0 ;;; accept established,related,untracked chain=input action=accept

1. 0 ;;; accept established,related,untracked
2. chain=input action=accept connection-state=established,related,untracked
3.  
4. 1 X ;;; accept WinBox
5. chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
6.  
7. 2 ;;; accept SSTP
8. chain=input action=accept protocol=tcp dst-port=443 log=no log-prefix=""
9.  
10. 3 ;;; accept GRE
11. chain=input action=accept protocol=gre log=no log-prefix=""
12.  
13. 4 ;;; drop invalid
14. chain=input action=drop connection-state=invalid
15.  
16. 5 ;;; accept ICMP
17. chain=input action=accept protocol=icmp
18.  
19. 6 ;;; accept to local loopback (for CAPsMAN)
20. chain=input action=accept dst-address=127.0.0.1
21.  
22. 7 ;;; drop all not coming from LAN
23. chain=input action=drop in-interface-list=!LAN
24.  
25. 8 ;;; accept in ipsec policy
26. chain=forward action=accept ipsec-policy=in,ipsec
27.  
28. 9 ;;; accept out ipsec policy
29. chain=forward action=accept ipsec-policy=out,ipsec
30.  
31. 10 X ;;; fasttrack
32. chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
33.  
34. 11 ;;; accept established,related, untracked
35. chain=forward action=accept connection-state=established,related,untracked
36.  
37. 12 ;;; drop invalid
38. chain=forward action=drop connection-state=invalid
39.  
40. 13 ;;; drop all from WAN not DSTNATed
41. chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interf
42.