设为首页收藏本站
切换到窄版

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
自由的生活_软路由»交流 ::技术区:: RouterOS routeros2.8.26防火墙导入后的问题
返回列表 发新帖
查看: 1457|回复: 5

[其它] routeros2.8.26防火墙导入后的问题

[复制链接]
3138618
发表于 2006-1-6 17:30:15 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="virus" policy=none comment=""
/ ip firewall rule forward
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
    comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
/ ip firewall rule input
add connection-state=invalid action=drop comment="" disabled=no
add connection-state=established action=accept comment="" disabled=no
add connection-state=related action=accept comment="" disabled=no
add action=jump jump-target=virus comment="" disabled=no
add protocol=udp action=accept comment="" disabled=no
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept \
    comment="" disabled=no
add protocol=icmp action=drop comment="" disabled=no
add dst-address=:3987 protocol=tcp action=accept comment="" disabled=no
add dst-address=:23 protocol=tcp action=accept comment="" disabled=no
add dst-address=:21 protocol=tcp action=accept comment="" disabled=no
add dst-address=:81 protocol=tcp action=accept comment="" disabled=no
add action=drop comment="" disabled=no
/ ip firewall rule virus
add dst-address=:25 protocol=tcp action=drop comment="" disabled=no
add dst-address=:69 protocol=udp action=drop comment="" disabled=no
add dst-address=:79 protocol=tcp action=drop comment="" disabled=no
add dst-address=:113 protocol=udp action=drop comment="" disabled=no
add dst-address=:113 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=tcp action=drop comment="" disabled=no
add dst-address=:123 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=udp action=drop comment="" disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="" disabled=no
add dst-address=:143 protocol=tcp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=udp action=drop comment="" disabled=no
add dst-address=:161-162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=tcp action=drop comment="" disabled=no
add dst-address=:445 protocol=udp action=drop comment="" disabled=no
add dst-address=:500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:500 protocol=udp action=drop comment="" disabled=no
add dst-address=:593 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1024-1030 protocol=udp action=drop comment="" disabled=no
add dst-address=:1043 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1043 protocol=udp action=drop comment="" disabled=no
add dst-address=:1080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1214 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1363 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1364 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1368 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1373 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1377 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1433-1434 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1524 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1723 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=udp action=drop comment="" disabled=no
add dst-address=:1900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=tcp action=drop comment="" disabled=no
add dst-address=:1999-2001 protocol=udp action=drop comment="" disabled=no
add dst-address=:2140 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2140 protocol=udp action=drop comment="" disabled=no
add dst-address=:2283 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2535 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=tcp action=drop comment="" disabled=no
add dst-address=:2745 protocol=udp action=drop comment="" disabled=no
add dst-address=:3127-3128 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3150 protocol=udp action=drop comment="" disabled=no
add dst-address=:3306 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3306 protocol=udp action=drop comment="" disabled=no
add dst-address=:3389 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3389 protocol=udp action=drop comment="" disabled=no
add dst-address=:3410 protocol=tcp action=drop comment="" disabled=no
add dst-address=:3801 protocol=udp action=drop comment="" disabled=no
add dst-address=:4444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4444 protocol=udp action=drop comment="" disabled=no
add dst-address=:4500 protocol=tcp action=drop comment="" disabled=no
add dst-address=:4500 protocol=udp action=drop comment="" disabled=no
add dst-address=:5000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5000 protocol=udp action=drop comment="" disabled=no
add dst-address=:5354 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5354 protocol=udp action=drop comment="" disabled=no
add dst-address=:5554 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=tcp action=drop comment="" disabled=no
add dst-address=:5800 protocol=udp action=drop comment="" disabled=no
add dst-address=:5880-5882 protocol=udp action=drop comment="" disabled=no
add dst-address=:5888-5889 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=udp action=drop comment="" disabled=no
add dst-address=:5900 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6000 protocol=udp action=drop comment="" disabled=no
add dst-address=:6000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6129 protocol=udp action=drop comment="" disabled=no
add dst-address=:6267 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6667 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=udp action=drop comment="" disabled=no
add dst-address=:6678 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=tcp action=drop comment="" disabled=no
add dst-address=:6711 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=udp action=drop comment="" disabled=no
add dst-address=:7070 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7306-7308 protocol=udp action=drop comment="" disabled=no
add dst-address=:7511 protocol=udp action=drop comment="" disabled=no
add dst-address=:7626 protocol=tcp action=drop comment="" disabled=no
add dst-address=:7511 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8011 protocol=udp action=drop comment="" disabled=no
add dst-address=:8225 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8225 protocol=udp action=drop comment="" disabled=no
add dst-address=:8311 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8311 protocol=udp action=drop comment="" disabled=no
add dst-address=:8866 protocol=tcp action=drop comment="" disabled=no
add dst-address=:8998 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=tcp action=drop comment="" disabled=no
add dst-address=:10000 protocol=udp action=drop comment="" disabled=no
add dst-address=:10080 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=tcp action=drop comment="" disabled=no
add dst-address=:12345-12346 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=udp action=drop comment="" disabled=no
add dst-address=:17027 protocol=tcp action=drop comment="" disabled=no
add dst-address=:17300 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20162 protocol=udp action=drop comment="" disabled=no
add dst-address=:20168 protocol=tcp action=drop comment="" disabled=no
add dst-address=:20168 protocol=udp action=drop comment="" disabled=no
add dst-address=:27374 protocol=tcp action=drop comment="" disabled=no
add dst-address=:27374 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=udp action=drop comment="" disabled=no
add dst-address=:23444 protocol=tcp action=drop comment="" disabled=no
add dst-address=:30100 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31337-34338 protocol=udp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=tcp action=drop comment="" disabled=no
add dst-address=:31789-31790 protocol=udp action=drop comment="" disabled=no
add dst-address=:34555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:35555 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=tcp action=drop comment="" disabled=no
add dst-address=:39243 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=udp action=drop comment="" disabled=no
add dst-address=:45576 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=tcp action=drop comment="" disabled=no
add dst-address=:54320-54321 protocol=udp action=drop comment="" disabled=no
add dst-address=:65506 protocol=tcp action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=yes
set gre disabled=yes
set h323 disabled=yes
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall src-nat
add action=masquerade comment="vip" disabled=no
add action=masquerade comment="all" disabled=no
/ ip firewall dst-nat
add action=accept to-dst-address=192.168.1.3 to-dst-port=80 comment="contrl" \
    disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=50s tcp-syn-received-timeout=30s \
    tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
    tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
    tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
    udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
导入之后用WINBOX连接不上了。帮忙看看是哪里的问题。FTP可以连接。TELNET也可以。
IP是192.168.0.1知道的帮帮忙。
routeros
回复

使用道具 举报

legou 该用户已被删除
发表于 2006-1-6 17:41:32 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
routeros
回复

使用道具 举报

3138618
 楼主| 发表于 2006-1-6 17:43:38 | 显示全部楼层

回复 #2 legou 的帖子

那我该怎么办才能连上??
routeros
回复

使用道具 举报

legou 该用户已被删除
发表于 2006-1-6 18:06:38 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
routeros
回复

使用道具 举报

3138618
 楼主| 发表于 2006-1-6 18:42:10 | 显示全部楼层

回复 #4 legou 的帖子

是改了。那咋办。
routeros
回复

使用道具 举报

legou 该用户已被删除
发表于 2006-1-6 21:01:18 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
routeros
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-18 06:18 , Processed in 0.051427 second(s), 6 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表