jan/01/2002 22 by RouterOS 5.4
# software id = WAHY-FKPT
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no in-interface="ether1- STARNET"
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no in-interface="ether1- STARNET"
add action=drop chain=input comment="default configuration" disabled=no \
in-interface="ether1- STARNET"
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface="ether1- STARNET"
add action=masquerade chain=srcnat disabled=no out-interface="ether2- O2"
add action=dst-nat chain=dstnat disabled=no dst-port=33890 protocol=tcp \
to-addresses=192.168.11.20 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-port=18081 protocol=tcp \
to-addresses=192.168.11.253 to-ports=8081
add action=dst-nat chain=dstnat disabled=no dst-port=21 protocol=tcp \
to-addresses=192.168.11.1 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-port=3389 protocol=tcp \
to-addresses=192.168.11.1 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-port=3389 protocol=tcp \
to-addresses=192.168.11.100 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-port=8291 protocol=tcp \
to-addresses=192.168.11.254 to-ports=8291
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
