侧边栏壁纸
博主头像
Backspace‘s Blog 博主等级

行动起来,活在当下

  • 累计撰写 33 篇文章
  • 累计创建 8 个标签
  • 累计收到 0 条评论

目 录CONTENT

文章目录
脚本

ros_firewall_ipv4.dhcp.basic.conf

Backspace
Backspace
2026-01-21 / 0 评论 / 0 点赞 / 2 阅读 / 0 字 / 正在检测是否收录... 
##       Filter 规则  8 条 + 虚拟规则 1 条
##          NAT 规则  3 条
##       Mangle 规则  1 条 + 虚拟规则 3 条
## Address-list 规则  1 条

/ip firewall address-list

add address=10.0.0.0/24 comment="defconf: local LAN IPv4 subnet" list=local_subnet_ipv4


/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not from LAN" in-interface-list=!LAN

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN log=yes log-prefix="[wan-not-dnat]"


/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade IPv4" out-interface-list=WAN

add action=redirect chain=dstnat comment="lanconf: redirect DNS query (UDP)" dst-port=53 in-interface-list=LAN protocol=udp to-ports=53
add action=redirect chain=dstnat comment="lanconf: redirect DNS query (TCP)" dst-port=53 in-interface-list=LAN protocol=tcp to-ports=53


/ip firewall mangle

add action=change-mss chain=forward comment="defconf: fix IPv4 mss for WAN" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn


/ip firewall connection tracking

set tcp-syn-sent-timeout=120s
set tcp-syn-received-timeout=60s
set tcp-established-timeout=7440s
set tcp-fin-wait-timeout=120s
set tcp-close-wait-timeout=60s
set tcp-last-ack-timeout=30s
set tcp-time-wait-timeout=120s
set tcp-close-timeout=10s
set tcp-max-retrans-timeout=300s
set tcp-unacked-timeout=300s
set udp-timeout=30s
set udp-stream-timeout=120s
set icmp-timeout=30s
set generic-timeout=600s

0
RouterOS

  1. 支付宝打赏

    qrcode alipay

  2. 微信打赏

    qrcode weixin
版权归属: Backspace
本文链接: https://blog.lys613.top/archives/019be0b6-ea7d-72a9-94b9-b62b1c249131
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区