My current NAT and filter rules:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=redirect chain=dstnat dst-port=2222 protocol=tcp to-ports=22
/ip firewall filter
add chain=input protocol=icmp
add chain=input dst-port=2222 protocol=tcp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=ether1-gateway
How do I make it only accept packets on port 2222, but not 22?