zulonas/mikrotik IPv6 Firewall

## mikrotik IPv6 Firewall
/ipv6 firewall filter
add chain=input action=accept comment="Allow established connections" connection-state=established
add chain=input action=accept comment="Allow related connections" connection-state=related
add chain=input action=accept comment="Allow ICMP" protocol=icmpv6
add chain=input action=reject comment="Reject invalid packets" connection-state=invalid
add chain=input action=accept comment="Allow lo" in-interface=lo
add chain=input action=accept comment="Allow local network" in-interface=LAN
add action=add-src-to-address-list address-list=trying_to_login address-list-timeout=1d chain=input dst-port=22 protocol=tcp comment="list IP's who try remote login"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add chain=input action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
add chain=input action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
add chain=forward action=accept comment="Allow established connections" connection-state=established
add chain=forward action=accept comment="Allow related connections" connection-state=related
add chain=forward action=accept comment="Allow ICMP" protocol=icmpv6
add chain=forward action=reject comment="Reject invalid packets" connection-state=invalid
add chain=forward action=accept comment="Allow any to internet" out-interface=sit1
add chain=forward action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
add chain=forward action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
	/ipv6 firewall filter
	add chain=input action=accept comment="Allow established connections" connection-state=established
	add chain=input action=accept comment="Allow related connections" connection-state=related
	add chain=input action=accept comment="Allow ICMP" protocol=icmpv6
	add chain=input action=reject comment="Reject invalid packets" connection-state=invalid
	add chain=input action=accept comment="Allow lo" in-interface=lo
	add chain=input action=accept comment="Allow local network" in-interface=LAN
	add action=add-src-to-address-list address-list=trying_to_login address-list-timeout=1d chain=input dst-port=22 protocol=tcp comment="list IP's who try remote login"
	add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
	add chain=input action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
	add chain=input action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
	add chain=forward action=accept comment="Allow established connections" connection-state=established
	add chain=forward action=accept comment="Allow related connections" connection-state=related
	add chain=forward action=accept comment="Allow ICMP" protocol=icmpv6
	add chain=forward action=reject comment="Reject invalid packets" connection-state=invalid
	add chain=forward action=accept comment="Allow any to internet" out-interface=sit1
	add chain=forward action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
	add chain=forward action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited