Default-Firewall-Filter

1. /ip firewall filter
2. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
3. add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291 protocol=tcp
4. add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291 protocol=udp
5. add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
6. add action=drop chain=input comment="defconf: drop all from WAN" in-interface="pppoe-out1"
7. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
8. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
9. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface="pppoe-out1"