RouterOS软路由防火墙禁止公网端口扫描

https://www.ros9.com/866.html

https://www.ros9.com/index.php/soft-routing/ros-course

 

/ip firewall filter

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="port scanners to list " \

protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \

protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \

tcp-flags=fin,syn

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \

tcp-flags=syn,rst

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\

tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \

tcp-flags=fin,syn,rst,psh,ack,urg

add action=add-src-to-address-list address-list="port scanners" \

address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \

tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

add action=drop chain=input comment="dropping port scanners" \

src-address-list="port scanners"

posted @   walkersss  阅读(1065)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· DeepSeek “源神”启动!「GitHub 热点速览」
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· NetPad:一个.NET开源、跨平台的C#编辑器
历史上的今天:
2021-10-18 php5.6.3 源码安装
点击右上角即可分享
微信分享提示