update router config
This commit is contained in:
parent
827e859277
commit
4a1f06e020
1 changed files with 11 additions and 57 deletions
68
router.nix
68
router.nix
|
|
@ -101,8 +101,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
"/ip dns" = {
|
"/ip dns" = {
|
||||||
"allow-remote-requests" = "yes";
|
no_label = {
|
||||||
servers = "1.1.1.1,1.0.0.1";
|
allow-remote-requests = "yes";
|
||||||
|
servers = "1.1.1.1,1.0.0.1";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"/ip dns static" = [
|
"/ip dns static" = [
|
||||||
{
|
{
|
||||||
|
|
@ -112,67 +114,19 @@
|
||||||
];
|
];
|
||||||
"/ip firewall filter" = [
|
"/ip firewall filter" = [
|
||||||
{
|
{
|
||||||
action = "accept";
|
address = "10.10.10.10-10.10.10.10.254";
|
||||||
chain = "input";
|
list = "allowed_to_router";
|
||||||
comment = "defconf: accept established,related,untracked";
|
}
|
||||||
"connection-state" = "established,related,untracked";
|
{
|
||||||
}
|
action = "accept";
|
||||||
{
|
chain = "input";
|
||||||
action = "drop";
|
src-address-list = "allowed_to_router";
|
||||||
chain = "input";
|
|
||||||
comment = "defconf: drop invalid";
|
|
||||||
"connection-state" = "invalid";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
action = "accept";
|
action = "accept";
|
||||||
chain = "input";
|
chain = "input";
|
||||||
comment = "defconf: accept ICMP";
|
|
||||||
protocol = "icmp";
|
protocol = "icmp";
|
||||||
}
|
}
|
||||||
{
|
|
||||||
action = "drop";
|
|
||||||
chain = "input";
|
|
||||||
comment = "defconf: drop all not coming from LAN";
|
|
||||||
"in-interface-list" = "!LAN";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "accept";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: accept in ipsec policy";
|
|
||||||
"ipsec-policy" = "in,ipsec";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "accept";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: accept out ipsec policy";
|
|
||||||
"ipsec-policy" = "out,ipsec";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "fasttrack-connection";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: fasttrack";
|
|
||||||
"connection-state" = "established,related";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "accept";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: accept established,related, untracked";
|
|
||||||
"connection-state" = "established,related,untracked";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "drop";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: drop invalid";
|
|
||||||
"connection-state" = "invalid";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
action = "drop";
|
|
||||||
chain = "forward";
|
|
||||||
comment = "defconf: drop all from WAN not DSTNATed";
|
|
||||||
"connection-nat-state" = "!dstnat";
|
|
||||||
"connection-state" = "new";
|
|
||||||
"in-interface-list" = "WAN";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
"/ip firewall nat" = [
|
"/ip firewall nat" = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue