Citação:
Postado originalmente por oyama
Opa roney meu controle de usuario e centralizado. fica tudo em um unico servidor que faz o controle de banda. No mk controlo apenas p2p e bloqueio algumas portas manjadas que os trojans e afins gostam de usar.
Oyama, já que bloqueia portas manjadas... abaixo algumas regras do meu:
11 ;;; Syn-flood
chain=input protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept
12 ;;; Syn-flood
chain=forward protocol=tcp tcp-flags=fin,syn,rst,ack limit=1,5 action=accept
13 ;;; DoS
chain=input protocol=icmp icmp-options=8:0 limit=1,5 action=accept
14 ;;; DoS
chain=forward protocol=icmp icmp-options=8:0 limit=1,5 action=accept
18 ;;; Fragmentação
chain=input in-interface=WAN-EBT fragment=yes action=log log-prefix="Pacote INPUT Fragmentado"
31 ;;; NetBIOS
chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=tcp dst-port=135-139 action=drop
32 chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=udp dst-port=135-139 action=drop
33 ;;; Bug tradução NAT
chain=output protocol=icmp connection-state=invalid action=drop
34 ;;; Cabeçalhos inválidos
chain=forward connection-state=invalid action=drop
35 chain=input in-interface=WAN-EBT protocol=tcp tcp-flags=fin,psh,urg action=drop
36 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=135-139 action=drop
37 ;;; Drop Messenger Worm
chain=virus protocol=udp dst-port=135-139 action=drop
38 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop
39 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop
40 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop
41 ;;; ________
chain=virus protocol=tcp dst-port=1024-1030 action=drop
42 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=1080 action=drop
43 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop
44 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop
45 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop
46 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop
47 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop
48 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop
49 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop
50 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop
51 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop
52 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop
53 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop
54 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=3127-3128 action=drop
55 ;;; Drop Backdoor OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop
56 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop
57 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop
58 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop
59 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop
60 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop
61 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop
62 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop
63 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop
64 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop
65 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop
66 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop
67 ;;; jump to the virus chain
chain=forward action=jump jump-target=virus
68 ;;; Port scanners to list
chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
69 ;;; NMAP FIN Stealth scan
chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
70 ;;; SYN/FIN scan
chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
71 ;;; SYN/RST scan
chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
72 ;;; FIN/PSH/URG scan
chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!ack action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
73 ;;; ALL/ALL scan
chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
74 ;;; NMAP NULL scan
chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
75 ;;; dropping port scanners
chain=input src-address-list=port scanners action=drop