ROS防火墙之简单规则.禁PING,禁止某台机器上网,禁止超过500的ICMP包发向路由

#ROS2927放火墙之简单规则. #只做了禁PING,和ICMP协议超过500包不接. / ip firewall filter add chain=input in-interface=tel protocol=icmp icmp-options=8:0 action=drop \      comment="Tel Disable Ping" disabled=no add chain=input in-interface=cnc protocol=icmp icmp-options=8:0 action=drop \      comment="CNC Disable Ping" disabled=no add chain=input in-interface=lan src-address=!192.168.0.0/24 action=drop \      comment="Fei 192.168.0.0/24 can`t in ROS" disabled=yes add chain=forward src-address=192.168.0.215 action=accept comment="vip" \      disabled=yes add chain=input protocol=icmp icmp-options=8:0 packet-size=!0-600 action=drop \      comment="Chao Guo 500/pack dis" disabled=no add chain=forward in-interface=lan src-address=192.168.0.243 action=drop \      comment="Dis on computer top wire" disabled=no 简单说明: 红色字内的tel和cnc就是外网网卡名了..我是双线.所以有俩网卡了..是禁PING规则.. 蓝色字的就是内网网段,规则含义就是非内网网段的IP禁止向路由通讯. 绿色字的IP就是管理员的机器..任何规则对他都无效.. 暗红色字就是设置内网某台机器不让他上网...