大家之间可以下载附件然后重
/sys backup
中添加
# jun/21/2005 09:31:38 by RouterOS 2.8.26
# software id = 42TB-UEN
#
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="virus" policy=none comment=""
/ ip firewall rule forward
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="" disabled=no
add dst-address=:21 protocol=tcp action=accept comment="" disabled=no
add dst-address=:81 protocol=tcp action=accept comment="" disabled=no
add action=drop comment="" disabled=no
/ ip firewall rule virus
add dst-address=:25 protocol=tcp action=drop comment="" disabled=no
add dst-address=:69 protocol=udp action=drop comment="" disabled=no
add dst-address=:79 protocol=tcp action=drop comment="" disabled=no
add dst-address=:113 protocol=udp action=drop comment="" disabled=no
add dst-address=:113 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="" disabled=no
add dst-address=:143 protocol=tcp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=udp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=udp action=drop comment="" disabled=no
add dst-address=:500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:500 protocol=udp action=drop comment="" disabled=no
add dst-address=:593 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=udp action=drop comment="" disabled=no
add dst-address=:1043 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1043 protocol=udp action=drop comment="" disabled=no
add dst-address=:1080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1214 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1363 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1364 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1368 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1373 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1377 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1433-1434 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1524 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=udp action=drop comment="" disabled=no
add dst-address=:2140 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2140 protocol=udp action=drop comment="" disabled=no
add dst-address=:2283 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2535 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=udp action=drop comment="" disabled=no
add dst-address=:3127-3128 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=udp action=drop comment="" disabled=no
add dst-address=:3306 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3306 protocol=udp action=drop comment="" disabled=no
add dst-address=:3389 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3389 protocol=udp action=drop comment="" disabled=no
add dst-address=:3410 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3801 protocol=udp action=drop comment="" disabled=no
add dst-address=:4444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4444 protocol=udp action=drop comment="" disabled=no
add dst-address=:4500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4500 protocol=udp action=drop comment="" disabled=no
add dst-address=:5000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5000 protocol=udp action=drop comment="" disabled=no
add dst-address=:5354 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5354 protocol=udp action=drop comment="" disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=udp action=drop comment="" disabled=no
add dst-address=:5880-5882 protocol=udp action=drop comment="" disabled=no
add dst-address=:5888-5889 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6000 protocol=udp action=drop comment="" disabled=no
add dst-address=:6000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=udp action=drop comment="" disabled=no
add dst-address=:6267 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=udp action=drop comment="" disabled=no
add dst-address=:7511 protocol=udp action=drop comment="" disabled=no
add dst-address=:7626 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7511 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=udp action=drop comment="" disabled=no
add dst-address=:8225 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8225 protocol=udp action=drop comment="" disabled=no
add dst-address=:8311 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8311 protocol=udp action=drop comment="" disabled=no
add dst-address=:8866 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8998 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=udp action=drop comment="" disabled=no
add dst-address=:10080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=tcp action=drop comment="" disabled=no
add dst-address=:17300 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=udp action=drop comment="" disabled=no
add dst-address=:20168 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20168 protocol=udp action=drop comment="" disabled=no
add dst-address=:27374 protocol=tcp action=drop comment="" disabled=no
add dst-address=:27374 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:30100 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=udp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=udp action=drop comment="" disabled=no
add dst-address=:34555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:35555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=udp action=drop comment="" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=yes
set gre disabled=yes
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add action=masquerade comment="vip" disabled=no
add action=masquerade comment="all" disabled=no
/ ip firewall dst-nat
add action=accept to-dst-address=192.168.1.3 to-dst-port=80 comment="contrl" \
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=50s tcp-syn-received-timeout=30s \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m 附件
由于不能上传 rsc文件
所以我把文件名字改成了 f.txt
大家下载后直接改成f.rsc文件
然后上传到 FTP://路由IP:
用
/import
? 请问一下.怎么把端口改成81呢.有什么用么.用80不好么.不明白.望指教 请问楼主,网吧用这个会不会有个别游戏用不了的。 我说两句,不一定对,
我认为ros中的防火墙的设置思路应该这样:
1.对下边的客户机的端口能开多少开多少。现在网络游戏天天翻新。封端口可能会弄的大家忙的要死,毕竟现在不装保护软件的好像没有了
2.对内网服务器的封堵,应该用啥开啥。不用的统统关。安全是第一要求
3.大家都知道的恶意网站,和各种木马程序。还有恶性的病毒。决不姑息。我想大家可不想让顾客投诉天天丢号吧
基本上的思路是尽量能让服务器的资源占用上少点,大家的ros的服务器估计都是网把的淘汰机器。还是让它不要太累了, 那个10000的端口好象就是热血武林还是武林外史用的。 规则过于简单了。呵呵. 老虎能把你的防火墙规则贴出来让我们学习一下吗 QUOTE(hzkane @ Jul 2 2005, 01:07 PM)
规则过于简单了。呵呵.
52847
能不能把你的规则看看?让我们这些新手学习学习!先谢谢了! 1433端口尽量不要封闭,因为跑MS SQL Server需要这个端口,别为了封病毒把数据库服务器也给封了,肯定有人找你拼命不可,哈哈 原帖由 lovejing 于 2005-6-22 09:58 AM 发表
请问一下.怎么把端口改成81呢.有什么用么.用80不好么.不明白.望指教
/ip services set www port=81
你的意思是这样吗? /ip service set www port=81
不是services,是service
不使用80,这可在一定程度对它进行保密吧
使用80,很容易让人访问到,因为端口是自定的,一般人不会知道你用什么端口
[ 本帖最后由 madlife 于 2005-9-14 11:01 AM 编辑 ]
用了
顶了 不错,借鉴一下。 用了你的防火墙 现在用winbox连接后出现“ 连接100.100.100.5:3986” 然后连接不上,断开,winbox也无法使用,请问会是什么原因? 我看了你的f.rsc,里面未涉及到3986端口。。。。。 怎么解决?
页:
[1]