Sat Nov 21, 2009 8:35 am
[admin@MikroTik] > ip firewall filter pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid
2 ;;; Allow esatblished connections
chain=input action=accept connection-state=established
3 ;;; Allow related connections
chain=input action=accept connection-state=related
4 ;;; Allow UDP
chain=input action=accept protocol=udp
5 ;;; Allow ICMP
chain=input action=accept protocol=icmp
6 ;;; Allow connection to router from local network
chain=input action=accept in-interface=!ether1
7 ;;; Drop everything else
chain=input action=drop
8 chain=forward action=jump jump-target=customer in-interface=ether1
9 ;;; Drop invalid connection packets
chain=customer action=drop connection-state=invalid
10 ;;; Allow established connections
chain=customer action=accept connection-state=established
11 ;;; Allow related connections
chain=customer action=accept connection-state=related
12 ;;; Log dropped connections
chain=customer action=log log-prefix="customer_drop"
13 ;;; Drop and log everything else
chain=customer action=drop
[admin@MikroTik] > ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=srcnat action=masquerade out-interface=ether1
[admin@MikroTik] > ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTER...
0 A S 0.0.0.0/0 r 196.220.4.157 1 ether1
1 ADC 192.168.0.0/24 192.168.0.1 0 ether2
2 ADC 196.220.4.0/24 196.220.4.158