Wróć do artykułów

Komendy z odcinka: podstawowa konfiguracja Mikrotika

Skrypt RouterOS 
/ip firewall filter

# INPUT CHAIN
add chain=input action=accept connection-state=established,related,untracked comment="accept established,related,untracked"
add chain=input action=drop connection-state=invalid comment="drop invalid"
add chain=input in-interface=ether1 action=accept protocol=icmp comment="accept ICMP"
add chain=input in-interface=ether1 action=drop comment="block everything else"

# FORWARD CHAIN
add chain=forward action=fasttrack-connection connection-state=established,related comment="fast-track for established,related"
add chain=forward action=accept connection-state=established,related comment="accept established,related"
add chain=forward action=drop connection-state=invalid
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 comment="drop access to clients behind NAT from WAN"