Jump to content
  • 0

Port Filter


Lacho

Question

Видях го в един италянски сайт

и съм го направил така мисля, че ще е полезно:

/ ip firewall filter

add chain=forward protocol=tcp dst-port=135-139 action=drop comment=““ disabled=no

add chain=forward protocol=udp dst-port=135-139 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=445 action=drop comment=““ disabled=no

add chain=forward protocol=udp dst-port=445 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=593 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1024-1030 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1080 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1214 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1363 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1364 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1368 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1373 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1377 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=1433-1434 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=2745 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=2283 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=2535 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=3127 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=3410 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=4444 action=drop comment=““ disabled=no

add chain=forward protocol=udp dst-port=4444 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=5554 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=8866 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=10000 action=drop comment=“ disabled=no

add chain=forward protocol=tcp dst-port=10080 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=12345 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=17300 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=27374 action=drop comment=““ disabled=no

add chain=forward protocol=tcp dst-port=65506 action=drop comment=““ disabled=no

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
  • Administrator

спъва лан портове няма шерове няма игри има недоволни

но това лично решение

това би вършило по добра работа

Drop port scanner

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=14d comment="Port scanners to list " disabled=no

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list \address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn \
action=add-src-to-address-list address-list="port \scanners" address-list-timeout=14d comment="SYN/FIN scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst \
action=add-src-to-address-list address-list="port \scanners" address-list-timeout=14d comment="SYN/RST scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list \address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list \address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list \address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"

/ip firewall filter add chain=input src-address-list="port scanners" action=drop \
comment="dropping port scanners" disabled=no[/code] и това изглежда хубаво ама какви проблеми създава не е истина
[code]------------------------ Firewall Virus ----------------------------------------------
/ ip firewall filter
add chain=Virus protocol=tcp dst-port=1434 action=drop comment="port block \
warning" disabled=no
add chain=Virus protocol=udp dst-port=1434 action=drop comment="" disabled=no
add chain=Virus protocol=udp dst-port=2745 action=drop comment="" disabled=no
add chain=Virus protocol=tcp dst-port=6344-6381 action=drop comment="" \
disabled=no
add chain=Virus protocol=udp dst-port=6344-6381 action=drop comment="" \
disabled=no
add chain=Virus protocol=tcp dst-port=1080 action=drop comment="MyDoom" \
disabled=no
add chain=Virus protocol=tcp dst-port=1214 action=drop comment="" disabled=no
add chain=Virus protocol=tcp dst-port=593 action=drop comment="" disabled=no
add chain=Virus protocol=tcp dst-port=1024-1030 action=drop comment="" \
disabled=no
add chain=Virus protocol=tcp dst-port=135-139 action=drop comment="Blaster \
Worm" disabled=no
add chain=Virus protocol=udp dst-port=135-139 action=drop comment="Messenger \
Worm" disabled=no
add chain=Virus protocol=tcp dst-port=445 action=drop comment="Blaster Worm" \
disabled=no
add chain=Virus protocol=udp dst-port=445 action=drop comment="Blaster Worm" \
disabled=no
add chain=Virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" \
disabled=no
add chain=Virus protocol=tcp dst-port=1364 action=drop comment="ndm server" \
disabled=no
add chain=Virus protocol=tcp dst-port=1368 action=drop comment="screen cast" \
disabled=no
add chain=Virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
disabled=no
add chain=Virus protocol=tcp dst-port=1377 action=drop comment="cichlid" \
disabled=no
add chain=Virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" \
disabled=no
add chain=Virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" \
disabled=no
add chain=Virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \
disabled=no
add chain=Virus protocol=tcp dst-port=2235 action=drop comment="Drop Beagle" \
disabled=no
add chain=Virus protocol=tcp dst-port=2745 action=drop comment="Drop \
Beagle.C-K" disabled=no
add chain=Virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop \
MyDoom" disabled=no
add chain=Virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor \
OptixPro" disabled=no
add chain=Virus protocol=tcp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=Virus protocol=udp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=Virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" \
disabled=no
add chain=Virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" \
disabled=no
add chain=Virus protocol=tcp dst-port=9898 action=drop comment="Drop \
Dabber.A-B" disabled=no
add chain=Virus protocol=tcp dst-port=10000 action=drop comment="Drop \
Dumaru.Y" disabled=no
add chain=Virus protocol=tcp dst-port=10080 action=drop comment="Drop \
MyDoom.B" disabled=no
add chain=Virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" \
disabled=no
add chain=Virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" \
disabled=no
add chain=Virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, \
Agobot, Gaobot" disabled=no
add chain=Virus protocol=tcp dst-port=27374 action=drop comment="Drop \
SubSeven" disabled=no

# forward
add chain=forward connection-state=invalid action=drop comment="" disabled=no
add chain=forward connection-state=related action=accept comment="" \
disabled=no
add chain=forward connection-state=established action=accept comment="" \
disabled=no
add chain=forward action=jump jump-target=Virus comment="" disabled=no

# input
add chain=input connection-state=invalid action=drop comment="" disabled=no
add chain=input connection-state=related action=accept comment="" disabled=no
add chain=input connection-state=established action=accept comment="" \
disabled=no
add chain=input action=jump jump-target=Virus comment="" disabled=no

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.