API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 11th, 2019
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. ```ngnix[Blindside@RB4011] /ip firewall filter> print
  2. Flags: X - disabled, I - invalid, D - dynamic
  3. 0 D ;;; special dummy rule to show fasttrack counters
  4. chain=forward action=passthrough
  5. 1 chain=forward action=accept protocol=icmp
  6. 2 ;;; defconf: accept established,related,untracked
  7. chain=input action=accept connection-state=established,related,untracked
  8. 3 ;;; defconf: drop invalid
  9. chain=input action=drop connection-state=invalid
  10. 4 ;;; RouterAccess
  11. chain=input action=accept protocol=tcp src-address-list=InternalSubnet
  12. dst-port=8291,1111,1112,1113,1118 log=no log-prefix=""
  13. 5 ;;; defconf: accept ICMP
  14. chain=input action=accept protocol=icmp
  15. 6 ;;; defconf: drop all not coming from LAN
  16. chain=input action=drop in-interface-list=!LAN
  17. 7 ;;; defconf: accept in ipsec policy
  18. chain=forward action=accept ipsec-policy=in,ipsec
  19. 8 ;;; defconf: accept out ipsec policy
  20. chain=forward action=accept ipsec-policy=out,ipsec
  21. 9 ;;; defconf: fasttrack
  22. chain=forward action=fasttrack-connection
  23. connection-state=established,related
  24. 10 ;;; defconf: accept established,related, untracked
  25. chain=forward action=accept
  26. connection-state=established,related,untracked
  27. 11 ;;; defconf: drop invalid
  28. chain=forward action=drop connection-state=invalid
  29. 12 ;;; defconf: drop all from WAN not DSTNATed
  30. chain=forward action=drop connection-state=new
  31. connection-nat-state=!dstnat in-interface-list=WAN
  32. 13 ;;; defconf: accept established,related
  33. chain=forward action=accept connection-state=established,related
  34. 14 ;;; defconf: drop invalid
  35. chain=forward action=drop connection-state=invalid
  36. 15 chain=input action=accept protocol=udp port=69
  37. 16 chain=forward action=accept protocol=udp port=69
  38. 17 ;;; defconf: drop all from WAN not DSTNATed
  39. chain=forward action=drop connection-state=new
  40. connection-nat-state=!dstnat in-interface=ether1
  41. 18 ;;; Drop to bogon list
  42. chain=forward action=drop dst-address-list=Bogons
  43. 19 chain=input action=accept connection-state=established
  44. 20 chain=input action=accept connection-state=related
  45. 21 chain=input action=drop in-interface=ether1
  46. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!