here is my configs
/ip firewall address-list
add address=172.16.0.0/12 comment="" disabled=no list=illegal-addr
add address=192.168.0.0/16 comment="" disabled=no list=illegal-addr
add address=192.168.0.0/16 comment="" disabled=no list=illegal-addr
add address=172.16.0.0/12 comment="" disabled=no list=illegal-addr
add address=169.254.0.0/16 comment="" disabled=no list=illegal-addr
add address=223.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=198.18.0.0/15 comment="" disabled=no list=illegal-addr
add address=192.0.2.0/24 comment="" disabled=no list=illegal-addr
add address=185.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=180.0.0.0/6 comment="" disabled=no list=illegal-addr
add address=179.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=176.0.0.0/7 comment="" disabled=no list=illegal-addr
add address=175.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=104.0.0.0/6 comment="" disabled=no list=illegal-addr
add address=100.0.0.0/6 comment="" disabled=no list=illegal-addr
add address=49.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=46.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=42.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=39.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=36.0.0.0/7 comment="" disabled=no list=illegal-addr
add address=31.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=27.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=23.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=14.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=5.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=2.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=128.0.0.0/16 comment="" disabled=no list=illegal-addr
add address=192.168.2.0/24 comment="" disabled=no list=illegal-addr
add address=10.5.50.0/24 comment="" disabled=no list=illegal-addr
add address=72.233.96.254 comment="" disabled=no list=black_list
add address=41.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=80.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=62.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=163.121.170.209 comment="" disabled=no list=illegal-addr
add address=50.16.0.0/14 comment="" disabled=no list=black_list
add address=184.72.0.0/15 comment="" disabled=no list=black_list
add address=89.178.0.0/15 comment="" disabled=no list=black_list
add address=94.198.224.0/21 comment="" disabled=no list=black_list
add address=91.148.128.0/18 comment="" disabled=no list=black_list
add address=67.215.64.0/19 comment="" disabled=no list=black_list
add address=209.51.128.0/19 comment="" disabled=no list=black_list
add address=62.0.0.0/8 comment="" disabled=no list=black_list
add address=41.0.0.0/8 comment="" disabled=no list=black_list
add address=169.254.0.0/16 comment="" disabled=no list=illegal-addr
add address=195.0.0.0/8 comment="" disabled=no list=black_list
add address=213.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=208.94.0.0/22 comment="" disabled=no list=illegal-addr
add address=87.0.0.0/8 comment="" disabled=no list=black_list
add address=178.0.0.0/8 comment="" disabled=no list=black_list
add address=208.94.0.0/22 comment="" disabled=no list=black_list
add address=67.228.0.0/16 comment="" disabled=no list=illegal-addr
add address=67.228.0.0/16 comment="" disabled=no list=black_list
add address=64.62.128.0/17 comment="" disabled=no list=black_list
add address=64.62.128.0/17 comment="" disabled=no list=illegal-addr
add address=174.132.0.0/15 comment="" disabled=no list=black_list
add address=174.132.0.0/15 comment="" disabled=no list=illegal-addr
add address=87.0.0.0/8 comment="" disabled=no list=black_list
add address=87.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=67.215.64.0/19 comment="" disabled=no list=black_list
add address=195.0.0.0/8 comment="" disabled=no list=black_list
add address=67.215.65.132 comment="" disabled=no list=black_list
add address=67.215.65.132 comment="" disabled=no list=black_list
add address=38.0.0.0/8 comment="" disabled=no list=black_list
add address=41.232.144.8 comment="" disabled=no list=black_list
add address=78.140.128.0/18 comment="" disabled=no list=black_list
add address=78.140.128.0/18 comment="" disabled=no list=illegal-addr
add address=74.0.0.0/8 comment="" disabled=no list=black_list
add address=74.0.0.0/8 comment="" disabled=no list=illegal-addr
add address=112.175.243.22 comment="" disabled=no list=black_list
add address=112.175.243.22 comment="" disabled=no list="port scanners"
add address=41.234.147.214 comment="" disabled=no list=black_list
add address=41.234.147.214 comment="" disabled=no list="port scanners"
add address=255.255.255.255 comment="" disabled=no list=illegal-addr
add address=255.255.255.255 comment="" disabled=no list=black_list
add address=255.255.255.255 comment="" disabled=no list="port scanners"
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=yes \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=no
add action=drop chain=forward comment="" disabled=no icmp-options=8:0 \
protocol=icmp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=forward comment="Drop all P2P" disabled=no p2p=all-p2p
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid disabled=no
add action=drop chain=input comment="limit total http connections to 100" \
connection-limit=100,0 disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment="suppress DoS attack from 1 IP" \
connection-limit=2,32 disabled=no protocol=tcp src-address-list=\
black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d chain=input comment="detect DoS attack 1 IP" \
connection-limit=10,24 disabled=no protocol=tcp
add action=jump chain=input comment="!!! Check for well-known viruses !!!" \
disabled=no jump-target=virus
add action=drop chain=input comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=input comment="Telnet for demo purposes" disabled=no \
dst-port=23 protocol=tcp
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid disabled=no
add action=jump chain=forward comment="!!! Check for well-known viruses !!!" \
disabled=no jump-target=virus
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no dst-port=65506 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no \
src-address-list="port scanners"
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="FIN/PSH/URG scan" \
disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=forward comment="NMAP NULL scan" disabled=\
no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
protocol=tcp
add action=drop chain=forward comment=Worm.NetSky.Y@mm disabled=no dst-port=\
82 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-1 disabled=no \
dst-port=113 protocol=tcp
add action=drop chain=forward comment=W33.Korgo.A/B/C/D/E/F-2 disabled=no \
dst-port=2041 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-3 disabled=no \
dst-port=3067 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-4 disabled=yes \
dst-port=6667 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-5 disabled=no \
dst-port=445 protocol=tcp
add action=drop chain=forward comment=Backdoor.Nibu.B-1 disabled=no dst-port=\
1000-1001 protocol=tcp
add action=drop chain=forward comment=Backdoor.Nibu.B-2 disabled=no dst-port=\
2283 protocol=tcp
add action=drop chain=forward comment=Backdoor.IRC.Aladinz.R-1 disabled=no \
dst-port=3422 protocol=tcp
add action=drop chain=forward comment=Backdoor.IRC.Aladinz.R-2 disabled=no \
dst-port=43958 protocol=tcp
add action=drop chain=forward comment=W32.Dabber.A/B-1 disabled=no dst-port=\
5554 protocol=tcp
add action=drop chain=forward comment=W32.Dabber.A/B-2 disabled=no dst-port=\
8967 protocol=tcp
add action=drop chain=forward comment=Worm.NetSky.S/T/U@mm disabled=no \
dst-port=6789 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-1 disabled=no \
dst-port=8787 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-2 disabled=no \
dst-port=8879 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-3 disabled=no \
dst-port=31666 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-5 disabled=no \
dst-port=54320-54321 protocol=tcp
add action=drop chain=forward comment=Block.NetBus.Trojan-1 disabled=no \
dst-port=12345-12346 protocol=tcp
add action=drop chain=forward comment=Block.NetBus.Trojan-2 disabled=no \
dst-port=20034 protocol=tcp
add action=drop chain=forward comment=GirlFriend.Trojan-1 disabled=no \
dst-port=21554 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-1 disabled=no \
dst-port=41 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-2 disabled=no \
dst-port=3150 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-3 disabled=no \
dst-port=999 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-4 disabled=no \
dst-port=6670 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-5 disabled=no \
dst-port=6771 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-6 disabled=no \
dst-port=60000 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-7 disabled=no \
dst-port=2140 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-1 disabled=no \
dst-port=10067 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-2 disabled=no \
dst-port=10167 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-3 disabled=no \
dst-port=3700 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-4 disabled=no \
dst-port=9872-9875 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-1 disabled=no \
dst-port=6883 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-2 disabled=no \
dst-port=26274 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-3 disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-4 disabled=no \
dst-port=47262 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-1 disabled=no dst-port=\
3791 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-2 disabled=no dst-port=\
3801 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-3 disabled=no dst-port=\
65390 protocol=tcp
add action=drop chain=forward comment=Y3K.RAT.Trojan-1 disabled=no dst-port=\
5880-5882 protocol=tcp
add action=drop chain=forward comment=Y3K.RAT.Trojan-2 disabled=no dst-port=\
5888-5889 protocol=tcp
add action=drop chain=forward comment=NetSphere.Trojan-1 disabled=no \
dst-port=30100-30103 protocol=tcp
add action=drop chain=forward comment=NetSphere.Trojan-2 disabled=no \
dst-port=30133 protocol=tcp
add action=drop chain=forward comment=NetMonitor.Trojan-1 disabled=no \
dst-port=7300-7301 protocol=tcp
add action=drop chain=forward comment=NetMonitor.Trojan-2 disabled=no \
dst-port=7306-7308 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-1 disabled=no \
dst-port=79 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-2 disabled=no \
dst-port=5031 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-3 disabled=no \
dst-port=5321 protocol=tcp
add action=drop chain=forward comment=TheThing.Trojan-1 disabled=no dst-port=\
6400 protocol=tcp
add action=drop chain=forward comment=GateCrasher.Trojan-1 disabled=no \
dst-port=1047 protocol=tcp
add action=drop chain=forward comment=GateCrasher.Trojan-2 disabled=no \
dst-port=6969-6970 protocol=tcp
add action=drop chain=forward comment=SubSeven-1 disabled=no dst-port=2774 \
protocol=tcp
add action=drop chain=forward comment=SubSeven-2 disabled=no dst-port=27374 \
protocol=tcp
add action=drop chain=forward comment=SubSeven-3 disabled=no dst-port=1243 \
protocol=tcp
add action=drop chain=forward comment=SubSeven-4 disabled=no dst-port=1234 \
protocol=tcp
add action=drop chain=forward comment=SubSeven-5 disabled=no dst-port=\
6711-6713 protocol=tcp
add action=drop chain=forward comment=SubSeven-7 disabled=no dst-port=16959 \
protocol=tcp
add action=drop chain=forward comment=Moonpie.Trojan-1 disabled=no dst-port=\
25685-25686 protocol=tcp
add action=drop chain=forward comment=Moonpie.Trojan-2 disabled=no dst-port=\
25982 protocol=tcp
add action=drop chain=forward comment=NetSpy.Trojan-1 disabled=no dst-port=\
1024-1030 protocol=tcp
add action=drop chain=forward comment=NetSpy.Trojan-2 disabled=no dst-port=\
1033 protocol=tcp
add action=drop chain=forward comment=\
NetSpy.Trojan-3Back.Orifice.2000.Trojan-4 disabled=no dst-port=\
31337-31339 protocol=tcp
add action=drop chain=forward comment=Trojan disabled=no dst-port=8102 \
protocol=tcp
add action=drop chain=forward comment=Netspy3.0Trojan disabled=no dst-port=\
7306 protocol=tcp
add action=drop chain=forward comment=Trojan.BingHe disabled=no dst-port=7626 \
protocol=tcp
add action=drop chain=forward comment=WAY.Trojan disabled=no dst-port=8011 \
protocol=tcp
add action=drop chain=forward comment=Trojan.NianSeHoYian disabled=no \
dst-port=19191 protocol=tcp
add action=drop chain=forward comment=NetBull.Trojan disabled=no dst-port=\
23444-23445 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-1 disabled=no dst-port=\
2583 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-2 disabled=no dst-port=\
3024 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-3 disabled=no dst-port=\
4092 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-4 disabled=no dst-port=\
5714 protocol=tcp
add action=drop chain=forward comment=Doly1.0/1.35/1.5trojan-1 disabled=no \
dst-port=1010-1012 protocol=tcp
add action=drop chain=forward comment=Doly1.0/1.35/1.5trojan-2 disabled=no \
dst-port=1015 protocol=tcp
add action=drop chain=forward comment=TransScout.Trojan-2 disabled=no \
dst-port=9878 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI..Trojan-1 disabled=no \
dst-port=2773 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI.Trojan-2 disabled=no \
dst-port=7215 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI.Trojan-3 disabled=no \
dst-port=54283 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-1 disabled=no dst-port=\
1003 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-2 disabled=no dst-port=\
5598 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-3 disabled=no dst-port=\
5698 protocol=tcp
add action=drop chain=forward comment=PrayerTrojan-1 disabled=no dst-port=\
2716 protocol=tcp
add action=drop chain=forward comment=PrayerTrojan-2 disabled=no dst-port=\
9999 protocol=tcp
add action=drop chain=forward comment=SchwindlerTrojan-1 disabled=no \
dst-port=21544 protocol=tcp
add action=drop chain=forward comment=SchwindlerTrojan-2 disabled=no \
dst-port=31554 protocol=tcp
add action=drop chain=forward comment=Shaft.DDoS.Trojan-1 disabled=no \
dst-port=18753 protocol=tcp
add action=drop chain=forward comment=Shaft.DDoS.Trojan-2 disabled=no \
dst-port=20432 protocol=tcp
add action=drop chain=forward comment=Devil.DDoS.Trojan disabled=no dst-port=\
65000 protocol=tcp
add action=drop chain=forward comment=LatinusTrojan-1 disabled=no dst-port=\
11831 protocol=tcp
add action=drop chain=forward comment=LatinusTrojan-2 disabled=no dst-port=\
29559 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-1 disabled=no dst-port=\
1784 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-2 disabled=no dst-port=\
3586 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-3 disabled=no dst-port=\
7609 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-1 disabled=no dst-port=\
12348-12349 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-2 disabled=no dst-port=\
12478 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-3 disabled=no dst-port=\
57922 protocol=tcp
add action=drop chain=forward comment=Worm.Novarg.a.Mydoom.a.-1 disabled=no \
dst-port=3127-3198 protocol=tcp
add action=drop chain=forward comment=Worm.MsBlaster-1 disabled=no dst-port=\
4444 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.a.Bagle.a. disabled=no \
dst-port=6777 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.b disabled=no dst-port=\
8866 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.c-g/j-l disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.p/q/r/n disabled=no \
dst-port=2556 protocol=tcp
add action=drop chain=forward comment=Worm.BBEagle.m-2 disabled=no dst-port=\
20742 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.s/t/u/v disabled=no \
dst-port=4751 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.aa/ab/w/x-z-2 disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=forward comment=Worm.LovGate.r.RpcExploit disabled=no \
dst-port=5238 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.b/c/f disabled=no dst-port=\
5554 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.b/c/f disabled=no dst-port=\
9996 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.d disabled=no dst-port=9995 \
protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.a/b/c/d disabled=no \
dst-port=10168 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.v.QQ disabled=no dst-port=\
20808 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.f/g disabled=no dst-port=\
1092 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.f/g disabled=no dst-port=\
20168 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=593 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=1214 protocol=\
tcp
add action=drop chain=forward comment=ndm.requester disabled=no dst-port=\
1363-1364 protocol=tcp
add action=drop chain=forward comment=screen.cast disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=forward comment=hromgrafx disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=forward comment=cichlid disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=forward comment=Backdoor.OptixPro disabled=no dst-port=\
3410 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=135-139 \
protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-6 disabled=no \
dst-port=8787 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-7 disabled=no \
dst-port=8879 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-8 disabled=no \
dst-port=31666 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-9 disabled=no \
dst-port=31337-31338 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-10 disabled=no \
dst-port=54320-54321 protocol=udp
add action=drop chain=forward comment=Block.NetBus.Trojan-3 disabled=no \
dst-port=12345-12346 protocol=udp
add action=drop chain=forward comment=Block.NetBus.Trojan-4 disabled=no \
dst-port=20034 protocol=udp
add action=drop chain=forward comment=GirlFriend.Trojan-2 disabled=no \
dst-port=21554 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-8 disabled=no \
dst-port=41 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-9 disabled=no \
dst-port=3150 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-10 disabled=no \
dst-port=999 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-11 disabled=no \
dst-port=6670 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-12 disabled=no \
dst-port=6771 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-13 disabled=no \
dst-port=60000 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-5 disabled=no \
dst-port=10067 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-6 disabled=no \
dst-port=10167 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-7 disabled=no \
dst-port=3700 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-8 disabled=no \
dst-port=9872-9875 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-5 disabled=no \
dst-port=6883 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-6 disabled=no \
dst-port=26274 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-7 disabled=no \
dst-port=44444 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-8 disabled=no \
dst-port=47262 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-1 disabled=no dst-port=\
3791 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-2 disabled=no dst-port=\
3801 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-3 disabled=no dst-port=\
5880-5882 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-4 disabled=no dst-port=\
5888-5889 protocol=udp
add action=drop chain=forward comment=Trin00.DDoS.Trojan-1 disabled=no \
dst-port=34555 protocol=udp
add action=drop chain=forward comment=Trin00.DDoS.Trojan-2 disabled=no \
dst-port=35555 protocol=udp
add action=drop chain=forward comment=NetSpy.DK.Trojan-1 disabled=no \
dst-port=31338 protocol=udp
add action=drop chain=forward comment=Worm.MsBlaster-2 disabled=no dst-port=\
69 protocol=udp
add action=drop chain=forward comment=Worm.Sobig.f-2 disabled=no dst-port=\
995-999 protocol=udp
add action=drop chain=forward comment=Worm.Sobig.f-3 disabled=no dst-port=\
8998 protocol=udp
add action=drop chain=forward comment="LIMIT USER CONECTION TO 25" \
connection-limit=25,24 disabled=yes protocol=tcp src-address=10.0.0.0/24
add action=drop chain=output comment="" disabled=no src-address=127.0.0.1
add action=accept chain=input comment="" disabled=no dst-address=224.0.0.0/4 \
dst-port=1234 protocol=udp
add action=accept chain=input comment="" disabled=no protocol=igmp
add action=accept chain=forward comment="" disabled=no dst-address=\
224.0.0.0/4 dst-port=1234 protocol=udp
add action=drop chain=forward comment="" disabled=no src-address=127.0.0.1
add action=drop chain=input comment="" disabled=no src-address=127.0.0.1
add action=drop chain=virus comment=WinCrash disabled=no dst-port=3024 \
protocol=tcp
add action=drop chain=virus comment=Block.NetBus.Trojan-2 disabled=no \
dst-port=20034 protocol=tcp
add action=drop chain=forward comment="block bifrost" disabled=no dst-port=81 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=81 protocol=tcp
add action=drop chain=virus comment="block Poison Ivy" disabled=no dst-port=\
3460 protocol=tcp
add action=drop chain=forward comment="block poison ivy" disabled=no \
dst-port=3460 protocol=tcp
add action=drop chain=forward comment="poison ivy" disabled=no dst-port=8000 \
protocol=tcp
add action=drop chain=virus comment="Poison IVY" disabled=no dst-port=8000 \
protocol=tcp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=10.0.0.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
100.100.100.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.100.0/24
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes