我设置的IP过滤规则 for MT800

adscrz

create ipf rule entry ruleid 500 dir in act accept transprot eq num 1 icmptype eq num 0 log enable seclevel  medium logtag "ping"
create ipf rule entry ruleid 502 dir in act accept transprot eq num 1 icmptype eq num 11 seclevel  medium
create ipf rule entry ruleid 504 dir in act accept transprot eq num 1 icmptype eq num 3 seclevel  medium
create ipf rule entry ruleid 506 ifname private dir in act accept transprot eq num 1 icmptype eq num 8 seclevel  medium
create ipf rule entry ruleid 508 ifname public dir in transprot eq num 1 icmptype eq num 8 seclevel  medium blistprotect enable
create ipf rule entry ruleid 600 ifname public dir in transprot eq num 1 seclevel  medium blistprotect enable logtag "ICMP hack"
create ipf rule entry ruleid 700 ifname public dir out act accept transprot eq num 6 destport eq num 80 seclevel  medium logtag "WEB 80"
create ipf rule entry ruleid 702 ifname public dir out act accept transprot eq num 6 destport eq num 443 seclevel  medium logtag "web 443"
create ipf rule entry ruleid 704 ifname public dir out act accept transprot eq num 6 destport eq num 110 seclevel  medium logtag "POP"
create ipf rule entry ruleid 706 ifname public dir out act accept transprot eq num 6 destport eq num 1995 seclevel  medium logtag "POP SSL"
create ipf rule entry ruleid 708 ifname public dir out act accept transprot eq num 6 destport eq num 995 seclevel  medium logtag "POP SSL"
create ipf rule entry ruleid 710 ifname public dir out act accept transprot eq num 6 destport eq num 465 seclevel  medium logtag "SMTP SSL465"
create ipf rule entry ruleid 712 ifname public dir out act accept transprot eq num 6 destport eq num 25 seclevel  medium logtag "SMTP25"
create ipf rule entry ruleid 714 ifname public dir out act accept transprot eq num 6 destport eq num 21 seclevel  medium logtag "FTP"
create ipf rule entry ruleid 716 ifname public dir in act accept transprot eq num 6 destport eq num 21 seclevel  medium logtag "ftp in"
create ipf rule entry ruleid 718 ifname public dir out act accept transprot eq num 6 srcport eq num 21 seclevel  medium logtag "ftp out"
create ipf rule entry ruleid 720 ifname public dir out act accept transprot eq num 6 destport eq num 7708 seclevel  medium logtag "shares1"
create ipf rule entry ruleid 722 ifname public dir out act accept transprot eq num 6 destport eq num 7709 seclevel  medium logtag "shares2"
create ipf rule entry ruleid 724 ifname public dir out act accept transprot eq num 6 destport eq num 8601 seclevel  medium logtag "shares3"
create ipf rule entry ruleid 780 dir out destaddr eq 219.133.60.243 seclevel  medium logtag "QQ backdoor"
create ipf rule entry ruleid 790 dir out transprot eq num 6 destport range 3075 3078 seclevel  medium logtag "Deny Thunder"
create ipf rule entry ruleid 800 ifname public dir out transprot eq num 6 seclevel  medium logtag "Deny TCP"
create ipf rule entry ruleid 810 ifname public dir out act accept transprot eq num 17 destport eq num 53 seclevel  medium logtag "DNS53"
create ipf rule entry ruleid 880 dir out transprot eq num 17 destport range 13000 14000 seclevel  medium logtag "QQ Live"
create ipf rule entry ruleid 900 ifname public dir out transprot eq num 17 seclevel  medium logtag "Deny UDP"

adscrz

大家帮忙看看有无问题？
设置后能稳定运行（接12台电脑），而且速度还可以
这条规则是防止QQ做坏事的，因为QQ会分析你是否访问敏感话题，
是的话就连去服务器，然后就……
219.133.60.243 seclevel  medium logtag "QQ backdoor"
我可不想替人受罪，干脆屏蔽，如果还有其它IP地址的话，请告知。
谢谢

lf3698

楼主真行，向你学习啊！