# feb/18/2006 22:28:00 by RouterOS 2.9.2.7 QQ"415736
# software id = 83RE-SN0
#
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop illegal connection packets" disabled=no
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
Comment="Limit the total number of http connections to 90" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
comment="Probate and discard port scan connection" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tarpit comment="Suppress DoS attacks" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="Detection of DoS Attacks" disabled=no
add chain=input dst-address-type=!local action=drop comment="Drop non-local data" \
disabled=no
add chain=input src-address-type=!unicast action=drop \
comment="Discard all non-unicast data" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP \
Comment="Jump to ICMP linked list" disabled=no
add chain=input protocol=tcp action=jump jump-target=virus \
comment="Jump to virus linked list" disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment="Ping response is limited to 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment="Traceroute limit is 5 packages per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
Comment="MTU line detection limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment="Ping request limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment="Trace TTL limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp action=drop comment="Drop any ICMP data" \
disabled=no
add chain=forward connection-state=established action=accept \
comment="accept connected packets" disabled=no
add chain=forward connection-state=related action=accept \
Comment="Accept relevant data packets" disabled=no
add chain=forward connection-state=invalid action=drop \
comment="Drop illegal packets" disabled=no
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
Comment="Limit the number of TCP connections per host to 50" disabled=no
add chain=forward src-address-type=!unicast action=drop \
comment="Discard all non-unicast data" disabled=no
add chain=forward protocol=icmp action=jump jump-target=ICMP \
Comment="Jump to ICMP linked list" disabled=no
add chain=forward action=jump jump-target=virus comment="Jump to virus linked list" \
disabled=no
add chain=virus protocol=tcp dst-port=41 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=82 action=drop \
comment="@mm" disabled=no
add chain=virus protocol=tcp dst-port=113 action=drop \
comment="/B/C/D/E/F-1" disabled=no
add chain=virus protocol=tcp dst-port=2041 action=drop \
comment="/B/C/D/E/F-2" disabled=no
add chain=virus protocol=tcp dst-port=3150 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=3067 action=drop \
comment="/B/C/D/E/F-3" disabled=no
add chain=virus protocol=tcp dst-port=3422 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=6667 action=drop \
comment="/B/C/D/E/F-4" disabled=no
add chain=virus protocol=tcp dst-port=6789 action=drop \
comment="/T/U@mm" disabled=no
add chain=virus protocol=tcp dst-port=8787 action=drop \
comment=".-1" disabled=no
add chain=virus protocol=tcp dst-port=8879 action=drop \
comment=".-2" disabled=no
add chain=virus protocol=tcp dst-port=8967 action=drop \
comment="/B-2" disabled=no
add chain=virus protocol=tcp dst-port=9999 action=drop \
comment="/B-3" disabled=no
add chain=virus protocol=tcp dst-port=20034 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=21554 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=31666 action=drop \
comment=".-3" disabled=no
add chain=virus protocol=tcp dst-port=43958 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=999 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=6670 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=6771 action=drop \
comment="-5" disabled=no
add chain=virus protocol=tcp dst-port=60000 action=drop \
comment="-6" disabled=no
add chain=virus protocol=tcp dst-port=2140 action=drop \
comment="-7" disabled=no
add chain=virus protocol=tcp dst-port=10067 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=10167 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=3700 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=6883 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=26274 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=47262 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=3791 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=3801 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=65390 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=30133 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=79 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=5031 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=5321 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=6400 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=7777 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=1047 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=2774 action=drop comment="SubSeven-1" \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="SubSeven-2" \
disabled=no
add chain=virus protocol=tcp dst-port=1243 action=drop comment="SubSeven-3" \
disabled=no
add chain=virus protocol=tcp dst-port=1234 action=drop comment="SubSeven-4" \
disabled=no
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
comment="SubSeven-5" disabled=no
add chain=virus protocol=tcp dst-port=16959 action=drop comment="SubSeven-7" \
disabled=no
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=25982 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=8102 action=drop comment="*" \
disabled=no
add chain=virus protocol=tcp dst-port=8011 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=7626 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=19191 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=2583 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=3024 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4092 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=5714 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
comment="Doly1.0/1.35/1.5*-1" disabled=no
add chain=virus protocol=tcp dst-port=1015 action=drop \
comment="Doly1.0/1.35/1.5*-2" disabled=no
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=9878 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=2773 action=drop \
comment="..*-1" disabled=no
add chain=virus protocol=tcp dst-port=7215 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=54283 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=1003 action=drop \
comment="BackDoor*-1" disabled=no
add chain=virus protocol=tcp dst-port=5598 action=drop \
comment="BackDoor*-2" disabled=no
add chain=virus protocol=tcp dst-port=5698 action=drop \
comment="BackDoor*-3" disabled=no
add chain=virus protocol=tcp dst-port=31554 action=drop \
comment="Schainwindler*-2" disabled=no
add chain=virus protocol=tcp dst-port=18753 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=20432 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=65000 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=11831 action=drop \
comment="Latinus*-1" disabled=no
add chain=virus protocol=tcp dst-port=29559 action=drop \
comment="Latinus*-2" disabled=no
add chain=virus protocol=tcp dst-port=1784 action=drop \
comment="Snid.X2*-1" disabled=no
add chain=virus protocol=tcp dst-port=3586 action=drop \
comment="Snid.X2*-2" disabled=no
add chain=virus protocol=tcp dst-port=7609 action=drop \
comment="Snid.X2*-3" disabled=no
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
comment="Bionet*-1" disabled=no
add chain=virus protocol=tcp dst-port=12478 action=drop \
comment="Bionet*-2" disabled=no
add chain=virus protocol=tcp dst-port=57922 action=drop \
comment="Bionet*-3" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop \
comment=".a1." disabled=no
add chain=virus protocol=tcp dst-port=6777 action=drop \
comment="." disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop \
comment="-g/j-l" disabled=no
add chain=virus protocol=tcp dst-port=2556 action=drop \
comment="/q/r/n" disabled=no
add chain=virus protocol=tcp dst-port=20742 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4751 action=drop \
comment="/t/u/v" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop \
comment="/ab/w/x-z-2" disabled=no
add chain=virus protocol=tcp dst-port=5238 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1068 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop \
comment="/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9996 action=drop \
comment="/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9995 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=10168 action=drop \
comment="/b/c/d" disabled=no
add chain=virus protocol=tcp dst-port=20808 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1092 action=drop \
comment="/g" disabled=no
add chain=virus protocol=tcp dst-port=20168 action=drop \
comment="/g" disabled=no
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichainlid" \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=8888 action=drop \
comment="" disabled=no
add chain=virus protocol=udp dst-port=44444 action=drop \
comment="-7" disabled=no
add chain=virus protocol=udp dst-port=8998 action=drop \
comment="-3" disabled=no
add chain=virus protocol=udp dst-port=123 action=drop comment="-1" \
disabled=no
add chain=virus protocol=tcp dst-port=3198 action=drop \
comment=".a2." disabled=no
add chain=virus protocol=tcp dst-port=139 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=135 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=yes
# software id = 83RE-SN0
#
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop illegal connection packets" disabled=no
add chain=input protocol=tcp dst-port=80 connection-limit=90,0 action=drop \
Comment="Limit the total number of http connections to 90" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop \
comment="Probate and discard port scan connection" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tarpit comment="Suppress DoS attacks" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="Detection of DoS Attacks" disabled=no
add chain=input dst-address-type=!local action=drop comment="Drop non-local data" \
disabled=no
add chain=input src-address-type=!unicast action=drop \
comment="Discard all non-unicast data" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP \
Comment="Jump to ICMP linked list" disabled=no
add chain=input protocol=tcp action=jump jump-target=virus \
comment="Jump to virus linked list" disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment="Ping response is limited to 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment="Traceroute limit is 5 packages per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
Comment="MTU line detection limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment="Ping request limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment="Trace TTL limit is 5 packets per second" disabled=no
add chain=ICMP protocol=icmp action=drop comment="Drop any ICMP data" \
disabled=no
add chain=forward connection-state=established action=accept \
comment="accept connected packets" disabled=no
add chain=forward connection-state=related action=accept \
Comment="Accept relevant data packets" disabled=no
add chain=forward connection-state=invalid action=drop \
comment="Drop illegal packets" disabled=no
add chain=forward protocol=tcp connection-limit=50,32 action=drop \
Comment="Limit the number of TCP connections per host to 50" disabled=no
add chain=forward src-address-type=!unicast action=drop \
comment="Discard all non-unicast data" disabled=no
add chain=forward protocol=icmp action=jump jump-target=ICMP \
Comment="Jump to ICMP linked list" disabled=no
add chain=forward action=jump jump-target=virus comment="Jump to virus linked list" \
disabled=no
add chain=virus protocol=tcp dst-port=41 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=82 action=drop \
comment="@mm" disabled=no
add chain=virus protocol=tcp dst-port=113 action=drop \
comment="/B/C/D/E/F-1" disabled=no
add chain=virus protocol=tcp dst-port=2041 action=drop \
comment="/B/C/D/E/F-2" disabled=no
add chain=virus protocol=tcp dst-port=3150 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=3067 action=drop \
comment="/B/C/D/E/F-3" disabled=no
add chain=virus protocol=tcp dst-port=3422 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=6667 action=drop \
comment="/B/C/D/E/F-4" disabled=no
add chain=virus protocol=tcp dst-port=6789 action=drop \
comment="/T/U@mm" disabled=no
add chain=virus protocol=tcp dst-port=8787 action=drop \
comment=".-1" disabled=no
add chain=virus protocol=tcp dst-port=8879 action=drop \
comment=".-2" disabled=no
add chain=virus protocol=tcp dst-port=8967 action=drop \
comment="/B-2" disabled=no
add chain=virus protocol=tcp dst-port=9999 action=drop \
comment="/B-3" disabled=no
add chain=virus protocol=tcp dst-port=20034 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=21554 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=31666 action=drop \
comment=".-3" disabled=no
add chain=virus protocol=tcp dst-port=43958 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=999 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=6670 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=6771 action=drop \
comment="-5" disabled=no
add chain=virus protocol=tcp dst-port=60000 action=drop \
comment="-6" disabled=no
add chain=virus protocol=tcp dst-port=2140 action=drop \
comment="-7" disabled=no
add chain=virus protocol=tcp dst-port=10067 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=10167 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=3700 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=9872-9875 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=6883 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=26274 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=47262 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=3791 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=3801 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=65390 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=5880-5882 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=5888-5889 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=30100-30103 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=30133 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=7300-7301 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=7306-7308 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=79 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=5031 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=5321 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=6400 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=7777 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=1047 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=6969-6970 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=2774 action=drop comment="SubSeven-1" \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="SubSeven-2" \
disabled=no
add chain=virus protocol=tcp dst-port=1243 action=drop comment="SubSeven-3" \
disabled=no
add chain=virus protocol=tcp dst-port=1234 action=drop comment="SubSeven-4" \
disabled=no
add chain=virus protocol=tcp dst-port=6711-6713 action=drop \
comment="SubSeven-5" disabled=no
add chain=virus protocol=tcp dst-port=16959 action=drop comment="SubSeven-7" \
disabled=no
add chain=virus protocol=tcp dst-port=25685-25686 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=25982 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=31337-31339 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=8102 action=drop comment="*" \
disabled=no
add chain=virus protocol=tcp dst-port=8011 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=7626 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=19191 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=23444-23445 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=2583 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=3024 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4092 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=5714 action=drop \
comment="-4" disabled=no
add chain=virus protocol=tcp dst-port=1010-1012 action=drop \
comment="Doly1.0/1.35/1.5*-1" disabled=no
add chain=virus protocol=tcp dst-port=1015 action=drop \
comment="Doly1.0/1.35/1.5*-2" disabled=no
add chain=virus protocol=tcp dst-port=2004-2005 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=9878 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=2773 action=drop \
comment="..*-1" disabled=no
add chain=virus protocol=tcp dst-port=7215 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=54283 action=drop \
comment="-3" disabled=no
add chain=virus protocol=tcp dst-port=1003 action=drop \
comment="BackDoor*-1" disabled=no
add chain=virus protocol=tcp dst-port=5598 action=drop \
comment="BackDoor*-2" disabled=no
add chain=virus protocol=tcp dst-port=5698 action=drop \
comment="BackDoor*-3" disabled=no
add chain=virus protocol=tcp dst-port=31554 action=drop \
comment="Schainwindler*-2" disabled=no
add chain=virus protocol=tcp dst-port=18753 action=drop \
comment="-1" disabled=no
add chain=virus protocol=tcp dst-port=20432 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=65000 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=11831 action=drop \
comment="Latinus*-1" disabled=no
add chain=virus protocol=tcp dst-port=29559 action=drop \
comment="Latinus*-2" disabled=no
add chain=virus protocol=tcp dst-port=1784 action=drop \
comment="Snid.X2*-1" disabled=no
add chain=virus protocol=tcp dst-port=3586 action=drop \
comment="Snid.X2*-2" disabled=no
add chain=virus protocol=tcp dst-port=7609 action=drop \
comment="Snid.X2*-3" disabled=no
add chain=virus protocol=tcp dst-port=12348-12349 action=drop \
comment="Bionet*-1" disabled=no
add chain=virus protocol=tcp dst-port=12478 action=drop \
comment="Bionet*-2" disabled=no
add chain=virus protocol=tcp dst-port=57922 action=drop \
comment="Bionet*-3" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop \
comment=".a1." disabled=no
add chain=virus protocol=tcp dst-port=6777 action=drop \
comment="." disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop \
comment="-g/j-l" disabled=no
add chain=virus protocol=tcp dst-port=2556 action=drop \
comment="/q/r/n" disabled=no
add chain=virus protocol=tcp dst-port=20742 action=drop \
comment="-2" disabled=no
add chain=virus protocol=tcp dst-port=4751 action=drop \
comment="/t/u/v" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop \
comment="/ab/w/x-z-2" disabled=no
add chain=virus protocol=tcp dst-port=5238 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1068 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop \
comment="/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9996 action=drop \
comment="/c/f" disabled=no
add chain=virus protocol=tcp dst-port=9995 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=10168 action=drop \
comment="/b/c/d" disabled=no
add chain=virus protocol=tcp dst-port=20808 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1092 action=drop \
comment="/g" disabled=no
add chain=virus protocol=tcp dst-port=20168 action=drop \
comment="/g" disabled=no
add chain=virus protocol=tcp dst-port=1363-1364 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichainlid" \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop \
comment="" disabled=no
add chain=virus protocol=tcp dst-port=8888 action=drop \
comment="" disabled=no
add chain=virus protocol=udp dst-port=44444 action=drop \
comment="-7" disabled=no
add chain=virus protocol=udp dst-port=8998 action=drop \
comment="-3" disabled=no
add chain=virus protocol=udp dst-port=123 action=drop comment="-1" \
disabled=no
add chain=virus protocol=tcp dst-port=3198 action=drop \
comment=".a2." disabled=no
add chain=virus protocol=tcp dst-port=139 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=135 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=10h tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=yes