Nem ao céu nem a terra, acho que devemos bloquear sim, mas só os mais agressivos, não querer bloquear nada ou querer bloquear tudo acho furada...
segue minha sugestão e peço que postem a de vcs...
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="58 ;;; Drop Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment="59 ;;; Drop Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment="60 ;;; Drop Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment="61 ;;; Drop Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment="62 ;;; ________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="63 ;;; ________"
add chain=virus protocol=tcp dst-port=1214 action=drop comment="64 ;;; ________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment="65 ;;; ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment="66 ;;; ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment="67 ;;; screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment="68 ;;; hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment="69 ;;; cichlid"
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="70 ;;; Worm"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="71 ;;; Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment="72 ;;; Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment="73 ;;; Drop Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="74 ;;; Drop Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="75 ;;; Drop MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment="76 ;;; Drop Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment="77 ;;; Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment="78 ;;; Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment="79 ;;; Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment="80 ;;; Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment="81 ;;; Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment="82 ;;; Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment="83 ;;; Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="84 ;;; Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment="85 ;;; Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="86 ;;; Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment="87 ;;; Drop PhatBot, Gaobot"
add chain=virus protocol=tcp dst-port=555 action=drop comment="88 ;;; Drop phAse zero"
add chain=virus protocol=udp dst-port=555 action=drop comment="89 ;;; Drop phAse zero"
add chain=virus protocol=tcp dst-port=1243 action=drop comment="90 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=udp dst-port=1243 action=drop comment="91 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=tcp dst-port=3129 action=drop comment="92 ;;; Drop Masters Paradise"
add chain=virus protocol=udp dst-port=3129 action=drop comment="93 ;;; Drop Masters Paradise"
add chain=virus protocol=tcp dst-port=6670 action=drop comment="94 ;;; Drop DeepThroat"
add chain=virus protocol=udp dst-port=6670 action=drop comment="95 ;;; Drop DeepThroat"
add chain=virus protocol=tcp dst-port=6711 action=drop comment="96 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=udp dst-port=6711 action=drop comment="97 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=tcp dst-port=6969 action=drop comment="98 ;;; Drop GateCrasher"
add chain=virus protocol=udp dst-port=6969 action=drop comment="99 ;;; Drop GateCrasher"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="100 ;;; Drop NetBus"
add chain=virus protocol=udp dst-port=12345 action=drop comment="101 ;;; Drop NetBus"
add chain=virus protocol=tcp dst-port=21544 action=drop comment="102 ;;; Drop GirlFriend"
add chain=virus protocol=udp dst-port=21544 action=drop comment="103 ;;; Drop GirlFriend"
add chain=virus protocol=tcp dst-port=23456 action=drop comment="104 ;;; Drop EvilFtp"
add chain=virus protocol=udp dst-port=23456 action=drop comment="105 ;;; Drop EvilFtp"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="106 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=udp dst-port=27374 action=drop comment="107 ;;; Drop Sub-7, SubSeven"
add chain=virus protocol=tcp dst-port=30100 action=drop comment="108 ;;; Drop NetSphere"
add chain=virus protocol=udp dst-port=30100 action=drop comment="109 ;;; Drop NetSphere"
add chain=virus protocol=tcp dst-port=31789 action=drop comment="110 ;;; Drop Hack'a'Tack"
add chain=virus protocol=udp dst-port=31789 action=drop comment="111 ;;; Drop Hack'a'Tack"
add chain=virus protocol=tcp dst-port=31337 action=drop comment="112 ;;; Drop BackOrifice, and many others"
add chain=virus protocol=udp dst-port=31337 action=drop comment="113 ;;; Drop BackOrifice, and many others"
add chain=virus protocol=tcp dst-port=50505 action=drop comment="114 ;;; Drop Sockets de Troie"
add chain=virus protocol=udp dst-port=50505 action=drop comment="115 ;;; Drop Sockets de Troie"
Abraços.