Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall address-list
- add address=192.168.11.0/24 list=homenet
- add address=192.168.0.0/24 list=homenet
- add address=192.168.88.0/24 list=homenet
- add address=78.107.7.82 disabled=yes list=excludenet
- add address=192.168.88.0/24 list=excludenet
- add address=192.168.0.0/24 list=excludenet
- add address=192.168.11.0/24 list=excludenet
- /ip firewall filter
- add action=accept chain=input comment=SSH dst-port=22 in-interface=beeline protocol=tcp
- add action=accept chain=input comment=WWW dst-address=78.107.7.82 dst-port=80 in-interface=beeline protocol=tcp
- add action=accept chain=input dst-address=78.107.7.82 dst-port=443 in-interface=beeline protocol=tcp
- add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=WWW dst-address=78.107.7.82 dst-port=80 in-interface=beeline protocol=tcp \
- to-addresses=192.168.11.10 to-ports=80
- add action=dst-nat chain=dstnat dst-address=78.107.7.82 dst-port=80 in-interface=bridge protocol=tcp src-address=\
- 192.168.11.0/24 to-addresses=192.168.11.10 to-ports=80
- add action=src-nat chain=srcnat dst-address=192.168.11.10 dst-port=80 out-interface=bridge protocol=tcp to-addresses=\
- 78.107.7.82
- add action=dst-nat chain=dstnat dst-address=78.107.7.82 dst-port=443 in-interface=beeline protocol=tcp to-addresses=\
- 192.168.11.10 to-ports=443
- add action=dst-nat chain=dstnat dst-address=78.107.7.82 dst-port=443 in-interface=bridge protocol=tcp src-address=\
- 192.168.11.0/24 to-addresses=192.168.11.10 to-ports=443
- add action=src-nat chain=srcnat dst-address=192.168.11.10 dst-port=443 out-interface=bridge protocol=tcp to-addresses=\
- 78.107.7.82
- add action=src-nat chain=srcnat comment="defconf: masquerade" dst-address-list=!excludenet out-interface=beeline \
- src-address=192.168.11.0/24 to-addresses=78.107.7.82
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement