diff --git a/src/shortcut/fox_ros_rb750gr3_simple_shortcut.conf b/src/shortcut/fox_ros_rb750gr3_simple_shortcut.conf
index 13c5c68..7d33809 100644
--- a/src/shortcut/fox_ros_rb750gr3_simple_shortcut.conf
+++ b/src/shortcut/fox_ros_rb750gr3_simple_shortcut.conf
@@ -93,8 +93,8 @@ set admin group=read address=172.16.1.0/24 comment="defconf: System Default User
 
 ## 执行第四部分
 ## 防火墙 & QoS
-## Filter规则11条+虚拟规则1条
-## NAT规则7条
+## Filter规则9条+虚拟规则1条
+## NAT规则6条
 ## Mangle规则2条+虚拟规则3条
 ## Address-list规则3条
 /interface list
@@ -122,8 +122,6 @@ add chain=input action=drop connection-state=invalid comment="defconf: drop inva
 add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
 add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
 
-add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy" disabled=yes
-add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy" disabled=yes
 add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
 add chain=forward action=accept connection-state=established,related comment="defconf: accept established,related"
 add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
@@ -133,14 +131,11 @@ add chain=forward action=drop connection-state=new connection-nat-state=!dstnat
 
 /ip firewall nat
 
-add action=accept chain=srcnat comment="defconf: accept all that matches IPSec policy" ipsec-policy=out,ipsec disabled=yes
 add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
-
 add action=masquerade chain=srcnat out-interface-list=ONU src-address-list=local_subnet_ipv4 dst-address-list=onu_ipv4 comment="onuconf: Access To ONU"
 
 add action=accept chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp src-address-list=local_dns_ipv4 comment="lanconf: Accept Local DNS Startup Query (UDP)"
 add action=accept chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp src-address-list=local_dns_ipv4 comment="lanconf: Accept Local DNS Startup Query (TCP)" log=yes log-prefix=fw_dnsv4_tcp
-
 add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp to-ports=53 comment="lanconf: DNS Redirect to Local (UDP)"
 add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp to-ports=53 comment="lanconf: DNS Redirect to Local (TCP)" log=yes log-prefix=fw_dnsv4_tcp