Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall filter
- add action=accept chain=input comment="default configuration" in-interface=pppoe-domru in-interface-list=WAN protocol=icmp
- add action=accept chain=forward comment="allow DSTNATed from WAN" connection-nat-state=dstnat connection-state=new \
- in-interface-list=WAN
- add action=accept chain=input connection-state=established,related in-interface-list=WAN
- add action=accept chain=forward connection-state=established,related in-interface-list=WAN
- add action=accept chain=forward in-interface-list=WAN src-address-list=pcdok-sc
- add action=accept chain=input in-interface-list=WAN protocol=tcp
- add action=drop chain=forward comment=Sip-Scan-Drop in-interface-list=WAN log-prefix=Sip-Scan-Drop src-address-list=\
- Sip-Scan
- add action=drop chain=forward in-interface-list=WAN src-address-list=ALL-Drop
- add action=add-src-to-address-list address-list=Sip-Scan address-list-timeout=none-dynamic chain=input dst-port=5061 \
- in-interface-list=WAN protocol=udp
- add action=add-src-to-address-list address-list=Sip-client address-list-timeout=none-dynamic chain=input dst-port=5060 \
- in-interface-list=WAN protocol=udp
- add action=add-src-to-address-list address-list=ssh-drop address-list-timeout=none-dynamic chain=input comment=ssh-drop \
- dst-port=21-23,80,443 in-interface-list=WAN protocol=tcp
- add action=drop chain=forward connection-state=invalid in-interface-list=WAN
- add action=drop chain=input connection-state=invalid in-interface-list=WAN
- add action=drop chain=forward comment="default configuration" connection-state=invalid
- add action=drop chain=input comment="default configuration" in-interface-list=WAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement