已阅读5页,还剩4页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
本脚本为网吧通用防火墙,导入命令:im *.RSC 请复制以下代码,保存为*.rsc-/ ip firewall connection tracking set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=30s tcp-established-timeout=5d tcp-fin-wait-timeout=2m tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m / ip firewall filter add chain=input connection-state=invalid action=drop comment=drop invalid packets disabled=no add chain=input connection-state=related action=accept comment=accept related packets disabled=no add chain=input connection-state=established action=accept comment=accept established packets disabled=no add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=detect and drop port scan connections disabled=no add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=suppress DoS attack disabled=no add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=detect DoS attack disabled=no add chain=input dst-address-type=!local action=drop comment=drop all that is not to local disabled=no add chain=input src-address-type=!unicast action=drop comment=drom all that is not from unicast disabled=no add chain=input protocol=icmp action=jump jump-target=ICMP comment=jump to chain ICMP disabled=no add chain=input action=jump jump-target=services comment=jump to chain services disabled=no add chain=services protocol=tcp dst-port=53 action=accept comment=allow DNS request disabled=no add chain=services protocol=udp dst-port=53 action=accept comment=Allow DNS request disabled=no add chain=services src-address= dst-address= action=accept comment=accept localhost disabled=no add chain=services protocol=tcp dst-port=20-21 action=accept comment=allow ftp disabled=no add chain=services protocol=tcp dst-port=22 action=accept comment=allow sftp, ssh disabled=no add chain=services protocol=tcp dst-port=23 action=accept comment=allow telnet disabled=no add chain=services protocol=tcp dst-port=80 action=accept comment=allow http, webbox disabled=no add chain=services protocol=tcp dst-port=8291 action=accept comment=Allow winbox disabled=no add chain=services protocol=udp dst-port=20561 action=accept comment=allow MACwinbox disabled=no add chain=services protocol=tcp dst-port=2000 action=accept comment=Bandwidth server disabled=no add chain=services protocol=udp dst-port=5678 action=accept comment= MT Discovery Protocol disabled=no add chain=services protocol=udp dst-port=1701 action=accept comment=allow L2TP disabled=no add chain=services protocol=tcp dst-port=1723 action=accept comment=allow PPTP disabled=no add chain=services protocol=gre action=accept comment=allow PPTP and EoIP disabled=no add chain=services protocol=ipencap action=accept comment=allow IPIP disabled=no add chain=services protocol=udp dst-port=1900 action=accept comment=UPnP disabled=no add chain=services protocol=tcp dst-port=2828 action=accept comment=UPnP disabled=no add chain=services protocol=udp dst-port=67-68 action=accept comment=allow DHCP disabled=no add chain=services protocol=tcp dst-port=8080 action=accept comment=allow Web Proxy disabled=no add chain=services protocol=tcp dst-port=123 action=accept comment=allow NTP disabled=no add chain=services protocol=tcp dst-port=161 action=accept comment=allow SNMP disabled=no add chain=services protocol=tcp dst-port=443 action=accept comment=allow https for Hotspot disabled=no add chain=services protocol=tcp dst-port=1080 action=accept comment=allow Socks for Hotspot disabled=no add chain=services protocol=udp dst-port=500 action=accept comment=allow IPSec connections disabled=no add chain=services protocol=ipsec-esp action=accept comment=allow IPSec disabled=no add chain=services protocol=ipsec-ah action=accept comment=allow IPSec disabled=no add chain=services protocol=tcp dst-port=179 action=accept comment=Allow BGP disabled=no add chain=services protocol=udp dst-port=520-521 action=accept comment=allow RIP disabled=no add chain=services protocol=ospf action=accept comment=allow OSPF disabled=no add chain=services protocol=udp dst-port=5000-5100 action=accept comment=allow BGP disabled=no add chain=services protocol=tcp dst-port=1720 action=accept comment=allow Telephony disabled=no add chain=services protocol=udp dst-port=1719 action=accept comment=allow Telephony disabled=no add chain=forward connection-state=invalid action=drop comment=drop invalid packets disabled=no add chain=forward connection-state=related action=accept comment=accept related packets disabled=no add chain=forward connection-state=established action=accept comment=accept established packets disabled=no add chain=forward src-address-type=!unicast action=drop comment=drop all that is not from unicast disabled=no add chain=forward protocol=icmp action=jump jump-target=ICMP comment=jump to chain ICMP disabled=no add chain=forward action=jump jump-target=virus comment=jump to virus chain disabled=no add chain=forward action=accept comment=Accept everything else disabled=no add chain=output protocol=tcp dst-port=53 action=accept comment=allow DNS request disabled=no add chain=output protocol=udp dst-port=53 action=accept comment=Allow DNS request disabled=no add chain=output connection-state=invalid action=drop comment=drop invalid packets disabled=no add chain=output connection-state=related action=accept comment=accept related packets disabled=no add chain=output connection-state=established action=accept comment=accept established packets disabled=no add chain=output protocol=icmp action=accept comment= disabled=no add chain=output action=drop comment=Drop all connections from this router disabled=no add chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop Blaster Worm disabled=no add chain=virus protocol=udp dst-port=135-139 action=drop comment=Drop Messenger Worm disabled=no add chain=virus protocol=tcp dst-port=445 action=drop comment=Drop Blaster Worm disabled=no add chain=virus protocol=udp dst-port=445 action=drop comment=Drop Blaster Worm disabled=no add chain=virus protocol=tcp dst-port=593 action=drop comment=_ disabled=no add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=_ disabled=no add chain=virus protocol=tcp dst-port=1080 action=drop comment=Drop MyDoom disabled=no add chain=virus protocol=tcp dst-port=1214 action=drop comment=_ disabled=no add chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requester disabled=no add chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm server disabled=no add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast disabled=no add chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafx disabled=no add chain=virus protocol=tcp dst-port=1377 action=drop comment=cichlid disabled=no add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Worm disabled=no add chain=virus protocol=tcp dst-port=2745 action=drop comment=Bagle Virus disabled=no add chain=virus protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y disabled=no add chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop Beagle disabled=no add chain=virus protocol=tcp dst-port=2745 action=drop comment=Drop Beagle.C-K disabled=no add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=Drop MyDoom disabled=no add chain=virus protocol=tcp dst-port=3410 action=drop comment=Drop Backdoor OptixPro disabled=no add chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm disabled=no add chain=virus protocol=udp dst-port=4444 action=drop comment=Worm disabled=no add chain=virus protocol=tcp dst-port=5554 action=drop comment=Drop Sasser disabled=no add chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop Beagle.B disabled=no add chain=virus protocol=tcp dst-port=9898 action=drop comment=Drop Dabber.A-B disabled=no add chain=virus protocol=tcp dst-port=10000 action=drop comment=Drop Dumaru.Y disabled=no add chain=virus protocol=tcp dst-port=10080 action=drop comment=Drop MyDoom.B disabled=no add chain=virus protocol=tcp dst-port=12345 action=drop comment=Drop NetBus disabled=no add chain=virus protocol=tcp dst-port=17300 action=drop comment=Drop Kuang2 disabled=no add chain=virus protocol=tcp dst-port=27374 action=drop comment=Drop SubSeven disabled=no add chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop PhatBot, Gaobot disabled=no-2.禁止外网ping路由/ ip firewall filter add chain=input src-address=!/24 protocol=icmp action=drop comment=No wan Ping3.防止灰鸽子木马/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=drop comment=Backdoor.GrayBird.adadd chain=forward dst-address=25 action=dropadd chain=forward dst-address=68 action=dropadd chain=forward dst-address=06 action=dropadd chain=forward dst-address=3 action=dropadd chain=forward dst-address=10 action=dropadd chain=forward dst-address=8 action=dropadd chain=forward dst-address=7 action=dropadd chain=forward dst-address=07 action=dropadd chain=forward dst-address=98 action=dropadd chain=forward dst-address=1 action=drop4.禁止P2P电驴下载/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment=No Emuleadd chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=5 action=drop5.禁止比特精灵下载(BitSpirit)/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment=No BitSpirit6.禁止PPLIVE网络电视/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment=No PPlive TVadd chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=1 action=drop7.禁止vagaa(哇嘎)/ ip firewall filteradd chain=forward content= action=reject comment=No VaGaaadd chain=forward content=v
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025重庆綦江区中峰镇招聘乡村公益性岗位2人备考考试题库附答案解析
- 土地流转合作社社区农田项目协议
- 咖啡店与外卖平台合作协议
- 家装软装设计合同范本模板
- 商业物业管理和服务合同
- 健身中心会员合同书
- 2025年星巴克个性化顾客体验营销策略深度分析报告
- 土地经营与资源利用战略合作协议
- 市场代理销售合同内容说明
- 企业委托持股协议标准范本
- 《铁路运输安全管理》课件-第一章 铁路运输安全管理概述
- 高频变压器项目商业模式分析报告
- 中职生开学第一课安全教育
- 移风易俗培训教程课件
- 多重耐药菌感染防控与管理
- 护理沟通与服务课件
- 高低压配电施工设计方案
- 2025年辽宁省高考历史试卷及答案详解
- 建设公司商务管理制度
- 2025年保健按摩师(五级)资格理论必背考试题库(附答案)
- DB32/T 3636-2019车用汽油中甲缩醛含量的测定多维气相色谱法
评论
0/150
提交评论