Reglas Principales de Mikrotik

bitfrost's picture

Estas son reglas principales que se agregan en cualquier dispositivo Mikrotik:

OJO, primero hay que agregar un address-list con la IP que va a administrar, caso contrario se puede perder la coneccion por Capa 3 al router:::::ojo::::::

# aug/27/2012 16:24:50 by RouterOS 5.19
# software id = 5T4Z-RWDF
#
/ip firewall filter
add action=accept chain=input comment="accept established connection packets" \
connection-state=established disabled=no
add action=accept chain=input comment="accept related connection packets" \
connection-state=related disabled=no
add action=drop chain=input comment="drop invalid packets" connection-state=\
invalid disabled=no
add action=accept chain=input comment=\
"Allow access to router from known network" disabled=no src-address-list=\
permitidos
add action=drop chain=input comment="detect and drop port scan connections" \
disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=\
3,32 disabled=no protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d chain=input comment="detect DoS attack" \
connection-limit=10,32 disabled=no protocol=tcp
add action=jump chain=input comment="jump to chain ICMP" disabled=no \
jump-target=ICMP protocol=icmp
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no \
dst-address-type=broadcast
add action=log chain=input disabled=no log-prefix=Filter:
add action=drop chain=input comment="drop everything else" disabled=no
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" disabled=no \
protocol=icmp
add action=accept chain=services comment="accept localhost" disabled=no \
dst-address=127.0.0.1 src-address-list=127.0.0.1
add action=accept chain=services comment="allow MACwinbox " disabled=no \
dst-port=20561 protocol=udp
add action=accept chain=services comment="Bandwidth server" disabled=no \
dst-port=2000 protocol=tcp
add action=accept chain=services comment=" MT Discovery Protocol" disabled=no \
dst-port=5678 protocol=udp
add action=accept chain=services comment="allow SNMP" disabled=yes dst-port=\
161 protocol=tcp
add action=accept chain=services comment="Allow BGP" disabled=yes dst-port=\
179 protocol=tcp
add action=accept chain=services comment="allow BGP" disabled=yes dst-port=\
5000-5100 protocol=udp
add action=accept chain=services comment="Allow NTP" disabled=yes dst-port=\
123 protocol=udp
add action=accept chain=services comment="Allow PPTP" disabled=yes dst-port=\
1723 protocol=tcp
add action=accept chain=services comment="allow PPTP and EoIP" disabled=yes \
protocol=gre
add action=accept chain=services comment="allow DNS request" disabled=yes \
dst-port=53 protocol=tcp
add action=accept chain=services comment="Allow DNS request" disabled=yes \
dst-port=53 protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=1900 \
protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=2828 \
protocol=tcp
add action=accept chain=services comment="allow DHCP" disabled=yes dst-port=\
67-68 protocol=udp
add action=accept chain=services comment="allow Web Proxy" disabled=yes \
dst-port=8080 protocol=tcp
add action=accept chain=services comment="allow IPIP" disabled=yes protocol=\
ipencap
add action=accept chain=services comment="allow https for Hotspot" disabled=\
yes dst-port=443 protocol=tcp
add action=accept chain=services comment="allow Socks for Hotspot" disabled=\
yes dst-port=1080 protocol=tcp
add action=accept chain=services comment="allow IPSec connections" disabled=\
yes dst-port=500 protocol=udp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=\
ipsec-esp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=\
ipsec-ah
add action=accept chain=services comment="allow RIP" disabled=yes dst-port=\
520-521 protocol=udp
add action=accept chain=services comment="allow OSPF" disabled=yes protocol=\
ospf
add action=accept chain=forward comment="FWD - CONECCIONES ESTABLECIDAS" \
connection-state=established disabled=no
add action=accept chain=forward comment="FWD - CONECCIONES RELACIONADAS" \
connection-state=related disabled=no
add action=drop chain=forward comment="FWD - CONECCIONES INVALIDAS" \
connection-state=invalid disabled=no
add action=jump chain=forward comment="JUMP - A REGLAS ICMP" disabled=no \
jump-target=ICMP
add action=drop chain=virus comment="LISTA DE virus ==========================\
==========================================================================\
=====================================================" disabled=no \
protocol=tcp src-port=445
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no protocol=\
udp src-port=445
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus disabled=no protocol=tcp src-port=135-139
add action=drop chain=virus disabled=no protocol=udp src-port=135-139
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=135-139 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Bagle virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=3127 \
protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
add action=drop chain=virus disabled=no dst-port=513 protocol=tcp
add action=drop chain=virus disabled=no dst-port=513 protocol=udp
add action=drop chain=virus disabled=no dst-port=525 protocol=tcp
add action=drop chain=virus disabled=no dst-port=525 protocol=udp
add action=drop chain=virus disabled=no dst-port=568-569 protocol=tcp
add action=drop chain=virus disabled=no dst-port=568-569 protocol=udp
add action=drop chain=virus disabled=no dst-port=1512 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1512 protocol=udp
add action=drop chain=virus disabled=no dst-port=396 protocol=tcp
add action=drop chain=virus disabled=no dst-port=396 protocol=udp
add action=drop chain=virus disabled=no dst-port=1366 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1366 protocol=udp
add action=drop chain=virus disabled=no dst-port=1416 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1416 protocol=udp
add action=drop chain=virus disabled=no dst-port=201-209 protocol=tcp
add action=drop chain=virus disabled=no dst-port=201-209 protocol=udp
add action=drop chain=virus disabled=no dst-port=545 protocol=tcp
add action=drop chain=virus disabled=no dst-port=545 protocol=udp
add action=drop chain=virus disabled=no dst-port=1381 protocol=udp
add action=drop chain=virus disabled=no dst-port=1381 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3031 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3031 protocol=udp
add action=drop chain=virus comment="2000 cracks" disabled=no dst-port=6776 \
protocol=tcp
add action=drop chain=virus comment="Acid Battery" disabled=no dst-port=32418 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=2000 protocol=tcp
add action=drop chain=virus disabled=no dst-port=52317 protocol=tcp
add action=drop chain=virus comment="Acid Shivers" disabled=no dst-port=10520 \
protocol=tcp
add action=drop chain=virus comment="Agent 31" disabled=no dst-port=31 \
protocol=tcp
add action=drop chain=virus comment="Agent 40421" disabled=no dst-port=40421 \
protocol=tcp
add action=drop chain=virus comment="Aim Spy" disabled=no dst-port=777 \
protocol=tcp
add action=drop chain=virus comment=Ambush disabled=no dst-port=10666 \
protocol=tcp
add action=drop chain=virus comment="AOL Trojan" disabled=no dst-port=30029 \
protocol=tcp
add action=drop chain=virus comment="Attack FTP" disabled=no dst-port=666 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=7789 protocol=tcp
add action=drop chain=virus comment="Back Orifice" disabled=no dst-port=\
31337-31338 protocol=tcp
add action=drop chain=virus comment="Back Orifice 2000" disabled=no dst-port=\
54320-54321 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8787 protocol=tcp
add action=drop chain=virus comment="Back Orifice DLL" disabled=no dst-port=\
1349 protocol=udp
add action=drop chain=virus comment=BackDoor disabled=no dst-port=1999 \
protocol=tcp
add action=drop chain=virus comment=BackDoor-G disabled=no dst-port=1243 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=6776 protocol=tcp
add action=drop chain=virus comment=BackDoor-QE disabled=no dst-port=10452 \
protocol=tcp
add action=drop chain=virus comment=BackDoor-QO disabled=no dst-port=3332 \
protocol=tcp
add action=drop chain=virus comment=BackDoor-QR disabled=no dst-port=\
12973-12975 protocol=tcp
add action=drop chain=virus comment=BackFire disabled=no dst-port=31337 \
protocol=tcp
add action=drop chain=virus comment="Baron Night" disabled=no dst-port=31337 \
protocol=tcp
add action=drop chain=virus comment="Big Gluck (TN)" disabled=no dst-port=\
34324 protocol=tcp
add action=drop chain=virus comment=BioNet disabled=no dst-port=12349 \
protocol=tcp
add action=drop chain=virus comment=Bla disabled=no dst-port=1042 protocol=\
tcp
add action=drop chain=virus disabled=no dst-port=20331 protocol=tcp
add action=drop chain=virus comment="BO client" disabled=no dst-port=31337 \
protocol=tcp
add action=drop chain=virus comment="BO Facil" disabled=no dst-port=5556-5557 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=31337 protocol=tcp
add action=drop chain=virus comment="Bo Wack" disabled=no dst-port=31336 \
protocol=tcp
add action=drop chain=virus comment=BoBo disabled=no dst-port=4321 protocol=\
tcp
add action=drop chain=virus comment="BOWhack " disabled=no dst-port=31666 \
protocol=tcp
add action=drop chain=virus comment="BrainSpy " disabled=no dst-port=10101 \
protocol=tcp
add action=drop chain=virus comment=Bubbel disabled=no dst-port=5000 \
protocol=tcp
add action=drop chain=virus comment=BugBear disabled=no dst-port=36794 \
protocol=tcp
add action=drop chain=virus comment=Bugs disabled=no dst-port=2115 protocol=\
tcp
add action=drop chain=virus comment=Bunker-Hill disabled=no dst-port=61348 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=61603 protocol=tcp
add action=drop chain=virus disabled=no dst-port=63485 protocol=tcp
add action=drop chain=virus comment="Cain e Abel" disabled=no dst-port=666 \
protocol=tcp
add action=drop chain=virus comment=Chargen disabled=no dst-port=9 protocol=\
udp
add action=drop chain=virus comment=Chupacabra disabled=no dst-port=20203 \
protocol=tcp
add action=drop chain=virus comment=Coma disabled=no dst-port=10607 protocol=\
tcp
add action=drop chain=virus comment="Cyber Attacker" disabled=no dst-port=\
9876 protocol=tcp
add action=drop chain=virus comment="Dark Shadow " disabled=no dst-port=911 \
protocol=tcp
add action=drop chain=virus comment=Death disabled=no dst-port=2 protocol=tcp
add action=drop chain=virus comment="Deep Back Orifice" disabled=no dst-port=\
31338 protocol=tcp
add action=drop chain=virus comment="Deep Throat" disabled=no dst-port=41 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=2140 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3150 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6771 protocol=tcp
add action=drop chain=virus comment="Deep Throat v2" disabled=no dst-port=\
6670 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6711 protocol=tcp
add action=drop chain=virus disabled=no dst-port=60000 protocol=tcp
add action=drop chain=virus comment="Deep Throat v3" disabled=no dst-port=\
6674 protocol=tcp
add action=drop chain=virus comment=DeepBO disabled=no dst-port=31337 \
protocol=udp
add action=drop chain=virus comment=DeepThroat disabled=no dst-port=999 \
protocol=tcp
add action=drop chain=virus comment="Delta Source" disabled=no dst-port=26274 \
protocol=udp
add action=drop chain=virus disabled=no dst-port=47262 protocol=udp
add action=drop chain=virus comment="Der Spacher 3" disabled=no dst-port=\
1000-1001 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2000-2001 protocol=tcp
add action=drop chain=virus comment=Devil disabled=no dst-port=65000 \
protocol=tcp
add action=drop chain=virus comment="Digital RootBeer" disabled=no dst-port=\
2600 protocol=tcp
add action=drop chain=virus comment="DMsetup " disabled=no dst-port=58-59 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=1010-1012 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1015 protocol=tcp
add action=drop chain=virus comment="Donald Dick" disabled=no dst-port=\
23476-23477 protocol=tcp
add action=drop chain=virus comment=DRAT disabled=no dst-port=48 protocol=tcp
add action=drop chain=virus disabled=no dst-port=50 protocol=tcp
add action=drop chain=virus comment="DUN Control" disabled=no dst-port=12623 \
protocol=udp
add action=drop chain=virus comment=Eclipse disabled=no dst-port=2000 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=3459 protocol=tcp
add action=drop chain=virus comment=Eclypse disabled=no dst-port=3801 \
protocol=udp
add action=drop chain=virus comment="Evil FTP" disabled=no dst-port=23456 \
protocol=tcp
add action=drop chain=virus comment="File Nail" disabled=no dst-port=4567 \
protocol=tcp
add action=drop chain=virus comment=Firehotcker disabled=no dst-port=79 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=5321 protocol=tcp
add action=drop chain=virus comment=Fore disabled=no dst-port=50766 protocol=\
tcp
add action=drop chain=virus comment=FTP99cmp disabled=no dst-port=1492 \
protocol=tcp
add action=drop chain=virus comment="Gaban Bus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=virus comment="GirlFriend " disabled=no dst-port=21554 \
protocol=tcp
add action=drop chain=virus comment=Gjamer disabled=no dst-port=12076 \
protocol=tcp
add action=drop chain=virus comment="Hack '99 KeyLogger" disabled=no \
dst-port=12223 protocol=tcp
add action=drop chain=virus comment="Hack 'a' Tack" disabled=no dst-port=\
31780-31785 protocol=tcp
add action=drop chain=virus disabled=no dst-port=31787-31789 protocol=tcp
add action=drop chain=virus comment="Hack 'a' Tack" disabled=no dst-port=\
31791-31792 protocol=udp
add action=drop chain=virus comment="HackCity Ripper Pro" disabled=no \
dst-port=2023 protocol=tcp
add action=drop chain=virus comment="Hackers Paradise " disabled=no dst-port=\
31 protocol=tcp
add action=drop chain=virus disabled=no dst-port=456 protocol=tcp
add action=drop chain=virus comment=HackOffice disabled=no dst-port=8897 \
protocol=tcp
add action=drop chain=virus comment="Happy 99" disabled=no dst-port=119 \
protocol=tcp
add action=drop chain=virus comment="Hidden Port" disabled=no dst-port=99 \
protocol=tcp
add action=drop chain=virus comment="Host Control " disabled=no dst-port=6669 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=11050 protocol=tcp
add action=drop chain=virus comment="HVL Rat5" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment=icKiller disabled=no dst-port=7789 \
protocol=tcp
add action=drop chain=virus comment=\
"ICQ (ICQ.com - community, people search and messaging service!)" \
disabled=no dst-port=1027-1029 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1032 protocol=tcp
add action=drop chain=virus comment="ICQ Revenge" disabled=no dst-port=16772 \
protocol=tcp
add action=drop chain=virus comment="ICQ Revenge" disabled=no dst-port=19864 \
protocol=tcp
add action=drop chain=virus comment="ICQ Trojan" disabled=no dst-port=4590 \
protocol=tcp
add action=drop chain=virus comment="Illusion Mailer" disabled=no dst-port=\
2155 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5512 protocol=tcp
add action=drop chain=virus comment=InCommand disabled=no dst-port=9400 \
protocol=tcp
add action=drop chain=virus comment=Indoctrination disabled=no dst-port=6939 \
protocol=tcp
add action=drop chain=virus comment=Infector disabled=no dst-port=146 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=146 protocol=udp
add action=drop chain=virus comment=iNi-Killer disabled=no dst-port=555 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=9989 protocol=tcp
add action=drop chain=virus comment="Insane Network" disabled=no dst-port=\
2000 protocol=tcp
add action=drop chain=virus comment=IRC-3 disabled=no dst-port=6969 protocol=\
tcp
add action=drop chain=virus comment=JammerKillah disabled=no dst-port=121 \
protocol=tcp
add action=drop chain=virus comment=Kazimas disabled=no dst-port=113 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=7000 protocol=tcp
add action=drop chain=virus comment="Kuang2 " disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=30999 protocol=tcp
add action=drop chain=virus comment=Logged disabled=no dst-port=20203 \
protocol=tcp
add action=drop chain=virus comment="Masters' Paradise" disabled=no dst-port=\
3129 protocol=tcp
add action=drop chain=virus disabled=no dst-port=40421-40423 protocol=tcp
add action=drop chain=virus disabled=no dst-port=40425-40426 protocol=tcp
add action=drop chain=virus comment="Mavericks Matrix" disabled=no dst-port=\
1269 protocol=tcp
add action=drop chain=virus comment=Millenium disabled=no dst-port=\
20000-20001 protocol=tcp
add action=drop chain=virus comment=MiniCommand disabled=no dst-port=1050 \
protocol=tcp
add action=drop chain=virus comment=Mosucker disabled=no dst-port=16484 \
protocol=tcp
add action=drop chain=virus comment=Nephron disabled=no dst-port=17777 \
protocol=tcp
add action=drop chain=virus comment="Net Controller" disabled=no dst-port=123 \
protocol=tcp
add action=drop chain=virus comment="Netbios datagram (DoS Attack)" disabled=\
no dst-port=138 protocol=tcp
add action=drop chain=virus comment="Netbios name (DoS Attack)" disabled=no \
dst-port=137 protocol=tcp
add action=drop chain=virus comment="Netbios session (DoS Attack)" disabled=\
no dst-port=139 protocol=tcp
add action=drop chain=virus comment="NetBus Pro" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=virus comment=NetMetropolitan disabled=no dst-port=5031 \
protocol=tcp
add action=drop chain=virus comment=NetMonitor disabled=no dst-port=7300-7301 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=7306-7308 protocol=tcp
add action=drop chain=virus comment=NetRaider disabled=no dst-port=57341 \
protocol=tcp
add action=drop chain=virus comment=NETrojan disabled=no dst-port=1313 \
protocol=tcp
add action=drop chain=virus comment=NetSphere disabled=no dst-port=\
30100-30103 protocol=tcp
add action=drop chain=virus comment=NetSpy disabled=no dst-port=1024-1033 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=31338-31339 protocol=tcp
add action=drop chain=virus comment=NoBackO disabled=no dst-port=1200-1201 \
protocol=udp
add action=drop chain=virus comment="One of the Last Trojan (OOTLT)" \
disabled=no dst-port=5011 protocol=tcp
add action=drop chain=virus comment="OpC BO" disabled=no dst-port=1969 \
protocol=tcp
add action=drop chain=virus comment="Phineas Phucker" disabled=no dst-port=\
2801 protocol=tcp
add action=drop chain=virus comment="Portal of Doom" disabled=no dst-port=\
10067 protocol=udp
add action=drop chain=virus disabled=no dst-port=10167 protocol=udp
add action=drop chain=virus comment=Priority disabled=no dst-port=16969 \
protocol=tcp
add action=drop chain=virus comment=Progenic disabled=no dst-port=11223 \
protocol=tcp
add action=drop chain=virus comment=Prosiak disabled=no dst-port=22222 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=33333 protocol=tcp
add action=drop chain=virus comment="Psyber Stream Server" disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1509 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4000 protocol=tcp
add action=drop chain=virus comment=Rasmin disabled=no dst-port=531 protocol=\
tcp
add action=drop chain=virus disabled=no dst-port=1045 protocol=tcp
add action=drop chain=virus comment=RAT disabled=no dst-port=1095 protocol=\
tcp
add action=drop chain=virus disabled=no dst-port=1097-1099 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2989 protocol=tcp
add action=drop chain=virus comment=RC disabled=no dst-port=65535 protocol=\
tcp
add action=drop chain=virus comment=Rcon disabled=no dst-port=8989 protocol=\
tcp
add action=drop chain=virus comment="Remote Grab" disabled=no dst-port=7000 \
protocol=tcp
add action=drop chain=virus comment="Remote Windows Shutdown" disabled=no \
dst-port=53001 protocol=tcp
add action=drop chain=virus comment=Robo-Hack disabled=no dst-port=5596 \
protocol=tcp
add action=drop chain=virus comment="Satanz backDoor" disabled=no dst-port=\
666 protocol=tcp
add action=drop chain=virus comment=ScheduleAgent disabled=no dst-port=6667 \
protocol=tcp
add action=drop chain=virus comment="School Bus" disabled=no dst-port=54321 \
protocol=tcp
add action=drop chain=virus comment=Schwindler disabled=no dst-port=21554 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=50766 protocol=tcp
add action=drop chain=virus comment="Secret Agent " disabled=no dst-port=\
11223 protocol=tcp
add action=drop chain=virus comment="Secret Service" disabled=no dst-port=605 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=6272 protocol=tcp
add action=drop chain=virus comment="Senna Spy FTP Server" disabled=no \
dst-port=11000 protocol=tcp
add action=drop chain=virus disabled=no dst-port=13000 protocol=tcp
add action=drop chain=virus comment=ServeMe disabled=no dst-port=5555 \
protocol=tcp
add action=drop chain=virus comment="Shit Heep" disabled=no dst-port=6912 \
protocol=tcp
add action=drop chain=virus comment=ShockRave disabled=no dst-port=1981 \
protocol=tcp
add action=drop chain=virus comment=Sivka-Burka disabled=no dst-port=1600 \
protocol=tcp
add action=drop chain=virus comment="SK Silencer" disabled=no dst-port=1001 \
protocol=tcp
add action=drop chain=virus comment=Socket25 disabled=no dst-port=30303 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=50505 protocol=tcp
add action=drop chain=virus comment=SoftWAR disabled=no dst-port=1207 \
protocol=tcp
add action=drop chain=virus comment="Spirit 2001a " disabled=no dst-port=\
33911 protocol=tcp
add action=drop chain=virus comment=SpySender disabled=no dst-port=1807 \
protocol=tcp
add action=drop chain=virus comment="Streaming Audio trojan" disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=virus comment=Striker disabled=no dst-port=2565 \
protocol=tcp
add action=drop chain=virus comment=SubSeven disabled=no dst-port=1243 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=2773 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6711-6713 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6776 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7215 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27573 protocol=tcp
add action=drop chain=virus disabled=no dst-port=54283 protocol=tcp
add action=drop chain=virus comment="SubSeven Apocalypse" disabled=no \
dst-port=1243 protocol=tcp
add action=drop chain=virus comment=Syphillis disabled=no dst-port=10086 \
protocol=tcp
add action=drop chain=virus comment="TCP Wrappers" disabled=no dst-port=421 \
protocol=tcp
add action=drop chain=virus comment=TeleCommando disabled=no dst-port=61466 \
protocol=tcp
add action=drop chain=virus comment="The Invasor" disabled=no dst-port=2140 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=3150 protocol=tcp
add action=drop chain=virus comment="The Prayer" disabled=no dst-port=2716 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=9999 protocol=tcp
add action=drop chain=virus comment="The Spy" disabled=no dst-port=40412 \
protocol=tcp
add action=drop chain=virus comment="The Thing" disabled=no dst-port=6000 \
protocol=tcp
add action=drop chain=virus comment="The Thing" disabled=no dst-port=6400 \
protocol=tcp
add action=drop chain=virus comment="The Traitor" disabled=no dst-port=65432 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=65432 protocol=udp
add action=drop chain=virus comment="The Trojan Cow" disabled=no dst-port=\
2001 protocol=tcp
add action=drop chain=virus comment="The Unexplained" disabled=no dst-port=\
29891 protocol=udp
add action=drop chain=virus comment="Tiny Telnet Server" disabled=no \
dst-port=34324 protocol=tcp
add action=drop chain=virus comment=TransScout disabled=no dst-port=1999-2005 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=9878 protocol=tcp
add action=drop chain=virus comment=Trinoo disabled=no dst-port=34555 \
protocol=udp
add action=drop chain=virus disabled=no dst-port=35555 protocol=udp
add action=drop chain=virus comment="Ugly FTP" disabled=no dst-port=23456 \
protocol=tcp
add action=drop chain=virus comment="Ultor's Trojan" disabled=no dst-port=\
1234 protocol=tcp
add action=drop chain=virus comment=Vampire disabled=no dst-port=1020 \
protocol=tcp
add action=drop chain=virus comment="Vampyre " disabled=no dst-port=6669 \
protocol=tcp
add action=drop chain=virus comment="Virtual Hacking Machine " disabled=no \
dst-port=4242 protocol=tcp
add action=drop chain=virus comment=Voice disabled=no dst-port=1170 protocol=\
tcp
add action=drop chain=virus disabled=no dst-port=4000 protocol=tcp
add action=drop chain=virus comment="Voodoo Doll" disabled=no dst-port=1245 \
protocol=tcp
add action=drop chain=virus comment="Wack-a-mole " disabled=no dst-port=\
12361-12362 protocol=tcp
add action=drop chain=virus comment="Web Ex" disabled=no dst-port=1001 \
protocol=tcp
add action=drop chain=virus comment=WhackJob disabled=no dst-port=12631 \
protocol=tcp
add action=drop chain=virus disabled=no dst-port=23456 protocol=tcp
add action=drop chain=virus comment=WinHole disabled=no dst-port=1080-1082 \
protocol=tcp
add action=drop chain=virus comment=Xplorer disabled=no dst-port=2300 \
protocol=tcp
add action=drop chain=virus comment=Xtcp disabled=no dst-port=5550 protocol=\
tcp
add action=drop chain=virus comment=YAT disabled=no dst-port=37651 protocol=\
tcp