/ip firewall address-listadd address=192.168.11.0/24 comment="DMZ Hosts" dis

1. /ip firewall address-list
2.  
3. add address=192.168.11.0/24 comment="DMZ Hosts" disabled=no list=dmz
4. add address=10.20.31.0/24 comment="Mining Stuff" disabled=no list=myne
5. add address=172.16.253.0/24 comment="Home Network" disabled=no list=home
6.  
7. /ip firewall filter
8.  
9. add action=jump chain=input comment="Jump for icmp input flow" disabled=no jump-target=ICMP protocol=icmp
10. add action=jump chain=forward comment="Jump for icmp forward flow" disabled=no jump-target=ICMP protocol=icmp
11. add action=drop chain=forward comment="Drop to bogon list" disabled=no dst-address-list=bogons
12. add action=drop chain=input dst-port=53 in-interface=ether1-WAN protocol=udp
13. add action=accept chain=input comment="Accept DNS - UDP" disabled=no port=53 protocol=udp
14. add action=accept chain=input comment="Accept DNS - TCP" disabled=no port=53 protocol=tcp
15. add action=accept chain=input comment="Accept to established connections" connection-state=established\
16. disabled=no
17. add action=accept chain=forward comment="Accept to established connections" connection-state=established\
18. disabled=no
19. add action=accept chain=forward comment="Accept jabber connections" protocol=tcp dst-port=5222
20. add action=accept chain=forward comment="Accept plex connections" protocol=tcp dst-port=32443
21. add action=accept chain=input comment="Accept to related connections" connection-state=related disabled=no
22. add action=accept chain=forward comment="Allow all LAN outbound" disabled=no src-address-list=home dst-address=0.0.0.0/0
23. add action=accept chain=input comment="Allow all LAN to Firewall" disabled=no src-address-list=home dst-address=172.16.253.99/32
24. add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"\
25. disabled=yes
26. add action=drop chain=forward comment="Block DMZ to Home Subnet" disabled=no src-address-list=dmz dst-address-list=home
27. add action=drop chain=ICMP comment="Block DMZ to Home Subnet" disabled=no src-address-list=dmz dst-address-list=home
28. add action=drop chain=forward comment="Block DMZ to Miner Subnet" disabled=no src-address-list=dmz dst-address-list=myne
29. add action=drop chain=ICMP comment="Block DMZ to Miner Subnet" disabled=no src-address-list=dmz dst-address-list=myne
30. add action=drop chain=forward comment="Block Miner to Home Subnet" disabled=no src-address-list=myne dst-address-list=home
31. add action=drop chain=ICMP comment="Block Miner to Home Subnet" disabled=no src-address-list=myne dst-address-list=home
32. add action=drop chain=forward comment="Block Miner to DMZ Subnet" disabled=no src-address-list=myne dst-address-list=dmz
33. add action=drop chain=ICMP comment="Block Miner to DMZ Subnet" disabled=no src-address-list=myne dst-address-list=dmz
34. add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" disabled=no icmp-options=8:0 limit=1,5 protocol=icmp
35. add action=accept chain=ICMP comment="Echo reply" disabled=no icmp-options=0:0 protocol=icmp
36. add action=accept chain=ICMP comment="Time Exceeded" disabled=no icmp-options=11:0 protocol=icmp
37. add action=accept chain=ICMP comment="Destination unreachable" disabled=no icmp-options=3:0-1 protocol=icmp
38. add action=accept chain=ICMP comment=PMTUD disabled=no icmp-options=3:4 protocol=icmp
39. add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=no protocol=icmp
40. add action=jump chain=output comment="Jump for icmp output" disabled=no jump-target=ICMP protocol=icmp