Under-Linux.org Fóruns - Ver Resposta Única - Upload Fora de Controle e CPU Muito alta..

bnet · 03-07-2008, 14:50

/ ip firewall filter
add chain=input action=drop in-interface="Link BrTelecom" dst-port=8080 protocol=tcp comment="Prote ao Externa \
Proxy,,," disabled=no
add chain=input action=drop in-interface="Link BrTelecom" dst-port=8081 protocol=tcp comment="Prote ao Externa \
Proxy,,," disabled=no

add chain=forward action=accept connection-state=established comment="" disabled=no
add chain=forward action=accept connection-state=related comment="" disabled=no
add chain=forward action=drop connection-state=invalid comment="" disabled=no
add chain=forward action=drop tcp-flags=syn protocol=tcp connection-limit=15,32 src-address-list=limit-conexao \
comment="controle de conexo por cliente 15/32" disabled=no
add chain=forward action=drop p2p=all-p2p protocol=tcp connection-limit=10,32 comment="" disabled=no
add chain=forward action=accept protocol=icmp comment="" disabled=no
add chain=forward action=accept protocol=udp comment="" disabled=no
add chain=input action=accept connection-state=established comment="" disabled=no
add chain=input action=accept connection-state=related comment="" disabled=no
add chain=input action=accept protocol=udp comment="" disabled=no
add chain=input action=accept protocol=icmp comment="" disabled=no
add chain=output action=accept connection-state=related comment="" disabled=no
add chain=forward action=drop dst-port=135 protocol=udp comment="Drop Netbius e Similar" disabled=no
add chain=forward action=drop dst-port=135 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=137 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=137 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=138 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=138 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=139 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=139 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=445 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=445 protocol=udp comment="" disabled=no
add chain=output action=log tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg ,!ece,!cwr protocol=tcp log-prefix="" comment="" \
disabled=no
add chain=input action=drop connection-state=invalid comment="" disabled=no
add chain=input action=drop dst-port=22 protocol=tcp comment="" disabled=no
add chain=input action=drop dst-port=23 protocol=tcp comment="" disabled=no
add chain=services action=accept src-address=127.0.0.1 dst-address=127.0.0.1 comment="accept localhost" disabled=no
add chain=services action=accept dst-port=20-21 protocol=tcp comment="allow ftp" disabled=no
add chain=services action=accept dst-port=80 protocol=tcp comment="allow http, webbox" disabled=no
add chain=services action=accept dst-port=8291 protocol=tcp comment="Allow winbox" disabled=no
add chain=services action=accept dst-port=20561 protocol=udp comment="allow MACwinbox " disabled=no
add chain=services action=accept dst-port=2000 protocol=tcp comment="Bandwidth server" disabled=no
add chain=services action=accept dst-port=1701 protocol=udp comment="allow L2TP" disabled=no
add chain=services action=accept dst-port=1723 protocol=tcp comment="allow PPTP" disabled=no
add chain=services action=accept dst-port=1900 protocol=udp comment="UPnP" disabled=no
add chain=services action=accept dst-port=2828 protocol=tcp comment="UPnP" disabled=no
add chain=services action=accept dst-port=67-68 protocol=udp comment="allow DHCP" disabled=no
add chain=services action=accept dst-port=8080 protocol=tcp comment="allow Web Proxy" disabled=no
add chain=services action=accept dst-port=123 protocol=tcp comment="allow NTP" disabled=no
add chain=services action=accept dst-port=161 protocol=tcp comment="allow SNMP" disabled=no
add chain=forward action=accept dst-port=443 protocol=tcp comment="allow https for Hotspot" disabled=no
add chain=services action=accept dst-port=1080 protocol=tcp comment="allow Socks for Hotspot" disabled=no
add chain=services action=accept dst-port=500 protocol=udp comment="allow IPSec connections" disabled=no
add chain=services action=accept dst-port=179 protocol=tcp comment="Allow BGP" disabled=no
add chain=services action=accept dst-port=520-521 protocol=udp comment="allow RIP" disabled=no
add chain=services action=accept dst-port=5000-5100 protocol=udp comment="allow BGP" disabled=no
add chain=services action=accept dst-port=1720 protocol=tcp comment="allow Telephony" disabled=no
add chain=services action=accept dst-port=1719 protocol=udp comment="allow Telephony" disabled=no
add chain=virus action=drop dst-port=135-139 protocol=tcp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=135-139 protocol=udp comment="Drop Messenger Worm" disabled=no
add chain=virus action=drop dst-port=445 protocol=tcp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=445 protocol=udp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=593 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1024-1030 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1080 protocol=tcp comment="Drop MyDoom" disabled=no
add chain=virus action=drop dst-port=1214 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1363 protocol=tcp comment="ndm requester" disabled=no
add chain=virus action=drop dst-port=1364 protocol=tcp comment="ndm server" disabled=no
add chain=virus action=drop dst-port=1368 protocol=tcp comment="screen cast" disabled=no
add chain=virus action=drop dst-port=1373 protocol=tcp comment="hromgrafx" disabled=no
add chain=virus action=drop dst-port=1377 protocol=tcp comment="cichlid" disabled=no
add chain=virus action=drop dst-port=1433-1434 protocol=tcp comment="Worm" disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment="Bagle Virus" disabled=no
add chain=virus action=drop dst-port=2283 protocol=tcp comment="Drop Dumaru.Y" disabled=no
add chain=virus action=drop dst-port=2535 protocol=tcp comment="Drop Beagle" disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment="Drop Beagle.C-K" disabled=no
add chain=virus action=drop dst-port=3127-3128 protocol=tcp comment="Drop MyDoom" disabled=no
add chain=virus action=drop dst-port=3410 protocol=tcp comment="Drop Backdoor OptixPro" disabled=no
add chain=virus action=drop dst-port=4444 protocol=tcp comment="Worm" disabled=no
add chain=virus action=drop dst-port=4444 protocol=udp comment="Worm" disabled=no
add chain=virus action=drop dst-port=5554 protocol=tcp comment="Drop Sasser" disabled=no
add chain=virus action=drop dst-port=8866 protocol=tcp comment="Drop Beagle.B" disabled=no
add chain=virus action=drop dst-port=9898 protocol=tcp comment="Drop Dabber.A-B" disabled=no
add chain=virus action=drop dst-port=10080 protocol=tcp comment="Drop MyDoom.B" disabled=no
add chain=virus action=drop dst-port=12345 protocol=tcp comment="Drop NetBus" disabled=no

03-07-2008, 14:50	#2 (permalink)
Regras do Meu Firewall.. / ip firewall filter add chain=input action=drop in-interface="Link BrTelecom" dst-port=8080 protocol=tcp comment="Prote ao Externa \ Proxy,,," disabled=no add chain=input action=drop in-interface="Link BrTelecom" dst-port=8081 protocol=tcp comment="Prote ao Externa \ Proxy,,," disabled=no add chain=forward action=accept connection-state=established comment="" disabled=no add chain=forward action=accept connection-state=related comment="" disabled=no add chain=forward action=drop connection-state=invalid comment="" disabled=no add chain=forward action=drop tcp-flags=syn protocol=tcp connection-limit=15,32 src-address-list=limit-conexao \ comment="controle de conexo por cliente 15/32" disabled=no add chain=forward action=drop p2p=all-p2p protocol=tcp connection-limit=10,32 comment="" disabled=no add chain=forward action=accept protocol=icmp comment="" disabled=no add chain=forward action=accept protocol=udp comment="" disabled=no add chain=input action=accept connection-state=established comment="" disabled=no add chain=input action=accept connection-state=related comment="" disabled=no add chain=input action=accept protocol=udp comment="" disabled=no add chain=input action=accept protocol=icmp comment="" disabled=no add chain=output action=accept connection-state=related comment="" disabled=no add chain=forward action=drop dst-port=135 protocol=udp comment="Drop Netbius e Similar" disabled=no add chain=forward action=drop dst-port=135 protocol=tcp comment="" disabled=no add chain=forward action=drop dst-port=137 protocol=udp comment="" disabled=no add chain=forward action=drop dst-port=137 protocol=tcp comment="" disabled=no add chain=forward action=drop dst-port=138 protocol=udp comment="" disabled=no add chain=forward action=drop dst-port=138 protocol=tcp comment="" disabled=no add chain=forward action=drop dst-port=139 protocol=udp comment="" disabled=no add chain=forward action=drop dst-port=139 protocol=tcp comment="" disabled=no add chain=forward action=drop dst-port=445 protocol=tcp comment="" disabled=no add chain=forward action=drop dst-port=445 protocol=udp comment="" disabled=no add chain=output action=log tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg ,!ece,!cwr protocol=tcp log-prefix="" comment="" \ disabled=no add chain=input action=drop connection-state=invalid comment="" disabled=no add chain=input action=drop dst-port=22 protocol=tcp comment="" disabled=no add chain=input action=drop dst-port=23 protocol=tcp comment="" disabled=no add chain=services action=accept src-address=127.0.0.1 dst-address=127.0.0.1 comment="accept localhost" disabled=no add chain=services action=accept dst-port=20-21 protocol=tcp comment="allow ftp" disabled=no add chain=services action=accept dst-port=80 protocol=tcp comment="allow http, webbox" disabled=no add chain=services action=accept dst-port=8291 protocol=tcp comment="Allow winbox" disabled=no add chain=services action=accept dst-port=20561 protocol=udp comment="allow MACwinbox " disabled=no add chain=services action=accept dst-port=2000 protocol=tcp comment="Bandwidth server" disabled=no add chain=services action=accept dst-port=1701 protocol=udp comment="allow L2TP" disabled=no add chain=services action=accept dst-port=1723 protocol=tcp comment="allow PPTP" disabled=no add chain=services action=accept dst-port=1900 protocol=udp comment="UPnP" disabled=no add chain=services action=accept dst-port=2828 protocol=tcp comment="UPnP" disabled=no add chain=services action=accept dst-port=67-68 protocol=udp comment="allow DHCP" disabled=no add chain=services action=accept dst-port=8080 protocol=tcp comment="allow Web Proxy" disabled=no add chain=services action=accept dst-port=123 protocol=tcp comment="allow NTP" disabled=no add chain=services action=accept dst-port=161 protocol=tcp comment="allow SNMP" disabled=no add chain=forward action=accept dst-port=443 protocol=tcp comment="allow https for Hotspot" disabled=no add chain=services action=accept dst-port=1080 protocol=tcp comment="allow Socks for Hotspot" disabled=no add chain=services action=accept dst-port=500 protocol=udp comment="allow IPSec connections" disabled=no add chain=services action=accept dst-port=179 protocol=tcp comment="Allow BGP" disabled=no add chain=services action=accept dst-port=520-521 protocol=udp comment="allow RIP" disabled=no add chain=services action=accept dst-port=5000-5100 protocol=udp comment="allow BGP" disabled=no add chain=services action=accept dst-port=1720 protocol=tcp comment="allow Telephony" disabled=no add chain=services action=accept dst-port=1719 protocol=udp comment="allow Telephony" disabled=no add chain=virus action=drop dst-port=135-139 protocol=tcp comment="Drop Blaster Worm" disabled=no add chain=virus action=drop dst-port=135-139 protocol=udp comment="Drop Messenger Worm" disabled=no add chain=virus action=drop dst-port=445 protocol=tcp comment="Drop Blaster Worm" disabled=no add chain=virus action=drop dst-port=445 protocol=udp comment="Drop Blaster Worm" disabled=no add chain=virus action=drop dst-port=593 protocol=tcp comment="________" disabled=no add chain=virus action=drop dst-port=1024-1030 protocol=tcp comment="________" disabled=no add chain=virus action=drop dst-port=1080 protocol=tcp comment="Drop MyDoom" disabled=no add chain=virus action=drop dst-port=1214 protocol=tcp comment="________" disabled=no add chain=virus action=drop dst-port=1363 protocol=tcp comment="ndm requester" disabled=no add chain=virus action=drop dst-port=1364 protocol=tcp comment="ndm server" disabled=no add chain=virus action=drop dst-port=1368 protocol=tcp comment="screen cast" disabled=no add chain=virus action=drop dst-port=1373 protocol=tcp comment="hromgrafx" disabled=no add chain=virus action=drop dst-port=1377 protocol=tcp comment="cichlid" disabled=no add chain=virus action=drop dst-port=1433-1434 protocol=tcp comment="Worm" disabled=no add chain=virus action=drop dst-port=2745 protocol=tcp comment="Bagle Virus" disabled=no add chain=virus action=drop dst-port=2283 protocol=tcp comment="Drop Dumaru.Y" disabled=no add chain=virus action=drop dst-port=2535 protocol=tcp comment="Drop Beagle" disabled=no add chain=virus action=drop dst-port=2745 protocol=tcp comment="Drop Beagle.C-K" disabled=no add chain=virus action=drop dst-port=3127-3128 protocol=tcp comment="Drop MyDoom" disabled=no add chain=virus action=drop dst-port=3410 protocol=tcp comment="Drop Backdoor OptixPro" disabled=no add chain=virus action=drop dst-port=4444 protocol=tcp comment="Worm" disabled=no add chain=virus action=drop dst-port=4444 protocol=udp comment="Worm" disabled=no add chain=virus action=drop dst-port=5554 protocol=tcp comment="Drop Sasser" disabled=no add chain=virus action=drop dst-port=8866 protocol=tcp comment="Drop Beagle.B" disabled=no add chain=virus action=drop dst-port=9898 protocol=tcp comment="Drop Dabber.A-B" disabled=no add chain=virus action=drop dst-port=10080 protocol=tcp comment="Drop MyDoom.B" disabled=no add chain=virus action=drop dst-port=12345 protocol=tcp comment="Drop NetBus" disabled=no	bnet Registrado em: Feb 2007 Localização: Santa Catarina Idade: 43 Posts: 118 Agradeceu: 30 Agradecido 5 vez(es) em 4 Posts Reputação: 34