-
-
Save nextend/a503061ac81fa2636a49f258c07f481c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /ip address | |
| add address=82.000.000.5 interface=WAN1 network=82.000.000.30 | |
| add address=192.168.87.2 interface=WanTelenor network=192.168.87.1 | |
| /ip route | |
| add check-gateway=ping distance=1 gateway=82.000.000.30 routing-mark=PrimaryWan | |
| add check-gateway=ping distance=10 gateway=192.168.87.1 | |
| /ip firewall filter | |
| add action=drop chain=input dst-address=82.000.000.5 dst-port=53 protocol=udp | |
| add action=drop chain=input dst-address=82.000.000.5 dst-port=53 protocol=tcp | |
| add action=accept chain=input comment="Accept Established / Related Input" connection-state=established,related | |
| add action=accept chain=input comment="Allow Management Input - 192.168.88.0/24" src-address=192.168.88.0/24 | |
| add action=accept chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp | |
| add action=accept chain=input comment="PPTP VPN" dst-port=500 protocol=udp | |
| add action=accept chain=input comment="PPTP VPN" dst-port=1701 protocol=udp | |
| add action=accept chain=input comment="PPTP VPN" dst-port=4500 protocol=udp | |
| add action=accept chain=input comment="PPTP VPN" protocol=ipsec-esp | |
| add action=accept chain=input comment="PPTP VPN" protocol=ipsec-ah | |
| add action=drop chain=input comment="Drop Input" log-prefix="Input Drop" | |
| add action=accept chain=forward comment="Accept Established / Related Forward" connection-state=established,related | |
| add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" out-interface=WAN1 src-address=192.168.88.0/24 | |
| add action=accept chain=forward out-interface=bridge1 src-address=192.168.88.0/24 | |
| add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" out-interface=WanTelenor src-address=192.168.88.0/24 | |
| add action=drop chain=forward comment="Drop Bogon Forward >> Ether1" in-interface=WAN1 log=yes log-prefix="Bogon Forward Drop" src-address-list=Bogon | |
| add action=drop chain=forward comment="Drop Forward" | |
| /ip firewall mangle | |
| add action=accept chain=prerouting dst-address=82.000.000.5 in-interface=WAN1 | |
| add action=accept chain=prerouting dst-address=192.168.87.2 in-interface=WanTelenor | |
| add action=mark-routing chain=prerouting comment="Use PrimaryWan connection" dst-address=!192.168.87.0/24 new-routing-mark=PrimaryWan passthrough=yes src-address=192.168.88.254 src-address-list="" | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat out-interface=WAN1 | |
| add action=masquerade chain=srcnat out-interface=WanTelenor | |
| add action=accept chain=srcnat |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment