交流 › RouterOS › ros防火墙怎么导入呀?求解~~新手~

866286 发表于 2006-10-8 18:32:22

ros防火墙怎么导入呀?求解~~新手~

今天刚装了ROS2.8. 28 但是没设置防火墙,不知道怎么设置,在论坛里找到了一条规则如下,希望高手告诉我怎么从WINBOX导入..谢谢

/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="virus" policy=none comment=""
/ ip firewall rule forward
add connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add connection-state=established action=accept comment="Established connections" disabled=no
add connection-state=related action=accept comment="Related connections" disabled=no
add action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
add protocol=udp action=accept comment="UDP" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept comment="Allow limited pings" disabled=no
add protocol=icmp action=drop comment="Drop excess pings" disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add tcp-options=non-syn-only connection-state=established action=accept comment="Accept established connections"   disabled=no
add connection-state=related action=accept comment="Accept related connections" disabled=no
add action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
add protocol=udp action=accept comment="UDP" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept comment="Allow limited pings" disabled=no
add protocol=icmp action=drop comment="Drop excess pings" disabled=no
add dst-address=:22 protocol=tcp action=accept comment="SSH for demo purposes" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="Telnet for demo purposes" disabled=no
add dst-address=:80 protocol=tcp action=accept comment="http for demo purposes" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="winbox for demo purposes" disabled=no
add action=drop log=yes comment="Log and drop everything else" disabled=no
/ ip firewall rule output
add protocol=tcp tcp-options=syn-only action=drop log=yes comment="" disabled=no
/ ip firewall rule virus
add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
add dst-address=:135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
add dst-address=:445 protocol=udp action=drop comment="Drop Blaster Worm" disabled=no
add dst-address=:593 protocol=tcp action=drop comment="________" disabled=no
add dst-address=:1024-1030 protocol=tcp action=drop comment="________" disabled=no
add dst-address=:1080 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
add dst-address=:1214 protocol=tcp action=drop comment="________" disabled=no
add dst-address=:1363 protocol=tcp action=drop comment="ndm requester" disabled=no
add dst-address=:1364 protocol=tcp action=drop comment="ndm server" disabled=no
add dst-address=:1368 protocol=tcp action=drop comment="screen cast" disabled=no
add dst-address=:1373 protocol=tcp action=drop comment="hromgrafx" disabled=no
add dst-address=:1377 protocol=tcp action=drop comment="cichlid" disabled=no
add dst-address=:1433-1434 protocol=tcp action=drop comment="Worm" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="Bagle Virus" disabled=no
add dst-address=:2283 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
add dst-address=:2535 protocol=tcp action=drop comment="Drop Beagle" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="Drop Beagle.C-K" disabled=no
add dst-address=:3127-3128 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
add dst-address=:3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro" disabled=no
add dst-address=:4444 protocol=tcp action=drop comment="Worm" disabled=no
add dst-address=:4444 protocol=udp action=drop comment="Worm" disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="Drop Sasser" disabled=no
add dst-address=:8866 protocol=tcp action=drop comment="Drop Beagle.B" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="Drop Dabber.A-B" disabled=no
add dst-address=:10000 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
add dst-address=:10080 protocol=tcp action=drop comment="Drop MyDoom.B" disabled=no
add dst-address=:12345 protocol=tcp action=drop comment="Drop NetBus" disabled=no
add dst-address=:17300 protocol=tcp action=drop comment="Drop Kuang2" disabled=no
add dst-address=:27374 protocol=tcp action=drop comment="Drop SubSeven" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no

god4u 发表于 2006-10-8 21:09:23

回复 #1 866286 的帖子

:') :') :') ??

hzkane 发表于 2006-10-9 13:11:22

做成*.rsc文件.

在控制台上输入imp *.rsc;P :lol

lfitwy 发表于 2006-10-9 13:33:01

复制 粘贴

wyuan523 发表于 2006-11-17 09:08:39

. 。。

blueye025 发表于 2006-11-17 13:58:30

复制.粘贴.或者导入都可以
导入的话你必须上传到你ros里

查看完整版本: ros防火墙怎么导入呀?求解~~新手~