ros高级防火墙

最新推荐文章于 2025-03-13 15:15:26 发布
最新推荐文章于 2025-03-13 15:15:26 发布
阅读量2.3k 收藏 1
点赞数
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/wdhqwe520/article/details/93883458

/system script
add name=script1 owner=delavar policy=\
    reboot,read,write,test,password,sniff,sensitive source="##################\
    ##########################################################################\
    #############\r\
    \n#   高级防火墙 V5.0 (Fix Version)           \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n# Author: dahai                                                    \
    \_                               #\r\
    \n# email: 442193715@qq.com                                 \
    \_                               #\r\
    \n# Username                                \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n#                                         License                       \
    \_                               #\r\
    \n# This script has been created for use by the general public and may be \
    used freely. This script may    #\r\
    \n# not be sold!                                                          \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n########################################################################\
    #################################\r\
    \n# Features                                                              \
    \_                               #\r\
    \n# -Detect and block brute force attacks to the routers via SSH, Telnet, \
    and Winbox (Disables WWW & FTP) #\r\
    \n# -Basic Antivirus filtering                                            \
    \_                               #\r\
    \n# -P2P Blocking                                                         \
    \_                               #\r\
    \n# -High Connection Rate detection                                       \
    \_                               #\r\
    \n# -Basic Spam detection                                                 \
    \_                               #\r\
    \n# -Basic Port Scanner Detection                                         \
    \_                               #\r\
    \n# -Bogon Address Blocking                                               \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Firewall Settings                                                  \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall connection tracking\r\
    \nset enabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Drop Invalid Connections                                           \
    \_                                              ####\r\
    \n#### To make this more useful, create a copy of the forward chain rule a\
    nd set the interface for each LAN intface      ####\r\
    \n#### on your network. Remember to remove the orginal rule.              \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=drop chain=input comment=\"Drop Invalid Connections\" connect\
    ion-state=invalid disabled=no\r\
    \nadd action=drop chain=forward comment=\"Drop Invalid Connections\" conne\
    ction-state=invalid disabled=no\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Must Add Admin IP Addresses in the Address List for Administering t\
    he Network in \"Exempt Addresses\"              #####\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \nadd action=accept chain=input comment=\"Accept Exempt IP Addresses\" dis\
    abled=no src-address-list=\"Exempt Addresses\"\r\
    \nadd action=accept chain=forward comment=\"Accept Exempt IP Addresses\" d\
    isabled=no src-address-list=\"Exempt Addresses\"\r\
    \n\r\
    \n########################################################################\
    ####################################################\r\
    \n#### Multiple \"Black Lists\" have been created to help identify why any\
    \_given person has been blocked.#######################\r\
    \n#### By default Port Scanners Black List is disabled. The Firewall will \
    continue to add these people to the ################\r\
    \n#### the Black List, but will not block them unless the Black List is en\
    abled. Use with caution!!!! ########################\r\
    \n#### Once someone is on a Black List they are permanently recorded there\
    . To remove them, go to the address list.###########\r\
    \n########################################################################\
    ####################################################\r\
    \n\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Man\
    ually Added)\" disabled=no src-address-list=\"Black List\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (M\
    anually Added)\" disabled=no src-address-list=\"Black List\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (SSH\
    )\" disabled=no src-address-list=\"Black List (SSH)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (S\
    SH)\" disabled=no src-address-list=\"Black List (SSH)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Tel\
    net)\" disabled=no src-address-list=\"Black List (Telnet)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (T\
    elnet)\" disabled=no src-address-list=\"Black List (Telnet)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Win\
    box)\" disabled=no src-address-list=\"Black List (Winbox)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (W\
    inbox)\" disabled=no src-address-list=\"Black List (Winbox)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the WAN Port Scanne\
    r List\" disabled=yes src-address-list=\"WAN Port Scanners\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the WAN Port Scan\
    ner List\" disabled=yes src-address-list=\"WAN Port Scanners\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the LAN Port Scanne\
    r List\" disabled=yes src-address-list=\"LAN Port Scanners\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the LAN Port Scan\
    ner List\" disabled=yes src-address-list=\"LAN Port Scanners\"\r\
    \nadd action=drop chain=input comment=\"Drop all Bogons\" disabled=no src-\
    address-list=Bogons\r\
    \nadd action=drop chain=forward comment=\"Drop all Bogons\" disabled=no sr\
    c-address-list=Bogons\r\
    \nadd action=drop chain=forward comment=\"Drop all P2P\" disabled=yes p2p=\
    all-p2p\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Block Brute Force Login Attempts                          \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \nadd action=jump chain=input comment=\"Jump to RFC SSH Chain\" disabled=n\
    o jump-target=\"RFC SSH Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (SSH)\" add\
    ress-list-timeout=0s chain=\"RFC SSH Chain\" comment=\"Transfer repeated a\
    ttempts from SSH Stage 3 to Black-List\" connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=\"SSH Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 3\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add succesive attempts t\
    o SSH Stage 3\" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=\"SSH Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 2\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add succesive attempts t\
    o SSH Stage 2\" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=\"SSH Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 1\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add intial attempt to SS\
    H Stage 1 List\" connection-state=new disabled=no dst-port=22 protocol=tcp\
    \r\
    \nadd action=return chain=\"RFC SSH Chain\" comment=\"Return From RFC SSH \
    Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to RFC Telnet Chain\" disable\
    d=no jump-target=\"RFC Telnet Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (Telnet)\" \
    address-list-timeout=0s chain=\"RFC Telnet Chain\" comment=\"Transfer repe\
    ated attempts from Telnet Stage 3 to Black-List\" connection-state=new dis\
    abled=no dst-port=23 protocol=tcp src-address-list=\"Telnet Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 3\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add succesive atte\
    mpts to Telnet Stage 3\" connection-state=new disabled=no dst-port=23 prot\
    ocol=tcp src-address-list=\"Telnet Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 2\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add succesive atte\
    mpts to Telnet Stage 2\" connection-state=new disabled=no dst-port=23 prot\
    ocol=tcp src-address-list=\"Telnet Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 1\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add Intial attempt\
    \_to Telnet Stage 1\" connection-state=new disabled=no dst-port=23 protoco\
    l=tcp\r\
    \nadd action=return chain=\"RFC Telnet Chain\" comment=\"Return From RFC T\
    elnet Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to RFC Winbox Chain\" disable\
    d=no jump-target=\"RFC Winbox Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (Winbox)\" \
    address-list-timeout=0s chain=\"RFC Winbox Chain\" comment=\"Transfer repe\
    ated attempts from Winbox Stage 3 to Black-List\" connection-state=new dis\
    abled=no dst-port=8291 protocol=tcp src-address-list=\"Winbox Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 3\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add succesive atte\
    mpts to Winbox Stage 3\" connection-state=new disabled=no dst-port=8291 pr\
    otocol=tcp src-address-list=\"Winbox Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 2\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add succesive atte\
    mpts to Winbox Stage 2\" connection-state=new disabled=no dst-port=8291 pr\
    otocol=tcp src-address-list=\"Winbox Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 1\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add Intial attempt\
    \_to Winbox Stage 1\" connection-state=new disabled=no dst-port=8291 proto\
    col=tcp\r\
    \nadd action=return chain=\"RFC Winbox Chain\" comment=\"Return From RFC W\
    inbox Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Manage Port Scanners                                      \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=add-src-to-address-list address-list=\"Wan Port Scanners\" ch\
    ain=input comment=\"Add TCP Port Scanners to Address List\" protocol=tcp p\
    sd=40,3s,2,1\r\
    \nadd action=add-src-to-address-list address-list=\"LAN Port Scanners\" ch\
    ain=forward comment=\"Add TCP Port Scanners to Address List\" protocol=tcp\
    \_psd=40,3s,2,1\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Manage High Connection Rates                              \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=add-src-to-address-list address-list=\"(WAN High Connection R\
    ates)\" chain=input comment=\"Add WAN High Connections to Address List\" c\
    onnection-limit=100,32 protocol=tcp\r\
    \nadd action=add-src-to-address-list address-list=\"(LAN High Connection R\
    ates)\" chain=forward comment=\"Add LAN High Connections to Address List\"\
    \_connection-limit=100,32 protocol=tcp\r\
    \n\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ####################################################\r\
    \n#### The Virus Chain has been added at the request of customers, but the\
    re is no guarantee expressed or implied with the ###\r\
    \n#### Virus Chain. ######################################################\
    ####################################################\r\
    \n########################################################################\
    ####################################################\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to Virus Chain\" disabled=no \
    jump-target=Virus\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=135-139 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=445 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=445 protocol=udp\r\
    \nadd action=drop chain=Virus comment=\"Drop Messenger Worm\" disabled=no \
    dst-port=135-139 protocol=udp\r\
    \nadd action=drop chain=Virus comment=Conficker disabled=no dst-port=593 p\
    rotocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=1024-1030 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"ndm requester\" disabled=no dst-po\
    rt=1363 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"ndm server\" disabled=no dst-port=\
    1364 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"screen cast\" disabled=no dst-port\
    =1368 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom\" disabled=no dst-port\
    =1080 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=cichlid disabled=no dst-port=1377 pr\
    otocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dumaru.Y\" disabled=no dst-po\
    rt=2283 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle\" disabled=no dst-port\
    =2535 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle.C-K\" disabled=no dst-\
    port=2745 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom\" disabled=no dst-port\
    =3127-3128 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Backdoor OptixPro\" disabled=\
    no dst-port=3410 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Sasser\" disabled=no dst-port\
    =5554 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=4444 proto\
    col=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=4444 proto\
    col=udp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle.B\" disabled=no dst-po\
    rt=8866 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dabber.A-B\" disabled=no dst-\
    port=9898 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dumaru.Y\" disabled=no dst-po\
    rt=10000 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom.B\" disabled=no dst-po\
    rt=10080 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop NetBus\" disabled=no dst-port\
    =12345 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Kuang2\" disabled=no dst-port\
    =17300 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop SubSeven\" disabled=no dst-po\
    rt=27374 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop PhatBot, Agobot, Gaobot\" dis\
    abled=no dst-port=65506 protocol=tcp\r\
    \nadd action=return chain=Virus comment=\"Return From Virus Chain\" disabl\
    ed=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n\r\
    \n\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### This is the BOGON short list.                                      \
    \_                                              ####\r\
    \n####!!!!! All subnets in this list will be blocked!!! Disable or remove \
    any subnets that you are using!!!##################\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \n/ip firewall address-list\r\
    \nadd address=0.0.0.0/8 comment=\"RFC 1122 \\\"This host on this network\\\
    \"\" disabled=yes list=Bogons\r\
    \nadd address=10.0.0.0/8 comment=\"RFC 1918 (Private Use IP Space)\" disab\
    led=yes list=Bogons\r\
    \nadd address=100.64.0.0/10 comment=\"RFC 6598 (Shared Address Space)\" di\
    sabled=yes list=Bogons\r\
    \nadd address=127.0.0.0/8 comment=\"RFC 1122 (Loopback)\" disabled=yes lis\
    t=Bogons\r\
    \nadd address=169.254.0.0/16 comment=\"RFC 3927 (Dynamic Configuration of \
    IPv4 Link-Local Addresses)\" disabled=yes list=Bogons\r\
    \nadd address=172.16.0.0/12 comment=\"RFC 1918 (Private Use IP Space)\" di\
    sabled=yes list=Bogons\r\
    \nadd address=192.0.0.0/24 comment=\"RFC 6890 (IETF Protocol Assingments)\
    \" disabled=yes list=Bogons\r\
    \nadd address=192.0.2.0/24 comment=\"RFC 5737 (Test-Net-1)\" disabled=yes \
    list=Bogons\r\
    \nadd address=192.168.0.0/16 comment=\"RFC 1918 (Private Use IP Space)\" d\
    isabled=yes list=Bogons\r\
    \nadd address=198.18.0.0/15 comment=\"RFC 2544 (Benchmarking)\" disabled=y\
    es list=Bogons\r\
    \nadd address=198.51.100.0/24 comment=\"RFC 5737 (Test-Net-2)\" disabled=y\
    es list=Bogons\r\
    \nadd address=203.0.113.0/24 comment=\"RFC 5737 (Test-Net-3)\" disabled=ye\
    s list=Bogons\r\
    \nadd address=224.0.0.0/4 comment=\"RFC 5771 (Multicast Addresses) - Will \
    affect OSPF, RIP, PIM, VRRP, IS-IS, and others. Use with caution.)\" disab\
    led=yes list=Bogons\r\
    \nadd address=240.0.0.0/4 comment=\"RFC 1112 (Reserved)\" disabled=yes lis\
    t=Bogons\r\
    \nadd address=192.31.196.0/24 comment=\"RFC 7535 (AS112-v4)\" disabled=yes\
    \_list=Bogons\r\
    \nadd address=192.52.193.0/24 comment=\"RFC 7450 (AMT)\" disabled=yes list\
    =Bogons\r\
    \nadd address=192.88.99.0/24 comment=\"RFC 7526 (Deprecated (6to4 Relay An\
    ycast))\" disabled=yes list=Bogons\r\
    \nadd address=192.175.48.0/24 comment=\"RFC 7534 (Direct Delegation AS112 \
    Service)\" disabled=yes list=Bogons\r\
    \nadd address=255.255.255.255 comment=\"RFC 919 (Limited Broadcast)\" disa\
    bled=yes list=Bogons\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ######################################################################\r\
    \n#### This is a list of all common ports as found on http://en.wikipedia.\
    org/wiki/List_of_TCP_and_UDP_port_numbers  and other sources.       ##\r\
    \n#### By default they are enabled to prevent immediate problems when appl\
    ying the script. Carefully review the list of                       ##\r\
    \n#### ports and remove or disable entries that are not needed.           \
    \_                                                                   ##\r\
    \n########################################################################\
    ######################################################################\r\
    \n\r\
    \n/ip firewall filter\r\
    \nadd action=jump chain=forward comment=\"Jump to \\\"Manage Common Ports\
    \\\" Chain\" jump-target=\"Manage Common Ports\"\r\
    \nadd chain=\"Manage Common Ports\" comment=\"\\\"All hosts on this subnet\
    \\\" Broadcast\" src-address=224.0.0.1\r\
    \nadd chain=\"Manage Common Ports\" comment=\"\\\"All routers on this subn\
    et\\\" Broadcast\" src-address=224.0.0.2\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DVMRP (Distance Vector Multi\
    cast Routing Protocol)\" src-address=224.0.0.4\r\
    \nadd chain=\"Manage Common Ports\" comment=\"OSPF - All OSPF Routers Broa\
    dcast\" src-address=224.0.0.5\r\
    \nadd chain=\"Manage Common Ports\" comment=\"OSPF - OSPF DR Routers Broad\
    cast\" src-address=224.0.0.6\r\
    \nadd chain=\"Manage Common Ports\" comment=\"RIP Broadcast\" src-address=\
    224.0.0.9\r\
    \nadd chain=\"Manage Common Ports\" comment=\"EIGRP Broadcast\" src-addres\
    s=224.0.0.10\r\
    \nadd chain=\"Manage Common Ports\" comment=\"PIM Broadcast\" src-address=\
    224.0.0.13\r\
    \nadd chain=\"Manage Common Ports\" comment=\"VRRP Broadcast\" src-address\
    =224.0.0.18\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.19\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.20\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.21\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IGMP Broadcast\" src-address\
    =224.0.0.22\r\
    \nadd chain=\"Manage Common Ports\" comment=\"GRE Protocol (Local Manageme\
    nt)\" protocol=gre\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPdata transfer\" port=20 p\
    rotocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPdata transfer  \" port=20\
    \_protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPcontrol (command)\" port=\
    21 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Secure Shell(SSH)\" port=22 \
    protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Secure Shell(SSH)   \" port=\
    22 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=Telnet port=23 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=Telnet port=23 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Priv-mail: any privatemailsy\
    stem.\" port=24 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Priv-mail: any privatemailsy\
    stem.  \" port=24 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Mail Transfer Protoco\
    l(SMTP)\" port=25 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Mail Transfer Protoco\
    l(SMTP)  \" port=25 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"TIME protocol\" port=37 prot\
    ocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"TIME protocol  \" port=37 pr\
    otocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"ARPA Host Name Server Protoc\
    ol & WINS\" port=42 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"ARPA Host Name Server Protoc\
    ol  & WINS  \" port=42 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"WHOIS protocol\" port=43 pro\
    tocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"WHOIS protocol\" port=43 pro\
    tocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Domain Name System (DNS)\" p\
    ort=53 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Domain Name System (DNS)\" p\
    ort=53 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Mail Transfer Protocol(RFC 7\
    80)\" port=57 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"(BOOTP) Server & (DHCP)  \" \
    port=67 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"(BOOTP) Client & (DHCP)  \" \
    port=68 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Trivial File Transfer Protoc\
    ol (TFTP)  \" port=69 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Gopher protocol\" port=70 pr\
    otocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Finger protocol\" port=79 pr\
    otocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Hypertext Transfer Protocol \
    (HTTP)\" port=80 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"RemoteTELNETService protocol\
    \" port=107 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Post Office Protocolv2 (POP2\
    )\" port=109 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Post Office Protocolv3 (POP3\
    )\" port=110 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IdentAuthentication Service/\
    Identification Protocol\" port=113 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Authentication Service (auth\
    )  \" port=113 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple File Transfer Protoco\
    l (SFTP)\" port=115 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Network Time Protocol(NTP)\"\
    \_port=123 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Name Service\
    \" port=137 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Name Service \
    \_\" port=137 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Datagram Serv\
    ice\" port=138 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Datagram Serv\
    ice  \" port=138 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Session Servi\
    ce\" port=139 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Session Servi\
    ce  \" port=139 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Internet Message Access Prot\
    ocol (IMAP)\" port=143 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Background File Transfer Pro\
    gram (BFTP)\" port=152 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Background File Transfer Pro\
    gram (BFTP)  \" port=152 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"SGMP,Simple Gateway Monitori\
    ng Protocol\" port=153 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"SGMP,Simple Gateway Monitori\
    ng Protocol  \" port=153 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DMSP, Distributed Mail Servi\
    ce Protocol\" port=158 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DMSP, Distributed Mail Servi\
    ce Protocol  \" port=158 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocol(SNMP)  \" port=161 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocolTrap (SNMPTRAP)\" port=162 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocolTrap (SNMPTRAP)  \" port=162 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"BGP (Border Gateway Protocol\
    )\" port=179 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Internet Message Access Prot\
    ocol (IMAP), version 3\" port=220 protocol=tcp\r\
    \nad

wdhqwe520
关注
ROS2】高级:安全-设置安全性
cxyhjl的博客
07-20 834
目标:使用sros2设置安全性。教程级别:高级时间:15 分钟内容背景安装从源代码安装选择替代中间件运行演示1. 为安全文件创建一个文件夹2. 生成密钥库3. 生成密钥和证书4. 配置环境变量5. 运行talker/listener演示参加测验!了解更多!背景sros2包提供了在 DDS-Security 之上使用 ROS 2 的工具和说明。安全功能已在各个平台(Li...
2024年网络安全最新RouterOS(Ros)开启HTTPS管理后台的安全访问(1)
2301_82056337的博客
05-03 1187
4)在System-Certificates-Import选择先导入pem,然后再选择Import导入key,当证书前面的状态变为KT就说明导入成功了。5)ip-Services开启www-ssl,然后点击配置证书选择刚导入的KT状态证书,应用就可以https访问了。
ros防火墙(已阻止QQ)
03-03
自己改的ros防火墙,已经阻止qq
ROS 防火墙
weixin_34054931的博客
02-02 2402
防火墙过滤(firewallfilter)在RouterOS通过ip firewall能对IP数据包过滤、P2P协议过滤、源和目标IP、端口、IP协议、协议(ICMP、TCP、MSS等)、网络接口、对内部的数据包和连接作标记、ToS字节、内容过滤、顺序优先与数据频繁和时间控制、包长度控制...从数据传输上分类:分为input、foreward和output三种链表(cha...
ROS防火墙
weixin_33736048的博客
02-05 203
收集但未整理的,请自行编辑,勿直接使用! Remember that firewall rules are processed in the order they appear on the list! After a rule matches the packet, no more rules are processed for it / ip firewall fil...
hualinux ros 1.10:RouterOS firewall防火墙资料及理解
hualinux(阿华的linux)
11-17 3386
前面花了几章讲了ros常用命令,相信大家都知道了学习命令的正确打开方式:不要死背,不断使用?帮助和tab补全。 本章开始讲一下ros firewall防火墙一些基础知识,我上传的csdn中的ros入门教程中第九章讲了防火墙过滤和第十三章讲了Mangle分类标记,这里我就不重复已有的东西了。 本章主要是讲防火墙基础知识的理解,还有相关的资料 一、为什么要讲防火墙的基础理解 主要我发现很多人都防火墙的理解不到位,主要还是基础不扎实的原因,总是理解有些偏差。包括我刚刚学的时候,同一接口一会儿变...
RouterOS FireWall Configuration
Eddyx的专栏
03-14 433
After successfully configured your ROS there are some firewall rules to be configured to secure your router. RouterOS MAC-access RouterOS has built-in options for easy management access to network devices. The particular services should be shutdown on pr
ROS高级PCQ生成器1.13:便捷限速设置与功能优化
- **安装包内容**:包括ROS高级PCQ生成器1.13的可执行文件、程序图片和使用说明文档。 - **使用说明**:用户可以通过官方说明文档,了解如何操作和使用该生成器。 #### 6. 安全与授权 - **程序激活**:提供了官方的...
精通路由操作系统Ros脚本:拨号、IP分流、防火墙及限速
根据文件信息,标题、描述和标签均指向同一内容,即“Ros:(N条线拨号+IP分流+防火墙脚本+限速)脚本”。接下来,我们将针对这一标题展开详细的知识点阐述。 ### 知识点一:ROS简介 ROS,即RouterOS,是由MikroTik...
ROS3.30高级篇-PPPOE一号多拨与自动跳转设置教程
ROS3.30可能指的是RouterOS 3.30版本,RouterOS是MikroTik公司开发的操作系统,用于其路由器产品上,提供了丰富的路由、防火墙、隧道、认证、监控和管理功能。由于本次给出的标题为“ROS3.30 高级篇-教案”,表明...
ROS防火墙策略与网页断流解决等系列.pdf
11-26
ROS防火墙策略与网页断流解决等系列.pdf
ROS防电信扫描最新防火墙脚本
06-22
ROS防电信扫描最新防火墙脚本 ROS防电信扫描最新防火墙脚本
routeros 皮肤汉化最新版
03-05
routeros 基础上将英文版本,全部汉化为vip版本,全新定义web界面
更改防火墙设置,确保它允许ROS通信的端口和协议通过
xiangguolalala的博客
10-20 531
允许本地端口范围内的所有传出连接。
2025全新整理-Mikrotik-RouterOS-ROS系统IPv4和IPv6默认推荐防火墙规则firewall脚本集合-收藏备用
最新发布
03-13 1086
本文已经综合整理了互联网上,比较全面和热门的防火墙规则了,不用再去其他地方对比和寻找了,因为最近我也是在研究ros系统,就综合整理了这个文章,理论上应该没有什么其他要补充的,特殊规则的话,建议自行参照本文另外添加,或者仔细搜索,或者问ai,或者对照官方文档添加修改谢谢。有任何问题,可以联系笔者。祝您食用愉快(#^.^#)
ros中mangel ip firewall中
yuzhentong的博客
04-12 469
**5个chain 链接 Forward 转发 prerouting 路由之前 input 进入路由 output 从路由出去 postrouting 路由之后
ros防火墙脚本
weixin_33851604的博客
05-03 340
# [url]www.mikrotik.com.cn[/url] RouterOS v2.9# firewall filte scripts v1.2# Edit YuS#/ ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \ com...
routeros input方向防火墙 丢弃规则
panyong2010的博客
03-28 417
在RouterOS的quickset中没有包含这条规则,添加这样的规则可以增加网络安全性并防止潜在的攻击。管理员应该根据自己的网络需求,评估是否需要添加这样的规则来保护网络安全。
ros有一个比较安全的登录方案:二次登录防火墙
weixin_30814319的博客
03-13 526
原文: https://www.winbox.org/ /ip firewall address-list add address=10.0.0.0/8 list=login /ip firewall address-list add address=172.16.0.0/12 list=login /ip firewall address-list add addres...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值