投递文章
投稿指南
RSS订阅ip firewall rule input !!防火墙!!!!
add protocol=tcp tcp-options=no-sys-only connection-state=established action=accept comment=%26quot;Established TCP connections%26quot; disabled=no
add connection-state=related action=accept comment=%26quot;Related connections%26quot; disabled=no
add dst-address=:69 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:69 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:134-139 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:161-162 protocol=tcp action=drop comment=%26quot;drop SNMP Trap%26quot; disabled=no
add dst-address=:161-162 protocol=udp action=drop comment=%26quot;drop SNMP Trap%26quot; disabled=no
add dst-address=:445 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:445 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:554 protocol=tcp action=drop comment=%26quot;drop blaster wrom%26quot; disabled=no
add dst-address=:554 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:593 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:593 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:1025 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:1025 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add det-address=:1068 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:1068 protocol=udp action=drop comment-%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:2000 protocol=tcp action=drop comment=%26quot;drop Millenium%26quot; disabled=no
add dst-address=:2000 protocol=udp action=drop comment=%26quot;drop millenium%26quot; disabled=no
add dst-address=:3127-3198 protocol=tcp action=drop comment=%26quot;drop proxy worm%26quot; disabled=no
add dst-address=:3127-3198 protocol=udp action=drop comment=%26quot;drop proxy worm%26quot; disabled=no
add dst-address=:3389 protocol=tcp action=drop comment=%26quot;drop windows supper clinet link%26quot; disabled=no
add dst-address=:3389 protocpl=udp action=drop comment=%26quot;drop windows supper clinet link%26quot; disabled=no
add dst-address=:4444 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:4444 protocol=udp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:5554 protocol=tcp action=drop comment=%26quot;drop blaster worm' disabled=no
add dst-address=:5554 protocol=udp action=drop comment=%26quot;drop Bt download%26quot; disabled=no
add dst-address=:6881-6889 protocol=tcp action=drop comment=%26quot;drop drop Bt download%26quot; disabled=no
add dst-address=:6881-6889 protocol=udp action=drop comment=%26quot;drop drop Bt download%26quot; disabled=no
add dst-address=:8881-8889 protocol=tcp action=drop comment=%26quot;drop drop Bt download%26quot; disabled=no
add dst-address=:8881-8889 protocol=udp action=drop comment=%26quot;drop drop Bt download%26quot; disabled=no
add dst-address=:39213 protocol=tcp action=drop comment=%26quot;drop worm%26quot; disabled=no
add dst-address=:39213 protocol=tcp action=drop comment=%26quot;drop worm%26quot; disabled=no
add protocol=udp action=accept comment=%26quot;udp%26quot; disabled=no
add dst-address=XXX.XXX.XXX.XXX/32 protocol=icmp action=drop
add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept comment=%26quot;allow limited pings%26quot; disabled=0
comment=%26quot;dont ping me%26quot; disabled=no
add dst-address=!192.168.0.0/24:3987 protocol=tcp action=drop comment=%26quot;dont link me%26quot; disabled=no
add src-address=192.168.0.0/24 dst-address=192.168.0.125/32 action=accept comment=%26quot;http://blog.chinaitlab.com/from lan admin%26quot; disabled=no
add action=drop log=yes comment=%26quot;Log and drop everything else%26quot; disabled=no
ip firewall rule forward (禁止某些网站IP)
add dst-address=:134-139 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=:134-139 protocol=tcp action=drop comment=%26quot;drop blaster worm%26quot; disabled=no
add dst-address=61.240.246.41/32 action=DROP comment=%26quot;DROP WWW. CY07.COM%26quot; disabled=no
ip service 禁止外网控制路由
set telent port=23 address=192.168.0.0/24 disabled=yes
set ftp port=21 address=192.168.0.0/24 disabled=no (把21端口改了)
set www port=80 address=192.168.0.0/24 disabled=no (把80端口改了)