Mirror/routeros_toss_notes
1
0
Fork 0
mirror of https://gitee.com/callmer/routeros_toss_notes.git synced 2025-09-21 11:41:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

RouterOS 移除 IPv4 防火墙 IPSec 规则

Browse Source 
Signed-off-by: 狐狸Nomad <9463297+callmer@user.noreply.gitee.com>
This commit is contained in:
狐狸Nomad
2023-02-22 07:58:06 +00:00
committed by Gitee
parent 041c4050a6
commit 48f8788a4f
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/shortcut/fox_ros_rb750gr3_simple_shortcut.conf
View File

@ -93,8 +93,8 @@ set admin group=read address=172.16.1.0/24 comment="defconf: System Default User
## 执行第四部分
## 防火墙 & QoS
## Filter规则11条+虚拟规则1条
## NAT规则7
## Filter规则9条+虚拟规则1条
## NAT规则6
## Mangle规则2条+虚拟规则3条
## Address-list规则3条
/interface list
@ -122,8 +122,6 @@ add chain=input action=drop connection-state=invalid comment="defconf: drop inva
add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy" disabled=yes
add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy" disabled=yes
add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
add chain=forward action=accept connection-state=established,related comment="defconf: accept established,related"
add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
@ -133,14 +131,11 @@ add chain=forward action=drop connection-state=new connection-nat-state=!dstnat
/ip firewall nat
add action=accept chain=srcnat comment="defconf: accept all that matches IPSec policy" ipsec-policy=out,ipsec disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=ONU src-address-list=local_subnet_ipv4 dst-address-list=onu_ipv4 comment="onuconf: Access To ONU"
add action=accept chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp src-address-list=local_dns_ipv4 comment="lanconf: Accept Local DNS Startup Query (UDP)"
add action=accept chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp src-address-list=local_dns_ipv4 comment="lanconf: Accept Local DNS Startup Query (TCP)" log=yes log-prefix=fw_dnsv4_tcp
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp to-ports=53 comment="lanconf: DNS Redirect to Local (UDP)"
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp to-ports=53 comment="lanconf: DNS Redirect to Local (TCP)" log=yes log-prefix=fw_dnsv4_tcp