bugfix reject-with

mikrotik/base-config/README.md

@@ -86,7 +86,7 @@ Please always check these options for base config new device:
 `/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable`<br/>
 `/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""`<br/>
 `/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset`<br/>
-`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable`<br/>
+`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable`<br/>
 `/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""`<br/>
 <br/>
 6. For config bridge:<br/>

mikrotik/base-config/dc01-emer01-terse.rsc

@@ -62,7 +62,7 @@
 /ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
 /ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""
 /ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
-/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable
+/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
 /ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""
 /ip hotspot profile set [ find default=yes ] html-directory=hotspot
 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=11.11.11.121 routing-table=main suppress-hw-offload=no

mikrotik/base-config/dc01-gw01-terse.rsc

@@ -133,7 +133,7 @@
 /ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
 /ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""
 /ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
-/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable
+/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
 /ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""
 /ip firewall nat add action=src-nat chain=srcnat comment="EXAMPLE !!! SNAT from inside all networks (outside IP = 11.11.11.122)" dst-address-list=!all-networks out-interface=ether1-outside src-address-list=all-networks to-addresses=11.11.11.122
 /ip firewall nat add action=src-nat chain=srcnat comment="EXAMPLE !!! SNAT from inside mail systems for SPF rec TCP 25,465 (outside IP = 22.22.22.125) " disabled=yes dst-port=25,465 out-interface=ether1-outside protocol=tcp src-address=10.91.3.11 to-addresses=22.22.22.123