有没有提供一下在网吧应用的ROS的防火墙配置

madlife

有没有提供一下在网吧应用的ros的防火墙配置想将网吧的代理改用ROS的，但对ROS的防火墙设置不知怎么办看了几天论坛，如不设防火墙，ROS的安全有很大的问题有没有人可以共享一下你在网吧中应用ROS的防火墙配置？？谢谢

liu00901

!!我的防火墙!!!!(不断调整中，要考虑CPU频率)本机IP:192.168.0.125外网IP:XXX.XXX.XXX.XXXip firewall rule input     add connection-state=invalid action=drop comment="Drop invalid connections"add protocol=tcp tcp-options=no-sys-only connection-state=established action=accept comment="Established TCP connections" add connection-state=related action=accept comment="Related connections" add dst-address=:22-52 protocol=tcp action=drop add dst-address=:22-52 protocol=udp action=drop add dst-address=:69 protocol=tcp action=drop add dst-address=:69 protocol=udp action=drop add dst-address=:134-139 protocol=tcp action=drop add dst-address=:134-139 protocol=udp action=drop add dst-address=:445 protocol=tcp action=drop add dst-address=:445 protocol=udp action=drop add dst-address=:554 protocol=tcp action=dropadd dst-address=:554 protocol=udp action=drop add dst-address=:593 protocol=tcp action=drop add dst-address=:593 protocol=udp action=drop add dst-address=:1025 protocol=tcp action=drop add dst-address=:1025 protocol=udp action=drop add det-address=:1068 protocol=tcp action=drop add dst-address=:1068 protocol=udp action=drop add dst-address=:2000 protocol=tcp action=dropadd dst-address=:2000 protocol=udp action=dropadd dst-address=:3127-3198 protocol=tcp action=dropadd dst-address=:3127-3198 protocol=udp action=dropadd dst-address=:3389 protocol=tcp action=dropadd dst-address=:3389 protocpl=udp action=dropadd dst-address=!192.168.0.0/24:3987 protocol=tcp action=drop comment="dont link me" add dst-address=:4444 protocol=tcp action=drop add dst-address=:4444 protocol=udp action=dropadd dst-address=:5354 protocol=tcp action=dropadd dst-address=:5354 protocol=udp action=drop add dst-address=:5554 protocol=tcp action=dropadd dst-address=:5554 protocol=udp action=dropadd dst-address=:6881-6899 protocol=tcp action=drop comment="drop drop Bt download" add dst-address=:6881-6899 protocol=udp action=drop comment="drop drop Bt download" add dst-address=:8881-8899 protocol=tcp action=drop comment="drop drop Bt download" add dst-address=:8881-8899 protocol=udp action=drop comment="drop drop Bt download" add dst-address=:39213 protocol=tcp action=drop comment="drop worm" add dst-address=:39213 protocol=tcp action=drop comment="drop worm" add protocol=udp action=accept comment="udp" add dst-address=XXX.XXX.XXX.XXX/32 protocol=icmp action=drop  comment="don't ping me" add protocol=icmp limit-count=50 limit-burst=2 limit-time=5s action=accept comment="allow limited pings" disabled=0add src-address=192.168.0.0/24 dst-address=192.168.0.125/32 action=accept comment="from lan admin" add action=drop log=yes comment="Log and drop everything else"  ip firewall rule forward  (禁止某些网站IP)add dst-address=:134-139 protocol=tcp action=drop add dst-address=:134-139 protocol=tcp action=drop add dst-address=:5678 protocol=udp action=drop add dst-address=61.240.246.41/32 action=DROP comment="DROP WWW. CY07.COM"

madlife

还有没有人啊，先谢谢楼上的下面是我的，很简单，我只会这些0-5　是同意一些固定IP的外网控制 6   src-address=!192.168.0.0/24 protocol=icmp action=drop  7   src-address=!192.168.0.0/24 action=drop  8   dst-address=:135-139 protocol=tcp action=drop  9   dst-address=:135-139 protocol=udp action=drop 10   dst-address=:445 protocol=udp action=drop (只在rule中的input中设置了一下)