Mikrotik firewall a nat

Radim Špetík (kulich)

Základní nastavení firewalu a nat

Přidáme pravidla pro IP > Firewall > Filter Rules

;;; Skoc na  wan-to-mkt pravidlo
chain=input action=jump jump-target=wan-to-mkt in-interface="Zde wan port" log=no log-prefix="" 

;;; Povol established spojeni
chain=wan-to-mkt action=accept connection-state=established log=no log-prefix="" 

;;; Povol related spojeni
chain=wan-to-mkt action=accept connection-state=related log=no log-prefix="" 

;;; Zakaz invalid spojeni
chain=wan-to-mkt action=drop connection-state=invalid log=no log-prefix=""

;;; Povol ICMP
chain=wan-to-mkt action=accept protocol=icmp log=no log-prefix="" 

;;; Loguj spojeni
chain=wan-to-mkt action=log log=no log-prefix="IP IN:" 

;;; Zakaz vse ostatni
chain=wan-to-mkt action=drop log=no log-prefix="" 

;;; Skoc na wan-to-mkt pravidlo
chain=forward action=jump jump-target=wan-to-lan in-interface="Zde wan port" log=no log-prefix="" 

;;; Povol established spojeni
chain=wan-to-lan action=accept connection-state=established log=no log-prefix="" 

;;; Povol related spojeni
chain=wan-to-lan action=accept connection-state=related log=no log-prefix="" 

;;; Loguj spojeni
chain=wan-to-lan action=log log=no log-prefix="" 

;;; Zakaz invalid spojeni
chain=wan-to-lan action=drop connection-state=invalid log=no log-prefix=""
       
;;; Blokuj UDP Win
chain=input action=drop protocol=udp dst-port=137-138 log=no log-prefix="" 

;;; Blokuj spatna (invalid) spojeni
chain=forward action=drop connection-state=invalid log=no log-prefix=""

a NAT

;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface="Zde wan port" log=no log-prefix="