ros高级防火墙

最新推荐文章于 2024-08-10 00:09:00 发布
最新推荐文章于 2024-08-10 00:09:00 发布
阅读量2.3k 收藏 1
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wdhqwe520/article/details/93883458
版权

/system script
add name=script1 owner=delavar policy=\
    reboot,read,write,test,password,sniff,sensitive source="##################\
    ##########################################################################\
    #############\r\
    \n#   高级防火墙 V5.0 (Fix Version)           \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n# Author: dahai                                                    \
    \_                               #\r\
    \n# email: 442193715@qq.com                                 \
    \_                               #\r\
    \n# Username                                \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n#                                         License                       \
    \_                               #\r\
    \n# This script has been created for use by the general public and may be \
    used freely. This script may    #\r\
    \n# not be sold!                                                          \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n########################################################################\
    #################################\r\
    \n# Features                                                              \
    \_                               #\r\
    \n# -Detect and block brute force attacks to the routers via SSH, Telnet, \
    and Winbox (Disables WWW & FTP) #\r\
    \n# -Basic Antivirus filtering                                            \
    \_                               #\r\
    \n# -P2P Blocking                                                         \
    \_                               #\r\
    \n# -High Connection Rate detection                                       \
    \_                               #\r\
    \n# -Basic Spam detection                                                 \
    \_                               #\r\
    \n# -Basic Port Scanner Detection                                         \
    \_                               #\r\
    \n# -Bogon Address Blocking                                               \
    \_                               #\r\
    \n########################################################################\
    #################################\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Firewall Settings                                                  \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall connection tracking\r\
    \nset enabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Drop Invalid Connections                                           \
    \_                                              ####\r\
    \n#### To make this more useful, create a copy of the forward chain rule a\
    nd set the interface for each LAN intface      ####\r\
    \n#### on your network. Remember to remove the orginal rule.              \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=drop chain=input comment=\"Drop Invalid Connections\" connect\
    ion-state=invalid disabled=no\r\
    \nadd action=drop chain=forward comment=\"Drop Invalid Connections\" conne\
    ction-state=invalid disabled=no\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Must Add Admin IP Addresses in the Address List for Administering t\
    he Network in \"Exempt Addresses\"              #####\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \nadd action=accept chain=input comment=\"Accept Exempt IP Addresses\" dis\
    abled=no src-address-list=\"Exempt Addresses\"\r\
    \nadd action=accept chain=forward comment=\"Accept Exempt IP Addresses\" d\
    isabled=no src-address-list=\"Exempt Addresses\"\r\
    \n\r\
    \n########################################################################\
    ####################################################\r\
    \n#### Multiple \"Black Lists\" have been created to help identify why any\
    \_given person has been blocked.#######################\r\
    \n#### By default Port Scanners Black List is disabled. The Firewall will \
    continue to add these people to the ################\r\
    \n#### the Black List, but will not block them unless the Black List is en\
    abled. Use with caution!!!! ########################\r\
    \n#### Once someone is on a Black List they are permanently recorded there\
    . To remove them, go to the address list.###########\r\
    \n########################################################################\
    ####################################################\r\
    \n\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Man\
    ually Added)\" disabled=no src-address-list=\"Black List\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (M\
    anually Added)\" disabled=no src-address-list=\"Black List\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (SSH\
    )\" disabled=no src-address-list=\"Black List (SSH)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (S\
    SH)\" disabled=no src-address-list=\"Black List (SSH)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Tel\
    net)\" disabled=no src-address-list=\"Black List (Telnet)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (T\
    elnet)\" disabled=no src-address-list=\"Black List (Telnet)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the Black List (Win\
    box)\" disabled=no src-address-list=\"Black List (Winbox)\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the Black List (W\
    inbox)\" disabled=no src-address-list=\"Black List (Winbox)\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the WAN Port Scanne\
    r List\" disabled=yes src-address-list=\"WAN Port Scanners\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the WAN Port Scan\
    ner List\" disabled=yes src-address-list=\"WAN Port Scanners\"\r\
    \nadd action=drop chain=input comment=\"Drop anyone in the LAN Port Scanne\
    r List\" disabled=yes src-address-list=\"LAN Port Scanners\"\r\
    \nadd action=drop chain=forward comment=\"Drop anyone in the LAN Port Scan\
    ner List\" disabled=yes src-address-list=\"LAN Port Scanners\"\r\
    \nadd action=drop chain=input comment=\"Drop all Bogons\" disabled=no src-\
    address-list=Bogons\r\
    \nadd action=drop chain=forward comment=\"Drop all Bogons\" disabled=no sr\
    c-address-list=Bogons\r\
    \nadd action=drop chain=forward comment=\"Drop all P2P\" disabled=yes p2p=\
    all-p2p\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Block Brute Force Login Attempts                          \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \nadd action=jump chain=input comment=\"Jump to RFC SSH Chain\" disabled=n\
    o jump-target=\"RFC SSH Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (SSH)\" add\
    ress-list-timeout=0s chain=\"RFC SSH Chain\" comment=\"Transfer repeated a\
    ttempts from SSH Stage 3 to Black-List\" connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=\"SSH Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 3\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add succesive attempts t\
    o SSH Stage 3\" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=\"SSH Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 2\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add succesive attempts t\
    o SSH Stage 2\" connection-state=new disabled=no dst-port=22 protocol=tcp \
    src-address-list=\"SSH Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"SSH Stage 1\" address-\
    list-timeout=1m chain=\"RFC SSH Chain\" comment=\"Add intial attempt to SS\
    H Stage 1 List\" connection-state=new disabled=no dst-port=22 protocol=tcp\
    \r\
    \nadd action=return chain=\"RFC SSH Chain\" comment=\"Return From RFC SSH \
    Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to RFC Telnet Chain\" disable\
    d=no jump-target=\"RFC Telnet Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (Telnet)\" \
    address-list-timeout=0s chain=\"RFC Telnet Chain\" comment=\"Transfer repe\
    ated attempts from Telnet Stage 3 to Black-List\" connection-state=new dis\
    abled=no dst-port=23 protocol=tcp src-address-list=\"Telnet Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 3\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add succesive atte\
    mpts to Telnet Stage 3\" connection-state=new disabled=no dst-port=23 prot\
    ocol=tcp src-address-list=\"Telnet Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 2\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add succesive atte\
    mpts to Telnet Stage 2\" connection-state=new disabled=no dst-port=23 prot\
    ocol=tcp src-address-list=\"Telnet Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"Telnet Stage 1\" addre\
    ss-list-timeout=1m chain=\"RFC Telnet Chain\" comment=\"Add Intial attempt\
    \_to Telnet Stage 1\" connection-state=new disabled=no dst-port=23 protoco\
    l=tcp\r\
    \nadd action=return chain=\"RFC Telnet Chain\" comment=\"Return From RFC T\
    elnet Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to RFC Winbox Chain\" disable\
    d=no jump-target=\"RFC Winbox Chain\"\r\
    \nadd action=add-src-to-address-list address-list=\"Black List (Winbox)\" \
    address-list-timeout=0s chain=\"RFC Winbox Chain\" comment=\"Transfer repe\
    ated attempts from Winbox Stage 3 to Black-List\" connection-state=new dis\
    abled=no dst-port=8291 protocol=tcp src-address-list=\"Winbox Stage 3\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 3\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add succesive atte\
    mpts to Winbox Stage 3\" connection-state=new disabled=no dst-port=8291 pr\
    otocol=tcp src-address-list=\"Winbox Stage 2\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 2\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add succesive atte\
    mpts to Winbox Stage 2\" connection-state=new disabled=no dst-port=8291 pr\
    otocol=tcp src-address-list=\"Winbox Stage 1\"\r\
    \nadd action=add-src-to-address-list address-list=\"Winbox Stage 1\" addre\
    ss-list-timeout=1m chain=\"RFC Winbox Chain\" comment=\"Add Intial attempt\
    \_to Winbox Stage 1\" connection-state=new disabled=no dst-port=8291 proto\
    col=tcp\r\
    \nadd action=return chain=\"RFC Winbox Chain\" comment=\"Return From RFC W\
    inbox Chain\" disabled=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Manage Port Scanners                                      \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=add-src-to-address-list address-list=\"Wan Port Scanners\" ch\
    ain=input comment=\"Add TCP Port Scanners to Address List\" protocol=tcp p\
    sd=40,3s,2,1\r\
    \nadd action=add-src-to-address-list address-list=\"LAN Port Scanners\" ch\
    ain=forward comment=\"Add TCP Port Scanners to Address List\" protocol=tcp\
    \_psd=40,3s,2,1\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### Detect & Manage High Connection Rates                              \
    \_                                              ####\r\
    \n########################################################################\
    ###################################################\r\
    \n/ip firewall filter\r\
    \nadd action=add-src-to-address-list address-list=\"(WAN High Connection R\
    ates)\" chain=input comment=\"Add WAN High Connections to Address List\" c\
    onnection-limit=100,32 protocol=tcp\r\
    \nadd action=add-src-to-address-list address-list=\"(LAN High Connection R\
    ates)\" chain=forward comment=\"Add LAN High Connections to Address List\"\
    \_connection-limit=100,32 protocol=tcp\r\
    \n\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ####################################################\r\
    \n#### The Virus Chain has been added at the request of customers, but the\
    re is no guarantee expressed or implied with the ###\r\
    \n#### Virus Chain. ######################################################\
    ####################################################\r\
    \n########################################################################\
    ####################################################\r\
    \n\r\
    \nadd action=jump chain=input comment=\"Jump to Virus Chain\" disabled=no \
    jump-target=Virus\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=135-139 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=445 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Blaster Worm\" disabled=no ds\
    t-port=445 protocol=udp\r\
    \nadd action=drop chain=Virus comment=\"Drop Messenger Worm\" disabled=no \
    dst-port=135-139 protocol=udp\r\
    \nadd action=drop chain=Virus comment=Conficker disabled=no dst-port=593 p\
    rotocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=1024-1030 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"ndm requester\" disabled=no dst-po\
    rt=1363 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"ndm server\" disabled=no dst-port=\
    1364 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"screen cast\" disabled=no dst-port\
    =1368 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom\" disabled=no dst-port\
    =1080 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=cichlid disabled=no dst-port=1377 pr\
    otocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dumaru.Y\" disabled=no dst-po\
    rt=2283 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle\" disabled=no dst-port\
    =2535 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle.C-K\" disabled=no dst-\
    port=2745 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom\" disabled=no dst-port\
    =3127-3128 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Backdoor OptixPro\" disabled=\
    no dst-port=3410 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Sasser\" disabled=no dst-port\
    =5554 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=4444 proto\
    col=tcp\r\
    \nadd action=drop chain=Virus comment=Worm disabled=no dst-port=4444 proto\
    col=udp\r\
    \nadd action=drop chain=Virus comment=\"Drop Beagle.B\" disabled=no dst-po\
    rt=8866 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dabber.A-B\" disabled=no dst-\
    port=9898 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Dumaru.Y\" disabled=no dst-po\
    rt=10000 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop MyDoom.B\" disabled=no dst-po\
    rt=10080 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop NetBus\" disabled=no dst-port\
    =12345 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop Kuang2\" disabled=no dst-port\
    =17300 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop SubSeven\" disabled=no dst-po\
    rt=27374 protocol=tcp\r\
    \nadd action=drop chain=Virus comment=\"Drop PhatBot, Agobot, Gaobot\" dis\
    abled=no dst-port=65506 protocol=tcp\r\
    \nadd action=return chain=Virus comment=\"Return From Virus Chain\" disabl\
    ed=no\r\
    \nadd chain=output comment=\"Section Break\" disabled=yes\r\
    \n\r\
    \n\r\
    \n\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ###################################################\r\
    \n#### This is the BOGON short list.                                      \
    \_                                              ####\r\
    \n####!!!!! All subnets in this list will be blocked!!! Disable or remove \
    any subnets that you are using!!!##################\r\
    \n########################################################################\
    ###################################################\r\
    \n\r\
    \n/ip firewall address-list\r\
    \nadd address=0.0.0.0/8 comment=\"RFC 1122 \\\"This host on this network\\\
    \"\" disabled=yes list=Bogons\r\
    \nadd address=10.0.0.0/8 comment=\"RFC 1918 (Private Use IP Space)\" disab\
    led=yes list=Bogons\r\
    \nadd address=100.64.0.0/10 comment=\"RFC 6598 (Shared Address Space)\" di\
    sabled=yes list=Bogons\r\
    \nadd address=127.0.0.0/8 comment=\"RFC 1122 (Loopback)\" disabled=yes lis\
    t=Bogons\r\
    \nadd address=169.254.0.0/16 comment=\"RFC 3927 (Dynamic Configuration of \
    IPv4 Link-Local Addresses)\" disabled=yes list=Bogons\r\
    \nadd address=172.16.0.0/12 comment=\"RFC 1918 (Private Use IP Space)\" di\
    sabled=yes list=Bogons\r\
    \nadd address=192.0.0.0/24 comment=\"RFC 6890 (IETF Protocol Assingments)\
    \" disabled=yes list=Bogons\r\
    \nadd address=192.0.2.0/24 comment=\"RFC 5737 (Test-Net-1)\" disabled=yes \
    list=Bogons\r\
    \nadd address=192.168.0.0/16 comment=\"RFC 1918 (Private Use IP Space)\" d\
    isabled=yes list=Bogons\r\
    \nadd address=198.18.0.0/15 comment=\"RFC 2544 (Benchmarking)\" disabled=y\
    es list=Bogons\r\
    \nadd address=198.51.100.0/24 comment=\"RFC 5737 (Test-Net-2)\" disabled=y\
    es list=Bogons\r\
    \nadd address=203.0.113.0/24 comment=\"RFC 5737 (Test-Net-3)\" disabled=ye\
    s list=Bogons\r\
    \nadd address=224.0.0.0/4 comment=\"RFC 5771 (Multicast Addresses) - Will \
    affect OSPF, RIP, PIM, VRRP, IS-IS, and others. Use with caution.)\" disab\
    led=yes list=Bogons\r\
    \nadd address=240.0.0.0/4 comment=\"RFC 1112 (Reserved)\" disabled=yes lis\
    t=Bogons\r\
    \nadd address=192.31.196.0/24 comment=\"RFC 7535 (AS112-v4)\" disabled=yes\
    \_list=Bogons\r\
    \nadd address=192.52.193.0/24 comment=\"RFC 7450 (AMT)\" disabled=yes list\
    =Bogons\r\
    \nadd address=192.88.99.0/24 comment=\"RFC 7526 (Deprecated (6to4 Relay An\
    ycast))\" disabled=yes list=Bogons\r\
    \nadd address=192.175.48.0/24 comment=\"RFC 7534 (Direct Delegation AS112 \
    Service)\" disabled=yes list=Bogons\r\
    \nadd address=255.255.255.255 comment=\"RFC 919 (Limited Broadcast)\" disa\
    bled=yes list=Bogons\r\
    \n\r\
    \n\r\
    \n########################################################################\
    ######################################################################\r\
    \n#### This is a list of all common ports as found on http://en.wikipedia.\
    org/wiki/List_of_TCP_and_UDP_port_numbers  and other sources.       ##\r\
    \n#### By default they are enabled to prevent immediate problems when appl\
    ying the script. Carefully review the list of                       ##\r\
    \n#### ports and remove or disable entries that are not needed.           \
    \_                                                                   ##\r\
    \n########################################################################\
    ######################################################################\r\
    \n\r\
    \n/ip firewall filter\r\
    \nadd action=jump chain=forward comment=\"Jump to \\\"Manage Common Ports\
    \\\" Chain\" jump-target=\"Manage Common Ports\"\r\
    \nadd chain=\"Manage Common Ports\" comment=\"\\\"All hosts on this subnet\
    \\\" Broadcast\" src-address=224.0.0.1\r\
    \nadd chain=\"Manage Common Ports\" comment=\"\\\"All routers on this subn\
    et\\\" Broadcast\" src-address=224.0.0.2\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DVMRP (Distance Vector Multi\
    cast Routing Protocol)\" src-address=224.0.0.4\r\
    \nadd chain=\"Manage Common Ports\" comment=\"OSPF - All OSPF Routers Broa\
    dcast\" src-address=224.0.0.5\r\
    \nadd chain=\"Manage Common Ports\" comment=\"OSPF - OSPF DR Routers Broad\
    cast\" src-address=224.0.0.6\r\
    \nadd chain=\"Manage Common Ports\" comment=\"RIP Broadcast\" src-address=\
    224.0.0.9\r\
    \nadd chain=\"Manage Common Ports\" comment=\"EIGRP Broadcast\" src-addres\
    s=224.0.0.10\r\
    \nadd chain=\"Manage Common Ports\" comment=\"PIM Broadcast\" src-address=\
    224.0.0.13\r\
    \nadd chain=\"Manage Common Ports\" comment=\"VRRP Broadcast\" src-address\
    =224.0.0.18\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.19\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.20\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IS-IS Broadcast\" src-addres\
    s=224.0.0.21\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IGMP Broadcast\" src-address\
    =224.0.0.22\r\
    \nadd chain=\"Manage Common Ports\" comment=\"GRE Protocol (Local Manageme\
    nt)\" protocol=gre\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPdata transfer\" port=20 p\
    rotocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPdata transfer  \" port=20\
    \_protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"FTPcontrol (command)\" port=\
    21 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Secure Shell(SSH)\" port=22 \
    protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Secure Shell(SSH)   \" port=\
    22 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=Telnet port=23 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=Telnet port=23 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Priv-mail: any privatemailsy\
    stem.\" port=24 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Priv-mail: any privatemailsy\
    stem.  \" port=24 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Mail Transfer Protoco\
    l(SMTP)\" port=25 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Mail Transfer Protoco\
    l(SMTP)  \" port=25 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"TIME protocol\" port=37 prot\
    ocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"TIME protocol  \" port=37 pr\
    otocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"ARPA Host Name Server Protoc\
    ol & WINS\" port=42 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"ARPA Host Name Server Protoc\
    ol  & WINS  \" port=42 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"WHOIS protocol\" port=43 pro\
    tocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"WHOIS protocol\" port=43 pro\
    tocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Domain Name System (DNS)\" p\
    ort=53 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Domain Name System (DNS)\" p\
    ort=53 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Mail Transfer Protocol(RFC 7\
    80)\" port=57 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"(BOOTP) Server & (DHCP)  \" \
    port=67 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"(BOOTP) Client & (DHCP)  \" \
    port=68 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Trivial File Transfer Protoc\
    ol (TFTP)  \" port=69 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Gopher protocol\" port=70 pr\
    otocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Finger protocol\" port=79 pr\
    otocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Hypertext Transfer Protocol \
    (HTTP)\" port=80 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"RemoteTELNETService protocol\
    \" port=107 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Post Office Protocolv2 (POP2\
    )\" port=109 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Post Office Protocolv3 (POP3\
    )\" port=110 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"IdentAuthentication Service/\
    Identification Protocol\" port=113 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Authentication Service (auth\
    )  \" port=113 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple File Transfer Protoco\
    l (SFTP)\" port=115 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Network Time Protocol(NTP)\"\
    \_port=123 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Name Service\
    \" port=137 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Name Service \
    \_\" port=137 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Datagram Serv\
    ice\" port=138 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Datagram Serv\
    ice  \" port=138 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Session Servi\
    ce\" port=139 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"NetBIOSNetBIOS Session Servi\
    ce  \" port=139 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Internet Message Access Prot\
    ocol (IMAP)\" port=143 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Background File Transfer Pro\
    gram (BFTP)\" port=152 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Background File Transfer Pro\
    gram (BFTP)  \" port=152 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"SGMP,Simple Gateway Monitori\
    ng Protocol\" port=153 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"SGMP,Simple Gateway Monitori\
    ng Protocol  \" port=153 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DMSP, Distributed Mail Servi\
    ce Protocol\" port=158 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"DMSP, Distributed Mail Servi\
    ce Protocol  \" port=158 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocol(SNMP)  \" port=161 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocolTrap (SNMPTRAP)\" port=162 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Simple Network Management Pr\
    otocolTrap (SNMPTRAP)  \" port=162 protocol=udp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"BGP (Border Gateway Protocol\
    )\" port=179 protocol=tcp\r\
    \nadd chain=\"Manage Common Ports\" comment=\"Internet Message Access Prot\
    ocol (IMAP), version 3\" port=220 protocol=tcp\r\
    \nad

wdhqwe520
关注
ROS防火墙策略与网页断流解决等系列.pdf
11-26
ROS防火墙策略与网页断流解决等系列.pdf
ros插件php,ROS白名单服务端PHP脚本,客户端ROS脚本
weixin_34862561的博客
03-09 273
客户端ROS脚本:{:global rosid:global addlist do={/ip firewall address-list:if (""=[find list=white_list address="$1"]) do={add list=whitelist address="$1" timeout=2m} else={set [find list=white_list address...
RouterOS 配置IPV6记录(解决DHCPv6 Client Searching...)
最新发布
mozzarella的博客
08-10 1326
注意:bound成功后,在IPv6 Pool配置中会自动生成一条配置,属性为D(动态),这条记录很重要千万不能自己手工去创建,我曾经自己手工拷贝DHCPv6 Client中拿到的有效前缀,在Pool这里手工创建了一条记录即前面不会显示D,后续当ROS重启重新再申请新的IPv6前缀时,Pool这里就不会自动更新,导致子网内IPv6全部失效。至此,ROS上的IPv6配置即完成了,家里的电脑在开启了IPv6自动获取后,都能拿到IPv6地址且网关能正确指向ROS的LAN口IPv6地址。
Mecarun V3 在虚拟机上的ROS2实现
m0_53253879的博客
05-09 419
如果是要在虚拟机上运行ROS的话,其中大部分软件是不需要用的。采用虚拟机运行ROS的好处就是可以将ROS系统与WINDOWS系统独立出来,方便进行指令集的输入。参考其中的软件安装.md,只需要进行 ubuntu20.04下的ROS2-Galactic 安装首先安装虚拟机,这部分的话需要安装很久,而且需要分配给电脑的空间也比较大创建虚拟机的步骤。
ros防火墙脚本
weixin_33851604的博客
05-03 273
# [url]www.mikrotik.com.cn[/url] RouterOS v2.9# firewall filte scripts v1.2# Edit YuS#/ ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \ com...
ros命令大全
07-10
这些命令对于管理MikroTik路由器至关重要,无论是进行基本的配置管理还是高级的网络设置,掌握这些命令都是必不可少的。通过合理地利用这些命令,可以有效地提升网络的稳定性和安全性。此外,还有一些其他重要的命令...
ROS更改网卡MAC地址
11-04
它提供了一系列高级功能,如防火墙、流量整形、动态路由协议等。 2. **MAC 地址**:Media Access Control Address,即媒体访问控制地址,是物理层地址,用于标识网络设备的硬件地址。每个网络接口都有一个唯一的 ...
ROS软路由详细设置_图文
11-20
ROS,全称RouterOS,是一款由MikroTik公司开发的高级路由操作系统,常用于构建软路由器。软路由指的是使用普通计算机硬件搭配特定软件来实现路由器功能的方式,相较于传统硬件路由器,软路由具有更高的灵活性和可...
ROS常用设置.doc
02-07
ROS,即Robot Operating System,是一种开源操作系统,专为机器人设备和...以上是ROS系统中的一些常见操作和高级设置,对于管理和维护ROS网络环境非常有用。了解并掌握这些技能,能有效提高ROS网络的稳定性和安全性。
routeros 皮肤汉化最新版
03-05
routeros 基础上将英文版本,全部汉化为vip版本,全新定义web界面
彻底解决ROS网页断流问题
weixin_33824363的博客
04-08 731
首先,检查你的ROS,确定他本身没有任何问题。然后,打开你的WINBOX登陆进去,打开防火墙规则,IP-FIREWALL-CONNECTIONS-TRACKING 好了。打开TRACKING后,将里面的时间设置稍微大点。具体多大,没有确切数字,不过一定要大。最少也得30秒以上。你按照里面的默认,成倍数增加,慢慢试。下面是我自己的设置。已经没有问题了,具体什么原因,慢慢去体会...
自己常去的几个技术站
zh8612的专栏
03-23 599
http://www.iplaysoft.com/ 异次元软件世界 http://www.geekotg.com/ 奇客小栈 http://xbeta.info/ 善用佳软 http://www.appinn.com/ 小众软件 https://www.lizhi.io/ 数码荔枝 http://www.guofs.com/ 独木成林 http://www.hxlive.cn/ 寒星随意 https://www.waerfa.com/ MAC玩儿法 http://www.xingkbjm.com/ 星空不寂
ros服务器打开网页变慢了,解决ros 在计算机没有限速情况下,有几个网站打开很慢,或者打不开。...
weixin_42298629的博客
08-04 2493
最后在网上查了下,试了许多方法都没有用,改什么MMS值等都解决不了。问题大概在下面。把属性值我全部都调大了,以前打开一半的网站,现在基本可以全部打开了。/ ip firewall connection trackingset enabled=yes tcp-syn-sent-timeout=5stcp-syn-received-timeout=5s tcp-established-timeout=...
Mikrotik软路由安全配置
stache
04-21 5581
1、升级软路由版本 首先升级你的RouterOS版本, 一些较旧的版本具有某些弱点或漏洞, 使设备保持最新状态,以确保设备安全。 2、新建用户 新建一个“full”组的新用户,密码设置得尽量复杂一些,使用该用户登陆后,把默认的用户admin删除。 /user add name=myname password=mypassword group=full /user remove admin ...
查看ROS最大并发连接数量
weixin_30849591的博客
04-17 1032
命令行下输入以下 ip firewall connection tracking print interval 1 max-entries这个就是最大的并发连接数量 退出按Q  转载于:https://www.cnblogs.com/ziyeqingshang/p/3769491.html...
hualinux ros 1.10:RouterOS firewall防火墙资料及理解
hualinux(阿华的linux)
11-17 2982
前面花了几章讲了ros常用命令,相信大家都知道了学习命令的正确打开方式:不要死背,不断使用?帮助和tab补全。 本章开始讲一下ros firewall防火墙一些基础知识,我上传的csdn中的ros入门教程中第九章讲了防火墙过滤和第十三章讲了Mangle分类标记,这里我就不重复已有的东西了。 本章主要是讲防火墙基础知识的理解,还有相关的资料 一、为什么要讲防火墙的基础理解 主要我发现很多人都防火墙的理解不到位,主要还是基础不扎实的原因,总是理解有些偏差。包括我刚刚学的时候,同一接口一会儿变...
ROS常用命令及脚本
zzzwqone99的博客
06-09 5727
RouterOS监控脚本,断线报警,线路恢复自动解除报警: 在/system script里添加脚本 name=你要监控的ip 内容如下 :set i 0 :while ($i=0) do={:beep length=2s frequency=2755;:delay 5;:set a abc; :foreach i in=[/tool netwatch find host=你要监控的ip] do...
mikrotik IPv6 防火墙笔记(二) Routeros V7.6
panyong2010的博客
06-04 1867
这一条如果不指定连接状态,设备IPv6网络使用会有问题。其它建议按照官方规则配置。
ROS2.90.27全命令行软路由配置指南
"这篇教程主要介绍了在ROS (RouterOS) 系统中进行全命令行模式的基础配置,适合初学者入门。ROS是一个专门用于路由器和网络...此外,ROS还提供了许多其他高级功能,如防火墙规则、QoS策略等,这些都是进阶学习的内容。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值