ROS防火墙脚本

用易-小卢

/ ip firewall filter
% x" Q8 W4 R  H" P0 D/ fadd chain=input connection-state=invalid action=drop \
7 {6 X/ [5 n4 W& C2 ycomment=”丢弃非法连接packets” disabled=no
! h0 }; L9 v8 F  ^! E( Yadd chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
comment=”限制总http连接数为90″ disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
comment=”探测并丢弃端口扫描连接” disabled=no
/ R  C7 v' L1 t2 E* jadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
) Z$ m( ~; d3 O9 l4 b2 \action=tarpit comment=”压制DoS攻击” disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
9 ?6 L  @2 a$ w* Z. |$ r! E6 [address-list-timeout=1d comment=”探测DoS攻击” disabled=no
add chain=input dst-address-type=!local action=drop comment=”丢弃掉非本地数据” \
' u' d1 F1 u3 {$ c6 ?disabled=no
* o6 S) q- Q0 \( I5 w9 c+ I0 Z2 _add chain=input src-address-type=!unicast action=drop \
# \" c4 N& u* }- X, y; ocomment=”丢弃掉所有非单播数据” disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP \
+ b, W' ]$ J5 n0 dcomment=”跳转到ICMP链表” disabled=no
add chain=input protocol=tcp action=jump jump-target=virus \
comment=”跳转到病毒链表” disabled=no
* a- g8 a3 j  c3 [* l9 F* ]# Ladd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
: L1 _0 e% A4 M0 i8 t1 Z$ zcomment=”Ping应答限制为每秒5个包” disabled=no
, X6 j8 G% |& g% cadd chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment=”Traceroute限制为每秒5个包” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment=”MTU线路探测限制为每秒5个包” disabled=no
0 ~' I" w' s1 h6 {' tadd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
3 ^  C9 `3 \# a1 q0 Y) ?comment=”Ping请求限制为每秒5个包” disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment=”Trace TTL限制为每秒5个包” disabled=no
add chain=ICMP protocol=icmp action=drop comment=”丢弃掉任何ICMP数据” \
/ i6 R  U+ a  H" Q' Z# y* E( kdisabled=no
: Q  B; O  k6 p; I' Tadd chain=forward connection-state=established action=accept \
4 v2 m; t8 m% _9 {3 m. d- n8 Y. Kcomment=”接受以连接的数据包” disabled=no
add chain=forward connection-state=related action=accept \
comment=”接受相关数据包” disabled=no
, b6 t8 ^! m$ @add chain=forward connection-state=invalid action=drop \
8 z+ {7 P2 t- h0 b( o& y0 ?' Ncomment=”丢弃非法数据包” disabled=no
" f# O7 b( P6 [3 I2 }' {6 madd chain=forward protocol=tcp connection-limit=50,32 action=drop \
* o2 }$ X1 k7 H6 m5 pcomment=”限制每个主机TCP连接数为50条” disabled=no
0 V4 i! \% ]3 ]* ~! s# @add chain=forward src-address-type=!unicast action=drop \
2 h9 x! V* Z& x, s* ~9 s9 r: ycomment=”丢弃掉所有非单播数据” disabled=no
add chain=forward protocol=icmp action=jump jump-target=ICMP \
comment=”跳转到ICMP链表” disabled=no
add chain=forward action=jump jump-target=virus comment=”跳转到病毒链表” \
" m) S) b$ F* o+ V, f2 p4 g# Q" h) kdisabled=no
add chain=virus protocol=tcp dst-port=41 action=drop \
7 d3 k" t( @$ R, Y2 Icomment=”DeepThroat.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=82 action=drop \
comment=”Worm.NetSky.Y@mm” disabled=no
add chain=virus protocol=tcp dst-port=113 action=drop \
8 K8 f& q2 j6 p' r+ @comment=”W32.Korgo.A/B/C/D/E/F-1″ disabled=no
add chain=virus protocol=tcp dst-port=2041 action=drop \
( {( O, o- k0 B' T. P- {5 O) Scomment=”W33.Korgo.A/B/C/D/E/F-2″ disabled=no
add chain=virus protocol=tcp dst-port=3150 action=drop \
comment=”DeepThroat.Trojan-2″ disabled=no
4 C$ G# u. z7 h! m6 \& Wadd chain=virus protocol=tcp dst-port=3067 action=drop \
comment=”W32.Korgo.A/B/C/D/E/F-3″ disabled=no
% l  Z- G6 ?: g4 D' B  x2 [/ ~add chain=virus protocol=tcp dst-port=3422 action=drop \
7 B- y5 R- Z2 lcomment=”Backdoor.IRC.Aladdinz.R-1″ disabled=no
add chain=virus protocol=tcp dst-port=6667 action=drop \
comment=”W32.Korgo.A/B/C/D/E/F-4″ disabled=no
add chain=virus protocol=tcp dst-port=6789 action=drop \
5 r! }1 Z* P" o; f8 m3 Pcomment=”Worm.NetSky.S/T/U@mm” disabled=no
9 b' Q' l3 H4 Kadd chain=virus protocol=tcp dst-port=8787 action=drop \
comment=”Back.Orifice.2000.Trojan-1″ disabled=no
% x$ d1 k$ y, I, |' jadd chain=virus protocol=tcp dst-port=8879 action=drop \
comment=”Back.Orifice.2000.Trojan-2″ disabled=no
5 H, \. T; U3 H6 h# _* x6 Madd chain=virus protocol=tcp dst-port=8967 action=drop \
comment=”W32.Dabber.A/B-2″ disabled=no
4 t: {; A+ n" f- k' qadd chain=virus protocol=tcp dst-port=9999 action=drop \
comment=”W32.Dabber.A/B-3″ disabled=no
add chain=virus protocol=tcp dst-port=20034 action=drop \
" g& L' l3 U4 f9 x- t5 d0 C1 Jcomment=”Block.NetBus.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=21554 action=drop \
: h0 {1 S7 X5 i% T  E9 \3 p0 Xcomment=”GirlFriend.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=31666 action=drop \
comment=”Back.Orifice.2000.Trojan-3″ disabled=no
1 |2 t2 C! K0 s. \3 a8 gadd chain=virus protocol=tcp dst-port=43958 action=drop \
comment=”Backdoor.IRC.Aladdinz.R-2″ disabled=no
4 U! V, d- m3 J; d- b  |add chain=virus protocol=tcp dst-port=999 action=drop \
# Y' T1 ^( Z& s/ V& kcomment=”DeepThroat.Trojan-3″ disabled=no
9 ]$ a( e# b" H4 F2 A2 i3 T6 kadd chain=virus protocol=tcp dst-port=6670 action=drop \
comment=”DeepThroat.Trojan-4″ disabled=no
% `9 m! _% N9 D8 ^7 \add chain=virus protocol=tcp dst-port=6771 action=drop \
comment=”DeepThroat.Trojan-5″ disabled=no
add chain=virus protocol=tcp dst-port=60000 action=drop \
( [! e  y9 V* |' Acomment=”DeepThroat.Trojan-6″ disabled=no
add chain=virus protocol=tcp dst-port=2140 action=drop \
4 D4 U- y3 v6 B' D. ]9 ^* C0 S, X5 ~# gcomment=”DeepThroat.Trojan-7″ disabled=no
add chain=virus protocol=tcp dst-port=10067 action=drop \
comment=”Portal.of.Doom.Trojan-1″ disabled=no
0 u* N4 V  ~: K3 f, ~add chain=virus protocol=tcp dst-port=10167 action=drop \
4 J" o8 W; z$ ^/ H2 n5 I" o/ Tcomment=”Portal.of.Doom.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=3700 action=drop \
0 H) x. Y' L" r3 ?  k+ acomment=”Portal.of.Doom.Trojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
: A& V" x" H, T5 [- ]1 }: ~comment=”Portal.of.Doom.Trojan-4″ disabled=no
: z* E! V6 P7 o6 k0 ladd chain=virus protocol=tcp dst-port=6883 action=drop \
comment=”Delta.Source.Trojan-1″ disabled=no
. M" A% S: s" P; ]5 Cadd chain=virus protocol=tcp dst-port=26274 action=drop \
6 F( L  T( b  F( Wcomment=”Delta.Source.Trojan-2″ disabled=no
) ]4 [! r4 T$ F5 Q' z2 yadd chain=virus protocol=tcp dst-port=4444 action=drop \
8 |% e) J  A) w8 `9 rcomment=”Delta.Source.Trojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=47262 action=drop \
comment=”Delta.Source.Trojan-4″ disabled=no
: p9 w& Z& f; y/ i1 x; L7 M- o; r* ~, {add chain=virus protocol=tcp dst-port=3791 action=drop \
5 ^7 v1 @  V9 z% Z9 z; Bcomment=”Eclypse.Trojan-1″ disabled=no
+ x) }' }! f7 {* d0 L. kadd chain=virus protocol=tcp dst-port=3801 action=drop \
0 P" q* V& D0 P) r4 Y5 _  Icomment=”Eclypse.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=65390 action=drop \
" B& l0 z9 m; s' R2 }comment=”Eclypse.Trojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
comment=”Y3K.RAT.Trojan-1″ disabled=no
1 c+ {+ p: f3 q" Ladd chain=virus protocol=tcp dst-port=5888-5889 action=drop \
, k. ~' `: s( d+ y. Tcomment=”Y3K.RAT.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
$ M( M1 V6 a  P5 Fcomment=”NetSphere.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=30133 action=drop \
. F; J# k3 E; A2 ncomment=”NetSphere.Trojan-2″ disabled=no
, a4 `$ g* {. sadd chain=virus protocol=tcp dst-port=7300-7301 action=drop \
9 [% J2 k, N' N' z6 K8 R" B0 ycomment=”NetMonitor.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
1 Q. N# B, P3 y- r  M: Ccomment=”NetMonitor.Trojan-2″ disabled=no
$ Z' B9 r4 l3 Q2 ~4 l! k- zadd chain=virus protocol=tcp dst-port=79 action=drop \
comment=”FireHotcker.Trojan-1″ disabled=no
, n- T) T" X! p5 q5 v$ F) W0 Eadd chain=virus protocol=tcp dst-port=5031 action=drop \
: n$ g+ M  E! V+ P: Lcomment=”FireHotcker.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=5321 action=drop \
comment=”FireHotcker.Trojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=6400 action=drop \
* {  h; K- C: w9 i5 R) rcomment=”TheThing.Trojan-1″ disabled=no
1 c7 W; O/ O5 A3 w* S! A; sadd chain=virus protocol=tcp dst-port=7777 action=drop \
comment=”TheThing.Trojan-2″ disabled=no
; [  z+ A0 ?1 |/ q+ ?4 padd chain=virus protocol=tcp dst-port=1047 action=drop \
comment=”GateCrasher.Trojan-1″ disabled=no
4 F  k& h  ^9 d/ Wadd chain=virus protocol=tcp dst-port=6969-6970 action=drop \
comment=”GateCrasher.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=2774 action=drop comment=”SubSeven-1″ \
# {0 m2 s& V2 ^+ K* vdisabled=no
- m( o4 `3 Y" `% ]. |6 L# R$ O& Kadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”SubSeven-2″ \
disabled=no
& N2 Y/ A9 x$ n. Cadd chain=virus protocol=tcp dst-port=1243 action=drop comment=”SubSeven-3″ \
- ]- A+ u" F/ q1 }0 U* V/ o' l# B% E" zdisabled=no
add chain=virus protocol=tcp dst-port=1234 action=drop comment=”SubSeven-4″ \
  g1 T$ l/ j+ ]( pdisabled=no
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
+ v/ s* e. |$ e+ ^3 hcomment=”SubSeven-5″ disabled=no
3 Y" }7 a/ L% z: E! J0 Z8 Dadd chain=virus protocol=tcp dst-port=16959 action=drop comment=”SubSeven-7″ \
  w5 m' {* j6 x) T$ C& @disabled=no
& h. o% A1 A* f: t) Jadd chain=virus protocol=tcp dst-port=25685-25686 action=drop \
6 M. h1 y( @1 N" W/ Z. zcomment=”Moonpie.Trojan-1″ disabled=no
- j# `9 U& G9 J6 ladd chain=virus protocol=tcp dst-port=25982 action=drop \
comment=”Moonpie.Trojan-2″ disabled=no
& d7 u3 J2 b- ]1 Q( |( xadd chain=virus protocol=tcp dst-port=31337-31339 action=drop \
comment=”NetSpy.Trojan-3″ disabled=no
1 h9 x" Q6 [" p; fadd chain=virus protocol=tcp dst-port=8102 action=drop comment=”Trojan” \
4 z* I. C) ~0 I* I" s. Q$ }disabled=no
add chain=virus protocol=tcp dst-port=8011 action=drop comment=”WAY.Trojan” \
disabled=no
$ c3 f3 Z' M5 [; h$ aadd chain=virus protocol=tcp dst-port=7626 action=drop comment=”Trojan.BingHe” \
. J: X6 s8 _/ f/ _+ K' m1 Fdisabled=no
add chain=virus protocol=tcp dst-port=19191 action=drop \
; k6 E# @4 N# o& {! scomment=”Trojan.NianSeHoYian” disabled=no
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
comment=”NetBull.Trojan” disabled=no
add chain=virus protocol=tcp dst-port=2583 action=drop \
& h' E0 l: N, ucomment=”WinCrash.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=3024 action=drop \
& P6 \# o5 I7 |4 A& gcomment=”WinCrash.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=4092 action=drop \
2 h- y, a- T" |( o  Z3 W* qcomment=”WinCrash.Trojan-3″ disabled=no
' H. n8 C  k: C4 q, kadd chain=virus protocol=tcp dst-port=5714 action=drop \
9 C; W0 \2 v% K  V) M0 Lcomment=”WinCrash.Trojan-4″ disabled=no


# m- h7 c$ l* _

用易-小卢

add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
/ B7 Y9 y7 w9 b4 s) mcomment=”Doly1.0/1.35/1.5trojan-1″ disabled=no
; h4 L5 s" i# u7 w" W/ l7 `0 I( Aadd chain=virus protocol=tcp dst-port=1015 action=drop \
! K  r2 S7 S) a0 a/ Dcomment=”Doly1.0/1.35/1.5trojan-2″ disabled=no
! J# ]7 m4 u' C$ g1 fadd chain=virus protocol=tcp dst-port=2004-2005 action=drop \
comment=”TransScout.Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=9878 action=drop \
/ L$ n  Y/ o- S6 Vcomment=”TransScout.Trojan-2″ disabled=no
) f6 A5 r" o: B2 Badd chain=virus protocol=tcp dst-port=2773 action=drop \
  x3 W. j( g# L5 S4 Tcomment=”Backdoor.YAI..Trojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=7215 action=drop \
comment=”Backdoor.YAI.Trojan-2″ disabled=no
* @# g6 m" e. }5 Q5 Eadd chain=virus protocol=tcp dst-port=54283 action=drop \
comment=”Backdoor.YAI.Trojan-3″ disabled=no
3 G8 |# |( c7 ]' m; [: a5 q7 Sadd chain=virus protocol=tcp dst-port=1003 action=drop \
* W% ?1 Y7 D& P4 P2 m: o& v) tcomment=”BackDoorTrojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=5598 action=drop \
" W  g: J6 Q: x# Zcomment=”BackDoorTrojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=5698 action=drop \
& O& W' r0 _3 m, V" p7 u0 |- Xcomment=”BackDoorTrojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=31554 action=drop \
comment=”SchainwindlerTrojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=18753 action=drop \
comment=”Shaft.DDoS.Trojan-1″ disabled=no
# z1 _' q0 |* c% `* h0 n+ z* vadd chain=virus protocol=tcp dst-port=20432 action=drop \
comment=”Shaft.DDoS.Trojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=65000 action=drop \
" X; ?* S2 x, R1 t; r! Icomment=”Devil.DDoS.Trojan” disabled=no
0 B/ \0 _: u; W/ [* d& Gadd chain=virus protocol=tcp dst-port=11831 action=drop \
# A- J/ p" {& k) Bcomment=”LatinusTrojan-1″ disabled=no
2 h. X* I" u' L. H' yadd chain=virus protocol=tcp dst-port=29559 action=drop \
comment=”LatinusTrojan-2″ disabled=no
add chain=virus protocol=tcp dst-port=1784 action=drop \
comment=”Snid.X2Trojan-1″ disabled=no
& B1 Z: [7 @. d" x4 j( j( madd chain=virus protocol=tcp dst-port=3586 action=drop \
comment=”Snid.X2Trojan-2″ disabled=no
' g1 K8 H# t3 c5 [! Uadd chain=virus protocol=tcp dst-port=7609 action=drop \
comment=”Snid.X2Trojan-3″ disabled=no
$ v) x! ]6 a7 K) P8 `add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
  [' q- x% L# k' h( Jcomment=”BionetTrojan-1″ disabled=no
add chain=virus protocol=tcp dst-port=12478 action=drop \
' \+ Z$ M* e& w! W6 H  o$ M3 [comment=”BionetTrojan-2″ disabled=no
7 T* s9 I. E5 ]add chain=virus protocol=tcp dst-port=57922 action=drop \
7 U7 q% E: _' @- M4 u: D9 F9 kcomment=”BionetTrojan-3″ disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop \
comment=”Worm.Novarg.a.Mydoom.a1.” disabled=no
8 G8 `, h6 ?, M* K' ~add chain=virus protocol=tcp dst-port=6777 action=drop \
comment=”Worm.BBeagle.a.Bagle.a.” disabled=no
) j0 K0 }* s' y7 u4 Fadd chain=virus protocol=tcp dst-port=8866 action=drop \
* T4 Y2 w$ ]9 |comment=”Worm.BBeagle.b” disabled=no
# J  O3 K$ p7 B" h: w% @add chain=virus protocol=tcp dst-port=2745 action=drop \
comment=”Worm.BBeagle.c-g/j-l” disabled=no
+ d' K2 Y! a( z5 ?" n( Oadd chain=virus protocol=tcp dst-port=2556 action=drop \
5 Z) L8 D8 Z9 |1 }; ?comment=”Worm.BBeagle.p/q/r/n” disabled=no
1 l+ l5 ]. ^( E0 a) A+ h1 X( ]add chain=virus protocol=tcp dst-port=20742 action=drop \
comment=”Worm.BBEagle.m-2″ disabled=no
add chain=virus protocol=tcp dst-port=4751 action=drop \
comment=”Worm.BBeagle.s/t/u/v” disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop \
& E- u. F6 \, j) F# zcomment=”Worm.BBeagle.aa/ab/w/x-z-2″ disabled=no
* A* I# n& b4 ?; aadd chain=virus protocol=tcp dst-port=5238 action=drop \
* s0 X* `# U) \% }  R$ ~comment=”Worm.LovGate.r.RpcExploit” disabled=no
7 V' E% T& t4 N0 [add chain=virus protocol=tcp dst-port=1068 action=drop comment=”Worm.Sasser.a” \
disabled=no
$ g! n* |. J# i4 sadd chain=virus protocol=tcp dst-port=5554 action=drop \
comment=”Worm.Sasser.b/c/f” disabled=no
( W. B: l5 U* badd chain=virus protocol=tcp dst-port=9996 action=drop \
& @( O, z# j2 Z1 A0 k7 h8 y( Jcomment=”Worm.Sasser.b/c/f” disabled=no
add chain=virus protocol=tcp dst-port=9995 action=drop comment=”Worm.Sasser.d” \
, B; O! |; m) A! pdisabled=no
9 S5 f0 j0 X! ~- sadd chain=virus protocol=tcp dst-port=10168 action=drop \
/ i" z% T" F* n" _; z( {comment=”Worm.Lovgate.a/b/c/d” disabled=no
: `5 Y9 t8 E# _; m+ [+ @2 Dadd chain=virus protocol=tcp dst-port=20808 action=drop \
, p* c  v5 r/ Acomment=”Worm.Lovgate.v.QQ” disabled=no
$ [" K( T+ y, U/ c$ H6 h( r+ T, q, Gadd chain=virus protocol=tcp dst-port=1092 action=drop \
9 ?4 w( D4 p( J& gcomment=”Worm.Lovgate.f/g” disabled=no
add chain=virus protocol=tcp dst-port=20168 action=drop \
1 Z1 U+ M3 w- [comment=”Worm.Lovgate.f/g” disabled=no
, {# Y8 S! r/ b# Iadd chain=virus protocol=tcp dst-port=1363-1364 action=drop \
comment=”ndm.requester” disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen.cast” \
disabled=no
& h4 S+ L  b! eadd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
: {' b" U6 G# R0 fadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichainlid” \
0 M$ G& p  f$ _9 D: Y+ n/ j7 ~- a- ^# ]disabled=no
0 V- r/ R! }( @0 W" t4 sadd chain=virus protocol=tcp dst-port=3410 action=drop \
comment=”Backdoor.Optixprotocol” disabled=no
add chain=virus protocol=tcp dst-port=8888 action=drop \
comment=”Worm.BBeagle.b” disabled=no
- ]8 ]# Q/ o- t1 f0 t4 Gadd chain=virus protocol=udp dst-port=44444 action=drop \
6 g0 m* T( q5 T% p* h* e$ _$ Gcomment=”Delta.Source.Trojan-7″ disabled=no
/ }- {, y" P3 g, `: _2 Iadd chain=virus protocol=udp dst-port=8998 action=drop \
comment=”Worm.Sobig.f-3″ disabled=no
( G" L3 \: l) ^% X2 cadd chain=virus protocol=udp dst-port=123 action=drop comment=”Worm.Sobig.f-1″ \
disabled=no
add chain=virus protocol=tcp dst-port=3198 action=drop \
comment=”Worm.Novarg.a.Mydoom.a2.” disabled=no
7 H2 S* \; U2 U& X' |0 K# ^add chain=virus protocol=tcp dst-port=139 action=drop comment=”Drop Blaster \
Worm” disabled=no
0 B3 b; x7 V  ~0 P: ]$ yadd chain=virus protocol=tcp dst-port=135 action=drop comment=”Drop Blaster \
/ R$ h( f: b7 M  C! h+ a+ [( rWorm” disabled=no
- Y& t: z: [8 l( Zadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
4 `2 d4 Y  L0 D  ?- J7 yWorm” disabled=no
/ ip firewall connection tracking
+ d) R( J8 ~8 K1 dset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
( v5 f5 w0 m& B5 Qtcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
- b! r9 I6 d1 A6 ~tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
' Y" H1 A# b+ q- l9 z/ W. ~6 Audp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
+ Z" @/ g7 N. v" Ytcp-syncookie=yes

冰峰_RTTU1