Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall nat print
- Flags: X - disabled, I - invalid, D - dynamic
- 0 ;;; defconf: masquerade
- chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
- /ip firewall filter print
- Flags: X - disabled, I - invalid, D - dynamic
- 0 D ;;; special dummy rule to show fasttrack counters
- chain=forward action=passthrough
- 1 ;;; defconf: accept established,related,untracked
- chain=input action=accept connection-state=established,related,untracked
- 2 ;;; defconf: drop invalid
- chain=input action=drop connection-state=invalid
- 3 ;;; defconf: accept ICMP
- chain=input action=accept protocol=icmp
- 4 ;;; defconf: accept to local loopback (for CAPsMAN)
- chain=input action=accept dst-address=127.0.0.1
- 5 ;;; defconf: drop all not coming from LAN
- chain=input action=drop in-interface-list=!LAN
- 6 ;;; defconf: accept in ipsec policy
- chain=forward action=accept ipsec-policy=in,ipsec
- 7 ;;; defconf: accept out ipsec policy
- chain=forward action=accept ipsec-policy=out,ipsec
- 8 ;;; defconf: fasttrack
- chain=forward action=fasttrack-connection connection-state=established,related
- 9 ;;; defconf: accept established,related, untracked
- chain=forward action=accept connection-state=established,related,untracked
- 10 ;;; defconf: drop invalid
- chain=forward action=drop connection-state=invalid
- 11 ;;; defconf: drop all from WAN not DSTNATed
- chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement