设为首页收藏本站
切换到窄版

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
自由的生活_软路由»交流 ::技术区:: RouterOS 求助:新浪搜狐不能登陆
返回列表 发新帖
查看: 2991|回复: 1

[其它] 求助:新浪搜狐不能登陆

[复制链接]
mark_x
发表于 2008-11-6 10:57:03 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
我安装的是 routeros2.9.6 现在是其他的网站都正常.但是不能上访问搜狐和新浪!我安装的是3条adsl线路分流!
所有的脚本为:
  1. # nov/06/2008 10:11:19 by RouterOS 2.9.6
  2. # software id = 8ILR-19T
  3. #
  4. / interface ethernet
  5. set lan name="lan" mtu=1500 mac-address=00:1C:F0:0E:3E:BF arp=enabled \
  6. disable-running-check=yes auto-negotiation=yes full-duplex=yes \
  7. cable-settings=default speed=100Mbps comment="" disabled=no
  8. set wan2 name="wan2" mtu=1500 mac-address=00:1C:F0:0E:9B:63 arp=enabled \
  9. disable-running-check=yes auto-negotiation=yes full-duplex=yes \
  10. cable-settings=default speed=100Mbps comment="" disabled=no
  11. set wan3 name="wan3" mtu=1500 mac-address=00:1C:F0:0E:3E:C7 arp=enabled \
  12. disable-running-check=yes auto-negotiation=yes full-duplex=yes \
  13. cable-settings=default speed=100Mbps comment="" disabled=no
  14. set wan1 name="wan1" mtu=1500 mac-address=00:1C:F0:0E:2F:00 arp=enabled \
  15. disable-running-check=yes auto-negotiation=yes full-duplex=yes \
  16. cable-settings=default speed=100Mbps comment="" disabled=no
  17. / interface wireless security-profiles
  18. set default name="default" mode=none wpa-unicast-ciphers="" \
  19. wpa-group-ciphers="" pre-shared-key="" static-algo-0=none static-key-0="" \
  20. static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" \
  21. static-algo-3=none static-key-3="" static-transmit-key=key-0 \
  22. static-sta-private-algo=none static-sta-private-key="" \
  23. radius-mac-authentication=no group-key-update=5m
  24. / interface wireless align
  25. set frame-size=300 active-mode=yes receive-all=no \
  26. audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no \
  27. frames-per-second=25 audio-min=-100 audio-max=-20
  28. / interface wireless snooper
  29. set multiple-channels=yes channel-time=200ms receive-errors=no
  30. / interface wireless sniffer
  31. set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no \
  32. memory-limit=10 file-name="" file-limit=10 streaming-enabled=no \
  33. streaming-server=0.0.0.0 streaming-max-rate=0
  34. / interface bridge port
  35. set lan bridge=none priority=128 path-cost=10
  36. set wan2 bridge=none priority=128 path-cost=10
  37. set wan3 bridge=none priority=128 path-cost=10
  38. set wan1 bridge=none priority=128 path-cost=10
  39. / interface l2tp-server server
  40. set enabled=no max-mtu=1460 max-mru=1460 \
  41. authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
  42. / interface pptp-server server
  43. set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
  44. keepalive-timeout=30 default-profile=default-encryption
  45. / interface pppoe-client
  46. add name="pppoe-out1" max-mtu=1492 max-mru=1492 interface=wan1 \
  47. user="123" password="123" profile=default service-name="" \
  48. ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no \
  49. allow=pap,chap,mschap1,mschap2 disabled=no
  50. add name="pppoe-out2" max-mtu=1492 max-mru=1492 interface=wan2 \
  51. user="456" password="456" profile=default service-name="" \
  52. ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no \
  53. allow=pap,chap,mschap1,mschap2 disabled=no
  54. add name="pppoe-out3" max-mtu=1492 max-mru=1492 interface=wan3 \
  55. user="789" password="789" profile=default service-name="" \
  56. ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no \
  57. allow=pap,chap,mschap1,mschap2 disabled=no
  58. / ip pool
  59. add name="dhcp_pool1" ranges=192.168.0.10-192.168.0.21
  60. / ip telephony region
  61. / ip telephony gatekeeper
  62. set gatekeeper=none remote-id="" remote-address=0.0.0.0
  63. / ip telephony aaa
  64. set use-radius-accounting=no interim-update=0s
  65. / ip telephony codec
  66. move G.711-uLaw-64k/sw
  67. move G.711-ALaw-64k/sw
  68. move G.729A-8k/sw
  69. move G.729-8k/sw
  70. move G.723.1-6.3k/sw
  71. move GSM-06.10-13.2k/sw
  72. move LPC-10-2.5k/sw
  73. / ip accounting
  74. set enabled=yes account-local-traffic=yes threshold=256
  75. / ip accounting web-access
  76. set accessible-via-web=no address=0.0.0.0/0
  77. / ip service
  78. set telnet port=23 address=0.0.0.0/0 disabled=yes
  79. set ftp port=21 address=0.0.0.0/0 disabled=no
  80. set www port=80 address=0.0.0.0/0 disabled=no
  81. set ssh port=22 address=0.0.0.0/0 disabled=yes
  82. set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
  83. / ip socks
  84. set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
  85. / ip arp
  86. add address=192.168.0.134 mac-address=00:14:6C:73:64:93 interface=lan \
  87. comment="" disabled=no
  88. add address=192.168.0.112 mac-address=00:1E:2A:3F:4C:F7 interface=lan \
  89. comment="" disabled=no
  90. add address=192.168.0.141 mac-address=00:1E:2A:3F:3D:61 interface=lan \
  91. comment="" disabled=no
  92. add address=192.168.0.180 mac-address=00:1E:2A:3F:4C:CF interface=lan \
  93. comment="" disabled=no
  94. add address=192.168.0.206 mac-address=00:14:6C:8C:CA:7A interface=lan \
  95. comment="" disabled=no
  96. add address=192.168.0.101 mac-address=00:1E:2A:3F:4C:E5 interface=lan \
  97. comment="" disabled=no
  98. add address=192.168.0.181 mac-address=00:1E:2A:3F:3D:1B interface=lan \
  99. comment="" disabled=no
  100. add address=192.168.0.102 mac-address=00:1E:2A:3F:49:2E interface=lan \
  101. comment="" disabled=no
  102. add address=192.168.0.148 mac-address=00:14:6C:8C:0B:3E interface=lan \
  103. comment="" disabled=no
  104. add address=192.168.0.147 mac-address=00:1E:2A:39:50:C4 interface=lan \
  105. comment="" disabled=no
  106. add address=192.168.0.179 mac-address=00:1E:2A:3F:3A:92 interface=lan \
  107. comment="" disabled=no
  108. add address=192.168.0.131 mac-address=00:1E:2A:3F:4C:E4 interface=lan \
  109. comment="" disabled=no
  110. add address=192.168.0.10 mac-address=00:1D:60:79:29:81 interface=lan \
  111. comment="" disabled=no
  112. add address=192.168.0.133 mac-address=00:14:6C:CB:01:46 interface=lan \
  113. comment="" disabled=no
  114. add address=192.168.0.171 mac-address=00:14:6C:C4:AC:BC interface=lan \
  115. comment="" disabled=no
  116. add address=192.168.0.137 mac-address=00:1E:2A:3F:48:6F interface=lan \
  117. comment="" disabled=no
  118. add address=192.168.0.205 mac-address=00:1E:2A:39:4E:81 interface=lan \
  119. comment="" disabled=no
  120. add address=192.168.0.201 mac-address=00:14:6C:8B:B8:53 interface=lan \
  121. comment="" disabled=no
  122. add address=192.168.0.109 mac-address=00:1E:2A:3F:49:1A interface=lan \
  123. comment="" disabled=no
  124. add address=192.168.0.162 mac-address=00:1E:2A:39:50:AF interface=lan \
  125. comment="" disabled=no
  126. add address=192.168.0.150 mac-address=00:14:6C:86:9A:07 interface=lan \
  127. comment="" disabled=no
  128. add address=192.168.0.178 mac-address=00:14:6C:8A:4F:61 interface=lan \
  129. comment="" disabled=no
  130. add address=192.168.0.184 mac-address=00:14:6C:C4:AA:BE interface=lan \
  131. comment="" disabled=no
  132. add address=192.168.0.135 mac-address=00:1E:2A:3F:49:23 interface=lan \
  133. comment="" disabled=no
  134. add address=192.168.0.104 mac-address=00:1E:2A:3F:4A:E8 interface=lan \
  135. comment="" disabled=no
  136. add address=192.168.0.17 mac-address=00:13:CE:D4:66:E0 interface=lan \
  137. comment="" disabled=no
  138. add address=192.168.0.163 mac-address=00:1E:2A:39:50:92 interface=lan \
  139. comment="" disabled=no
  140. add address=192.168.0.164 mac-address=00:1E:2A:39:4F:18 interface=lan \
  141. comment="" disabled=no
  142. add address=192.168.0.166 mac-address=00:14:6C:74:B4:9A interface=lan \
  143. comment="" disabled=no
  144. add address=192.168.0.207 mac-address=00:1E:2A:3F:3A:9F interface=lan \
  145. comment="" disabled=no
  146. add address=192.168.0.139 mac-address=00:1E:2A:3F:49:32 interface=lan \
  147. comment="" disabled=no
  148. add address=192.168.0.117 mac-address=00:1E:2A:39:50:CB interface=lan \
  149. comment="" disabled=no
  150. add address=192.168.0.165 mac-address=00:14:6C:C4:CE:73 interface=lan \
  151. comment="" disabled=no
  152. add address=192.168.0.183 mac-address=00:1E:2A:3F:49:28 interface=lan \
  153. comment="" disabled=no
  154. add address=192.168.0.122 mac-address=00:1E:2A:39:50:C5 interface=lan \
  155. comment="" disabled=no
  156. add address=192.168.0.105 mac-address=00:1E:2A:3F:3A:95 interface=lan \
  157. comment="" disabled=no
  158. add address=192.168.0.152 mac-address=00:18:4D:70:4A:F5 interface=lan \
  159. comment="" disabled=no
  160. add address=192.168.0.211 mac-address=00:18:4D:70:54:CC interface=lan \
  161. comment="" disabled=no
  162. add address=192.168.0.169 mac-address=00:14:6C:74:EB:C9 interface=lan \
  163. comment="" disabled=no
  164. add address=218.30.64.199 mac-address=00:00:00:00:00:00 interface=lan \
  165. comment="" disabled=no
  166. add address=192.168.0.168 mac-address=00:1E:2A:39:4B:FA interface=lan \
  167. comment="" disabled=no
  168. add address=192.168.0.13 mac-address=00:14:A4:35:CB:97 interface=lan \
  169. comment="" disabled=no
  170. add address=192.168.0.116 mac-address=00:1E:2A:3F:4C:D0 interface=lan \
  171. comment="" disabled=no
  172. add address=192.168.0.210 mac-address=00:1E:2A:39:50:CC interface=lan \
  173. comment="" disabled=no
  174. add address=192.168.0.172 mac-address=00:14:6C:8C:58:3E interface=lan \
  175. comment="" disabled=no
  176. add address=192.168.0.151 mac-address=00:1E:2A:3F:49:18 interface=lan \
  177. comment="" disabled=no
  178. add address=192.168.0.175 mac-address=00:1E:2A:3F:49:28 interface=lan \
  179. comment="" disabled=no
  180. add address=192.168.0.155 mac-address=00:1E:2A:39:4F:0C interface=lan \
  181. comment="" disabled=no
  182. add address=192.168.0.106 mac-address=00:1E:2A:3F:49:30 interface=lan \
  183. comment="" disabled=no
  184. add address=192.168.0.115 mac-address=00:1E:2A:3F:3A:E3 interface=lan \
  185. comment="" disabled=no
  186. / ip upnp
  187. set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
  188. / ip traffic-flow
  189. set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m \
  190. inactive-flow-timeout=15s
  191. / ip dns
  192. set primary-dns=202.100.96.68 secondary-dns=222.75.152.129 \
  193. allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1d3h46m40s
  194. / ip address
  195. add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 \
  196. interface=lan comment="lan" disabled=no
  197. add address=222.75.55.145/32 network=222.75.55.145 broadcast=222.75.55.145 \
  198. interface=pppoe-out1 comment="adsl1" disabled=no
  199. add address=124.224.53.212/32 network=124.224.53.212 broadcast=124.224.53.212 \
  200. interface=pppoe-out2 comment="adsl2" disabled=no
  201. add address=222.75.55.157/32 network=222.75.55.157 broadcast=222.75.55.157 \
  202. interface=pppoe-out3 comment="adsl3" disabled=no
  203. / ip proxy
  204. set enabled=no ports=8080 parent-proxy=0.0.0.0:0 \
  205. maximal-client-connecions=1000 maximal-server-connectons=1000 \
  206. cache-administrator="webmaster" max-object-size=4096KiB \
  207. max-disk-cache-size=none max-ram-cache-size=unlimited disk-database=yes
  208. / ip proxy drive
  209. set
  210. / ip proxy access
  211. add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
  212. disabled=no
  213. add method=CONNECT dst-port=443 action=allow comment="allow CONNECT only to \
  214. SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
  215. add method=CONNECT dst-port=563 action=allow comment="allow CONNECT only to \
  216. SSL ports 443 \[https\] and 563 \[snews\]" disabled=no
  217. add method=CONNECT action=deny comment="allow CONNECT only to SSL ports 443 \
  218. \[https\] and 563 \[snews\]" disabled=no
  219. / ip neighbor discovery
  220. set lan discover=yes
  221. set wan2 discover=yes
  222. set wan3 discover=yes
  223. set wan1 discover=yes
  224. set pppoe-out1 discover=no
  225. set pppoe-out2 discover=no
  226. set pppoe-out3 discover=no
  227. / ip route
  228. add dst-address=0.0.0.0/0 gateway=222.75.55.145 check-gateway=ping scope=255 \
  229. target-scope=10 routing-mark=adsl1 comment="adsl1" disabled=no
  230. add dst-address=0.0.0.0/0 gateway=124.224.53.212 check-gateway=ping scope=255 \
  231. target-scope=10 routing-mark=adsl2 comment="adsl2" disabled=no
  232. add dst-address=0.0.0.0/0 gateway=222.75.55.157 check-gateway=ping scope=255 \
  233. target-scope=10 routing-mark=adsl3 comment="adsl3" disabled=no
  234. / ip firewall mangle
  235. add chain=prerouting src-address=192.168.0.10-192.168.0.21 action=mark-routing \
  236. new-routing-mark=adsl1 passthrough=yes comment="" disabled=no
  237. add chain=prerouting src-address=192.168.0.100-192.168.0.139 \
  238. action=mark-routing new-routing-mark=adsl1 passthrough=yes comment="" \
  239. disabled=no
  240. add chain=prerouting src-address=192.168.0.140-192.168.0.179 \
  241. action=mark-routing new-routing-mark=adsl2 passthrough=yes comment="" \
  242. disabled=no
  243. add chain=prerouting src-address=192.168.0.180-192.168.0.220 \
  244. action=mark-routing new-routing-mark=adsl3 passthrough=yes comment="" \
  245. disabled=no
  246. add chain=prerouting action=mark-packet new-packet-mark=all_mark \
  247. passthrough=yes comment="" disabled=no
  248. / ip firewall nat
  249. add chain=srcnat action=masquerade comment="" disabled=no
  250. / ip firewall connection tracking
  251. set enabled=yes tcp-syn-sent-timeout=2m30s tcp-syn-received-timeout=2m30s \
  252. tcp-established-timeout=10h tcp-fin-wait-timeout=2m30s \
  253. tcp-close-wait-timeout=2m30s tcp-last-ack-timeout=2m30s \
  254. tcp-time-wait-timeout=2m30s tcp-close-timeout=30s udp-timeout=2m30s \
  255. udp-stream-timeout=6m icmp-timeout=2m30s generic-timeout=20m
  256. / ip firewall filter
  257. add chain=input connection-state=invalid action=drop \
  258. comment="丢弃非法连接数据" disabled=yes
  259. add chain=input protocol=tcp dst-port=80 connection-limit=20,0 action=drop \
  260. comment="限制总http连接数为20" disabled=yes
  261. add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
  262. comment="探测并丢弃端口扫描连接" disabled=yes
  263. add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
  264. action=tarpit comment="压制DoS攻击" disabled=yes
  265. add chain=input protocol=tcp connection-limit=10,32 \
  266. action=add-src-to-address-list address-list=black_list \
  267. address-list-timeout=1d comment="探测DoS攻击" disabled=yes
  268. add chain=input dst-address-type=!local action=drop comment="丢弃掉非本地数据" \
  269. disabled=yes
  270. add chain=input protocol=icmp action=jump jump-target=ICMP \
  271. comment="跳转到ICMP链表" disabled=no
  272. add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
  273. comment="Ping应答限制为每秒5个包" disabled=no
  274. add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
  275. comment="Traceroute限制为每秒5个包" disabled=no
  276. add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
  277. comment="MTU线路探测限制为每秒5个包" disabled=no
  278. add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
  279. comment="Ping请求限制为每秒5个包" disabled=no
  280. add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
  281. comment="Trace TTL限制为每秒5个包" disabled=no
  282. add chain=ICMP protocol=icmp action=drop comment="丢弃掉任何ICMP数据" \
  283. disabled=no
  284. add chain=forward connection-state=invalid action=drop \
  285. comment="丢弃非法数据包" disabled=yes
  286. add chain=forward protocol=tcp connection-limit=80,32 action=drop \
  287. comment="限制每个主机TCP连接数为80条" disabled=yes
  288. add chain=forward src-address-type=!unicast action=drop \
  289. comment="丢弃掉所有非单播数据" disabled=yes
  290. add chain=forward content=.exe action=drop comment="禁止.exe文件通过" \
  291. disabled=yes
  292. add chain=forward content=.dll action=drop comment="禁止.dll文件通过" \
  293. disabled=yes
  294. add chain=forward protocol=icmp action=jump jump-target=ICMP \
  295. comment="跳转到ICMP链表" disabled=no
  296. add chain=forward action=jump jump-target=virus comment="跳转到病毒链表" \
  297. disabled=no
  298. add chain=virus protocol=tcp dst-port=41 action=drop \
  299. comment="DeepThroat.Trojan-1" disabled=no
  300. add chain=virus protocol=tcp dst-port=82 action=drop \
  301. comment="Worm.NetSky.Y@mm" disabled=no
  302. add chain=virus protocol=tcp dst-port=113 action=drop \
  303. comment="W32.Korgo.A/B/C/D/E/F-1" disabled=no
  304. add chain=virus protocol=tcp dst-port=2041 action=drop \
  305. comment="W33.Korgo.A/B/C/D/E/F-2" disabled=no
  306. add chain=virus protocol=tcp dst-port=3150 action=drop \
  307. comment="DeepThroat.Trojan-2" disabled=no
  308. add chain=virus protocol=tcp dst-port=3067 action=drop \
  309. comment="W32.Korgo.A/B/C/D/E/F-3" disabled=no
  310. add chain=virus protocol=tcp dst-port=3422 action=drop \
  311. comment="Backdoor.IRC.Aladdinz.R-1" disabled=no
  312. add chain=virus protocol=tcp dst-port=6667 action=drop \
  313. comment="W32.Korgo.A/B/C/D/E/F-4" disabled=no
  314. add chain=virus protocol=tcp dst-port=6789 action=drop \
  315. comment="Worm.NetSky.S/T/U@mm" disabled=no
  316. add chain=virus protocol=tcp dst-port=8787 action=drop \
  317. comment="Back.Orifice.2000.Trojan-1" disabled=no
  318. add chain=virus protocol=tcp dst-port=8879 action=drop \
  319. comment="Back.Orifice.2000.Trojan-2" disabled=no
  320. add chain=virus protocol=tcp dst-port=8967 action=drop \
  321. comment="W32.Dabber.A/B-2" disabled=no
  322. add chain=virus protocol=tcp dst-port=9999 action=drop \
  323. comment="W32.Dabber.A/B-3" disabled=no
  324. add chain=virus protocol=tcp dst-port=20034 action=drop \
  325. comment="Block.NetBus.Trojan-2" disabled=no
  326. add chain=virus protocol=tcp dst-port=21554 action=drop \
  327. comment="GirlFriend.Trojan-1" disabled=no
  328. add chain=virus protocol=tcp dst-port=31666 action=drop \
  329. comment="Back.Orifice.2000.Trojan-3" disabled=no
  330. add chain=virus protocol=tcp dst-port=43958 action=drop \
  331. comment="Backdoor.IRC.Aladdinz.R-2" disabled=no
  332. add chain=virus protocol=tcp dst-port=999 action=drop \
  333. comment="DeepThroat.Trojan-3" disabled=no
  334. add chain=virus protocol=tcp dst-port=6670 action=drop \
  335. comment="DeepThroat.Trojan-4" disabled=no
  336. add chain=virus protocol=tcp dst-port=6771 action=drop \
  337. comment="DeepThroat.Trojan-5" disabled=no
  338. add chain=virus protocol=tcp dst-port=60000 action=drop \
  339. comment="DeepThroat.Trojan-6" disabled=no
  340. add chain=virus protocol=tcp dst-port=2140 action=drop \
  341. comment="DeepThroat.Trojan-7" disabled=no
  342. add chain=virus protocol=tcp dst-port=10067 action=drop \
  343. comment="Portal.of.Doom.Trojan-1" disabled=no
  344. add chain=virus protocol=tcp dst-port=10167 action=drop \
  345. comment="Portal.of.Doom.Trojan-2" disabled=no
  346. add chain=virus protocol=tcp dst-port=3700 action=drop \
  347. comment="Portal.of.Doom.Trojan-3" disabled=no
  348. add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
  349. comment="Portal.of.Doom.Trojan-4" disabled=no
  350. add chain=virus protocol=tcp dst-port=6883 action=drop \
  351. comment="Delta.Source.Trojan-1" disabled=no
  352. add chain=virus protocol=tcp dst-port=26274 action=drop \
  353. comment="Delta.Source.Trojan-2" disabled=no
  354. add chain=virus protocol=tcp dst-port=4444 action=drop \
  355. comment="Delta.Source.Trojan-3" disabled=no
  356. add chain=virus protocol=tcp dst-port=47262 action=drop \
  357. comment="Delta.Source.Trojan-4" disabled=no
  358. add chain=virus protocol=tcp dst-port=3791 action=drop \
  359. comment="Eclypse.Trojan-1" disabled=no
  360. add chain=virus protocol=tcp dst-port=3801 action=drop \
  361. comment="Eclypse.Trojan-2" disabled=no
  362. add chain=virus protocol=tcp dst-port=65390 action=drop \
  363. comment="Eclypse.Trojan-3" disabled=no
  364. add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
  365. comment="Y3K.RAT.Trojan-1" disabled=no
  366. add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
  367. comment="Y3K.RAT.Trojan-2" disabled=no
  368. add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
  369. comment="NetSphere.Trojan-1" disabled=no
  370. add chain=virus protocol=tcp dst-port=30133 action=drop \
  371. comment="NetSphere.Trojan-2" disabled=no
  372. add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
  373. comment="NetMonitor.Trojan-1" disabled=no
  374. add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
  375. comment="NetMonitor.Trojan-2" disabled=no
  376. add chain=virus protocol=tcp dst-port=79 action=drop \
  377. comment="FireHotcker.Trojan-1" disabled=no
  378. add chain=virus protocol=tcp dst-port=5031 action=drop \
  379. comment="FireHotcker.Trojan-2" disabled=no
  380. add chain=virus protocol=tcp dst-port=5321 action=drop \
  381. comment="FireHotcker.Trojan-3" disabled=no
  382. add chain=virus protocol=tcp dst-port=6400 action=drop \
  383. comment="TheThing.Trojan-1" disabled=no
  384. add chain=virus protocol=tcp dst-port=7777 action=drop \
  385. comment="TheThing.Trojan-2" disabled=no
  386. add chain=virus protocol=tcp dst-port=1047 action=drop \
  387. comment="GateCrasher.Trojan-1" disabled=no
  388. add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
  389. comment="GateCrasher.Trojan-2" disabled=no
  390. add chain=virus protocol=tcp dst-port=2774 action=drop comment="SubSeven-1" \
  391. disabled=no
  392. add chain=virus protocol=tcp dst-port=27374 action=drop comment="SubSeven-2" \
  393. disabled=no
  394. add chain=virus protocol=tcp dst-port=1243 action=drop comment="SubSeven-3" \
  395. disabled=no
  396. add chain=virus protocol=tcp dst-port=1234 action=drop comment="SubSeven-4" \
  397. disabled=no
  398. add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
  399. comment="SubSeven-5" disabled=no
  400. add chain=virus protocol=tcp dst-port=16959 action=drop comment="SubSeven-7" \
  401. disabled=no
  402. add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
  403. comment="Moonpie.Trojan-1" disabled=no
  404. add chain=virus protocol=tcp dst-port=25982 action=drop \
  405. comment="Moonpie.Trojan-2" disabled=no
  406. add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
  407. comment="NetSpy.Trojan-3" disabled=no
  408. add chain=virus protocol=tcp dst-port=8102 action=drop comment="Trojan" \
  409. disabled=no
  410. add chain=virus protocol=tcp dst-port=8011 action=drop comment="WAY.Trojan" \
  411. disabled=no
  412. add chain=virus protocol=tcp dst-port=7626 action=drop comment="Trojan.BingHe" \
  413. disabled=no
  414. add chain=virus protocol=tcp dst-port=19191 action=drop \
  415. comment="Trojan.NianSeHoYian" disabled=no
  416. add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
  417. comment="NetBull.Trojan" disabled=no
  418. add chain=virus protocol=tcp dst-port=2583 action=drop \
  419. comment="WinCrash.Trojan-1" disabled=no
  420. add chain=virus protocol=tcp dst-port=3024 action=drop \
  421. comment="WinCrash.Trojan-2" disabled=no
  422. add chain=virus protocol=tcp dst-port=4092 action=drop \
  423. comment="WinCrash.Trojan-3" disabled=no
  424. add chain=virus protocol=tcp dst-port=5714 action=drop \
  425. comment="WinCrash.Trojan-4" disabled=no
  426. add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
  427. comment="Doly1.0/1.35/1.5trojan-1" disabled=no
  428. add chain=virus protocol=tcp dst-port=1015 action=drop \
  429. comment="Doly1.0/1.35/1.5trojan-2" disabled=no
  430. add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
  431. comment="TransScout.Trojan-1" disabled=no
  432. add chain=virus protocol=tcp dst-port=9878 action=drop \
  433. comment="TransScout.Trojan-2" disabled=no
  434. add chain=virus protocol=tcp dst-port=2773 action=drop \
  435. comment="Backdoor.YAI..Trojan-1" disabled=no
  436. add chain=virus protocol=tcp dst-port=7215 action=drop \
  437. comment="Backdoor.YAI.Trojan-2" disabled=no
  438. add chain=virus protocol=tcp dst-port=54283 action=drop \
  439. comment="Backdoor.YAI.Trojan-3" disabled=no
  440. add chain=virus protocol=tcp dst-port=1003 action=drop \
  441. comment="BackDoorTrojan-1" disabled=no
  442. add chain=virus protocol=tcp dst-port=5598 action=drop \
  443. comment="BackDoorTrojan-2" disabled=no
  444. add chain=virus protocol=tcp dst-port=5698 action=drop \
  445. comment="BackDoorTrojan-3" disabled=no
  446. add chain=virus protocol=tcp dst-port=31554 action=drop \
  447. comment="SchainwindlerTrojan-2" disabled=no
  448. add chain=virus protocol=tcp dst-port=18753 action=drop \
  449. comment="Shaft.DDoS.Trojan-1" disabled=no
  450. add chain=virus protocol=tcp dst-port=20432 action=drop \
  451. comment="Shaft.DDoS.Trojan-2" disabled=no
  452. add chain=virus protocol=tcp dst-port=65000 action=drop \
  453. comment="Devil.DDoS.Trojan" disabled=no
  454. add chain=virus protocol=tcp dst-port=11831 action=drop \
  455. comment="LatinusTrojan-1" disabled=no
  456. add chain=virus protocol=tcp dst-port=29559 action=drop \
  457. comment="LatinusTrojan-2" disabled=no
  458. add chain=virus protocol=tcp dst-port=1784 action=drop \
  459. comment="Snid.X2Trojan-1" disabled=no
  460. add chain=virus protocol=tcp dst-port=3586 action=drop \
  461. comment="Snid.X2Trojan-2" disabled=no
  462. add chain=virus protocol=tcp dst-port=7609 action=drop \
  463. comment="Snid.X2Trojan-3" disabled=no
  464. add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
  465. comment="BionetTrojan-1" disabled=no
  466. add chain=virus protocol=tcp dst-port=12478 action=drop \
  467. comment="BionetTrojan-2" disabled=no
  468. add chain=virus protocol=tcp dst-port=57922 action=drop \
  469. comment="BionetTrojan-3" disabled=no
  470. add chain=virus protocol=tcp dst-port=3127 action=drop \
  471. comment="Worm.Novarg.a.Mydoom.a1." disabled=no
  472. add chain=virus protocol=tcp dst-port=6777 action=drop \
  473. comment="Worm.BBeagle.a.Bagle.a." disabled=no
  474. add chain=virus protocol=tcp dst-port=8866 action=drop \
  475. comment="Worm.BBeagle.b" disabled=no
  476. add chain=virus protocol=tcp dst-port=2745 action=drop \
  477. comment="Worm.BBeagle.c-g/j-l" disabled=no
  478. add chain=virus protocol=tcp dst-port=2556 action=drop \
  479. comment="Worm.BBeagle.p/q/r/n" disabled=no
  480. add chain=virus protocol=tcp dst-port=20742 action=drop \
  481. comment="Worm.BBEagle.m-2" disabled=no
  482. add chain=virus protocol=tcp dst-port=4751 action=drop \
  483. comment="Worm.BBeagle.s/t/u/v" disabled=no
  484. add chain=virus protocol=tcp dst-port=2535 action=drop \
  485. comment="Worm.BBeagle.aa/ab/w/x-z-2" disabled=no
  486. add chain=virus protocol=tcp dst-port=5238 action=drop \
  487. comment="Worm.LovGate.r.RpcExploit" disabled=no
  488. add chain=virus protocol=tcp dst-port=1068 action=drop comment="Worm.Sasser.a" \
  489. disabled=no
  490. add chain=virus protocol=tcp dst-port=5554 action=drop \
  491. comment="Worm.Sasser.b/c/f" disabled=no
  492. add chain=virus protocol=tcp dst-port=9996 action=drop \
  493. comment="Worm.Sasser.b/c/f" disabled=no
  494. add chain=virus protocol=tcp dst-port=9995 action=drop comment="Worm.Sasser.d" \
  495. disabled=no
  496. add chain=virus protocol=tcp dst-port=10168 action=drop \
  497. comment="Worm.Lovgate.a/b/c/d" disabled=no
  498. add chain=virus protocol=tcp dst-port=20808 action=drop \
  499. comment="Worm.Lovgate.v.QQ" disabled=no
  500. add chain=virus protocol=tcp dst-port=1092 action=drop \
  501. comment="Worm.Lovgate.f/g" disabled=no
  502. add chain=virus protocol=tcp dst-port=20168 action=drop \
  503. comment="Worm.Lovgate.f/g" disabled=no
  504. add chain=virus protocol=tcp dst-port=1363-1364 action=drop \
  505. comment="ndm.requester" disabled=no
  506. add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen.cast" \
  507. disabled=no
  508. add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
  509. disabled=no
  510. add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichainlid" \
  511. disabled=no
  512. add chain=virus protocol=tcp dst-port=3410 action=drop \
  513. comment="Backdoor.Optixprotocol" disabled=no
  514. add chain=virus protocol=tcp dst-port=8888 action=drop \
  515. comment="Worm.BBeagle.b" disabled=no
  516. add chain=virus protocol=udp dst-port=44444 action=drop \
  517. comment="Delta.Source.Trojan-7" disabled=no
  518. add chain=virus protocol=udp dst-port=8998 action=drop \
  519. comment="Worm.Sobig.f-3" disabled=no
  520. add chain=virus protocol=udp dst-port=123 action=drop comment="Worm.Sobig.f-1" \
  521. disabled=no
  522. add chain=virus protocol=tcp dst-port=3198 action=drop \
  523. comment="Worm.Novarg.a.Mydoom.a2." disabled=no
  524. add chain=virus protocol=tcp dst-port=139 action=drop comment="Drop Blaster \
  525. Worm" disabled=no
  526. add chain=virus protocol=tcp dst-port=135 action=drop comment="Drop Blaster \
  527. Worm" disabled=no
  528. add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
  529. Worm" disabled=no
  530. add chain=forward action=accept comment="接受所有数据" disabled=no
  531. add chain=input action=jump jump-target=virus comment="跳转到病毒链表" \
  532. disabled=no
  533. add chain=output action=jump jump-target=virus comment="跳转到病毒链表" \
  534. disabled=no
  535. add chain=output protocol=icmp action=jump jump-target=ICMP \
  536. comment="跳转到ICMP链表" disabled=no
  537. / ip firewall service-port
  538. set ftp ports=21 disabled=no
  539. set tftp ports=69 disabled=no
  540. set irc ports=6667 disabled=no
  541. set h323 disabled=yes
  542. set quake3 disabled=no
  543. set mms disabled=no
  544. set gre disabled=yes
  545. set pptp disabled=yes
  546. / ip dhcp-server
  547. add name="dhcp1" interface=lan lease-time=3d address-pool=dhcp_pool1 \
  548. bootp-support=static disabled=no
  549. / ip dhcp-server config
  550. set store-leases-disk=5m
  551. / ip dhcp-server lease
  552. / ip dhcp-server network
  553. add address=192.168.0.0/24 gateway=192.168.0.1 \
  554. dns-server=192.168.0.1,202.100.96.68,222.75.152.129 comment=""
  555. / ip hotspot service-port
  556. set ftp ports=21 disabled=no
  557. / ip hotspot profile
  558. set default name="default" hotspot-address=0.0.0.0 dns-name="" \
  559. html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
  560. smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
  561. split-user-domain=no use-radius=no
  562. / ip hotspot user profile
  563. set default name="default" idle-timeout=none keepalive-timeout=2m \
  564. status-autorefresh=1m shared-users=1 transparent-proxy=yes \
  565. open-status-page=always advertise=no
  566. / ip ipsec proposal
  567. add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
  568. lifebytes=0 pfs-group=modp1024 disabled=no
  569. / system logging
  570. add topics=info prefix="" action=memory disabled=no
  571. add topics=error prefix="" action=memory disabled=no
  572. add topics=warning prefix="" action=memory disabled=no
  573. add topics=critical prefix="" action=echo disabled=no
  574. / system logging action
  575. set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
  576. set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
  577. set echo name="echo" target=echo remember=yes
  578. set remote name="remote" target=remote remote=0.0.0.0:514
  579. / system script
  580. add name="script1" source=":foreach i in=\[/ip arp find dynamic=yes \] \
  581. do=\[/ip arp add copy-from=\$i\]" \
  582. policy=ftp,reboot,read,write,policy,test,winbox,password
  583. / system upgrade mirror
  584. set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
  585. check-interval=1d user=""
  586. / system clock dst
  587. set dst-delta=+01:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970 \
  588. 00:00:00"
  589. / system watchdog
  590. set reboot-on-failure=yes watch-address=none watchdog-timer=yes \
  591. no-ping-delay=5m automatic-supout=yes auto-send-supout=no
  592. / system console
  593. add port=serial0 term="" disabled=no
  594. set FIXME term="linux" disabled=no
  595. set FIXME term="linux" disabled=no
  596. set FIXME term="linux" disabled=no
  597. set FIXME term="linux" disabled=no
  598. set FIXME term="linux" disabled=no
  599. set FIXME term="linux" disabled=no
  600. set FIXME term="linux" disabled=no
  601. set FIXME term="linux" disabled=no
  602. / system console screen
  603. set line-count=25
  604. / system identity
  605. set name="FuYuanJiuDian"
  606. / system note
  607. set show-at-login=yes note=""
  608. / system scheduler
  609. add name="schedule1" on-event=":local assign-address
  610. \n:local \
  611. new-address
  612. \n:local status
  613. \n:local x
  614. \n:set x 3
  615. \n:for i from=1 to=\$x \
  616. do={
  617. \n:set status \[/interface get \[/interface find name=("pppoe-out" \
  618. . \$i)\] running\]
  619. \n:if (\$status=true) do={
  620. \n:set new-address \[/ip \
  621. address get \[/ip address find dynamic=yes interface=("pppoe-out" . \
  622. \$i)\] address\]
  623. \n:set new-address \[:pick \$new-address 0 \[:find \
  624. \$new-address "/"\]\]
  625. \n:set assign-address \[/ip address get \[/ip \
  626. address find dynamic=no interface=("pppoe-out" . \$i)\] address\]
  627. \n:set \
  628. assign-address \[:pick \$assign-address 0 \[:find \$assign-address \
  629. "/"\]\]
  630. \n:if (\$assign-address != \$new-address) do={
  631. \n/ip address set \
  632. \[/ip address find comment=("adsl" . \$i)\] address=\$new-address \
  633. network=\$new-address broadcast=\$new-address
  634. \n/ip route set \[/ip route \
  635. find comment=("adsl" . \$i)\] gateway=\$new-address
  636. \n}
  637. \n}
  638. \n}" \
  639. start-date=jan/01/1970 start-time=00:00:00 interval=30s comment="自动改IP" \
  640. disabled=no
  641. / system gps
  642. set enabled=no set-system-time=no
  643. / system lcd
  644. set enabled=no type=24x4 port=parallel contrast=0
  645. / system lcd page
  646. set time display-time=5s disabled=yes
  647. set resources display-time=5s disabled=yes
  648. set uptime display-time=5s disabled=yes
  649. set packets display-time=5s disabled=yes
  650. set bits display-time=5s disabled=yes
  651. set version display-time=5s disabled=yes
  652. set pppoe-out2 display-time=5s disabled=yes
  653. set pppoe-out3 display-time=5s disabled=yes
  654. set lan display-time=5s disabled=yes
  655. set wan1 display-time=5s disabled=yes
  656. set wan2 display-time=5s disabled=yes
  657. set wan3 display-time=5s disabled=yes
  658. set pppoe-out1 display-time=5s disabled=yes
  659. / system ntp server
  660. set enabled=no broadcast=no multicast=no manycast=yes
  661. / system ntp client
  662. set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
  663. / system routerboard bios
  664. set
  665. / system health
  666. set state-after-reboot=enabled
  667. / port
  668. set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
  669. flow-control=hardware
  670. set serial1 name="serial1" baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
  671. flow-control=hardware
  672. / ppp profile
  673. set default name="default" use-compression=default use-vj-compression=default \
  674. use-encryption=default only-one=default change-tcp-mss=default comment=""
  675. set default-encryption name="default-encryption" use-compression=default \
  676. use-vj-compression=default use-encryption=yes only-one=default \
  677. change-tcp-mss=default comment=""
  678. / ppp aaa
  679. set use-radius=no accounting=yes interim-update=0s
  680. / queue type
  681. set default name="default" kind=pfifo pfifo-limit=50
  682. set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
  683. set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
  684. sfq-allot=1514
  685. set synchronous-default name="synchronous-default" kind=red red-limit=60 \
  686. red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
  687. set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
  688. sfq-allot=1514
  689. add name="pcq-down" kind=pcq pcq-rate=1000000 pcq-limit=50 \
  690. pcq-classifier=dst-address pcq-total-limit=2000
  691. add name="pcq-up" kind=pcq pcq-rate=128000 pcq-limit=50 \
  692. pcq-classifier=src-address pcq-total-limit=2000
  693. / queue tree
  694. add name="pcqdown" parent=global-in packet-mark=all_mark limit-at=0 \
  695. queue=pcq-down priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
  696. burst-time=0s disabled=yes
  697. add name="pcqup" parent=global-out packet-mark=all_mark limit-at=0 \
  698. queue=pcq-up priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
  699. burst-time=0s disabled=yes
  700. / user
  701. add name="mark" group=full address=0.0.0.0/0 comment="system default user" \
  702. disabled=no
  703. / user group
  704. add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\
  705. tp,!write,!policy
  706. add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
  707. ,web,!ftp,!policy
  708. add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
  709. x,password,web
  710. / user aaa
  711. set use-radius=no accounting=yes interim-update=0s default-group=read
  712. / radius incoming
  713. set accept=no port=1700
  714. / driver
  715. / snmp
  716. set enabled=no contact="" location=""
  717. / snmp community
  718. set public name="public" address=0.0.0.0/0 read-access=yes
  719. / tool bandwidth-server
  720. set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
  721. / tool mac-server ping
  722. set enabled=yes
  723. / tool e-mail
  724. set server=0.0.0.0 from="<>"
  725. / tool sniffer
  726. set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 \
  727. streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes \
  728. filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \
  729. filter-address2=0.0.0.0/0:0-65535
  730. / tool graphing
  731. set store-every=5min
  732. / tool graphing interface
  733. add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
复制代码
routeros
回复

使用道具 举报

mark_x
 楼主| 发表于 2008-11-7 08:53:05 | 显示全部楼层
有知道的没有啊!给个说法啊!版主在不!
routeros
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-22 00:45 , Processed in 0.116965 second(s), 4 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表