有没有同学分享一下 ros 防火墙脚本啊?尤其是 ipv6 的 - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
shudongin
V2EX    宽带症候群

有没有同学分享一下 ros 防火墙脚本啊?尤其是 ipv6 的

  •   
  •   shudongin 2021-07-03 22:35:23 +08:00 2970 次点击
    这是一个创建于 1567 天前的主题,其中的信息可能已经有所发展或是发生改变。

    用了一天,才发现整个防火墙全是空的。 谢谢。

  • 防火墙
  • ROS
  • IPv6
  • 脚本
    8 条回复    2021-07-07 15:52:22 +08:00
    zro
        1
    zro  
       2021-07-04 01:53:15 +08:00
    不空啊,默认有 21 条设定的。。
    cr0wd
        2
    cr0wd  
       2021-07-04 07:10:57 +08:00 via Android
    可以参考下 Manual:Securing Your Router 这篇官方文档
    shudongin
        3
    shudongin  
    OP
       2021-07-04 08:37:24 +08:00
    @zro 原来我重置的时候把 no default configuration 勾上了,谢谢提醒。
    @cr0wd 好的,谢谢。
    ericbize
        4
    ericbize  
       2021-07-04 22:15:04 +08:00
    [admin@Home] > ipv6 firewall filter print
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; defconf: accept established,related,untracked
    chain=input action=accept connection-state=established,related,untracked

    1 ;;; defconf: drop invalid
    chain=input action=drop connection-state=invalid

    2 ;;; defconf: accept ICMPv6
    chain=input action=accept protocol=icmpv6

    3 ;;; defconf: accept UDP traceroute
    chain=input action=accept protocol=udp port=33434-33534

    4 ;;; defconf: accept DHCPv6-Client prefix delegation.
    chain=input action=accept protocol=udp src-address=fe80::/16 dst-port=546

    5 ;;; defconf: accept IKE
    chain=input action=accept protocol=udp dst-port=500,4500

    6 ;;; defconf: accept ipsec AH
    chain=input action=accept protocol=ipsec-ah

    7 ;;; defconf: accept ipsec ESP
    chain=input action=accept protocol=ipsec-esp

    8 ;;; defconf: accept all that matches ipsec policy
    chain=input action=accept ipsec-policy=in,ipsec

    9 ;;; defconf: drop everything else not coming from LAN
    chain=input action=drop in-interface-list=!LAN

    10 ;;; defconf: accept established,related,untracked
    chain=forward action=accept connection-state=established,related,untracked

    11 ;;; defconf: drop invalid
    chain=forward action=drop connection-state=invalid

    12 ;;; defconf: drop packets with bad src ipv6
    chain=forward action=drop src-address-list=bad_ipv6

    13 ;;; defconf: drop packets with bad dst ipv6
    chain=forward action=drop dst-address-list=bad_ipv6

    14 ;;; defconf: rfc4890 drop hop-limit=1
    chain=forward action=drop protocol=icmpv6 hop-limit=equal:1

    15 ;;; defconf: accept ICMPv6
    chain=forward action=accept protocol=icmpv6

    16 ;;; defconf: accept HIP
    chain=forward action=accept protocol=139

    17 ;;; defconf: accept IKE
    chain=forward action=accept protocol=udp dst-port=500,4500

    18 ;;; defconf: accept ipsec AH
    chain=forward action=accept protocol=ipsec-ah

    19 ;;; defconf: accept ipsec ESP
    chain=forward action=accept protocol=ipsec-esp

    20 ;;; defconf: accept all that matches ipsec policy
    chain=forward action=accept ipsec-policy=in,ipsec

    21 ;;; defconf: drop everything else not coming from LAN
    chain=forward action=drop in-interface-list=!LAN
    brMu
        5
    brMu  
       2021-07-05 08:53:35 +08:00
    实在不理解,用个路由器整这么复杂干吗?爱快、openwrt 、高恪不香吗?操作简单易上手,是因为有什么功能他们做不到非得用 ros 吗?
    redial39
        6
    redial39  
       2021-07-05 09:38:04 +08:00
    @brMu 先不说转发性能和稳定性.毕竟这些参数都可以大力出奇迹...流量打标.我用到现在只有他能做到..民用能买到的软件路由系统上
    wm5d8b
        7
    wm5d8b  
       2021-07-06 12:52:51 +08:00 via Android
    不知道 ipv6 前缀动态变的情况下,怎么开放内网某个服务的端口
    Yechs
        8
    Yechs  
       2021-07-07 15:52:22 +08:00
    脚本计算前缀动态更新防火墙
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     2850 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 25ms UTC 02:41 PVG 10:41 LAX 19:41 JFK 22:41
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86