全面搞定封锁QQ
终于搞定全面封锁QQ等问题。。。还是自己搞定了,请各位网友测试
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 \
comment="" disabled=no
上面这一条是解决部分网站打不开的问题
/ ip firewall nat
add chain=srcnat action=masquerade comment="" disabled=no
上面这一条是ADSL的封装
以下是全面封锁QQ,感谢一招制敌封锁QQ.QQ服务器地址可能有重复,不管了,能用就行!
/ ip firewall filter
add chain=forward src-address=192.168.1.250 action=accept comment="QQ" \
disabled=no
上面这一条是你想放行的主机的IP
add chain=forward protocol=tcp dst-port=8000 action=drop comment="QQ" \
disabled=no
add chain=forward protocol=udp dst-port=8000 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=61.144.238.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=61.152.100.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=61.141.194.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=202.96.170.163 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=202.104.129.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=202.104.193.20 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=202.104.193.11 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=202.104.193.12 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=218.17.209.23 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=218.18.95.153 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=218.18.95.165 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=218.18.95.220 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=218.85.138.70 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.38.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.49.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=220.133.40.0/24 action=drop comment="QQ" \
disabled=no
add chain=forward content=sz.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz2.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz3.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz4.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz5.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz6.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz7.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=sz8.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=tcpconn.tencent.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=tcpconn2.tencent.com action=reject \
reject-with=icmp-network-unreachable comment=" QQ" disabled=no
add chain=forward content=tcpconn3.tencent.com action=reject \
reject-with=icmp-network-unreachable comment=" QQ" disabled=no
add chain=forward content=tcpconn4.tencent.com action=reject \
reject-with=icmp-network-unreachable comment=" QQ" disabled=no
add chain=forward content=qq.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward content=www.qq.com action=reject \
reject-with=icmp-network-unreachable comment="QQ" disabled=no
add chain=forward dst-address=58.60.11.197 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.48.107 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.134.128.6 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.48.118 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.48.103 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=58.60.14.45 action=drop comment="QQ" disabled=no
add chain=forward dst-address=219.133.38.9 action=drop comment="QQ" \
disabled=no
add chain=forward protocol=udp dst-port=4000 action=drop comment="QQ" \
disabled=no
add chain=forward dst-address=219.133.0.0/16 protocol=tcp dst-port=80 \
action=drop comment="QQ" disabled=no
http://bbs.router.net.cn/read.php?tid=12497&fpage=3
回复 #1 dhp 的帖子
/ ip firewall mangleadd chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 \comment="xxxx"
disabled=no
这个怎么加不进??
另外http://www.verycd.com/ 这个网站怎么不能访问
我在前面加了一条,一些电脑不受限制上网的
[ 本帖最后由 issoexp 于 2006-8-29 15:45 编辑 ] 只能说可能qq登陆慢点或者有时登陆不上去,我觉得楼主这个办法想完全封掉qq是不可能的,不信你多试试看。
说白了,你的方法就是封qq服务器的端口和地址,但是qq服务器的地址经常有变动,我以前用ISA2004的时候,就是使用了封端口,封ip地址和数据包过滤三种方法才完全封掉。而楼主的方法,只封端口和ip地址,很多地址可能你很难查找,或者说过两天就变了(这个不是在乱说,在www.isacn.org里我们都测试过了),只有再加上数据包过滤才行,而这个功能就现在看来很少有路由器支持的,只有ISA SERVER才有。 是的三楼的说的有理,ISA 是可以完全封的,但现在是讨论ROS,QQ服务器地址变的话是没办法了,但至少用上面的现在还是可以成功封住QQ的. 我过滤了 tencent qq服务器不能解析了 哈哈~就不能登陆了. 多谢楼主,可能是mms值没设所以有些网页打不开了,呵呵.如果搞定下一步开始实验双ADSL(不同网关) 原帖由 codfish 于 2006-9-9 21:15 发表
我过滤了 tencent qq服务器不能解析了 哈哈~就不能登陆了.
QQ登录不需要域名解析,封tecent没用有。 要域名解析的。我就是封这个的。。封了QQ就不能上了错误报告上面显示,tencent的所有服务器都解析不了。
[ 本帖最后由 codfish 于 2006-9-11 12:00 编辑 ] 有这么简单就好了。 不能放行某个IP啊,,,,,要放行某个IP的话该怎么弄
页:
[1]