Re: IP FIXO Oi, NET BIOS, ACK - KM
/interface bridge filter
add action=accept chain=input comment="Aceitar Acesso por IP" disabled=no \
dst-port=8291 ip-protocol=udp mac-protocol=ip
add action=accept chain=input comment="Aceitar Acesso por MAC" disabled=no \
dst-port=20561 ip-protocol=udp mac-protocol=ip
add action=accept chain=input comment="Aceita Descoberta de Vizinhanca" \
disabled=no dst-port=5678 ip-protocol=udp mac-protocol=ip
add action=drop chain=forward comment="Boqueia Pacotes entre Interfaces" \
disabled=no in-interface=!rede out-interface=!rede
add action=drop chain=input comment="Spanning Tree" disabled=yes \
dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF
add action=drop arp-hardware-type=!1 arp-packet-type=!0x800 chain=forward \
comment="Descartando ARP esp\FArios " disabled=no mac-protocol=arp
add action=drop chain=input comment=Anti-DHCPServer-Externo disabled=no \
in-interface=wlan2 ip-protocol=udp mac-protocol=ip src-port=67
add action=drop chain=forward disabled=no in-interface=wlan2 ip-protocol=udp \
mac-protocol=ip src-port=67
add action=drop chain=input comment=Anti-DHCPServer-Externo disabled=no \
in-interface=wlan1 ip-protocol=udp mac-protocol=ip src-port=67
add action=drop chain=forward disabled=no in-interface=wlan1 ip-protocol=udp \
mac-protocol=ip src-port=67
add action=log chain=input comment="Block DHCP servers on 192.168.0.0/16" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=192.168.0.0/16 \
src-port=67-68
add action=drop chain=input comment="Block DHCP servers on 192.168.0.0/16" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=\
ip src-address=192.168.0.0/16 src-port=67-68
add action=drop chain=forward comment=Netbios disabled=yes dst-port=135-139 \
ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward disabled=yes dst-port=135-139 ip-protocol=udp \
mac-protocol=ip
add action=drop chain=forward disabled=yes dst-port=445 ip-protocol=tcp \
mac-protocol=ip
add action=drop chain=forward disabled=yes dst-port=445 ip-protocol=udp \
mac-protocol=ip
Nao uso o bloqueio de netbios nos filtros de bridge porque deixa os cartoes mais lentos, prefiro deixar somente no firewall.
Cliente com ACK em caso de 50km como ta dando, essa instalacao tem que ser revista, porque nao significa que ele esteja a essa distancia e sim que ela esta ruim !