/ip firewall filter
add action=drop chain=forward src-address-list=isc.incidents.org
add action=log chain=forward comment="LOG" dst-port=135-139,445 protocol=tcp
add action=log chain=forward comment="LOG" dst-port=135-139,445 protocol=udp
add action=drop chain=known_viruses comment="windows - not EXACTLY a virus" dst-port=135-139 protocol=tcp
add action=drop chain=known_viruses comment="windows - not EXACTLY a virus" dst-port=135-139 protocol=udp
add action=drop chain=known_viruses comment="winXP netbios not EXACTLY a virus" dst-port=445 protocol=udp
add action=drop chain=known_viruses comment="winXP netbios not EXACTLY a virus" dst-port=445 protocol=tcp
add action=drop chain=known_viruses comment="msblast worm" dst-port=593 protocol=tcp
add action=drop chain=known_viruses comment="msblast worm" dst-port=4444 protocol=tcp
add action=drop chain=known_viruses comment="WITTY worm" dst-port=4000 protocol=tcp
add action=drop chain=known_viruses comment="SoBig.f worm" dst-port=995-999 protocol=tcp
add action=drop chain=known_viruses comment="SoBig.f worm" dst-port=8998 protocol=tcp
add action=drop chain=known_viruses comment="beagle worm" dst-port=2745 protocol=tcp
add action=drop chain=known_viruses comment="beagle worm" dst-port=4751 protocol=tcp
add action=drop chain=known_viruses comment="SQL Slammer" dst-port=1434 protocol=tcp
add action=drop chain=known_viruses comment="________" dst-port=1024-1030 protocol=tcp
add action=drop chain=known_viruses comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=known_viruses comment="________" dst-port=1214 protocol=tcp
add action=drop chain=known_viruses comment="ndm requester" dst-port=1363 protocol=tcp
add action=drop chain=known_viruses comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=known_viruses comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=known_viruses comment="hromgrafx" dst-port=1373 protocol=tcp
add action=drop chain=known_viruses comment="cichlid" dst-port=1377 protocol=tcp
add action=drop chain=known_viruses comment="Worm" dst-port=1433 protocol=tcp
add action=drop chain=known_viruses comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=known_viruses comment="Drop Dumaru.Y" dst-port=2283 protocol=tcp
add action=drop chain=known_viruses comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=known_viruses comment="Drop MyDoom" dst-port=3127-3128 protocol=tcp
add action=drop chain=known_viruses comment="Drop Backdoor OptixPro" dst-port=3410 protocol=tcp
add action=drop chain=known_viruses comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=known_viruses comment="Drop Beagle.B" dst-port=8866 protocol=tcp
add action=drop chain=known_viruses comment="Drop Dabber.A-B" dst-port=9898 protocol=tcp
add action=drop chain=known_viruses comment="Drop Dumaru.Y" dst-port=10000 protocol=tcp
add action=drop chain=known_viruses comment="Drop MyDoom.B" dst-port=10080 protocol=tcp
add action=drop chain=known_viruses comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=known_viruses comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=known_viruses comment="Drop SubSeven" dst-port=27374 protocol=tcp
add action=drop chain=known_viruses comment="Drop PhatBot, Agobot, Gaobot" dst-port=65506 protocol=tcp
add action=log chain=forward comment="drop invalid connections DELETE - LOG" connection-state=invalid
add action=drop chain=forward comment="drop invalid connections DELETE" connection-state=invalid
add action=accept chain=forward comment="allow established connections DELETE" connection-state=established
add action=accept chain=forward comment="allow related connections DELETE" connection-state=related