軟路由策略是指,防DDOS攻擊 / ip firewall filter add chain=input protocol=icmp in-interface=ether1 action=drop comment="No DDOS" /將"ether1"改成您的處網網卡名稱,此行請不要複製上!
基本介紹
- 中文名:軟路由策略
- 目的:防止病毒攻擊
- 程式注意:不要複製
- 屬於:程式
常見木馬
/ ip firewall filter
add chain=forward protocol=tcp dst-port=1999 action=drop comment="Backdoor.GrayBird.ad"
add chain=forward dst-address=80.190.240.125 action=drop
add chain=forward dst-address=203.209.245.168 action=drop
add chain=forward dst-address=210.192.122.106 action=drop
add chain=forward dst-address=218.30.88.43 action=drop
add chain=forward dst-address=219.238.233.110 action=drop
add chain=forward dst-address=222.186.8.88 action=drop
add chain=forward dst-address=124.42.125.37 action=drop
add chain=forward dst-address=210.192.122.107 action=drop
add chain=forward dst-address=61.147.118.198 action=drop
add chain=forward dst-address=219.238.233.11 action=drop
其他信息
/ ip firewall filter
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"
禁止PING路由
/ ip firewall filter
add chain=output protocol=icmp action=drop comment="No Ping"
禁止P2P下載
/ ip firewall filter
add chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15 action=drop
禁止比特精靈下載
/ ip firewall filter
add chain=forward protocol=tcp dst-port=16881 action=drop comment="NoBitSpirit"
批量綁定ARP
:foreach szwm in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$szwm]
ip firewall nat add chain=dstnat dst-address=(外網IP) protocol=tcp dst-port=外連線埠 to-addresses=(區域網路IP) to-ports=內連線埠 action=dst-nat
封域名
/ ip firewall filter
add chain=forward content=域名action=reject comment="備註"
雙線切換
/ system script
add name="dxup" source="/ip route set \[/ip route find comment=tel\] \
gateway=電信網關;
\n/ip route set \[/ip route find comment=tel\] \
disable=no;" policy=ftp,reboot,read,write,policy,test,winbox,password
add name="cncup" source="/ip routeenable\[/ip route find \
gateway=網通網關\]" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="dxdown" source="/ip route set \[/ip route find comment=tel\] \
gateway=網通網關" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="cncdown" source="/ip route disable \[/ip route find \
gateway=網通網關\]" \
policy=ftp,reboot,read,write,policy,test,winbox,password