RB设备默认防火墙 ~~~ # aug/17/2016 15:55:29 by RouterOS 6.36 # software id = YIUU-X5T0 # /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \ log-prefix="" protocol=icmp add action=accept chain=input comment="defconf: accept established,related" \ connection-state=established,related disabled=yes log-prefix="" add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes \ in-interface=ether1 log-prefix="" add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related disabled=yes log-prefix="" add action=accept chain=forward comment="defconf: accept established,related" \ connection-state=established,related disabled=yes log-prefix="" add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yes log-prefix="" add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new disabled=yes in-interface=ether1 log-prefix="" add action=drop chain=forward disabled=yes log-prefix="" src-mac-address=\ F4:31:C3:DD:92:6B ~~~