Pokuď by si prosím byl tak hodný a podival se .... asi bude i špatne seřazení (napřed vše zakázat a potom povolovat)... děkuji mockrát
[admin@FUN-Router] > /ip firewall export
# aug/03/2017 08:07:09 by RouterOS 6.35.4
# software id = DVN2-3LN6
#
/ip firewall address-list
add address=88.150.148.189 list=SAT
add address=88.150.148.188 list=SAT
add address=149.202.92.139 list=SAT
add address=69.30.251.30 list=SAT
add address=103.61.236.150 list=SAT
add address=173.208.145.243 list=SAT
add address=183.61.164.150 list=SAT
add address=192.99.168.158 list=SAT
add address=64.237.40.126 list=SAT
add address=174.128.245.7 list=SAT
add address=37.48.64.176 list=SAT
add address=206.221.181.190 list=SAT
add address=149.202.53.11 list=SAT
add address=149.202.53.110 list=SAT
add address=37.187.248.28 list=SAT
add address=23.252.162.202 list=SAT
add address=23.62.120.133 list=SAT
add address=104.20.39.172 list=SAT
add address=23.252.165.129 list=SAT
add address=92.223.0.0/16 list=SAT
add address=37.252.248.75 list=SAT
/ip firewall filter
add chain=forward in-interface=ether1-wan protocol=icmp
add chain=forward comment="Povoleni prichoziho portu 1021 (FTP server)" \
dst-port=1021 in-interface=ether1-wan protocol=tcp
add chain=forward comment="Povoleni prichoziho portu 5900 (VNC)" dst-port=\
5800-5900 in-interface=ether1-wan protocol=tcp
add chain=forward comment="Povoleni prichoziho portu 500,4500,1701 (PPTP)" \
dst-port=500,4500,1701 in-interface=ether1-wan protocol=udp
add chain=forward comment="Povoleni prichoziho portu 5900 (VNC)" dst-port=\
5800-5900 in-interface=ether1-wan protocol=udp
add chain=forward comment="Povoleni prichoziho portu 9981 (DVB-T server)" \
dst-port=9981,9982 in-interface=ether1-wan protocol=tcp
add chain=forward comment="Povoleni prichoziho portu 9981 UDP(DVB-T server)" \
dst-port=9981,9982 in-interface=ether1-wan protocol=udp
add chain=forward comment="Povoleni prichoziho portu 80(www server)" dst-port=\
80 in-interface=ether1-wan protocol=tcp
add chain=forward comment=\
"Povoleni prichoziho portu 2005-2010 (FTP server PASSIV)" dst-port=\
2005-2010 in-interface=ether1-wan protocol=tcp
add chain=forward comment="Povoleni prichozi port 222 (SSH na server)" \
dst-port=222 in-interface=ether1-wan protocol=tcp
add chain=forward connection-state=established in-interface=ether1-wan
add action=drop chain=forward comment="Blokovani IP adres v address listu" \
dst-address-list=SAT
add chain=forward connection-state=related in-interface=ether1-wan
add chain=forward out-interface=ether1-wan
add action=drop chain=input dst-port=53 in-interface=ether1-wan protocol=udp
add action=drop chain=forward in-interface=ether1-wan
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.16.10.0/24
add action=dst-nat chain=dstnat comment="SSH server" dst-address=verejnaIPadresa \
dst-port=222 protocol=tcp to-addresses=172.16.10.2 to-ports=222
add action=dst-nat chain=dstnat comment=VNC dst-address=verejnaIPadresa dst-port=\
5900 protocol=tcp to-addresses=172.16.10.3 to-ports=5900
add action=dst-nat chain=dstnat comment=VNC dst-address=verejnaIPadresa dst-port=\
5900 protocol=udp to-addresses=172.16.10.3 to-ports=5900
add action=dst-nat chain=dstnat comment=DVB-T dst-address=verejnaIPadresa \
dst-port=9981-9982 protocol=tcp to-addresses=172.16.10.20 to-ports=\
9981-9982
add action=dst-nat chain=dstnat comment="DVB-T UDP" dst-address=verejnaIPadresa \
dst-port=9981-9982 protocol=udp to-addresses=172.16.10.20 to-ports=\
9981-9982
add action=dst-nat chain=dstnat comment=SMTP dst-address=verejnaIPadresa \
dst-port=25 protocol=tcp to-addresses=172.16.10.2 to-ports=25
add action=dst-nat chain=dstnat comment=SMTP dst-address=verejnaIPadresa \
dst-port=25 protocol=udp to-addresses=172.16.10.2 to-ports=25
add action=dst-nat chain=dstnat comment="www server" dst-address=verejnaIPadresa \
dst-port=80 protocol=tcp to-addresses=172.16.10.2 to-ports=80
add action=dst-nat chain=dstnat comment=VOIP dst-address=verejnaIPadresa \
dst-port=4000-6000 protocol=tcp to-addresses=172.16.10.2 to-ports=5000-6000
add action=dst-nat chain=dstnat comment=VOIP dst-address=verejnaIPadresa \
dst-port=10000-20000 protocol=tcp to-addresses=172.16.10.2 to-ports=\
10000-20000
add action=dst-nat chain=dstnat comment=VOIP dst-address=verejnaIPadresa \
dst-port=10000-20000 protocol=udp to-addresses=172.16.10.2 to-ports=\
10000-20000
add action=dst-nat chain=dstnat comment=VOIP dst-address=verejnaIPadresa \
dst-port=4000-6000 protocol=udp to-addresses=172.16.10.2 to-ports=5000-6000
add action=dst-nat chain=dstnat comment="FTP server - passive" dst-address=\
verejnaIPadresa dst-port=2005-2010 protocol=tcp to-addresses=172.16.10.2 \
to-ports=2005-2010
add action=dst-nat chain=dstnat comment="FTP server - passive" dst-address=\
verejnaIPadresa dst-port=2005-2010 protocol=udp to-addresses=172.16.10.2 \
to-ports=2005-2010
add action=dst-nat chain=dstnat comment="FTP server" dst-address=verejnaIPadresa \
dst-port=1021 protocol=tcp to-addresses=172.16.10.2 to-ports=1021
/ip firewall service-port
set ftp ports=211
