防火墙ros（Firewall ROS）.doc

防火墙ros（Firewall ROS） ros 防火墙设置2008 - 07 - 24 17: 32mikrotik routeros 2.9.x防火墙设置2007 - 12 - 10: 49 / ip firewall connection tracking set enabled = yes tcp syn sent timeout = 1m tcp syn received timeout = 1m tcp established timeout = 1d tcp fin wait timeout = 10s tcp close wait timeout = 10s tcp last ack timeout = 10s tcp time wait timeout = 10s tcp close timeout = 10s udp timeout = 10s the udp stream timeout = 3m icmp timeout = 10s generic timeout = 10m ip firewall filter add chain = input protocol = tcp dst - port = 135 139 action = drop add chain = input protocol = udp dst - port = 135 139 action = drop add chain = input connection state = established action = accept add chain = input connection state = related action = accept add chain = input src address dst = address = action = accept add chain = input connection state = invalid action = drop add chain = input dst address type =! local action = drop add chain = input src address type =! unicast action = drop add chain = input protocol: tcp psd = 21,3s, 3.1 action = drop add chain = input protocol = tcp connection limit = 10.32 action = add src to address list address list = black _ list address list timeout = 1d add chain = input protocol = tcp connection limit = 3.32 src address list = black _ list action = tarpit add chain = input protocol = icmp icmp options = 0: 0 - 255 limit = 5.5 action = accept add chain = input protocol = icmp icmp options = 3: 3 limit = 5.5 action = accept add chain = input protocol = icmp icmp options = 3: 4 limit = 5.5 action = accept add chain = input protocol = icmp icmp options = 8: 0 - 255 limit = 5.5 action = accept add chain = input protocol = icmp icmp options = 11: 0 - 255 limit = 5.5 action = accept add chain = output protocol = icmp icmp options = 0: 0 - 255 limit = 5.5 action = accept add chain = output protocol = icmp icmp options = 3: 3 limit = 5.5 action = accept add chain = output protocol = icmp icmp options = 3: 4 limit = 5.5 action = accept add chain = outp