[admin@xnet_Wireless] > ip
[admin@xnet_Wireless] ip> firewall
[admin@xnet_Wireless] ip firewall> filter
[admin@xnet_Wireless] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Netbius e Similar
chain=input protocol=udp src-port=135 action=drop
1 chain=input protocol=tcp src-port=135 action=drop
2 chain=input protocol=udp src-port=137 action=drop
3 chain=input protocol=tcp src-port=137 action=drop
4 chain=input protocol=udp src-port=138 action=drop
5 chain=input protocol=tcp src-port=138 action=drop
6 chain=input protocol=udp src-port=139 action=drop
7 chain=input protocol=tcp src-port=139 action=drop
8 chain=input protocol=tcp src-port=445 action=drop
9 chain=input protocol=udp src-port=445 action=drop
10 ;;; drop invalid packets
chain=input connection-state=invalid action=drop
11 ;;; accept related packets
chain=input connection-state=related action=accept
12 ;;; accept established packets
chain=input connection-state=established action=accept
13 ;;; Redes livres
chain=input src-address=200.101.15.0/26 action=accept
14 chain=input src-address=201.67.42.0/29 action=accept
15 ;;; Bloqueio da Porta 22-23
chain=input src-address-list=drop_port_22_23 action=drop
16 ;;; detect and drop port scan connections
chain=input protocol=tcp psd=21,3s,3,1 action=drop
17 ;;; jump to chain ICMP
chain=input protocol=icmp action=jump jump-target=ICMP
18 ;;; jump to chain services
chain=input action=jump jump-target=services
19 ;;; 0:0 and limit for 5pac/s
chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept
20 ;;; 3:3 and limit for 5pac/s
chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept
21 ;;; 3:4 and limit for 5pac/s
chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept
22 ;;; 8:0 and limit for 5pac/s
chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept
23 ;;; 11:0 and limit for 5pac/s
chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept
24 ;;; Drop everything else
chain=ICMP protocol=icmp action=drop
25 ;;; accept localhost
chain=services src-address=127.0.0.1 dst-address=127.0.0.1 action=accept
26 X ;;; allow ftp
chain=services protocol=tcp dst-port=20-21 action=accept
27 X ;;; allow sftp, ssh
chain=services protocol=tcp dst-port=22 action=accept
28 X ;;; allow telnet
chain=services protocol=tcp dst-port=23 action=accept
29 ;;; allow http, webbox
chain=services protocol=tcp dst-port=80 action=accept
30 ;;; Allow winbox
chain=services protocol=tcp dst-port=8291 action=accept
31 ;;; allow MACwinbox
chain=services protocol=udp dst-port=20561 action=accept
32 ;;; Bandwidth server
chain=services protocol=tcp dst-port=2000 action=accept
33 ;;; MT Discovery Protocol
chain=services protocol=udp dst-port=5678 action=accept
34 ;;; allow DNS request
chain=services protocol=tcp dst-port=53 action=accept
35 ;;; Allow DNS request
chain=services protocol=udp dst-port=53 action=accept
36 ;;; allow L2TP
chain=services protocol=udp dst-port=1701 action=accept
37 ;;; allow PPTP
chain=services protocol=tcp dst-port=1723 action=accept
38 ;;; allow PPTP and EoIP
chain=services protocol=gre action=accept
39 X ;;; allow IPIP
chain=services protocol=ipencap action=accept
40 X ;;; UPnP
chain=services protocol=udp dst-port=1900 action=accept
41 X ;;; UPnP
chain=services protocol=tcp dst-port=2828 action=accept
42 X ;;; allow DHCP
chain=services protocol=udp dst-port=67-68 action=accept
43 ;;; allow Web Proxy
chain=services protocol=tcp dst-port=3126 action=accept
44 X ;;; allow NTP
chain=services protocol=tcp dst-port=123 action=accept
45 X ;;; allow SNMP
chain=services protocol=tcp dst-port=161 action=accept
46 ;;; allow https for Hotspot
chain=services protocol=tcp dst-port=443 action=accept
47 ;;; allow Socks for Hotspot
chain=services protocol=tcp dst-port=1080 action=accept
48 ;;; allow IPSec connections
chain=services protocol=udp dst-port=500 action=accept
49 ;;; allow IPSec
chain=services protocol=ipsec-esp action=accept
50 ;;; allow IPSec
chain=services protocol=ipsec-ah action=accept
51 ;;; Allow BGP
chain=services protocol=tcp dst-port=179 action=accept
52 ;;; allow RIP
chain=services protocol=udp dst-port=520-521 action=accept
53 ;;; allow OSPF
chain=services protocol=ospf action=accept
54 ;;; allow BGP
chain=services protocol=udp dst-port=5000-5100 action=accept
55 ;;; allow Telephony
chain=services protocol=tcp dst-port=1720 action=accept
56 ;;; allow Telephony
chain=services protocol=udp dst-port=1719 action=accept
57 ;;; allow VRRP
chain=services protocol=vrrp action=accept
58 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=135-139 action=drop
59 ;;; Drop Messenger Worm
chain=virus protocol=udp dst-port=135-139 action=drop
60 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop
61 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop
62 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop
63 ;;; ________
chain=virus protocol=tcp dst-port=1024-1030 action=drop
64 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop
65 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop
66 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop
67 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop
68 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop
69 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop
70 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop
71 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop
72 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop
73 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop
74 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop
75 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=3127-3128 action=drop
76 ;;; Drop Backdoor OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop
77 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop
78 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop
79 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop
80 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop
81 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop
82 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop
83 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop
84 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop
85 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop
86 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop
87 ;;; Drop PhatBot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop
88 ;;; Drop phAse zero
chain=virus protocol=tcp dst-port=555 action=drop
89 ;;; Drop phAse zero
chain=virus protocol=udp dst-port=555 action=drop
90 ;;; Drop Sub-7, SubSeven
chain=virus protocol=tcp dst-port=1243 action=drop
91 ;;; Drop Sub-7, SubSeven
chain=virus protocol=udp dst-port=1243 action=drop
92 ;;; Drop Masters Paradise
chain=virus protocol=tcp dst-port=3129 action=drop
93 ;;; Drop Masters Paradise
chain=virus protocol=udp dst-port=3129 action=drop
94 ;;; Drop DeepThroat
chain=virus protocol=tcp dst-port=6670 action=drop
95 ;;; Drop DeepThroat
chain=virus protocol=udp dst-port=6670 action=drop
96 ;;; Drop Sub-7, SubSeven
chain=virus protocol=tcp dst-port=6711 action=drop
97 ;;; Drop Sub-7, SubSeven
chain=virus protocol=udp dst-port=6711 action=drop
98 ;;; Drop GateCrasher
chain=virus protocol=tcp dst-port=6969 action=drop
99 ;;; Drop GateCrasher
chain=virus protocol=udp dst-port=6969 action=drop