Mikrotik wAP LTE kit firewall

1. /ip firewall nat print
2. Flags: X - disabled, I - invalid, D - dynamic
3. 0 ;;; defconf: masquerade
4. chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
5.  
6. /ip firewall filter print
7. Flags: X - disabled, I - invalid, D - dynamic
8. 0 D ;;; special dummy rule to show fasttrack counters
9. chain=forward action=passthrough
10.  
11. 1 ;;; defconf: accept established,related,untracked
12. chain=input action=accept connection-state=established,related,untracked
13.  
14. 2 ;;; defconf: drop invalid
15. chain=input action=drop connection-state=invalid
16.  
17. 3 ;;; defconf: accept ICMP
18. chain=input action=accept protocol=icmp
19.  
20. 4 ;;; defconf: accept to local loopback (for CAPsMAN)
21. chain=input action=accept dst-address=127.0.0.1
22.  
23. 5 ;;; defconf: drop all not coming from LAN
24. chain=input action=drop in-interface-list=!LAN
25.  
26. 6 ;;; defconf: accept in ipsec policy
27. chain=forward action=accept ipsec-policy=in,ipsec
28.  
29. 7 ;;; defconf: accept out ipsec policy
30. chain=forward action=accept ipsec-policy=out,ipsec
31.  
32. 8 ;;; defconf: fasttrack
33. chain=forward action=fasttrack-connection connection-state=established,related
34.  
35. 9 ;;; defconf: accept established,related, untracked
36. chain=forward action=accept connection-state=established,related,untracked
37.  
38. 10 ;;; defconf: drop invalid
39. chain=forward action=drop connection-state=invalid
40.  
41. 11 ;;; defconf: drop all from WAN not DSTNATed
42. chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN