|
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?注册
×
分享一个防火墙脚本 官网防火墙脚本改版的!
/ip firewall filter
add action=log chain=input comment="Log \B7\C7\B7\A8\C1\B4\BD\D3" \
connection-state=invalid disabled=no log-prefix="Invalid Connection:"
add action=drop chain=input comment=\
"\B6\AA\C6\FA\B7\C7\B7\A8\C1\B4\BD\D3\CA\FD\BE\DD" connection-state=\
invalid disabled=no
add action=drop chain=input comment=\
"\CF\DE\D6\C6\D7\DC21,22,23,80,8291\C1\B4\BD\D3\CA\FD\CE\AA20" \
connection-limit=20,0 disabled=no dst-port=21,22,23,80,8291 protocol=tcp
add action=drop chain=input comment=\
"\CC\BD\B2\E2\B2\A2\B6\AA\C6\FA\B6\CB\BF\DA\C9\A8\C3\E8\C1\B4\BD\D3" \
disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="\D1\B9\D6\C6DoS\B9\A5\BB\F7" \
connection-limit=3,32 disabled=no protocol=tcp src-address-list=\
black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d chain=input comment="\CC\BD\B2\E2DoS\B9\A5\BB\F7" \
connection-limit=10,32 disabled=no protocol=tcp
add action=drop chain=input comment=\
"\B6\AA\C6\FA\B5\F4\B7\C7\B1\BE\B5\D8\CA\FD\BE\DD" disabled=no \
dst-address-type=!local
add action=jump chain=input comment="\CC\F8\D7\AA\B5\BDICMP\C1\B4\B1\ED" \
disabled=no jump-target=ICMP protocol=icmp
add action=log chain=forward comment="Log \B7\C7\B7\A8\C1\B4\BD\D3" \
connection-state=invalid disabled=no log-prefix="Invalid Connection:"
add action=drop chain=forward comment=\
"\B6\AA\C6\FA\B7\C7\B7\A8\CA\FD\BE\DD\B0\FC" connection-state=invalid \
disabled=no
add action=drop chain=forward comment=\
"\B6\AA\C6\FA\B5\F4\CB\F9\D3\D0\B7\C7\B5\A5\B2\A5\CA\FD\BE\DD" disabled=\
no src-address-type=!unicast
add action=jump chain=forward comment="\CC\F8\D7\AA\B5\BDICMP\C1\B4\B1\ED" \
disabled=no jump-target=ICMP protocol=icmp
add action=jump chain=forward comment=\
"\CC\F8\D7\AA\B5\BD\B2\A1\B6\BE\C1\B4\B1\ED" disabled=yes jump-target=\
virus
add action=drop chain=forward comment="\CF\DE\D6\C6\C3\BF\B8\F6\D6\F7\BB\FATCP\
\C1\B4\BD\D3\CA\FD\CE\AA1024\CC\F5" connection-limit=1024,32 disabled=no \
protocol=tcp
add action=accept chain=forward comment=\
"\BD\D3\CA\DC\CB\F9\D3\D0\CA\FD\BE\DD" disabled=no
add action=accept chain=ICMP comment=\
" ing\D3\A6\B4\F0\CF\DE\D6\C6\CE\AA\C3\BF\C3\EB5\B8\F6\B0\FC" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
"Traceroute\CF\DE\D6\C6\CE\AA\C3\BF\C3\EB5\B8\F6\B0\FC" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
"MTU\CF\DF\C2\B7\CC\BD\B2\E2\CF\DE\D6\C6\CE\AA\C3\BF\C3\EB5\B8\F6\B0\FC" \
disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
"ing\C7\EB\C7\F3\CF\DE\D6\C6\CE\AA\C3\BF\C3\EB5\B8\F6\B0\FC" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
"Trace TTL\CF\DE\D6\C6\CE\AA\C3\BF\C3\EB5\B8\F6\B0\FC" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment=\
"\B6\AA\C6\FA\B5\F4\C8\CE\BA\CEICMP\CA\FD\BE\DD" disabled=no protocol=\
icmp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
|
|
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
发表于 2013-7-30 18:54:13
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
