ros防火墙脚本
㈠ ROS常用脚本怎么添加
ROS常用脚本(如定时重起、ARP绑定、删除所有连接等)
1.删除所有连接
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
2.防火墙规则
:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i] disable
3.firewall connection tracking syn sendtime 设置成50 rectime 设置成30 减轻syn攻击
4./system scheler add name=reboot interval=24h start-time=06:59:00 on-event={/system reboot} disabled=no 定时重起
5./ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx 改变默认网关
6./queue simple remove [find] 删除所有Simple Queues
7.:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add -from=$i} ARP绑定(静态ARP)
8.解除绑定:foreach i in=[/ip arp find ] do=[/ip arp remove $i]
9.每个IP加一个simple queue的脚本
:foreach i in [/queue simple find] \
do {:put (deleting . ... . [/queue simple get $i name]);
queue simple remove $i;}
for i from 1 to 254 \
do { \
:if ($i!=100) \
do {/queue simple add \
name=(queue . $i) \
limit-at=128000/128000 \
burst-threshold=384000/192000 \
max-limit=512000/256000 \
burst-limit=2000000/512000 \
burst-time=16s/8s \
dst-address=(192.168.0. . $i); \
:put (192.168.0. . $i . ... . added)} \
}
10.使用export命令导出,使用import命令导入。
如:导出全部配置命令为:/export file=xxx
导入配置命令:/import file=xxx
导出防火墙配置的命令:/ip firewall export file=xxx
11.备份设置:files-->backup 再用ftp client download备份文件
12.恢复设置:ftp client upload 备份文件;files --> restore