ros防火牆腳本
㈠ ROS常用腳本怎麼添加
ROS常用腳本(如定時重起、ARP綁定、刪除所有連接等)
1.刪除所有連接
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
2.防火牆規則
:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i] disable
3.firewall connection tracking syn sendtime 設置成50 rectime 設置成30 減輕syn攻擊
4./system scheler add name=reboot interval=24h start-time=06:59:00 on-event={/system reboot} disabled=no 定時重起
5./ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx 改變默認網關
6./queue simple remove [find] 刪除所有Simple Queues
7.:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add -from=$i} ARP綁定(靜態ARP)
8.解除綁定:foreach i in=[/ip arp find ] do=[/ip arp remove $i]
9.每個IP加一個simple queue的腳本
:foreach i in [/queue simple find] \
do {:put (deleting . ... . [/queue simple get $i name]);
queue simple remove $i;}
for i from 1 to 254 \
do { \
:if ($i!=100) \
do {/queue simple add \
name=(queue . $i) \
limit-at=128000/128000 \
burst-threshold=384000/192000 \
max-limit=512000/256000 \
burst-limit=2000000/512000 \
burst-time=16s/8s \
dst-address=(192.168.0. . $i); \
:put (192.168.0. . $i . ... . added)} \
}
10.使用export命令導出,使用import命令導入。
如:導出全部配置命令為:/export file=xxx
導入配置命令:/import file=xxx
導出防火牆配置的命令:/ip firewall export file=xxx
11.備份設置:files-->backup 再用ftp client download備份文件
12.恢復設置:ftp client upload 備份文件;files --> restore