KingDavid520 wrote:
今天終於第一次聽完...(恕刪)
今天李敖過逝,走完了他傳奇的一生
我讀大一那年,有二位著名的文人剛好出獄,一位就是李敖,另一位是柏楊,
我常站在圖書館二樓書報架前看他們二位出獄後寫的批評時政的文章,
或許是受到那段時間的影響,我也有了一段不算短的思想叛逆期,
直到後來全心全力投入工作,才逐漸脫離那段年少苦悶叛逆的日子,
敢於在封閉威權體制中當個諤諤之士,這種勇氣就足以讓人佩服
個人積分:20944分
文章編號:67788708
個人積分:318635分
文章編號:67788956
個人積分:28573分
文章編號:67789825
因為暗流聰明多了.能貼訊號.這就是手機耗電的原因.用這設定會遭遇到極端擠壓皆屬正常現象.
RTS值這裡就要建議.數值盡量保持在200~256.不太建議低於200的.從紀錄上觀察.
若沒用下圖這般設定而採用原廠預設值僅修RTS值是不夠的.這會遇到22海.若改下圖設定後.
22海確實減少.但445海居多.包括連同的DDoS也會有.這次的規則搭配下圖設定很OK.
所以盡量N歸N.AC歸AC.特定多餘功能可省略.歪壞頻道與頻帶寬也建議選用單一選項設定.
若遇到DDoS攻擊陣列.有UDP假開放這條在.就算UDP假開放那條不在也一樣根本不用怕.
暗流知道難搞難突破就找那幾個路人玩巧合.試圖來玩個詐欺.當我對時間前段對時.他們有時間.
若當我刻意對時間在後段對時.他們就不跟了.因為那時間反應來不及的.嘻嘻.就因看我文章數.
暗流A:快快快.猴子增加了.暗流B:時間提早.還可以.暗流C:你們都這樣說了那我就去跟.
暗流ABC:怎麼樣怎麼樣?暗流D:猴子規則仍不變動.很難穿破.看來這招對猴子根本沒用的.
暗流F:沒關係等等我就來一個DDoS.看看猴子怎麼樣!暗流G:哎呀.又不行了.根本沒用.
暗流H:等等猴子發這篇提到了.說DDoS沒用的.可以喊卡了.不要浪費時間.可惡!這潑猴.
結論這規則針對防堵.連電腦反應更順暢.連微軟之前公佈更動合約規則.意思是以後消費者出事.
不干微軟的事與責任.微軟能做就是維護正版.做違法事被抓都不干微軟的事.免得被消費者栽贓.
--
AVENGERS INFINITY WAR Final Trailer (Extended) Marvel寶貝:)開心最重要!
個人積分:673分
文章編號:67790399
個人積分:28573分
文章編號:67791167
紅框規則改回紫框規則.哎呀!若跟著設定的.我說對不起.這樣就能改善歪壞訊號遭遇到極端擾.
這裡簡單說明一下.當出去時.若暗流想搞.僅看到隱蔽出去的IP.它若進來利用雙向攔截封包.
抱歉.出去的也是被擋掉.頂多只能看到經NAT隱蔽的IP.它想利用根本別想了.就類似這樣.
若那條用NEW.或許看起來可行.但它能利用的會嘗試堵塞在那裏.才會因此嘗試發動DDoS.
但也太天真了.難怪在某一段看起來很堵塞.以至於暗流趁機發動DDoS.都說發動根本沒有用.
電腦會快會順.也是因為拜修改的規則而致.誰會喜歡把資訊跟著傳出.相信我根本沒有人會喜歡.
我才會說就算電腦配備再好再快.網路若讓人有機可趁.一律都沒用.或許問題真的並非這麼單純.
故微軟才會更動過去的合約.它合約僅提到若消費者使用微軟空間雲作為非法犯法用途微軟不負責.
| add action=accept chain=input comment="From our LAN" in-interface=bridge \ connection-state=new connection-nat-state=!dstnat src-address-list=LAN |
| add action=accept chain=input comment="From our LAN" in-interface=bridge \ connection-nat-state=!dstnat src-address-list=LAN |
NeverGiveUp!! wrote:
規則紅可改換紫.參...(恕刪)
| /ip firewall address-list add address=192.168.88.2-192.168.88.254 list=LAN add address=0.0.0.0/8 list=BOGONS add address=10.0.0.0/8 list=BOGONS add address=100.64.0.0/10 list=BOGONS add address=127.0.0.0/8 list=BOGONS add address=169.254.0.0/16 list=BOGONS add address=172.16.0.0/12 list=BOGONS add address=192.0.0.0/24 list=BOGONS add address=192.0.2.0/24 list=BOGONS add address=192.88.99.0/24 list=BOGONS add address=192.168.0.0/16 list=BOGONS add address=198.18.0.0/15 list=BOGONS add address=198.51.100.0/24 list=BOGONS add address=203.0.113.0/24 list=BOGONS add address=224.0.0.0/3 list=BOGONS add address=224.0.0.0/4 list=BOGONS add address=224.0.0.0/24 list=BOGONS add address=224.0.1.0/24 list=BOGONS add address=224.0.2.0-224.0.255.255 list=BOGONS add address=224.3.0.0-224.4.255.255 list=BOGONS add address=232.0.0.0/8 list=BOGONS add address=233.0.0.0/8 list=BOGONS add address=233.252.0.0/14 list=BOGONS add address=234.0.0.0/8 list=BOGONS add address=239.0.0.0/8 list=BOGONS add address=240.0.0.0/4 list=BOGONS /ip firewall nat add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp \ to-ports=53 add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53 add action=masquerade chain=srcnat comment="IP Masquerading" \ src-address-list=LAN /ip firewall filter add action=reject chain=forward dst-port=53,443 log=yes protocol=udp \ reject-with=icmp-network-unreachable src-address-list=LAN log-prefix=\ Reject LAN -> UDP(53,443) add action=accept chain=input comment=\ "Accept established and related packets" connection-state=\ established,related connection-nat-state=!srcnat add action=accept chain=input comment=udp limit=1/365d,0:packet protocol=udp add action=accept chain=input comment="From our LAN" in-interface=bridge \ connection-nat-state=!dstnat src-address-list=LAN add action=accept chain=input comment="Allow limited pings" icmp-options=\ !8:0-255 limit=50/5s,2:packet protocol=icmp add action=reject chain=input comment="Reject login brute forcers 1" dst-port=\ 21,22,23,8291 log=yes protocol=tcp reject-with=icmp-network-unreachable \ src-address-list=login_blacklist add action=add-src-to-address-list address-list=login_blacklist \ address-list-timeout=4d chain=input comment="Reject login brute forcers 2" \ connection-state=new dst-port=21,22,23,8291 protocol=tcp add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment=\ "Reject port scanners\A1GPort scanners to list" log=yes protocol=tcp psd=\ 21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" log=\ yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" log=yes \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" log=yes \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" log=yes \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" log=yes \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" log=yes \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=reject chain=input comment="dropping port scanners" log=yes \ reject-with=icmp-network-unreachable src-address-list="port scanners" add action=reject chain=input comment="Reject all packets from public internet\\ \\_which should not exist in public network" in-interface=pppoe-out1 log=\ yes reject-with=icmp-network-unreachable src-address-list=BOGONS add action=accept chain=forward comment="Established, Related" \ connection-state=established,relatedadd add action=accept chain=forward comment=\ "Accept all Packets connections from network" connection-nat-state=!dstnat \ in-interface=bridge src-address-list=LAN add action=reject chain=forward comment="Reject new TOR version" log=yes \ reject-with=icmp-network-unreachable src-address-list="New Tor-Users" add action=reject chain=forward comment="Block TOR browser" log=yes \ reject-with=icmp-network-unreachable src-address-list=Tor-Users add action=reject chain=forward comment=\ "Reject tries to reach not BOGONS addresses from LAN" dst-address-list=\ BOGONS in-interface=bridge log=yes log-prefix=!public_from_LAN \ out-interface=!bridge reject-with=icmp-network-unreachable add action=reject chain=forward comment=\ "Reject new connections from internet which are not dst-natted" \ connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1 \ log=yes reject-with=icmp-network-unreachable add action=reject chain=forward comment="Reject all packets from BOGONS inter\\ net which should not exist in BOGONS network" in-interface=pppoe-out1 log=\ yes reject-with=icmp-network-unreachable src-address-list=BOGONS add action=reject chain=forward comment="Reject all packets from local network\\ \\_to internet which should not exist in BOGONS network" dst-address-list=\ BOGONS in-interface=bridge log=yes reject-with=\ icmp-network-unreachable add action=reject chain=forward comment="Reject all packets in local network w\\ hich does not have local network address" in-interface=bridge log=yes \ reject-with=icmp-network-unreachable src-address=!192.168.88.0/24 add action=reject chain=forward comment="Reject All Forward Packets" log=no \ log-prefix="Reject All Packets" reject-with=icmp-network-unreachabl add action=log chain=input comment="Log everything else" log-prefix=\ "REJECT INPUT" add action=reject chain=input comment="Reject everything else" reject-with=\ icmp-network-unreachable /ip firewall mangle add action=add-src-to-address-list address-list="New Tor-Users" \ address-list-timeout=5m chain=prerouting comment="New Tor Version" \ dst-port=22 log=yes protocol=tcp add action=add-src-to-address-list address-list=Tor-Users \ address-list-timeout=5m chain=prerouting comment="Tor Users" \ dst-address-list=TOR-SERVERS dst-port=443 protocol=tcp /system scheduler add comment="Check and set NTP servers" interval=6h name=SetNtpServers \ on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\ # v1.2 Tested and Developed on ROS v5.7\\ #\\ # Change the following line as needed as progName should match script na\\ me \\ :local progName \\"SetNtpServers\";\ \ # Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\ \_two, a primary & secondary\ # Modify the following line and array variable based on your locale (def\ ault is north america).\ :local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ # Alternatively the US related pool below can be used. \ #:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ #\ # No modification is necessary beyond this line.\ :put \"\$progName: Running...\";\ :log info \"\$progName: Running...\";\ :set arrNtpSystems [ :toarray \$arrNtpSystems ];\ :if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \ )) do={ \ :put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \ be either one or two DNS names.\";\ :log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \ must be either one or two DNS names.\";\ } else={\ :local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\ :local i 0;\ :foreach strNtpSystem in (\$arrNtpSystems) do={\ :local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\ :local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\ :local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\ ng ];\ :put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\ o \$ipAddrNtpSystem.\";\ :log info \"\$progName: NTP server DNS name \$strNtpSystem resol\ ves to \$ipAddrNtpSystem.\";\ :put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\ rrentNtpIp.\";\ :log info \"\$progName: Current \$strRosNtpSetting setting is \$\ strCurrentNtpIp.\";\ :if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\ \_) do={\ :put \"\$progName: Changing \$strRosNtpSetting setting to \$\ ipAddrNtpSystem.\";\ :log info \"\$progName: Changing \$strRosNtpSetting setting \ to \$ipAddrNtpSystem.\";\ :local strCommand [ :parse \"/system ntp client set \$strRos\ NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\ \$strCommand;\ } else={\ :put \"\$progName: No changes were made for the \$strRosNtpS\ etting NTP setting.\";\ :log info \"\$progName: No changes were made for the \$strRo\ sNtpSetting NTP setting.\";\ }\ :set i (\$i + 1);\ }\ }\ :put \"\$progName: Done.\";\ :log info \"\$progName: Done.\";" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add comment=Download_Ads_List interval=24h name=DownloadAdsList \ on-event="/system script run Blocklister_download_Ads" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=25h name=DownloadSpywareList on-event=\ "/system script run Blocklister_download_Spyware" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=26h name=DownloadMalwaredomainlistList on-event=\ "/system script run Blocklister_download_Malwaredomainlist" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=27h name=DownloadHijackedList on-event=\ "/system script run \ Blocklister_download_Hijacked" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add name=Blocklister_download_Ads owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/ads\" dst-path=\"ads.rsc\";\ \_/import file-name=\"ads.rsc\";" add name=Blocklister_download_Spyware owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/spyware\" dst-path=\"spywar\ e.rsc\"; /import file-name=\"spyware.rsc\";" add name=Blocklister_download_Malwaredomainlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/malwaredomainlist\" dst-pat\ h=\"malwaredomainlist.rsc\"; /import file-name=\"malwaredomainlist.rsc\";" add name=Blocklister_download_Hijacked owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/hijacked\" dst-path=\"hijac\ ked.rsc\"; /import file-name=\"hijacked.rsc\";" /ip firewall raw add action=drop chain=prerouting dst-address-list=ads_list log=yes add action=drop chain=prerouting comment="Drop Spyware" dst-address-list=\ spyware_list log=yes add action=drop chain=prerouting dst-address-list=hijacked_list log=yes add action=drop chain=prerouting dst-address-list=malwaredomainlist_list \ log=yes add action=drop chain=prerouting src-address-list=port scanners log=yes add action=drop chain=prerouting src-address-list=login_blacklist log=yes add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" dst-port=\ 3544,3545 protocol=udp src-port=1024-65535 |
--
寶貝:)留言噢!
--
2Pac - So Many Tears [HD]寶貝:)開心最重要!
個人積分:28573分
文章編號:67791259
個人積分:318635分
文章編號:67792420
個人積分:413分
文章編號:67792557
個人積分:413分
文章編號:67792570
個人積分:28573分
文章編號:67795510
| /ip firewall mangle add action=add-src-to-address-list address-list="New Tor-Users" \ address-list-timeout=5m chain=prerouting comment="New Tor Version" \ dst-port=22 log=yes protocol=tcp add action=add-src-to-address-list address-list=Tor-Users \ address-list-timeout=5m chain=prerouting comment="Tor Users" \ dst-address-list=TOR-SERVERS dst-port=443 protocol=tcp |
| /ip firewall filter add action=reject chain=input comment="Reject all packets from public internet\\ \\_which should not exist in public network" in-interface=pppoe-out1 log=\ yes reject-with=icmp-network-unreachable src-address-list=BOGONS add action=reject chain=forward comment="Reject new TOR version" log=yes \ reject-with=icmp-network-unreachable src-address-list="New Tor-Users" add action=reject chain=forward comment="Block TOR browser" log=yes \ reject-with=icmp-network-unreachable src-address-list=Tor-Users add action=reject chain=forward comment=\ "Reject tries to reach not BOGONS addresses from LAN" dst-address-list=\ BOGONS in-interface=bridge log=yes log-prefix=!public_from_LAN \ out-interface=!bridge reject-with=icmp-network-unreachable add action=reject chain=forward comment=\ "Reject new connections from internet which are not dst-natted" \ connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1 \ log=yes reject-with=icmp-network-unreachable add action=reject chain=forward comment="Reject all packets from BOGONS inter\\ net which should not exist in BOGONS network" in-interface=pppoe-out1 log=\ yes reject-with=icmp-network-unreachable src-address-list=BOGONS add action=reject chain=forward comment="Reject all packets from local network\\ \\_to internet which should not exist in BOGONS network" dst-address-list=\ BOGONS in-interface=bridge log=yes reject-with=\ icmp-network-unreachable add action=reject chain=forward comment="Reject all packets in local network w\\ hich does not have local network address" in-interface=bridge log=yes \ reject-with=icmp-network-unreachable src-address=!192.168.88.0/24 |
| /ip firewall address-list add address=0.0.0.0/8 list=BOGONS add address=10.0.0.0/8 list=BOGONS add address=100.64.0.0/10 list=BOGONS add address=127.0.0.0/8 list=BOGONS add address=169.254.0.0/16 list=BOGONS add address=172.16.0.0/12 list=BOGONS add address=192.0.0.0/24 list=BOGONS add address=192.0.2.0/24 list=BOGONS add address=192.88.99.0/24 list=BOGONS add address=192.168.0.0/16 list=BOGONS add address=198.18.0.0/15 list=BOGONS add address=198.51.100.0/24 list=BOGONS add address=203.0.113.0/24 list=BOGONS add address=224.0.0.0/3 list=BOGONS add address=224.0.0.0/4 list=BOGONS add address=224.0.0.0/24 list=BOGONS add address=224.0.1.0/24 list=BOGONS add address=224.0.2.0-224.0.255.255 list=BOGONS add address=224.3.0.0-224.4.255.255 list=BOGONS add address=232.0.0.0/8 list=BOGONS add address=233.0.0.0/8 list=BOGONS add address=233.252.0.0/14 list=BOGONS add address=234.0.0.0/8 list=BOGONS add address=239.0.0.0/8 list=BOGONS add address=240.0.0.0/4 list=BOGONS |
NeverGiveUp!! wrote:
這條改回來.這樣就...(恕刪)
| /ip firewall address-list add address=192.168.88.2-192.168.88.254 list=LAN /ip firewall nat add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp \ to-ports=53 add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53 add action=masquerade chain=srcnat comment="IP Masquerading" \ src-address-list=LAN /ip firewall filter add action=reject chain=forward dst-port=53,443 log=yes protocol=udp \ reject-with=icmp-network-unreachable src-address-list=LAN log-prefix=\ Reject LAN -> UDP(53,443) add action=accept chain=input comment=\ "Accept established and related packets" connection-state=\ established,related connection-nat-state=!srcnat add action=accept chain=input comment=udp limit=1/365d,0:packet protocol=udp add action=accept chain=input comment="From our LAN" in-interface=bridge \ connection-nat-state=!dstnat src-address-list=LAN add action=accept chain=input comment="Allow limited pings" icmp-options=\ !8:0-255 limit=50/5s,2:packet protocol=icmp add action=reject chain=input comment="Reject login brute forcers 1" dst-port=\ 21,22,23,8291 log=yes protocol=tcp reject-with=icmp-network-unreachable \ src-address-list=login_blacklist add action=add-src-to-address-list address-list=login_blacklist \ address-list-timeout=4d chain=input comment="Reject login brute forcers 2" \ connection-state=new dst-port=21,22,23,8291 protocol=tcp add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment=\ "Reject port scanners\A1GPort scanners to list" log=yes protocol=tcp psd=\ 21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" log=\ yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" log=yes \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" log=yes \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" log=yes \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" log=yes \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" log=yes \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=reject chain=input comment="dropping port scanners" log=yes \ reject-with=icmp-network-unreachable src-address-list="port scanners" add action=accept chain=forward comment="Established, Related" \ connection-state=established,relatedadd connection-nat-state=!dstnat add action=accept chain=forward comment=\ "Accept all New Packets connections from network" connection-nat-state=!dstnat \ connection-state=new in-interface=bridge src-address-list=LAN add action=reject chain=forward comment="Reject All Forward Packets" log=no \ log-prefix="Reject All Packets" reject-with=icmp-network-unreachabl add action=log chain=input comment="Log everything else" log-prefix=\ "REJECT INPUT" add action=reject chain=input comment="Reject everything else" reject-with=\ icmp-network-unreachable /system scheduler add comment="Check and set NTP servers" interval=6h name=SetNtpServers \ on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\ # v1.2 Tested and Developed on ROS v5.7\\ #\\ # Change the following line as needed as progName should match script na\\ me \\ :local progName \\"SetNtpServers\";\ \ # Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\ \_two, a primary & secondary\ # Modify the following line and array variable based on your locale (def\ ault is north america).\ :local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ # Alternatively the US related pool below can be used. \ #:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ #\ # No modification is necessary beyond this line.\ :put \"\$progName: Running...\";\ :log info \"\$progName: Running...\";\ :set arrNtpSystems [ :toarray \$arrNtpSystems ];\ :if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \ )) do={ \ :put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \ be either one or two DNS names.\";\ :log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \ must be either one or two DNS names.\";\ } else={\ :local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\ :local i 0;\ :foreach strNtpSystem in (\$arrNtpSystems) do={\ :local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\ :local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\ :local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\ ng ];\ :put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\ o \$ipAddrNtpSystem.\";\ :log info \"\$progName: NTP server DNS name \$strNtpSystem resol\ ves to \$ipAddrNtpSystem.\";\ :put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\ rrentNtpIp.\";\ :log info \"\$progName: Current \$strRosNtpSetting setting is \$\ strCurrentNtpIp.\";\ :if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\ \_) do={\ :put \"\$progName: Changing \$strRosNtpSetting setting to \$\ ipAddrNtpSystem.\";\ :log info \"\$progName: Changing \$strRosNtpSetting setting \ to \$ipAddrNtpSystem.\";\ :local strCommand [ :parse \"/system ntp client set \$strRos\ NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\ \$strCommand;\ } else={\ :put \"\$progName: No changes were made for the \$strRosNtpS\ etting NTP setting.\";\ :log info \"\$progName: No changes were made for the \$strRo\ sNtpSetting NTP setting.\";\ }\ :set i (\$i + 1);\ }\ }\ :put \"\$progName: Done.\";\ :log info \"\$progName: Done.\";" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add comment=Download_Ads_List interval=24h name=DownloadAdsList \ on-event="/system script run Blocklister_download_Ads" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=25h name=DownloadSpywareList on-event=\ "/system script run Blocklister_download_Spyware" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=26h name=DownloadMalwaredomainlistList on-event=\ "/system script run Blocklister_download_Malwaredomainlist" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=27h name=DownloadHijackedList on-event=\ "/system script run \ Blocklister_download_Hijacked" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add name=Blocklister_download_Ads owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/ads\" dst-path=\"ads.rsc\";\ \_/import file-name=\"ads.rsc\";" add name=Blocklister_download_Spyware owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/spyware\" dst-path=\"spywar\ e.rsc\"; /import file-name=\"spyware.rsc\";" add name=Blocklister_download_Malwaredomainlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/malwaredomainlist\" dst-pat\ h=\"malwaredomainlist.rsc\"; /import file-name=\"malwaredomainlist.rsc\";" add name=Blocklister_download_Hijacked owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/hijacked\" dst-path=\"hijac\ ked.rsc\"; /import file-name=\"hijacked.rsc\";" /ip firewall raw add action=drop chain=prerouting dst-address-list=ads_list log=yes add action=drop chain=prerouting comment="Drop Spyware" dst-address-list=\ spyware_list log=yes add action=drop chain=prerouting dst-address-list=hijacked_list log=yes add action=drop chain=prerouting dst-address-list=malwaredomainlist_list \ log=yes add action=drop chain=prerouting src-address-list=port scanners log=yes add action=drop chain=prerouting src-address-list=login_blacklist log=yes add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" dst-port=\ 3544,3545 protocol=udp src-port=1024-65535 |
--
寶貝:)這樣就行了.嘻嘻.
有看到上次忘記放進來的.已修正.--
Migos - Walk It Talk It ft. Drake寶貝:)開心最重要!
關閉廣告