关于ROS网页断流的解决脚本
本脚本为网吧通用防火墙,导入命令:im *.RSC
请复制以下代码,保存为*.rSC
------------------------------------------------------------------------------------------------------------------
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=30s \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="drop invalid \
packets" disabled=no
add chain=input connection-state=related action=accept comment="accept related \
packets" disabled=no
add chain=input connection-state=established action=accept comment="accept \
established packets" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and \
drop port SCan connections" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tARPit comment="suppress DoS attack" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="detect DoS attack" disabled=no
add chain=input dst-address-type=!local action=drop comment="drop all that is \
not to local" disabled=no
add chain=input src-address-type=!unicast action=drop comment="drom all that \
is not from unicast" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump to \
chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="jump to chain \
services" disabled=no
add chain=services protocol=tcp dst-port=53 action=accept comment="allow DNS \
request" disabled=no
add chain=services protocol=udp dst-port=53 action=accept comment="Allow DNS \
request" disabled=no
add chain=services src-address=127.0.0.1 dst-address=127.0.0.1 action=accept \
comment="accept localhost" disabled=no
add chain=services protocol=tcp dst-port=20-21 action=accept comment="allow
请复制以下代码,保存为*.rSC
------------------------------------------------------------------------------------------------------------------
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=30s \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="drop invalid \
packets" disabled=no
add chain=input connection-state=related action=accept comment="accept related \
packets" disabled=no
add chain=input connection-state=established action=accept comment="accept \
established packets" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and \
drop port SCan connections" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tARPit comment="suppress DoS attack" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="detect DoS attack" disabled=no
add chain=input dst-address-type=!local action=drop comment="drop all that is \
not to local" disabled=no
add chain=input src-address-type=!unicast action=drop comment="drom all that \
is not from unicast" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump to \
chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="jump to chain \
services" disabled=no
add chain=services protocol=tcp dst-port=53 action=accept comment="allow DNS \
request" disabled=no
add chain=services protocol=udp dst-port=53 action=accept comment="Allow DNS \
request" disabled=no
add chain=services src-address=127.0.0.1 dst-address=127.0.0.1 action=accept \
comment="accept localhost" disabled=no
add chain=services protocol=tcp dst-port=20-21 action=accept comment="allow
本文来源:网络整理 作者:佚名
百度
谷歌
雅虎
搜狗
搜搜
有道
360搜索
奇虎
天下网吧·网吧天下
