MikroTik RouterOS v7动态防御DDOS和CC攻击的脚本

# 配置IP黑名单
/ip firewall address-list
add address=0.0.0.0/8 comment=”This network is used for testing” disabled=yes list=DDOS
add address=10.0.0.0/8 comment=”Private network” disabled=yes list=DDOS
add address=127.0.0.0/8 comment=”Loopback network” disabled=yes list=DDOS
add address=169.254.0.0/16 comment=”Link-local network” disabled=yes list=DDOS
add address=172.16.0.0/12 comment=”Private network” disabled=yes list=DDOS
add address=192.0.2.0/24 comment=”Documentation (TEST-NET-1)” disabled=yes list=DDOS
add address=192.168.0.0/16 comment=”Private network” disabled=yes list=DDOS
add address=198.18.0.0/15 comment=”Used for benchmark testing of inter-network communications” disabled=yes list=DDOS
add address=198.51.100.0/24 comment=”Documentation (TEST-NET-2)” disabled=yes list=DDOS
add address=203.0.113.0/24 comment=”Documentation (TEST-NET-3)” disabled=yes list=DDOS
add address=224.0.0.0/4 comment=”Multicast network” disabled=yes list=DDOS
add address=240.0.0.0/4 comment=”Reserved for future use” disabled=yes list=DDOS

# 配置动态DDOS攻击防御规则
/ip firewall filter
add action=add-src-to-address-list address-list=DDOS address-list-timeout=1m chain=input comment=”Block invalid connections” connection-state=invalid
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block TCP SYN flood” connection-limit=30,32 connection-state=new protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block UDP flood” protocol=udp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=10m chain=input comment=”Block ICMP flood” protocol=icmp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=1h chain=input comment=”Block IP spoofing” src-address-list=DDOS src-address=!192.168.0.0/16

# 配置动态CC攻击防御规则
/ip firewall filter
add action=add-src-to-address-list address-list=CC-ATTACK address-list-timeout=10s chain=forward comment=”Block excessive connections from a single IP” connection-state=new limit-at=50/1m,30 protocol=tcp
add action=add-src-to-address-list address-list=CC-ATTACK address-list-timeout=1m chain=forward comment=”Add IP to blacklist after excessive connections” connection-state=new dst-port=80,443 protocol=tcp src-address-list=CC-ATTACK
add action=drop chain=forward comment=”Drop connections from blacklisted IPs” src-address-list=CC-ATTACK

发送评论 编辑评论

推荐文章

发送评论编辑评论