Hi there

We have been running RouterOS 4.16 and the main purpose of our system is to run a hotspot where people need to authenticate before they can use any service.
At some point I deleted all Firewall/NAT rules. When I looked through the manual I found some hints and added the rules below, but I am still unsure if this is the 'factory default' setting. Any advice highly appreciated!

0 chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth

1 chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth

2 chain=input action=jump jump-target=hs-input hotspot=from-client

3 I chain=hs-input action=jump jump-target=pre-hs-input

4 chain=hs-input action=accept protocol=udp dst-port=64872

5 chain=hs-input action=accept protocol=tcp dst-port=64872-64875

6 chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth

7 chain=hs-unauth action=return protocol=icmp

8 chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp

9 chain=hs-unauth action=reject reject-with=icmp-net-prohibited

10 chain=hs-unauth-to action=return protocol=icmp

11 chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited


Cheers
Danny

This assumes you have no other filter rules. If you do save them off and add them again later. The below will recreate the dynamic rules required for a Hotspot.

Disable all Hotspots temporarily: Then delete all firewall rules: Then enable the Hotspots, this will recreate the dynamic rules: If you saved off other filter rules add them in now.

If you deleted the dynamic NAT rules required for the Hotspot as well also save your custom NAT rules and run the below before re-enabling the Hotspots, and afterwards also add the custome NAT rules back in:

Thanks for solving my problem with the default Firewall/NAT settings