protocol.be

User Tools

Site Tools

Trace:
balance

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
balance [2024/06/01 08:07] protocolbalance [2024/06/01 09:49] (current) protocol
Line 16: Line 16:
  
 /ip firewall filter /ip firewall filter
-add action=drop chain=input connection-state=invalid +add chain=input connection-state=invalid action=drop 
-add action=drop chain=forward connection-state=invalid +add chain=forward connection-state=invalid action=drop 
-add action=fasttrack-connection chain=forward connection-state=established,related connection-mark=no-mark +add chain=forward connection-state=established,related connection-mark=no-mark action=fasttrack-connection 
-add action=accept chain=forward connection-state=established,related connection-mark=no-mark +add chain=forward connection-state=established,related connection-mark=no-mark action=accept  
-add action=drop chain=output connection-state=invalid+add chain=output connection-state=invalid action=drop 
  
 /ip firewall nat /ip firewall nat
-add action=masquerade chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan+add chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan action=masquerade
  
 /ip firewall mangle /ip firewall mangle
-add action=mark-connection chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes +add chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 action=mark-connection passthrough=yes 
-add action=mark-connection chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes+add chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 action=mark-connection passthrough=yes
  
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1 +add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1 action=mark-connection 
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes +add chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes action=mark-connection 
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2 +add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2 action=mark-connection 
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes+add chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes action=mark-connection
  
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan +add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan action=mark-connection 
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan+add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan action=mark-connection
  
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes +add chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes action=mark-routing 
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes+add chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes action=mark-routing
  
-add action=mark-routing chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 passthrough=yes +add chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 action=mark-routing passthrough=yes 
-add action=mark-routing chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 passthrough=yes+add chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 action=mark-routing passthrough=yes 
 + 
 +/ip firewall raw 
 +add chain=prerouting in-interface-list=!wan protocol=tcp action=drop dst-port=25 
 +add chain=prerouting in-interface-list=wan protocol=udp action=drop dst-port=1-1024,3389 
 +add chain=prerouting in-interface-list=wan protocol=tcp action=drop dst-port=1-1024,1900,2049,3389,5353
  
  
 </code> </code>
balance.1717240048.txt.gz · Last modified: 2024/06/01 08:07 by protocol