Code: Select all
/ip firewall address-list add address=5.43.16.0/20 list=WAN-IN-FILTER
/ip firewall address-list add address=10.0.0.0/8 list=WAN-IN-FILTER
/ip firewall address-list add address=172.16.0.0/12 list=WAN-IN-FILTER
/ip firewall address-list add address=192.168.0.0/16 list=WAN-IN-FILTER
What is more efficient from these two options:
1)
connection tracking -> off
Code: Select all
/ip firewall filter add action=drop chain=forward in-interface-list=WAN_INTERFACES src-address-list=WAN-IN-FILTER
connection tracking -> on
Code: Select all
/ip firewall filter add action=accept chain=forward connection-state=established,related
/ip firewall filter add action=drop chain=forward in-interface-list=WAN_INTERFACES src-address-list=WAN-IN-FILTER