/ip firewall export
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here”
disabled=yes
add action=accept chain=input comment=“Aceptar conexiones establecidas”
connection-state=established disabled=no
add action=accept chain=input comment=“Aceptar related conexiones”
connection-state=related disabled=no
add action=drop chain=input comment=“Rechazar conexiones invlidas”
connection-state=invalid disabled=no
add action=drop chain=forward disabled=no dst-address=192.168.1.46
in-interface=ether2-local-master src-address-list=!IPs_ALLOW
add action=drop chain=forward disabled=no dst-address=192.168.1.46
in-interface=ether2-local-master src-address-list=!IPs_ALLOW
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here”
disabled=yes
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
add action=accept chain=srcnat comment=“Redireccion DNS cache” disabled=no
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes