Pessoal ja recebi muito desse forum..e resolvi postar algumas regras de firewall pra ajudar quem estiver precisando sao simples mas pra quem ta iniciando acho que vai ser uma grande ajuda
[santo@ProvaleNet] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; BLOQUEIO DE PROXY EXTERNO
chain=input in-interface=Internet protocol=tcp dst-port=3128 action=drop

1 ;;; Lista de virus
chain=virus protocol=tcp dst-port=445 action=drop

2 chain=virus protocol=udp dst-port=135-139 action=drop

3 chain=virus protocol=udp dst-port=445 action=drop

4 chain=virus protocol=tcp dst-port=135-139 action=drop

5 chain=forward protocol=tcp dst-port=539 action=drop

6 chain=virus protocol=tcp dst-port=1024-1030 action=drop

7 chain=virus protocol=tcp dst-port=1080 action=drop

8 chain=virus protocol=tcp dst-port=65506 action=drop

9 chain=virus protocol=tcp dst-port=17300 action=drop

10 chain=virus protocol=tcp dst-port=1214 action=drop

11 chain=virus protocol=tcp dst-port=12345 action=drop

12 chain=virus protocol=tcp dst-port=9898 action=drop

13 chain=virus protocol=tcp dst-port=1363 action=drop

14 chain=virus protocol=tcp dst-port=1373 action=drop

15 chain=virus protocol=tcp dst-port=1377 action=drop

16 chain=virus protocol=tcp dst-port=1433-1434 action=drop

17 chain=virus protocol=tcp dst-port=1368 action=drop

18 chain=virus protocol=tcp dst-port=2745 action=drop

19 chain=virus protocol=tcp dst-port=2283 action=drop

20 chain=virus protocol=tcp dst-port=2535 action=drop

21 chain=virus protocol=tcp dst-port=3410 action=drop

22 chain=virus protocol=tcp dst-port=4444 action=drop

23 chain=virus protocol=udp dst-port=4444 action=drop

24 chain=virus protocol=tcp dst-port=5554 action=drop

25 chain=virus protocol=tcp dst-port=8866 action=drop

26 chain=virus protocol=tcp dst-port=10000 action=drop

27 chain=virus protocol=tcp dst-port=10080 action=drop

28 chain=forward protocol=tcp dst-port=27374 action=drop

29 chain=drop_protocol protocol=udp src-port=13973 action=drop

30 chain=drop_protocol protocol=udp src-port=21503 action=drop

31 chain=drop_protocol protocol=udp src-port=2710 action=drop

32 chain=drop_protocol protocol=udp src-port=35178 action=drop

33 chain=input action=jump jump-target=virus

34 chain=forward action=jump jump-target=drop_protocol

35 ;;; Quebra de Criptografia ares
chain=forward src-address=80.80.1.0/24 p2p=warez action=drop

36 X ;;; Bloqueio do trafego p2p
chain=forward p2p=all-p2p action=drop

37 X ;;; Logs
chain=virus action=log log-prefix=""

38 X chain=forward action=log log-prefix=""

39 ;;; LIMITE DE CONEXÕES SIMULTANEAS
chain=forward src-address=80.80.1.2 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

40 chain=forward src-address=80.80.1.3 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

41 chain=forward src-address=80.80.1.4 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

42 chain=forward src-address=80.80.1.5 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

43 chain=forward src-address=80.80.1.6 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

44 chain=forward src-address=80.80.1.7 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

45 chain=forward src-address=80.80.1.8 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

46 chain=forward src-address=80.80.1.9 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

47 chain=forward src-address=80.80.1.10 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

48 chain=forward src-address=80.80.1.11 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

49 chain=forward src-address=80.80.1.12 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

50 chain=forward src-address=80.80.1.13 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

51 chain=forward src-address=80.80.1.14 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

52 chain=forward src-address=80.80.1.15 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

53 chain=forward src-address=80.80.1.16 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

54 chain=forward src-address=80.80.1.17 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

55 chain=forward src-address=80.80.1.18 protocol=tcp tcp-flags=syn
connection-limit=3,32 action=drop

56 chain=forward src-address=80.80.1.19 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

57 chain=forward src-address=80.80.1.20 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

58 chain=forward src-address=80.80.1.21 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

59 chain=forward src-address=80.80.1.22 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

60 chain=forward src-address=80.80.1.23 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

61 chain=forward src-address=80.80.1.24 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

62 chain=forward src-address=80.80.1.25 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

63 chain=forward src-address=80.80.1.26 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

64 chain=forward src-address=80.80.1.27 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

65 chain=forward src-address=80.80.1.28 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

66 chain=forward src-address=80.80.1.29 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

67 chain=forward src-address=80.80.1.30 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

68 chain=forward src-address=80.80.1.31 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

69 chain=forward src-address=80.80.1.32 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

70 chain=forward src-address=80.80.1.33 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

71 chain=forward src-address=80.80.1.34 protocol=tcp tcp-flags=syn
connection-limit=30,32 action=drop

72 ;;; BLoqueio sei la de q
chain=forward protocol=tcp dst-port=0 action=drop

73 chain=forward protocol=udp dst-port=0 action=drop
-- [Q quit|D dump|up]