SergANT/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix some rules in config (replace _ to -)

Browse Source
This commit is contained in:
Sergei Bobkov
2025-05-25 15:53:35 +03:00
parent 36d8ab2e0e
commit 5589d546f9
9 changed files with 39 additions and 1275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mikrotik/base-config/README.md
View File

@@ -78,12 +78,13 @@ Please always check these options for base config new device:
`/ip firewall filter add action=drop chain=forward comment="deny FORWARD from outside -->> inside [ BOGON IP addresses ] FID=SERVICE-RULES" connection-state="" in-interface=ether1-outside src-address-list=all-bogon`<br/>
`/ip firewall filter add action=drop chain=forward comment="deny FORWARD from inside -->> outside [ BOGON IP addresses ] FID=SERVICE-RULES" connection-state="" dst-address-list=all-bogon out-interface=ether1-outside`<br/>
`/ip firewall filter add action=drop chain=forward comment="deny FORWARD from inside -->> outside FID=SERVICE-RULES FID=SERVICE-RULES" connection-nat-state=!dstnat connection-state=new in-interface=ether1-outside`<br/>
`/ip firewall filter add action=accept chain=input comment="allow INPUT from lo -->> ME " in-interface=lo`<br/>
<br/>
`/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset`<br/>
`/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable`<br/>
`/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""`<br/>
`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset`<br/>
`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new log-prefix=reject_fw_udp protocol=udp reject-with=icmp-port-unreachable`<br/>
`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable`<br/>
`/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""`<br/>
<br/>
6. For config bridge:<br/>