本帖最后由 EDCwifi黄 于 2014-6-4 17:27 编辑
对所有访问路由的数据进行过滤和处理,下面是一个对路由器保护的策略配置 、
配置命令如下: [admin@MikroTik] /ip firewall filter>print Flags: X - disabled, I - invalid, D -dynamic 0 ;;; chain=input action=drop connection-state=invalid
1 ;;; TCP 80 chain=forward action=drop protocol=tcp connection-limit=80,32
2 ;;; chain=input action=drop protocol=tcp psd=21,3s,3,1
3 ;;; DoS chain=input action=tarpit protocol=tcp src-address-list=black_listconnection-limit=3,32
4 ;;; DoS chain=input action=add-src-to-address-list protocol=tcpaddress-list=black_list address-list-timeout=1d connection-limit=10,32
5 ;;; chain=input action=drop dst-address-type=!local
6 ;;; ICMP chain=input action=jump jump-target=ICMP protocol=icmp
7 ;;; chain=forward action=drop src-address-type=!unicast
8 ;;; ICMP chain=ICMP action=drop protocol=icmp
9 ;;; chain=forward action=drop connection-state=invalid
10 ;;; ICMP chain=forward action=jump jump-target=ICMP protocol=icmp
| 
|Archiver|手机版|小黑屋|EDCwifi.BBS
( 粤ICP备17065502号-1 粤公网安备44030702001530号 )
发表于 2014-5-21 14:46:27