MikroTik RouterOS v7动态防御DDOS和CC攻击的脚本

# 配置IP黑名单
/ip firewall address-list
add address=0.0.0.0/8 comment=”This network is used for testing” disabled=yes list=DDOS
add address=10.0.0.0/8 comment=”Private network” disabled=yes list=DDOS
add address=127.0.0.0/8 comment=”Loopback network” disabled=yes list=DDOS
add address=169.254.0.0/16 comment=”Link-local network” disabled=yes list=DDOS
add address=172.16.0.0/12 comment=”Private network” disabled=yes list=DDOS
add address=192.0.2.0/24 comment=”Documentation (TEST-NET-1)” disabled=yes list=DDOS
add address=192.168.0.0/16 comment=”Private network” disabled=yes list=DDOS
add address=198.18.0.0/15 comment=”Used for benchmark testing of inter-network communications” disabled=yes list=DDOS
add address=198.51.100.0/24 comment=”Documentation (TEST-NET-2)” disabled=yes list=DDOS
add address=203.0.113.0/24 comment=”Documentation (TEST-NET-3)” disabled=yes list=DDOS
add address=224.0.0.0/4 comment=”Multicast network” disabled=yes list=DDOS
add address=240.0.0.0/4 comment=”Reserved for future use” disabled=yes list=DDOS

# 配置动态DDOS攻击防御规则
/ip firewall filter
add action=add-src-to-address-list address-list=DDOS address-list-timeout=1m chain=input comment=”Block invalid connections” connection-state=invalid
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block TCP SYN flood” connection-limit=30,32 connection-state=new protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block UDP flood” protocol=udp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block ICMP flood” protocol=icmp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=1h chain=input comment=”Block IP spoofing” src-address-list=DDOS src-address=!192.168.0.0/16

# 配置动态CC攻击防御规则
/ip firewall filter
add action=add-src-to-address-list address-list=CC-ATTACK address-list-timeout=10s chain=forward comment=”Block excessive connections from a single IP” connection-state=new limit-at=50/1m,30 protocol=tcp
add action=add-src-to-address-list address-list=CC-ATTACK address-list-timeout=1m chain=forward comment=”Add IP to blacklist after excessive connections” connection-state=new dst-port=80,443 protocol=tcp src-address-list=CC-ATTACK
add action=drop chain=forward comment=”Drop connections from blacklisted IPs” src-address-list=CC-ATTACK

暂无评论

发送评论 编辑评论


|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇