可否把ros2.9x防火墙缩短代码
就最近的IGM病毒.我在ros中写下如下的防范:/ ip firewall filter
add chain=forward dst-address=60.190.203.150 action=drop comment="封IGM病毒" \
disabled=no
add chain=forward content=t.11se.com action=drop comment="drop t.11se.com" \
disabled=no
add chain=forward content=www.94ak.com action=drop comment="drop w ww.94ak.com" \
disabled=no
add chain=forward content=www.99mmm.com action=drop comment="drop \
ww w.99mmm.com" disabled=no
add chain=forward content=ask.35832.com action=drop comment="drop \
ask.35832.com" disabled=no
add chain=forward content=www.35832.com action=drop comment="drop \
w ww.35832.com" disabled=no
add chain=forward dst-address=212.22.225.82 action=drop comment="drop \
212.22.225.82" disabled=no
add chain=forward dst-address=203.174.87.210 action=drop comment="drop \
203.174.87.210" disabled=no
add chain=forward dst-address=64.233.167.99 action=drop comment="drop \
64.233.167.99" disabled=no
add chain=forward dst-address=58.211.79.107 action=drop comment="drop \
58.211.79.107" disabled=no
add chain=forward dst-address=219.153.42.98 action=drop comment="drop \
219.153.42.98" disabled=no
add chain=forward dst-address=221.130.191.207 action=drop comment="drop \
221.130.191.207" disabled=no
add chain=forward dst-address=60.190.203.150 action=log log-prefix="" \
comment="封IGM病毒" disabled=no
add chain=forward content=t.11se.com action=log log-prefix="" comment="drop \
t.11se.com" disabled=no
add chain=forward content=www.94ak.com action=log log-prefix="" comment="drop \
w ww.94ak.com" disabled=no
add chain=forward content=www.99mmm.com action=log log-prefix="" comment="drop \
w ww.99mmm.com" disabled=no
add chain=forward content=ask.35832.com action=log log-prefix="" comment="drop \
ask.35832.com" disabled=no
add chain=forward content=www.35832.com action=log log-prefix="" comment="drop \
w ww.35832.com" disabled=no
add chain=forward dst-address=212.22.225.82 action=log log-prefix="" \
comment="drop 212.22.225.82" disabled=no
add chain=forward dst-address=203.174.87.210 action=log log-prefix="" \
comment="drop 203.174.87.210" disabled=no
add chain=forward dst-address=64.233.167.99 action=log log-prefix="" \
comment="drop 64.233.167.99" disabled=no
add chain=forward dst-address=58.211.79.107 action=log log-prefix="" \
comment="drop 58.211.79.107" disabled=no
add chain=forward dst-address=219.153.42.98 action=log log-prefix="" \
comment="drop 219.153.42.98" disabled=no
add chain=forward dst-address=221.130.191.207 action=log log-prefix="" \
comment="drop 221.130.191.207" disabled=no
===================
现在的问题是:您有没有什么好的办法让防火墙与上面代码作用相同.但代码段短些?(为了不让www成链接.我在中间加了空格)
比如:把发现有防问规则地址记录到日志的做到一条里面去.我试着写为:add chain=forward dst=address=212.22.225.82;......;221.130.191.207 action=log comm="发现病毒做记录" dis=no
请高手帮忙.来为我缩写上面的代码.一定要作用一样吧.不可缩水.
[ 本帖最后由 baisen 于 2007-10-29 10:19 编辑 ] 你说的是IP地址吗?用地址列表 地址列表??ros里怎么做啊.怎么应用啊?请写出代码来好不.谢谢.
页:
[1]