Professional Documents
Culture Documents
/ip address
add address=10.10.0.1/24 broadcast=10.10.0.255 disabled=no interface=Local network=10.10.0.0
/ip route
add comment="MWeb" dst-address=196.2.63.110/32 gateway=41.x.x.113 scope=10
add comment="Yahoo" dst-address=67.195.160.76/32 gateway=41.x.x.113 scope=10
add comment="VodaCom" dst-address=41.1.224.101/32 gateway=41.x.x.1 scope=10
add comment="Google" dst-address=74.125.230.146/32 gateway=41.x.x.1 scope=10
add comment="MyADSL" dst-address=41.203.21.137/32 gateway=192.168.10.1 scope=10
add comment="News24" dst-address=152.111.193.28/32 gateway=192.168.10.1 scope=10
# Server connections established from WAN to LAN coming in WAN1 accordingly. If you have static IPs,
you can also refer to them here as dst-address.#
add chain=prerouting connection-state=new in-interface=WAN1 protocol=tcp dst-address=41.x.x.114
dst-port=21,25,80,110,143,443,8080 action=mark-connection new-connection-mark=WAN1_conn
add chain=prerouting connection-state=new in-interface=WAN1 protocol=tcp dst-address=41.x.x.115
dst-port=443 action=mark-connection new-connection-mark=WAN1_conn
add chain=prerouting connection-state=new in-interface=WAN1 protocol=tcp dst-address=41.x.x.118
dst-port=80,8767,14534 action=mark-connection new-connection-mark=WAN1_conn
# mark packets from LAN to WAN with routing marks according to their connection marks#
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-
routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-
routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-
routing-mark=to_WAN3
# default deny#
add chain=input action=drop
# SNMP #
add action=log chain=forward comment="" disabled=no dst-port=25 log-prefix=smtp_ out-interface=!
Local protocol=tcp src-address=!10.10.0.250
add action=drop chain=forward comment="" disabled=no dst-port=25 out-interface=!Local protocol=tcp
src-address=!10.10.0.250
# statefully firewall traffic through the router#
add chain=forward connection-state=established action=accept
add chain=forward connection-state=related action=accept
add chain=forward connection-state=invalid action=drop
# default deny#
add chain=forward action=drop