pelirob No jedna vec co tam je, ten output je z duvodu, ze detekuji chybne spojeni content="M=bad"
Jedna vec mi je tam divna, ty kratky timeouty 😉
Mno a nejak posledni verze meho scriptu (kazdej si doupravi dle sebe - typy portu atd ...)
/ip firewall filter
add action=jump chain=input connection-state=new dst-port=22,53 in-interface-list=WAN jump-target=BFTEST protocol=tcp
add action=jump chain=input connection-state=new dst-port=53,1701,500,4500 in-interface-list=WAN jump-target=BFTEST protocol=udp
add action=jump chain=forward connection-state=new dst-port=8080 in-interface-list=WAN jump-target=BFTEST protocol=tcp
add action=add-src-to-address-list address-list=PORTKNOCK address-list-timeout=1m chain=input dst-port=12345 in-interface-list=WAN protocol=tcp
add action=return chain=BFTEST src-address-list=WHITELIST
add action=return chain=BFTEST src-address-list=PORTKNOCK
add action=drop chain=BFTEST src-address-list=DROPLIST
add action=add-src-to-address-list address-list=DROPLIST address-list-timeout=none-static chain=BFTEST src-address-list=BFStage2
add action=add-src-to-address-list address-list=BFStage2 address-list-timeout=1h chain=BFTEST src-address-list=BFStage1
add action=add-src-to-address-list address-list=BFStage1 address-list-timeout=1h chain=BFTEST
V pripade, ze tam doplnite i porty co se nepouzivaji, tak to muze testovat port scannery 😉
