发扬举一反三精神,一个IPV6的防止重复尝试登录ROS的设置
有IPV4下的防止重复尝试登录ROS的设置,现在将这种精神引申到IPV6上来,提高ROS的安全性。同一IP30秒尝试4次以上时,阻止新建的TCP连接(端口 21,22,23,8291)# sep/20/2013 10:55:04 by RouterOS 5.25
# software id = XXOO-XXOO
#
/ipv6 firewall filter
add action=reject chain=input connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp \
reject-with=tcp-reset src-address-list=blocked
/ipv6 firewall mangle
add action=add-src-to-address-list address-list=blocked address-list-timeout=4h chain=input comment=\
blocked connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
telnet4
add action=add-src-to-address-list address-list=telnet4 address-list-timeout=30s chain=input comment=\
telnet4 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
telnet3
add action=add-src-to-address-list address-list=telnet3 address-list-timeout=30s chain=input comment=\
telnet3 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
telnet2
add action=add-src-to-address-list address-list=telnet2 address-list-timeout=30s chain=input comment=\
telnet2 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
telnet1
add action=add-src-to-address-list address-list=telnet1 address-list-timeout=30s chain=input comment=\
telnet1 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp
沙发………………………………………………………………………… 等我试用一下
页:
[1]