RouterOS官方防火墙脚本
点击次数:35 次 发布日期:2008-11-22 09:40:51 作者:源代码网
|
setenabled=yestcp-syn-sent-timeout=1mtcp-syn-received-timeout=1m tcp-established-timeout=1dtcp-fin-wait-timeout=10s tcp-close-wait-timeout=10stcp-last-ack-timeout=10s tcp-time-wait-timeout=10stcp-close-timeout=10sudp-timeout=10s udp-stream-timeout=3micmp-timeout=10sgeneric-timeout=10m /ipfirewallfilter addchain=inputconnection-state=establishedaction=acceptcomment="accept establishedconnectionpackets"disabled=no addchain=inputconnection-state=relatedaction=acceptcomment="acceptrelated connectionpackets"disabled=no addchain=inputconnection-state=invalidaction=dropcomment="dropinvalid packets"disabled=no addchain=inputprotocol=tcppsd=21,3s,3,1action=dropcomment="detectand dropportscanconnections"disabled=no addchain=inputprotocol=tcpconnection-limit=3,32src-address-list=black_list action=tarpitcomment="suppressDoSattack"disabled=no addchain=inputprotocol=tcpconnection-limit=10,32 action=add-src-to-address-listaddress-list=black_list address-list-timeout=1dcomment="detectDoSattack"disabled=no addchain=inputdst-address-type=!localaction=dropcomment="dropallthatis nottolocal"disabled=no addchain=inputsrc-address-type=!unicastaction=dropcomment="dropallthat isnotfromunicast"disabled=no addchain=inputprotocol=icmpaction=jumpjump-target=ICMPcomment="jumpto chainICMP"disabled=no addchain=inputaction=jumpjump-target=servicescomment="jumptochain services"disabled=no addchain=inputaction=loglog-prefix="input"comment=""disabled=yes addchain=inputaction=dropcomment="dropeverythingelse"disabled=no addchain=ICMPprotocol=icmpicmp-options=0:0-255limit=5,5action=accept comment="0:0andlimitfor5pac/s"disabled=no addchain=ICMPprotocol=icmpicmp-options=3:3limit=5,5action=accept comment="3:3andlimitfor5pac/s"disabled=no addchain=ICMPprotocol=icmpicmp-options=3:4limit=5,5action=accept comment="3:4andlimitfor5pac/s"disabled=no addchain=ICMPprotocol=icmpicmp-options=8:0-255limit=5,5action=accept comment="8:0andlimitfor5pac/s"disabled=no addchain=ICMPprotocol=icmpicmp-options=11:0-255limit=5,5action=accept comment="11:0andlimitfor5pac/s"disabled=no addchain=ICMPprotocol=icmpaction=dropcomment="Dropeverythingelse" disabled=no addchain=servicessrc-address=127.0.0.1dst-address=127.0.0.1action=accept comment="acceptlocalhost"disabled=no addchain=servicesprotocol=tcpdst-port=20-21action=acceptcomment="allow ftp"disabled=no addchain=servicesprotocol=tcpdst-port=22action=acceptcomment="allowsftp, ssh"disabled=no addchain=servicesprotocol=tcpdst-port=23action=acceptcomment="allow telnet"disabled=no addchain=servicesprotocol=tcpdst-port=80action=acceptcomment="allowhttp, webbox"disabled=no addchain=servicesprotocol=tcpdst-port=8291action=acceptcomment="Allow winbox"disabled=no addchain=servicesprotocol=udpdst-port=20561action=acceptcomment="allow MACwinbox"disabled=no addchain=servicessrc-address=159.148.172.205protocol=tcpdst-port=7828 action=acceptcomment="..."disabled=no addchain=servicesprotocol=tcpdst-port=2000action=acceptcomment="Bandwidth server"disabled=yes addchain=servicesprotocol=udpdst-port=5678action=acceptcomment="MT DiscoveryProtocol"disabled=yes addchain=servicesprotocol=tcpdst-port=53action=acceptcomment="allowDNS request"disabled=yes addchain=servicesprotocol=udpdst-port=53action=acceptcomment="AllowDNS request"disabled=yes addchain=servicesprotocol=udpdst-port=1701action=acceptcomment="allow L2TP"disabled=yes addchain=servicesprotocol=tcpdst-port=1723action=acceptcomment="allow PPTP"disabled=yes addchain=servicesprotocol=greaction=acceptcomment="allowPPTPandEoIP" disabled=yes addchain=servicesprotocol=ipencapaction=acceptcomment="allowIPIP" disabled=yes addchain=servicesprotocol=udpdst-port=1900action=acceptcomment="UPnP" disabled=yes addchain=servicesprotocol=tcpdst-port=2828action=acceptcomment="UPnP" disabled=yes addchain=servicesprotocol=udpdst-port=67-68action=acceptcomment="allow DHCP"disabled=yes addchain=servicesprotocol=tcpdst-port=8080action=acceptcomment="allowWeb Proxy"disabled=yes addchain=servicesprotocol=tcpdst-port=123action=acceptcomment="allowNTP" disabled=yes addchain=servicesprotocol=tcpdst-port=161action=acceptcomment="allow SNMP"disabled=yes addchain=servicesprotocol=tcpdst-port=443action=acceptcomment="allow httpsforHotspot"disabled=yes addchain=servicesprotocol=tcpdst-port=1080action=acceptcomment="allow SocksforHotspot"disabled=yes addchain=servicesprotocol=udpdst-port=500action=acceptcomment="allow IPSecconnections"disabled=yes addchain=servicesprotocol=ipsec-espaction=acceptcomment="allowIPSec" disabled=yes addchain=servicesprotocol=ipsec-ahaction=acceptcomment="allowIPSec" disabled=yes addchain=servicesprotocol=tcpdst-port=179action=acceptcomment="AllowBGP" disabled=yes addchain=servicesprotocol=udpdst-port=520-521action=acceptcomment="allow RIP"disabled=yes addchain=servicesprotocol=ospfaction=acceptcomment="allowOSPF" disabled=yes addchain=servicesprotocol=udpdst-port=5000-5100action=accept comment="allowBGP"disabled=yes addchain=servicesprotocol=tcpdst-port=1720action=acceptcomment="allow Telephony"disabled=yes addchain=servicesprotocol=udpdst-port=1719action=acceptcomment="allow Telephony"disabled=yes addchain=servicesprotocol=vrrpaction=acceptcomment="allowVRRP" disabled=yes addchain=virusprotocol=tcpdst-port=135-139action=dropcomment="Drop BlasterWorm"disabled=no addchain=virusprotocol=udpdst-port=135-139action=dropcomment="Drop MessengerWorm"disabled=no addchain=virusprotocol=tcpdst-port=445action=dropcomment="DropBlaster Worm"disabled=no addchain=virusprotocol=udpdst-port=445action=dropcomment="DropBlaster Worm"disabled=no addchain=virusprotocol=tcpdst-port=593action=dropcomment="________" disabled=no addchain=virusprotocol=tcpdst-port=1024-1030action=dropcomment="________" disabled=no addchain=virusprotocol=tcpdst-port=1080action=dropcomment="DropMyDoom" disabled=no addchain=virusprotocol=tcpdst-port=1214action=dropcomment="________" disabled=no addchain=virusprotocol=tcpdst-port=1363action=dropcomment="ndmrequester" disabled=no addchain=virusprotocol=tcpdst-port=1364action=dropcomment="ndmserver" disabled=no addchain=virusprotocol=tcpdst-port=1368action=dropcomment="screencast" disabled=no addchain=virusprotocol=tcpdst-port=1373action=dropcomment="hromgrafx" disabled=no addchain=virusprotocol=tcpdst-port=1377action=dropcomment="cichlid" disabled=no addchain=virusprotocol=tcpdst-port=1433-1434action=dropcomment="Worm" disabled=no addchain=virusprotocol=tcpdst-port=2745action=dropcomment="BagleVirus" disabled=no addchain=virusprotocol=tcpdst-port=2283action=dropcomment="DropDumaru.Y" disabled=no addchain=virusprotocol=tcpdst-port=2535action=dropcomment="DropBeagle" disabled=no addchain=virusprotocol=tcpdst-port=2745action=dropcomment="Drop Beagle.C-K"disabled=no addchain=virusprotocol=tcpdst-port=3127-3128action=dropcomment="Drop MyDoom"disabled=no addchain=virusprotocol=tcpdst-port=3410action=dropcomment="DropBackdoor OptixPro"disabled=no addchain=virusprotocol=tcpdst-port=4444action=dropcomment="Worm" disabled=no addchain=virusprotocol=udpdst-port=4444action=dropcomment="Worm" disabled=no addchain=virusprotocol=tcpdst-port=5554action=dropcomment="DropSasser" disabled=no addchain=virusprotocol=tcpdst-port=8866action=dropcomment="DropBeagle.B" disabled=no addchain=virusprotocol=tcpdst-port=9898action=dropcomment="Drop Dabber.A-B"disabled=no addchain=virusprotocol=tcpdst-port=10000action=dropcomment="Drop Dumaru.Y"disabled=no addchain=virusprotocol=tcpdst-port=10080action=dropcomment="Drop MyDoom.B"disabled=no addchain=virusprotocol=tcpdst-port=12345action=dropcomment="DropNetBus" disabled=no addchain=virusprotocol=tcpdst-port=17300action=dropcomment="DropKuang2" disabled=no addchain=virusprotocol=tcpdst-port=27374action=dropcomment="Drop SubSeven"disabled=no addchain=virusprotocol=tcpdst-port=65506action=dropcomment="DropPhatBot, Gaobot"disabled=no addchain=forwardconnection-state=establishedaction=acceptcomment="accept establishedpackets"disabled=no addchain=forwardconnection-state=relatedaction=acceptcomment="accept relatedpackets"disabled=no addchain=forwardconnection-state=invalidaction=dropcomment="dropinvalid packets"disabled=no addchain=forwardsrc-address-type=!unicastaction=dropcomment="dropallthat isnotfromunicast"disabled=no addchain=forwardin-interface=internetsrc-address-list=not_in_internet action=dropcomment="dropdatafrombogonIP"s"disabled=no addchain=forwardin-interface=!internetdst-address-list=not_in_internet action=dropcomment="dropdatatobogonIP"s"disabled=no addchain=forwardprotocol=icmpaction=jumpjump-target=ICMPcomment="jumpto chainICMP"disabled=no addchain=forwardaction=jumpjump-target=viruscomment="jumptoviruschain" disabled=no addchain=forwardaction=acceptcomment="Accepteverythingelse"disabled=no addchain=outputconnection-state=invalidaction=dropcomment="dropinvalid packets"disabled=no addchain=outputconnection-state=relatedaction=acceptcomment="accept relatedpackets"disabled=no addchain=outputconnection-state=establishedaction=acceptcomment="accept establishedpackets"disabled=no addchain=outputaction=dropcomment="Dropallconnectionsfromthisrouter" disabled=no /ipfirewalladdress-list addlist=not_in_internetaddress=0.0.0.0/8comment=""disabled=no addlist=not_in_internetaddress=172.16.0.0/12comment=""disabled=no addlist=not_in_internetaddress=192.168.0.0/16comment=""disabled=no addlist=not_in_internetaddress=10.0.0.0/8comment=""disabled=no addlist=not_in_internetaddress=169.254.0.0/16comment=""disabled=no addlist=not_in_internetaddress=127.0.0.0/8comment=""disabled=no addlist=not_in_internetaddress=224.0.0.0/3comment=""disabled=no /ipfirewallservice-port setftpports=21disabled=no settftpports=69disabled=no setircports=6667disabled=no seth323disabled=yes setquake3disabled=no setmmsdisabled=no setgredisabled=yes setpptpdisabled=yes 源代码网供稿. |
