配置爱快路由器的ACL规则
id=1 enabled=yes comment=阻止访问路由 action=drop dir=input ctdir=0 iinterface=any ointerface=any src_addr= dst_addr= protocol=any src_port= dst_port= week=1234567 time=00:00-23:59 id=2 enabled=yes comment=限制端口映射 action=drop dir=forward ctdir=1 iinterface=any ointerface=any src_addr= dst_addr= protocol=any src_port= dst_port= week=1234567 time=00:00-23:59 id=3 enabled=yes comment=允许ICMP action=accept dir=input ctdir=0 iinterface=any ointerface=any src_addr= dst_addr= protocol=icmp src_port= dst_port= week=1234567 time=00:00-23:59 id=4 enabled=yes comment=内网要DNS来上网 action=accept dir=input ctdir=0 iinterface=any ointerface=any src_addr= dst_addr= protocol=udp src_port=53 dst_port= week=1234567 time=00:00-23:59 id=5 enabled=yes comment=可上网的内网IP action=accept dir=forward ctdir=1 iinterface=any ointerface=any src_addr=192.168.0.0-192.168.255.255 dst_addr= protocol=any src_port= dst_port= week=1234567 time=00:00-23:59 id=6 enabled=yes comment=允许管理路由器 action=accept dir=input ctdir=0 iinterface=any ointerface=any src_addr=106.111.0.0-106.111.255.255,39.172.91.235,115.218.0.0-115.218.255.255,192.168.0.0-192.168.255.255 dst_addr= protocol=any src_port= dst_port= week=1234567 time=00:00-23:59 id=7 enabled=yes comment=允许访问端口映射 action=accept dir=forward ctdir=1 iinterface=any ointerface=any src_addr=106.111.0.0-106.111.255.255,39.172.91.235,115.218.0.0-115.218.255.255 dst_addr= protocol=any src_port= dst_port= week=1234567 time=00:00-23:59
保存成acl.txt导入策略即可