Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Flags: X - disabled, I - invalid, D - dynamic
- 0 X chain=forward action=fasttrack-connection
- connection-state=established,related log=no log-prefix=""
- 1 X chain=forward action=accept connection-state=established,related log=no
- log-prefix=""
- 6 ;;; drop httpa s neta
- chain=input action=drop protocol=tcp in-interface=vlan4-WiFiMikrotik
- dst-port=80 log=no log-prefix=""
- 7 chain=forward action=drop connection-state=invalid log=no log-prefix=""
- 8 ;;; NET firewall rule
- chain=input action=jump jump-target=INPUT-Internet in-interface=optika
- log=no log-prefix=""
- 9 X ;;; NET firewall rule
- chain=forward action=jump jump-target=OUTPUT-Internet
- out-interface=optika log=no log-prefix=""
- 10 ;;; port scanners to list
- chain=OUTPUT-Internet action=add-src-to-address-list protocol=tcp
- psd=21,3s,3,1 address-list=port scanners address-list-timeout=2w log=no
- log-prefix=""
- 11 ;;; NMAP FIN Stealth scan
- chain=OUTPUT-Internet action=add-src-to-address-list
- tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
- address-list=port scanners address-list-timeout=2w log=no log-prefix=""
- 12 ;;; SYN/FIN scan
- chain=OUTPUT-Internet action=add-src-to-address-list tcp-flags=fin,syn
- protocol=tcp address-list=port scanners address-list-timeout=2w log=no
- log-prefix=""
- 13 ;;; SYN/RST scan
- chain=OUTPUT-Internet action=add-src-to-address-list tcp-flags=syn,rst
- protocol=tcp address-list=port scanners address-list-timeout=2w log=no
- log-prefix=""
- 14 ;;; FIN/PSH/URG scan
- chain=OUTPUT-Internet action=add-src-to-address-list
- tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp
- address-list=port scanners address-list-timeout=2w log=no log-prefix=""
- 15 ;;; NMAP NULL scan
- chain=OUTPUT-Internet action=add-src-to-address-list
- tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
- address-list=port scanners address-list-timeout=2w log=no log-prefix=""
- 16 ;;; ALL/ALL scan
- chain=OUTPUT-Internet action=add-src-to-address-list
- tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp
- address-list=port scanners address-list-timeout=2w log=no log-prefix=""
- 17 ;;; Detektiram spamera
- chain=OUTPUT-Internet action=add-src-to-address-list
- connection-limit=30,32 protocol=tcp address-list=spammer
- address-list-timeout=3d dst-port=25 limit=50,5:packet log=no
- log-prefix=""
- 18 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=9 log=no
- log-prefix=""
- 19 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=13 log=no
- log-prefix=""
- 20 ;;; Blaster Worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=135-139 log=no
- log-prefix=""
- 21 ;;; Messenger Worm
- chain=OUTPUT-Internet action=drop protocol=udp dst-port=135-139 log=no
- log-prefix=""
- 22 ;;; Crvi i ostala gamad ;-)
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=444-445 log=no
- log-prefix=""
- 23 chain=OUTPUT-Internet action=drop protocol=udp dst-port=444-445 log=no
- log-prefix=""
- 24 ;;; msblast worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=593 log=no
- log-prefix=""
- 25 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=953 log=no
- log-prefix=""
- 26 ;;; SoBig.f worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=995-999 log=no
- log-prefix=""
- 27 chain=OUTPUT-Internet action=drop protocol=udp dst-port=995-999 log=no
- log-prefix=""
- 28 ;;; MyDoom
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1080 log=no
- log-prefix=""
- 29 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1024-1030 log=no
- log-prefix=""
- 30 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1214 log=no
- log-prefix=""
- 31 ;;; ndm requester
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1363 log=no
- log-prefix=""
- 32 ;;; ndm server
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1364 log=no
- log-prefix=""
- 33 ;;; screen cast
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1368 log=no
- log-prefix=""
- 34 ;;; hromgrafx
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1373 log=no
- log-prefix=""
- 35 ;;; cichlid
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1377 log=no
- log-prefix=""
- 36 chain=OUTPUT-Internet action=drop protocol=udp dst-port=1434 log=no
- log-prefix=""
- 37 ;;; Worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=1433-1434
- log=no log-prefix=""
- 38 ;;; Drop Beagle
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=2235 log=no
- log-prefix=""
- 39 ;;; Drop Dumaru.Y
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=2283 log=no
- log-prefix=""
- 40 chain=OUTPUT-Internet action=drop protocol=udp dst-port=2745 log=no
- log-prefix=""
- 41 ;;; Drop Beagle.C-K
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=2745 log=no
- log-prefix=""
- 42 ;;; Bagle Virus
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=2745 log=no
- log-prefix=""
- 43 ;;; Drop MyDoom
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=3127-3128
- log=no log-prefix=""
- 44 ;;; Drop Backdoor OptixPro
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=3410 log=no
- log-prefix=""
- 45 ;;; WITTY worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=4000 log=no
- log-prefix=""
- 46 ;;; Worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=4444 log=no
- log-prefix=""
- 47 ;;; Worm
- chain=OUTPUT-Internet action=drop protocol=udp dst-port=4444 log=no
- log-prefix=""
- 48 ;;; beagle worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=4751 log=no
- log-prefix=""
- 49 ;;; Drop Sasser
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=5554 log=no
- log-prefix=""
- 50 chain=OUTPUT-Internet action=drop protocol=tcp dst-port=6344-6381 log=no
- log-prefix=""
- 51 chain=OUTPUT-Internet action=drop protocol=udp dst-port=6344-6381 log=no
- log-prefix=""
- 52 ;;; Drop PhatBot, Agobot, Gaobot
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=65506 log=no
- log-prefix=""
- 53 ;;; Drop Beagle.B
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=8866 log=no
- log-prefix=""
- 54 ;;; SoBig.f worm
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=8998 log=no
- log-prefix=""
- 55 chain=OUTPUT-Internet action=drop protocol=udp dst-port=8998 log=no
- log-prefix=""
- 56 ;;; Drop Dabber.A-B
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=9898 log=no
- log-prefix=""
- 57 ;;; Drop Dumaru.Y
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=10000 log=no
- log-prefix=""
- 58 ;;; Drop MyDoom.B
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=10080 log=no
- log-prefix=""
- 59 ;;; Drop NetBus
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=12345 log=no
- log-prefix=""
- 60 ;;; Drop Kuang2
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=17300 log=no
- log-prefix=""
- 61 ;;; Drop SubSeven
- chain=OUTPUT-Internet action=drop protocol=tcp dst-port=27374 log=no
- log-prefix=""
- 62 ;;; Deny QUIC protocol HTTP/UDP
- chain=OUTPUT-Internet action=drop protocol=udp src-address=0.0.0.0
- dst-address=0.0.0.0 dst-port=80 log=no log-prefix=""
- 63 X ;;; logiraj nove konekcije
- chain=OUTPUT-Internet action=log connection-state=new log=no
- log-prefix=""
- 64 ;;; SVE OSTALO PRIHVATI
- chain=OUTPUT-Internet action=accept log=no log-prefix=""
- 65 ;;; ulaz na ssh-a ako ping poslaje icmp paket 666 stavlja ga u dozvolu za
- ssh
- chain=INPUT-Internet action=add-dst-to-address-list protocol=icmp
- address-list=user_x address-list-timeout=none-dynamic packet-size=666
- log=no log-prefix=""
- 66 ;;; ssh
- chain=INPUT-Internet action=accept protocol=tcp dst-port=22222 log=yes
- log-prefix=""
- 67 ;;; ALLOW FRANZ od doma
- chain=INPUT-Internet action=accept src-address=91.241.53.0/24 log=no
- log-prefix=""
- 68 ;;; IP cloud update
- chain=INPUT-Internet action=accept protocol=udp src-port=15252 log=no
- log-prefix=""
- 69 ;;; DNS
- chain=INPUT-Internet action=accept protocol=udp src-port=53 log=no
- log-prefix=""
- 70 ;;; NTP sinkronizacija
- chain=INPUT-Internet action=accept protocol=udp src-port=123 log=no
- log-prefix=""
- 71 ;;; samo za UPDATE na ovome serveru
- chain=INPUT-Internet action=accept protocol=tcp src-port=80 log=no
- log-prefix=""
- 72 ;;; limitirani pingovi
- chain=INPUT-Internet action=accept protocol=icmp limit=50/5s,2:packet
- log=no log-prefix=""
- 73 ;;; PPTP kontrola
- chain=INPUT-Internet action=accept protocol=tcp dst-port=1723 log=no
- log-prefix=""
- 74 ;;; PPTP kontrola
- chain=INPUT-Internet action=accept protocol=tcp src-port=1723 log=no
- log-prefix=""
- 75 ;;; L2TP
- chain=INPUT-Internet action=accept protocol=udp port=1701,500,4500
- log=no log-prefix=""
- 76 ;;; PPTP tunel
- chain=INPUT-Internet action=accept protocol=gre log=no log-prefix=""
- 77 ;;; sve ostalo dropaj
- chain=INPUT-Internet action=drop log=no log-prefix=""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement