Mikrotik 的 RouterBoard 硬件产品默认都有带有配置良好的防火墙规则,x86/CHR 设备默认不带防火墙规则。 如果你不小心删掉了防火墙规则,或者需要还原默认防火墙规则,可以导入以下配置:

第一部分: Interface List,所有设备均需要导入,请根据自己情况适当修改

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN

第二部分:IPv4 防火墙规则,推荐所有设备都导入

/ip firewall filter
add action=accept chain=input comment="accept ping" protocol=icmp
add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=input comment="drop all from WAN" in-interface-list=WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

标签: none

评论已关闭