API tools faq
paste
unps

RB1100

unps
Jan 13th, 2020
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.32 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall filter
  2. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
  3. established,related,untracked
  4. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log-prefix=B1_
  5. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  6. add action=accept chain=input in-interface-list=WAN log-prefix=Input_VPN protocol=udp src-port=1701,500,4500
  7. add action=accept chain=input protocol=ipsec-esp
  8. add action=drop chain=input comment="drop all not coming from LAN" in-interface-list=!LAN ipsec-policy=in,none \
  9. log-prefix=B2_
  10. add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  11. add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  12. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
  13. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
  14. established,related,untracked
  15. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log-prefix=B3_
  16. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  17. connection-state=new in-interface-list=WAN
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!