SergANT/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix some rules in config (replace _ to -)

Browse Source
This commit is contained in:
Sergei Bobkov
2025-05-25 15:53:35 +03:00
parent 36d8ab2e0e
commit 5589d546f9
9 changed files with 39 additions and 1275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mikrotik/base-config/dc01-ccr01-terse.rsc
View File

@@ -90,9 +90,9 @@
/ip firewall filter add action=accept chain=forward comment="allow FORWARD from L2TP VPN MGM -->> ALL-INSIDE FID=admin-access-l2tp-vpn-en7gdnsq ADMIN-FID" connection-state=new dst-address-list=all-inside dst-port=22,80,443,5480,3389,8291 in-interface=sfp-sfpplus12 protocol=tcp src-address-list=admin-L2TP-VPN-mgm
/ip firewall filter add action=accept chain=forward comment="allow FORWARD from L2TP VPN MGM -->> ALL-DMZ FID=admin-access-l2tp-vpn-en7gdnsq ADMIN-FID" connection-state=new dst-address-list=all-dmz in-interface=sfp-sfpplus12 protocol=icmp src-address-list=admin-L2TP-VPN-mgm
/ip firewall filter add action=accept chain=forward comment="allow FORWARD from L2TP VPN MGM -->> ALL-DMZ FID=admin-access-l2tp-vpn-en7gdnsq ADMIN-FID" connection-state=new dst-address-list=all-dmz dst-port=22,80,443,5480,3389,8291 in-interface=sfp-sfpplus12 protocol=tcp src-address-list=admin-L2TP-VPN-mgm
/ip firewall filter add action=accept chain=allow_icmp_tcp_udp comment="Chain allow icmp_tcp_udp (allow all ICMP TCP UDP)" protocol=icmp
/ip firewall filter add action=accept chain=allow_icmp_tcp_udp comment="Chain allow icmp_tcp_udp (allow all ICMP TCP UDP)" protocol=tcp
/ip firewall filter add action=accept chain=allow_icmp_tcp_udp comment="Chain allow icmp_tcp_udp (allow all ICMP TCP UDP)" protocol=udp
/ip firewall filter add action=accept chain=allow-icmp-tcp-udp comment="Chain allow icmp-tcp-udp (allow all ICMP TCP UDP)" protocol=icmp
/ip firewall filter add action=accept chain=allow-icmp-tcp-udp comment="Chain allow icmp-tcp-udp (allow all ICMP TCP UDP)" protocol=tcp
/ip firewall filter add action=accept chain=allow-icmp-tcp-udp comment="Chain allow icmp-tcp-udp (allow all ICMP TCP UDP)" protocol=udp
/ip firewall filter add action=accept chain=allow-default-for-all protocol=icmp
/ip firewall filter add action=accept chain=allow-default-buh protocol=icmp
/ip firewall filter add action=accept chain=forward comment="allow FORWARD from INSIDE <--> TRANSPORT LINK <--> OUTSIDE (to dc01-gw01)" connection-state=new dst-address-list=!all-networks out-interface=sfp-sfpplus12 src-address-list=all-networks
@@ -103,8 +103,8 @@
/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> ME TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""
/ip firewall filter add action=jump chain=forward connection-state=new dst-address-list=inside-VLAN-0002 jump-target=allow_icmp_tcp_udp out-interface=VLAN-0002 src-address-list=allow-to-VLAN-0002-adm-ALL
/ip firewall filter add action=jump chain=forward connection-state=new dst-address-list=inside-VLAN-0002-dc01-vcsrv01-infr.comp.loc jump-target=allow_icmp_tcp_udp out-interface=VLAN-0002 src-address-list=allow-to-VLAN-0002-dc01-vcsrv01-infr.comp.loc-adm-ALL
/ip firewall filter add action=jump chain=forward connection-state=new dst-address-list=inside-VLAN-0002 jump-target=allow-icmp-tcp-udp out-interface=VLAN-0002 src-address-list=allow-to-VLAN-0002-adm-ALL
/ip firewall filter add action=jump chain=forward connection-state=new dst-address-list=inside-VLAN-0002-dc01-vcsrv01-infr.comp.loc jump-target=allow-icmp-tcp-udp out-interface=VLAN-0002 src-address-list=allow-to-VLAN-0002-dc01-vcsrv01-infr.comp.loc-adm-ALL
/ip firewall filter add action=accept chain=forward connection-state=new dst-address-list=inside-VLAN-0002-dc01-vcsrv01-infr.comp.loc out-interface=VLAN-0002 protocol=icmp src-address-list=allow-to-VLAN-0002-dc01-vcsrv01-infr.comp.loc-SSH
/ip firewall filter add action=accept chain=forward connection-state=new dst-address-list=inside-VLAN-0002-dc01-vcsrv01-infr.comp.loc dst-port=22 out-interface=VLAN-0002 protocol=tcp src-address-list=allow-to-VLAN-0002-dc01-vcsrv01-infr.comp.loc-SSH
/ip firewall filter add action=accept chain=forward connection-state=new dst-address-list=inside-VLAN-0002-dc01-vcsrv01-infr.comp.loc out-interface=VLAN-0002 protocol=icmp src-address-list=allow-to-VLAN-0002-dc01-vcsrv01-infr.comp.loc-HTTPs