RouteOS 防火墙设置

fschshjun · 发表于 2005-3-30 22:08:32

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？注册

×

红色部分修改成自己的内网址Virus:/ip firewall add name=virus/ip firewall rule virus add comment="Drop Blaster Worm" dst-address=:135-139 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Messenger Worm" dst-address=:135-139 protocol=udp action=drop /ip firewall rule virus add comment="Drop Blaster Worm" dst-address=:445 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Blaster Worm" dst-address=:445 protocol=udp action=drop /ip firewall rule virus add comment=" ________" dst-address=:593 protocol=tcp action=drop /ip firewall rule virus add comment="________" dst-address=:1024-1030 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom" dst-address=:1080 protocol=tcp action=drop /ip firewall rule virus add comment="________" dst-address=:1214 protocol=tcp action=drop /ip firewall rule virus add comment="ndm requester" dst-address=:1363 protocol=tcp action=drop /ip firewall rule virus add comment="ndm server" dst-address=:1364 protocol=tcp action=drop /ip firewall rule virus add comment="screen cast" dst-address=:1368 protocol=tcp action=drop /ip firewall rule virus add comment="cichlid" dst-address=:1373 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop /ip firewall rule virus add comment="Bagle Virus" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:2283 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle" dst-address=:2535 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.C-K" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom" dst-address=:3127-3128 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Backdoor OptixPro" dst-address=:3410 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=udp action=drop /ip firewall rule virus add comment="Drop Sasser" dst-address=:5554 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.B" dst-address=:8866 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dabber.A-B" dst-address=:9898 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:10000 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom.B" dst-address=:10080 protocol=tcp action=drop /ip firewall rule virus add comment="Drop NetBus" dst-address=:12345 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Kuang2" dst-address=:13700 protocol=tcp action=drop /ip firewall rule virus add comment="Drop SubSeven" dst-address=:27374 protocol=tcp action=drop /ip firewall rule virus add comment="Drop PhatBot, Agobot, Gaobot" dst-address=:65506 protocol=tcp action=drop input/ip firewall rule input add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule input add comment="Allow established connections" connection-state=established action=accept /ip firewall rule input add comment="Allow related connections" connection-state=related action=accept /ip firewall rule input add comment="!!! Check for well-known viruses !!!" action=jump jump-target=virus /ip firewall rule input add comment="Allow UDP" protocol=udp action=accept /ip firewall rule input add comment="Allow ICMP Ping" protocol=icmp action=accept /ip firewall rule input add comment="Allow access from our local network" src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network" src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network" src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Log and drop everything else" action=drop log=yesforward/ip firewall rule forward add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule forward add comment="Established connections" connection-state=established action=accept /ip firewall rule forward add comment="Related connections" connection-state=related action=accept /ip firewall rule forward add comment="Check for well-known viruses !!!" action=jump jump-target=virus output/ip firewall rule output add comment="Drop Everything" protocol=tcp tcp-options=syn-only action=drop

三公子 · 发表于 2005-3-31 11:46:58

谢谢，我已经使用了，但不明白文中三行红字的设置，都是一模一样的，都要加吗？

fschshjun · 发表于 2005-3-31 16:15:40

允许多少个内网访问就设多少条（我的网络下有三个内网段）

jack_i5 · 发表于 2005-3-31 17:25:12

个人觉得virus部分需要区别对待针对input部分，没必要搞的那么复杂，ROS本身受病毒感染的可能就很小。所以，留出来一些cpu时间去干其他事情还是一个好主意针对forward链，还是尽可能详尽一些的好，能知道的病毒恶意连接端口该封就封掉，免得祸害内网机器。对于有多网段的，建议还要过滤各网段之间的数据，免得已有的内网病毒到处乱窜。对于output来说，保证不要让ROS往外主动传输什么数据就足以！基于以上，建议建立两个virus，一个用于input，一个用于forward。这样科学一些。也更容易管理。

三公子 · 发表于 2005-3-31 17:54:10

太复杂了，还得好好学，我这里是网吧的路由，按上面作了规则后，公安局来电话说无法监控了，因为他们用的是sql server，所以赶紧查了一下，发现是用的1433和1434端口，正好被/ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop封了，disable后，才正常，呵呵.............

bysoft · 发表于 2005-4-5 20:26:16

我设置了后telnet、Web、Winbox都进去不了了，郁闷。

chatbug · 发表于 2005-4-5 21:05:19

QUOTE (bysoft @ Apr 5 2005, 08:26 PM)
我设置了后telnet、Web、Winbox都进去不了了，郁闷。
得允许21，23等端口可以被访问。

zbhdpx · 发表于 2005-8-20 16:49:58

uoada · 发表于 2005-8-22 05:04:29

还要努力

daobiao · 发表于 2005-9-21 09:52:52

顶了

htqt · 发表于 2006-2-6 23:03:09

好象不适合2.9.8用啊

账号		自动登录	找回密码
密码			注册

[其它] RouteOS 防火墙设置

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

不明白，请指教

用了