防火墙过滤事例之input事例
本帖最后由 EDCwifi黄 于 2014-6-4 17:27 编辑对所有访问路由的数据进行过滤和处理,下面是一个对路由器保护的策略配置、
配置命令如下: /ip firewall filter>printFlags: X - disabled, I - invalid, D -dynamic0;;; chain=input action=drop connection-state=invalid
1 ;;; TCP 80 chain=forward action=drop protocol=tcp connection-limit=80,32
2;;; chain=input action=drop protocol=tcp psd=21,3s,3,1
3;;; DoS chain=input action=tarpit protocol=tcp src-address-list=black_listconnection-limit=3,32
4;;; DoS chain=input action=add-src-to-address-list protocol=tcpaddress-list=black_list address-list-timeout=1d connection-limit=10,32
5;;; chain=input action=drop dst-address-type=!local
6;;; ICMP chain=input action=jump jump-target=ICMP protocol=icmp
7;;; chain=forward action=drop src-address-type=!unicast
8;;; ICMP chain=ICMP action=drop protocol=icmp
9;;; chain=forward action=drop connection-state=invalid
10;;; ICMP chain=forward action=jump jump-target=ICMP protocol=icmp
页:
[1]