MikroTik RouterOS (часть 5) - [5] :: В помощь системному администратору

0 chain=input action=accept protocol=tcp port=1723

1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

2 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked

3 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid

4 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp

5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN

6 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec

7 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec

8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related

9 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked

10 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid

11 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
Версия для печати • Подписаться • Добавить в закладки
На первую страницу • к этому сообщению • к последнему сообщению