tenho limite de conexoes simultanes.
nao estou barrando portas, já vi um tutorial para bloqueio de "virus", mas ainda nao apliquei. Seria bom aplicar ?
seria +ou- isso:
1 ;;; Lista de virus
chain=virus protocol=tcp dst-port=445 action=drop
2 chain=virus protocol=udp dst-port=135-139 action=drop
3 chain=virus protocol=udp dst-port=445 action=drop
4 chain=virus protocol=tcp dst-port=135-139 action=drop
5 chain=forward protocol=tcp dst-port=539 action=drop
6 chain=virus protocol=tcp dst-port=1024-1030 action=drop
7 chain=virus protocol=tcp dst-port=1080 action=drop
8 chain=virus protocol=tcp dst-port=65506 action=drop
9 chain=virus protocol=tcp dst-port=17300 action=drop
10 chain=virus protocol=tcp dst-port=1214 action=drop
11 chain=virus protocol=tcp dst-port=12345 action=drop
12 chain=virus protocol=tcp dst-port=9898 action=drop
13 chain=virus protocol=tcp dst-port=1363 action=drop
14 chain=virus protocol=tcp dst-port=1373 action=drop
15 chain=virus protocol=tcp dst-port=1377 action=drop
16 chain=virus protocol=tcp dst-port=1433-1434 action=drop
17 chain=virus protocol=tcp dst-port=1368 action=drop
18 chain=virus protocol=tcp dst-port=2745 action=drop
19 chain=virus protocol=tcp dst-port=2283 action=drop
20 chain=virus protocol=tcp dst-port=2535 action=drop
21 chain=virus protocol=tcp dst-port=3410 action=drop
22 chain=virus protocol=tcp dst-port=4444 action=drop
23 chain=virus protocol=udp dst-port=4444 action=drop
24 chain=virus protocol=tcp dst-port=5554 action=drop
25 chain=virus protocol=tcp dst-port=8866 action=drop
26 chain=virus protocol=tcp dst-port=10000 action=drop
27 chain=virus protocol=tcp dst-port=10080 action=drop
28 chain=forward protocol=tcp dst-port=27374 action=drop
29 chain=drop_protocol protocol=udp src-port=13973 action=drop
30 chain=drop_protocol protocol=udp src-port=21503 action=drop
31 chain=drop_protocol protocol=udp src-port=2710 action=drop
32 chain=drop_protocol protocol=udp src-port=35178 action=drop
33 chain=input action=jump jump-target=virus
34 chain=forward action=jump jump-target=drop_protocol
nao sei se isso é bom, qual a sua opiniao ?
Obrigado.