Differences

This shows you the differences between two versions of the page.

--- balance [2024/06/01 08:38] – protocol
+++ balance [2024/06/01 09:49] (current) – protocol
@@ Line 16: / Line 16: @@
 /ip firewall filter
-add action=drop chain=input connection-state=invalid
+add chain=input connection-state=invalid action=drop
-add action=drop chain=forward connection-state=invalid
+add chain=forward connection-state=invalid action=drop
-add action=fasttrack-connection chain=forward connection-state=established,related connection-mark=no-mark
+add chain=forward connection-state=established,related connection-mark=no-mark action=fasttrack-connection
-add action=accept chain=forward connection-state=established,related connection-mark=no-mark
+add chain=forward connection-state=established,related connection-mark=no-mark action=accept
-add action=drop chain=output connection-state=invalid
+add chain=output connection-state=invalid action=drop
 /ip firewall nat
-add action=masquerade chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan
+add chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan action=masquerade
 /ip firewall mangle
-add action=mark-connection chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes
+add chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 action=mark-connection passthrough=yes
-add action=mark-connection chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes
+add chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 action=mark-connection passthrough=yes
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1
+add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1 action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes
+add chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2
+add chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2 action=mark-connection
-add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes
+add chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes action=mark-connection
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan
+add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan action=mark-connection
-add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan
+add chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan action=mark-connection
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes
+add chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes action=mark-routing
-add action=mark-routing chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes
+add chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes action=mark-routing
-add action=mark-routing chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 passthrough=yes
+add chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 action=mark-routing passthrough=yes
-add action=mark-routing chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 passthrough=yes
+add chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 action=mark-routing passthrough=yes
 /ip firewall raw
-add action=drop chain=prerouting dst-port=25 in-interface-list=!wan protocol=tcp
+add chain=prerouting in-interface-list=!wan protocol=tcp action=drop dst-port=25
-add action=drop chain=prerouting protocol=udp in-interface-list=wan dst-port=1-1024,3389
+add chain=prerouting in-interface-list=wan protocol=udp action=drop dst-port=1-1024,3389
-add action=drop chain=prerouting protocol=tcp in-interface-list=wan dst-port=1-1024,1900,2049,3389,5353
+add chain=prerouting in-interface-list=wan protocol=tcp action=drop dst-port=1-1024,1900,2049,3389,5353
 </code>