"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \Ĭonnection-state=new in-interface-list=WANĪdd action=masquerade chain=srcnat comment="defconf: masquerade" \ "defconf: accept established,related, untracked" connection-state=\Īdd action=drop chain=forward comment="defconf: drop invalid" \ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1Īdd action=drop chain=input comment="defconf: drop all not coming from LAN" \Īdd action=accept chain=forward comment="defconf: accept in ipsec policy" \Īdd action=accept chain=forward comment="defconf: accept out ipsec policy" \Īdd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \Īdd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\Īdd action=drop chain=input comment="defconf: drop invalid" connection-state=\Īdd action=accept chain=input comment="defconf: accept ICMP" protocol=icmp Set supplicant-identity=MikroTikĪdd dh-group=modp2048 enc-algorithm=aes-128 hash-algorithm=sha256 name=ComitsĪdd address=REMOTEWAN exchange-mode=ike2 local-address=MYWAN name=\Īdd auth-algorithms=sha256 enc-algorithms=aes-128-cbc lifetime=1d name=Comits \Īdd name=dhcp ranges=192.168.15.10-192.168.15.254Īdd address-pool=dhcp disabled=no interface=bridge name=defconfĪdd bridge=bridge comment=defconf interface=ether2Īdd bridge=bridge comment=defconf interface=ether3Īdd bridge=bridge comment=defconf interface=ether4Īdd bridge=bridge comment=defconf interface=ether5Īdd bridge=bridge comment=defconf interface=sfp1Īdd comment=defconf interface=bridge list=LANĪdd comment=defconf interface=ether1 list=WANĪdd address=192.168.15.1/24 comment=defconf interface=ether2 network=\Īdd comment=defconf disabled=no interface=ether1Īdd address=192.168.15.0/24 comment=defconf gateway=192.168.15.1 netmask=24Īdd address=192.168.15.1 comment=defconf name=router.lanĪdd action=accept chain=input dst-port=500,4500 protocol=udpĪdd action=accept chain=forward dst-address=192.168.5.0/24 src-address=\Īdd action=accept chain=forward dst-address=192.168.1.0/24 src-address=\
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |