Code: Select all
add action=drop chain=forward comment=IPHONE src-mac-address=\
ab:cd:ef:gh:ij:kl time=12h15m-19h,sun,mon,tue,wed,thu,fri,sat
Code: Select all
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow ADMIN to Router" \
in-interface-list=LAN src-address-list=allowed_to_router
add action=accept chain=input in-interface-list=LAN port=xx protocol=tcp
add action=accept chain=input in-interface-list=LAN port=xx protocol=udp
add action=drop chain=input
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment=" Allow Port Forwarding - DSTNAT" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\
bridge out-interface-list=WAN
add action=drop chain=forward comment="Drop All Else"
add action=drop chain=forward dst-port=xx in-interface-list=WAN protocol=tcp
add action=drop chain=forward dst-port=xx in-interface-list=WAN protocol=udp
add action=drop chain=forward comment=IPHONE src-mac-address=\
ab:cd:ef:gh:ij:kl time=12h15m-19h,sun,mon,tue,wed,thu,fri,sat
/ip firewall mangle
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
none-dynamic chain=prerouting comment=YouTube content=youtube.com
add action=add-dst-to-address-list address-list=YouTube address-list-timeout=\
10m chain=prerouting comment=YouTube-googlevideo.com content=\
googlevideo.com
add action=add-dst-to-address-list address-list=Netflix address-list-timeout=\
none-dynamic chain=prerouting comment=Netflix content=netflix.com
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Plex Media Server" dst-address=\
0.0.0.0 dst-port=xyz in-interface-list=WAN protocol=tcp to-addresses=\
xxx.xxx.xx.xxx to-ports=xxx