/ip firewall filter
add chain=virus protocol=tcp dst-port=2 action=drop comment="Death" disabled=no
add chain=virus protocol=tcp dst-port=15 action=drop comment="B2" disabled=no
add chain=virus protocol=tcp dst-port=23 action=drop comment="ADM worm" disabled=no
add chain=virus protocol=tcp dst-port=30 action=drop comment="Agent 40421" disabled=no
add chain=virus protocol=tcp dst-port=31 action=drop comment="Agent 31" disabled=no
add chain=virus protocol=tcp dst-port=39 action=drop comment="subSARI" disabled=no
add chain=virus protocol=tcp dst-port=41 action=drop comment="Deep Throat" disabled=no
add chain=virus protocol=tcp dst-port=41 action=drop comment="Deep Throat" disabled=no
add chain=virus protocol=tcp dst-port=44 action=drop comment="Arctic" disabled=no
add chain=virus protocol=tcp dst-port=44 action=drop comment="Arctic" disabled=no
add chain=virus protocol=tcp dst-port=48 action=drop comment="DRAT" disabled=no
add chain=virus protocol=tcp dst-port=50 action=drop comment="DRAT" disabled=no
add chain=virus protocol=tcp dst-port=58 action=drop comment="DMSetup" disabled=no
add chain=virus protocol=tcp dst-port=59 action=drop comment="DMSetup" disabled=no
add chain=virus protocol=tcp dst-port=67-68 action=drop comment="Denegar DHCP" disabled=no
add chain=virus protocol=tcp dst-port=69 action=drop comment="denegar TFTP" disabled=no
add chain=virus protocol=tcp dst-port=79 action=drop comment="CDK, Firehotcker" disabled=no
add chain=virus protocol=tcp dst-port=81 action=drop comment="RemoConChubo USADO POR DISDOOS" disabled=no
add chain=virus protocol=tcp dst-port=99 action=drop comment="Hidden" disabled=no
add chain=virus protocol=tcp dst-port=111 action=drop comment="Denegar RPC portmapper" disabled=no
add chain=virus protocol=tcp dst-port=113 action=drop comment="Invisible Identd Deamon" disabled=no
add chain=virus protocol=tcp dst-port=119 action=drop comment="Happy99 OJO se usa para Grupo de Noticias" disabled=no
add chain=virus protocol=tcp dst-port=121 action=drop comment="Attack Bot" disabled=no
add chain=virus protocol=tcp dst-port=123 action=drop comment="Net Controller" disabled=no
add chain=virus protocol=tcp dst-port=133 action=drop comment="Farnaz" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
add chain=virus protocol=tcp dst-port=137 action=drop comment="Chode" disabled=no
add chain=virus protocol=tcp dst-port=138 action=drop comment="Chode" disabled=no
add chain=virus protocol=tcp dst-port=142 action=drop comment="NetTaxi" disabled=no
add chain=virus protocol=tcp dst-port=146 action=drop comment="Infector" disabled=no
add chain=virus protocol=tcp dst-port=166 action=drop comment="NokNok" disabled=no
add chain=virus protocol=tcp dst-port=170 action=drop comment="A-trojan" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1045 action=drop comment="Rasmin" disabled=no
add chain=virus protocol=tcp dst-port=1049 action=drop comment="/sbin/initd" disabled=no
add chain=virus protocol=tcp dst-port=1050 action=drop comment="MiniCommand" disabled=no
add chain=virus protocol=tcp dst-port=1053 action=drop comment="The Thief" disabled=no
add chain=virus protocol=tcp dst-port=1054 action=drop comment="AckCmd" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=1081 action=drop comment="WinHole" disabled=no
add chain=virus protocol=tcp dst-port=1082 action=drop comment="Winhole" disabled=no
add chain=virus protocol=tcp dst-port=1083 action=drop comment="WinHole" disabled=no
add chain=virus protocol=tcp dst-port=1090 action=drop comment="Xtreme" disabled=no
add chain=virus protocol=tcp dst-port=1095 action=drop comment="Remote Administration Tool - RAT" disabled=no
add chain=virus protocol=tcp dst-port=1097 action=drop comment="Remote Administration Tool - RAT" disabled=no
add chain=virus protocol=tcp dst-port=1098 action=drop comment="Remote Administration Tool - RAT" disabled=no
add chain=virus protocol=tcp dst-port=1099 action=drop comment="Remote Administration Tool - RAT" disabled=no
add chain=virus protocol=tcp dst-port=1150 action=add-dst-to-address-list address-list=DISDOSS address-list-timeout=1h comment="Orion" disabled=no
add chain=virus protocol=tcp dst-port=1151 action=drop comment="Orion" disabled=no
add chain=virus protocol=tcp dst-port=1170 action=drop comment="Streaming Audio Server" disabled=no
add chain=virus protocol=tcp dst-port=1174 action=drop comment="DaCryptic" disabled=no
add chain=virus protocol=tcp dst-port=1180 action=drop comment="unim68" disabled=no
add chain=virus protocol=tcp dst-port=1207 action=drop comment="SoftWar" disabled=no
add chain=virus protocol=tcp dst-port=1208 action=drop comment="Infector" disabled=no
add chain=virus protocol=tcp dst-port=1212 action=drop comment="Kaos" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="-----" disabled=no
add chain=virus protocol=tcp dst-port=1234 action=drop comment="Subseven Java Client" disabled=no
add chain=virus protocol=tcp dst-port=1243 action=drop comment="BackDoor - G" disabled=no
add chain=virus protocol=tcp dst-port=1245 action=drop comment="VooDoo Doll" disabled=no
add chain=virus protocol=tcp dst-port=1255 action=drop comment="Scarab" disabled=no
add chain=virus protocol=tcp dst-port=1256 action=drop comment="Project Next" disabled=no
add chain=virus protocol=tcp dst-port=1269 action=drop comment="Matrix" disabled=no
add chain=virus protocol=tcp dst-port=1272 action=drop comment="The Matrix" disabled=no
add chain=virus protocol=tcp dst-port=1313 action=drop comment="Netrojan" disabled=no
add chain=virus protocol=tcp dst-port=1337 action=drop comment="ShadyShell" disabled=no
add chain=virus protocol=tcp dst-port=1338 action=drop comment="Milennium Worm" disabled=no
add chain=virus protocol=tcp dst-port=1349 action=drop comment="Bo dll" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester-" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server-" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="kromgrafx" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichild" disabled=no
add chain=virus protocol=tcp dst-port=1386 action=drop comment="Dagger" disabled=no
add chain=virus protocol=tcp dst-port=1394 action=drop comment="GoFriller" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=1441 action=drop comment="Remote Storm" disabled=no
add chain=virus protocol=tcp dst-port=1492 action=drop comment="FTP99CMP" disabled=no
add chain=virus protocol=tcp dst-port=1524 action=drop comment="Trinno" disabled=no
add chain=virus protocol=tcp dst-port=1568 action=drop comment="Remote Hack" disabled=no
add chain=virus protocol=tcp dst-port=2049 action=drop comment="Denegar NFS" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3133 action=drop comment="Denegar BackOriffice" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345-12346 action=drop comment="Denegar NetBus" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no
add chain=icmp protocol=icmp action=log log-prefix="" comment="" disabled=no
add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no
add chain=input connection-state=related action=accept comment="Aceitar relatar conexões" disabled=no
add chain=input src-address=!192.168.0.0/24 protocol=tcp dst-port=3128 action=drop comment="Bloqueia uso web proxy por redes externas" disabled=no
add chain=input src-address=!192.168.0.0/24 protocol=tcp dst-port=8080 action=drop comment="Bloquea uso do thunder por redes externas" disabled=no
add chain=input src-address=!192.168.0.0/24 src-address-list="Tentativas SSH" action=drop comment="Bloquear Lista SSH" disabled=no
add chain=input src-address=!192.168.0.0/24 src-address-list="Lista Telnet" action=drop comment="Bloqueia Lista Telnet" disabled=no
add chain=input src-address=!192.168.0.0/24 src-address-list="Bloqueio de Invalidos Router" action=drop comment="Bloqueio Lista de Invalidos" disabled=no
add chain=input src-address=!192.168.0.0/24 src-address-list="Entradas por FTP" action=drop comment="Bloquear Lista FTP" disabled=no
add chain=input protocol=tcp dst-port=21 action=add-src-to-address-list address-list="Entradas por FTP" address-list-timeout=0s comment="Cria Lista de IPs que entran no FTP" disabled=no
add chain=input protocol=tcp dst-port=21 action=drop comment="Aceitar Conexões FTP" disabled=no
add chain=input protocol=tcp dst-port=80 action=add-src-to-address-list address-list="Acesos Via Web" address-list-timeout=0s comment="Cria Lista de IPs que vem WebBox" disabled=no
add chain=input protocol=tcp dst-port=80 action=drop comment="Aceita WebBox" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Aceitar pings limitados" disabled=no
add chain=input protocol=icmp action=drop comment="Recusar pings exedidos" disabled=no
add chain=input protocol=tcp dst-port=23 action=add-src-to-address-list address-list="Lista Telnet" address-list-timeout=0s comment="Lista Telnet" disabled=no
add chain=input protocol=tcp dst-port=23 action=drop comment="Aceita Telnet" disabled=no
add chain=input protocol=tcp dst-port=22 action=add-src-to-address-list address-list="Tentativas SSH" address-list-timeout=0s comment="Cria Lista de Entradas SSH" disabled=no
add chain=input protocol=tcp dst-port=22 action=drop comment="SSH" disabled=no
add chain=input src-address=192.168.x.0/24 action=accept comment="Conexões da Rede Local" disabled=no
add chain=input protocol=tcp dst-port=8291 action=add-src-to-address-list address-list=Winbox address-list-timeout=0s comment="Agrega IPs Que entram pelo Winbox" disabled=no
add chain=input protocol=udp dst-port=53 limit=2400/1m,5 action=accept comment="limited dns" disabled=no
add chain=input protocol=udp dst-port=53 action=drop comment="all others go to hell" disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" disabled=no
add chain=forward protocol=tcp dst-port=25 src-address-list=Spamm action=drop comment="Anti Spam" disabled=no
add chain=forward protocol=tcp dst-port=25 connection-limit=10,32 limit=50,5 action=add-src-to-address-list address-list=Spamm address-list-timeout=2h comment="" disabled=no
add chain=sanity-check packet-mark=nat-traversal action=drop comment="Deny illegal NAT traversal" disabled=no
add chain=forward action=jump jump-target=sanity-check comment="Sanity Check" disabled=no
add chain=sanity-check dst-address-type=broadcast,multicast action=jump jump-target=drop comment="Dropea todo 0 trafego que Vem das direções multicast o broadcast" disabled=no
add chain=sanity-check src-address-type=broadcast,multicast action=jump jump-target=drop comment="Dropeia o trafego dirigido a direções multicast o broadcast" disabled=no
add chain=drop action=log log-prefix="DROPPEDD" comment="" disabled=no
add chain=drop action=drop comment="" disabled=no
add chain=forward action=accept comment="" disabled=no
add chain=input connection-state=invalid action=drop comment="conexões invalidas" disabled=no
add chain=SERVICIOS protocol=tcp dst-port=23 action=drop comment="Bloqueia o ingreso por Telnet" disabled=no
add chain=input src-address-list=black_list action=drop comment="DROP BLACK-LISTED USERS" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Bloquea TCP Null scan" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Bloquea TCP Xmas scan" disabled=no
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Detecta Dois Attack" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Detecta port scan" disabled=no
add chain=input action=jump jump-target=SERVICIOS comment="SERVIÇOS" disabled=no
/ip firewall filter add chain=forward dst-address=180.76.2.25 action=drop comment=BAIDU
/ip firewall filter add chain=forward dst-address=63.217.158.78 action=drop comment=############################# BLOQUEIO DO BAIDU PC FASTER#############################
/ip firewall filter add chain=forward dst-address=220.181.111.86 action=drop
/ip firewall filter add chain=forward dst-address=46.28.209.15 action=drop comment=PC-PERFORMER-DRIVER-SCANNER
/ip firewall filter add chain=forward dst-address=96.45.82.5 action=drop
/ip firewall filter add chain=forward dst-address=208.94.116.112 action=drop comment=DEALPLY
/ip firewall filter add chain=forward dst-address=66.77.197.179 action=drop comment=DELTA-TOOL-BAR
/ip firewall filter add chain=forward dst-address=69.28.58.74 action=drop comment=22FIND
/ip firewall filter add chain=forward dst-address=95.130.75.74 action=drop comment=IMINENT
/ip firewall filter add chain=forward dst-address=50.23.103.20 action=drop comment=FUNMOODS
/ip firewall filter add chain=forward dst-address=173.255.138.100 action=drop
/ip firewall filter add chain=forward dst-address=174.37.174.84 action=drop
/ip firewall filter add chain=forward dst-address=174.127.102.228 action=drop
/ip firewall filter add chain=forward dst-address=66.235.120.127 action=drop comment=ASK-TOOL-BAR
/ip firewall filter add chain=forward dst-address=63.217.158.0/24 action=drop comment=Hao123