Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 0 ;;; Drop DNS
- chain=input action=drop protocol=tcp in-interface=DomRu dst-port=53 log=no log-prefix=""
- 1 chain=input action=drop protocol=udp in-interface=DomRu dst-port=53 log=no log-prefix=""
- 2 ;;; DDos
- chain=forward action=jump jump-target=Pre-DDoS connection-state=new in-interface=DomRu log=no log-prefix=""
- 3 chain=input action=jump jump-target=Pre-DDoS connection-state=new in-interface=DomRu
- 4 chain=forward action=drop connection-state=new src-address-list=ban-ddos
- 5 chain=input action=drop connection-state=new src-address-list=ban-ddos
- 6 chain=Pre-DDoS action=return dst-limit=32,32,src-address/10s
- 7 chain=Pre-DDoS action=add-src-to-address-list address-list=ban-ddos address-list-timeout=2w1d
- 8 ;;; Port scanners to list
- chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 9 ;;; NMAP FIN Stealth scan
- chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 10 ;;; SYN/FIN scan
- chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 11 ;;; SYN/RST scan
- chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 12 ;;; FIN/PSH/URG scan
- chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 13 ;;; ALL/ALL scan
- chain=input action=add-src-to-address-list tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 14 ;;; NMAP NULL scan
- chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port_scanners address-list-timeout=2w1d log=no log-prefix=""
- 15 ;;; Dropping port scanners
- chain=input action=drop src-address-list=port_scanners log=no log-prefix=""
- 16 ;;; IPsec l2tp
- chain=input action=accept protocol=udp port=1701,500,4500 log=no log-prefix=""
- 17 chain=input action=accept protocol=ipsec-esp
- 18 ;;; Allow established related connections
- chain=input action=accept connection-state=established,related log=no log-prefix=""
- 19 ;;; Drop invalid connections
- chain=input action=drop connection-state=invalid log=no log-prefix=""
- 20 ;;; Allow address to lan
- chain=input action=accept src-address-list=allow-ip in-interface=!DomRu log=no log-prefix=""
- 21 ;;; Accept ICMP
- chain=input action=accept protocol=icmp in-interface=DomRu log=no log-prefix=""
- 22 ;;; Accept Winbox
- chain=input action=accept protocol=tcp src-address-list=allow-ip in-interface=!DomRu dst-port=8291 log=no log-prefix=""
- 23 ;;; Accept everything to internet
- chain=output action=accept out-interface=DomRu log=no log-prefix=""
- 24 ;;; Accept everything to non internet
- chain=output action=accept out-interface=!DomRu log=no log-prefix=""
- 25 ;;; Accept everything
- chain=output action=accept log=no log-prefix=""
- 26 ;;; Allow established related connections
- chain=forward action=accept connection-state=established,related log=no log-prefix=""
- 27 ;;; Drop invalid connections
- chain=forward action=drop connection-state=invalid log=no log-prefix=""
- 28 ;;; Accept ICMP
- chain=forward action=accept protocol=icmp log=no log-prefix=""
- 29 ;;; Accept from local to internet
- chain=forward action=accept in-interface=!DomRu out-interface=DomRu log=no log-prefix=""
- 30 ;;; Drop everything else
- chain=forward action=drop log=no log-prefix=""
- 31 ;;; Drop everything else
- chain=input action=drop in-interface=DomRu log=no log-prefix=""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
