+ y' t0 |( H
comment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no0 `# @$ F) `$ A5 t  \: F! p4 Q
add chain=virus protocol=tcp dst-port=3150 action=drop \
2 o- t# g' o, A8 E; f, N/ Ncomment=”DeepThroat.Trojan-2″ disabled=no/ x5 v( L' M: F. R* v- e( w2 Q
add chain=virus protocol=tcp dst-port=3067 action=drop \
( K1 M) W( E) p+ Acomment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no# |: s! a) ]8 ^& P
add chain=virus protocol=tcp dst-port=3422 action=drop \
! s, h% |: w$ k" |comment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no. o# z+ C  I( y! u$ b% }9 L' I$ [& Y
add chain=virus protocol=tcp dst-port=6667 action=drop \
4 o% X2 Y( U: a# p+ S9 g  V1 T, `comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no: R/ `, q. B* ~
add chain=virus protocol=tcp dst-port=6789 action=drop \% k6 q" ?) _% h5 M
comment=”Worm.NetSky.S/T/U@mm” disabled=no$ Q$ ^7 c9 b$ r9 y8 v9 C
add chain=virus protocol=tcp dst-port=8787 action=drop \
& P  `- e- {) j: D# F6 ecomment=”Back.Orifice.2000.Trojan-1″ disabled=no
  F+ l; r6 P5 G( V$ ^* ?  F7 Iadd chain=virus protocol=tcp dst-port=8879 action=drop \5 T( v, W8 Q; w. J0 F& m
comment=”Back.Orifice.2000.Trojan-2″ disabled=no8 N6 G5 Y! l/ ]$ S9 {7 Z3 b$ I# u2 ?
add chain=virus protocol=tcp dst-port=8967 action=drop \
" _. u4 m! A$ g1 l" \1 dcomment=”W32.Dabber.A/B-2″ disabled=no( ~3 _* E& {. O+ g  l7 C" P
add chain=virus protocol=tcp dst-port=9999 action=drop \7 F5 \! b& P! @0 j! N7 x
comment=”W32.Dabber.A/B-3″ disabled=no
- F4 {" o% R- n" t3 Zadd chain=virus protocol=tcp dst-port=20034 action=drop \
! }8 `2 E5 x/ r' h5 E$ wcomment=”Block.NetBus.Trojan-2″ disabled=no
- @8 c6 F" N# m, Z$ cadd chain=virus protocol=tcp dst-port=21554 action=drop \
7 S# i# G8 C% ]+ m# F8 D9 ~comment=”GirlFriend.Trojan-1″ disabled=no
; D; {; L1 t  S7 Y1 {  ]add chain=virus protocol=tcp dst-port=31666 action=drop \
( b+ c5 B7 M, `1 ucomment=”Back.Orifice.2000.Trojan-3″ disabled=no" G/ W( J7 }: D; m9 Q- }
add chain=virus protocol=tcp dst-port=43958 action=drop \5 R; ?( p" b# `- z
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no- N1 L3 O! m: |8 Z  |
add chain=virus protocol=tcp dst-port=999 action=drop \
0 k) ]8 f1 R/ A: V+ fcomment=”DeepThroat.Trojan-3″ disabled=no5 }; N4 Z5 U" H7 ^+ B
add chain=virus protocol=tcp dst-port=6670 action=drop \# |1 L4 ^% @1 T" m) v/ x6 p
comment=”DeepThroat.Trojan-4″ disabled=no
. t; O7 A. F3 e5 X; _add chain=virus protocol=tcp dst-port=6771 action=drop \2 {/ ]4 V$ j8 g( G; j( D: `7 D3 N
comment=”DeepThroat.Trojan-5″ disabled=no
# d! x, ]2 ]3 K( U, M! ~1 hadd chain=virus protocol=tcp dst-port=60000 action=drop \
- N* O6 K7 ^, O2 l+ z8 {. \comment=”DeepThroat.Trojan-6″ disabled=no& \# x4 _8 I2 N: _
add chain=virus protocol=tcp dst-port=2140 action=drop \4 \+ ?  E' ^) `: R8 c$ `
comment=”DeepThroat.Trojan-7″ disabled=no. b( i- N; g8 a+ k& m4 O9 v) O+ [
add chain=virus protocol=tcp dst-port=10067 action=drop \
% Z- D9 i7 X8 u0 O$ z0 Jcomment=”Portal.of.Doom.Trojan-1″ disabled=no3 U6 z# `4 r# m
add chain=virus protocol=tcp dst-port=10167 action=drop \
- O% ?% y& A7 _# Y1 Scomment=”Portal.of.Doom.Trojan-2″ disabled=no
# W3 E1 P! L- N' P" Dadd chain=virus protocol=tcp dst-port=3700 action=drop \
. X( S  ]( B4 n! H; z5 i5 @" Jcomment=”Portal.of.Doom.Trojan-3″ disabled=no
9 C+ D3 n' y. o% \1 kadd chain=virus protocol=tcp dst-port=9872-9875 action=drop \: I6 R6 n0 N0 }+ X( x; g
comment=”Portal.of.Doom.Trojan-4″ disabled=no6 Z8 p* v) Z2 M' |. k6 Z
add chain=virus protocol=tcp dst-port=6883 action=drop \
9 r9 |# G2 ]9 P9 k2 n9 |' vcomment=”Delta.Source.Trojan-1″ disabled=no' _' O1 ^3 B% m! _9 X, b4 @& w/ [
add chain=virus protocol=tcp dst-port=26274 action=drop \1 a! P2 N) L# ^9 X
comment=”Delta.Source.Trojan-2″ disabled=no
, ?0 [; B1 m  G3 u- Q# b# cadd chain=virus protocol=tcp dst-port=4444 action=drop \
/ G7 \3 V2 f: X# Jcomment=”Delta.Source.Trojan-3″ disabled=no
6 f! m3 z  w& F" s* |, y' }add chain=virus protocol=tcp dst-port=47262 action=drop \
+ m/ F, P  ?2 e( w! Ocomment=”Delta.Source.Trojan-4″ disabled=no
* `( M! ~& v4 S& {! Q0 Oadd chain=virus protocol=tcp dst-port=3791 action=drop \- c% p% h; E5 C, s8 H' n1 R9 `) e
comment=”Eclypse.Trojan-1″ disabled=no5 D5 g) Z9 W0 h* ]; n
add chain=virus protocol=tcp dst-port=3801 action=drop \
8 D  {3 u% D, G, q2 @# vcomment=”Eclypse.Trojan-2″ disabled=no/ q6 F- L5 E# g! \- _% k
add chain=virus protocol=tcp dst-port=65390 action=drop \
) t' \) R  s7 H! kcomment=”Eclypse.Trojan-3″ disabled=no9 d( r# u- \" D+ `9 J
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \( l' \: Y; A1 N- O6 M) @
comment=”Y3K.RAT.Trojan-1″ disabled=no7 X0 J9 f0 e8 v2 w$ P1 X) ?% R
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \% o, A2 |: G2 J' }  _# s
comment=”Y3K.RAT.Trojan-2″ disabled=no
# i9 c! o% w6 e- V* ~7 m; d2 J& Q0 Iadd chain=virus protocol=tcp dst-port=30100-30103 action=drop \
$ y+ G$ J* E2 s9 P  c' ucomment=”NetSphere.Trojan-1″ disabled=no
  g9 a) [2 J& {& N3 M9 Aadd chain=virus protocol=tcp dst-port=30133 action=drop \; {# e( D0 H) U3 \9 E. G
comment=”NetSphere.Trojan-2″ disabled=no' e3 Y- ]# U2 S( R
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \: ]: ~# W$ B7 s+ j2 `5 \6 p0 P
comment=”NetMonitor.Trojan-1″ disabled=no3 _7 y, ]4 X% I6 Y% q
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \8 a* \  c; d$ M- s
comment=”NetMonitor.Trojan-2″ disabled=no. N& j. K$ f$ G) t/ N
add chain=virus protocol=tcp dst-port=79 action=drop \4 `# n( ^+ v% S4 h: ^' n
comment=”FireHotcker.Trojan-1″ disabled=no
& S3 J0 ~" O$ H5 Sadd chain=virus protocol=tcp dst-port=5031 action=drop \' ^. ]7 u, _# {" T" l6 p* o4 q2 v) I
comment=”FireHotcker.Trojan-2″ disabled=no
" A+ W8 {7 W. k6 iadd chain=virus protocol=tcp dst-port=5321 action=drop \0 _# N- M# @" e$ ^* K6 B
comment=”FireHotcker.Trojan-3″ disabled=no. \! i; ]: e' d, L0 ~9 D
add chain=virus protocol=tcp dst-port=6400 action=drop \" V0 P9 _4 L+ }5 |
comment=”TheThing.Trojan-1″ disabled=no/ G5 d, B; q. |" Q1 I7 Z
add chain=virus protocol=tcp dst-port=7777 action=drop \
9 D/ P* a9 M$ R% f' q. jcomment=”TheThing.Trojan-2″ disabled=no7 O2 d2 U0 X* R! d' p; h
add chain=virus protocol=tcp dst-port=1047 action=drop \
3 F3 c- J6 K: m' |6 Y9 F7 gcomment=”GateCrasher.Trojan-1″ disabled=no
2 R8 O; p7 Z& k7 U1 Qadd chain=virus protocol=tcp dst-port=6969-6970 action=drop \
: h8 A- Q) e! R3 Vcomment=”GateCrasher.Trojan-2″ disabled=no$ k2 R* k) v" Q0 N
add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
; d- P% f& ^8 y& r% K0 ddisabled=no
  p; Y# |2 D. o& G8 ~) fadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
2 x2 y2 \8 E  e$ c5 O7 H: Ldisabled=no
+ H  {& W0 ]4 I) C2 k: g* hadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \+ C/ a1 H0 h8 F5 G& U
disabled=no
, ?$ u, h+ o6 c& W' m* P4 vadd chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
" C$ n6 l0 e/ Q5 D9 a2 R% q/ ldisabled=no
/ @3 @' R4 l; {+ R, kadd chain=virus protocol=tcp dst-port=6711-6713 action=drop \
5 ^7 j! t* m6 X" ccomment=”SubSeven-5″ disabled=no3 _( |' H4 s) Z% \; [3 W& n0 N
add chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \# B0 N3 [7 I6 O
disabled=no4 Y8 @& ~! G2 D2 N) N! a2 t
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \- s- ~$ e1 N7 D# T9 N8 z) F+ U6 I. m
comment=”Moonpie.Trojan-1″ disabled=no& D# P  H  h: Z' F8 [8 P
add chain=virus protocol=tcp dst-port=25982 action=drop \
0 }7 u% m- S) _2 Wcomment=”Moonpie.Trojan-2″ disabled=no' Z) S% l3 A3 }! X& @$ ]
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \4 c+ u6 v6 i( {) p% B7 a1 U# j
comment=”NetSpy.Trojan-3″ disabled=no. y) }5 ~' v- B2 s9 f
add chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \" c5 T; f$ T9 e, O/ s8 V
disabled=no
' E& V4 v& M, W4 C" u8 ]# ~8 S3 m/ Eadd chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
7 Q- P3 E8 w& {& }2 }1 I& Q  Mdisabled=no+ n) q/ K7 n( `( T
add chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \1 V0 Y) `+ @- w+ {( ]1 Q
disabled=no5 p) G3 A% |* c6 F% s/ r9 S# e. [
add chain=virus protocol=tcp dst-port=19191 action=drop \: O4 O3 A9 L, a" _  H0 k
comment=”Trojan.NianSeHoYian” disabled=no2 r! t2 r& G0 A( `
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \( ]7 L2 W' P/ w
comment=”NetBull.Trojan” disabled=no5 k8 F0 I: ^, M
add chain=virus protocol=tcp dst-port=2583 action=drop \
: [1 {! O  [) u, ]comment=”WinCrash.Trojan-1″ disabled=no
, i( O. R# }# d6 c' [; }9 N" Hadd chain=virus protocol=tcp dst-port=3024 action=drop \
# ]' J2 a5 S3 b4 ]' _1 Wcomment=”WinCrash.Trojan-2″ disabled=no- g+ U2 c2 Y7 J
add chain=virus protocol=tcp dst-port=4092 action=drop \
0 c1 }" y" g2 d" x3 z4 m0 ?: \' qcomment=”WinCrash.Trojan-3″ disabled=no  `: [8 \3 U( n; S
add chain=virus protocol=tcp dst-port=5714 action=drop \  T: A9 Q* m% X
comment=”WinCrash.Trojan-4″ disabled=no  `. e7 V8 Q8 ?7 o) {2 S

/ Q) I. y* j. N. n7 D/ }2 \! P8 w9 J% A: M) R& `$ k6 G

主题

好友

562

积分

中尉

签到天数: 35 天

[LV.5]常住居民I

发表于 2016-8-31 17:45 |显示全部楼层
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
- \/ E* L* u1 s1 y- F% E# D/ Scomment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
( f# K  c2 u9 {$ c' badd chain=virus protocol=tcp dst-port=1015 action=drop \
) n7 |$ [1 a+ S( U% }$ B# rcomment=”Doly1.0/1.35/1.5trojan-2″ disabled=no% Z2 H8 t/ H% F; Z0 ~
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \) S7 e/ q7 I6 N& r. d0 P+ @
comment=”TransScout.Trojan-1″ disabled=no
2 O; C6 W( l1 g6 V; W+ G. H) F/ Hadd chain=virus protocol=tcp dst-port=9878 action=drop \  F; W4 B( Y5 k; V7 _/ F0 O0 r
comment=”TransScout.Trojan-2″ disabled=no
( J! c7 o- F2 Zadd chain=virus protocol=tcp dst-port=2773 action=drop \
3 N* r- W3 f/ B% O. mcomment=”Backdoor.YAI..Trojan-1″ disabled=no
, X% I! S! d; Ladd chain=virus protocol=tcp dst-port=7215 action=drop \
# P  ~& x" V. J. F) Ocomment=”Backdoor.YAI.Trojan-2″ disabled=no  o3 r6 l# b" v. c  x
add chain=virus protocol=tcp dst-port=54283 action=drop \
. c3 B  N! {) n, N5 O9 Bcomment=”Backdoor.YAI.Trojan-3″ disabled=no) d) H" i' d0 i; ]
add chain=virus protocol=tcp dst-port=1003 action=drop \
6 \1 Z3 B, X: e- t5 _comment=”BackDoorTrojan-1″ disabled=no; @& j3 ?. @4 U. z' O* t2 D
add chain=virus protocol=tcp dst-port=5598 action=drop \- m# \1 O& G/ x* c
comment=”BackDoorTrojan-2″ disabled=no
* G" c$ K5 e+ g" iadd chain=virus protocol=tcp dst-port=5698 action=drop \
2 g7 w7 A4 r. P# bcomment=”BackDoorTrojan-3″ disabled=no3 o% c2 b4 N* X
add chain=virus protocol=tcp dst-port=31554 action=drop \
9 K, q3 K$ b) g& G. U& F5 s" qcomment=”SchainwindlerTrojan-2″ disabled=no* U8 ?- P$ q8 l
add chain=virus protocol=tcp dst-port=18753 action=drop \
1 M+ i" p3 i. F  w2 Dcomment=”Shaft.DDoS.Trojan-1″ disabled=no
# `- \3 W, w! iadd chain=virus protocol=tcp dst-port=20432 action=drop \
. I2 I  S0 d# H% acomment=”Shaft.DDoS.Trojan-2″ disabled=no* T7 O' N  Y6 ~6 @
add chain=virus protocol=tcp dst-port=65000 action=drop \% k/ }* V  {! O" X3 D5 W
comment=”Devil.DDoS.Trojan” disabled=no- D4 t* e0 Z3 K- P
add chain=virus protocol=tcp dst-port=11831 action=drop \  k. g' V# Z9 a
comment=”LatinusTrojan-1″ disabled=no3 c1 ~7 @6 k( i% M2 ~5 L* v. ^
add chain=virus protocol=tcp dst-port=29559 action=drop \- C, s4 b& \! L+ U1 Q
comment=”LatinusTrojan-2″ disabled=no
( L& d6 B: b* j3 D/ W9 ]: h" w0 yadd chain=virus protocol=tcp dst-port=1784 action=drop \
% @& w8 F8 \- f4 N% z6 {% Z2 K8 hcomment=”Snid.X2Trojan-1″ disabled=no9 r) \, Y- F# a' {
add chain=virus protocol=tcp dst-port=3586 action=drop \
+ G6 Y4 V+ s& J9 ]. M* Acomment=”Snid.X2Trojan-2″ disabled=no
3 H6 D6 y3 o5 y6 \' D* _* }% `/ _add chain=virus protocol=tcp dst-port=7609 action=drop \
8 q; x! M  d2 l- Vcomment=”Snid.X2Trojan-3″ disabled=no
* k/ ]; f+ G; I* x( Fadd chain=virus protocol=tcp dst-port=12348-12349 action=drop \9 k' c' e% X8 v2 M7 N
comment=”BionetTrojan-1″ disabled=no
) s' N* I6 p$ J& wadd chain=virus protocol=tcp dst-port=12478 action=drop \8 q! c6 t2 h2 M  H$ \- I- g3 k" c
comment=”BionetTrojan-2″ disabled=no8 e3 Q5 J; q0 B: Q
add chain=virus protocol=tcp dst-port=57922 action=drop \
! T7 z7 s, `7 B% P, A% T* _comment=”BionetTrojan-3″ disabled=no
* S1 e( {7 z) f8 v: k. c1 g- radd chain=virus protocol=tcp dst-port=3127 action=drop \* K, P* F+ }" o
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no, D9 h) h+ Q( K( S9 O0 y5 @& E5 K! ~4 S  t
add chain=virus protocol=tcp dst-port=6777 action=drop \
2 ~( D/ x- K4 T  j6 |comment=”Worm.BBeagle.a.Bagle.a.” disabled=no) L$ q* r; j& Q. f4 c
add chain=virus protocol=tcp dst-port=8866 action=drop \' u9 S. ^! P. m* F+ o1 U
comment=”Worm.BBeagle.b” disabled=no
; o' ]! w0 p' P" v3 zadd chain=virus protocol=tcp dst-port=2745 action=drop \
+ Y1 o/ U7 O/ H/ e: B% d& z& bcomment=”Worm.BBeagle.c-g/j-l” disabled=no
) v! s. U/ {2 `% H- p7 uadd chain=virus protocol=tcp dst-port=2556 action=drop \' _1 {1 j3 F( A3 ]6 U! D
comment=”Worm.BBeagle.p/q/r/n” disabled=no
3 |4 V: ?, y- e) t& k% z  V, cadd chain=virus protocol=tcp dst-port=20742 action=drop \% Z, g: j6 w' V6 s/ B$ f
comment=”Worm.BBEagle.m-2″ disabled=no. H2 p( l7 A" m+ [0 H* n. o- S
add chain=virus protocol=tcp dst-port=4751 action=drop \
# V6 f# O: b' N; A( j' zcomment=”Worm.BBeagle.s/t/u/v” disabled=no$ y3 `( o, X, K. ^* F" E$ i
add chain=virus protocol=tcp dst-port=2535 action=drop \2 c: b" K4 G6 D" U' Y$ p
comment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
" S( A: r. B2 @+ y2 h/ S) Jadd chain=virus protocol=tcp dst-port=5238 action=drop \
# \! m1 F' a$ k/ b5 M7 Ccomment=”Worm.LovGate.r.RpcExploit” disabled=no- C3 P( _$ X* e( f5 i, i6 O3 {0 \8 @
add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \
$ H! |) y; w0 {( r) w1 Xdisabled=no* T6 X1 G6 x% [2 g
add chain=virus protocol=tcp dst-port=5554 action=drop \
6 h+ w4 c; k. C7 A; ^# \0 k7 ycomment=”Worm.Sasser.b/c/f” disabled=no
6 B( v; u( F/ g" radd chain=virus protocol=tcp dst-port=9996 action=drop \
9 [1 F8 b1 X' E) M. R6 p4 p* A7 _comment=”Worm.Sasser.b/c/f” disabled=no3 |0 `4 ^4 I$ ]+ `
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \+ o' F4 G  D. `5 n
disabled=no. @, m3 O4 g0 c3 r& }
add chain=virus protocol=tcp dst-port=10168 action=drop \: ]) F& D: X4 C+ L# ?
comment=”Worm.Lovgate.a/b/c/d” disabled=no
5 ~$ h6 ~% K6 y/ d, E" o$ _add chain=virus protocol=tcp dst-port=20808 action=drop \
/ I0 L4 o+ x# Fcomment=”Worm.Lovgate.v.QQ” disabled=no) D& S7 J- e) E' A% d
add chain=virus protocol=tcp dst-port=1092 action=drop \$ c, F3 x# t% A8 I
comment=”Worm.Lovgate.f/g” disabled=no( J/ t: R5 B1 C: E& B
add chain=virus protocol=tcp dst-port=20168 action=drop \
3 ^8 {9 |* h  A& Wcomment=”Worm.Lovgate.f/g” disabled=no
/ p3 Y/ ^: Q, p# D5 O: radd chain=virus protocol=tcp dst-port=1363-1364 action=drop \! y! h8 p0 c+ n! ^' n9 p* G
comment=”ndm.requester” disabled=no( i: `* a( C; f( ?6 b; _( `
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \
# L* B6 y0 d) m  I6 G4 Pdisabled=no0 ~. B$ H' k; S
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \5 w# v2 b& c4 J3 R  I, v7 Q9 `3 \
disabled=no# x: [  d/ E* A, {" j8 D
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
$ k; I. d* h8 Gdisabled=no
; v4 x. A1 ?, G6 H# ]- `  q% Qadd chain=virus protocol=tcp dst-port=3410 action=drop \
! ^1 |7 B$ y- J& X0 }1 }0 L  Ecomment=”Backdoor.Optixprotocol” disabled=no
; H8 y, m& Q5 Z4 Z1 r* Iadd chain=virus protocol=tcp dst-port=8888 action=drop \3 s0 P' m8 P& J' l8 F
comment=”Worm.BBeagle.b” disabled=no
% R2 g# u$ a+ M* h2 z. radd chain=virus protocol=udp dst-port=44444 action=drop \6 e+ M( A$ R" U# {: q
comment=”Delta.Source.Trojan-7″ disabled=no
0 {. @( ]  ^* \& j# w6 Iadd chain=virus protocol=udp dst-port=8998 action=drop \) C' v& z, s# u2 G# T) |3 S
comment=”Worm.Sobig.f-3″ disabled=no7 v% w2 ^0 ?, z. F: T) D9 G
add chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
3 h2 \( Q. S9 I, u4 K2 H  Q3 odisabled=no; {* t- O3 c7 i* A, {; Z2 o
add chain=virus protocol=tcp dst-port=3198 action=drop \9 y0 y& P5 F" \4 h) O) |
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no
9 m$ C( @" Y8 Uadd chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \4 P9 b2 h+ k) D
Worm” disabled=no
  G; y$ z) A6 r( ^  Yadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \2 k& E2 z- X. z7 T- S+ w' T0 v# x
Worm” disabled=no+ L2 X6 T. F# o* h. _
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \5 c8 j3 g2 S/ h7 ~* x# I' x* R% i
Worm” disabled=no
/ l& x, T6 @/ Z( C" U/ ip firewall connection tracking* [$ V' a) c- a) G6 P+ i+ R: G2 D5 m- h' e
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
; g! z. u" T7 W) ytcp-established-timeout=10h tcp-fin-wait-timeout=2m \4 P. n  _3 e! X- I+ K
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \! v/ f: h1 |( _6 i
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \& `5 H& `* T& Y" X3 O
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \0 U& u4 `2 A1 `8 j
tcp-syncookie=yes
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 我要加入

本版积分规则

Archiver| 手机版| 中国无线门户 ( 粤ICP备11076993 )  |网站地图    小黑屋 | 免责声明

GMT+8, 2016-12-6 02:35

Powered by Discuz! X3.2

© 2003-2013 广州威思信息科技有限公司

返回顶部 返回列表