just copy and pust
///////////////////////////////////////////////
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=virus comment=Death disabled=no dst-port=2 protocol=tcp
add action=drop chain=virus comment=B2 disabled=no dst-port=15 protocol=tcp
add action=drop chain=virus comment="ADM worm" disabled=no dst-port=23 \
protocol=tcp
add action=drop chain=virus comment="Agent 40421" disabled=no dst-port=30 \
protocol=tcp
add action=drop chain=virus comment="Agent 31" disabled=no dst-port=31 \
protocol=tcp
add action=drop chain=virus comment=subSARI disabled=no dst-port=39 protocol=\
tcp
add action=drop chain=virus comment="Deep Throat" disabled=no dst-port=41 \
protocol=tcp
add action=drop chain=virus comment="Deep Throat" disabled=no dst-port=41 \
protocol=tcp
add action=drop chain=virus comment=Arctic disabled=no dst-port=44 protocol=\
tcp
add action=drop chain=virus comment=Arctic disabled=no dst-port=44 protocol=\
tcp
add action=drop chain=virus comment=DRAT disabled=no dst-port=48 protocol=tcp
add action=drop chain=virus comment=DRAT disabled=no dst-port=50 protocol=tcp
add action=drop chain=virus comment=DMSetup disabled=no dst-port=58 protocol=\
tcp
add action=drop chain=virus comment=DMSetup disabled=no dst-port=59 protocol=\
tcp
add action=drop chain=virus comment="Denegar DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=virus comment="denegar TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=virus comment="CDK, Firehotcker" disabled=no dst-port=\
79 protocol=tcp
add action=drop chain=virus comment="RemoConChubo USADO POR DISDOOS" \
disabled=no dst-port=81 protocol=tcp
add action=drop chain=virus comment=Hidden disabled=no dst-port=99 protocol=\
tcp
add action=drop chain=virus comment="Denegar RPC portmapper" disabled=no \
dst-port=111 protocol=tcp
add action=drop chain=virus comment="Invisible Identd Deamon" disabled=no \
dst-port=113 protocol=tcp
add action=drop chain=virus comment=\
"Happy99 OJO se usa para Grupo de Noticias" disabled=no dst-port=119 \
protocol=tcp
add action=drop chain=virus comment="Attack Bot" disabled=no dst-port=121 \
protocol=tcp
add action=drop chain=virus comment="Net Controller" disabled=no dst-port=123 \
protocol=tcp
add action=drop chain=virus comment=Farnaz disabled=no dst-port=133 protocol=\
tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=virus comment=Chode disabled=no dst-port=137 protocol=\
tcp
add action=drop chain=virus comment=Chode disabled=no dst-port=138 protocol=\
tcp
add action=drop chain=virus comment=NetTaxi disabled=no dst-port=142 \
protocol=tcp
add action=drop chain=virus comment=Infector disabled=no dst-port=146 \
protocol=tcp
add action=drop chain=virus comment=NokNok disabled=no dst-port=166 protocol=\
tcp
add action=drop chain=virus comment=A-trojan disabled=no dst-port=170 \
protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment=Rasmin disabled=no dst-port=1045 \
protocol=tcp
add action=drop chain=virus comment=/sbin/initd disabled=no dst-port=1049 \
protocol=tcp
add action=drop chain=virus comment=MiniCommand disabled=no dst-port=1050 \
protocol=tcp
add action=drop chain=virus comment="The Thief" disabled=no dst-port=1053 \
protocol=tcp
add action=drop chain=virus comment=AckCmd disabled=no dst-port=1054 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=WinHole disabled=no dst-port=1081 \
protocol=tcp
add action=drop chain=virus comment=Winhole disabled=no dst-port=1082 \
protocol=tcp
add action=drop chain=virus comment=WinHole disabled=no dst-port=1083 \
protocol=tcp
add action=drop chain=virus comment=Xtreme disabled=no dst-port=1090 \
protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1095 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1097 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1098 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1099 protocol=tcp
add action=add-dst-to-address-list address-list=DISDOSS address-list-timeout=\
1h chain=virus comment=Orion disabled=no dst-port=1150 protocol=tcp
add action=drop chain=virus comment=Orion disabled=no dst-port=1151 protocol=\
tcp
add action=drop chain=virus comment="Streaming Audio Server" disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=virus comment=DaCryptic disabled=no dst-port=1174 \
protocol=tcp
add action=drop chain=virus comment=unim68 disabled=no dst-port=1180 \
protocol=tcp
add action=drop chain=virus comment=SoftWar disabled=no dst-port=1207 \
protocol=tcp
add action=drop chain=virus comment=Infector disabled=no dst-port=1208 \
protocol=tcp
add action=drop chain=virus comment=Kaos disabled=no dst-port=1212 protocol=\
tcp
add action=drop chain=virus comment=----- disabled=no dst-port=1214 protocol=\
tcp
add action=drop chain=virus comment="Subseven Java Client" disabled=no \
dst-port=1234 protocol=tcp
add action=drop chain=virus comment="BackDoor - G" disabled=no dst-port=1243 \
protocol=tcp
add action=drop chain=virus comment="VooDoo Doll" disabled=no dst-port=1245 \
protocol=tcp
add action=drop chain=virus comment=Scarab disabled=no dst-port=1255 \
protocol=tcp
add action=drop chain=virus comment="Project Next" disabled=no dst-port=1256 \
protocol=tcp
add action=drop chain=virus comment=Matrix disabled=no dst-port=1269 \
protocol=tcp
add action=drop chain=virus comment="The Matrix" disabled=no dst-port=1272 \
protocol=tcp
add action=drop chain=virus comment=Netrojan disabled=no dst-port=1313 \
protocol=tcp
add action=drop chain=virus comment=ShadyShell disabled=no dst-port=1337 \
protocol=tcp
add action=drop chain=virus comment="Milennium Worm" disabled=no dst-port=\
1338 protocol=tcp
add action=drop chain=virus comment="Bo dll" disabled=no dst-port=1349 \
protocol=tcp
add action=drop chain=virus comment="ndm requester-" disabled=no dst-port=\
1363 protocol=tcp
add action=drop chain=virus comment="ndm server-" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=kromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichild disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Dagger disabled=no dst-port=1386 \
protocol=tcp
add action=drop chain=virus comment=GoFriller disabled=no dst-port=1394 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Remote Storm" disabled=no dst-port=1441 \
protocol=tcp
add action=drop chain=virus comment=FTP99CMP disabled=no dst-port=1492 \
protocol=tcp
add action=drop chain=virus comment=Trinno disabled=no dst-port=1524 \
protocol=tcp
add action=drop chain=virus comment="Remote Hack" disabled=no dst-port=1568 \
protocol=tcp
add action=drop chain=virus comment="Denegar NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Denegar BackOriffice" disabled=no \
dst-port=3133 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Denegar NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
add action=log chain=icmp disabled=no log-prefix="" protocol=icmp
add action=jump chain=forward comment="jump to the virus chain" disabled=no \
jump-target=virus
add action=accept chain=input comment="Aceitar relatar conexes" \
connection-state=related disabled=no
add action=add-src-to-address-list address-list="Entradas por FTP" \
address-list-timeout=0s chain=input comment=\
"Cria Lista de IPs que entran no FTP" disabled=no dst-port=21 protocol=\
tcp
add action=drop chain=input comment="Aceitar Conexes FTP" disabled=no \
dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list="Acesos Via Web" \
address-list-timeout=0s chain=input comment=\
"Cria Lista de IPs que vem WebBox" disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment="Aceita WebBox" disabled=no dst-port=80 \
protocol=tcp
add action=accept chain=input comment=UDP disabled=no protocol=udp
add action=accept chain=input comment="Aceitar pings limitados" disabled=no \
limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Recusar pings exedidos" disabled=no \
protocol=icmp
add action=add-src-to-address-list address-list="Lista Telnet" \
address-list-timeout=0s chain=input comment="Lista Telnet" disabled=no \
dst-port=23 protocol=tcp
add action=drop chain=input comment="Aceita Telnet" disabled=no dst-port=23 \
protocol=tcp
add action=add-src-to-address-list address-list="Tentativas SSH" \
address-list-timeout=0s chain=input comment="Cria Lista de Entradas SSH" \
disabled=no dst-port=22 protocol=tcp
add action=drop chain=input comment=SSH disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=Winbox address-list-timeout=\
0s chain=input comment="Agrega IPs Que entram pelo Winbox" disabled=no \
dst-port=8291 protocol=tcp
add action=accept chain=input comment="limited dns" disabled=no dst-port=53 \
limit=2400/1m,5 protocol=udp
add action=drop chain=input comment="all others go to hell" disabled=no \
dst-port=53 protocol=udp
add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
protocol=tcp
add action=drop chain=forward comment="Anti Spam" disabled=no dst-port=25 \
protocol=tcp src-address-list=Spamm
add action=add-src-to-address-list address-list=Spamm address-list-timeout=2h \
chain=forward connection-limit=10,32 disabled=no dst-port=25 limit=50,5 \
protocol=tcp
add action=drop chain=sanity-check comment="Deny illegal NAT traversal" \
disabled=no packet-mark=nat-traversal
add action=jump chain=forward comment="Sanity Check" disabled=no jump-target=\
sanity-check
add action=jump chain=sanity-check comment=\
"Dropea todo 0 trafego que Vem das direes multicast o broadcast" \
disabled=no dst-address-type=broadcast,multicast jump-target=drop
add action=jump chain=sanity-check comment=\
"Dropeia o trafego dirigido a direes multicast o broadcast" disabled=no \
jump-target=drop src-address-type=broadcast,multicast
add action=log chain=drop disabled=no log-prefix=DROPPEDD
add action=drop chain=drop disabled=no
add action=accept chain=forward disabled=no
add action=drop chain=input comment="conexes invalidas" connection-state=\
invalid disabled=no
add action=drop chain=SERVICIOS comment="Bloqueia o ingreso por Telnet" \
disabled=no dst-port=23 protocol=tcp
add action=drop chain=input comment="DROP BLACK-LISTED USERS" disabled=no \
src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Bloquea TCP Null scan" \
disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Bloquea TCP Xmas scan" \
disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Detecta Dois Attack" \
connection-limit=10,32 disabled=no protocol=tcp
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Detecta port scan" disabled=\
no protocol=tcp psd=21,3s,3,1
add action=jump chain=input comment=SERVICOS disabled=no jump-target=\
SERVICIOS
/system identity
set name="shadysoft(01009661565)"
///////////////////////////////////////////////
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=virus comment=Death disabled=no dst-port=2 protocol=tcp
add action=drop chain=virus comment=B2 disabled=no dst-port=15 protocol=tcp
add action=drop chain=virus comment="ADM worm" disabled=no dst-port=23 \
protocol=tcp
add action=drop chain=virus comment="Agent 40421" disabled=no dst-port=30 \
protocol=tcp
add action=drop chain=virus comment="Agent 31" disabled=no dst-port=31 \
protocol=tcp
add action=drop chain=virus comment=subSARI disabled=no dst-port=39 protocol=\
tcp
add action=drop chain=virus comment="Deep Throat" disabled=no dst-port=41 \
protocol=tcp
add action=drop chain=virus comment="Deep Throat" disabled=no dst-port=41 \
protocol=tcp
add action=drop chain=virus comment=Arctic disabled=no dst-port=44 protocol=\
tcp
add action=drop chain=virus comment=Arctic disabled=no dst-port=44 protocol=\
tcp
add action=drop chain=virus comment=DRAT disabled=no dst-port=48 protocol=tcp
add action=drop chain=virus comment=DRAT disabled=no dst-port=50 protocol=tcp
add action=drop chain=virus comment=DMSetup disabled=no dst-port=58 protocol=\
tcp
add action=drop chain=virus comment=DMSetup disabled=no dst-port=59 protocol=\
tcp
add action=drop chain=virus comment="Denegar DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=virus comment="denegar TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=virus comment="CDK, Firehotcker" disabled=no dst-port=\
79 protocol=tcp
add action=drop chain=virus comment="RemoConChubo USADO POR DISDOOS" \
disabled=no dst-port=81 protocol=tcp
add action=drop chain=virus comment=Hidden disabled=no dst-port=99 protocol=\
tcp
add action=drop chain=virus comment="Denegar RPC portmapper" disabled=no \
dst-port=111 protocol=tcp
add action=drop chain=virus comment="Invisible Identd Deamon" disabled=no \
dst-port=113 protocol=tcp
add action=drop chain=virus comment=\
"Happy99 OJO se usa para Grupo de Noticias" disabled=no dst-port=119 \
protocol=tcp
add action=drop chain=virus comment="Attack Bot" disabled=no dst-port=121 \
protocol=tcp
add action=drop chain=virus comment="Net Controller" disabled=no dst-port=123 \
protocol=tcp
add action=drop chain=virus comment=Farnaz disabled=no dst-port=133 protocol=\
tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=virus comment=Chode disabled=no dst-port=137 protocol=\
tcp
add action=drop chain=virus comment=Chode disabled=no dst-port=138 protocol=\
tcp
add action=drop chain=virus comment=NetTaxi disabled=no dst-port=142 \
protocol=tcp
add action=drop chain=virus comment=Infector disabled=no dst-port=146 \
protocol=tcp
add action=drop chain=virus comment=NokNok disabled=no dst-port=166 protocol=\
tcp
add action=drop chain=virus comment=A-trojan disabled=no dst-port=170 \
protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment=Rasmin disabled=no dst-port=1045 \
protocol=tcp
add action=drop chain=virus comment=/sbin/initd disabled=no dst-port=1049 \
protocol=tcp
add action=drop chain=virus comment=MiniCommand disabled=no dst-port=1050 \
protocol=tcp
add action=drop chain=virus comment="The Thief" disabled=no dst-port=1053 \
protocol=tcp
add action=drop chain=virus comment=AckCmd disabled=no dst-port=1054 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=WinHole disabled=no dst-port=1081 \
protocol=tcp
add action=drop chain=virus comment=Winhole disabled=no dst-port=1082 \
protocol=tcp
add action=drop chain=virus comment=WinHole disabled=no dst-port=1083 \
protocol=tcp
add action=drop chain=virus comment=Xtreme disabled=no dst-port=1090 \
protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1095 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1097 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1098 protocol=tcp
add action=drop chain=virus comment="Remote Administration Tool - RAT" \
disabled=no dst-port=1099 protocol=tcp
add action=add-dst-to-address-list address-list=DISDOSS address-list-timeout=\
1h chain=virus comment=Orion disabled=no dst-port=1150 protocol=tcp
add action=drop chain=virus comment=Orion disabled=no dst-port=1151 protocol=\
tcp
add action=drop chain=virus comment="Streaming Audio Server" disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=virus comment=DaCryptic disabled=no dst-port=1174 \
protocol=tcp
add action=drop chain=virus comment=unim68 disabled=no dst-port=1180 \
protocol=tcp
add action=drop chain=virus comment=SoftWar disabled=no dst-port=1207 \
protocol=tcp
add action=drop chain=virus comment=Infector disabled=no dst-port=1208 \
protocol=tcp
add action=drop chain=virus comment=Kaos disabled=no dst-port=1212 protocol=\
tcp
add action=drop chain=virus comment=----- disabled=no dst-port=1214 protocol=\
tcp
add action=drop chain=virus comment="Subseven Java Client" disabled=no \
dst-port=1234 protocol=tcp
add action=drop chain=virus comment="BackDoor - G" disabled=no dst-port=1243 \
protocol=tcp
add action=drop chain=virus comment="VooDoo Doll" disabled=no dst-port=1245 \
protocol=tcp
add action=drop chain=virus comment=Scarab disabled=no dst-port=1255 \
protocol=tcp
add action=drop chain=virus comment="Project Next" disabled=no dst-port=1256 \
protocol=tcp
add action=drop chain=virus comment=Matrix disabled=no dst-port=1269 \
protocol=tcp
add action=drop chain=virus comment="The Matrix" disabled=no dst-port=1272 \
protocol=tcp
add action=drop chain=virus comment=Netrojan disabled=no dst-port=1313 \
protocol=tcp
add action=drop chain=virus comment=ShadyShell disabled=no dst-port=1337 \
protocol=tcp
add action=drop chain=virus comment="Milennium Worm" disabled=no dst-port=\
1338 protocol=tcp
add action=drop chain=virus comment="Bo dll" disabled=no dst-port=1349 \
protocol=tcp
add action=drop chain=virus comment="ndm requester-" disabled=no dst-port=\
1363 protocol=tcp
add action=drop chain=virus comment="ndm server-" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=kromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichild disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Dagger disabled=no dst-port=1386 \
protocol=tcp
add action=drop chain=virus comment=GoFriller disabled=no dst-port=1394 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Remote Storm" disabled=no dst-port=1441 \
protocol=tcp
add action=drop chain=virus comment=FTP99CMP disabled=no dst-port=1492 \
protocol=tcp
add action=drop chain=virus comment=Trinno disabled=no dst-port=1524 \
protocol=tcp
add action=drop chain=virus comment="Remote Hack" disabled=no dst-port=1568 \
protocol=tcp
add action=drop chain=virus comment="Denegar NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Denegar BackOriffice" disabled=no \
dst-port=3133 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Denegar NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
add action=log chain=icmp disabled=no log-prefix="" protocol=icmp
add action=jump chain=forward comment="jump to the virus chain" disabled=no \
jump-target=virus
add action=accept chain=input comment="Aceitar relatar conexes" \
connection-state=related disabled=no
add action=add-src-to-address-list address-list="Entradas por FTP" \
address-list-timeout=0s chain=input comment=\
"Cria Lista de IPs que entran no FTP" disabled=no dst-port=21 protocol=\
tcp
add action=drop chain=input comment="Aceitar Conexes FTP" disabled=no \
dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list="Acesos Via Web" \
address-list-timeout=0s chain=input comment=\
"Cria Lista de IPs que vem WebBox" disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment="Aceita WebBox" disabled=no dst-port=80 \
protocol=tcp
add action=accept chain=input comment=UDP disabled=no protocol=udp
add action=accept chain=input comment="Aceitar pings limitados" disabled=no \
limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Recusar pings exedidos" disabled=no \
protocol=icmp
add action=add-src-to-address-list address-list="Lista Telnet" \
address-list-timeout=0s chain=input comment="Lista Telnet" disabled=no \
dst-port=23 protocol=tcp
add action=drop chain=input comment="Aceita Telnet" disabled=no dst-port=23 \
protocol=tcp
add action=add-src-to-address-list address-list="Tentativas SSH" \
address-list-timeout=0s chain=input comment="Cria Lista de Entradas SSH" \
disabled=no dst-port=22 protocol=tcp
add action=drop chain=input comment=SSH disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=Winbox address-list-timeout=\
0s chain=input comment="Agrega IPs Que entram pelo Winbox" disabled=no \
dst-port=8291 protocol=tcp
add action=accept chain=input comment="limited dns" disabled=no dst-port=53 \
limit=2400/1m,5 protocol=udp
add action=drop chain=input comment="all others go to hell" disabled=no \
dst-port=53 protocol=udp
add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
protocol=tcp
add action=drop chain=forward comment="Anti Spam" disabled=no dst-port=25 \
protocol=tcp src-address-list=Spamm
add action=add-src-to-address-list address-list=Spamm address-list-timeout=2h \
chain=forward connection-limit=10,32 disabled=no dst-port=25 limit=50,5 \
protocol=tcp
add action=drop chain=sanity-check comment="Deny illegal NAT traversal" \
disabled=no packet-mark=nat-traversal
add action=jump chain=forward comment="Sanity Check" disabled=no jump-target=\
sanity-check
add action=jump chain=sanity-check comment=\
"Dropea todo 0 trafego que Vem das direes multicast o broadcast" \
disabled=no dst-address-type=broadcast,multicast jump-target=drop
add action=jump chain=sanity-check comment=\
"Dropeia o trafego dirigido a direes multicast o broadcast" disabled=no \
jump-target=drop src-address-type=broadcast,multicast
add action=log chain=drop disabled=no log-prefix=DROPPEDD
add action=drop chain=drop disabled=no
add action=accept chain=forward disabled=no
add action=drop chain=input comment="conexes invalidas" connection-state=\
invalid disabled=no
add action=drop chain=SERVICIOS comment="Bloqueia o ingreso por Telnet" \
disabled=no dst-port=23 protocol=tcp
add action=drop chain=input comment="DROP BLACK-LISTED USERS" disabled=no \
src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Bloquea TCP Null scan" \
disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Bloquea TCP Xmas scan" \
disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Detecta Dois Attack" \
connection-limit=10,32 disabled=no protocol=tcp
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1h chain=input comment="Detecta port scan" disabled=\
no protocol=tcp psd=21,3s,3,1
add action=jump chain=input comment=SERVICOS disabled=no jump-target=\
SERVICIOS
/system identity
set name="shadysoft(01009661565)"
ليست هناك تعليقات:
إرسال تعليق