gekunfei 发表于 2008-3-18 12:40:01

address ranges may not overlap

我在官网下了,最新的防火墙规则,可是导入时出错如下:
> import firewall_v13.rsc
Opening script file firewall_v13.rsc
Script file loaded and executed successfully
address ranges may not overlap
这一行红字是什么意思,我其它的设置还没有做,这是第一个

看前面有贴子说文件中一个IP错了,谁能告诉我怎么改,刚接触这个路由软件。

tpy372 发表于 2008-3-18 15:56:36

改ranges就是掩码

gekunfei 发表于 2008-3-18 16:14:08

# www.mikrotik.com.cn RouterOS v2.9
# firewall filte scripts v1.4
# Edit YuS
#
/ip firewall address-list
add address=8.15.231.110/32 list=Robotdog
add address=8.15.231.106/32 list=Robotdog
add address=64.191.196.129/32 list=Robotdog
add address=222.80.102.11/24 list=Robotdog
add address=212.72.57.246/32 list=Robotdog
add address=208.254.26.132/32 list=Robotdog
add address=66.116.125.156/32 list=Robotdog
add address=121.10.107.156/32 list=Robotdog
add address=218.244.142.39/32 list=Robotdog
add address=66.246.195.42/32 list=Robotdog
add address=218.16.120.45/32 list=Robotdog
add address=219.153.14.212/32 list=Robotdog
add address=8.15.231.108/32 list=Robotdog
add address=202.102.192.167/32 list=Robotdog
add address=8.15.231.82/32 list=Robotdog
add address=218.22.255.187/32 list=Robotdog
add address=218.244.142.52/32 list=Robotdog
add address=124.40.41.79/32 list=Robotdog
add address=66.116.125.125/32 list=Robotdog
add address=204.251.15.176/32 list=Robotdog
add address=69.46.28.90/32 list=Robotdog
add address=69.46.228.42/32 list=Robotdog
add address=66.154.120.122/32 list=Robotdog
add address=218.15.233.195/32 list=Robotdog
add address=69.25.47.164/32 list=Robotdog
add address=66.116.125.49/32 list=Robotdog
add address=4.36.66.178/32 list=Robotdog
add address=70.87.59.134/32 list=Robotdog
add address=64.14.244.60/32 list=Robotdog
add address=64.27.4.185/32 list=Robotdog
add address=66.116.125.150/32 list=Robotdog
add address=211.245.106.208/32 list=Robotdog
add address=216.86.155.41/32 list=Robotdog
add address=61.184.189.19/32 list=Robotdog
add address=64.34.46.60/32 list=Robotdog
add address=218.89.171.50/32 list=Robotdog
add address=222.173.145.254/32 list=Robotdog
add address=221.233.134.179/32 list=Robotdog
add address=82.98.86.172/32 list=Robotdog
add address=218.85.134.146/32 list=Robotdog
add address=207.189.109.37/32 list=Robotdog
add address=218.38.54.50/32 list=Robotdog
add address=208.254.29.236/32 list=Robotdog
add address=216.178.176.15/32 list=Robotdog
add address=64.70.54.41/32 list=Robotdog
add address=66.116.125.112/32 list=Robotdog
add address=66.116.125.99/32 list=Robotdog
add address=208.73.212.12/32 list=Robotdog
add address=207.13.193.72/32 list=Robotdog
add address=66.116.125.192/32 list=Robotdog
add address=202.102.199.163/32 list=Robotdog
add address=61.128.173.184/32 list=Robotdog
add address=9.25.231.102/32 list=Robotdog
add address=211.130.191.207/32 list=Robotdog
add address=72.8.131.28/32 list=Robotdog
add address=208.113.196.32/32 list=Robotdog
add address=8.15.231.116/32 list=Robotdog
add address=58.211.0.236/32 list=Robotdog
add address=211.100.68.198/32 list=Robotdog
add address=60.12.164.28/32 list=Robotdog
add address=8.15.231.117/32 list=Robotdog
add address=58.42.131.129/32 list=Robotdog
add address=58.51.62.182/32 list=Robotdog
add address=58.60.13.71/32 list=Robotdog
add address=58.211.79.78/32 list=Robotdog
add address=58.211.79.98/32 list=Robotdog
add address=58.211.79.100/32 list=Robotdog
add address=58.211.79.101/32 list=Robotdog
add address=58.211.79.102/32 list=Robotdog
add address=58.211.79.103/32 list=Robotdog
add address=58.211.79.104/32 list=Robotdog
add address=58.211.79.105/32 list=Robotdog
add address=58.211.79.106/32 list=Robotdog
add address=58.211.79.107/32 list=Robotdog
add address=58.211.79.117/32 list=Robotdog
add address=58.211.138.80/32 list=Robotdog
add address=58.211.138.81/32 list=Robotdog
add address=58.211.138.82/32 list=Robotdog
add address=59.34.148.217/32 list=Robotdog
add address=59.34.197.224/32 list=Robotdog
add address=59.34.198.103/32 list=Robotdog
add address=59.34.198.104/32 list=Robotdog
add address=59.34.198.105/32 list=Robotdog
add address=59.34.198.163/32 list=Robotdog
add address=59.34.198.165/32 list=Robotdog
add address=59.34.198.167/32 list=Robotdog
add address=59.34.198.222/32 list=Robotdog
add address=59.34.198.228/32 list=Robotdog
add address=59.39.66.52/32 list=Robotdog
add address=59.39.71.102/32 list=Robotdog
add address=59.60.30.110/32 list=Robotdog
add address=59.151.31.139/32 list=Robotdog
add address=59.172.179.69/32 list=Robotdog
add address=60.12.166.133/32 list=Robotdog   
add address=60.28.197.55/32 list=Robotdog
add address=60.28.209.41/32 list=Robotdog
add address=60.169.1.82/32 list=Robotdog
add address=60.173.11.137/32 list=Robotdog
add address=60.173.11.149/32 list=Robotdog
add address=60.190.101.206/32 list=Robotdog
add address=60.190.110.47/32 list=Robotdog
add address=60.190.114.94/32 list=Robotdog
add address=60.190.114.95/32 list=Robotdog
add address=60.190.114.101/32 list=Robotdog
add address=60.190.114.150/32 list=Robotdog
add address=60.190.118.15/32 list=Robotdog
add address=60.190.118.22/32 list=Robotdog
add address=60.190.118.27/32 list=Robotdog
add address=60.190.118.31/32 list=Robotdog
add address=60.190.118.50/32 list=Robotdog
add address=60.190.118.71/32 list=Robotdog
add address=60.190.118.182/32 list=Robotdog
add address=60.190.118.193/32 list=Robotdog
add address=74.222.132.186/32 list=Robotdog
add address=60.190.118.203/32 list=Robotdog
add address=60.190.118.252/32 list=Robotdog
add address=60.190.147.126/32 list=Robotdog
add address=60.190.154.44/32 list=Robotdog
add address=74.222.132.178/32 list=Robotdog
add address=60.190.203.150/32 list=Robotdog
add address=60.190.216.202/32 list=Robotdog
add address=60.190.218.64/32 list=Robotdog
add address=67.229.127.178/32 list=Robotdog
add address=60.190.222.235/32 list=Robotdog
add address=60.190.222.150/32 list=Robotdog
add address=60.190.223.30/32 list=Robotdog
add address=60.190.223.117/32 list=Robotdog
add address=60.191.124.236/32 list=Robotdog
add address=60.191.239.123/32 list=Robotdog
add address=60.195.249.247/32 list=Robotdog
add address=60.209.5.183/32 list=Robotdog
add address=61.28.197.56/32 list=Robotdog
add address=61.28.197.246/32 list=Robotdog
add address=61.139.37.146/32 list=Robotdog
add address=61.147.118.198/32 list=Robotdog
add address=61.152.105.181/32 list=Robotdog
add address=61.152.105.182/32 list=Robotdog
add address=61.152.105.183/32 list=Robotdog
add address=61.152.105.184/32 list=Robotdog
add address=61.152.108.76/32 list=Robotdog
add address=61.152.234.28/32 list=Robotdog
add address=61.152.245.36/32 list=Robotdog
add address=61.164.145.35/32 list=Robotdog
add address=61.172.202.46/32 list=Robotdog
add address=61.172.203.136/32 list=Robotdog
add address=61.175.235.200/32 list=Robotdog
add address=61.188.38.145/32 list=Robotdog
add address=61.188.178.119/32 list=Robotdog
add address=61.236.145.194/32 list=Robotdog
add address=64.233.167.99/32 list=Robotdog
add address=66.249.89.165/32 list=Robotdog
add address=67.43.156.18/32 list=Robotdog
add address=72.8.131.30/32 list=Robotdog
add address=72.14.235.164/32 list=Robotdog
add address=72.232.65.210/32 list=Robotdog
add address=74.222.12.146/32 list=Robotdog
add address=74.222.132.78/32 list=Robotdog
add address=74.222.141.210/32 list=Robotdog
add address=77.67.126.17/32 list=Robotdog
add address=80.190.240.125/32 list=Robotdog
add address=80.252.110.146/32 list=Robotdog
add address=102.105.101.126/32 list=Robotdog
add address=121.10.115.89/32 list=Robotdog
add address=121.14.73.120/32 list=Robotdog
add address=122.224.11.4/32 list=Robotdog
add address=124.42.125.37/32 list=Robotdog
add address=124.131.216.140/32 list=Robotdog
add address=124.237.227.217/32 list=Robotdog
add address=125.90.88.38/32 list=Robotdog
add address=125.91.104.177/32 list=Robotdog
add address=159.226.7.162/32 list=Robotdog
add address=202.104.57.161/32 list=Robotdog
add address=203.174.87.210/32 list=Robotdog
add address=203.209.245.168/32 list=Robotdog
add address=205.209.142.43/32 list=Robotdog
add address=205.209.142.139/32 list=Robotdog
add address=205.209.142.142/32 list=Robotdog
add address=205.209.142.146/32 list=Robotdog
add address=207.46.232.182/32 list=Robotdog
add address=207.188.24.159/32 list=Robotdog   
add address=208.70.76.117/32 list=Robotdog
add address=210.14.65.248/32 list=Robotdog
add address=210.192.122.106/32 list=Robotdog
add address=210.192.122.107/32 list=Robotdog
add address=212.22.225.82/32 list=Robotdog
add address=212.173.87.210/32 list=Robotdog
add address=218.1.100.40/32 list=Robotdog
add address=218.1.100.41/32 list=Robotdog
add address=218.1.100.42/32 list=Robotdog
add address=218.1.100.43/32 list=Robotdog
add address=218.4.151.210/32 list=Robotdog
add address=218.5.78.216/32 list=Robotdog
add address=218.16.124.76/32 list=Robotdog
add address=218.30.64.194/32 list=Robotdog
add address=218.30.88.43/32 list=Robotdog
add address=218.75.91.248/32 list=Robotdog
add address=218.80.182.146/32 list=Robotdog
add address=218.83.161.16/32 list=Robotdog
add address=218.89.130.32/32 list=Robotdog
add address=218.91.191.193/32 list=Robotdog
add address=218.93.16.84/32 list=Robotdog
add address=218.206.142.162/32 list=Robotdog
add address=219.129.216.210/32 list=Robotdog
add address=219.144.218.36/32 list=Robotdog
add address=219.149.171.49/32 list=Robotdog
add address=219.151.8.119/32 list=Robotdog
add address=219.152.120.16/32 list=Robotdog
add address=219.153.40.156/32 list=Robotdog
add address=219.153.42.98/32 list=Robotdog
add address=219.153.55.113/32 list=Robotdog
add address=219.239.94.47/32 list=Robotdog
add address=219.238.233.11/32 list=Robotdog
add address=219.238.233.110/32 list=Robotdog
add address=220.173.60.91/32 list=Robotdog
add address=220.181.3.23/32 list=Robotdog
add address=220.181.3.24/32 list=Robotdog
add address=220.181.4.26/32 list=Robotdog
add address=220.181.4.27/32 list=Robotdog
add address=220.181.4.28/32 list=Robotdog
add address=220.189.255.29/32 list=Robotdog
add address=221.123.93.77/32 list=Robotdog
add address=221.130.191.207/32 list=Robotdog
add address=221.238.249.18/32 list=Robotdog
add address=221.238.249.23/32 list=Robotdog
add address=222.33.254.243/32 list=Robotdog
add address=222.73.127.32/32 list=Robotdog
add address=222.73.127.33/32 list=Robotdog
add address=222.73.220.45/32 list=Robotdog
add address=222.73.230.17/32 list=Robotdog
add address=222.73.230.39/32 list=Robotdog
add address=222.80.102.11/32 list=Robotdog
add address=222.172.210.181/32 list=Robotdog
add address=222.186.8.88/32 list=Robotdog
add address=222.186.9.13/32 list=Robotdog
add address=222.208.183.146/32 list=Robotdog
add address=218.83.161.156/32 list=Robotdog
add address=221.231.138.42/32 list=Robotdog
add address=60.73.11.137/32 list=Robotdog
add address=203.74.87.210/32 list=Robotdog
add address=60.73.11.149/32 list=Robotdog
add address=61.191.55.81/32 list=Robotdog
add address=220.73.60.91/32 list=Robotdog
add address=207.218.235.178/32 list=Robotdog
add address=122.224.11.41/32 list=Robotdog
add address=211.157.36.83/32 list=Robotdog
add address=202.98.223.85/32 list=Robotdog
add address=122.224.11.4/32 list=Robotdog
add address=222.76.217.12/32 list=Robotdog
add address=60.190.223.161/32 list=Robotdog
add address=211.147.251.63/32 list=Robotdog
add address=63.214.247.170/32 list=Robotdog
add address=67.18.195.21/32 list=Robotdog
add address=216.92.187.245/32 list=Robotdog
add address=66.45.252.236/32 list=Robotdog
add address=69.65.22.215/32 list=Robotdog
add address=194.97.136.180/32 list=Robotdog
add address=64.136.25.165/32 list=Robotdog
/ip firewall filter
add chain=input connection-state=invalid action=drop \
    comment="丢弃非法连接数据" disabled=no
/ip firewall filter
add action=drop chain=forward comment="机器狗目标地址过滤" disabled=no dst-address-list=Robotdog
add action=jump chain=forward comment="跳转机器狗过域名滤规则" disabled=no jump-target=Robotdog
add chain=input protocol=tcp dst-port=80 connection-limit=20,0 action=drop \
    comment="限制总http连接数为20" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
    comment="探测并丢弃端口扫描连接" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
    action=tarpit comment="压制DoS攻击" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
    action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d comment="探测DoS攻击" disabled=no
add chain=input dst-address-type=!local action=drop comment="丢弃掉非本地数据" \
    disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP \
    comment="跳转到ICMP链表" disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
    comment="Ping应答限制为每秒5个包" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
    comment="Traceroute限制为每秒5个包" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
    comment="MTU线路探测限制为每秒5个包" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
    comment="Ping请求限制为每秒5个包" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
    comment="Trace TTL限制为每秒5个包" disabled=no
add chain=ICMP protocol=icmp action=drop comment="丢弃掉任何ICMP数据" \
    disabled=no
add chain=forward connection-state=invalid action=drop \
    comment="丢弃非法数据包" disabled=no
add chain=forward protocol=tcp connection-limit=80,32 action=drop \
    comment="限制每个主机TCP连接数为80条" disabled=no
add chain=forward src-address-type=!unicast action=drop \
    comment="丢弃掉所有非单播数据" disabled=no
add chain=forward protocol=icmp action=jump jump-target=ICMP \
    comment="跳转到ICMP链表" disabled=no
add chain=forward action=jump jump-target=virus comment="跳转到病毒链表" \
    disabled=no
add chain=virus protocol=tcp dst-port=41 action=drop \
    comment="DeepThroat.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=82 action=drop \
    comment="Worm.NetSky.Y@mm" disabled=no
add chain=virus protocol=tcp dst-port=113 action=drop \
    comment="W32.Korgo.A/B/C/D/E/F-1" disabled=no
add chain=virus protocol=tcp dst-port=2041 action=drop \
    comment="W33.Korgo.A/B/C/D/E/F-2" disabled=no
add chain=virus protocol=tcp dst-port=3150 action=drop \
    comment="DeepThroat.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=3067 action=drop \
    comment="W32.Korgo.A/B/C/D/E/F-3" disabled=no
add chain=virus protocol=tcp dst-port=3422 action=drop \
    comment="Backdoor.IRC.Aladdinz.R-1" disabled=no
add chain=virus protocol=tcp dst-port=6667 action=drop \
    comment="W32.Korgo.A/B/C/D/E/F-4" disabled=no
add chain=virus protocol=tcp dst-port=6789 action=drop \
    comment="Worm.NetSky.S/T/U@mm" disabled=no
add chain=virus protocol=tcp dst-port=8787 action=drop \
    comment="Back.Orifice.2000.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=8879 action=drop \
    comment="Back.Orifice.2000.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=8967 action=drop \
    comment="W32.Dabber.A/B-2" disabled=no
add chain=virus protocol=tcp dst-port=9999 action=drop \
    comment="W32.Dabber.A/B-3" disabled=no
add chain=virus protocol=tcp dst-port=20034 action=drop \
    comment="Block.NetBus.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=21554 action=drop \
    comment="GirlFriend.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=31666 action=drop \
    comment="Back.Orifice.2000.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=43958 action=drop \
    comment="Backdoor.IRC.Aladdinz.R-2" disabled=no
add chain=virus protocol=tcp dst-port=999 action=drop \
    comment="DeepThroat.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=6670 action=drop \
    comment="DeepThroat.Trojan-4" disabled=no
add chain=virus protocol=tcp dst-port=6771 action=drop \
    comment="DeepThroat.Trojan-5" disabled=no
add chain=virus protocol=tcp dst-port=60000 action=drop \
    comment="DeepThroat.Trojan-6" disabled=no
add chain=virus protocol=tcp dst-port=2140 action=drop \
    comment="DeepThroat.Trojan-7" disabled=no
add chain=virus protocol=tcp dst-port=10067 action=drop \
    comment="Portal.of.Doom.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=10167 action=drop \
    comment="Portal.of.Doom.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=3700 action=drop \
    comment="Portal.of.Doom.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
    comment="Portal.of.Doom.Trojan-4" disabled=no
add chain=virus protocol=tcp dst-port=6883 action=drop \
    comment="Delta.Source.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=26274 action=drop \
    comment="Delta.Source.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop \
    comment="Delta.Source.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=47262 action=drop \
    comment="Delta.Source.Trojan-4" disabled=no
add chain=virus protocol=tcp dst-port=3791 action=drop \
    comment="Eclypse.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=3801 action=drop \
    comment="Eclypse.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=65390 action=drop \
    comment="Eclypse.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
    comment="Y3K.RAT.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
    comment="Y3K.RAT.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
    comment="NetSphere.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=30133 action=drop \
    comment="NetSphere.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
    comment="NetMonitor.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
    comment="NetMonitor.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=79 action=drop \
    comment="FireHotcker.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=5031 action=drop \
    comment="FireHotcker.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=5321 action=drop \
    comment="FireHotcker.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=6400 action=drop \
    comment="TheThing.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=1047 action=drop \
    comment="GateCrasher.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
    comment="GateCrasher.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=2774 action=drop comment="SubSeven-1" \
    disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="SubSeven-2" \
    disabled=no
add chain=virus protocol=tcp dst-port=1243 action=drop comment="SubSeven-3" \
    disabled=no
add chain=virus protocol=tcp dst-port=1234 action=drop comment="SubSeven-4" \
    disabled=no
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
    comment="SubSeven-5" disabled=no
add chain=virus protocol=tcp dst-port=16959 action=drop comment="SubSeven-7" \
    disabled=no
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
    comment="Moonpie.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=25982 action=drop \
    comment="Moonpie.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
    comment="NetSpy.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=8102 action=drop comment="Trojan" \
    disabled=no
add chain=virus protocol=tcp dst-port=8011 action=drop comment="WAY.Trojan" \
    disabled=no
add chain=virus protocol=tcp dst-port=7626 action=drop comment="Trojan.BingHe" \
    disabled=no
add chain=virus protocol=tcp dst-port=19191 action=drop \
    comment="Trojan.NianSeHoYian" disabled=no
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
    comment="NetBull.Trojan" disabled=no
add chain=virus protocol=tcp dst-port=2583 action=drop \
    comment="WinCrash.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=3024 action=drop \
    comment="WinCrash.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=4092 action=drop \
    comment="WinCrash.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=5714 action=drop \
    comment="WinCrash.Trojan-4" disabled=no
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
    comment="Doly1.0/1.35/1.5trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=1015 action=drop \
    comment="Doly1.0/1.35/1.5trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
    comment="TransScout.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=9878 action=drop \
    comment="TransScout.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=2773 action=drop \
    comment="Backdoor.YAI..Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=7215 action=drop \
    comment="Backdoor.YAI.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=54283 action=drop \
    comment="Backdoor.YAI.Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=1003 action=drop \
    comment="BackDoorTrojan-1" disabled=no
add chain=virus protocol=tcp dst-port=5598 action=drop \
    comment="BackDoorTrojan-2" disabled=no
add chain=virus protocol=tcp dst-port=5698 action=drop \
    comment="BackDoorTrojan-3" disabled=no
add chain=virus protocol=tcp dst-port=31554 action=drop \
    comment="SchainwindlerTrojan-2" disabled=no
add chain=virus protocol=tcp dst-port=18753 action=drop \
    comment="Shaft.DDoS.Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=20432 action=drop \
    comment="Shaft.DDoS.Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=65000 action=drop \
    comment="Devil.DDoS.Trojan" disabled=no
add chain=virus protocol=tcp dst-port=11831 action=drop \
    comment="LatinusTrojan-1" disabled=no
add chain=virus protocol=tcp dst-port=29559 action=drop \
    comment="LatinusTrojan-2" disabled=no
add chain=virus protocol=tcp dst-port=1784 action=drop \
    comment="Snid.X2Trojan-1" disabled=no
add chain=virus protocol=tcp dst-port=3586 action=drop \
    comment="Snid.X2Trojan-2" disabled=no
add chain=virus protocol=tcp dst-port=7609 action=drop \
    comment="Snid.X2Trojan-3" disabled=no
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
    comment="BionetTrojan-1" disabled=no
add chain=virus protocol=tcp dst-port=12478 action=drop \
    comment="BionetTrojan-2" disabled=no
add chain=virus protocol=tcp dst-port=57922 action=drop \
    comment="BionetTrojan-3" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop \
    comment="Worm.Novarg.a.Mydoom.a1." disabled=no
add chain=virus protocol=tcp dst-port=6777 action=drop \
    comment="Worm.BBeagle.a.Bagle.a." disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop \
    comment="Worm.BBeagle.b" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop \
    comment="Worm.BBeagle.c-g/j-l" disabled=no
add chain=virus protocol=tcp dst-port=2556 action=drop \
    comment="Worm.BBeagle.p/q/r/n" disabled=no
add chain=virus protocol=tcp dst-port=20742 action=drop \
    comment="Worm.BBEagle.m-2" disabled=no
add chain=virus protocol=tcp dst-port=4751 action=drop \
    comment="Worm.BBeagle.s/t/u/v" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop \
    comment="Worm.BBeagle.aa/ab/w/x-z-2" disabled=no
add chain=virus protocol=tcp dst-port=5238 action=drop \
    comment="Worm.LovGate.r.RpcExploit" disabled=no
add chain=virus protocol=tcp dst-port=1068 action=drop comment="Worm.Sasser.a" \
    disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop \
    comment="Worm.Sasser.b/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9996 action=drop \
    comment="Worm.Sasser.b/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9995 action=drop comment="Worm.Sasser.d" \
    disabled=no
add chain=virus protocol=tcp dst-port=10168 action=drop \
    comment="Worm.Lovgate.a/b/c/d" disabled=no
add chain=virus protocol=tcp dst-port=20808 action=drop \
    comment="Worm.Lovgate.v.QQ" disabled=no
add chain=virus protocol=tcp dst-port=1092 action=drop \
    comment="Worm.Lovgate.f/g" disabled=no
add chain=virus protocol=tcp dst-port=20168 action=drop \
    comment="Worm.Lovgate.f/g" disabled=no
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \
    comment="ndm.requester" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen.cast" \
    disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
    disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichainlid" \
    disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop \
    comment="Backdoor.Optixprotocol" disabled=no
add chain=virus protocol=tcp dst-port=8888 action=drop \
    comment="Worm.BBeagle.b" disabled=no
add chain=virus protocol=udp dst-port=44444 action=drop \
    comment="Delta.Source.Trojan-7" disabled=no
add chain=virus protocol=udp dst-port=8998 action=drop \
    comment="Worm.Sobig.f-3" disabled=no
add chain=virus protocol=udp dst-port=123 action=drop comment="Worm.Sobig.f-1" \
    disabled=no
add chain=virus protocol=tcp dst-port=3198 action=drop \
    comment="Worm.Novarg.a.Mydoom.a2." disabled=no
add chain=virus protocol=tcp dst-port=139 action=drop comment="Drop Blaster \
    Worm" disabled=no
add chain=virus protocol=tcp dst-port=135 action=drop comment="Drop Blaster \
    Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
    Worm" disabled=no
add chain=forward action=accept comment="接受所有数据" disabled=no
add action=drop chain=Robotdog comment="" content=yu.8s7.net disabled=no
add action=drop chain=Robotdog comment="" content=www.777ggg.com disabled=no
add action=drop chain=Robotdog comment="" content=18mo.com disabled=no
add action=drop chain=Robotdog comment="" content=xxx.m111.biz disabled=no
add action=drop chain=Robotdog comment="" content=xxx.mmma.biz disabled=no
add action=drop chain=Robotdog comment="" content=11SSS.COM disabled=no
add action=drop chain=Robotdog comment="" content=jopenqq.com disabled=no
add action=drop chain=Robotdog comment="" content=t.11se.com disabled=no
add action=drop chain=Robotdog comment="" content=www.94ak.com disabled=no
add action=drop chain=Robotdog comment="" content=ask.35832.com disabled=no
add action=drop chain=Robotdog comment="" content=wwww.35832.com disabled=no
add action=drop chain=Robotdog comment="" content=www.pt950yr.cn disabled=no
add action=drop chain=Robotdog comment="" content=832823.cn disabled=no
add action=drop chain=Robotdog comment="" content=www.99mmm.com disabled=no
add action=drop chain=Robotdog comment="" content=rrr.jopenkk.com disabled=no
add action=drop chain=Robotdog comment="" content=366ip.com disabled=no
add action=drop chain=Robotdog comment="" content=www.366ip.com disabled=no
add action=drop chain=Robotdog comment="" content=www.161816.com disabled=no
add action=drop chain=Robotdog comment="" content=down.dj7788.cn disabled=no
add action=drop chain=Robotdog comment="" content=www.15197.com disabled=no
add action=drop chain=Robotdog comment="" content=www.66ki.cn disabled=no
add action=drop chain=Robotdog comment="" content=xx.exiao01.com disabled=no
add action=drop chain=Robotdog comment="" content=1.ehai01.com disabled=no
add action=drop chain=Robotdog comment="" content=bbb.ehai01.com disabled=no
add action=drop chain=Robotdog comment="" content=a.6u6.biz disabled=no
add action=drop chain=Robotdog comment="" content=www.exiao00.com disabled=no
add action=drop chain=Robotdog comment="" content=www.shliao.com disabled=no
add action=drop chain=Robotdog comment="" content=love.netskys.cn disabled=no
add action=drop chain=Robotdog comment="" content=www.luckbird8.cn disabled=no
add action=drop chain=Robotdog comment="" content=www.webye163.com disabled=no
add action=drop chain=Robotdog comment="" content=www.3389qiqi.com disabled=no
add action=drop chain=Robotdog comment="" content=www.nba1234671.com disabled=no
add action=drop chain=Robotdog comment="" content=down.18.dd.net disabled=no
add action=drop chain=Robotdog comment="" content=qqq.dzydhx.com disabled=no
add action=drop chain=Robotdog comment="" content=mmpp.lovemmll.cn disabled=no
add action=drop chain=Robotdog comment="" content=www.333292.com disabled=no
add action=drop chain=Robotdog comment="" content=www.caiyi8.com disabled=no
add action=drop chain=Robotdog comment="" content=www.zhaoyou8.com disabled=no

/ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=5h tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=2m icmp-timeout=10s generic-timeout=5m
直接告诉我哪儿错了就行,我实在找不到哪儿错了,谢谢

tpy372 发表于 2008-3-18 18:16:16

眼都花,去学习一下子网掩码的概念,用子网掩码计算器自己算一下。。。
像这种简单考耐心的功夫,没人帮到你:L

gekunfei 发表于 2008-3-18 19:25:02

我根本就不知道算哪儿,下面这两句 \ 的位置不同有什么区别,哪个是对的,哪个是错的,\ 是做什么用的
add chain=virus protocol=tcp dst-port=5238 action=drop \ comment="Worm.LovGate.r.RpcExploit" disabled=no
add chain=virus protocol=tcp dst-port=1068 action=drop comment="Worm.Sasser.a" \ disabled=no

gekunfei 发表于 2008-3-19 13:45:18

我发现应该是最后一句错了,我分开运行就最后一句没法运行,但不知道怎么改.

tpy372 发表于 2008-3-19 15:28:23

不要研究了,这样的垃圾规则会死人的...............;P

txwwy 发表于 2008-3-19 17:45:48

地址列表的IP 有冲突,仔细检查一下掩码

ycsjzx 发表于 2008-4-6 21:09:44

IP地址重复,

122.224.11.4有两个.
页: [1]
查看完整版本: address ranges may not overlap