Differences

This shows you the differences between two versions of the page.

--- balance [2024/06/01 05:27] – created protocol
+++ balance [2024/06/01 09:49] (current) – protocol
@@ Line 1: / Line 1: @@
+<code>
+/interface list
+add name=wan comment=wan
+/interface list member
+add list=wan interface=ether1
+add list=wan interface=ether2
 /ip firewall address-list
 add address=10.0.0.0/8 list=private
@@ Line 4: / Line 13: @@
 add address=192.168.0.0/16 list=private
 add address=172.16.0.0/12 list=private
-add address=192.168.69.0/24 list=lan
+add address=192.168.88.0/24 list=lan
-add address=192.168.69.191 disabled=yes list=force-ether1
-add address=192.168.88.0/24 list=force-ether2
+/ip firewall filter
+add chain=input connection-state=invalid action=drop
+add chain=forward connection-state=invalid action=drop
+add chain=forward connection-state=established,related connection-mark=no-mark action=fasttrack-connection
+add chain=forward connection-state=established,related connection-mark=no-mark action=accept
+add chain=output connection-state=invalid action=drop
+/ip firewall nat
+add chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan action=masquerade
 /ip firewall mangle
-add action=mark-connection chain=prerouting in-interface=ether1 new-connection-mark=mark-connection-ether1 passthrough=yes
+add chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 action=mark-connection passthrough=yes
-add action=mark-connection chain=prerouting in-interface=ether2 new-connection-mark=mark-connection-ether2 passthrough=yes
+add chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 action=mark-connection passthrough=yes
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes
+add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1 action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2
+add chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes
+add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2 action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether4 new-connection-mark=mark-connection-ether4 passthrough=yes
+add chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes action=mark-connection
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark dst-address-list=!private dst-address-type=!local in-interface-list=lan \
-    new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan
+add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan action=mark-connection
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark dst-address-list=!private dst-address-type=!local in-interface-list=lan \
+add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan action=mark-connection
-    new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes
+add chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes action=mark-routing
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes
+add chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes action=mark-routing
-add action=mark-routing chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 passthrough=yes
-add action=mark-routing chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 passthrough=yes
+add chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 action=mark-routing passthrough=yes
+add chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 action=mark-routing passthrough=yes
+/ip firewall raw
+add chain=prerouting in-interface-list=!wan protocol=tcp action=drop dst-port=25
+add chain=prerouting in-interface-list=wan protocol=udp action=drop dst-port=1-1024,3389
+add chain=prerouting in-interface-list=wan protocol=tcp action=drop dst-port=1-1024,1900,2049,3389,5353
+</code>