Wednesday, March 10, 2010

ip firewall nat

ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=modem1 connection-mark=satu action=src-nat
to-addresses=192.168.1.2 to-ports=0-65535

1 chain=srcnat out-interface=modem2 connection-mark=dua action=src-nat
to-addresses=192.168.2.2 to-ports=0-65535

2 chain=dstnat in-interface=lokal protocol=icmp action=redirect to-ports=1

3 chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53

4 chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53

ip firewall mangle

ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting in-interface=lokal connection-state=new nth=1,1,0
action=mark-connection new-connection-mark=satu passthrough=yes

1 chain=prerouting in-interface=lokal connection-mark=satu
action=mark-routing new-routing-mark=satu passthrough=no

2 chain=prerouting in-interface=lokal connection-state=new nth=1,1,1
action=mark-connection new-connection-mark=dua passthrough=yes

3 chain=prerouting in-interface=lokal connection-mark=dua
action=mark-routing new-routing-mark=dua passthrough=yes

4 chain=prerouting src-address=192.168.3.0/24 protocol=icmp
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes

5 chain=prerouting connection-mark=ICMP-CM action=mark-packet
new-packet-mark=ICMP-PM passthrough=yes

6 chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay

7 chain=prerouting src-address=192.168.3.0/24 protocol=tcp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes

8 chain=prerouting src-address=192.168.3.0/24 protocol=udp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes

9 chain=prerouting connection-mark=DNS-CM action=mark-packet
new-packet-mark=DNS-PM passthrough=yes

10 chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay

11 chain=forward src-address=192.168.3.0/24 dst-address=192.168.3.0/24
action=mark-connection new-connection-mark=user-lokal passthrough=yes

12 chain=forward connection-mark=user-lokal action=mark-packet
new-packet-mark=lokaltrafic passthrough=yes

Firewall

ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; The Thing
chain=virus protocol=tcp dst-port=6400 action=drop

1 ;;; TEMan, Weia-Meia
chain=virus protocol=tcp dst-port=6661 action=drop

2 ;;; Dark Connection Inside, NetBus worm
chain=virus protocol=tcp dst-port=6666 action=drop

3 ;;; Dark FTP, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, Trinity, >
Satan
chain=virus protocol=tcp dst-port=6667 action=drop

4 ;;; Host Control, Vampire
chain=virus protocol=tcp dst-port=6669 action=drop

5 ;;; BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame
chain=virus protocol=tcp dst-port=6670 action=drop

6 ;;; BackDoor-G, SubSeven, VP Killer
chain=virus protocol=tcp dst-port=6711 action=drop

7 ;;; Funny trojan, SubSeven
chain=virus protocol=tcp dst-port=6712 action=drop

8 ;;; SubSeven
chain=virus protocol=tcp dst-port=6713 action=drop

9 ;;; Mstream
chain=virus protocol=tcp dst-port=6723 action=drop

10 ;;; Deep Throat, Foreplay
chain=virus protocol=tcp dst-port=6771 action=drop

11 ;;; 2000 Cracks, BackDoor-G, SubSeven, VP Killer
chain=virus protocol=tcp dst-port=6776 action=drop

12 ;;; Mstream
chain=virus protocol=udp dst-port=6838 action=drop

13 ;;; Delta Source DarkStar
chain=virus protocol=tcp dst-port=6883 action=drop

14 ;;; Shit Heep
chain=virus protocol=tcp dst-port=6912 action=drop

15 ;;; Indoctrination
chain=virus protocol=tcp dst-port=6939 action=drop

16 ;;; GateCrasher, IRC 3, Net Controller, Priority
chain=virus protocol=tcp dst-port=6969-6970 action=drop

17 ;;; Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven >
Gold
chain=virus protocol=tcp dst-port=7000 action=drop

18 ;;; Freak88, Freak2k
chain=virus protocol=tcp dst-port=7001 action=drop

19 ;;; SubSeven, SubSeven 2.1 Gold
chain=virus protocol=tcp dst-port=7215 action=drop

20 ;;; NetMonitor
chain=virus protocol=tcp dst-port=7300-7308 action=drop

21 ;;; Host Control
chain=virus protocol=tcp dst-port=7424 action=drop

22 ;;; Host Control
chain=virus protocol=udp dst-port=7424 action=drop

23 ;;; Qaz
chain=virus protocol=tcp dst-port=7597 action=drop

24 ;;; Glacier
chain=virus protocol=tcp dst-port=7626 action=drop

25 ;;; God Message, Tini
chain=virus protocol=tcp dst-port=7777 action=drop

26 ;;; Back Door Setup, ICKiller
chain=virus protocol=tcp dst-port=7789 action=drop

27 ;;; The ReVeNgEr
chain=virus protocol=tcp dst-port=7891 action=drop

28 ;;; Mstream
chain=virus protocol=tcp dst-port=7983 action=drop

29 ;;; Back Orifice 2000
chain=virus protocol=tcp dst-port=8787 action=drop

30 ;;; BacHack
chain=virus protocol=tcp dst-port=8988 action=drop

31 ;;; Rcon, Recon, Xcon
chain=virus protocol=tcp dst-port=8989 action=drop

32 ;;; Netministrator
chain=virus protocol=tcp dst-port=9000 action=drop

33 ;;; Mstream
chain=virus protocol=udp dst-port=9325 action=drop

34 ;;; InCommand
chain=virus protocol=tcp dst-port=9400 action=drop

35 ;;; Portal of Doom
chain=virus protocol=tcp dst-port=9872-9875 action=drop

36 ;;; Cyber Attacker, Rux
chain=virus protocol=tcp dst-port=9876 action=drop

37 ;;; TransScout
chain=virus protocol=tcp dst-port=9878 action=drop

38 ;;; Ini-Killer
chain=virus protocol=tcp dst-port=9989 action=drop

39 ;;; The Prayer
chain=virus protocol=tcp dst-port=9999 action=drop

40 ;;; OpwinTRojan
chain=virus protocol=tcp dst-port=10000-10005 action=drop

41 ;;; Portal of Doom
chain=virus protocol=udp dst-port=10067 action=drop

42 ;;; Syphillis
chain=virus protocol=tcp dst-port=10085-10086 action=drop

43 ;;; Control Total, Gift trojan
chain=virus protocol=tcp dst-port=10100 action=drop

44 ;;; BrainSpy, Silencer
chain=virus protocol=tcp dst-port=10101 action=drop

45 ;;; Portal of Doom
chain=virus protocol=udp dst-port=10167 action=drop

46 ;;; Acid Shivers
chain=virus protocol=tcp dst-port=10520 action=drop

47 ;;; Host Control
chain=virus protocol=tcp dst-port=10528 action=drop

48 ;;; Coma
chain=virus protocol=tcp dst-port=10607 action=drop

49 ;;; Ambush
chain=virus protocol=udp dst-port=10666 action=drop

50 ;;; Senna Spy Trojan Generator
chain=virus protocol=tcp dst-port=11000 action=drop

51 ;;; Host Control
chain=virus protocol=tcp dst-port=11050-11051 action=drop

52 ;;; Progenic trojan, Secret Agent
chain=virus protocol=tcp dst-port=11223 action=drop

53 ;;; Gjamer
chain=virus protocol=tcp dst-port=12076 action=drop

54 ;;; Hack99 KeyLogger
chain=virus protocol=tcp dst-port=12223 action=drop

55 ;;; Ashley, cron crontab, Fat Bitch trojan, GabanBus, icmp_client.c, icm>
ipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-
bill
chain=virus protocol=tcp dst-port=12345 action=drop

56 ;;; Fat Bitch trojan, GabanBus, NetBus, X-bill
chain=virus protocol=tcp dst-port=12346 action=drop

57 ;;; BioNet
chain=virus protocol=tcp dst-port=12349 action=drop

58 ;;; Whack-a-mole
chain=virus protocol=tcp dst-port=12361-12363 action=drop

59 ;;; DUN Control
chain=virus protocol=udp dst-port=12623 action=drop

60 ;;; ButtMan
chain=virus protocol=tcp dst-port=12624 action=drop

61 ;;; Whack Job
chain=virus protocol=tcp dst-port=12631 action=drop

62 ;;; Mstream
chain=virus protocol=tcp dst-port=12754 action=drop

63 ;;; Senna Spy Trojan Generator, Senna Spy Trojan Generator
chain=virus protocol=tcp dst-port=13000 action=drop

64 ;;; Hacker Brasil HBR
chain=virus protocol=tcp dst-port=13010 action=drop

65 ;;; PsychWard
chain=virus protocol=tcp dst-port=13013-13014 action=drop

66 ;;; Hack99 KeyLogger
chain=virus protocol=tcp dst-port=13223 action=drop

67 ;;; Chupacabra
chain=virus protocol=tcp dst-port=13473 action=drop

68 ;;; PC Invader
chain=virus protocol=tcp dst-port=14500-14503 action=drop

69 ;;; NetDemon
chain=virus protocol=tcp dst-port=15000 action=drop

70 ;;; Host Control
chain=virus protocol=tcp dst-port=15092 action=drop

71 ;;; Mstream
chain=virus protocol=tcp dst-port=15104 action=drop

72 ;;; SubZero
chain=virus protocol=tcp dst-port=15382 action=drop

73 ;;; CDK
chain=virus protocol=tcp dst-port=15858 action=drop

74 ;;; Mosucker
chain=virus protocol=tcp dst-port=16484 action=drop

75 ;;; Stacheldraht
chain=virus protocol=tcp dst-port=16660 action=drop

76 ;;; ICQ Revenge
chain=virus protocol=tcp dst-port=16772 action=drop

77 ;;; SubSeven, Subseven 2.1.4 DefCon 8
chain=virus protocol=tcp dst-port=16959 action=drop

78 ;;; Priority
chain=virus protocol=tcp dst-port=16969 action=drop

79 ;;; Mosaic
chain=virus protocol=tcp dst-port=17166 action=drop

80 ;;; Kuang2 the virus
chain=virus protocol=tcp dst-port=17300 action=drop

81 ;;; Kid Terror
chain=virus protocol=tcp dst-port=17449 action=drop

82 ;;; CrazzyNet
chain=virus protocol=tcp dst-port=17499-17500 action=drop

83 ;;; Infector
chain=virus protocol=tcp dst-port=17569 action=drop

84 ;;; Audiodoor
chain=virus protocol=tcp dst-port=17593 action=drop

85 ;;; Nephron
chain=virus protocol=tcp dst-port=17777 action=drop

86 ;;; Shaft
chain=virus protocol=udp dst-port=18753 action=drop

87 ;;; ICQ Revenge
chain=virus protocol=tcp dst-port=19864 action=drop

88 ;;; Millenium
chain=virus protocol=tcp dst-port=20000 action=drop

89 ;;; Millenium, Millenium Lm
chain=virus protocol=tcp dst-port=20001 action=drop

90 ;;; AcidkoR
chain=virus protocol=tcp dst-port=20002 action=drop

91 ;;; Mosucker
chain=virus protocol=tcp dst-port=20005 action=drop

92 ;;; VP Killer
chain=virus protocol=tcp dst-port=20023 action=drop

93 ;;; NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job
chain=virus protocol=tcp dst-port=20034 action=drop

94 ;;; Chupacabra
chain=virus protocol=tcp dst-port=20203 action=drop

95 ;;; BLA trojan
chain=virus protocol=tcp dst-port=20331 action=drop

96 ;;; Shaft
chain=virus protocol=tcp dst-port=20432 action=drop

97 ;;; Shaft
chain=virus protocol=udp dst-port=20433 action=drop

98 ;;; GirlFriend, Kid Terror
chain=virus protocol=tcp dst-port=21544 action=drop

99 ;;; Exploiter, Kid Terror, Schwindler, Winsp00fer
chain=virus protocol=tcp dst-port=21554 action=drop

100 ;;; Donald Dick, Prosiak, Ruler, RUX The TIc.K
chain=virus protocol=tcp dst-port=22222 action=drop

101 ;;; NetTrash
chain=virus protocol=tcp dst-port=23005-23006 action=drop

102 ;;; Logged
chain=virus protocol=tcp dst-port=23023 action=drop

103 ;;; Amanda
chain=virus protocol=tcp dst-port=23032 action=drop

104 ;;; Asylum
chain=virus protocol=tcp dst-port=23432 action=drop

105 ;;; Evil FTP, Ugly FTP, Whack Job
chain=virus protocol=tcp dst-port=23456 action=drop

106 ;;; Donald Dick
chain=virus protocol=tcp dst-port=23476 action=drop

107 ;;; Donald Dick
chain=virus protocol=udp dst-port=23476 action=drop

108 ;;; Donald Dick
chain=virus protocol=tcp dst-port=23477 action=drop

109 ;;; InetSpy
chain=virus protocol=tcp dst-port=23777 action=drop

110 ;;; Infector
chain=virus protocol=tcp dst-port=24000 action=drop

111 ;;; Moonpie
chain=virus protocol=tcp dst-port=25685-25982 action=drop

112 ;;; Delta Source
chain=virus protocol=udp dst-port=26274 action=drop

113 ;;; Voice Spy
chain=virus protocol=tcp dst-port=26681 action=drop

114 ;;; Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.>
fCon 8, SubSeven Muie, Ttfloader
chain=virus protocol=tcp dst-port=27374 action=drop

115 ;;; Trinoo
chain=virus protocol=udp dst-port=27444 action=drop

116 ;;; SubSeven
chain=virus protocol=tcp dst-port=27573 action=drop

117 ;;; Trinoo
chain=virus protocol=tcp dst-port=27665 action=drop

118 ;;; Exploiter
chain=virus protocol=tcp dst-port=28678 action=drop

119 ;;; NetTrojan
chain=virus protocol=tcp dst-port=29104 action=drop

120 ;;; ovasOn
chain=virus protocol=tcp dst-port=29369 action=drop

121 ;;; The Unexplained
chain=virus protocol=tcp dst-port=29891 action=drop

122 ;;; Infector
chain=virus protocol=tcp dst-port=30000 action=drop

123 ;;; ErrOr32
chain=virus protocol=tcp dst-port=30001 action=drop

124 ;;; Lamers Death
chain=virus protocol=tcp dst-port=30003 action=drop

125 ;;; AOL trojan
chain=virus protocol=tcp dst-port=30029 action=drop

126 ;;; NetSphere
chain=virus protocol=tcp dst-port=30100-30133 action=drop

127 ;;; NetSphere
chain=virus protocol=udp dst-port=30103 action=drop

128 ;;; Sockets des Troie
chain=virus protocol=tcp dst-port=30303 action=drop

129 ;;; Intruse
chain=virus protocol=tcp dst-port=30947 action=drop

130 ;;; Kuang2
chain=virus protocol=tcp dst-port=30999 action=drop

131 ;;; Trinoo
chain=virus protocol=tcp dst-port=31335 action=drop

132 ;;; Bo Whack, Butt Funnel
chain=virus protocol=tcp dst-port=31336 action=drop

133 ;;; Back Fire, Back Orifice 1.20 patches, Back Orifice Lm, Back Orifice >
ian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron crontab, F
reak88, Freak2k, icmp_pipe.c, Sockdmini
chain=virus protocol=tcp dst-port=31337 action=drop

134 ;;; Back Orifice, Deep BO
chain=virus protocol=udp dst-port=31337 action=drop

135 ;;; Back Orifice, Butt Funnel, NetSpy DK
chain=virus protocol=tcp dst-port=31338 action=drop

136 ;;; Deep BO
chain=virus protocol=udp dst-port=31338 action=drop

137 ;;; NetSpy DK
chain=virus protocol=tcp dst-port=31339 action=drop

138 ;;; BOWhack
chain=virus protocol=tcp dst-port=31666 action=drop

139 ;;; Hack a Tack
chain=virus protocol=tcp dst-port=31785-31792 action=drop

140 ;;; Hack a Tack
chain=virus protocol=udp dst-port=31791-31792 action=drop

141 ;;; Donald Dick
chain=virus protocol=tcp dst-port=32001 action=drop

142 ;;; Peanut Brittle, Project nEXT
chain=virus protocol=tcp dst-port=32100 action=drop

143 ;;; Acid Battery
chain=virus protocol=tcp dst-port=32418 action=drop

144 ;;; Trinity
chain=virus protocol=tcp dst-port=33270 action=drop

145 ;;; Blakharaz, Prosiak
chain=virus protocol=tcp dst-port=33333 action=drop

146 ;;; Son of PsychWard
chain=virus protocol=tcp dst-port=33577-33777 action=drop

147 ;;; Spirit 2000, Spirit 2001
chain=virus protocol=tcp dst-port=33911 action=drop

148 ;;; Big Gluck, TN
chain=virus protocol=tcp dst-port=34324 action=drop

149 ;;; Donald Dick
chain=virus protocol=tcp dst-port=34444 action=drop

150 ;;; Trinoo for Windows
chain=virus protocol=udp dst-port=34555-35555 action=drop

151 ;;; Mantis
chain=virus protocol=tcp dst-port=37237 action=drop

152 ;;; Yet Another Trojan YAT
chain=virus protocol=tcp dst-port=37651 action=drop

153 ;;; The Spy
chain=virus protocol=tcp dst-port=40412 action=drop

154 ;;; Agent 40421, Masters Paradise
chain=virus protocol=tcp dst-port=40421 action=drop

155 ;;; Masters Paradise
chain=virus protocol=tcp dst-port=40422-40426 action=drop

156 ;;; Storm
chain=virus protocol=tcp dst-port=41337 action=drop

157 ;;; Remote Boot Tool RBT, Remote Boot Tool RBT
chain=virus protocol=tcp dst-port=41666 action=drop

158 ;;; Prosiak
chain=virus protocol=tcp dst-port=44444 action=drop

159 ;;; Exploiter
chain=virus protocol=tcp dst-port=44575 action=drop

160 ;;; Delta Source
chain=virus protocol=udp dst-port=47262 action=drop

161 ;;; OnLine KeyLogger
chain=virus protocol=tcp dst-port=49301 action=drop

162 ;;; Enterprise
chain=virus protocol=tcp dst-port=50130 action=drop

163 ;;; Sockets des Troie
chain=virus protocol=tcp dst-port=50505 action=drop

164 ;;; Fore, Schwindler
chain=virus protocol=tcp dst-port=50766 action=drop

165 ;;; Cafeini
chain=virus protocol=tcp dst-port=51966 action=drop

166 ;;; Acid Battery 2000
chain=virus protocol=tcp dst-port=52317 action=drop

167 ;;; Remote Windows Shutdown RWS
chain=virus protocol=tcp dst-port=53001 action=drop

168 ;;; allow established
;;; connections
chain=forward connection-state=established action=accept

169 ;;; allow related connections
chain=forward connection-state=related action=accept

170 ;;; drop invalid
;;; connections
chain=forward connection-state=invalid action=drop

171 ;;; Drop Blaster
;;; Worm
chain=virus protocol=tcp dst-port=135-139 action=drop

172 ;;; Drop Messenger
;;; Worm
chain=virus protocol=udp dst-port=135-139 action=drop

173 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop

174 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop

175 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop

176 chain=virus protocol=tcp dst-port=1024-1030 action=drop

177 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=1080 action=drop

178 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop

179 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop

180 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop

181 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop

182 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop

183 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop

184 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop

185 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop

186 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop

187 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop

188 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop

189 ;;; Drop
;;; MyDoom
chain=virus protocol=tcp dst-port=3127-3128 action=drop

190 ;;; Drop Backdoor
;;; OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop

191 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop

192 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop

193 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop

194 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop

195 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop

196 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop

197 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop

198 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop

199 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop

200 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop

201 ;;; Drop PhatBot,
;;; Agobot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop

202 X ;;; jump to the virus chain
chain=forward action=jump jump-target=virus

203 ;;; Allow HTTP
chain=forward protocol=tcp dst-port=80 action=accept

204 ;;; Allow SMTP
chain=forward protocol=tcp dst-port=25 action=accept

205 ;;; allow TCP
chain=forward protocol=tcp action=accept

206 ;;; allow ping
chain=forward protocol=icmp action=accept

207 ;;; allow udp
chain=forward protocol=udp action=accept

208 ;;; drop everything else
chain=forward action=drop

209 chain=input protocol=tcp dst-port=22 connection-limit=1,32 action=accept

210 chain=input protocol=tcp dst-port=22 src-address-list=!ssh_logins
action=accept

211 chain=forward src-address=192.168.1.10 protocol=tcp src-port=21
action=accept

212 chain=forward src-address-list=ftp_logins action=drop

213 ;;; Confiker
chain=virus protocol=udp dst-port=135 action=drop

214 ;;; Confiker
chain=virus protocol=udp dst-port=137 action=drop

215 ;;; Confiker
chain=virus protocol=udp dst-port=138 action=drop

216 ;;; Confiker
chain=virus protocol=udp dst-port=445 action=drop

217 ;;; Confiker
chain=virus protocol=tcp dst-port=135 action=drop

218 ;;; Confiker
chain=virus protocol=tcp dst-port=139 action=drop

219 ;;; Confiker
chain=virus protocol=tcp dst-port=5933 action=drop

220 ;;; Confiker
chain=virus protocol=tcp dst-port=445 action=drop

221 ;;; Confiker
chain=virus protocol=tcp dst-port=4691 action=drop

222 ;;; Drop Spammer
chain=virus protocol=tcp dst-port=25 src-address-list=spammer
action=drop

223 ;;; add to spammer list
chain=virus protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5
action=add-src-to-address-list address-list=spammer
address-list-timeout=1d

224 chain=forward in-interface=lokal protocol=udp dst-port=5678 action=drop

225 chain=input in-interface=lokal protocol=udp dst-port=5678 action=drop