本脚本为网吧通用防火墙,导入命令:im *.RSC 请复制以下代码,保存为*.rsc ------------------------------------------------------------------------------------------------------------------ / ip firewall connection tracking set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=30s \ tcp-established-timeout=5d tcp-fin-wait-timeout=2m \ tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \ tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \ udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m / ip firewall filter add chain=input connection-state=invalid action=drop comment="drop invalid \ packets" disabled=no add chain=input connection-state=related action=accept comment="accept related \ packets" disabled=no add chain=input connection-state=established action=accept comment="accept \ established packets" disabled=no add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and \ drop port scan connections" disabled=no add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \ action=tarpit comment="suppress DoS attack" disabled=no add chain=input protocol=tcp connection-limit=10,32 \ action=add-src-to-address-list address-list=black_list \ address-list-timeout=1d comment="detect DoS attack" disabled=no add chain=input dst-address-type=!local action=drop comment="drop all that is \ not to local" disabled=no add chain=input src-address-type=!unicast action=drop comment="drom all that \ is not from unicast" disabled=no add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump to \ chain ICMP" disabled=no add chain=input action=jump jump-target=services comment="jump to chain \ services" disabled=no add chain=services protocol=tcp dst-port=53 action=accept comment="allow DNS \ request" disabled=no add chain=services protocol=udp dst-port=53 ...
