ROS放火强问题,请WINBOX大哥帮忙改改!
/ ip firewallset input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="virus" policy=none comment=""
/ ip firewall rule forward
add connection-state=invalid action=drop comment="Drop invalid \
connections【RO路由器官方防火墙设置】" disabled=no
add connection-state=established action=accept comment="Established \
connections【RO路由器官方防火墙设置】" disabled=no
add connection-state=related action=accept comment="Related \
connections【RO路由器官方防火墙设置】" disabled=no
add action=jump jump-target=virus comment="!!! Check for well-known viruses \
!!!【RO路由器官方防火墙设置】" disabled=no
add protocol=udp action=accept comment="UDP【RO路由器官方防火墙设置】" \
disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="Allow limited pings【RO路由器官方防火墙设置】" disabled=no
add protocol=icmp action=drop comment="Drop excess \
pings【RO路由器官方防火墙设置】" disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment="Drop invalid \
connections【RO路由器官方防火墙设置】" disabled=no
add tcp-options=non-syn-only connection-state=established action=accept \
comment="Accept established connections【RO路由器官方防火墙设置】" \
disabled=no
add connection-state=related action=accept comment="Accept related \
connections【RO路由器官方防火墙设置】" disabled=no
add action=jump jump-target=virus comment="!!! Check for well-known viruses \
!!!【RO路由器官方防火墙设置】" disabled=no
add protocol=udp action=accept comment="UDP【RO路由器官方防火墙设置】" \
disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="Allow limited pings【RO路由器官方防火墙设置】" disabled=no
add protocol=icmp action=drop comment="Drop excess \
pings【RO路由器官方防火墙设置】" disabled=no
add dst-address=:22 protocol=tcp action=accept comment="SSH for demo \
purposes【RO路由器官方防火墙设置】" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="Telnet for demo \
purposes【RO路由器官方防火墙设置】" disabled=no
add dst-address=:80 protocol=tcp action=accept comment="http for demo \
purposes【RO路由器官方防火墙设置】" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="winbox for demo \
purposes【RO路由器官方防火墙设置】" disabled=no
add src-address=159.148.172.192/28 action=accept comment="From Mikrotikls \
network【RO路由器官方防火墙设置】" disabled=yes
add src-address=10.0.0.0/8 action=accept comment="From Mikrotikls \
network【RO路由器官方防火墙设置】" disabled=yes
add action=drop log=yes comment="Log and drop everything \
else【RO路由器官方防火墙设置】" disabled=yes
add connection-state=related action=accept comment="Related connections" \
disabled=no
add dst-address=:69 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:69 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:134-139 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:161-162 protocol=tcp action=drop comment="drop SNMP Trap" \
disabled=no
add dst-address=:161-162 protocol=udp action=drop comment="drop SNMP Trap" \
disabled=no
add dst-address=:445 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:445 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:554 protocol=tcp action=drop comment="drop blaster wrom" \
disabled=no
add dst-address=:554 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:593 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:593 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:1025 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:1025 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:1068 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:1068 protocol=udp action=drop comment="rop blaster worm" \
disabled=no
add dst-address=:2000 protocol=tcp action=drop comment="drop Millenium" \
disabled=no
add dst-address=:2000 protocol=udp action=drop comment="drop millenium" \
disabled=no
add dst-address=:3127-3198 protocol=tcp action=drop comment="drop proxy worm" \
disabled=no
add dst-address=:3127-3198 protocol=udp action=drop comment="drop proxy worm" \
disabled=no
add dst-address=:3389 protocol=tcp action=drop comment="drop windows supper \
clinet link" disabled=no
add dst-address=:3389 protocol=udp action=drop comment="drop windows supper \
clinet link" disabled=no
add dst-address=:4444 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:4444 protocol=udp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="drop blaster worm" \
disabled=no
add dst-address=:5554 protocol=udp action=drop comment="drop Bt download" \
disabled=no
add dst-address=:6881-6889 protocol=tcp action=drop comment="drop drop Bt \
download" disabled=no
add dst-address=:6881-6889 protocol=udp action=drop comment="drop drop Bt \
download" disabled=no
add dst-address=:8881-8889 protocol=tcp action=drop comment="drop drop Bt \
download" disabled=no
add dst-address=:8881-8889 protocol=udp action=drop comment="drop drop Bt \
download" disabled=no
add dst-address=:39213 protocol=tcp action=drop comment="drop worm" \
disabled=no
add dst-address=:39213 protocol=tcp action=drop comment="drop worm" \
disabled=no
add protocol=udp action=accept comment="udp" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="allow limited pings" disabled=no
/ ip firewall rule output
add protocol=tcp tcp-options=syn-only action=drop log=yes \
comment="【RO路由器官方防火墙设置】" disabled=no
/ ip firewall rule virus
add dst-address=:1080 protocol=tcp action=drop comment="Drop \
MyDoom【RO路由器官方防火墙设置】" disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="Drop Blaster \
Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:134-139 protocol=udp action=drop comment="Drop Messenger \
Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster \
Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:445 protocol=udp action=drop comment="Drop Blaster \
Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:593 protocol=tcp action=drop \
comment="________【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1024-1030 protocol=tcp action=drop \
comment="________【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1214 protocol=tcp action=drop \
comment="________【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1363 protocol=tcp action=drop comment="ndm \
requester【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1364 protocol=tcp action=drop comment="ndm \
server【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1368 protocol=tcp action=drop comment="screen \
cast【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1373 protocol=tcp action=drop \
comment="hromgrafx【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1377 protocol=tcp action=drop \
comment="cichlid【RO路由器官方防火墙设置】" disabled=no
add dst-address=:1433-1434 protocol=tcp action=drop \
comment="Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="Bagle \
Virus【RO路由器官方防火墙设置】" disabled=no
add dst-address=:2283 protocol=tcp action=drop comment="Drop \
Dumaru.Y【RO路由器官方防火墙设置】" disabled=no
add dst-address=:2535 protocol=tcp action=drop comment="Drop \
Beagle【RO路由器官方防火墙设置】" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="Drop \
Beagle.C-K【RO路由器官方防火墙设置】" disabled=no
add dst-address=:3127-3128 protocol=tcp action=drop comment="Drop \
MyDoom ?O路由器官方防火墙设置】" disabled=no
add dst-address=:3410 protocol=tcp action=drop comment="Drop Backdoor \
OptixPro【RO路由器官方防火墙设置】" disabled=no
add dst-address=:4444 protocol=tcp action=drop \
comment="Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:4444 protocol=udp action=drop \
comment="Worm【RO路由器官方防火墙设置】" disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="Drop \
Sasser【RO路由器官方防火墙设置】" disabled=no
add dst-address=:8866 protocol=tcp action=drop comment="Drop \
Beagle.B【RO路由器官方防火墙设置】" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="Drop \
Dabber.A-B【RO路由器官方防火墙设置】" disabled=no
add dst-address=:10000 protocol=tcp action=drop comment="Drop \
Dumaru.Y【RO路由器官方防火墙设置】" disabled=no
add dst-address=:10080 protocol=tcp action=drop comment="Drop \
MyDoom.B【RO路由器官方防火墙设置】" disabled=no
add dst-address=:12345 protocol=tcp action=drop comment="Drop \
NetBus【RO路由器官方防火墙设置】" disabled=no
add dst-address=:17300 protocol=tcp action=drop comment="Drop \
Kuang2【RO路由器官方防火墙设置】" disabled=no
add dst-address=:27374 protocol=tcp action=drop comment="Drop \
SubSeven【RO路由器官方防火墙设置】" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="Drop PhatBot, \
Agobot, Gaobot【RO路由器官方防火墙设置】" disabled=no
add dst-address=:6667 protocol=tcp action=drop comment="Drop 6667" \
disabled=no
add dst-address=:6667 protocol=udp action=drop comment="" disabled=no
add dst-address=:8998 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]Worm.Sobig.f" disabled=no
add dst-address=:995-999 protocol=udp action=drop comment="" disabled=no
add dst-address=:123 protocol=udp action=drop comment="" disabled=no
add dst-address=:69 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]Worm.MsBlaster(冲击波) - 2" \
disabled=no
add dst-address=:31338 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]NetSpy \\\(DK\\\) Trojan - 1" \
disabled=no
add dst-address=:35555 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]Trin00 \\\(DDoS\\\) Trojan - 2" \
disabled=no
add dst-address=:34555 protocol=udp action=drop comment="" disabled=no
add dst-address=:5888-5889 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]Y3K RAT Trojan - 4" disabled=no
add dst-address=:5880-5882 protocol=udp action=drop comment="" disabled=no
add dst-address=:3801 protocol=udp action=drop \
comment="\\\[木马/间谍程序防御\\\]Eclypse Trojan - 2" disabled=no
add dst-address=:25 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3306 protocol=tcp action=drop comment="Drop Sub3306" \
disabled=no
add dst-address=:3306 protocol=udp action=drop comment="" disabled=no
add dst-address=:113 protocol=tcp action=drop comment="drop 113端口木马病毒" \
disabled=no
add dst-address=:1902 protocol=tcp action=drop comment="drop 爱情后门1902" \
disabled=no
add dst-address=:26108 protocol=tcp action=drop comment="" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="Drop PhatBot, \
Agobot, Gaobot" disabled=no
add dst-address=:5000 protocol=tcp action=drop comment="drop \
Kibuv.BBobax5000" disabled=no
add dst-address=:5000 protocol=udp action=drop comment="" disabled=no
add dst-address=:6129 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6267 protocol=tcp action=drop comment="drop 广外女生6267" \
disabled=no
add dst-address=:7626 protocol=tcp action=drop comment="drop 冰河 7626" \
disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall mangle
add action=accept mark-flow=all comment="" disabled=no
/ ip firewall src-nat
add action=masquerade comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
高手们也帮忙看看啊,我不知道怎么改啊!
我把他直接保存成RSC格式的时候,倒入ROS出现错误,而且用WINBOX连不上主机,能请帮忙改一下吗?改成适合自己的!(还有,我不知道直接保存成RSC格式然后倒入ROS,这种方式对不对?有没有影响)谢谢!
[ 本帖最后由 qjcking 于 2005-11-27 15:00 编辑 ] 怎么没人帮忙啊?自己顶! 高手帮帮我吧!
这个规则中 前3条怎么解释啊
不明白 上面不是防火墙的配置吗?就是帮我改一下,看看里面哪里有错误,修正一下和指点怎么倒入ROS,里面有什么需要改成和自己内网IP一样的地方请帮我指出,谢谢!我对这个还是菜鸟,初学!其他的还好看点
但是 官方加的那些我看不懂 我也正在学习 要沉了,顶啊!等待高手帮忙! 先导入看看结果如何,不对再修改。[ 本帖最后由 yunq 于 2005-11-28 11:36 编辑 ] 我把他保存成RSC后倒入,但是倒了一点进去后提示错误,不知道怎么回事! 前几行不要,直接从第六行开始导入看。
页:
[1]