Tony.Wu's Blog

Linux / Freebsd / Windows Server / network / WEB3.0 / DevOps / Cloud / BigData / K8S / AI

routeos

routeos防火牆過濾機制

Bytony

7 月 19, 2015

routeos_security-rule

過濾機制基本上都是按照官方來設定,除了防毒的PORT可以刪除,

1.dos攻擊
2.FTP攻擊
3.SMTP攻擊
4.pop3攻擊

請在文字介面中貼上

# mar/07/2013 00:48:56 by RouterOS 5.16
# software id = TF97-NX3L
#
/ip firewall filter
add action=accept chain=input comment="Router protection :Allow Established co\
    nnections\B1\B5\A8\FC\A7A\ABH\A5\F4\AA\BAIP\A6a\A7}\B3X\B0\DD(src-address=\
    \B6\F1\BCg\ABH\A5\F4IP,\C0q\BB{\A4\B9\B3\\\A5\F4\A6\F3\A6a\A7})\r\
    \n\r\
    \n" disabled=no src-address=192.168.0.0/16
add action=drop chain=input comment="Router protection :Drop Invalid connectio\
    ns\A5\E1\B1\F3\ABD\AAk\B3s\B1\B5\r\
    \n\r\
    \n" connection-state=invalid disabled=no
add action=drop chain=input comment=\
    "\AD\AD\A8\EE\C1`http\B3s\B1\B5\BC\C6\AC\B090" connection-limit=90,0 \
    disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment=\
    "\B1\B4\B4\FA\A8\C3\A5\E1\B1\F3\BA\DD\A4f\B1\BD\BA\CB\B3s\B1\B5" \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=accept chain=input comment="Router protection :Allow Established co\
    nnections\B1\B5\A8\FC\A4w\AB\D8\A5\DF\B3s\B1\B5\AA\BA\BC\C6\BE\DA" \
    connection-state=established disabled=no
add action=accept chain=forward comment="Customer protection (forward chain - \
    traffic passing through the router):allow already established connections\
    \B1\B5\A8\FC\A4w\AB\D8\A5\DF\B3s\B1\B5\AA\BA\BC\C6\BE\DA" \
    connection-state=established disabled=no
add action=accept chain=forward comment="Customer protection (forward chain - \
    traffic passing through the router):allow related connections\B1\B5\A8\FC\
    \AC\DB\C3\F6\BC\C6\BE\DA" connection-state=related disabled=no
add action=drop chain=forward comment="Customer protection (forward chain - tr\
    affic passing through the router):drop invalid connections\A5\E1\B1\F3\ABD\
    \AAk\BC\C6\BE\DA\A5]" connection-state=invalid disabled=no
add action=drop chain=forward comment="\AD\AD\A8\EE\A8C\AD\D3\A5D\BE\F7TCP\B3s\
    \B1\B5\BC\C6\AC\B080\B1\F8\r\
    \n\r\
    \n" connection-limit=80,32 disabled=no protocol=tcp
add action=drop chain=input comment=\
    "\A5\E1\B1\F3\B1\BC\ABD\A5\BB\A6a\BC\C6\BE\DA" disabled=no \
    dst-address-type=!local
add action=drop chain=forward comment=\
    "\A5\E1\B1\F3\B1\BC\A9\D2\A6\B3\ABD\B3\E6\BC\BD\BC\C6\BE\DA" disabled=no \
    src-address-type=!unicast
add action=drop chain=forward comment=\
    "==================================BLOCK FTP OR INFECTED USERS" disabled=\
    no dst-port=21 protocol=tcp src-address-list=FTP21
add action=add-src-to-address-list address-list=FTP21 address-list-timeout=1d \
    chain=forward comment="Detect and add-list Ftp virus or spammers" \
    connection-limit=3,32 disabled=no dst-port=21 limit=3,3 protocol=tcp
add action=drop chain=forward comment=\
    "==================================BLOCK SPAMMERS OR INFECTED USERS" \
    disabled=no dst-port=25 protocol=tcp src-address-list=Smtp25
add action=add-src-to-address-list address-list=Smtp25 address-list-timeout=\
    1d chain=forward comment="Detect and add-list SMTP virus or spammers" \
    connection-limit=3,32 disabled=no dst-port=25 limit=3,3 protocol=tcp
add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" \
    disabled=no dst-port=110 protocol=tcp src-address-list=POP110
add action=add-src-to-address-list address-list=POP110 address-list-timeout=\
    1d chain=forward comment="Detect and add-list SMTP virus or spammers" \
    connection-limit=3,32 disabled=no dst-port=110 limit=3,3 protocol=tcp
add action=drop chain=forward comment=\
    "==================================\A8\BE\BFmDoS\A7\F0\C0\BB" disabled=no \
    protocol=tcp src-address-list=Dos_black_list
add action=add-src-to-address-list address-list=Dos_black_list \
    address-list-timeout=1d chain=forward comment=\
    "Detect and add-list DosAttack or Dos_black_list" connection-limit=30,32 \
    disabled=no limit=50,5 protocol=tcp src-address=!192.168.100.0/24
add action=drop chain=input comment="==================================Allows \
    only 10 FTP login incorrect answers per minute:drop ftp brute forcers" \
    disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output comment=\
    "Allows only 10 FTP login incorrect answers per minute:" content=\
    "530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m \
    protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output comment=\
    "Allows only 10 FTP login incorrect answers per minute:" content=\
    "530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="==================================Prevent\
    \_a SSH brute forcer to be banned for 10 days after repetitive attempts:\r\
    \ndrop ssh brute forcers" disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input comment="Prevent a SSH brute forcer \
    to be banned for 10 days after repetitive attempts:\r\
    \n" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input comment="Prevent a SSH brute forcer to\
    \_be banned for 10 days after repetitive attempts:\r\
    \n" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input comment="Prevent a SSH brute forcer to\
    \_be banned for 10 days after repetitive attempts:\r\
    \n" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input comment="Prevent a SSH brute forcer to\
    \_be banned for 10 days after repetitive attempts:\r\
    \n" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=drop chain=forward comment="Prevent a SSH brute forcer to be banned\
    \_for 10 days after repetitive attempts:\r\
    \ndrop ssh brute downstream" disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment=\
    "==================================Port scanners to list " disabled=no \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="==================================Drop th\
    ose IPs in both Input & Forward chains:dropping port scanners\B1\B4\B4\FA\
    \A8\C3\A5\E1\B1\F3\BA\DD\A4f\B1\BD\BA\CB\B3s\B1\B5" disabled=no \
    src-address-list="port scanners"
add action=drop chain=forward comment=\
    "Drop those IPs in both Input & Forward chains:dropping port scanners" \
    disabled=no src-address-list="port scanners"
add action=drop chain=forward comment=\
    "==================================Block Bogon IP addresses" disabled=no \
    src-address=0.0.0.0/8
add action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \
    dst-address=0.0.0.0/8
add action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \
    src-address=127.0.0.0/8
add action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \
    dst-address=127.0.0.0/8
add action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \
    src-address=224.0.0.0/3
add action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \
    dst-address=224.0.0.0/3
add action=jump chain=forward comment=\
    "==================================Make jumps to new chains:" disabled=no \
    jump-target=tcp protocol=tcp
add action=jump chain=forward comment="Make jumps to new chains:" disabled=no \
    jump-target=udp protocol=udp
add action=jump chain=forward comment="Make jumps to new chains:" disabled=no \
    jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="==================================Create TC\
    P chain and deny some TCP ports in it (revise port numbers as needed):deny\
    \_TFTP" disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny RPC portmapper" disabled=no \
    dst-port=111 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny RPC portmapper" disabled=no \
    dst-port=135 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny NBT" disabled=no dst-port=\
    137-139 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny cifs" disabled=no dst-port=445 \
    protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny NFS" disabled=no dst-port=2049 \
    protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny NetBus" disabled=no dst-port=\
    12345-12346 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny NetBus" disabled=no dst-port=\
    20034 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny  BackOriffice" disabled=no \
    dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="Create TCP chain and deny some TCP ports in\
    \_it (revise port numbers as needed):deny DHCP" disabled=no dst-port=\
    67-68 protocol=tcp
add action=drop chain=udp comment="==================================Create UD\
    P chain and deny some UDP ports in it  (revise port numbers as needed):den\
    y TFTP" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp comment="Create UDP chain and deny some UDP ports in\
    \_it  (revise port numbers as needed):deny PRC portmapper" disabled=no \
    dst-port=111 protocol=udp
add action=drop chain=udp comment="Create UDP chain and deny some UDP ports in\
    \_it  (revise port numbers as needed):deny PRC portmapper" disabled=no \
    dst-port=135 protocol=udp
add action=drop chain=udp comment="Create UDP chain and deny some UDP ports in\
    \_it  (revise port numbers as needed):deny NBT" disabled=no dst-port=\
    137-139 protocol=udp
add action=drop chain=udp comment="Create UDP chain and deny some UDP ports in\
    \_it  (revise port numbers as needed):deny NFS" disabled=no dst-port=2049 \
    protocol=udp
add action=drop chain=udp comment="Create UDP chain and deny some UDP ports in\
    \_it  (revise port numbers as needed):deny BackOriffice" disabled=no \
    dst-port=3133 protocol=udp
add action=jump chain=forward comment=\
    "==================================\B8\F5\C2\E0\A8\ECICMP\C3\EC\AA\ED" \
    disabled=no jump-target=ICMP
add action=accept chain=ICMP comment=\
    "Ping\C0\B3\B5\AA\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\A5]\r\
    \n\r\
    \n" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
    "Traceroute\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\A5]\r\
    \n\r\
    \n" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="MTU\BDu\B8\F4\B1\B4\B4\FA\AD\AD\A8\EE\AC\
    \B0\A8C\AC\ED5\AD\D3\A5]\r\
    \n\r\
    \n" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
    "Ping\BD\D0\A8D\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\A5]\r\
    \n\r\
    \n" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
    "Trace TTL\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\A5]\r\
    \n\r\
    \n" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="echo reply" disabled=no icmp-options=\
    0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" disabled=no \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" disabled=no \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="allow source quench" disabled=no \
    icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" disabled=no \
    icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" disabled=no \
    icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" disabled=no \
    icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=no
add action=jump chain=forward comment="==================================\B8\
    \F5\C2\E0\A8\EC\AFf\ACr\C3\EC\AA\ED" disabled=no jump-target=virus
add action=drop chain=virus comment=\
    "==================================\AFf\ACr\AA\EDDeepThroat.Trojan-1" \
    disabled=no dst-port=41 protocol=tcp
add action=drop chain=virus comment=Worm.NetSky.Y@mm disabled=no dst-port=82 \
    protocol=tcp
add action=drop chain=virus comment=W32.Korgo.A/B/C/D/E/F-1 disabled=no \
    dst-port=113 protocol=tcp
add action=drop chain=virus comment=W33.Korgo.A/B/C/D/E/F-2 disabled=no \
    dst-port=2041 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-2 disabled=no dst-port=\
    3150 protocol=tcp
add action=drop chain=virus comment=W32.Korgo.A/B/C/D/E/F-3 disabled=no \
    dst-port=3067 protocol=tcp
add action=drop chain=virus comment=Backdoor.IRC.Aladdinz.R-1 disabled=no \
    dst-port=3422 protocol=tcp
add action=drop chain=virus comment=W32.Korgo.A/B/C/D/E/F-4 disabled=no \
    dst-port=6667 protocol=tcp
add action=drop chain=virus comment=Worm.NetSky.S/T/U@mm disabled=no \
    dst-port=6789 protocol=tcp
add action=drop chain=virus comment=Back.Orifice.2000.Trojan-1 disabled=no \
    dst-port=8787 protocol=tcp
add action=drop chain=virus comment=Back.Orifice.2000.Trojan-2 disabled=no \
    dst-port=8879 protocol=tcp
add action=drop chain=virus comment=W32.Dabber.A/B-2 disabled=no dst-port=\
    8967 protocol=tcp
add action=drop chain=virus comment=W32.Dabber.A/B-3 disabled=no dst-port=\
    9999 protocol=tcp
add action=drop chain=virus comment=Block.NetBus.Trojan-2 disabled=no \
    dst-port=20034 protocol=tcp
add action=drop chain=virus comment=GirlFriend.Trojan-1 disabled=no dst-port=\
    21554 protocol=tcp
add action=drop chain=virus comment=Back.Orifice.2000.Trojan-3 disabled=no \
    dst-port=31666 protocol=tcp
add action=drop chain=virus comment=Backdoor.IRC.Aladdinz.R-2 disabled=no \
    dst-port=43958 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-3 disabled=no dst-port=\
    999 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-4 disabled=no dst-port=\
    6670 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-5 disabled=no dst-port=\
    6771 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-6 disabled=no dst-port=\
    60000 protocol=tcp
add action=drop chain=virus comment=DeepThroat.Trojan-7 disabled=no dst-port=\
    2140 protocol=tcp
add action=drop chain=virus comment=Portal.of.Doom.Trojan-1 disabled=no \
    dst-port=10067 protocol=tcp
add action=drop chain=virus comment=Portal.of.Doom.Trojan-2 disabled=no \
    dst-port=10167 protocol=tcp
add action=drop chain=virus comment=Portal.of.Doom.Trojan-3 disabled=no \
    dst-port=3700 protocol=tcp
add action=drop chain=virus comment=Portal.of.Doom.Trojan-4 disabled=no \
    dst-port=9872-9875 protocol=tcp
add action=drop chain=virus comment=Delta.Source.Trojan-1 disabled=no \
    dst-port=6883 protocol=tcp
add action=drop chain=virus comment=Delta.Source.Trojan-2 disabled=no \
    dst-port=26274 protocol=tcp
add action=drop chain=virus comment=Delta.Source.Trojan-3 disabled=no \
    dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Delta.Source.Trojan-4 disabled=no \
    dst-port=47262 protocol=tcp
add action=drop chain=virus comment=Eclypse.Trojan-1 disabled=no dst-port=\
    3791 protocol=tcp
add action=drop chain=virus comment=Eclypse.Trojan-2 disabled=no dst-port=\
    3801 protocol=tcp
add action=drop chain=virus comment=Eclypse.Trojan-3 disabled=no dst-port=\
    65390 protocol=tcp
add action=drop chain=virus comment=Y3K.RAT.Trojan-1 disabled=no dst-port=\
    5880-5882 protocol=tcp
add action=drop chain=virus comment=Y3K.RAT.Trojan-2 disabled=no dst-port=\
    5888-5889 protocol=tcp
add action=drop chain=virus comment=NetSphere.Trojan-1 disabled=no dst-port=\
    30100-30103 protocol=tcp
add action=drop chain=virus comment=NetSphere.Trojan-2 disabled=no dst-port=\
    30133 protocol=tcp
add action=drop chain=virus comment=NetMonitor.Trojan-1 disabled=no dst-port=\
    7300-7301 protocol=tcp
add action=drop chain=virus comment=NetMonitor.Trojan-2 disabled=no dst-port=\
    7306-7308 protocol=tcp
add action=drop chain=virus comment=FireHotcker.Trojan-1 disabled=no \
    dst-port=79 protocol=tcp
add action=drop chain=virus comment=FireHotcker.Trojan-2 disabled=no \
    dst-port=5031 protocol=tcp
add action=drop chain=virus comment=FireHotcker.Trojan-3 disabled=no \
    dst-port=5321 protocol=tcp
add action=drop chain=virus comment=TheThing.Trojan-1 disabled=no dst-port=\
    6400 protocol=tcp
add action=drop chain=virus comment=TheThing.Trojan-2 disabled=no dst-port=\
    7777 protocol=tcp
add action=drop chain=virus comment=GateCrasher.Trojan-1 disabled=no \
    dst-port=1047 protocol=tcp
add action=drop chain=virus comment=GateCrasher.Trojan-2 disabled=no \
    dst-port=6969-6970 protocol=tcp
add action=drop chain=virus comment=SubSeven-1 disabled=no dst-port=2774 \
    protocol=tcp
add action=drop chain=virus comment=SubSeven-2 disabled=no dst-port=27374 \
    protocol=tcp
add action=drop chain=virus comment=SubSeven-3 disabled=no dst-port=1243 \
    protocol=tcp
add action=drop chain=virus comment=SubSeven-4 disabled=no dst-port=1234 \
    protocol=tcp
add action=drop chain=virus comment=SubSeven-5 disabled=no dst-port=6711-6713 \
    protocol=tcp
add action=drop chain=virus comment=SubSeven-7 disabled=no dst-port=16959 \
    protocol=tcp
add action=drop chain=virus comment=Moonpie.Trojan-1 disabled=no dst-port=\
    25685-25686 protocol=tcp
add action=drop chain=virus comment=Moonpie.Trojan-2 disabled=no dst-port=\
    25982 protocol=tcp
add action=drop chain=virus comment=NetSpy.Trojan-3 disabled=no dst-port=\
    31337-31339 protocol=tcp
add action=drop chain=virus comment=Trojan disabled=no dst-port=8102 \
    protocol=tcp
add action=drop chain=virus comment=WAY.Trojan disabled=no dst-port=8011 \
    protocol=tcp
add action=drop chain=virus comment=Trojan.BingHe disabled=no dst-port=7626 \
    protocol=tcp
add action=add-dst-to-address-list address-list=Trojan.NianSeHoYian \
    address-list-timeout=1d chain=virus comment=Trojan.NianSeHoYian disabled=\
    no dst-port=19191 protocol=tcp
add action=drop chain=virus comment=Trojan.NianSeHoYian disabled=no dst-port=\
    19191 protocol=tcp
add action=drop chain=virus comment=NetBull.Trojan disabled=no dst-port=\
    23444-23445 protocol=tcp
add action=drop chain=virus comment=WinCrash.Trojan-1 disabled=no dst-port=\
    2583 protocol=tcp
add action=drop chain=virus comment=WinCrash.Trojan-2 disabled=no dst-port=\
    3024 protocol=tcp
add action=drop chain=virus comment=WinCrash.Trojan-3 disabled=no dst-port=\
    4092 protocol=tcp
add action=drop chain=virus comment=WinCrash.Trojan-4 disabled=no dst-port=\
    5714 protocol=tcp
add action=drop chain=virus comment=Doly1.0/1.35/1.5trojan-1 disabled=no \
    dst-port=1010-1012 protocol=tcp
add action=drop chain=virus comment=Doly1.0/1.35/1.5trojan-2 disabled=no \
    dst-port=1015 protocol=tcp
add action=drop chain=virus comment=TransScout.Trojan-1 disabled=no dst-port=\
    2004-2005 protocol=tcp
add action=drop chain=virus comment=TransScout.Trojan-2 disabled=no dst-port=\
    9878 protocol=tcp
add action=drop chain=virus comment=Backdoor.YAI..Trojan-1 disabled=no \
    dst-port=2773 protocol=tcp
add action=drop chain=virus comment=Backdoor.YAI.Trojan-2 disabled=no \
    dst-port=7215 protocol=tcp
add action=drop chain=virus comment=Backdoor.YAI.Trojan-3 disabled=no \
    dst-port=54283 protocol=tcp
add action=drop chain=virus comment=BackDoorTrojan-1 disabled=no dst-port=\
    1003 protocol=tcp
add action=drop chain=virus comment=BackDoorTrojan-2 disabled=no dst-port=\
    5598 protocol=tcp
add action=drop chain=virus comment=BackDoorTrojan-3 disabled=no dst-port=\
    5698 protocol=tcp
add action=drop chain=virus comment=SchainwindlerTrojan-2 disabled=no \
    dst-port=31554 protocol=tcp
add action=drop chain=virus comment=Shaft.DDoS.Trojan-1 disabled=no dst-port=\
    18753 protocol=tcp
add action=drop chain=virus comment=Shaft.DDoS.Trojan-2 disabled=no dst-port=\
    20432 protocol=tcp
add action=drop chain=virus comment=Devil.DDoS.Trojan disabled=no dst-port=\
    65000 protocol=tcp
add action=drop chain=virus comment=LatinusTrojan-1 disabled=no dst-port=\
    11831 protocol=tcp
add action=drop chain=virus comment=LatinusTrojan-2 disabled=no dst-port=\
    29559 protocol=tcp
add action=drop chain=virus comment=Snid.X2Trojan-1 disabled=no dst-port=1784 \
    protocol=tcp
add action=drop chain=virus comment=Snid.X2Trojan-2 disabled=no dst-port=3586 \
    protocol=tcp
add action=drop chain=virus comment=Snid.X2Trojan-3 disabled=no dst-port=7609 \
    protocol=tcp
add action=drop chain=virus comment=BionetTrojan-1 disabled=no dst-port=\
    12348-12349 protocol=tcp
add action=drop chain=virus comment=BionetTrojan-2 disabled=no dst-port=12478 \
    protocol=tcp
add action=drop chain=virus comment=BionetTrojan-3 disabled=no dst-port=57922 \
    protocol=tcp
add action=drop chain=virus comment=Worm.Novarg.a.Mydoom.a1. disabled=no \
    dst-port=3127 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.a.Bagle.a. disabled=no \
    dst-port=6777 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.b disabled=no dst-port=8866 \
    protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.c-g/j-l disabled=no \
    dst-port=2745 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.p/q/r/n disabled=no \
    dst-port=2556 protocol=tcp
add action=drop chain=virus comment=Worm.BBEagle.m-2 disabled=no dst-port=\
    20742 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.s/t/u/v disabled=no \
    dst-port=4751 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.aa/ab/w/x-z-2 disabled=no \
    dst-port=2535 protocol=tcp
add action=drop chain=virus comment=Worm.LovGate.r.RpcExploit disabled=no \
    dst-port=5238 protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.a disabled=no dst-port=1068 \
    protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.b/c/f disabled=no dst-port=\
    5554 protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.b/c/f disabled=no dst-port=\
    9996 protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.d disabled=no dst-port=9995 \
    protocol=tcp
add action=drop chain=virus comment=Worm.Lovgate.a/b/c/d disabled=no \
    dst-port=10168 protocol=tcp
add action=drop chain=virus comment=Worm.Lovgate.v.QQ disabled=no dst-port=\
    20808 protocol=tcp
add action=drop chain=virus comment=Worm.Lovgate.f/g disabled=no dst-port=\
    1092 protocol=tcp
add action=drop chain=virus comment=Worm.Lovgate.f/g disabled=no dst-port=\
    20168 protocol=tcp
add action=drop chain=virus comment=ndm.requester disabled=no dst-port=\
    1363-1364 protocol=tcp
add action=drop chain=virus comment=screen.cast disabled=no dst-port=1368 \
    protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
add action=drop chain=virus comment=cichainlid disabled=no dst-port=1377 \
    protocol=tcp
add action=drop chain=virus comment=Backdoor.Optixprotocol disabled=no \
    dst-port=3410 protocol=tcp
add action=add-dst-to-address-list address-list=Worm.BBeagle.b \
    address-list-timeout=1d chain=virus comment=Worm.BBeagle.b disabled=no \
    dst-port=8888 protocol=tcp
add action=drop chain=virus comment=Worm.BBeagle.b disabled=no dst-port=8888 \
    protocol=tcp
add action=drop chain=virus comment=Delta.Source.Trojan-7 disabled=no \
    dst-port=44444 protocol=udp
add action=drop chain=virus comment=Worm.Sobig.f-3 disabled=no dst-port=8998 \
    protocol=udp
add action=drop chain=virus comment=Worm.Sobig.f-1 disabled=no dst-port=123 \
    protocol=udp
add action=drop chain=virus comment=Worm.Novarg.a.Mydoom.a2. disabled=no \
    dst-port=3198 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    139 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    135 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=tcp
add action=drop chain=input comment="Router protection :Drop everything else\
    \A5\E1\B1\F3\A5\F4\A6\F3\B3X\B0\DD\BC\C6\BE\DA\r\
    \n\r\
    \n" disabled=no

 

 

 

By tony

自由軟體愛好者~喜歡不斷的思考各種問題,有新的事物都會想去學習嘗試 做實驗並熱衷研究 沒有所謂頂天的技術 只有謙虛及不斷的學習 精進專業,本站主要以分享系統及網路相關知識、資源而建立。 Github http://stnet253.github.io

Related Post

routeos

Routeros 只備份防火牆NAT設定值

5 月 25, 2021 tony
routeos

RouterOS 設定雙線ipv4、ipv6並存

5 月 25, 2021 tony
routeos 開箱文

MikroTik routerboard 260GS開箱及hinet mod設定

9 月 5, 2015 tony

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料

You missed

Kubernetes

Telepresence 在本地除錯 Kubernetes 微服務

2023 年 06 月 22 日 tony
Kubernetes

k8s 資源管理工具ktop

2023 年 05 月 04 日 tony
DevOps

Harbor 建立私有helm倉庫及ArgoCD拉取設定

2023 年 03 月 22 日 tony
Kubernetes

GKE 安裝 Cilium Service Mesh 1.3.0

2023 年 02 月 18 日 tony