Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > interface bridge export
- # dec/08/2019 00:58:27 by RouterOS 6.45.1
- # software id = 7LRH-FRKN
- #
- # model = RBcAPL-2nD
- # serial number = BB220BF8088A
- /interface bridge
- add name=Wlan
- add admin-mac=C4:AD:34:1C:14:43 auto-mac=no comment=defconf name=bridge
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether1
- add bridge=Wlan comment=defconf interface=wlan1
- [admin@TeremuReki] > ip firewall export
- # dec/08/2019 00:59:42 by RouterOS 6.46
- # software id = 0R6B-73PL
- #
- # model = RB2011UiAS-2HnD
- # serial number = B9070A1E368D
- /ip firewall filter
- add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
- add action=drop chain=forward dst-address=10.0.0.1 out-interface=bridge_hs protocol=!udp
- add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
- add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
- add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
- add action=accept chain=input disabled=yes dst-port=8291 protocol=tcp src-port=""
- /ip firewall mangle
- add action=log chain=prerouting disabled=yes dst-address=0.0.0.0 dst-port=58290 log-prefix=dnat protocol=tcp
- /ip firewall nat
- add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
- add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none
- add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
- add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none
- add action=dst-nat chain=dstnat disabled=yes dst-port=58290 protocol=tcp to-ports=8921
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement