找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 6188|回复: 10

[其它] RouteOS 防火墙设置

[复制链接]
发表于 2005-3-30 22:08:32 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
红色部分修改成自己的内网址Virus:/ip firewall add name=virus/ip firewall rule virus add comment="Drop Blaster Worm"  dst-address=:135-139 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Messenger Worm"  dst-address=:135-139 protocol=udp action=drop /ip firewall rule virus add comment="Drop Blaster Worm"    dst-address=:445 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Blaster Worm"    dst-address=:445 protocol=udp action=drop /ip firewall rule virus add comment=" ________"     dst-address=:593 protocol=tcp action=drop /ip firewall rule virus add comment="________"  dst-address=:1024-1030 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom"   dst-address=:1080 protocol=tcp action=drop /ip firewall rule virus add comment="________"  dst-address=:1214 protocol=tcp action=drop /ip firewall rule virus add comment="ndm requester"  dst-address=:1363 protocol=tcp action=drop /ip firewall rule virus add comment="ndm server"  dst-address=:1364 protocol=tcp action=drop /ip firewall rule virus add comment="screen cast" dst-address=:1368 protocol=tcp action=drop /ip firewall rule virus add comment="cichlid" dst-address=:1373 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop /ip firewall rule virus add comment="Bagle Virus" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:2283 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle" dst-address=:2535 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.C-K" dst-address=:2745 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom" dst-address=:3127-3128 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Backdoor OptixPro" dst-address=:3410 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=tcp action=drop /ip firewall rule virus add comment="Worm" dst-address=:4444 protocol=udp action=drop /ip firewall rule virus add comment="Drop Sasser" dst-address=:5554 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Beagle.B" dst-address=:8866 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dabber.A-B" dst-address=:9898 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Dumaru.Y" dst-address=:10000 protocol=tcp action=drop /ip firewall rule virus add comment="Drop MyDoom.B" dst-address=:10080 protocol=tcp action=drop /ip firewall rule virus add comment="Drop NetBus"  dst-address=:12345 protocol=tcp action=drop /ip firewall rule virus add comment="Drop Kuang2"  dst-address=:13700 protocol=tcp action=drop /ip firewall rule virus add comment="Drop SubSeven" dst-address=:27374 protocol=tcp action=drop /ip firewall rule virus add comment="Drop PhatBot, Agobot, Gaobot" dst-address=:65506 protocol=tcp action=drop input/ip firewall rule input add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule input add comment="Allow established connections"  connection-state=established action=accept /ip firewall rule input add comment="Allow related connections" connection-state=related action=accept /ip firewall rule input add comment="!!! Check for well-known viruses !!!" action=jump jump-target=virus /ip firewall rule input add comment="Allow UDP"  protocol=udp action=accept /ip firewall rule input add comment="Allow ICMP Ping" protocol=icmp action=accept /ip firewall rule input add comment="Allow access from our local network"  src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network"  src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Allow access from our local network"  src-address=x.x.x.x/x action=accept /ip firewall rule input add comment="Log and drop everything else"  action=drop log=yesforward/ip firewall rule forward add comment="Drop invalid connections" connection-state=invalid action=drop /ip firewall rule forward add comment="Established connections"  connection-state=established action=accept /ip firewall rule forward add comment="Related connections"  connection-state=related action=accept /ip firewall rule forward add comment="Check for well-known viruses !!!" action=jump jump-target=virus output/ip firewall rule output add comment="Drop Everything" protocol=tcp tcp-options=syn-only action=drop
routeros
发表于 2005-3-31 11:46:58 | 显示全部楼层
谢谢,我已经使用了,但不明白文中三行红字的设置,都是一模一样的,都要加吗?
routeros
回复

使用道具 举报

 楼主| 发表于 2005-3-31 16:15:40 | 显示全部楼层
允许多少个内网访问就设多少条(我的网络下有三个内网段)
routeros
回复

使用道具 举报

发表于 2005-3-31 17:25:12 | 显示全部楼层
个人觉得virus部分需要区别对待针对input部分,没必要搞的那么复杂,ROS本身受病毒感染的可能就很小。所以,留出来一些cpu时间去干其他事情还是一个好主意针对forward链,还是尽可能详尽一些的好,能知道的病毒恶意连接端口该封就封掉,免得祸害内网机器。对于有多网段的,建议还要过滤各网段之间的数据,免得已有的内网病毒到处乱窜。对于output来说,保证不要让ROS往外主动传输什么数据就足以!基于以上,建议建立两个virus,一个用于input,一个用于forward。这样科学一些。也更容易管理。
routeros
回复

使用道具 举报

发表于 2005-3-31 17:54:10 | 显示全部楼层
太复杂了,还得好好学,我这里是网吧的路由,按上面作了规则后,公安局来电话说无法监控了,因为他们用的是sql server,所以赶紧查了一下,发现是用的1433和1434端口,正好被/ip firewall rule virus add comment="Worm" dst-address=:1433-1434 protocol=tcp action=drop封了,disable后,才正常,呵呵.............
routeros
回复

使用道具 举报

发表于 2005-4-5 20:26:16 | 显示全部楼层
我设置了后telnet、Web、Winbox都进去不了了,郁闷。
routeros
回复

使用道具 举报

发表于 2005-4-5 21:05:19 | 显示全部楼层
QUOTE (bysoft @ Apr 5 2005, 08:26 PM)
我设置了后telnet、Web、Winbox都进去不了了,郁闷。  
  得允许21,23等端口可以被访问。
routeros
回复

使用道具 举报

发表于 2005-8-20 16:49:58 | 显示全部楼层

不明白,请指教

routeros
回复

使用道具 举报

发表于 2005-8-22 05:04:29 | 显示全部楼层
还要努力
routeros
回复

使用道具 举报

发表于 2005-9-21 09:52:52 | 显示全部楼层

用了

顶了
routeros
回复

使用道具 举报

发表于 2006-2-6 23:03:09 | 显示全部楼层
好象不适合2.9.8用啊
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-5 22:32 , Processed in 0.119726 second(s), 4 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表