|
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?注册
×
本帖最后由 zooyo 于 2011-2-9 20:20 编辑
# may/06/2009 09:55:12 by routeros 3.22
/ip firewall address-list
add address=128.0.0.0/1 comment="" disabled=no list=All-WAN
add address=64.0.0.0/2 comment="" disabled=no list=All-WAN
add address=32.0.0.0/3 comment="" disabled=no list=All-WAN
add address=16.0.0.0/4 comment="" disabled=no list=All-WAN
/ip firewall filter
add action=drop chain=forward comment=Drop-ICMP disabled=no dst-address=\
0.0.0.0/0 packet-size=300-1500 protocol=icmp src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no dst-address-list=All-WAN \
dst-port=!53 protocol=udp src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no dst-port=15000,15001 \
protocol=udp time=20h-23h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=input comment="\CE\DE\D0\A7\C1\B4\BD\D3" \
connection-state=invalid disabled=no
add action=drop chain=input comment="\B6\CB\BF\DA\C9\A8\C3\E8" disabled=no \
protocol=tcp psd=21,3s,3,1
add action=drop chain=forward comment=Drop-TCP-P2P disabled=no \
dst-address-list=All-WAN dst-port=!80,443 packet-size=500-1500 protocol=\
tcp src-address=192.168.0.0/16 src-address-list=p2p-tcp time=\
18h-23h59m,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="Drop-TCP=30" connection-limit=30,32 \
disabled=no dst-address-list=All-WAN dst-port=80,433 protocol=tcp \
src-address=192.168.0.0/16 src-address-list=p2p-tcp time=\
20h-22h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="Drop-TCP=20" connection-limit=10,32 \
disabled=no dst-address-list=All-WAN dst-port=!80-443 protocol=tcp \
src-address=192.168.0.0/16 src-address-list=p2p-tcp time=\
20h-22h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=Drop-UDP-UP disabled=no \
dst-address-list=All-WAN dst-port=!53,8000 packet-size=600-1500 protocol=\
udp src-address=192.168.0.0/16 src-address-list=p2p-udp time=\
19h-22h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=Drop-UDP-1/2-s1 disabled=no \
dst-address-list=All-WAN dst-port=!53,8000 protocol=udp random=50 \
src-address=192.168.0.0/16 src-address-list=p2p-s1 time=\
9h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
/ip firewall mangle
add action=add-src-to-address-list address-list=p2p-udp address-list-timeout=\
5m30s chain=prerouting comment=p2p-udp-LANip disabled=no \
dst-address-list=All-WAN protocol=udp src-address=192.168.0.0/16 \
src-address-list=p2p
add action=add-src-to-address-list address-list=p2p-tcp address-list-timeout=\
5m30s chain=prerouting comment=p2p-tcp-LANip disabled=no \
dst-address-list=All-WAN protocol=tcp src-address=192.168.0.0/16 \
src-address-list=p2p
add action=add-src-to-address-list address-list=p2p-s1 address-list-timeout=\
10m10s chain=prerouting comment=p2p-udp-max disabled=no dst-address-list=\
All-WAN protocol=udp src-address=192.168.0.0/16 src-address-list=p2p-s
/system scheduler
add comment="" disabled=no interval=1m name=p2p-TO on-event="#PPPOE\C8\AB\D7\
\D4\B6\AF\D6\C7\C4\DC\CF\DE\CB\D9\BD\C5\B1\BE\r\
\n#:foreach i in=[/interface find mtu=1480] do={:put [/interface get \$i n\
ame]}\r\
\n#:delay 3\r\
\n#\D1\D3\CA\B13\C3\EB\A3\AC\C8\B1\CA\A1\CE\AA1\C3\EB\r\
\n###################################################################### \
\r\
\n/ip firewall address-list remove [find list=p2p]\r\
\n/ip firewall address-list remove [find list=p2p-s]\r\
\n:local RxCurPacket 0 \r\
\n:local RxCurAddress 0 \r\
\n:local RxCurUser 0 \r\
\n:local RxCurRate 0 \r\
\n:local TxCurRate 0 \r\
\n:foreach i in=[/interface find mtu=1480] do={\r\
\nint mon \$i once do={\r\
\n:set RxCurPacket (\$\"received-packets-per-second\")\r\
\n:set RxCurRate (\$\"received-bits-per-second\")\r\
\n:set TxCurRate (\$\"sent-bits-per-second\")\r\
\n:set RxCurAddress [/ppp active get \$i address]\r\
\n:set RxCurUser [/ppp active get \$i name]\r\
\n}\r\
\n#:put \$RxCurPacket\r\
\n#:put \$RxCurAddress \r\
\n:if (\$RxCurPacket>300) do={/ip firewall address-list add list=p2p-s add\
ress=\$RxCurAddress comment=\$RxCurUser}\r\
\n:if (\$RxCurPacket>150) do={/ip firewall address-list add list=p2p addre\
ss=\$RxCurAddress comment=\$RxCurUser}\r\
\n:if ((\$RxCurRate/5)>\$TxCurRate and \$RxCurRate>200000) do={/ip firewal\
l address-list add list=p2p address=\$RxCurAddress comment=\$RxCurUser}\r\
\n}\r\
\n###################################################################### c\
omment=\$RxCurUser" start-date=jan/01/1970 start-time=00:00:00
|
评分
-
查看全部评分
|
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
发表于 2010-11-10 16:05:31
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
