Collected Ros Firewall Scripts _ routers, switches
Last Update:2017-01-18
Source: Internet
Author: User
# feb/18/2006 22:28:00 by RouterOS 2.9.2.7 QQ "415736
# Software id = 83re-sn0
#
/IP Firewall filter
Add Chain=input connection-state=invalid action=drop \
comment= "Discard illegal connection packets" Disabled=no
Add Chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
comment= "Limit total number of HTTP connections to" Disabled=no
Add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
Comment= "Probe and discard port scan connections" Disabled=no
Add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
Action=tarpit comment= "Suppressing Dos attacks" Disabled=no
Add Chain=input protocol=tcp connection-limit=10,32 \
Action=add-src-to-address-list address-list=black_list \
ADDRESS-LIST-TIMEOUT=1D comment= "Detecting Dos attacks" disabled=no
Add chain=input dst-address-type=!local action=drop comment= "Discard non-local data" \
Disabled=no
Add Chain=input src-address-type=!unicast action=drop \
Comment= "Discard all non unicast data" Disabled=no
Add chain=input protocol=icmp action=jump jump-target=icmp \
Comment= "Jump to ICMP list" Disabled=no
Add chain=input protocol=tcp action=jump jump-target=virus \
Comment= "Jump to Virus list" Disabled=no
Add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
Comment= "Ping answer is limited to 5 packets per second" Disabled=no
Add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
Comment= "Traceroute limited to 5 packets per second" Disabled=no
Add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
Comment= "MTU Line Detection limited to 5 packets per second" Disabled=no
Add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment= "Ping request limited to 5 packets per second" Disabled=no
Add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
Comment= "Trace TTL is limited to 5 packets per second" Disabled=no
Add chain=icmp protocol=icmp action=drop comment= "Discard any ICMP data" \
Disabled=no
Add Chain=forward connection-state=established action=accept \
Comment= "Accept packets with connections" Disabled=no
Add Chain=forward connection-state=related action=accept \
Comment= "Accept related packets" Disabled=no
Add Chain=forward connection-state=invalid action=drop \
comment= "Discard illegal packets" disabled=no
Add Chain=forward protocol=tcp connection-limit=50,32 action=drop \
Comment= "Limit the number of TCP connections per host to 50" Disabled=no
Add Chain=forward src-address-type=!unicast action=drop \
Comment= "Discard all non unicast data" Disabled=no
Add Chain=forward protocol=icmp action=jump jump-target=icmp \
Comment= "Jump to ICMP list" Disabled=no
Add Chain=forward action=jump jump-target=virus comment= "Jump to Virus list" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=41 action=drop \
Comment= "Deepthroat.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=82 action=drop \
Comment= "Worm.netsky.y@mm" Disabled=no
Add Chain=virus protocol=tcp dst-port=113 action=drop \
Comment= "W32. Korgo.a/b/c/d/e/f-1 "Disabled=no
Add Chain=virus protocol=tcp dst-port=2041 action=drop \
Comment= "W33. Korgo.a/b/c/d/e/f-2 "Disabled=no
Add Chain=virus protocol=tcp dst-port=3150 action=drop \
Comment= "Deepthroat.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=3067 action=drop \
Comment= "W32. Korgo.a/b/c/d/e/f-3 "Disabled=no
Add Chain=virus protocol=tcp dst-port=3422 action=drop \
Comment= "Backdoor.irc.aladdinz.r-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=6667 action=drop \
Comment= "W32. Korgo.a/b/c/d/e/f-4 "Disabled=no
Add Chain=virus protocol=tcp dst-port=6789 action=drop \
Comment= "Worm.netsky.s/t/u@mm" Disabled=no
Add Chain=virus protocol=tcp dst-port=8787 action=drop \
Comment= "Back.orifice.2000.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=8879 action=drop \
Comment= "Back.orifice.2000.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=8967 action=drop \
Comment= "W32. Dabber.a/b-2 "Disabled=no
Add Chain=virus protocol=tcp dst-port=9999 action=drop \
Comment= "W32. Dabber.a/b-3 "Disabled=no
Add Chain=virus protocol=tcp dst-port=20034 action=drop \
Comment= "Block.netbus.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=21554 action=drop \
Comment= "Girlfriend.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=31666 action=drop \
Comment= "Back.orifice.2000.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=43958 action=drop \
Comment= "Backdoor.irc.aladdinz.r-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=999 action=drop \
Comment= "Deepthroat.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=6670 action=drop \
Comment= "Deepthroat.trojan-4" Disabled=no
Add Chain=virus protocol=tcp dst-port=6771 action=drop \
Comment= "Deepthroat.trojan-5" Disabled=no
Add Chain=virus protocol=tcp dst-port=60000 action=drop \
Comment= "Deepthroat.trojan-6" Disabled=no
Add Chain=virus protocol=tcp dst-port=2140 action=drop \
Comment= "Deepthroat.trojan-7" Disabled=no
Add Chain=virus protocol=tcp dst-port=10067 action=drop \
Comment= "Portal.of.doom.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=10167 action=drop \
Comment= "Portal.of.doom.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=3700 action=drop \
Comment= "Portal.of.doom.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=9872-9875 action=drop \
Comment= "Portal.of.doom.trojan-4" Disabled=no
Add Chain=virus protocol=tcp dst-port=6883 action=drop \
Comment= "Delta.source.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=26274 action=drop \
Comment= "Delta.source.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=4444 action=drop \
Comment= "Delta.source.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=47262 action=drop \
Comment= "Delta.source.trojan-4" Disabled=no
Add Chain=virus protocol=tcp dst-port=3791 action=drop \
Comment= "Eclypse.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=3801 action=drop \
Comment= "Eclypse.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=65390 action=drop \
Comment= "Eclypse.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=5880-5882 action=drop \
Comment= "y3k. RAT. Trojan-1 "Disabled=no
Add Chain=virus protocol=tcp dst-port=5888-5889 action=drop \
Comment= "y3k. RAT. Trojan-2 "Disabled=no
Add Chain=virus protocol=tcp dst-port=30100-30103 action=drop \
Comment= "Netsphere.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=30133 action=drop \
Comment= "Netsphere.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=7300-7301 action=drop \
Comment= "Netmonitor.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=7306-7308 action=drop \
Comment= "Netmonitor.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=79 action=drop \
Comment= "Firehotcker.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=5031 action=drop \
Comment= "Firehotcker.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=5321 action=drop \
Comment= "Firehotcker.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=6400 action=drop \
Comment= "Thething.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=7777 action=drop \
Comment= "Thething.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=1047 action=drop \
Comment= "Gatecrasher.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=6969-6970 action=drop \
Comment= "Gatecrasher.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=2774 action=drop comment= "SubSeven-1" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=27374 action=drop comment= "SubSeven-2" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=1243 action=drop comment= "SubSeven-3" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=1234 action=drop comment= "SubSeven-4" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=6711-6713 action=drop \
Comment= "SubSeven-5" Disabled=no
Add Chain=virus protocol=tcp dst-port=16959 action=drop comment= "SubSeven-7" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=25685-25686 action=drop \
Comment= "Moonpie.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=25982 action=drop \
Comment= "Moonpie.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=31337-31339 action=drop \
Comment= "Netspy.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=8102 action=drop comment= "Trojan" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=8011 action=drop comment= "WAY. Trojan "\
Disabled=no
Add Chain=virus protocol=tcp dst-port=7626 action=drop comment= "Trojan.binghe" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=19191 action=drop \
Comment= "Trojan.niansehoyian" Disabled=no
Add Chain=virus protocol=tcp dst-port=23444-23445 action=drop \
Comment= "Netbull.trojan" Disabled=no
Add Chain=virus protocol=tcp dst-port=2583 action=drop \
Comment= "Wincrash.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=3024 action=drop \
Comment= "Wincrash.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=4092 action=drop \
Comment= "Wincrash.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=5714 action=drop \
Comment= "Wincrash.trojan-4" Disabled=no
Add Chain=virus protocol=tcp dst-port=1010-1012 action=drop \
Comment= "Doly1.0/1.35/1.5trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=1015 action=drop \
Comment= "Doly1.0/1.35/1.5trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=2004-2005 action=drop \
Comment= "Transscout.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=9878 action=drop \
Comment= "Transscout.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=2773 action=drop \
Comment= "Backdoor.yai. Trojan-1 "Disabled=no
Add Chain=virus protocol=tcp dst-port=7215 action=drop \
Comment= "Backdoor.yai.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=54283 action=drop \
Comment= "Backdoor.yai.trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=1003 action=drop \
Comment= "BackDoorTrojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=5598 action=drop \
Comment= "BackDoorTrojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=5698 action=drop \
Comment= "BackDoorTrojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=31554 action=drop \
Comment= "SchainwindlerTrojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=18753 action=drop \
Comment= "Shaft.ddos.trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=20432 action=drop \
Comment= "Shaft.ddos.trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=65000 action=drop \
Comment= "Devil.DDoS.Trojan" Disabled=no
Add Chain=virus protocol=tcp dst-port=11831 action=drop \
Comment= "LatinusTrojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=29559 action=drop \
Comment= "LatinusTrojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=1784 action=drop \
Comment= "Snid.x2trojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=3586 action=drop \
Comment= "Snid.x2trojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=7609 action=drop \
Comment= "Snid.x2trojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=12348-12349 action=drop \
Comment= "BionetTrojan-1" Disabled=no
Add Chain=virus protocol=tcp dst-port=12478 action=drop \
Comment= "BionetTrojan-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=57922 action=drop \
Comment= "BionetTrojan-3" Disabled=no
Add Chain=virus protocol=tcp dst-port=3127 action=drop \
Comment= "worm.novarg.a.mydoom.a1." Disabled=no
Add Chain=virus protocol=tcp dst-port=6777 action=drop \
Comment= "Worm.bbeagle.a.bagle.a." Disabled=no
Add Chain=virus protocol=tcp dst-port=8866 action=drop \
Comment= "worm.bbeagle.b" Disabled=no
Add Chain=virus protocol=tcp dst-port=2745 action=drop \
Comment= "Worm.bbeagle.c-g/j-l" Disabled=no
Add Chain=virus protocol=tcp dst-port=2556 action=drop \
Comment= "worm.bbeagle.p/q/r/n" Disabled=no
Add Chain=virus protocol=tcp dst-port=20742 action=drop \
Comment= "Worm.bbeagle.m-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=4751 action=drop \
Comment= "worm.bbeagle.s/t/u/v" Disabled=no
Add Chain=virus protocol=tcp dst-port=2535 action=drop \
Comment= "Worm.bbeagle.aa/ab/w/x-z-2" Disabled=no
Add Chain=virus protocol=tcp dst-port=5238 action=drop \
Comment= "Worm.lovgate.r.rpcexploit" Disabled=no
Add Chain=virus protocol=tcp dst-port=1068 action=drop comment= "Worm.sasser.a" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=5554 action=drop \
Comment= "worm.sasser.b/c/f" Disabled=no
Add Chain=virus protocol=tcp dst-port=9996 action=drop \
Comment= "worm.sasser.b/c/f" Disabled=no
Add Chain=virus protocol=tcp dst-port=9995 action=drop comment= "WORM.SASSER.D" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=10168 action=drop \
Comment= "WORM.LOVGATE.A/B/C/D" Disabled=no
Add Chain=virus protocol=tcp dst-port=20808 action=drop \
Comment= "WORM.LOVGATE.V.QQ" Disabled=no
Add Chain=virus protocol=tcp dst-port=1092 action=drop \
Comment= "Worm.lovgate.f/g" Disabled=no
Add Chain=virus protocol=tcp dst-port=20168 action=drop \
Comment= "Worm.lovgate.f/g" Disabled=no
Add Chain=virus protocol=tcp dst-port=1363-1364 action=drop \
Comment= "Ndm.requester" Disabled=no
Add Chain=virus protocol=tcp dst-port=1368 action=drop comment= "Screen.cast" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=1373 action=drop comment= "Hromgrafx" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=1377 action=drop comment= "Cichainlid" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=3410 action=drop \
Comment= "Backdoor.optixprotocol" Disabled=no
Add Chain=virus protocol=tcp dst-port=8888 action=drop \
Comment= "worm.bbeagle.b" Disabled=no
Add Chain=virus protocol=udp dst-port=44444 action=drop \
Comment= "Delta.source.trojan-7" Disabled=no
Add Chain=virus protocol=udp dst-port=8998 action=drop \
Comment= "Worm.sobig.f-3" Disabled=no
Add Chain=virus protocol=udp dst-port=123 action=drop comment= "Worm.sobig.f-1" \
Disabled=no
Add Chain=virus protocol=tcp dst-port=3198 action=drop \
Comment= "Worm.novarg.a.mydoom.a2." Disabled=no
Add Chain=virus protocol=tcp dst-port=139 action=drop comment= "Drop Blaster \
Worm "Disabled=no
Add Chain=virus protocol=tcp dst-port=135 action=drop comment= "Drop Blaster \
Worm "Disabled=no
Add Chain=virus protocol=tcp dst-port=445 action=drop comment= "Drop Blaster \
Worm "Disabled=no
/IP Firewall Connection tracking
Set Enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
Tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
Tcp-syncookie=yes