There are my rules:
Code: Select all
1 ;;; Accept all establish related connection
chain=input action=accept connection-state=established,related log=no log-prefix=""
2 X ;;; Drop port scanner IP list
chain=input action=drop src-address-list=Port_scanners_IP_list log=no log-prefix=""
3 ;;; Drop all invalid connection
chain=input action=drop connection-state=invalid log=no log-prefix=""
4 ;;; Accept all establish connection to forward
chain=forward action=accept connection-state=established connection-type="" log=yes log-prefix=""
5 ;;; Accept all related connection to forward
chain=forward action=accept connection-state=related connection-type="" log=yes log-prefix=""
6 ;;; Drop all invalid connection to forward
chain=forward action=drop connection-state=invalid connection-type="" log=no log-prefix=""
Code: Select all
/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 85.xxx.xxx.1 1
1 ADC 85.xxx.xxx.0/24 85.xxx.xxx.xxx combo1 0
2 ADC 192.168.1.0/24 192.168.1.1 bridge1 0
Code: Select all
/ip firewall address-list> print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME
0 Peoplefone 95.128.80.2-95.128.80.9 oct/05/2017 17:09:43
1 Phones 192.168.1.100 oct/06/2017 14:32:41
2 Phones 192.168.1.40 oct/06/2017 14:37:11
3 Phones 192.168.1.36 oct/06/2017 14:37:39