Сообщество IT-специалистов
Ответы на любые вопросы об IT
Профессиональное развитие в IT
Удаленная работа для IT-специалистов
/ip firewall filter add action=accept chain=input comment=\ "Allow all established/related connections, input/forward" \ connection-state=established,related add action=accept chain=forward connection-state=established,related add action=accept chain=forward comment=\ "Accept traffic from VLAN subnets to WAN" out-interface=wan add action=accept chain=forward comment=\ "Accept traffic from subnet 192.168.0.17 to subnet 10.10.10.0" \ dst-address=10.10.10.0/24 src-address=192.168.0.17 add action=drop chain=input comment="Drop invalid connections input/forward" \ connection-state=invalid add action=drop chain=forward connection-state=invalid add action=drop chain=input comment="Drop traffic from WAN connections input" \ in-interface=wan log-prefix=2 add action=drop chain=input comment="DROP DNS FLOOD" dst-port=53 protocol=udp add action=drop chain=forward dst-port=53 protocol=udp add action=drop chain=input comment="DROP WINBOX CONNECT WAN" dst-port=8291 \ in-interface=wan protocol=tcp add action=drop chain=input comment="DROP ICMP" in-interface=wan protocol=\ icmp add action=drop chain=forward in-interface=wan protocol=icmp add action=drop chain=forward comment="DROP TO MAC" disabled=yes \ src-mac-address=74:46:A0:77:B4:E3 add action=drop chain=forward comment="Drop traffic from subnet 10.10.0.0/16" \ dst-address=10.10.0.0/16