RouterOS官方防火墙脚本
2009-05-13 01:17:45来源:未知 阅读 ()
/ipfirewallconnectiontrackingsetenabled=yestcp-syn-sent-timeout=1mtcp-syn-received-timeout=1m\
tcp-established-timeout=1dtcp-fin-wait-timeout=10s\
tcp-close-wait-timeout=10stcp-last-ack-timeout=10s\
tcp-time-wait-timeout=10stcp-close-timeout=10sudp-timeout=10s\
udp-stream-timeout=3micmp-timeout=10sgeneric-timeout=10m
/ipfirewallfilter
addchain=inputconnection-state=establishedaction=acceptcomment="accept\
establishedconnectionpackets"disabled=no
addchain=inputconnection-state=relatedaction=acceptcomment="acceptrelated\
connectionpackets"disabled=no
addchain=inputconnection-state=invalidaction=dropcomment="dropinvalid\
packets"disabled=no
addchain=inputprotocol=tcppsd=21,3s,3,1action=dropcomment="detectand\
dropportscanconnections"disabled=no
addchain=inputprotocol=tcpconnection-limit=3,32src-address-list=black_list\
action=tarpitcomment="suppressDoSattack"disabled=no
addchain=inputprotocol=tcpconnection-limit=10,32\
action=add-src-to-address-listaddress-list=black_list\
address-list-timeout=1dcomment="detectDoSattack"disabled=no
addchain=inputdst-address-type=!localaction=dropcomment="dropallthatis\
nottolocal"disabled=no
addchain=inputsrc-address-type=!unicastaction=dropcomment="dropallthat\
isnotfromunicast"disabled=no
addchain=inputprotocol=icmpaction=jumpjump-target=ICMPcomment="jumpto\
chainICMP"disabled=no
addchain=inputaction=jumpjump-target=servicescomment="jumptochain\
services"disabled=no
addchain=inputaction=loglog-prefix="input"comment=""disabled=yes
addchain=inputaction=dropcomment="dropeverythingelse"disabled=no
addchain=ICMPprotocol=icmpicmp-options=0:0-255limit=5,5action=accept\
comment="0:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:3limit=5,5action=accept\
comment="3:3andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:4limit=5,5action=accept\
comment="3:4andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=8:0-255limit=5,5action=accept\
comment="8:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpicmp-options=11:0-255limit=5,5action=accept\
comment="11:0andlimitfor5pac/s"disabled=no
addchain=ICMPprotocol=icmpaction=dropcomment="Dropeverythingelse"\
disabled=no
addchain=servicessrc-address=127.0.0.1dst-address=127.0.0.1action=accept\
comment="acceptlocalhost"disabled=no
addchain=servicesprotocol=tcpdst-port=20-21action=acceptcomment="allow\
ftp"disabled=no
addchain=servicesprotocol=tcpdst-port=22action=acceptcomment="allowsftp,\
ssh"disabled=no
addchain=servicesprotocol=tcpdst-port=23action=acceptcomment="allow\
telnet"disabled=no
addchain=servicesprotocol=tcpdst-port=80action=acceptcomment="allowhttp,\
webbox"disabled=no
addchain=servicesprotocol=tcpdst-port=8291action=acceptcomment="Allow\
winbox"disabled=no
addchain=servicesprotocol=udpdst-port=20561action=acceptcomment="allow\
MACwinbox"disabled=no
addchain=servicessrc-address=159.148.172.205protocol=tcpdst-port=7828\
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:用ROS做PPPoE服务器
- Linux系统如何设置开机自动运行脚本? 2020-06-11
- Linux指令和shell脚本 2020-06-11
- centos6.8 防火墙简单操作 2020-06-02
- Ubuntu下用脚本执行sql语句(sqlite) 2020-05-29
- 如何将目录下的脚本一次性全部执行 2020-05-28
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
