2015年11月24日 星期二

routeros 防止外部一直測試網路


routeros 防止一直tray



























/ip firewall filter
add action=drop chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 1 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=login_error_ip
add action=add-src-to-address-list address-list=login_error_ip address-list-timeout=1d chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 2 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp \
    src-address-list=ros_service_login5
add action=add-src-to-address-list address-list=ros_service_login5 address-list-timeout=1d30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 3 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 \
    protocol=tcp src-address-list=ros_service_login4
add action=add-src-to-address-list address-list=ros_service_login4 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 4 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login3
add action=add-src-to-address-list address-list=ros_service_login3 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 5 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login2
add action=add-src-to-address-list address-list=ros_service_login2 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 6 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login1
add action=add-src-to-address-list address-list=ros_service_login1 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 7 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=!Lan_ip

/ip firewall address-list
add address=172.16.0.0/12 disabled=no list=Lan_ip
add address=192.168.0.0/16 disabled=no list=Lan_ip
add address=10.0.0.0/8 disabled=no list=Lan_ip


source: http://sg.ros.tw/wp/?p=148



2015. 11.30 加注
以上如果有設定,要放在前面,
和 rputeros proxy 防護的部份放後面

目前這組效率相對好

沒有留言: