Re: Неизвестная запись в System/Scheduler
Добавлено: 06 фев 2019, 19:17
Извените но совсем понимаю что мне надо сделать. Я окончательно запутался!
For every complex problem, there is a solution that is simple, neat, and wrong.
https://forum.mikrotik.by/
Мне нужно добавить вот такое правило?Sir_Prikol писал(а): ↑06 фев 2019, 19:34 У вас через фаервол фильтруются всего 2 интерфейса (ether1 и ether9) но не фильтруется pptp интерфейс
Код: Выделить всё
/ip firewall filter
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=pptp-out1
Код: Выделить всё
/ip firewall filter
add action=accept chain=input comment="Allow PING (ICMP)" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=reject chain=forward in-interface=bridge1-NET-V out-interface=\
bridge2-NET-E reject-with=icmp-network-unreachable
add action=reject chain=forward in-interface=bridge2-NET-E out-interface=\
bridge1-NET-V reject-with=icmp-network-unreachable
add action=accept chain=input comment="Open PPTP" dst-port=1723 in-interface=\
ether9-WAN-E protocol=tcp
add action=accept chain=input comment="Open PPTP" dst-port=1723 in-interface=\
ether1-WAN-V protocol=tcp
add action=accept chain=input comment="Open PPTP" in-interface=ether1-WAN-V \
protocol=gre
add action=accept chain=input comment="Open PPTP" in-interface=ether9-WAN-E \
protocol=gre
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1-WAN-V
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether9-WAN-E
add action=drop chain=input
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=pptp-out1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-WAN-V
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether9-WAN-E
Код: Выделить всё
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
Код: Выделить всё
/ip firewall filter add chain=input action=drop
Код: Выделить всё
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list=\
Kids-List to-addresses=77.88.8.7
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp src-address-list=\
Kids-List to-addresses=77.88.8.3
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list=\
Parents-List to-addresses=176.103.130.130
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp src-address-list=\
Parents-List to-addresses=176.103.130.130