routeros2.8.26防火墙导入后的问题
/ ip firewallset input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="virus" policy=none comment=""
/ ip firewall rule forward
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="" disabled=no
add dst-address=:21 protocol=tcp action=accept comment="" disabled=no
add dst-address=:81 protocol=tcp action=accept comment="" disabled=no
add action=drop comment="" disabled=no
/ ip firewall rule virus
add dst-address=:25 protocol=tcp action=drop comment="" disabled=no
add dst-address=:69 protocol=udp action=drop comment="" disabled=no
add dst-address=:79 protocol=tcp action=drop comment="" disabled=no
add dst-address=:113 protocol=udp action=drop comment="" disabled=no
add dst-address=:113 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="" disabled=no
add dst-address=:143 protocol=tcp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=udp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=udp action=drop comment="" disabled=no
add dst-address=:500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:500 protocol=udp action=drop comment="" disabled=no
add dst-address=:593 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=udp action=drop comment="" disabled=no
add dst-address=:1043 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1043 protocol=udp action=drop comment="" disabled=no
add dst-address=:1080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1214 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1363 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1364 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1368 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1373 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1377 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1433-1434 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1524 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=udp action=drop comment="" disabled=no
add dst-address=:2140 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2140 protocol=udp action=drop comment="" disabled=no
add dst-address=:2283 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2535 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=udp action=drop comment="" disabled=no
add dst-address=:3127-3128 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=udp action=drop comment="" disabled=no
add dst-address=:3306 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3306 protocol=udp action=drop comment="" disabled=no
add dst-address=:3389 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3389 protocol=udp action=drop comment="" disabled=no
add dst-address=:3410 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3801 protocol=udp action=drop comment="" disabled=no
add dst-address=:4444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4444 protocol=udp action=drop comment="" disabled=no
add dst-address=:4500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4500 protocol=udp action=drop comment="" disabled=no
add dst-address=:5000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5000 protocol=udp action=drop comment="" disabled=no
add dst-address=:5354 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5354 protocol=udp action=drop comment="" disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=udp action=drop comment="" disabled=no
add dst-address=:5880-5882 protocol=udp action=drop comment="" disabled=no
add dst-address=:5888-5889 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6000 protocol=udp action=drop comment="" disabled=no
add dst-address=:6000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=udp action=drop comment="" disabled=no
add dst-address=:6267 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=udp action=drop comment="" disabled=no
add dst-address=:7511 protocol=udp action=drop comment="" disabled=no
add dst-address=:7626 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7511 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=udp action=drop comment="" disabled=no
add dst-address=:8225 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8225 protocol=udp action=drop comment="" disabled=no
add dst-address=:8311 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8311 protocol=udp action=drop comment="" disabled=no
add dst-address=:8866 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8998 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=udp action=drop comment="" disabled=no
add dst-address=:10080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=tcp action=drop comment="" disabled=no
add dst-address=:17300 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=udp action=drop comment="" disabled=no
add dst-address=:20168 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20168 protocol=udp action=drop comment="" disabled=no
add dst-address=:27374 protocol=tcp action=drop comment="" disabled=no
add dst-address=:27374 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:30100 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=udp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=udp action=drop comment="" disabled=no
add dst-address=:34555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:35555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=udp action=drop comment="" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=yes
set gre disabled=yes
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add action=masquerade comment="vip" disabled=no
add action=masquerade comment="all" disabled=no
/ ip firewall dst-nat
add action=accept to-dst-address=192.168.1.3 to-dst-port=80 comment="contrl" \
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=50s tcp-syn-received-timeout=30s \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
导入之后用WINBOX连接不上了。帮忙看看是哪里的问题。FTP可以连接。TELNET也可以。
IP是192.168.0.1知道的帮帮忙。
回复 #2 legou 的帖子
那我该怎么办才能连上??回复 #4 legou 的帖子
是改了。那咋办。
页:
[1]