Olá pessoal, esse não é o local mais apropriado para postar essa informação, mas como não encontrei outro local, pesso desculpas a todos.
Quero apenas compartilhar umas regras de firewall para colocar nos rádios dos clientes, vai rodar em qualquer rádio com firmware em linux e pode ser adaptado a outros sem trauma.
Para quem utiliza APRouter, basta ir em Menu Gerenciamento --> Editar Script Pessoal e colar o seguinte conteúdo:
# Redes
iptables -t nat -A BLOCK -d 10.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -s 10.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -d 5.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -s 5.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -d 14.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -s 14.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -d 23.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -s 23.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -d 172.16.0.0/12 -j DROP
iptables -t nat -A BLOCK -s 172.16.0.0/12 -j DROP
iptables -t nat -A BLOCK -d 169.254.0.0/16 -j DROP
iptables -t nat -A BLOCK -s 169.254.0.0/16 -j DROP
iptables -t nat -A BLOCK -d 127.0.0.0/8 -j DROP
iptables -t nat -A BLOCK -s 127.0.0.0/8 -j DROP
# STATE INVALID
iptables -t nat -A BLOCK -p ALL -m state --state INVALID -j DROP
# BO, BO Client, BO2, Bo facil, Bo Whack
iptables -t nat -A BLOCK --protocol tcp --destination-port 31336:31337 -j DROP
# Bagle Virus
iptables -t nat -A BLOCK --protocol tcp --destination-port 2745 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 2535 -j DROP
# Beagle.B
iptables -t nat -A BLOCK --protocol tcp --destination-port 8866 -j DROP
# Blaster
iptables -t nat -A BLOCK --protocol tcp --destination-port 135:139 -j DROP
iptables -t nat -A BLOCK --protocol tcp --source-port 135:139 -j DROP
iptables -t nat -A BLOCK --protocol udp --destination-port 135:139 -j DROP
iptables -t nat -A BLOCK --protocol udp --source-port 135:139 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 445 -j DROP
iptables -t nat -A BLOCK --protocol tcp --source-port 445 -j DROP
iptables -t nat -A BLOCK --protocol udp --destination-port 445 -j DROP
iptables -t nat -A BLOCK --protocol udp --source-port 445 -j DROP
# Cichlid
iptables -t nat -A BLOCK --protocol tcp --destination-port 1377 -j DROP
# Dabber.A-B
iptables -t nat -A BLOCK --protocol tcp --destination-port 9898 -j DROP
# Dumaru.Y
iptables -t nat -A BLOCK --protocol tcp --destination-port 2283 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 10000 -j DROP
# Gaobot, PhatBot, Agobot
iptables -t nat -A BLOCK --protocol tcp --destination-port 65503 -j DROP
# Grafx
iptables -t nat -A BLOCK --protocol tcp --destination-port 1373 -j DROP
# WinCrash
iptables -t nat -A BLOCK --protocol tcp --destination-port 2583 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 3024 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 5742 -j DROP
# Worm
iptables -t nat -A BLOCK --protocol tcp --destination-port 1433:1434 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 4444 -j DROP
iptables -t nat -A BLOCK --protocol udp --destination-port 4444 -j DROP
# Kuang2
iptables -t nat -A BLOCK --protocol tcp --destination-port 17300 -j DROP
# MyDoom
iptables -t nat -A BLOCK --protocol tcp --destination-port 1080 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 3127:3128 -j DROP
# MyDoom.B
iptables -t nat -A BLOCK --protocol tcp --destination-port 10080 --j DROP
# Messenger Worm
iptables -t nat -A BLOCK --protocol udp --destination-port 135:139 -j DROP
# NetBus
iptables -t nat -A BLOCK --protocol tcp --destination-port 12345 -j DROP
# NetBus Pro
iptables -t nat -A BLOCK --protocol tcp --destination-port 20034 -j DROP
# NDM Requester
iptables -t nat -A BLOCK --protocol tcp --destination-port 1364 -j DROP
# OptixPro
iptables -t nat -A BLOCK --protocol tcp --destination-port 3410 -j DROP
# Sasser
iptables -t nat -A BLOCK --protocol tcp --destination-port 5554 -j DROP
# Screen Cast
iptables -t nat -A BLOCK --protocol tcp --destination-port 1368 -j DROP
# SubSeven
iptables -t nat -A BLOCK --protocol tcp --destination-port 27374 -j DROP
# Outros vírus
iptables -t nat -A BLOCK --protocol tcp --destination-port 593 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 1024:1030 -j DROP
iptables -t nat -A BLOCK --protocol tcp --destination-port 1214 -j DROP
### FIM
Atenção melhorias são bem vindas