Collected Ros Firewall Scripts _ routers, switches

Source: Internet
Author: User
Tags switches
# feb/18/2006 22:28:00 by RouterOS 2.9.2.7 QQ "415736





# Software id = 83re-sn0


#


/IP Firewall filter


Add Chain=input connection-state=invalid action=drop \


comment= "Discard illegal connection packets" Disabled=no


Add Chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \


comment= "Limit total number of HTTP connections to" Disabled=no


Add chain=input protocol=tcp psd=21,3s,3,1 action=drop \


Comment= "Probe and discard port scan connections" Disabled=no


Add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \


Action=tarpit comment= "Suppressing Dos attacks" Disabled=no


Add Chain=input protocol=tcp connection-limit=10,32 \


Action=add-src-to-address-list address-list=black_list \


ADDRESS-LIST-TIMEOUT=1D comment= "Detecting Dos attacks" disabled=no


Add chain=input dst-address-type=!local action=drop comment= "Discard non-local data" \


Disabled=no


Add Chain=input src-address-type=!unicast action=drop \


Comment= "Discard all non unicast data" Disabled=no


Add chain=input protocol=icmp action=jump jump-target=icmp \


Comment= "Jump to ICMP list" Disabled=no


Add chain=input protocol=tcp action=jump jump-target=virus \


Comment= "Jump to Virus list" Disabled=no


Add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \


Comment= "Ping answer is limited to 5 packets per second" Disabled=no


Add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept \


Comment= "Traceroute limited to 5 packets per second" Disabled=no


Add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept \


Comment= "MTU Line Detection limited to 5 packets per second" Disabled=no


Add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \


comment= "Ping request limited to 5 packets per second" Disabled=no


Add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \


Comment= "Trace TTL is limited to 5 packets per second" Disabled=no


Add chain=icmp protocol=icmp action=drop comment= "Discard any ICMP data" \


Disabled=no


Add Chain=forward connection-state=established action=accept \


Comment= "Accept packets with connections" Disabled=no


Add Chain=forward connection-state=related action=accept \


Comment= "Accept related packets" Disabled=no


Add Chain=forward connection-state=invalid action=drop \


comment= "Discard illegal packets" disabled=no


Add Chain=forward protocol=tcp connection-limit=50,32 action=drop \


Comment= "Limit the number of TCP connections per host to 50" Disabled=no


Add Chain=forward src-address-type=!unicast action=drop \


Comment= "Discard all non unicast data" Disabled=no


Add Chain=forward protocol=icmp action=jump jump-target=icmp \


Comment= "Jump to ICMP list" Disabled=no


Add Chain=forward action=jump jump-target=virus comment= "Jump to Virus list" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=41 action=drop \


Comment= "Deepthroat.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=82 action=drop \


Comment= "Worm.netsky.y@mm" Disabled=no


Add Chain=virus protocol=tcp dst-port=113 action=drop \


Comment= "W32. Korgo.a/b/c/d/e/f-1 "Disabled=no


Add Chain=virus protocol=tcp dst-port=2041 action=drop \


Comment= "W33. Korgo.a/b/c/d/e/f-2 "Disabled=no


Add Chain=virus protocol=tcp dst-port=3150 action=drop \


Comment= "Deepthroat.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=3067 action=drop \


Comment= "W32. Korgo.a/b/c/d/e/f-3 "Disabled=no


Add Chain=virus protocol=tcp dst-port=3422 action=drop \


Comment= "Backdoor.irc.aladdinz.r-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=6667 action=drop \


Comment= "W32. Korgo.a/b/c/d/e/f-4 "Disabled=no


Add Chain=virus protocol=tcp dst-port=6789 action=drop \


Comment= "Worm.netsky.s/t/u@mm" Disabled=no


Add Chain=virus protocol=tcp dst-port=8787 action=drop \


Comment= "Back.orifice.2000.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=8879 action=drop \


Comment= "Back.orifice.2000.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=8967 action=drop \


Comment= "W32. Dabber.a/b-2 "Disabled=no


Add Chain=virus protocol=tcp dst-port=9999 action=drop \


Comment= "W32. Dabber.a/b-3 "Disabled=no


Add Chain=virus protocol=tcp dst-port=20034 action=drop \


Comment= "Block.netbus.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=21554 action=drop \


Comment= "Girlfriend.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=31666 action=drop \


Comment= "Back.orifice.2000.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=43958 action=drop \


Comment= "Backdoor.irc.aladdinz.r-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=999 action=drop \


Comment= "Deepthroat.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=6670 action=drop \


Comment= "Deepthroat.trojan-4" Disabled=no


Add Chain=virus protocol=tcp dst-port=6771 action=drop \


Comment= "Deepthroat.trojan-5" Disabled=no


Add Chain=virus protocol=tcp dst-port=60000 action=drop \


Comment= "Deepthroat.trojan-6" Disabled=no


Add Chain=virus protocol=tcp dst-port=2140 action=drop \


Comment= "Deepthroat.trojan-7" Disabled=no


Add Chain=virus protocol=tcp dst-port=10067 action=drop \


Comment= "Portal.of.doom.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=10167 action=drop \


Comment= "Portal.of.doom.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=3700 action=drop \


Comment= "Portal.of.doom.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=9872-9875 action=drop \


Comment= "Portal.of.doom.trojan-4" Disabled=no


Add Chain=virus protocol=tcp dst-port=6883 action=drop \


Comment= "Delta.source.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=26274 action=drop \


Comment= "Delta.source.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=4444 action=drop \


Comment= "Delta.source.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=47262 action=drop \


Comment= "Delta.source.trojan-4" Disabled=no


Add Chain=virus protocol=tcp dst-port=3791 action=drop \


Comment= "Eclypse.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=3801 action=drop \


Comment= "Eclypse.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=65390 action=drop \


Comment= "Eclypse.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=5880-5882 action=drop \


Comment= "y3k. RAT. Trojan-1 "Disabled=no


Add Chain=virus protocol=tcp dst-port=5888-5889 action=drop \


Comment= "y3k. RAT. Trojan-2 "Disabled=no


Add Chain=virus protocol=tcp dst-port=30100-30103 action=drop \


Comment= "Netsphere.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=30133 action=drop \


Comment= "Netsphere.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=7300-7301 action=drop \


Comment= "Netmonitor.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=7306-7308 action=drop \


Comment= "Netmonitor.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=79 action=drop \


Comment= "Firehotcker.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=5031 action=drop \


Comment= "Firehotcker.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=5321 action=drop \


Comment= "Firehotcker.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=6400 action=drop \


Comment= "Thething.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=7777 action=drop \


Comment= "Thething.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=1047 action=drop \


Comment= "Gatecrasher.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=6969-6970 action=drop \


Comment= "Gatecrasher.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=2774 action=drop comment= "SubSeven-1" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=27374 action=drop comment= "SubSeven-2" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=1243 action=drop comment= "SubSeven-3" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=1234 action=drop comment= "SubSeven-4" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=6711-6713 action=drop \


Comment= "SubSeven-5" Disabled=no


Add Chain=virus protocol=tcp dst-port=16959 action=drop comment= "SubSeven-7" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=25685-25686 action=drop \


Comment= "Moonpie.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=25982 action=drop \


Comment= "Moonpie.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=31337-31339 action=drop \


Comment= "Netspy.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=8102 action=drop comment= "Trojan" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=8011 action=drop comment= "WAY. Trojan "\


Disabled=no


Add Chain=virus protocol=tcp dst-port=7626 action=drop comment= "Trojan.binghe" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=19191 action=drop \


Comment= "Trojan.niansehoyian" Disabled=no


Add Chain=virus protocol=tcp dst-port=23444-23445 action=drop \


Comment= "Netbull.trojan" Disabled=no


Add Chain=virus protocol=tcp dst-port=2583 action=drop \


Comment= "Wincrash.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=3024 action=drop \


Comment= "Wincrash.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=4092 action=drop \


Comment= "Wincrash.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=5714 action=drop \


Comment= "Wincrash.trojan-4" Disabled=no


Add Chain=virus protocol=tcp dst-port=1010-1012 action=drop \


Comment= "Doly1.0/1.35/1.5trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=1015 action=drop \


Comment= "Doly1.0/1.35/1.5trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=2004-2005 action=drop \


Comment= "Transscout.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=9878 action=drop \


Comment= "Transscout.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=2773 action=drop \


Comment= "Backdoor.yai. Trojan-1 "Disabled=no


Add Chain=virus protocol=tcp dst-port=7215 action=drop \


Comment= "Backdoor.yai.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=54283 action=drop \


Comment= "Backdoor.yai.trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=1003 action=drop \


Comment= "BackDoorTrojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=5598 action=drop \


Comment= "BackDoorTrojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=5698 action=drop \


Comment= "BackDoorTrojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=31554 action=drop \


Comment= "SchainwindlerTrojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=18753 action=drop \


Comment= "Shaft.ddos.trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=20432 action=drop \


Comment= "Shaft.ddos.trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=65000 action=drop \


Comment= "Devil.DDoS.Trojan" Disabled=no


Add Chain=virus protocol=tcp dst-port=11831 action=drop \


Comment= "LatinusTrojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=29559 action=drop \


Comment= "LatinusTrojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=1784 action=drop \


Comment= "Snid.x2trojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=3586 action=drop \


Comment= "Snid.x2trojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=7609 action=drop \


Comment= "Snid.x2trojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=12348-12349 action=drop \


Comment= "BionetTrojan-1" Disabled=no


Add Chain=virus protocol=tcp dst-port=12478 action=drop \


Comment= "BionetTrojan-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=57922 action=drop \


Comment= "BionetTrojan-3" Disabled=no


Add Chain=virus protocol=tcp dst-port=3127 action=drop \


Comment= "worm.novarg.a.mydoom.a1." Disabled=no


Add Chain=virus protocol=tcp dst-port=6777 action=drop \


Comment= "Worm.bbeagle.a.bagle.a." Disabled=no


Add Chain=virus protocol=tcp dst-port=8866 action=drop \


Comment= "worm.bbeagle.b" Disabled=no


Add Chain=virus protocol=tcp dst-port=2745 action=drop \


Comment= "Worm.bbeagle.c-g/j-l" Disabled=no


Add Chain=virus protocol=tcp dst-port=2556 action=drop \


Comment= "worm.bbeagle.p/q/r/n" Disabled=no


Add Chain=virus protocol=tcp dst-port=20742 action=drop \


Comment= "Worm.bbeagle.m-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=4751 action=drop \


Comment= "worm.bbeagle.s/t/u/v" Disabled=no


Add Chain=virus protocol=tcp dst-port=2535 action=drop \


Comment= "Worm.bbeagle.aa/ab/w/x-z-2" Disabled=no


Add Chain=virus protocol=tcp dst-port=5238 action=drop \


Comment= "Worm.lovgate.r.rpcexploit" Disabled=no


Add Chain=virus protocol=tcp dst-port=1068 action=drop comment= "Worm.sasser.a" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=5554 action=drop \


Comment= "worm.sasser.b/c/f" Disabled=no


Add Chain=virus protocol=tcp dst-port=9996 action=drop \


Comment= "worm.sasser.b/c/f" Disabled=no


Add Chain=virus protocol=tcp dst-port=9995 action=drop comment= "WORM.SASSER.D" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=10168 action=drop \


Comment= "WORM.LOVGATE.A/B/C/D" Disabled=no


Add Chain=virus protocol=tcp dst-port=20808 action=drop \


Comment= "WORM.LOVGATE.V.QQ" Disabled=no


Add Chain=virus protocol=tcp dst-port=1092 action=drop \


Comment= "Worm.lovgate.f/g" Disabled=no


Add Chain=virus protocol=tcp dst-port=20168 action=drop \


Comment= "Worm.lovgate.f/g" Disabled=no


Add Chain=virus protocol=tcp dst-port=1363-1364 action=drop \


Comment= "Ndm.requester" Disabled=no


Add Chain=virus protocol=tcp dst-port=1368 action=drop comment= "Screen.cast" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=1373 action=drop comment= "Hromgrafx" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=1377 action=drop comment= "Cichainlid" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=3410 action=drop \


Comment= "Backdoor.optixprotocol" Disabled=no


Add Chain=virus protocol=tcp dst-port=8888 action=drop \


Comment= "worm.bbeagle.b" Disabled=no


Add Chain=virus protocol=udp dst-port=44444 action=drop \


Comment= "Delta.source.trojan-7" Disabled=no


Add Chain=virus protocol=udp dst-port=8998 action=drop \


Comment= "Worm.sobig.f-3" Disabled=no


Add Chain=virus protocol=udp dst-port=123 action=drop comment= "Worm.sobig.f-1" \


Disabled=no


Add Chain=virus protocol=tcp dst-port=3198 action=drop \


Comment= "Worm.novarg.a.mydoom.a2." Disabled=no


Add Chain=virus protocol=tcp dst-port=139 action=drop comment= "Drop Blaster \


Worm "Disabled=no


Add Chain=virus protocol=tcp dst-port=135 action=drop comment= "Drop Blaster \


Worm "Disabled=no


Add Chain=virus protocol=tcp dst-port=445 action=drop comment= "Drop Blaster \


Worm "Disabled=no





/IP Firewall Connection tracking


Set Enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \


tcp-established-timeout=10h tcp-fin-wait-timeout=2m \


Tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \


tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \


udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \


Tcp-syncookie=yes


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.