標題: 【RouterOS】—— Allow certain request from Interent [打印本頁]

---

作者: 角色    時間: 2014-8-19 02:10     標題: 【RouterOS】—— Allow certain request from Interent

1. /ip firewall filter
   
2. add chain=input comment="Accept established connections" connection-state=established
   
3. add chain=input comment="Accept related connections" connection-state=related
   
4. add chain=input comment=UDP protocol=udp
   
5. add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
   
6. add action=log chain=input comment="Log everything else" log-prefix="DROP INPUT"
   
7. add action=drop chain=input comment=winbox dst-port=8291 in-interface=ether1 protocol=tcp
   
8. add action=drop chain=input comment="SSH for secure shell" dst-port=22 in-interface=ether1 protocol=tcp
   
9. add action=drop chain=input comment="Telnet shell" dst-port=23 in-interface=ether1 protocol=tcp
   
10. add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
    
11. add action=drop chain=input comment="Drop excess pings" protocol=icmp
    
12. add action=drop chain=input comment="Drop everything else" in-interface=ether1

複製代碼

---

歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/)

Powered by Discuz! 7.2