Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall filter
- add action=jump chain=forward comment="Jump to handle virus from TCP port" disabled=no log=yes jump-target=tcp-virus protocol=tcp
- add action=jump chain=forward comment="Jump to handle virus from UDP port" disabled=no log=yes jump-target=udp-virus protocol=udp
- add action=drop chain=tcp-virus comment="Socks D Troie, Death" disabled= no log=yes dst-port=1-2 protocol=tcp
- add action=drop chain=tcp-virus comment="Agent 31, Hacker's Paradise, Agent 40421" disabled=no log=yes dst-port=30-31 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=37 protocol=tcp
- add action=drop chain=tcp-virus comment="Deep Throat Fore play" disabled=no log=yes dst-port=41 protocol=tcp
- add action=drop chain=tcp-virus comment=DRAT disabled=no log=yes dst-port=48 protocol=tcp
- add action=drop chain=tcp-virus comment=DRAT disabled=no log=yes dst-port=50 protocol=tcp
- add action=drop chain=tcp-virus comment="DM Setup" disabled=no log=yes dst-port=58-59 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Evala.Worm disabled=no log=yes dst-port=69-70 protocol=tcp
- add action=drop chain=tcp-virus comment="CDK, Firehotcker" disabled=no log=yes dst-port=79 protocol=tcp
- add action=drop chain=tcp-virus comment="Beagle.S RemoconChubo" disabled=no log=yes dst-port=81 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=85-90 protocol=tcp
- add action=drop chain=tcp-virus comment="Common Port for phishing scam sit, Hiddenport, NCX" disabled=no log=yes dst-port=99 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans usethis port , Invisible Identd Deamon, Kazimas" disabled=no log=yes dst-port=113 protocol=tcp
- add action=drop chain=tcp-virus comment=Happy99 disabled=no log=yes dst-port=119 protocol=tcp
- add action=drop chain=tcp-virus comment="Jammer Killah, Attack Bot, God Msage" disabled=no log=yes dst-port=121 protocol=tcp
- add action=drop chain=tcp-virus comment="Password Generator Protocol" disabled=no log=yes dst-port=129 protocol=tcp
- add action=drop chain=tcp-virus comment=Farnaz disabled=no log=yes dst-port=133 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=136-138 protocol=tcp
- add action=drop chain=tcp-virus comment=NetTaxi disabled=no log=yes dst-port=142 protocol=tcp
- add action=drop chain=tcp-virus comment="Infector 1.3" disabled=no log=yes dst-port=146 protocol=tcp
- add action=drop chain=tcp-virus comment=Backage disabled=no log=yes dst-port=334 protocol=tcp
- add action=drop chain=tcp-virus comment=Backage disabled=no log=yes dst-port=411 protocol=tcp
- add action=drop chain=tcp-virus comment="W32.kibuv.b, Breach, Incognito, tcp Wrappers" disabled=no log=yes dst-port=420-421 protocol=tcp
- add action=drop chain=tcp-virus comment= "Fatal Connections - Hacker's Paradise" disabled=no log=yes dst-port=455-456 protocol=tcp
- add action=drop chain=tcp-virus comment="Hacker's Paradise" disabled=no log=yes dst-port=456 protocol=tcp
- add action=drop chain=tcp-virus comment="Grlogin, RPC backDoor" disabled=no log=yes dst-port=513-514 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.kibuv.worm disabled=no log=yes dst-port=530 protocol=tcp
- add action=drop chain=tcp-virus comment="Rasmin, Net666" disabled=no log=yes dst-port=531 protocol=tcp
- add action=drop chain=tcp-virus comment= "Stealth Spy, Phaze, 7-11 Trojan, Ini-Killer, Phase Zero, Phase-0" disabled=no log=yes dst-port=555 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 559 protocol=tcp
- add action=drop chain=tcp-virus comment="Sober worm Variants" disabled=no log=yes dst-port=587 protocol=tcp
- add action=drop chain=tcp-virus comment="W.32.Sasser worm" disabled=no log=yes dst-port=593 protocol=tcp
- add action=drop chain=tcp-virus comment="Secret Service" disabled=no log=yes dst-port=605 protocol=tcp
- add action=drop chain=tcp-virus comment= "Attack FTP, Back Construction, BLA Trojan, no log=yeskno log=yesk, satans" disabled=no log=yes dst-port=666 protocol=tcp
- add action=drop chain=tcp-virus comment=SnipperNet disabled=no log=yes dst-port=667 protocol=tcp
- add action=drop chain=tcp-virus comment="Dp Trojan" disabled=no log=yes dst-port= 669 protocol=tcp
- add action=drop chain=tcp-virus comment=GayOL disabled=no log=yes dst-port=692 protocol=tcp
- add action=drop chain=tcp-virus comment="BackDoor.Netcrack.B - AimSpy" disabled=no log=yes dst-port=777-778 protocol=tcp
- add action=drop chain=tcp-virus comment=WinHole disabled=no log=yes dst-port=808 protocol=tcp
- add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=880 protocol= tcp
- add action=drop chain=tcp-virus comment=Backdoor.Devil disabled=no log=yes dst-port=901-902 protocol=tcp
- add action=drop chain=tcp-virus comment="Dark Shadow" disabled=no log=yes dst-port= 911 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 999-1001 protocol=tcp
- add action=drop chain=tcp-virus comment="Doly Trojan" disabled=no log=yes dst-port= 1011-1016 protocol=tcp
- add action=drop chain=tcp-virus comment=Vampire disabled=no log=yes dst-port=1020 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.lingosky disabled=no log=yes dst-port=1024-1025 protocol=tcp
- add action=drop chain=tcp-virus comment="NetSpy, Multidropper" disabled=no log=yes dst-port=1033-1035 protocol=tcp
- add action=drop chain=tcp-virus comment=Bla disabled=no log=yes dst-port=1042 protocol=tcp
- add action=drop chain=tcp-virus comment=Rasmin disabled=no log=yes dst-port=1045 protocol=tcp
- add action=drop chain=tcp-virus comment="/sbin/initd - MiniCommand" disabled=no log=yes dst-port=1049-1050 protocol=tcp
- add action=drop chain=tcp-virus comment="The Thief, AckCmd" disabled=no log=yes dst-port=1053-1054 protocol=tcp
- add action=drop chain=tcp-virus comment="Backdoor.Zagaban, WinHole" disabled=no log=yes dst-port=1080-1083 protocol=tcp
- add action=drop chain=tcp-virus comment=Xtreme disabled=no log=yes dst-port=1090 protocol=tcp
- add action=drop chain=tcp-virus comment="RAT, Blood Ft Evoltion" disabled=no log=yes dst-port=1095-1099 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1111 protocol=tcp
- add action=drop chain=tcp-virus comment=Orion disabled=no log=yes dst-port= 1150-1151 protocol=tcp
- add action=drop chain=tcp-virus comment="Psyber Stream Server" disabled=no log=yes dst-port=1170 protocol=tcp
- add action=drop chain=tcp-virus comment=SoftWAR,Infector disabled=no log=yes dst-port=1207-1208 protocol=tcp
- add action=drop chain=tcp-virus comment=Kaos disabled=no log=yes dst-port=1212 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Sazo disabled=no log=yes dst-port= 1218 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1234 protocol=tcp
- add action=drop chain=tcp-virus comment="Sub Seven" disabled=no log=yes dst-port= 1243 protocol=tcp
- add action=drop chain=tcp-virus comment="VooDoo Doll" disabled=no log=yes dst-port= 1245 protocol=tcp
- add action=drop chain=tcp-virus comment="Scarab, Project next" disabled=no log=yes dst-port=1255-1256 protocol=tcp
- add action=drop chain=tcp-virus comment="Maverick's Matrix" disabled=no log=yes dst-port=1269 protocol=tcp
- add action=drop chain=tcp-virus comment="The Matrix" disabled=no log=yes dst-port= 1272 protocol=tcp
- add action=drop chain=tcp-virus comment=NETrojan disabled=no log=yes dst-port=1313 protocol=tcp
- add action=drop chain=tcp-virus comment="Millenium Worm" disabled=no log=yes dst-port=1338 protocol=tcp
- add action=drop chain=tcp-virus comment="Bo dll" disabled=no log=yes dst-port=1349 protocol=tcp
- add action=drop chain=tcp-virus comment="GoFriller, Backdoor G-1" disabled= no log=yes dst-port=1394 protocol=tcp
- add action=drop chain=tcp-virus comment="remote Storm" disabled=no log=yes dst-port=1441 protocol=tcp
- add action=drop chain=tcp-virus comment=FTP99CMP disabled=no log=yes dst-port=1492 protocol=tcp
- add action=drop chain=tcp-virus comment="FunkProxy " disabled=no log=yes dst-port= 1505 protocol=tcp
- add action=drop chain=tcp-virus comment="Psyber Streaming server" disabled= no log=yes dst-port=1509 protocol=tcp
- add action=drop chain=tcp-virus comment=Trino log=yeso disabled=no log=yes dst-port=1524 protocol=tcp
- add action=drop chain=tcp-virus comment="Remote Hack" disabled=no log=yes dst-port= 1568 protocol=tcp
- add action=drop chain=tcp-virus comment="Backdoor.Miffice, Bize.Worm" disabled=no log=yes dst-port=1533-1534 protocol=tcp
- add action=drop chain=tcp-virus comment="Shivka-Burka, Direct Connection" disabled=no log=yes dst-port=1600 protocol=tcp
- add action=drop chain=tcp-virus comment="ICA Browser" disabled=no log=yes dst-port= 1604 protocol=tcp
- add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=1703 protocol=tcp
- add action=drop chain=tcp-virus comment=Scarab disabled=no log=yes dst-port=1777 protocol=tcp
- add action=drop chain=tcp-virus comment=Loxbot.d disabled=no log=yes dst-port=1751 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.NetControle disabled=no log=yes dst-port=1772 protocol=tcp
- add action=drop chain=tcp-virus comment=SpySender disabled=no log=yes dst-port=1807 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1863 protocol=tcp
- add action=drop chain=tcp-virus comment="Fake FTP. WM FTP Server" disabled= no log=yes dst-port=1966-1967 protocol=tcp
- add action=drop chain=tcp-virus comment="Shockrave, Bowl" disabled=no log=yes dst-port=1981 protocol=tcp
- add action=drop chain=tcp-virus comment="OpC BO" disabled=no log=yes dst-port=1969 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1999-2005 protocol=tcp
- add action=drop chain=tcp-virus comment=Ripper disabled=no log=yes dst-port=2023 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.korgo.a disabled=no log=yes dst-port= 2041 protocol=tcp
- add action=drop chain=tcp-virus comment="Backdoor.TJServ - WinHole" disabled=no log=yes dst-port=2080 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Expjan disabled=no log=yes dst-port=2090 protocol=tcp
- add action=drop chain=tcp-virus comment=Bugs disabled=no log=yes dst-port=2115 protocol=tcp
- add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port= 2140 protocol=tcp
- add action=drop chain=tcp-virus comment="Illusion Mailer" disabled=no log=yes dst-port=2155 protocol=tcp
- add action=drop chain=tcp-virus comment=Nirvana disabled=no log=yes dst-port=2255 protocol=tcp
- add action=drop chain=tcp-virus comment="Hvl RAT, Dumaru" disabled=no log=yes dst-port=2283 protocol=tcp
- add action=drop chain=tcp-virus comment=Xplorer disabled=no log=yes dst-port=2300 protocol=tcp
- add action=drop chain=tcp-virus comment="Studio 54" disabled=no log=yes dst-port= 2311 protocol=tcp
- add action=drop chain=tcp-virus comment=backdoor.shellbot disabled=no log=yes dst-port=2322 protocol=tcp
- add action=drop chain=tcp-virus comment= "backdoor.shellbot, Eyeveg.worm.c, contact" disabled=no log=yes dst-port= 2330-2339 protocol=tcp
- add action=drop chain=tcp-virus comment=vbs.shania disabled=no log=yes dst-port= 2414 protocol=tcp
- add action=drop chain=tcp-virus comment=Beagle.N disabled=no log=yes dst-port=2556 protocol=tcp
- add action=drop chain=tcp-virus comment=Striker disabled=no log=yes dst-port=2565 protocol=tcp
- add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=2583 protocol=tcp
- add action=drop chain=tcp-virus comment="The Prayer 1.2 -1.3" disabled=no log=yes dst-port=2716 protocol=tcp
- add action=drop chain=tcp-virus comment="Phase Zero" disabled=no log=yes dst-port= 2721 protocol=tcp
- add action=drop chain=tcp-virus comment=Beagle.J disabled=no log=yes dst-port=2745 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.hllw.deadhat.b disabled=no log=yes dst-port=2766 protocol=tcp
- add action=drop chain=tcp-virus comment=SubSeven disabled=no log=yes dst-port= 2773-2774 protocol=tcp
- add action=drop chain=tcp-virus comment="Phineas Phucker" disabled=no log=yes dst-port=2801 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Brador.A disabled=no log=yes dst-port=2989 protocol=tcp
- add action=drop chain=tcp-virus comment="Remote Shut" disabled=no log=yes dst-port= 3000 protocol=tcp
- add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=3024 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Wortbot disabled=no log=yes dst-port=3028 protocol=tcp
- add action=drop chain=tcp-virus comment="W32.Mytob.cz@mm, MicroSpy" disabled=no log=yes dst-port=3030-3031 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.korgo.a disabled=no log=yes dst-port= 3067 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 3127-3198 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.HLLW.Dax disabled=no log=yes dst-port= 3256 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 3332 protocol=tcp
- add action=drop chain=tcp-virus comment=w32.Mytob.kp@MM disabled=no log=yes dst-port=3385 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.mockbot.a.worm disabled=no log=yes dst-port=3410 protocol=tcp
- add action=drop chain=tcp-virus comment="Backdoor.Fearic, Terror Trojan" disabled=no log=yes dst-port=3456 protocol=tcp
- add action=drop chain=tcp-virus comment="Eclipse 2000" disabled=no log=yes dst-port=3459 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=3547 protocol=tcp
- add action=drop chain=tcp-virus comment="Portal of Doom" disabled=no log=yes dst-port=3700 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.helios disabled=no log=yes dst-port=3737 protocol=tcp
- add action=drop chain=tcp-virus comment=PsychWard disabled=no log=yes dst-port=3777 protocol=tcp
- add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=3791 protocol=tcp
- add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=3801 protocol=tcp
- add action=drop chain=tcp-virus comment=SkyDance,Backdoor.OptixPro.13.C disabled=no log=yes dst-port=4000-4001 protocol=tcp
- add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=4092 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.rcserv disabled=no log=yes dst-port=4128 protocol=tcp
- add action=drop chain=tcp-virus comment= "Backdoor.Nemog.D - Virtual Hacking Machine" disabled=no log=yes dst-port=4242 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.smokodoor disabled=no log=yes dst-port=4300 protocol=tcp
- add action=drop chain=tcp-virus comment=BoBo disabled=no log=yes dst-port=4321 protocol=tcp
- add action=drop chain=tcp-virus comment=Phatbot disabled=no log=yes dst-port=4387 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 4444 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.mytob.db disabled=no log=yes dst-port= 4512 protocol=tcp
- add action=drop chain=tcp-virus comment="File Nail" disabled=no log=yes dst-port= 4567 protocol=tcp
- add action=drop chain=tcp-virus comment="ICQ Trojan" disabled=no log=yes dst-port= 4590 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=4646 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=4661 protocol=tcp
- add action=drop chain=tcp-virus comment=Beagle.U disabled=no log=yes dst-port=4751 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.tuxder disabled=no log=yes dst-port=4820 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Opanki disabled=no log=yes dst-port= 4888 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.RaHack disabled=no log=yes dst-port= 4899 protocol=tcp
- add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=4903 protocol= tcp
- add action=drop chain=tcp-virus comment="ICQ Trogen" disabled=no log=yes dst-port= 4950 protocol=tcp
- add action=drop chain=tcp-virus comment="Sokets de Trois v1./Bubbel, cd00r" disabled=no log=yes dst-port=5000-5002 protocol=tcp
- add action=drop chain=tcp-virus comment=Solo,Ootlt disabled=no log=yes dst-port= 5010-5011 protocol=tcp
- add action=drop chain=tcp-virus comment="WM Remote Keylogger" disabled=no log=yes dst-port=5025 protocol=tcp
- add action=drop chain=tcp-virus comment="Net Metropolitan 1.0" disabled=no log=yes dst-port=5031-5032 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.laphex.client disabled=no log=yes dst-port=5152 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 5190 protocol=tcp
- add action=drop chain=tcp-virus comment=Firehotcker disabled=no log=yes dst-port= 5321 protocol=tcp
- add action=drop chain=tcp-virus comment=Baackage,NetDemon disabled=no log=yes dst-port=5333 protocol=tcp
- add action=drop chain=tcp-virus comment="WC Remote Administration Tool" disabled=no log=yes dst-port=5343 protocol=tcp
- add action=drop chain=tcp-virus comment="Blade Runner" disabled=no log=yes dst-port=5400-5402 protocol=tcp
- add action=drop chain=tcp-virus comment= "Backdoor.DarkSky.B, Backconstruction" disabled=no log=yes dst-port=5418-5419 protocol=tcp
- add action=drop chain=tcp-virus comment="Xtcp, Illusion Mailer" disabled=no log=yes dst-port=5512 protocol=tcp
- add action=drop chain=tcp-virus comment="The Flu" disabled=no log=yes dst-port=5534 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port " disabled=no log=yes dst-port=5550-5558 protocol=tcp
- add action=drop chain=tcp-virus comment=Robo-Hack disabled=no log=yes dst-port=5569 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.EasyServ disabled=no log=yes dst-port=5588 protocol=tcp
- add action=drop chain=tcp-virus comment="PC Crasher" disabled=no log=yes dst-port= 5637-5638 protocol=tcp
- add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=5714 protocol=tcp
- add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port= 5741-5742 protocol=tcp
- add action=drop chain=tcp-virus comment="Portmap Remote Root Linux Exploit" disabled=no log=yes dst-port=5760 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Evivinc disabled=no log=yes dst-port=5800 protocol=tcp
- add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5880 protocol=tcp
- add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5882 protocol=tcp
- add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port= 5888-5889 protocol=tcp
- add action=drop chain=tcp-virus comment=LovGate.ak disabled=no log=yes dst-port= 6000 protocol=tcp
- add action=drop chain=tcp-virus comment="Bad Blood" disabled=no log=yes dst-port= 6006 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.mockbot.a.worm disabled=no log=yes dst-port=6129 protocol=tcp
- add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=6180 protocol= tcp
- add action=drop chain=tcp-virus comment=Trojan.Tilser disabled=no log=yes dst-port= 6187 protocol=tcp
- add action=drop chain=tcp-virus comment="Secret Service" disabled=no log=yes dst-port=6272 protocol=tcp
- add action=drop chain=tcp-virus comment="The Thing" disabled=no log=yes dst-port= 6400 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=6565 protocol=tcp
- add action=drop chain=tcp-virus comment=backdoor.sdbot.ag disabled=no log=yes dst-port=6631 protocol=tcp
- add action=drop chain=tcp-virus comment="TEMan, Weia-Meia" disabled=no log=yes dst-port=6661 protocol=tcp
- add action=drop chain=tcp-virus comment= "Netbus Worm, winSATAN, Dark FTP, Schedule Agent" disabled=no log=yes dst-port= 6666-6667 protocol=tcp
- add action=drop chain=tcp-virus comment="Vampyre, Deep Throat" disabled=no log=yes dst-port=6669-6671 protocol=tcp
- add action=drop chain=tcp-virus comment="Sub Seven, Backdoor.G" disabled=no log=yes dst-port=6711-6713 protocol=tcp
- add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=6723 protocol=tcp
- add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port= 6771 protocol=tcp
- add action=drop chain=tcp-virus comment= "Sub Seven, Backdoor.G, W32/Bagle@MM" disabled=no log=yes dst-port=6776-6777 protocol=tcp
- add action=drop chain=tcp-virus comment=NetSky.U disabled=no log=yes dst-port=6789 protocol=tcp
- add action=drop chain=tcp-virus comment="Delta source DarkStar" disabled=no log=yes dst-port=6883 protocol=tcp
- add action=drop chain=tcp-virus comment="Shxt Heap " disabled=no log=yes dst-port= 6912 protocol=tcp
- add action=drop chain=tcp-virus comment=Indoctrination disabled=no log=yes dst-port=6939 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 6969 protocol=tcp
- add action=drop chain=tcp-virus comment="Gate Crasher" disabled=no log=yes dst-port=6970 protocol=tcp
- add action=drop chain=tcp-virus comment="w32.mytob.mx@mm, Remote Grab, explo it translation server, kazimas, remote grab" disabled=no log=yes dst-port= 7000-7001 protocol=tcp
- add action=drop chain=tcp-virus comment="Unkno log=yeswn Trojan" disabled=no log=yes dst-port=7028 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Spybot.ycl disabled=no log=yes dst-port=7043 protocol=tcp
- add action=drop chain=tcp-virus comment=SubSeven disabled=no log=yes dst-port=7215 protocol=tcp
- add action=drop chain=tcp-virus comment="Net Monitor" disabled=no log=yes dst-port= 7300-7308 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.netshadow disabled=no log=yes dst-port=7329 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.phoenix disabled=no log=yes dst-port=7410 protocol=tcp
- add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=7424 protocol=tcp
- add action=drop chain=tcp-virus comment="QaZ -Remote Accs Trojan" disabled=no log=yes dst-port=7597 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.GRM disabled=no log=yes dst-port= 7614 protocol=tcp
- add action=drop chain=tcp-virus comment=Glacier disabled=no log=yes dst-port=7626 protocol=tcp
- add action=drop chain=tcp-virus comment=backdoor.no log=yesdelm disabled=no log=yes dst-port=7740-7749 protocol=tcp
- add action=drop chain=tcp-virus comment="GodMsaage, Tini" disabled=no log=yes dst-port=7777 protocol=tcp
- add action=drop chain=tcp-virus comment=ICKiller disabled=no log=yes dst-port=7789 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=7823 protocol=tcp
- add action=drop chain=tcp-virus comment="The ReVeNgEr" disabled=no log=yes dst-port=7891 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.kibuv.b disabled=no log=yes dst-port= 7955 protocol=tcp
- add action=drop chain=tcp-virus comment=Mstream disabled=no log=yes dst-port=7983 protocol=tcp
- add action=drop chain=tcp-virus comment=w32.mytob.lz@mm disabled=no log=yes dst-port=7999-8000 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Ptakks.b disabled=no log=yes dst-port=8012 protocol=tcp
- add action=drop chain=tcp-virus comment="W32.Spybot.pen " disabled=no log=yes dst-port=8076 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Asniffer disabled=no log=yes dst-port=8090 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.PejayBot disabled=no log=yes dst-port= 8126 protocol=tcp
- add action=drop chain=tcp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8787 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Monator disabled=no log=yes dst-port=8811 protocol=tcp
- add action=drop chain=tcp-virus comment=Beagle.B@mm disabled=no log=yes dst-port= 8866 protocol=tcp
- add action=drop chain=tcp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8879 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Axatak disabled=no log=yes dst-port= 8888-8889 protocol=tcp
- add action=drop chain=tcp-virus comment="BackHack - Rcon, Recon, Xcon" disabled=no log=yes dst-port=8988-8989 protocol=tcp
- add action=drop chain=tcp-virus comment="W32.randex.ccf - netministrator" disabled=no log=yes dst-port=9000 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.nibu.k disabled=no log=yes dst-port=9125 protocol=tcp
- add action=drop chain=tcp-virus comment=InCommand disabled=no log=yes dst-port=9400 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.kibuv.worm disabled=no log=yes dst-port=9604 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.gholame disabled=no log=yes dst-port=9696-9697 protocol=tcp
- add action=drop chain=tcp-virus comment="BackDoor.RC3.B, Portal of Doom" disabled=no log=yes dst-port=9872-9878 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 9898-10002 protocol=tcp
- add action=drop chain=tcp-virus comment=iNi-Killer disabled=no log=yes dst-port= 9989 protocol=tcp
- add action=drop chain=tcp-virus comment="W.32.Sasser Worm" disabled=no log=yes dst-port=9996 protocol=tcp
- add action=drop chain=tcp-virus comment="The Prayer" disabled=no log=yes dst-port= 9999 protocol=tcp
- add action=drop chain=tcp-virus comment=OpwinTRojan disabled=no log=yes dst-port= 10005 protocol=tcp
- add action=drop chain=tcp-virus comment="Chee worm" disabled=no log=yes dst-port= 10008 protocol=tcp
- add action=drop chain=tcp-virus comment=w32.mytob.jw@mm disabled=no log=yes dst-port=10027 protocol=tcp
- add action=drop chain=tcp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10067 protocol=tcp
- add action=drop chain=tcp-virus comment=Mydoom.B disabled=no log=yes dst-port=10080 protocol=tcp
- add action=drop chain=tcp-virus comment="backdoor.ranky.o, backdoor.staprew, backdoor.tuimer, gift trojan, brainspy, silencer" disabled=no log=yes dst-port= 10100-10103 protocol=tcp
- add action=drop chain=tcp-virus comment="Acid Shivers" disabled=no log=yes dst-port=10520 protocol=tcp
- add action=drop chain=tcp-virus comment=Coma disabled=no log=yes dst-port=10607 protocol=tcp
- add action=drop chain=tcp-virus comment=Ambush disabled=no log=yes dst-port=10666 protocol=tcp
- add action=drop chain=tcp-virus comment="Senna Spy" disabled=no log=yes dst-port= 11000 protocol=tcp
- add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=11050-11051 protocol=tcp
- add action=drop chain=tcp-virus comment="Progenic Trojan - Secret Agent" disabled=no log=yes dst-port=11223 protocol=tcp
- add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" disabled= no log=yes dst-port=11768 protocol=tcp
- add action=drop chain=tcp-virus comment="Latinus Server" disabled=no log=yes dst-port=11831 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Satancrew disabled=no log=yes dst-port=12000 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Berbew.j disabled=no log=yes dst-port=12065 protocol=tcp
- add action=drop chain=tcp-virus comment=GJamer disabled=no log=yes dst-port=12076 protocol=tcp
- add action=drop chain=tcp-virus comment="Hack'99, KeyLogger" disabled=no log=yes dst-port=12223 protocol=tcp
- add action=drop chain=tcp-virus comment="Netbus, Ultor's Trojan" disabled= no log=yes dst-port=12345-12346 protocol=tcp
- add action=drop chain=tcp-virus comment=Whack-a-Mole disabled=no log=yes dst-port= 12361-12363 protocol=tcp
- add action=drop chain=tcp-virus comment=NetBus disabled=no log=yes dst-port=12456 protocol=tcp
- add action=drop chain=tcp-virus comment="Whack Job" disabled=no log=yes dst-port= 12631 protocol=tcp
- add action=drop chain=tcp-virus comment="Eclypse 2000" disabled=no log=yes dst-port=12701 protocol=tcp
- add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=12754 protocol=tcp
- add action=drop chain=tcp-virus comment="Senna Spy" disabled=no log=yes dst-port= 13000 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=13173 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Sober.D disabled=no log=yes dst-port= 13468 protocol=tcp
- add action=drop chain=tcp-virus comment="Kuang2 the Virus" disabled=no log=yes dst-port=13700 protocol=tcp
- add action=drop chain=tcp-virus comment=Trojan.Mitglieder.h disabled=no log=yes dst-port=14247 protocol=tcp
- add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=15104 protocol=tcp
- add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" disabled= no log=yes dst-port=15118 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Cyn disabled=no log=yes dst-port= 15432 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Lastdoor disabled=no log=yes dst-port=16322 protocol=tcp
- add action=drop chain=tcp-virus comment=Mosucker disabled=no log=yes dst-port=16484 protocol=tcp
- add action=drop chain=tcp-virus comment="Backdoor.Haxdoor.D - Stacheldraht" disabled=no log=yes dst-port=16660-16661 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 16959 protocol=tcp
- add action=drop chain=tcp-virus comment="Kuang2.B Trojan" disabled=no log=yes dst-port=17300 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.Imav.a disabled=no log=yes dst-port= 17940 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Gaster disabled=no log=yes dst-port=19937 protocol=tcp
- add action=drop chain=tcp-virus comment="Millennium - AcidkoR" disabled=no log=yes dst-port=20001-20002 protocol=tcp
- add action=drop chain=tcp-virus comment="NetBus 2 Pro" disabled=no log=yes dst-port=20034 protocol=tcp
- add action=drop chain=tcp-virus comment=Chupacabra disabled=no log=yes dst-port= 20203 protocol=tcp
- add action=drop chain=tcp-virus comment="Bla Trojan" disabled=no log=yes dst-port= 20331 protocol=tcp
- add action=drop chain=tcp-virus comment="Shaft Client to handlers" disabled=no log=yes dst-port=20432-20433 protocol=tcp
- add action=drop chain=tcp-virus comment=Trojan.Adnap disabled=no log=yes dst-port= 20480 protocol=tcp
- add action=drop chain=tcp-virus comment=Trojan.Mitglieder.E disabled=no log=yes dst-port=20742 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.dasher.b disabled=no log=yes dst-port= 21211 protocol=tcp
- add action=drop chain=tcp-virus comment= "Exploiter - Kid Terror - Schwndler - Winsp00fer" disabled=no log=yes dst-port= 21554 protocol=tcp
- add action=drop chain=tcp-virus comment= "Prosiak - Ruler - Donald Dick - RUX The TIc.K" disabled=no log=yes dst-port= 22222 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Simali disabled=no log=yes dst-port=22311 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor-ADM disabled=no log=yes dst-port= 22784 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.hllw.nettrash disabled=no log=yes dst-port=23005-23006 protocol=tcp
- add action=drop chain=tcp-virus comment=backdoor.berbew.j disabled=no log=yes dst-port=23232 protocol=tcp
- add action=drop chain=tcp-virus comment=Trojan.Framar disabled=no log=yes dst-port= 23435 protocol=tcp
- add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port= 23476-23477 protocol=tcp
- add action=drop chain=tcp-virus comment=w32.mytob.km@mm disabled=no log=yes dst-port=23523 protocol=tcp
- add action=drop chain=tcp-virus comment="Delta Source" disabled=no log=yes dst-port=26274 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.optix.04 disabled=no log=yes dst-port=27379 protocol=tcp
- add action=drop chain=tcp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port= 27573 protocol=tcp
- add action=drop chain=tcp-virus comment="Trin00 DoS Attack" disabled=no log=yes dst-port=27665 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Sdbot.ai disabled=no log=yes dst-port=29147 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.NTHack disabled=no log=yes dst-port=29292 protocol=tcp
- add action=drop chain=tcp-virus comment="Latinus Server" disabled=no log=yes dst-port=29559 protocol=tcp
- add action=drop chain=tcp-virus comment="The Unexplained" disabled=no log=yes dst-port=29891 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Antilam.20 disabled=no log=yes dst-port=29999 protocol=tcp
- add action=drop chain=tcp-virus comment="AOL Trojan" disabled=no log=yes dst-port= 30029 protocol=tcp
- add action=drop chain=tcp-virus comment=NetSphere disabled=no log=yes dst-port= 30100-30103 protocol=tcp
- add action=drop chain=tcp-virus comment="NetSphere Final" disabled=no log=yes dst-port=30133 protocol=tcp
- add action=drop chain=tcp-virus comment="Sockets de Troi" disabled=no log=yes dst-port=30303 protocol=tcp
- add action=drop chain=tcp-virus comment=Kuang2 disabled=no log=yes dst-port=30999 protocol=tcp
- add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 31335-31339 protocol=tcp
- add action=drop chain=tcp-virus comment=BOWhack disabled=no log=yes dst-port=31666 protocol=tcp
- add action=drop chain=tcp-virus comment="Hack'a'Tack" disabled=no log=yes dst-port= 31785-31792 protocol=tcp
- add action=drop chain=tcp-virus comment=backdoor.berbew.j disabled=no log=yes dst-port=32121 protocol=tcp
- add action=drop chain=tcp-virus comment="Acid Battery" disabled=no log=yes dst-port=32418 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Alets.B disabled=no log=yes dst-port=32440 protocol=tcp
- add action=drop chain=tcp-virus comment="Trinity Trojan" disabled=no log=yes dst-port=33270 protocol=tcp
- add action=drop chain=tcp-virus comment=trojan.lodeight.b disabled=no log=yes dst-port=33322 protocol=tcp
- add action=drop chain=tcp-virus comment=Prosiak disabled=no log=yes dst-port=33333 protocol=tcp
- add action=drop chain=tcp-virus comment="Spirit 2001 a" disabled=no log=yes dst-port=33911 protocol=tcp
- add action=drop chain=tcp-virus comment="BigGluck, TN" disabled=no log=yes dst-port=34324 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Lifefourno log=yesw disabled=no log=yes dst-port=36183 protocol=tcp
- add action=drop chain=tcp-virus comment="Yet Ano log=yesther Trojan" disabled=no log=yes dst-port=37651 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=39999 protocol=tcp
- add action=drop chain=tcp-virus comment="The Spy" disabled=no log=yes dst-port=40412 protocol=tcp
- add action=drop chain=tcp-virus comment="Agent 40421 - Masters Paradise" disabled=no log=yes dst-port=40421-40426 protocol=tcp
- add action=drop chain=tcp-virus comment="Master's Paradise" disabled=no log=yes dst-port=43210 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=44280 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=44390 protocol=tcp
- add action=drop chain=tcp-virus comment="Delta Source" disabled=no log=yes dst-port=47252 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=47387 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.antilam.20 disabled=no log=yes dst-port=47891 protocol=tcp
- add action=drop chain=tcp-virus comment="Sokets de Trois v2." disabled=no log=yes dst-port=50505 protocol=tcp
- add action=drop chain=tcp-virus comment=Fore disabled=no log=yes dst-port=50776 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Cyn disabled=no log=yes dst-port=51234 protocol=tcp
- add action=drop chain=tcp-virus comment=W32.kalel.a@mm disabled=no log=yes dst-port=51435 protocol=tcp
- add action=drop chain=tcp-virus comment="Remote Windows Shutdown" disabled= no log=yes dst-port=53001 protocol=tcp
- add action=drop chain=tcp-virus comment="subSeven -Subseven 2.1 Gold" disabled=no log=yes dst-port=54283 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port " disabled=no log=yes dst-port=54320-54321 protocol=tcp
- add action=drop chain=tcp-virus comment="WM Trojan Generator - File manager Trojan" disabled=no log=yes dst-port=55165-55166 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Osirdoor disabled=no log=yes dst-port=56565 protocol=tcp
- add action=drop chain=tcp-virus comment="NetRaider Trojan" disabled=no log=yes dst-port=57341 protocol=tcp
- add action=drop chain=tcp-virus comment=BackDoor.Tron disabled=no log=yes dst-port=58008-58009 protocol=tcp
- add action=drop chain=tcp-virus comment="Butt Funnel" disabled=no log=yes dst-port=58339 protocol=tcp
- add action=drop chain=tcp-virus comment=BackDoor.Redkod disabled=no log=yes dst-port=58666 protocol=tcp
- add action=drop chain=tcp-virus comment=BackDoor.DuckToy disabled=no log=yes dst-port=59211 protocol=tcp
- add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port=60000 protocol=tcp
- add action=drop chain=tcp-virus comment=Trinity disabled=no log=yes dst-port=60001 protocol=tcp
- add action=drop chain=tcp-virus comment=Trojan.Fulamer.25 disabled=no log=yes dst-port=60006 protocol=tcp
- add action=drop chain=tcp-virus comment="Xzip 6000068" disabled=no log=yes dst-port=60068 protocol=tcp
- add action=drop chain=tcp-virus comment=Connection disabled=no log=yes dst-port=60411 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.mite disabled=no log=yes dst-port=61000 protocol=tcp
- add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=61348 protocol=tcp
- add action=drop chain=tcp-virus comment=Telecommando disabled=no log=yes dst-port=61466 protocol=tcp
- add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=61603 protocol=tcp
- add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=63485 protocol=tcp
- add action=drop chain=tcp-virus comment="Phatbot, W32.hllw.gaobot.dk" disabled=no log=yes dst-port=63808-63809 protocol=tcp
- add action=drop chain=tcp-virus comment=Taskmin disabled=no log=yes dst-port=64101 protocol=tcp
- add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=64429 protocol=tcp
- add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=65000 protocol=tcp
- add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=65390 protocol=tcp
- add action=drop chain=tcp-virus comment=Jade disabled=no log=yes dst-port=65421 protocol=tcp
- add action=drop chain=tcp-virus comment="The Traitor (th3tr41t0r)" disabled=no log=yes dst-port=65432 protocol=tcp
- add action=drop chain=tcp-virus comment=Phatbot disabled=no log=yes dst-port=65506 protocol=tcp
- add action=drop chain=tcp-virus comment=/sbin/init disabled=no log=yes dst-port=65534 protocol=tcp
- add action=drop chain=tcp-virus comment="Adore Worm/Linux - RC1 Trojan" disabled=no log=yes dst-port=65535 protocol=tcp
- add action=drop chain=tcp-virus comment=Cafeini disabled=no log=yes dst-port=51966 protocol=tcp
- add action=drop chain=tcp-virus comment="Acid baterry 2000" disabled=no log=yes dst-port=52317 protocol=tcp
- add action=drop chain=tcp-virus comment=Enterprise disabled=no log=yes dst-port=50130 protocol=tcp
- add action=drop chain=tcp-virus comment="Online Keylogger" disabled=no log=yes dst-port=49301 protocol=tcp
- add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=44575 protocol=tcp
- add action=drop chain=tcp-virus comment=Prosiak disabled=no log=yes dst-port=44444 protocol=tcp
- add action=drop chain=tcp-virus comment="Remote Boot Tool - RBT" disabled= no log=yes dst-port=41666 protocol=tcp
- add action=drop chain=tcp-virus comment=Storm disabled=no log=yes dst-port=41337 protocol=tcp
- add action=drop chain=tcp-virus comment=Mantis disabled=no log=yes dst-port=37237 protocol=tcp
- add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port= 34444 protocol=tcp
- add action=drop chain=tcp-virus comment="Son of PsychWard" disabled=no log=yes dst-port=33577 protocol=tcp
- add action=drop chain=tcp-virus comment="Son of PsychWard" disabled=no log=yes dst-port=33777 protocol=tcp
- add action=drop chain=tcp-virus comment="Peanut Brittle, Project Next" disabled=no log=yes dst-port=32100 protocol=tcp
- add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port=32001 protocol=tcp
- add action=drop chain=tcp-virus comment="Hack'a'Tack" disabled=no log=yes dst-port=31785 protocol=tcp
- add action=drop chain=tcp-virus comment=Intruse disabled=no log=yes dst-port=30947 protocol=tcp
- add action=drop chain=tcp-virus comment="Lamers Death" disabled=no log=yes dst-port=30003 protocol=tcp
- add action=drop chain=tcp-virus comment="Infector - ErrOr32" disabled=no log=yes dst-port=30000-30001 protocol=tcp
- add action=drop chain=tcp-virus comment=ovasOn disabled=no log=yes dst-port=29369 protocol=tcp
- add action=drop chain=tcp-virus comment=NetTrojan disabled=no log=yes dst-port=29104 protocol=tcp
- add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=28678 protocol=tcp
- add action=drop chain=tcp-virus comment="Bad Blood - Ramen - Seeker - SubSev en - SubSeven 2.1 Gold - Subseven 2.14 DefCon8 - SubSeven Muie - Ttfloader" disabled=no log=yes dst-port=27374 protocol=tcp
- add action=drop chain=tcp-virus comment=Voicpy disabled=no log=yes dst-port=26681 protocol=tcp
- add action=drop chain=tcp-virus comment=Moonpie disabled=no log=yes dst-port=25982 protocol=tcp
- add action=drop chain=tcp-virus comment=Moonpie disabled=no log=yes dst-port=25685-25686 protocol=tcp
- add action=drop chain=tcp-virus comment=Infector disabled=no log=yes dst-port=24000 protocol=tcp
- add action=drop chain=tcp-virus comment=InetSpy disabled=no log=yes dst-port=23777 protocol=tcp
- add action=drop chain=tcp-virus comment="Evil FTP - Ugly FTP - Whack Job" disabled=no log=yes dst-port=23456 protocol=tcp
- add action=drop chain=tcp-virus comment=Asylum disabled=no log=yes dst-port=23432 protocol=tcp
- add action=drop chain=tcp-virus comment=Amanda disabled=no log=yes dst-port=23032 protocol=tcp
- add action=drop chain=tcp-virus comment=Logged disabled=no log=yes dst-port=23232 protocol=tcp
- add action=drop chain=tcp-virus comment="Girl friend - Kid Error" disabled=no log=yes dst-port=21544 protocol=tcp
- add action=drop chain=tcp-virus comment="VP killer" disabled=no log=yes dst-port=20023 protocol=tcp
- add action=drop chain=tcp-virus comment=Mosucker disabled=no log=yes dst-port=20005 protocol=tcp
- add action=drop chain=tcp-virus comment="ICQ Revenge" disabled=no log=yes dst-port=19864 protocol=tcp
- add action=drop chain=tcp-virus comment=Nephron disabled=no log=yes dst-port=17777 protocol=tcp
- add action=drop chain=tcp-virus comment=Audiodoor disabled=no log=yes dst-port=17593 protocol=tcp
- add action=drop chain=tcp-virus comment=Infector disabled=no log=yes dst-port=17569 protocol=tcp
- add action=drop chain=tcp-virus comment=CrazzyNet disabled=no log=yes dst-port=17499-17500 protocol=tcp
- add action=drop chain=tcp-virus comment=KidTerror disabled=no log=yes dst-port=17449 protocol=tcp
- add action=drop chain=tcp-virus comment=Mosaic disabled=no log=yes dst-port=17166 protocol=tcp
- add action=drop chain=tcp-virus comment=Priority disabled=no log=yes dst-port=16969 protocol=tcp
- add action=drop chain=tcp-virus comment="ICQ Revenge" disabled=no log=yes dst-port=16772 protocol=tcp
- add action=drop chain=tcp-virus comment=CDK disabled=no log=yes dst-port=15858 protocol=tcp
- add action=drop chain=tcp-virus comment=SubZero disabled=no log=yes dst-port=15382 protocol=tcp
- add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=15092 protocol=tcp
- add action=drop chain=tcp-virus comment=NetDemon disabled=no log=yes dst-port=15000 protocol=tcp
- add action=drop chain=tcp-virus comment="PC Invader" disabled=no log=yes dst-port=14500-14503 protocol=tcp
- add action=drop chain=tcp-virus comment=Chupacabra disabled=no log=yes dst-port=13473 protocol=tcp
- add action=drop chain=tcp-virus comment="Hack '99 KeyLogger" disabled=no log=yes dst-port=13223 protocol=tcp
- add action=drop chain=tcp-virus comment=PsychWard disabled=no log=yes dst-port=13013-13014 protocol=tcp
- add action=drop chain=tcp-virus comment="Hacker Brasil - HBR" disabled=no log=yes dst-port=13010 protocol=tcp
- add action=drop chain=tcp-virus comment=Buttman disabled=no log=yes dst-port=12624 protocol=tcp
- add action=drop chain=tcp-virus comment=BioNet disabled=no log=yes dst-port=12349 protocol=tcp
- add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=10528 protocol=tcp
- add action=drop chain=tcp-virus comment=Syphilis disabled=no log=yes dst-port=10085-10086 protocol=tcp
- add action=drop chain=tcp-virus comment=DigitalRootbeer disabled=no log=yes dst-port=2600 protocol=tcp
- add action=drop chain=tcp-virus comment="Doly Trojan" disabled=no log=yes dst-port=2345 protocol=tcp
- add action=return chain=tcp-virus comment="Back to previous menu" disabled=no log=yes
- add action=drop chain=udp-virus comment="Socks D Troie, Death" disabled=no log=yes dst-port=1 protocol=udp
- add action=drop chain=udp-virus comment="Netbios - DoS attacks msinit" disabled=no log=yes dst-port=136-139 protocol=udp
- add action=drop chain=udp-virus comment=Infector disabled=no log=yes dst-port=146 protocol=udp
- add action=drop chain=udp-virus comment="N0kN0k Trojan" disabled=no log=yes dst-port=666 protocol=udp
- add action=drop chain=udp-virus comment="Maverick's Matrix 1.2-2.0 - remote storm" disabled=no log=yes dst-port=1025 protocol=udp
- add action=drop chain=udp-virus comment=no log=yesBackO disabled=no log=yes dst-port=1200-1201 protocol=udp
- add action=drop chain=udp-virus comment="BackOrifice DLL Comm" disabled=no log=yes dst-port=1349 protocol=udp
- add action=drop chain=udp-virus comment="FunkProxy " disabled=no log=yes dst-port=1505 protocol=udp
- add action=drop chain=udp-virus comment="ICA Browser" disabled=no log=yes dst-port=1604 protocol=udp
- add action=drop chain=udp-virus comment=BackDoor.Fearic disabled=no log=yes dst-port=2000 protocol=udp
- add action=drop chain=udp-virus comment="Mini Backlash" disabled=no log=yes dst-port=2130 protocol=udp
- add action=drop chain=udp-virus comment="Deep Throat" disabled=no log=yes dst-port=2140 protocol=udp
- add action=drop chain=udp-virus comment=BackDoor.Botex disabled=no log=yes dst-port=2222 protocol=udp
- add action=drop chain=udp-virus comment=voicpy disabled=no log=yes dst-port=2339 protocol=udp
- add action=drop chain=udp-virus comment=Rat disabled=no log=yes dst-port=2989 protocol=udp
- add action=drop chain=udp-virus comment="Deep Throat - Foreplay - Mini Backflash" disabled=no log=yes dst-port=3150 protocol=udp
- add action=drop chain=udp-virus comment=Backdoor.Fearic disabled=no log=yes dst-port=3456 protocol=udp
- add action=drop chain=udp-virus comment=Eclypse disabled=no log=yes dst-port=3801 protocol=udp
- add action=drop chain=udp-virus comment="WityWorm - BlackICE/ISS" disabled= no log=yes dst-port=4000 protocol=udp
- add action=drop chain=udp-virus comment="Remote Shell Trojan" disabled=no log=yes dst-port=5503 protocol=udp
- add action=drop chain=udp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5882 protocol=udp
- add action=drop chain=udp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5888 protocol=udp
- add action=drop chain=udp-virus comment="Mstream Agent-handler" disabled=no log=yes dst-port=6838 protocol=udp
- add action=drop chain=udp-virus comment="Unkno log=yeswn Trojan" disabled=no log=yes dst-port=7028 protocol=udp
- add action=drop chain=udp-virus comment="Host Control" disabled=no log=yes dst-port=7424 protocol=udp
- add action=drop chain=udp-virus comment="MStream handler-agent" disabled=no log=yes dst-port=7983 protocol=udp
- add action=drop chain=udp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8787 protocol=udp
- add action=drop chain=udp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8879 protocol=udp
- add action=drop chain=udp-virus comment="MStream Agent-handler" disabled=no log=yes dst-port=9325 protocol=udp
- add action=drop chain=udp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10067 protocol=udp
- add action=drop chain=udp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10167 protocol=udp
- add action=drop chain=udp-virus comment="Mstream handler-agent" disabled=no log=yes dst-port=10498 protocol=udp
- add action=drop chain=udp-virus comment=Ambush disabled=no log=yes dst-port=10666 protocol=udp
- add action=drop chain=udp-virus comment="DUN Control" disabled=no log=yes dst-port=12623 protocol=udp
- add action=drop chain=udp-virus comment="Shaft handler to Agent" disabled=no log=yes dst-port=18753 protocol=udp
- add action=drop chain=udp-virus comment="Shaft handler to Agent" disabled=no log=yes dst-port=20433 protocol=udp
- add action=drop chain=udp-virus comment=GirlFriend disabled=no log=yes dst-port=21554 protocol=udp
- add action=drop chain=udp-virus comment="Donald Dick" disabled=no log=yes dst-port=23476 protocol=udp
- add action=drop chain=udp-virus comment="Delta Source" disabled=no log=yes dst-port=26274 protocol=udp
- add action=drop chain=udp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port=27374 protocol=udp
- add action=drop chain=udp-virus comment=Trin00/TFN2K disabled=no log=yes dst-port=27444 protocol=udp
- add action=drop chain=udp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port=27573 protocol=udp
- add action=drop chain=udp-virus comment=NetSphere disabled=no log=yes dst-port=30103 protocol=udp
- add action=drop chain=udp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=31335-31338 protocol=udp
- add action=drop chain=udp-virus comment="Hack`a'Tack" disabled=no log=yes dst-port=31787-31791 protocol=udp
- add action=drop chain=udp-virus comment="Trin00 for windows" disabled=no log=yes dst-port=34555 protocol=udp
- add action=drop chain=udp-virus comment="Trin00 for windows" disabled=no log=yes dst-port=35555 protocol=udp
- add action=drop chain=udp-virus comment="Delta Source" disabled=no log=yes dst-port=47262 protocol=udp
- add action=drop chain=udp-virus comment="OnLine keyLogger" disabled=no log=yes dst-port=49301 protocol=udp
- add action=drop chain=udp-virus comment="Back Orifice" disabled=no log=yes dst-port=54320-54321 protocol=udp
- add action=drop chain=udp-virus comment="NetRaider Trojan" disabled=no log=yes dst-port=57341 protocol=udp
- add action=drop chain=udp-virus comment="The Traitor - th3tr41t0r" disabled=no log=yes dst-port=65432 protocol=udp
- add action=return chain=udp-virus comment="Back to previous menu" disabled=no log=yes
- add action=return chain=virus comment="Back to previous rul" disabled=no log=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement