Za početak firewall lista izgleda ovako:
Code:
/ip firewall filter
add action=reject chain=forward comment="1.0 Reject VPN Access from WiFi" disabled=yes dst-address-list=Private_Networks reject-with=icmp-network-unreachable \
src-address-list=Wireless_Networks
add action=accept chain=input comment="2.1 Allow New Connection to MTK from LAN" connection-state=new src-address-list=Private_Networks
add action=accept chain=input comment="2.4 Allow Established and Related Connection to MTK from LAN" connection-state=established,related src-address-list=\
Private_Networks
add action=accept chain=input comment="Allow IP Cloud" in-interface=ether1 protocol=udp src-port=15252
add action=accept chain=input comment="2.2 Allow Winbox" dst-port=8291 protocol=tcp
add action=accept chain=input comment="2.2 Allow_ICMP" connection-state=established,new protocol=icmp
add action=drop chain=input comment="2.5 Drop All Input to MTK"
/ip firewall filter
add action=reject chain=forward comment="1.0 Reject VPN Access from WiFi" disabled=yes dst-address-list=Private_Networks reject-with=icmp-network-unreachable \
src-address-list=Wireless_Networks
add action=accept chain=input comment="2.1 Allow New Connection to MTK from LAN" connection-state=new src-address-list=Private_Networks
add action=accept chain=input comment="2.4 Allow Established and Related Connection to MTK from LAN" connection-state=established,related src-address-list=\
Private_Networks
add action=accept chain=input comment="Allow IP Cloud" in-interface=ether1 protocol=udp src-port=15252
add action=accept chain=input comment="2.2 Allow Winbox" dst-port=8291 protocol=tcp
add action=accept chain=input comment="2.2 Allow_ICMP" connection-state=established,new protocol=icmp
add action=drop chain=input comment="2.5 Drop All Input to MTK"
Problem je šta ne radi IP Cloud update. Kada disable-am Drop All rule sve radi, ali s obzirom koliko toga on dropa rađe ga nebi disable-ao