发扬举一反三精神，一个IPV6的防止重复尝试登录ROS的设置

arainbow

有IPV4下的防止重复尝试登录ros的设置，现在将这种精神引申到IPV6上来，提高ROS的安全性。
同一IP30秒尝试4次以上时，阻止新建的TCP连接（端口 21,22,23,8291）

1. # sep/20/2013 10:55:04 by routeros 5.25
   
2. # software id = XXOO-XXOO
   
3. #
   
4. /ipv6 firewall filter
   
5. add action=reject chain=input connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp \
   
6.     reject-with=tcp-reset src-address-list=blocked
   
7. /ipv6 firewall mangle
   
8. add action=add-src-to-address-list address-list=blocked address-list-timeout=4h chain=input comment=\
   
9.     blocked connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
   
10.     telnet4
    
11. add action=add-src-to-address-list address-list=telnet4 address-list-timeout=30s chain=input comment=\
    
12.     telnet4 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
    
13.     telnet3
    
14. add action=add-src-to-address-list address-list=telnet3 address-list-timeout=30s chain=input comment=\
    
15.     telnet3 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
    
16.     telnet2
    
17. add action=add-src-to-address-list address-list=telnet2 address-list-timeout=30s chain=input comment=\
    
18.     telnet2 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=\
    
19.     telnet1
    
20. add action=add-src-to-address-list address-list=telnet1 address-list-timeout=30s chain=input comment=\
    
21.     telnet1 connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp
    
22. 
    

复制代码

ww111222

沙发…………………………………………………………………………

小玉

等我试用一下