收集的ROS防火墙脚本_路由器/交换机教程-查字典教程网
收集的ROS防火墙脚本
收集的ROS防火墙脚本
发布时间:2016-12-26 来源:查字典编辑
摘要:#feb/18/200622:28:00byRouterOS2.9.2.7QQ"415736#softwareid=83RE-SN0#/ip...

#feb/18/200622:28:00byRouterOS2.9.2.7QQ"415736

#softwareid=83RE-SN0

#

/ipfirewallfilter

addchain=inputconnection-state=invalidaction=drop

comment="丢弃非法连接packets"disabled=no

addchain=inputprotocol=tcpdst-port=80connection-limit=90,0action=drop

comment="限制总http连接数为90"disabled=no

addchain=inputprotocol=tcppsd=21,3s,3,1action=drop

comment="探测并丢弃端口扫描连接"disabled=no

addchain=inputprotocol=tcpconnection-limit=3,32src-address-list=black_list

action=tarpitcomment="压制DoS攻击"disabled=no

addchain=inputprotocol=tcpconnection-limit=10,32

action=add-src-to-address-listaddress-list=black_list

address-list-timeout=1dcomment="探测DoS攻击"disabled=no

addchain=inputdst-address-type=!localaction=dropcomment="丢弃掉非本地数据"

disabled=no

addchain=inputsrc-address-type=!unicastaction=drop

comment="丢弃掉所有非单播数据"disabled=no

addchain=inputprotocol=icmpaction=jumpjump-target=ICMP

comment="跳转到ICMP链表"disabled=no

addchain=inputprotocol=tcpaction=jumpjump-target=virus

comment="跳转到病毒链表"disabled=no

addchain=ICMPprotocol=icmpicmp-options=0:0-255limit=5,5action=accept

comment="Ping应答限制为每秒5个包"disabled=no

addchain=ICMPprotocol=icmpicmp-options=3:3limit=5,5action=accept

comment="Traceroute限制为每秒5个包"disabled=no

addchain=ICMPprotocol=icmpicmp-options=3:4limit=5,5action=accept

comment="MTU线路探测限制为每秒5个包"disabled=no

addchain=ICMPprotocol=icmpicmp-options=8:0-255limit=5,5action=accept

comment="Ping请求限制为每秒5个包"disabled=no

addchain=ICMPprotocol=icmpicmp-options=11:0-255limit=5,5action=accept

comment="TraceTTL限制为每秒5个包"disabled=no

addchain=ICMPprotocol=icmpaction=dropcomment="丢弃掉任何ICMP数据"

disabled=no

addchain=forwardconnection-state=establishedaction=accept

comment="接受以连接的数据包"disabled=no

addchain=forwardconnection-state=relatedaction=accept

comment="接受相关数据包"disabled=no

addchain=forwardconnection-state=invalidaction=drop

comment="丢弃非法数据包"disabled=no

addchain=forwardprotocol=tcpconnection-limit=50,32action=drop

comment="限制每个主机TCP连接数为50条"disabled=no

addchain=forwardsrc-address-type=!unicastaction=drop

comment="丢弃掉所有非单播数据"disabled=no

addchain=forwardprotocol=icmpaction=jumpjump-target=ICMP

comment="跳转到ICMP链表"disabled=no

addchain=forwardaction=jumpjump-target=viruscomment="跳转到病毒链表"

disabled=no

addchain=virusprotocol=tcpdst-port=41action=drop

comment="DeepThroat.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=82action=drop

comment="Worm.NetSky.Y@mm"disabled=no

addchain=virusprotocol=tcpdst-port=113action=drop

comment="W32.Korgo.A/B/C/D/E/F-1"disabled=no

addchain=virusprotocol=tcpdst-port=2041action=drop

comment="W33.Korgo.A/B/C/D/E/F-2"disabled=no

addchain=virusprotocol=tcpdst-port=3150action=drop

comment="DeepThroat.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=3067action=drop

comment="W32.Korgo.A/B/C/D/E/F-3"disabled=no

addchain=virusprotocol=tcpdst-port=3422action=drop

comment="Backdoor.IRC.Aladdinz.R-1"disabled=no

addchain=virusprotocol=tcpdst-port=6667action=drop

comment="W32.Korgo.A/B/C/D/E/F-4"disabled=no

addchain=virusprotocol=tcpdst-port=6789action=drop

comment="Worm.NetSky.S/T/U@mm"disabled=no

addchain=virusprotocol=tcpdst-port=8787action=drop

comment="Back.Orifice.2000.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=8879action=drop

comment="Back.Orifice.2000.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=8967action=drop

comment="W32.Dabber.A/B-2"disabled=no

addchain=virusprotocol=tcpdst-port=9999action=drop

comment="W32.Dabber.A/B-3"disabled=no

addchain=virusprotocol=tcpdst-port=20034action=drop

comment="Block.NetBus.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=21554action=drop

comment="GirlFriend.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=31666action=drop

comment="Back.Orifice.2000.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=43958action=drop

comment="Backdoor.IRC.Aladdinz.R-2"disabled=no

addchain=virusprotocol=tcpdst-port=999action=drop

comment="DeepThroat.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=6670action=drop

comment="DeepThroat.Trojan-4"disabled=no

addchain=virusprotocol=tcpdst-port=6771action=drop

comment="DeepThroat.Trojan-5"disabled=no

addchain=virusprotocol=tcpdst-port=60000action=drop

comment="DeepThroat.Trojan-6"disabled=no

addchain=virusprotocol=tcpdst-port=2140action=drop

comment="DeepThroat.Trojan-7"disabled=no

addchain=virusprotocol=tcpdst-port=10067action=drop

comment="Portal.of.Doom.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=10167action=drop

comment="Portal.of.Doom.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=3700action=drop

comment="Portal.of.Doom.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=9872-9875action=drop

comment="Portal.of.Doom.Trojan-4"disabled=no

addchain=virusprotocol=tcpdst-port=6883action=drop

comment="Delta.Source.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=26274action=drop

comment="Delta.Source.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=4444action=drop

comment="Delta.Source.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=47262action=drop

comment="Delta.Source.Trojan-4"disabled=no

addchain=virusprotocol=tcpdst-port=3791action=drop

comment="Eclypse.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=3801action=drop

comment="Eclypse.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=65390action=drop

comment="Eclypse.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=5880-5882action=drop

comment="Y3K.RAT.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=5888-5889action=drop

comment="Y3K.RAT.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=30100-30103action=drop

comment="NetSphere.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=30133action=drop

comment="NetSphere.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=7300-7301action=drop

comment="NetMonitor.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=7306-7308action=drop

comment="NetMonitor.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=79action=drop

comment="FireHotcker.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=5031action=drop

comment="FireHotcker.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=5321action=drop

comment="FireHotcker.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=6400action=drop

comment="TheThing.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=7777action=drop

comment="TheThing.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=1047action=drop

comment="GateCrasher.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=6969-6970action=drop

comment="GateCrasher.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=2774action=dropcomment="SubSeven-1"

disabled=no

addchain=virusprotocol=tcpdst-port=27374action=dropcomment="SubSeven-2"

disabled=no

addchain=virusprotocol=tcpdst-port=1243action=dropcomment="SubSeven-3"

disabled=no

addchain=virusprotocol=tcpdst-port=1234action=dropcomment="SubSeven-4"

disabled=no

addchain=virusprotocol=tcpdst-port=6711-6713action=drop

comment="SubSeven-5"disabled=no

addchain=virusprotocol=tcpdst-port=16959action=dropcomment="SubSeven-7"

disabled=no

addchain=virusprotocol=tcpdst-port=25685-25686action=drop

comment="Moonpie.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=25982action=drop

comment="Moonpie.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=31337-31339action=drop

comment="NetSpy.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=8102action=dropcomment="Trojan"

disabled=no

addchain=virusprotocol=tcpdst-port=8011action=dropcomment="WAY.Trojan"

disabled=no

addchain=virusprotocol=tcpdst-port=7626action=dropcomment="Trojan.BingHe"

disabled=no

addchain=virusprotocol=tcpdst-port=19191action=drop

comment="Trojan.NianSeHoYian"disabled=no

addchain=virusprotocol=tcpdst-port=23444-23445action=drop

comment="NetBull.Trojan"disabled=no

addchain=virusprotocol=tcpdst-port=2583action=drop

comment="WinCrash.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=3024action=drop

comment="WinCrash.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=4092action=drop

comment="WinCrash.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=5714action=drop

comment="WinCrash.Trojan-4"disabled=no

addchain=virusprotocol=tcpdst-port=1010-1012action=drop

comment="Doly1.0/1.35/1.5trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=1015action=drop

comment="Doly1.0/1.35/1.5trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=2004-2005action=drop

comment="TransScout.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=9878action=drop

comment="TransScout.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=2773action=drop

comment="Backdoor.YAI..Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=7215action=drop

comment="Backdoor.YAI.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=54283action=drop

comment="Backdoor.YAI.Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=1003action=drop

comment="BackDoorTrojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=5598action=drop

comment="BackDoorTrojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=5698action=drop

comment="BackDoorTrojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=31554action=drop

comment="SchainwindlerTrojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=18753action=drop

comment="Shaft.DDoS.Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=20432action=drop

comment="Shaft.DDoS.Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=65000action=drop

comment="Devil.DDoS.Trojan"disabled=no

addchain=virusprotocol=tcpdst-port=11831action=drop

comment="LatinusTrojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=29559action=drop

comment="LatinusTrojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=1784action=drop

comment="Snid.X2Trojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=3586action=drop

comment="Snid.X2Trojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=7609action=drop

comment="Snid.X2Trojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=12348-12349action=drop

comment="BionetTrojan-1"disabled=no

addchain=virusprotocol=tcpdst-port=12478action=drop

comment="BionetTrojan-2"disabled=no

addchain=virusprotocol=tcpdst-port=57922action=drop

comment="BionetTrojan-3"disabled=no

addchain=virusprotocol=tcpdst-port=3127action=drop

comment="Worm.Novarg.a.Mydoom.a1."disabled=no

addchain=virusprotocol=tcpdst-port=6777action=drop

comment="Worm.BBeagle.a.Bagle.a."disabled=no

addchain=virusprotocol=tcpdst-port=8866action=drop

comment="Worm.BBeagle.b"disabled=no

addchain=virusprotocol=tcpdst-port=2745action=drop

comment="Worm.BBeagle.c-g/j-l"disabled=no

addchain=virusprotocol=tcpdst-port=2556action=drop

comment="Worm.BBeagle.p/q/r/n"disabled=no

addchain=virusprotocol=tcpdst-port=20742action=drop

comment="Worm.BBEagle.m-2"disabled=no

addchain=virusprotocol=tcpdst-port=4751action=drop

comment="Worm.BBeagle.s/t/u/v"disabled=no

addchain=virusprotocol=tcpdst-port=2535action=drop

comment="Worm.BBeagle.aa/ab/w/x-z-2"disabled=no

addchain=virusprotocol=tcpdst-port=5238action=drop

comment="Worm.LovGate.r.RpcExploit"disabled=no

addchain=virusprotocol=tcpdst-port=1068action=dropcomment="Worm.Sasser.a"

disabled=no

addchain=virusprotocol=tcpdst-port=5554action=drop

comment="Worm.Sasser.b/c/f"disabled=no

addchain=virusprotocol=tcpdst-port=9996action=drop

comment="Worm.Sasser.b/c/f"disabled=no

addchain=virusprotocol=tcpdst-port=9995action=dropcomment="Worm.Sasser.d"

disabled=no

addchain=virusprotocol=tcpdst-port=10168action=drop

comment="Worm.Lovgate.a/b/c/d"disabled=no

addchain=virusprotocol=tcpdst-port=20808action=drop

comment="Worm.Lovgate.v.QQ"disabled=no

addchain=virusprotocol=tcpdst-port=1092action=drop

comment="Worm.Lovgate.f/g"disabled=no

addchain=virusprotocol=tcpdst-port=20168action=drop

comment="Worm.Lovgate.f/g"disabled=no

addchain=virusprotocol=tcpdst-port=1363-1364action=drop

comment="ndm.requester"disabled=no

addchain=virusprotocol=tcpdst-port=1368action=dropcomment="screen.cast"

disabled=no

addchain=virusprotocol=tcpdst-port=1373action=dropcomment="hromgrafx"

disabled=no

addchain=virusprotocol=tcpdst-port=1377action=dropcomment="cichainlid"

disabled=no

addchain=virusprotocol=tcpdst-port=3410action=drop

comment="Backdoor.Optixprotocol"disabled=no

addchain=virusprotocol=tcpdst-port=8888action=drop

comment="Worm.BBeagle.b"disabled=no

addchain=virusprotocol=udpdst-port=44444action=drop

comment="Delta.Source.Trojan-7"disabled=no

addchain=virusprotocol=udpdst-port=8998action=drop

comment="Worm.Sobig.f-3"disabled=no

addchain=virusprotocol=udpdst-port=123action=dropcomment="Worm.Sobig.f-1"

disabled=no

addchain=virusprotocol=tcpdst-port=3198action=drop

comment="Worm.Novarg.a.Mydoom.a2."disabled=no

addchain=virusprotocol=tcpdst-port=139action=dropcomment="DropBlaster

Worm"disabled=no

addchain=virusprotocol=tcpdst-port=135action=dropcomment="DropBlaster

Worm"disabled=no

addchain=virusprotocol=tcpdst-port=445action=dropcomment="DropBlaster

Worm"disabled=no

/ipfirewallconnectiontracking

setenabled=yestcp-syn-sent-timeout=5stcp-syn-received-timeout=5s

tcp-established-timeout=10htcp-fin-wait-timeout=2m

tcp-close-wait-timeout=1mtcp-last-ack-timeout=30s

tcp-time-wait-timeout=2mtcp-close-timeout=10sudp-timeout=30s

udp-stream-timeout=3micmp-timeout=10sgeneric-timeout=10m

tcp-syncookie=yes

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
    •
    最新路由器/交换机学习
    热门路由器/交换机学习
    实用技巧子分类