API tools faq
paste
Guest User

Untitled

a guest
Feb 19th, 2021
16
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.35 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall filter
  2. add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked
  3. add action=accept chain=input comment="accept WinBox" disabled=yes dst-port=8291 protocol=tcp
  4. add action=accept chain=input comment="accept SSTP" dst-port=443 protocol=tcp
  5. add action=accept chain=input comment="accept GRE" protocol=gre
  6. add action=drop chain=input comment="drop invalid" connection-state=invalid
  7. add action=accept chain=input comment="accept ICMP" protocol=icmp
  8. add action=accept chain=input comment="accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  9. add action=drop chain=input comment="drop all not coming from LAN" in-interface-list=!LAN
  10. add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
  11. add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
  12. add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related disabled=yes
  13. add action=accept chain=forward comment="accept established,related, untracked" connection-state=\
  14. established,related,untracked
  15. add action=drop chain=forward comment="drop invalid" connection-state=invalid
  16. add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
  17. in-interface-list=WAN
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!