balance
This is an old revision of the document!
/interface list add name=wan comment=wan /interface list member add list=wan interface=ether1 add list=wan interface=ether2 /ip firewall address-list add address=10.0.0.0/8 list=private add address=100.64.0.0/10 list=private add address=192.168.0.0/16 list=private add address=172.16.0.0/12 list=private add address=192.168.88.0/24 list=lan /ip firewall filter add action=drop chain=input connection-state=invalid add action=drop chain=forward connection-state=invalid add action=fasttrack-connection chain=forward connection-state=established,related connection-mark=no-mark add action=accept chain=forward connection-state=established,related connection-mark=no-mark add action=drop chain=output connection-state=invalid /ip firewall nat add action=masquerade chain=srcnat src-address-list=private dst-address=!private out-interface-list=wan /ip firewall mangle add action=mark-connection chain=prerouting in-interface=ether1 connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes add action=mark-connection chain=prerouting in-interface=ether2 connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether1 passthrough=yes src-address-list=force-ether1 add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether1 new-connection-mark=mark-connection-ether1 passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=mark-connection-ether2 passthrough=yes src-address-list=force-ether2 add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=force-ether2 new-connection-mark=mark-connection-ether2 passthrough=yes add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether1 passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=lan add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark src-address-list=private dst-address-list=!private dst-address-type=!local in-interface-list=lan new-connection-mark=mark-connection-ether2 passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=lan add action=mark-routing chain=prerouting connection-mark=mark-connection-ether1 in-interface-list=lan new-routing-mark=mark-routing-ether1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=mark-connection-ether2 in-interface-list=lan new-routing-mark=mark-routing-ether2 passthrough=yes add action=mark-routing chain=output connection-mark=mark-connection-ether1 new-routing-mark=mark-routing-ether1 passthrough=yes add action=mark-routing chain=output connection-mark=mark-connection-ether2 new-routing-mark=mark-routing-ether2 passthrough=yes /ip firewall raw add action=drop chain=prerouting dst-port=25 in-interface-list=!wan protocol=tcp add action=drop chain=prerouting protocol=udp in-interface-list=wan dst-port=1-1024,3389 add action=drop chain=prerouting protocol=tcp in-interface-list=wan dst-port=1-1024,1900,2049,3389,5353
balance.1717241937.txt.gz · Last modified: 2024/06/01 08:38 by protocol