API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 21st, 2019
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.50 KB | None | 0 0
raw download clone embed print report
  1.  may/21/2019 23:07:43 by RouterOS 6.44.2
  2. # software id = 0UI5-89S6
  3. #
  4. # model = RBD52G-5HacD2HnD
  5. # serial number = A6470A886355
  6. /ip firewall filter
  7. add action=accept chain=input disabled=yes
  8. add action=accept chain=forward disabled=yes
  9. add action=accept chain=input comment=\
  10.     "defconf: accept established,related,untracked" connection-state=\
  11.     established,related,untracked
  12. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  13.     invalid
  14. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  15. add action=accept chain=input dst-port=4500,500 protocol=udp
  16. add action=accept chain=input comment="input VPN IKEv2" dst-port=500,4500 port=\
  17.     "" protocol=tcp src-address-list=""
  18. add action=accept chain=input comment="input IPsec" protocol=ipsec-esp \
  19.     src-address-list=""
  20. add action=accept chain=input comment=\
  21.     "allow mikrotik web interface from internet" dst-port=8291 protocol=tcp \
  22.     src-address-list=""
  23. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
  24.     in-interface-list=!LAN
  25. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  26.     ipsec-policy=in,ipsec
  27. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  28.     ipsec-policy=out,ipsec
  29. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  30.     connection-mark=!ipsec connection-state=established,related
  31. add action=accept chain=forward comment=\
  32.     "defconf: accept established,related, untracked" connection-state=\
  33.     established,related,untracked
  34. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  35.     invalid
  36. add action=drop chain=forward comment=\
  37.     "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  38.     connection-state=new in-interface-list=WAN
  39. /ip firewall mangle
  40. add action=mark-connection chain=forward comment=" Mark  IPSec" ipsec-policy=\
  41.     out,ipsec new-connection-mark=ipsec
  42. add action=mark-connection chain=forward comment=" Mark  IPSec" ipsec-policy=\
  43.     in,ipsec new-connection-mark=ipsec
  44. add action=change-mss chain=forward new-mss=1300 out-interface=ipip-mb \
  45.     passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1301-65535
  46. /ip firewall nat
  47. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
  48.     out,none out-interface-list=WAN
  49. /ip firewall service-port
  50. set ftp disabled=yes
  51. set tftp disabled=yes
  52. set irc disabled=yes
  53. set h323 disabled=yes
  54. set sip disabled=yes
  55. set pptp disabled=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!