ROS防火墙脚本汇集

ROS防火墙脚本汇集

#feb/18/200622:28:00byRouterOS2.9.2.7QQ"415736

#softwareid=83RE-SN0
#
/ipfirewallfilter
addchain=inputconnection-state=invalidaction=drop\
comment="丢弃非法连接packets"disabled=no
addchain=inputprotocol=tcpdst-port=80connection-limit=90,0action=drop\
comment="限制总http连接数为90"disabled=no
addchain=inputprotocol=tcppsd=21,3s,3,1action=drop\
comment="探测并丢弃端口扫描连接"disabled=no
addchain=inputprotocol=tcpconnection-limit=3,32src-address-list=black_list\
action=tarpitcomment="压制DoS攻击"disabled=no
addchain=inputprotocol=tcpconnection-limit=10,32\
action=add-src-to-address-listaddress-list=black_list\
address-list-timeout=1dcomment="探测DoS攻击"disabled=no
addchain=inputdst-address-type=!localaction=dropcomment="丢弃掉非本地数据"\
disabled=no
addchain=inputsrc-address-type=!unicastaction=drop\
comment="丢弃掉所有非单播数据"disabled=no
addchain=inputprotocol=icmpaction=jumpjump-target=ICMP\
comment="跳转到ICMP链表"disabled=no
addchain=inputprotocol=tcpaction=jumpjump-target=virus\
comment="跳转到病毒链表"disabled=no
addchain=ICMPprotocol=icmpicmp-options=0:0-255limit=5,5action=accept\
comment="Ping应答限制为每秒5个包"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:3limit=5,5action=accept\
comment="Traceroute限制为每秒5个包"disabled=no
addchain=ICMPprotocol=icmpicmp-options=3:4limit=5,5action=accept\
comment="MTU线路探测限制为每秒5个包"disabled=no
addchain=ICMPprotocol=icmpicmp-options=8:0-255limit=5,5action=accept\
comment="Ping请求限制为每秒5个包"disabled=no
addchain=ICMPprotocol=icmpicmp-options=11:0-255limit=5,5action=accept\
comment="TraceTTL限制为每秒5个包"disabled=no
addchain=ICMPprotocol=icmpaction=dropcomment="丢弃掉任何ICMP数据"\
disabled=no
addchain=forwardconnection-state=establishedaction=accept\
comment="接受以连接的数据包"disabled=no
addchain=forwardconnection-state=relatedaction=accept\
comment="接受相关数据包"disabled=no
addchain=forwardconnection-state=invalidaction=drop\
comment="丢弃非法数据包"disabled=no
addchain=forwardprotocol=tcpconnection-limit=50,32action=drop\
comment="限制每个主机TCP连接数为50条"disabled=no
addchain=forwardsrc-address-type=!unicastaction=drop\
comment="丢弃掉所有非单播数据"disabled=no
addchain=forwardprotocol=icmpaction=jumpjump-target=ICMP\
comment="跳转到ICMP链表"disabled=no
addchain=forwardaction=jumpjump-target=viruscomment="跳转到病毒链表"\
disabled=no
addchain=virusprotocol=tcpdst-port=41action=drop\
comment="DeepThroat.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=82action=drop\
comment="Worm.NetSky.Y@mm"disabled=no
addchain=virusprotocol=tcpdst-port=113action=drop\
comment="W32.Korgo.A/B/C/D/E/F-1"disabled=no
addchain=virusprotocol=tcpdst-port=2041action=drop\
comment="W33.Korgo.A/B/C/D/E/F-2"disabled=no
addchain=virusprotocol=tcpdst-port=3150action=drop\
comment="DeepThroat.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=3067action=drop\
comment="W32.Korgo.A/B/C/D/E/F-3"disabled=no
addchain=virusprotocol=tcpdst-port=3422action=drop\
comment="Backdoor.IRC.Aladdinz.R-1"disabled=no
addchain=virusprotocol=tcpdst-port=6667action=drop\
comment="W32.Korgo.A/B/C/D/E/F-4"disabled=no
addchain=virusprotocol=tcpdst-port=6789action=drop\
comment="Worm.NetSky.S/T/U@mm"disabled=no
addchain=virusprotocol=tcpdst-port=8787action=drop\
comment="Back.Orifice.2000.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=8879action=drop\
comment="Back.Orifice.2000.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=8967action=drop\
comment="W32.Dabber.A/B-2"disabled=no
addchain=virusprotocol=tcpdst-port=9999action=drop\
comment="W32.Dabber.A/B-3"disabled=no
addchain=virusprotocol=tcpdst-port=20034action=drop\
comment="Block.NetBus.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=21554action=drop\
comment="GirlFriend.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=31666action=drop\
comment="Back.Orifice.2000.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=43958action=drop\
comment="Backdoor.IRC.Aladdinz.R-2"disabled=no
addchain=virusprotocol=tcpdst-port=999action=drop\
comment="DeepThroat.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=6670action=drop\
comment="DeepThroat.Trojan-4"disabled=no
addchain=virusprotocol=tcpdst-port=6771action=drop\
comment="DeepThroat.Trojan-5"disabled=no
addchain=virusprotocol=tcpdst-port=60000action=drop\
comment="DeepThroat.Trojan-6"disabled=no
addchain=virusprotocol=tcpdst-port=2140action=drop\
comment="DeepThroat.Trojan-7"disabled=no
addchain=virusprotocol=tcpdst-port=10067action=drop\
comment="Portal.of.Doom.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=10167action=drop\
comment="Portal.of.Doom.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=3700action=drop\
comment="Portal.of.Doom.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=9872-9875action=drop\
comment="Portal.of.Doom.Trojan-4"disabled=no
addchain=virusprotocol=tcpdst-port=6883action=drop\
comment="Delta.Source.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=26274action=drop\
comment="Delta.Source.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=4444action=drop\
comment="Delta.Source.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=47262action=drop\
comment="Delta.Source.Trojan-4"disabled=no
addchain=virusprotocol=tcpdst-port=3791action=drop\
comment="Eclypse.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=3801action=drop\
comment="Eclypse.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=65390action=drop\
comment="Eclypse.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=5880-5882action=drop\
comment="Y3K.RAT.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=5888-5889action=drop\
comment="Y3K.RAT.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=30100-30103action=drop\
comment="NetSphere.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=30133action=drop\
comment="NetSphere.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=7300-7301action=drop\
comment="NetMonitor.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=7306-7308action=drop\
comment="NetMonitor.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=79action=drop\
comment="FireHotcker.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=5031action=drop\
comment="FireHotcker.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=5321action=drop\
comment="FireHotcker.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=6400action=drop\
comment="TheThing.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=7777action=drop\
comment="TheThing.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=1047action=drop\
comment="GateCrasher.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=6969-6970action=drop\
comment="GateCrasher.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=2774action=dropcomment="SubSeven-1"\
disabled=no
addchain=virusprotocol=tcpdst-port=27374action=dropcomment="SubSeven-2"\
disabled=no
addchain=virusprotocol=tcpdst-port=1243action=dropcomment="SubSeven-3"\
disabled=no
addchain=virusprotocol=tcpdst-port=1234action=dropcomment="SubSeven-4"\
disabled=no
addchain=virusprotocol=tcpdst-port=6711-6713action=drop\
comment="SubSeven-5"disabled=no
addchain=virusprotocol=tcpdst-port=16959action=dropcomment="SubSeven-7"\
disabled=no
addchain=virusprotocol=tcpdst-port=25685-25686action=drop\
comment="Moonpie.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=25982action=drop\
comment="Moonpie.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=31337-31339action=drop\
comment="NetSpy.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=8102action=dropcomment="Trojan"\
disabled=no
addchain=virusprotocol=tcpdst-port=8011action=dropcomment="WAY.Trojan"\
disabled=no
addchain=virusprotocol=tcpdst-port=7626action=dropcomment="Trojan.BingHe"\
disabled=no
addchain=virusprotocol=tcpdst-port=19191action=drop\
comment="Trojan.NianSeHoYian"disabled=no
addchain=virusprotocol=tcpdst-port=23444-23445action=drop\
comment="NetBull.Trojan"disabled=no
addchain=virusprotocol=tcpdst-port=2583action=drop\
comment="WinCrash.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=3024action=drop\
comment="WinCrash.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=4092action=drop\
comment="WinCrash.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=5714action=drop\
comment="WinCrash.Trojan-4"disabled=no
addchain=virusprotocol=tcpdst-port=1010-1012action=drop\
comment="Doly1.0/1.35/1.5trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=1015action=drop\
comment="Doly1.0/1.35/1.5trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=2004-2005action=drop\
comment="TransScout.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=9878action=drop\
comment="TransScout.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=2773action=drop\
comment="Backdoor.YAI..Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=7215action=drop\
comment="Backdoor.YAI.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=54283action=drop\
comment="Backdoor.YAI.Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=1003action=drop\
comment="BackDoorTrojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=5598action=drop\
comment="BackDoorTrojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=5698action=drop\
comment="BackDoorTrojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=31554action=drop\
comment="SchainwindlerTrojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=18753action=drop\
comment="Shaft.DDoS.Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=20432action=drop\
comment="Shaft.DDoS.Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=65000action=drop\
comment="Devil.DDoS.Trojan"disabled=no
addchain=virusprotocol=tcpdst-port=11831action=drop\
comment="LatinusTrojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=29559action=drop\
comment="LatinusTrojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=1784action=drop\
comment="Snid.X2Trojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=3586action=drop\
comment="Snid.X2Trojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=7609action=drop\
comment="Snid.X2Trojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=12348-12349action=drop\
comment="BionetTrojan-1"disabled=no
addchain=virusprotocol=tcpdst-port=12478action=drop\
comment="BionetTrojan-2"disabled=no
addchain=virusprotocol=tcpdst-port=57922action=drop\
comment="BionetTrojan-3"disabled=no
addchain=virusprotocol=tcpdst-port=3127action=drop\
comment="Worm.Novarg.a.Mydoom.a1."disabled=no
addchain=virusprotocol=tcpdst-port=6777action=drop\
comment="Worm.BBeagle.a.Bagle.a."disabled=no
addchain=virusprotocol=tcpdst-port=8866action=drop\
comment="Worm.BBeagle.b"disabled=no
addchain=virusprotocol=tcpdst-port=2745action=drop\
comment="Worm.BBeagle.c-g/j-l"disabled=no
addchain=virusprotocol=tcpdst-port=2556action=drop\
comment="Worm.BBeagle.p/q/r/n"disabled=no
addchain=virusprotocol=tcpdst-port=20742action=drop\
comment="Worm.BBEagle.m-2"disabled=no
addchain=virusprotocol=tcpdst-port=4751action=drop\
comment="Worm.BBeagle.s/t/u/v"disabled=no
addchain=virusprotocol=tcpdst-port=2535action=drop\
comment="Worm.BBeagle.aa/ab/w/x-z-2"disabled=no
addchain=virusprotocol=tcpdst-port=5238action=drop\
comment="Worm.LovGate.r.RpcExploit"disabled=no
addchain=virusprotocol=tcpdst-port=1068action=dropcomment="Worm.Sasser.a"\
disabled=no
addchain=virusprotocol=tcpdst-port=5554action=drop\
comment="Worm.Sasser.b/c/f"disabled=no
addchain=virusprotocol=tcpdst-port=9996action=drop\
comment="Worm.Sasser.b/c/f"disabled=no
addchain=virusprotocol=tcpdst-port=9995action=dropcomment="Worm.Sasser.d"\
disabled=no
addchain=virusprotocol=tcpdst-port=10168action=drop\
comment="Worm.Lovgate.a/b/c/d"disabled=no
addchain=virusprotocol=tcpdst-port=20808action=drop\
comment="Worm.Lovgate.v.QQ"disabled=no
addchain=virusprotocol=tcpdst-port=1092action=drop\
comment="Worm.Lovgate.f/g"disabled=no
addchain=virusprotocol=tcpdst-port=20168action=drop\
comment="Worm.Lovgate.f/g"disabled=no
addchain=virusprotocol=tcpdst-port=1363-1364action=drop\
comment="ndm.requester"disabled=no
addchain=virusprotocol=tcpdst-port=1368action=dropcomment="screen.cast"\
disabled=no
addchain=virusprotocol=tcpdst-port=1373action=dropcomment="hromgrafx"\
disabled=no
addchain=virusprotocol=tcpdst-port=1377action=dropcomment="cichainlid"\
disabled=no
addchain=virusprotocol=tcpdst-port=3410action=drop\
comment="Backdoor.Optixprotocol"disabled=no
addchain=virusprotocol=tcpdst-port=8888action=drop\
comment="Worm.BBeagle.b"disabled=no
addchain=virusprotocol=udpdst-port=44444action=drop\
comment="Delta.Source.Trojan-7"disabled=no
addchain=virusprotocol=udpdst-port=8998action=drop\
comment="Worm.Sobig.f-3"disabled=no
addchain=virusprotocol=udpdst-port=123action=dropcomment="Worm.Sobig.f-1"\
disabled=no
addchain=virusprotocol=tcpdst-port=3198action=drop\
comment="Worm.Novarg.a.Mydoom.a2."disabled=no
addchain=virusprotocol=tcpdst-port=139action=dropcomment="DropBlaster\
Worm"disabled=no
addchain=virusprotocol=tcpdst-port=135action=dropcomment="DropBlaster\
Worm"disabled=no
addchain=virusprotocol=tcpdst-port=445action=dropcomment="DropBlaster\
Worm"disabled=no

/ipfirewallconnectiontracking
setenabled=yestcp-syn-sent-timeout=5stcp-syn-received-timeout=5s\
tcp-established-timeout=10htcp-fin-wait-timeout=2m\
tcp-close-wait-timeout=1mtcp-last-ack-timeout=30s\
tcp-time-wait-timeout=2mtcp-close-timeout=10sudp-timeout=30s\
udp-stream-timeout=3micmp-timeout=10sgeneric-timeout=10m\
tcp-syncookie=yes