daily pastebin goal
38%
SHARE
TWEET

ipv4_firewall

Proff_Ust Jun 13th, 2018 69 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [admin@p00router01] > ip firewall filter export
  2. # jun/13/2018 19:56:18 by RouterOS 6.42.3
  3. # software id = ZJ3M-ESHW
  4. #
  5. #
  6. #
  7. /ip firewall filter
  8. add action=drop chain=forward comment="drop invalid" connection-state=invalid
  9. add action=accept chain=forward comment="accept estableshed and related" connection-state=established,related
  10. add action=accept chain=forward comment="allow access from user's network(Routers)" connection-state=new in-interface=uplink src-address-list=User_Router
  11. add action=accept chain=forward comment="allow access from user's network(Simple)" connection-state=new in-interface=uplink src-address-list=users_new
  12. add action=accept chain=forward comment="Reserved Address" connection-state=new in-interface=uplink src-address=192.168.77.66
  13. add action=accept chain=forward comment="int net" connection-state=new in-interface=mgm
  14. add action=accept chain=forward comment="IntNet NAT" dst-address=172.16.10.0/24
  15. add action=accept chain=forward comment="IntNet NAT" dst-address=192.168.77.0/24
  16. add action=accept chain=forward dst-port=53 log-prefix=acc_forw_udp protocol=udp
  17. add action=drop chain=forward comment="all other drop" log-prefix=ipv4_drop_fwd
  18. add action=drop chain=input comment="Drop invalid connection packets" connection-state=invalid
  19. add action=accept chain=input comment="Allow established and related connections" connection-state=established,related log-prefix=inp_est
  20. add action=accept chain=input comment=SNMP dst-port=161 protocol=udp
  21. add action=accept chain=input comment="allow acces from users net" connection-state=new in-interface=uplink log-prefix=INP_USR src-address=192.168.77.0/24
  22. add action=accept chain=input protocol=ipv6
  23. add action=accept chain=input comment="allow acces from users net" connection-state=new log-prefix=INP_UDP src-address=172.16.10.0/24
  24. add action=accept chain=input comment="allow http access from internet" connection-state=new in-interface=freedom-one log-prefix=http_in port=81 protocol=tcp
  25. add action=accept chain=input comment="allow winbox access from Internet" connection-state=new in-interface=freedom-one port=8291 protocol=tcp
  26. add action=accept chain=input comment="allow API from internet" connection-state=new in-interface=freedom-one port=8728 protocol=tcp
  27. add action=accept chain=input comment="Allow ICMP Ping" protocol=icmp
  28. add action=accept chain=input comment="Input for administration from pptp" src-address=192.168.99.0/24
  29. add action=drop chain=input comment="All other inputs drop" log-prefix=drop_inp
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top