1. bash / Говнокод #17084

    −129

    1. 01
    2. 02
    3. 03
    4. 04
    5. 05
    6. 06
    7. 07
    8. 08
    9. 09
    10. 10
    11. 11
    12. 12
    13. 13
    14. 14
    15. 15
    16. 16
    17. 17
    18. 18
    19. 19
    20. 20
    21. 21
    22. 22
    23. 23
    24. 24
    25. 25
    26. 26
    27. 27
    28. 28
    29. 29
    30. 30
    31. 31
    32. 32
    33. 33
    34. 34
    35. 35
    36. 36
    37. 37
    38. 38
    39. 39
    40. 40
    41. 41
    42. 42
    43. 43
    44. 44
    45. 45
    46. 46
    /ip firewall filter
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add chain=forward comment="default configuration" connection-state=established
add chain=forward dst-address=0.0.0.0 in-interface=ether1-gateway out-interface=bridge-local protocol=icmp src-address=0.0.0.0
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid
add chain=output comment="accept everything to internet" out-interface=ether1-gateway
add chain=output comment="accept everything to non internet" out-interface=!ether1-gateway
add chain=output comment="accept everything"
add chain=forward comment="allow already established connections" connection-state=established
add chain=forward comment="accept from local to internet" in-interface=!ether1-gateway out-interface=ether1-gateway
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=yes
add chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
add chain=forward dst-port=25 protocol=tcp src-address-list=spammer
add chain=forward dst-port=25 protocol=tcp src-address-list=spammer
add action=drop chain=forward dst-port=25 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward connection-limit=30,32 dst-port=25 limit=50,5 protocol=tcp \
    src-address-list=!spammer
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist
add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp \
    src-address-list=telnet_stage3
add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp \
    src-address-list=telnet_stage2
add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp \
    src-address-list=telnet_stage1
add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp
add chain=input comment=vpn dst-address=0.0.0.0 dst-port=1723 in-interface=ether1-gateway protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=internet

    to alex5252

    Запостил: geniewgen, 08 Ноября 2014

    Комментарии (3) RSS

    • ava guest 08.11.2014 19:02 # 0

      [color=blue]http://pastebin.com/[color]
      Ответить

    • ava bormand 08.11.2014 22:32 # 0

      Ну сколько можно, а? Пастбин там >>>
      Ответить

    • ava Анонимус 09.11.2014 01:20 # 0

      В древности я админил фрю на роутерах, и там был ipfw, и мой конфиг файрвола примерно так и выглядел, а автор питух конечно что использует уютненький говнокодик как пастбин, и пускай его забанаят!
      Ответить

    Добавить комментарий