First you have to do the work
Use this as a basis for all your rules and get rid of any raw ones etc...
Then add the additional rules you need for traffic to occur ( all the allow rules you need )
Use this as a basis for all your rules and get rid of any raw ones etc...
Then add the additional rules you need for traffic to occur ( all the allow rules you need )
Code:
/ip firewall filter{Input Chain}(default rules to keep)add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback " dst-address=127.0.0.1(add admin rules here)[b]add action=accept chain=input in-interface-list=LAN[/b] add action=drop chain=input comment="drop all else" [color=#FF0000]*****[/color]{forward chain}(default rules to keep)add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid(add admin rules here)add action=accept chain=forward comment="allow internet traffic" in-interface-list=LAN out-interface-list=WANadd action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat disabled=yes { enable if required }add action=drop chain=forward comment="drop all else"/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WANStatistics: Posted by Mesquite — Tue Feb 27, 2024 10:53 pm