当前位置:w88优德官网网文章中心服务器安全维护 → RouterOS官方防火墙脚本

RouterOS官方防火墙脚本

减小字体 增大字体 作者:admin  来源:www.hack50.com  发布时间:2011-11-29 8:00:52
百度权重查询 站长交易 友情链接交换 企业建站Cuoxin建站大师,招分销商 核心提示:文章标题:RouterOS官方防火墙脚本。Linux是中国站长站的一个技术频道。包含桌面应用,Linux系统管理,内核研究,嵌入式系统和开源等一些基本分类 /ipfirewallconnectiontracking
setenabled=yestcp-syn-sent-timeout=1mtcp-syn-received-timeout=1m\
tcp-established-timeout=1dtcp-fin-wait-timeout=10s\
tcp-close-wait-timeout=10stcp-last-ack-timeout=10s\
tcp-time-wait-timeout=10stcp-close-timeout=10sudp-timeout=10s\
udp-stream-timeout=3micmp-timeout=10sgeneric-timeout=10m
/ipfirewallfilter
addchain=inputconnection-state=establishedaction=acceptcomment="accept\
establishedconnectionpackets"disabled=no
addchain=inputconnection-state=relatedaction=acceptcomment="acceptrelated\

connectionpackets"disabled=no
addchain=inputconnection-state=invalidaction=dropcomment="dropinvalid\
packets"disabled=no
addchain=inputprotocol=tcppsd=21,3s,3,1action=dropcomment="detectand\
dropportscanconnections"disabled=no
addchain=inputprotocol=tcpconnection-limit=3,32src-address-list=black_list\

action=tarpitcomment="suppressDoSattack"disabled=no
addchain=inputprotocol=tcpconnection-limit=10,32\
action=add-src-to-address-listaddress-list=black_list\
address-list-timeout=1dcomment="detectDoSattack"disabled=no
addchain=inputdst-address-type=!localaction=dropcomment="dropallthatis\
nottolocal"disabled=no
addchain=inputsrc-address-type=!unicastaction=dropcomment="dropallthat\
isnotfromunicast"disabled=no
addchain=inputprotocol=icmpaction=jumpjump-target=ICMPcomment="jumpto\
chainICMP"disabled=no
addchain=inputaction=jumpjump-target=servicescomment="jumptochain\
services"disabled=no
addchain=inputaction=loglog-prefix="input"comment=""disabled=yes
addchain=inputaction=dropcomment="dropeverythingelse"disabled=no
addchain=ICMPprotocol=icmpicmp-options=0:0-255limit=5,5action=accept\
comment="0:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:3limit=5,5action=accept\
comment="3:3andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:4limit=5,5action=accept\
comment="3:4andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=8:0-255limit=5,5action=accept\
comment="8:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=11:0-255limit=5,5action=accept\
comment="11:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpaction=dropcomment="Dropeverythingelse"\
disabled=no
addchain=servicessrc-address=127.0.0.1dst-address=127.0.0.1action=accept\
comment="acceptlocalhost"disabled=no
addchain=servicesprotocol=tcpdst-port=20-21action=acceptcomment="allow\
ftp"disabled=no
addchain=servicesprotocol=tcpdst-port=22action=acceptcomment="allowsftp,\

ssh"disabled=no
addchain=servicesprotocol=tcpdst-port=23action=acceptcomment="allow\
telnet"disabled=no
addchain=servicesprotocol=tcpdst-port=80action=acceptcomment="allowhttp,\

webbox"disabled=no
addchain=servicesprotocol=tcpdst-port=8291action=acceptcomment="Allow\
winbox"disabled=no
addchain=servicesprotocol=udpdst-port=20561action=acceptcomment="allow\
MACwinbox"disabled=no
addchain=servicessrc-address=159.148.172.205protocol=tcpdst-port=7828\
action=acceptcomment="..."disabled=no
addchain=servicesprotocol=tcpdst-port=2000action=acceptcomment="Bandwidth\

server"disabled=yes
addchain=servicesprotocol=udpdst-port=5678action=acceptcomment="MT\
DiscoveryProtocol"disabled=yes
addchain=servicesprotocol=tcpdst-port=53action=acceptcomment="allowDNS\
request"disabled=yes
addchain=servicesprotocol=udpdst-port=53action=acceptcomment="AllowDNS\
request"disabled=yes
addchain=servicesprotocol=udpdst-port=1701action=acceptcomment="allow\
L2TP"disabled=yes
addchain=servicesprotocol=tcpdst-port=1723action=acceptcomment="allow\
PPTP"disabled=yes
addchain=servicesprotocol=greaction=acceptcomment="allowPPTPandEoIP"\
disabled=yes
addchain=servicesprotocol=ipencapaction=acceptcomment="allowIPIP"\
disabled=yes
addchain=servicesprotocol=udpdst-port=1900action=acceptcomment="UPnP"\
disabled=yes
addchain=servicesprotocol=tcpdst-port=2828action=acceptcomment="UPnP"\
disabled=yes
addchain=servicesprotocol=udpdst-port=67-68action=acceptcomment="allow\
DHCP"disabled=yes
addchain=servicesprotocol=tcpdst-port=8080action=acceptcomment="allowWeb\

Proxy"disabled=yes
addchain=servicesprotocol=tcpdst-port=123action=acceptcomment="allowNTP"\

disabled=yes
addchain=servicesprotocol=tcpdst-port=161action=acceptcomment="allow\
SNMP"disabled=yes
addchain=servicesprotocol=tcpdst-port=443action=acceptcomment="allow\
httpsforHotspot"disabled=yes
addchain=servicesprotocol=tcpdst-port=1080action=acceptcomment="allow\
SocksforHotspot"disabled=yes
addchain=servicesprotocol=udpdst-port=500action=acceptcomment="allow\
IPSecconnections"disabled=yes
addchain=servicesprotocol=ipsec-espaction=acceptcomment="allowIPSec"\
disabled=yes
addchain=servicesprotocol=ipsec-ahaction=acceptcomment="allowIPSec"\
disabled=yes
addchain=servicesprotocol=tcpdst-port=179action=acceptcomment="AllowBGP"\

disabled=yes
addchain=servicesprotocol=udpdst-port=520-521action=acceptcomment="allow\
RIP"disabled=yes
addchain=servicesprotocol=ospfaction=acceptcomment="allowOSPF"\
disabled=yes
addchain=servicesprotocol=udpdst-port=5000-5100action=accept\
comment="allowBGP"disabled=yes
addchain=servicesprotocol=tcpdst-port=1720action=acceptcomment="allow\
Telephony"disabled=yes
addchain=servicesprotocol=udpdst-port=1719action=acceptcomment="allow\
Telephony"disabled=yes
addchain=servicesprotocol=vrrpaction=acceptcomment="allowVRRP"\
disabled=yes
addchain=virusprotocol=tcpdst-port=135-139action=dropcomment="Drop\
BlasterWorm"disabled=no
addchain=virusprotocol=udpdst-port=135-139action=dropcomment="Drop\
MessengerWorm"disabled=no
addchain=virusprotocol=tcpdst-port=445action=dropcomment="DropBlaster\
Worm"disabled=no
addchain=virusprotocol=udpdst-port=445action=dropcomment="DropBlaster\
Worm"disabled=no
addchain=virusprotocol=tcpdst-port=593action=dropcomment="________"\
disabled=no
addchain=virusprotocol=tcpdst-port=1024-1030action=dropcomment="________"\

disabled=no
addchain=virusprotocol=tcpdst-port=1080action=dropcomment="DropMyDoom"\
disabled=no
addchain=virusprotocol=tcpdst-port=1214action=dropcomment="________"\
disabled=no
addchain=virusprotocol=tcpdst-port=1363action=dropcomment="ndmrequester"\

disabled=no
addchain=virusprotocol=tcpdst-port=1364action=dropcomment="ndmserver"\
disabled=no
addchain=virusprotocol=tcpdst-port=1368action=dropcomment="screencast"\
disabled=no
addchain=virusprotocol=tcpdst-port=1373action=dropcomment="hromgrafx"\
disabled=no
addchain=virusprotocol=tcpdst-port=1377action=dropcomment="cichlid"\
disabled=no
addchain=virusprotocol=tcpdst-port=1433-1434action=dropcomment="Worm"\
disabled=no
addchain=virusprotocol=tcpdst-port=2745action=dropcomment="BagleVirus"\
disabled=no
addchain=virusprotocol=tcpdst-port=2283action=dropcomment="DropDumaru.Y"\

disabled=no
addchain=virusprotocol=tcpdst-port=2535action=dropcomment="DropBeagle"\
disabled=no
addchain=virusprotocol=tcpdst-port=2745action=dropcomment="Drop\
Beagle.C-K"disabled=no
addchain=virusprotocol=tcpdst-port=3127-3128action=dropcomment="Drop\
MyDoom"disabled=no
addchain=virusprotocol=tcpdst-port=3410action=dropcomment="DropBackdoor\
OptixPro"disabled=no
addchain=virusprotocol=tcpdst-port=4444action=dropcomment="Worm"\
disabled=no
addchain=virusprotocol=udpdst-port=4444action=dropcomment="Worm"\
disabled=no
addchain=virusprotocol=tcpdst-port=5554action=dropcomment="DropSasser"\
disabled=no
addchain=virusprotocol=tcpdst-port=8866action=dropcomment="DropBeagle.B"\

disabled=no
addchain=virusprotocol=tcpdst-port=9898action=dropcomment="Drop\
Dabber.A-B"disabled=no
addchain=virusprotocol=tcpdst-port=10000action=dropcomment="Drop\
Dumaru.Y"disabled=no
addchain=virusprotocol=tcpdst-port=10080action=dropcomment="Drop\
MyDoom.B"disabled=no
addchain=virusprotocol=tcpdst-port=12345action=dropcomment="DropNetBus"\
disabled=no
addchain=virusprotocol=tcpdst-port=17300action=dropcomment="DropKuang2"\
disabled=no
addchain=virusprotocol=tcpdst-port=27374action=dropcomment="Drop\
SubSeven"disabled=no
addchain=virusprotocol=tcpdst-port=65506action=dropcomment="DropPhatBot,\

Gaobot"disabled=no
addchain=forwardconnection-state=establishedaction=acceptcomment="accept\
establishedpackets"disabled=no
addchain=forwardconnection-state=relatedaction=acceptcomment="accept\
relatedpackets"disabled=no
addchain=forwardconnection-state=invalidaction=dropcomment="dropinvalid\
packets"disabled=no
addchain=forwardsrc-address-type=!unicastaction=dropcomment="dropallthat\

isnotfromunicast"disabled=no
addchain=forwardin-interface=internetsrc-address-list=not_in_internet\
action=dropcomment="dropdatafrombogonIP's"disabled=no
addchain=forwardin-interface=!internetdst-address-list=not_in_internet\
action=dropcomment="dropdatatobogonIP's"disabled=no
addchain=forwardprotocol=icmpaction=jumpjump-target=ICMPcomment="jumpto\
chainICMP"disabled=no
addchain=forwardaction=jumpjump-target=viruscomment="jumptoviruschain"\
disabled=no
addchain=forwardaction=acceptcomment="Accepteverythingelse"disabled=no
addchain=outputconnection-state=invalidaction=dropcomment="dropinvalid\
packets"disabled=no
addchain=outputconnection-state=relatedaction=acceptcomment="accept\
relatedpackets"disabled=no
addchain=outputconnection-state=establishedaction=acceptcomment="accept\
establishedpackets"disabled=no
addchain=outputaction=dropcomment="Dropallconnectionsfromthisrouter"\
disabled=no
/ipfirewalladdress-list
addlist=not_in_internetaddress=0.0.0.0/8comment=""disabled=no
addlist=not_in_internetaddress=172.16.0.0/12comment=""disabled=no
addlist=not_in_internetaddress=192.168.0.0/16comment=""disabled=no
addlist=not_in_internetaddress=10.0.0.0/8comment=""disabled=no
addlist=not_in_internetaddress=169.254.0.0/16comment=""disabled=no
addlist=not_in_internetaddress=127.0.0.0/8comment=""disabled=no
addlist=not_in_internetaddress=224.0.0.0/3comment=""disabled=no
/ipfirewallservice-port
setftpports=21disabled=no
settftpports=69disabled=no
setircports=6667disabled=no
seth323disabled=yes
setquake3disabled=no
setmmsdisabled=no
setgredisabled=yes
setpptpdisabled=yes

本文引用网址:
在下列搜索引擎中搜索“RouterOS官方防火墙脚本”的相关信息:
谷歌搜索 百度搜索 雅虎搜索 搜狗搜索 搜搜搜索 必应搜索 有道搜索
你可能还喜欢以下文章
  • 1雨后小故事完整版 雨后的小故事...
  • 2四川美院女生遭前男友发艳照报...
  • 3林晨钰爆奶门照片ed2k 林晨钰爆...
  • 4王婷不雅视频 王婷全裸艳照 王...
  • 5雨后小故事、雨后小故事01动态...
  • 1Dedecms会员注册验证邮箱的实现...
  • 2Z-Blog去掉文章评论的 邮箱 验...
  • 3说说"电视棒"为什么卖得这么火...
  • 4纵观国内美女网站十年发展历程...
  • 510 个提供免费优德w88官网搜索建议服务...
  • 1日本AV六级试卷 (附标准答案)
  • 2中国女大学生的淫靡生活
  • 3武汉十七中教室门种子 教室门q...
  • 4林晨钰爆奶门视频qvod 林晨钰爆...
  • 5空姐制服写真@天津外国语学院美...
  • 1加密无痕Win7系统让U盘成为个人...
  • 224日预警:将感染电脑变成FTP服...
  • 3熊猫烧香、威金的解决办法
  • 4vsftp配置大全---超完整版
  • 5服务器技巧 关于虚拟机管理重要...
  • 赞助商广告

    图片文章导读