Mam tam na kazdy interaface iny subnet ale to si uz povymazujes, resp. upravis sam...
192.168.60.0/24 je virtual AP pre navstevy...
Rovno upozornujem, ze som zacaitocnik a rad uvitam akekolvek rady, ci tam nieco nemam naviac alebo nieco doplnit.. tymto dopredu dakujem!
0 XI chain=forward action=fasttrack-connection log=no log-prefix=""
1 chain=forward action=accept connection-state=established in-interface=ether1
2 chain=forward action=accept connection-state=related in-interface=ether1
3 chain=forward action=accept connection-state=established,related log=no log-prefix=""
4 ;;; PINGUJESE ZIJES!
chain=input action=accept protocol=icmp log=no log-prefix=""
5 chain=input action=accept connection-state=established
6 chain=input action=accept connection-state=related
7 ;;; VZDIALENY PRISTUP Z WINBOXu
chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
8 ;;; POVOLIT PPTP na port 1723
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
9 ;;; POVOLIT PPTP na protocole 47
chain=input action=accept protocol=gre log=no log-prefix=""
10 ;;; Povol DNS navsteve cez TCP
chain=input action=accept protocol=tcp src-address=192.168.60.0/24 dst-port=53 log=no
log-prefix=""
11 ;;; Povol DNS navsteve cez TCP
chain=input action=accept protocol=udp src-address=192.168.60.0/24 dst-port=53 log=no
log-prefix=""
12 ;;; BLOKUJ VSETKY POZIADAVKY NA MOJE DNS Z VONKU (tcp)
chain=input action=drop connection-state=new protocol=tcp in-interface=ether1 dst-port=53
log=no log-prefix=""
13 ;;; BLOKUJ VSETKY POZIADAVKY NA MOJE DNS Z VONKU (udp)
chain=input action=drop connection-state=new protocol=udp in-interface=ether1 dst-port=53
log=no log-prefix=""
14 ;;; ZAKAZ WEB Z VONKU
chain=input action=drop protocol=tcp in-interface=ether1 dst-port=80 log=no log-prefix=""
15 ;;; UKAZAT PROSTREDNICKEK PRI POKUSE O LOGIN NA MIKROTICEK
chain=input action=drop src-address=192.168.60.0/24 log=no log-prefix=""
16 ;;; SUKROMIE JE CENNE
chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.2.0/24 log=no log-prefix=""
17 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.3.0/24 log=no log-prefix=""
18 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.4.0/24 log=no log-prefix=""
19 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.5.0/24 log=no log-prefix=""
20 chain=forward action=reject reject-with=icmp-network-unreachable src-address=192.168.60.0/24
dst-address=192.168.24.0/24 log=no log-prefix=""
21 chain=forward action=reject reject-with=icmp-admin-prohibited src-address=192.168.60.0/24
dst-address=192.168.50.0/24 log=no log-prefix=""
22 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
23 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1
log=no log-prefix=""
24 chain=input action=drop in-interface=ether1 log=no log-prefix=""
