本人改编的routeros2.8.2系列防火墙脚本
/ ip firewall rule forwardad protocol=tcp dst-address=:445 action=drop log=yes disabled=nocomment=""
ad protocol=tcp dst-address=:135-139 action=drop log=yes disabled=nocomment=""
ad dst-address=:82 protocol=tcp action=drop log=yes disabled=no comment="Worm.NetSky.Y@mm"
ad dst-address=:113 protocol=tcp action=drop log=yes disabled=no comment="W32.Korgo.A/B/C/D/E/F-1"
ad dst-address=:2041 protocol=tcp action=drop log=yes disabled=no comment="W33.Korgo.A/B/C/D/E/F-2"
ad dst-address=:3067 protocol=tcp action=drop log=yes disabled=no comment="W32.Korgo.A/B/C/D/E/F-3"
ad dst-address=:6667 protocol=tcp action=drop log=yes disabled=no comment="W32.Korgo.A/B/C/D/E/F-4"
ad dst-address=:445 protocol=tcp action=drop log=yes disabled=no comment="W32.Korgo.A/B/C/D/E/F-5"
ad dst-address=:1000-1001 protocol=tcp action=drop log=yes disabled=no comment="Backdoor.Nibu.B-1"
ad dst-address=:2283 protocol=tcp action=drop log=yes disabled=no comment="Backdoor.Nibu.B-2"
adprotocol=tcp dst-address=:2283 action=drop log=yes disabled=no comment="Backdoor.Nibu.B-2"
adprotocol=tcp dst-address=:10000 action=drop log=yes disabled=no comment="Backdoor.Nibu.E/G/H"
adprotocol=tcp dst-address=:3422 action=drop log=yes disabled=no comment="Backdoor.IRC.Aladinz.R-1"
adprotocol=tcp dst-address=:43958 action=drop log=yes disabled=no comment="Backdoor.IRC.Aladinz.R-2"
adprotocol=tcp dst-address=:5554 action=drop log=yes disabled=no comment="W32.Dabber.A/B-1"
adprotocol=tcp dst-address=:8967 action=drop log=yes disabled=no comment="W32.Dabber.A/B-2"
adprotocol=tcp dst-address=:9898-9999 action=drop log=yes disabled=no comment="W32.Dabber.A/B-3"
adprotocol=tcp dst-address=:6789 action=drop log=yes disabled=no comment="Worm.NetSky.S/T/U@mm"
adprotocol=tcp dst-address=:8787 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-1"
adprotocol=tcp dst-address=:8879 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-2"
adprotocol=tcp dst-address=:31666 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-3"
adprotocol=tcp dst-address=:31337-31338 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-4"
adprotocol=tcp dst-address=:54320-54321 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-5"
adprotocol=tcp dst-address=:12345-12346 action=drop log=yes disabled=no comment="Block.NetBus.Trojan-1"
ad protocol=tcp dst-address=:20034 action=drop log=yes disabled=no comment="Block.NetBus.Trojan-2"
ad protocol=tcp dst-address=:21554 action=drop log=yes disabled=no comment="GirlFriend.Trojan-1"
ad protocol=tcp dst-address=:41 action=drop log=yes disabled=no comment="DeepThroat.Trojan-1"
ad protocol=tcp dst-address=:3150 action=drop log=yes disabled=no comment="DeepThroat.Trojan-2"
ad protocol=tcp dst-address=:999 action=drop log=yes disabled=no comment="DeepThroat.Trojan-3"
ad protocol=tcp dst-address=:6670 action=drop log=yes disabled=no comment="DeepThroat.Trojan-4"
ad protocol=tcp dst-address=:6771 action=drop log=yes disabled=no comment="DeepThroat.Trojan-5"
ad protocol=tcp dst-address=:60000 action=drop log=yes disabled=no comment="DeepThroat.Trojan-6"
ad protocol=tcp dst-address=:2140 action=drop log=yes disabled=no comment="DeepThroat.Trojan-7"
ad protocol=tcp dst-address=:10067 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-1"
ad protocol=tcp dst-address=:10167 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-2"
ad protocol=tcp dst-address=:3700 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-3"
ad protocol=tcp dst-address=:9872-9875 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-4"
ad protocol=tcp dst-address=:6883 action=drop log=yes disabled=no comment="Delta.Source.Trojan-1"
ad protocol=tcp dst-address=:26274 action=drop log=yes disabled=no comment="Delta.Source.Trojan-2"
ad protocol=tcp dst-address=:4444 action=drop log=yes disabled=no comment="Delta.Source.Trojan-3"
ad protocol=tcp dst-address=:47262 action=drop log=yes disabled=no comment="Delta.Source.Trojan-4"
ad protocol=tcp dst-address=:3791 action=drop log=yes disabled=no comment="Eclypse.Trojan-1"
ad protocol=tcp dst-address=:3801 action=drop log=yes disabled=no comment="Eclypse.Trojan-2"
ad protocol=tcp dst-address=:65390 action=drop log=yes disabled=no comment="Eclypse.Trojan-3"
ad protocol=tcp dst-address=:5880-5882 action=drop log=yes disabled=no comment="Y3K.RAT.Trojan-1"
ad protocol=tcp dst-address=:5888-5889 action=drop log=yes disabled=no comment="Y3K.RAT.Trojan-2"
ad protocol=tcp dst-address=:30100-30103 action=drop log=yes disabled=no comment="NetSphere.Trojan-1"
ad protocol=tcp dst-address=:30133 action=drop log=yes disabled=no comment="NetSphere.Trojan-2"
ad protocol=tcp dst-address=:7300-7301 action=drop log=yes disabled=no comment="NetMonitor.Trojan-1"
ad protocol=tcp dst-address=:7306-7308 action=drop log=yes disabled=no comment="NetMonitor.Trojan-2"
ad protocol=tcp dst-address=:79 action=drop log=yes disabled=no comment="FireHotcker.Trojan-1"
ad protocol=tcp dst-address=:5031 action=drop log=yes disabled=no comment="FireHotcker.Trojan-2"
ad protocol=tcp dst-address=:5321 action=drop log=yes disabled=no comment="FireHotcker.Trojan-3"
ad protocol=tcp dst-address=:6400 action=drop log=yes disabled=no comment="TheThing.Trojan-1"
ad protocol=tcp dst-address=:7777 action=drop log=yes disabled=no comment="TheThing.Trojan-2"
ad protocol=tcp dst-address=:1047 action=drop log=yes disabled=no comment="GateCrasher.Trojan-1"
ad protocol=tcp dst-address=:6969-6970 action=drop log=yes disabled=no comment="GateCrasher.Trojan-2"
ad protocol=tcp dst-address=:2774 action=drop log=yes disabled=no comment="SubSeven-1"
ad protocol=tcp dst-address=:27374 action=drop log=yes disabled=no comment="SubSeven-2"
ad protocol=tcp dst-address=:1243 action=drop log=yes disabled=no comment="SubSeven-3"
ad protocol=tcp dst-address=:1234 action=drop log=yes disabled=no comment="SubSeven-4"
ad protocol=tcp dst-address=:6711-6713 action=drop log=yes disabled=no comment="SubSeven-5"
ad protocol=tcp dst-address=:16959 action=drop log=yes disabled=no comment="SubSeven-7"
ad protocol=tcp dst-address=:11000 action=drop log=yes disabled=no comment="Senna.Spy.Trojan-1"
ad protocol=tcp dst-address=:13000 action=drop log=yes disabled=no comment="Senna.Spy.Trojan-2"
ad protocol=tcp dst-address=:25685-25686 action=drop log=yes disabled=no comment="Moonpie.Trojan-1"
ad protocol=tcp dst-address=:25982 action=drop log=yes disabled=no comment="Moonpie.Trojan-2"
ad protocol=tcp dst-address=:1024-1030 action=drop log=yes disabled=no comment="NetSpy.Trojan-1"
ad protocol=tcp dst-address=:1033 action=drop log=yes disabled=no comment="NetSpy.Trojan-2"
ad protocol=tcp dst-address=:31337-31339 action=drop log=yes disabled=no comment="NetSpy.Trojan-3"
ad protocol=tcp dst-address=:8102 action=drop log=yes disabled=no comment="Trojan"
ad protocol=tcp dst-address=:7306 action=drop log=yes disabled=no comment="Netspy3.0Trojan"
ad protocol=tcp dst-address=:8011 action=drop log=yes disabled=no comment="WAY.Trojan"
ad protocol=tcp dst-address=:7626 action=drop log=yes disabled=no comment="Trojan.BingHe"
ad protocol=tcp dst-address=:19191 action=drop log=yes disabled=no comment="Trojan.NianSeHoYian"
ad protocol=tcp dst-address=:23444-23445 action=drop log=yes disabled=no comment="NetBull.Trojan"
ad protocol=tcp dst-address=:2583 action=drop log=yes disabled=no comment="WinCrash.Trojan-1"
ad protocol=tcp dst-address=:3024 action=drop log=yes disabled=no comment="WinCrash.Trojan-2"
ad protocol=tcp dst-address=:4092 action=drop log=yes disabled=no comment="WinCrash.Trojan-3"
ad protocol=tcp dst-address=:5714 action=drop log=yes disabled=no comment="WinCrash.Trojan-4"
ad protocol=tcp dst-address=:1010-1012 action=drop log=yes disabled=no comment="Doly1.0/1.35/1.5trojan-1"
ad protocol=tcp dst-address=:1015 action=drop log=yes disabled=no comment="Doly1.0/1.35/1.5trojan-2"
ad protocol=tcp dst-address=:9878 action=drop log=yes disabled=no comment="TransScout.Trojan-2"
ad protocol=tcp dst-address=:2773 action=drop log=yes disabled=no comment="Backdoor.YAI..Trojan-1"
ad protocol=tcp dst-address=:7215 action=drop log=yes disabled=no comment="Backdoor.YAI.Trojan-2"
ad protocol=tcp dst-address=:54283 action=drop log=yes disabled=no comment="Backdoor.YAI.Trojan-3"
ad protocol=tcp dst-address=:1003 action=drop log=yes disabled=no comment="BackDoorTrojan-1"
ad protocol=tcp dst-address=:5598 action=drop log=yes disabled=no comment="BackDoorTrojan-2"
ad protocol=tcp dst-address=:5698 action=drop log=yes disabled=no comment="BackDoorTrojan-3"
ad protocol=tcp dst-address=:2716 action=drop log=yes disabled=no comment="protocol=ayerTrojan-1"
ad protocol=tcp dst-address=:9999 action=drop log=yes disabled=no comment="protocol=ayerTrojan-2"
ad protocol=tcp dst-address=:21544 action=drop log=yes disabled=no comment="SwindlerTrojan-1"
ad protocol=tcp dst-address=:31554 action=drop log=yes disabled=no comment="SwindlerTrojan-2"
ad protocol=tcp dst-address=:18753 action=drop log=yes disabled=no comment="Shaft.DDoS.Trojan-1"
ad protocol=tcp dst-address=:20432 action=drop log=yes disabled=no comment="Shaft.DDoS.Trojan-2"
ad protocol=tcp dst-address=:65000 action=drop log=yes disabled=no comment="Devil.DDoS.Trojan"
ad protocol=tcp dst-address=:11831 action=drop log=yes disabled=no comment="LatinusTrojan-1"
ad protocol=tcp dst-address=:29559 action=drop log=yes disabled=no comment="LatinusTrojan-2"
ad protocol=tcp dst-address=:1784 action=drop log=yes disabled=no comment="Snid.X2Trojan-1"
ad protocol=tcp dst-address=:3586 action=drop log=yes disabled=no comment="Snid.X2Trojan-2"
ad protocol=tcp dst-address=:7609 action=drop log=yes disabled=no comment="Snid.X2Trojan-3"
ad protocol=tcp dst-address=:12348-12349 action=drop log=yes disabled=no comment="BionetTrojan-1"
ad protocol=tcp dst-address=:12478 action=drop log=yes disabled=no comment="BionetTrojan-2"
ad protocol=tcp dst-address=:57922 action=drop log=yes disabled=no comment="BionetTrojan-3"
ad protocol=tcp dst-address=:4444 action=drop log=yes disabled=no comment="Worm.MsBlaster-1"
ad protocol=tcp dst-address=:6777 action=drop log=yes disabled=no comment="Worm.BBeagle.a.Bagle.a."
ad protocol=tcp dst-address=:8866 action=drop log=yes disabled=no comment="Worm.BBeagle.b"
ad protocol=tcp dst-address=:2745 action=drop log=yes disabled=no comment="Worm.BBeagle.c-g/j-l"
ad protocol=tcp dst-address=:2556 action=drop log=yes disabled=no comment="Worm.BBeagle.p/q/r/n"
ad protocol=tcp dst-address=:20742 action=drop log=yes disabled=no comment="Worm.BBEagle.m-2"
ad protocol=tcp dst-address=:4751 action=drop log=yes disabled=no comment="Worm.BBeagle.s/t/u/v"
ad protocol=tcp dst-address=:2535 action=drop log=yes disabled=no comment="Worm.BBeagle.aa/ab/w/x-z-2"
ad protocol=tcp dst-address=:5238 action=drop log=yes disabled=no comment="Worm.LovGate.r.RpcExploit"
ad protocol=tcp dst-address=:1068 action=drop log=yes disabled=no comment="Worm.Sasser.a"
ad protocol=tcp dst-address=:5554 action=drop log=yes disabled=no comment="Worm.Sasser.b/c/f"
ad protocol=tcp dst-address=:9996 action=drop log=yes disabled=no comment="Worm.Sasser.b/c/f"
ad protocol=tcp dst-address=:9995 action=drop log=yes disabled=no comment="Worm.Sasser.d"
ad protocol=tcp dst-address=:10168 action=drop log=yes disabled=no comment="Worm.Lovgate.a/b/c/d"
ad protocol=tcp dst-address=:20808 action=drop log=yes disabled=no comment="Worm.Lovgate.v.QQ"
ad protocol=tcp dst-address=:1092 action=drop log=yes disabled=no comment="Worm.Lovgate.f/g"
ad protocol=tcp dst-address=:20168 action=drop log=yes disabled=no comment="Worm.Lovgate.f/g"
ad protocol=tcp dst-address=:593 action=drop log=yes disabled=no comment=""
ad protocol=tcp dst-address=:1214 action=drop log=yes disabled=no comment=""
ad protocol=tcp dst-address=:1363-1364 action=drop log=yes disabled=no comment="ndm.requester"
ad protocol=tcp dst-address=:1368 action=drop log=yes disabled=no comment="screen.cast"
ad protocol=tcp dst-address=:1373 action=drop log=yes disabled=no comment="hromgrafx"
ad protocol=tcp dst-address=:1377 action=drop log=yes disabled=no comment="cilid"
ad protocol=tcp dst-address=:3410 action=drop log=yes disabled=no comment="Backdoor.Optixprotocol=o"
ad protocol=udp dst-address=:135-139 action=drop log=yes disabled=nocomment=""
ad protocol=udp dst-address=:445 action=drop log=yes disabled=nocomment=""
ad protocol=udp dst-address=:8787 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-6"
ad protocol=udp dst-address=:8879 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-7"
ad protocol=udp dst-address=:31666 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-8"
ad protocol=udp dst-address=:31337-31338 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-9"
ad protocol=udp dst-address=:54320-54321 action=drop log=yes disabled=no comment="Back.Orifice.2000.Trojan-10"
ad protocol=udp dst-address=:12345-12346 action=drop log=yes disabled=no comment="Block.NetBus.Trojan-3"
ad protocol=udp dst-address=:20034 action=drop log=yes disabled=no comment="Block.NetBus.Trojan-4"
ad protocol=udp dst-address=:21554 action=drop log=yes disabled=no comment="GirlFriend.Trojan-2"
ad protocol=udp dst-address=:41 action=drop log=yes disabled=no comment="DeepThroat.Trojan-8"
ad protocol=udp dst-address=:3150 action=drop log=yes disabled=no comment="DeepThroat.Trojan-9"
ad protocol=udp dst-address=:999 action=drop log=yes disabled=no comment="DeepThroat.Trojan-10"
ad protocol=udp dst-address=:6670 action=drop log=yes disabled=no comment="DeepThroat.Trojan-11"
ad protocol=udp dst-address=:6771 action=drop log=yes disabled=no comment="DeepThroat.Trojan-12"
ad protocol=udp dst-address=:60000 action=drop log=yes disabled=no comment="DeepThroat.Trojan-13"
ad protocol=udp dst-address=:10067 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-5"
ad protocol=udp dst-address=:10167 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-6"
ad protocol=udp dst-address=:3700 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-7"
ad protocol=udp dst-address=:9872-9875 action=drop log=yes disabled=no comment="Portal.of.Doom.Trojan-8"
ad protocol=udp dst-address=:6883 action=drop log=yes disabled=no comment="Delta.Source.Trojan-5"
ad protocol=udp dst-address=:26274 action=drop log=yes disabled=no comment="Delta.Source.Trojan-6"
ad protocol=udp dst-address=:44444 action=drop log=yes disabled=no comment="Delta.Source.Trojan-7"
ad protocol=udp dst-address=:47262 action=drop log=yes disabled=no comment="Delta.Source.Trojan-8"
ad protocol=udp dst-address=:3791 action=drop log=yes disabled=no comment="Eclypse.Trojan-1"
ad protocol=udp dst-address=:3801 action=drop log=yes disabled=no comment="Eclypse.Trojan-2"
ad protocol=udp dst-address=:5880-5882 action=drop log=yes disabled=no comment="Eclypse.Trojan-3"
ad protocol=udp dst-address=:5888-5889 action=drop log=yes disabled=no comment="Eclypse.Trojan-4"
ad protocol=udp dst-address=:34555 action=drop log=yes disabled=no comment="Trin00.DDoS.Trojan-1"
ad protocol=udp dst-address=:35555 action=drop log=yes disabled=no comment="Trin00.DDoS.Trojan-2"
ad protocol=udp dst-address=:31338 action=drop log=yes disabled=no comment="NetSpy.DK.Trojan-1"
ad protocol=udp dst-address=:69 action=drop log=yes disabled=no comment="Worm.MsBlaster-2"
ad protocol=udp dst-address=:123 action=drop log=yes disabled=no comment="Worm.Sobig.f-1"
ad protocol=udp dst-address=:995-999 action=drop log=yes disabled=no comment="Worm.Sobig.f-2"
ad protocol=udp dst-address=:8998 action=drop log=yes disabled=no comment="Worm.Sobig.f-3" 只是防毒的,其实关一些经典端口就行了。
页:
[1]