routerOS防火墙规则
2007-06-17 12:43:34 来源:WEB开发网add dst-address=:5554 protocol=udp action=drop comment="drop Bt download" disabled=no
add dst-address=:6881-6889 protocol=tcp action=drop comment="drop drop Bt download" disabled=no
add dst-address=:6881-6889 protocol=udp action=drop comment="drop drop Bt download" disabled=no
add dst-address=:8881-8889 protocol=tcp action=drop comment="drop drop Bt download" disabled=no
add dst-address=:8881-8889 protocol=udp action=drop comment="drop drop Bt download" disabled=no
add dst-address=:39213 protocol=tcp action=drop comment="drop worm" disabled=no
add dst-address=:39213 protocol=tcp action=drop comment="drop worm" disabled=no
add protocol=udp action=accept comment="udp" disabled=no
add dst-address=XXX.XXX.XXX.XXX/32 protocol=icmp action=drop
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept comment="allow limited pings" disabled=0
comment="dont ping me" disabled=no
add dst-address=!192.168.0.0/24:3987 protocol=tcp action=drop comment="dont link me" disabled=no
add src-address=192.168.0.0/24 dst-address=192.168.0.125/32 action=accept comment="http://www.ddvip.com/from lan admin" disabled=no
add action=drop log=yes comment="Log and drop everything else" disabled=no
ip firewall rule forward (禁止某些网站IP)
add dst-address=:134-139 protocol=tcp action=drop comment="drop blaster worm" disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment="drop blaster worm" disabled=no
add dst-address=61.240.246.41/32 action=DROP comment="DROP WWW. CY07.COM" disabled=no
ip service 禁止外网控制路由
set telent port=23 address=192.168.0.0/24 disabled=yes
set ftp port=21 address=192.168.0.0/24 disabled=no (把21端口改了)
set www port=80 address=192.168.0.0/24 disabled=no (把80端口改了)
set ssh port=22 address=192.168.0.0/24 disabled=yes
user 管理员只能在内网登陆
set 0 address=192.168.0.0/24
将规则另存为*.rsc文件,进入控制台,或者在路由器本机上,输入 import *.rsc
该规则导入完成
更多精彩
赞助商链接