fschshjun 发表于 2005-3-30 22:08:32

红色部分修改成自己的内网址Virus:/ip firewall add name=virus/ip firewall rule virus add comment="Drop Blaster Worm"dst-address=:135-139 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Messenger Worm"dst-address=:135-139 protocol=udp action=drop /ip firewall rule virus add comment="Drop Blaster Worm"    dst-address=:445 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Blaster Worm"    dst-address=:445 protocol=udp action=drop /ip firewall rule virus add comment=" ________"   dst-address=:593 protocol=tcp action=drop /ip firewall rule virus add comment="________"dst-address=:1024-1030 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom"   dst-address=:1080 protocol=tcp action=drop /ip firewall rule virus add comment="________"dst-address=:1214 protocol=tcp action=drop /ip firewall rule virus add comment="ndm requester"dst-address=:1363 protocol=tcp action=drop /ip firewall rule virus add comment="ndm server"dst-address=:1364 protocol=tcp action=drop /ip firewall rule virus add comment="screen cast" dst-address=:1368 protocol=tcp action=drop /ip firewall rule virus add comment="cichlid" dst-address=:1373 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop /ip firewall rule virus add comment="Bagle Virus" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:2283 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle" dst-address=:2535 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.C-K" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom" dst-address=:3127-3128 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Backdoor OptixPro" dst-address=:3410 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=udp action=drop /ip firewall rule virus add comment="Drop Sasser" dst-address=:5554 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.B" dst-address=:8866 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dabber.A-B" dst-address=:9898 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:10000 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom.B" dst-address=:10080 protocol=tcp action=drop /ip firewall rule virus add comment="Drop NetBus"dst-address=:12345 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Kuang2"dst-address=:13700 protocol=tcp action=drop /ip firewall rule virus add comment="Drop SubSeven" dst-address=:27374 protocol=tcp action=drop /ip firewall rule virus add comment="Drop PhatBot, Agobot, Gaobot" dst-address=:65506 protocol=tcp action=drop input/ip firewall rule input add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule input add comment="Allow established connections"connection-state=established action=accept /ip firewall rule input add comment="Allow related connections" connection-state=related action=accept /ip firewall rule input add comment="!!! Check for well-known viruses !!!" action=jump jump-target=virus /ip firewall rule input add comment="Allow UDP"protocol=udp action=accept /ip firewall rule input add comment="Allow ICMP Ping" protocol=icmp action=accept /ip firewall rule input add comment="Allow access from our local network"src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network"src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network"src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Log and drop everything else"action=drop log=yesforward/ip firewall rule forward add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule forward add comment="Established connections"connection-state=established action=accept /ip firewall rule forward add comment="Related connections"connection-state=related action=accept /ip firewall rule forward add comment="Check for well-known viruses !!!" action=jump jump-target=virus output/ip firewall rule output add comment="Drop Everything" protocol=tcp tcp-options=syn-only action=drop

三公子 发表于 2005-3-31 11:46:58

谢谢,我已经使用了,但不明白文中三行红字的设置,都是一模一样的,都要加吗?

fschshjun 发表于 2005-3-31 16:15:40

允许多少个内网访问就设多少条(我的网络下有三个内网段)

jack_i5 发表于 2005-3-31 17:25:12

个人觉得virus部分需要区别对待针对input部分,没必要搞的那么复杂,ROS本身受病毒感染的可能就很小。所以,留出来一些cpu时间去干其他事情还是一个好主意针对forward链,还是尽可能详尽一些的好,能知道的病毒恶意连接端口该封就封掉,免得祸害内网机器。对于有多网段的,建议还要过滤各网段之间的数据,免得已有的内网病毒到处乱窜。对于output来说,保证不要让ROS往外主动传输什么数据就足以!基于以上,建议建立两个virus,一个用于input,一个用于forward。这样科学一些。也更容易管理。

三公子 发表于 2005-3-31 17:54:10

太复杂了,还得好好学,我这里是网吧的路由,按上面作了规则后,公安局来电话说无法监控了,因为他们用的是sql server,所以赶紧查了一下,发现是用的1433和1434端口,正好被/ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop封了,disable后,才正常,呵呵.............

bysoft 发表于 2005-4-5 20:26:16

我设置了后telnet、Web、Winbox都进去不了了,郁闷。

chatbug 发表于 2005-4-5 21:05:19

QUOTE (bysoft @ Apr 5 2005, 08:26 PM)
我设置了后telnet、Web、Winbox都进去不了了,郁闷。
得允许21,23等端口可以被访问。

zbhdpx 发表于 2005-8-20 16:49:58

不明白,请指教

uoada 发表于 2005-8-22 05:04:29

还要努力

daobiao 发表于 2005-9-21 09:52:52

用了

顶了

htqt 发表于 2006-2-6 23:03:09

好象不适合2.9.8用啊
页: [1]
查看完整版本: RouteOS 防火墙设置