Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall address-list
- add address=45.63.18.43 list=SITES-LIBERADOS
- add address=208.67.222.222 list=SITES-LIBERADOS
- add address=208.67.222.220 list=SITES-LIBERADOS
- add address=8.8.8.8 list=SITES-LIBERADOS
- add address=8.8.4.4 list=SITES-LIBERADOS
- add address=1.1.1.1 list=SITES-LIBERADOS
- add address=172.16.100.2 list=SITES-LIBERADOS
- add address=172.16.150.2 list=SITES-LIBERADOS
- add address=10.24.0.0/22 list=BLOQUEADOS
- /ip firewall filter
- add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
- /ip firewall nat
- add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
- BLOQUEADOS
- add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
- !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
- src-address-list=BLOQUEADOS to-addresses=45.63.18.43 to-ports=6403
- add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
- BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=45.63.18.43 \
- to-ports=6402
- # Aviso bloqueio
- /ip firewall mangle
- add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
- action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
- add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
- action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
- /ip firewall filter
- add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
- address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=45.63.18.43 dst-port=6402 protocol=tcp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
