Спасибо брату Дмитрию Саврико за предоставленную информацию.
add action=drop chain=input comment="Port Scanners" src-address-list="Port Scanners"
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,rst
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,!ack
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,urg
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=rst,urg
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input dst-port=0 in-interface-list=WAN protocol=tcp
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input dst-port=0 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="sip blacklist" src-address-list=sip-blacklist
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-port=5060,5061 in-interface-list=WAN limit=120/1m,5:packet protocol=udp
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-port=5060,5061 in-interface-list=WAN limit=40/2s,5:packet protocol=udp
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-limit=50,50,src-and-dst-addresses/10s dst-port=5060,5061 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="Port Scanners" src-address-list="Port Scanners"
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,rst
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,!ack
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=fin,urg
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input in-interface-list=WAN protocol=tcp tcp-flags=rst,urg
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input dst-port=0 in-interface-list=WAN protocol=tcp
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input dst-port=0 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="sip blacklist" src-address-list=sip-blacklist
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-port=5060,5061 in-interface-list=WAN limit=120/1m,5:packet protocol=udp
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-port=5060,5061 in-interface-list=WAN limit=40/2s,5:packet protocol=udp
add action=add-src-to-address-list address-list=sip-blacklist address-list-timeout=none-dynamic chain=input dst-limit=50,50,src-and-dst-addresses/10s dst-port=5060,5061 in-interface-list=WAN protocol=udp
Комментариев нет:
Отправить комментарий