Olá galera, para os bons entendedores de mikrotik preciso de uma avaliação do firewall criado para minha rede, gostaria que descem uma olhada e me digam se esta correto as regras ou caso precise mudar algo que estiver errado, desde já agradeço.
aqui está o firewall inteiro
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="SSH WEBMIKROTIK" disabled=no dst-port=\
2222 protocol=tcp
add action=accept chain=input comment="conexoes de entrada estabilizadas" \
connection-state=established disabled=no
add action=accept chain=forward comment=";;; permite estabelecer conexoes" \
connection-state=established disabled=no
add action=accept chain=forward comment=";;; permitir conex es relacionadas" \
connection-state=related disabled=no
add action=accept chain=forward comment=";;; Allow HTTP" disabled=no \
dst-port=80 protocol=tcp
add action=accept chain=forward comment=";;; Allow SMTP" disabled=no \
dst-port=25 protocol=tcp
add action=accept chain=forward comment=";;; allow TCP" disabled=no protocol=\
tcp
add action=accept chain=forward comment=";;; allow ping" disabled=no \
protocol=icmp
add action=accept chain=forward comment=";;; allow udp" disabled=no protocol=\
udp
add action=accept chain=input comment="aceitando 50 pings a cada 5 segundos" \
disabled=no limit=50/5s,2 protocol=icmp
add action=accept chain=input comment="Aceita Rede Local" disabled=no \
src-address=192.168.10.0/24
add action=accept chain=input comment="allow ips radios" connection-state=\
established disabled=no src-address=10.1.230.0/24
add action=accept chain=input comment="Accept related " connection-state=\
related disabled=no protocol=tcp
add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
protocol=tcp
add action=drop chain=input comment="Descarta invalidas" connection-state=\
invalid disabled=no
add action=drop chain=forward comment="Net Bios bloqueado" disabled=no \
dst-address=192.168.10.0/24 dst-port=137,138,139,445 protocol=tcp \
src-address=192.168.10.0/24 src-port=137,138,139,445
add action=drop chain=forward comment="bloqueio Net Bios UDP" disabled=no \
dst-address=192.168.10.0/24 dst-port=137,138,139,445 protocol=udp \
src-address=192.168.10.0/24 src-port=137,138,139,445
add action=drop chain=input comment="bloqueando o excesso" disabled=no \
protocol=icmp
add action=jump chain=forward comment=";;; jump to the virus chain" disabled=\
yes jump-target=virus
add action=accept chain=input comment="" disabled=no dst-port=2211 protocol=\
tcp
add action=drop chain=forward comment=";;; Bloqueia conex es inv lidas" \
connection-state=invalid disabled=no
add action=drop chain=VIRUS comment="One of the last TrojanOOTLT" disabled=no \
dst-port=5011 protocol=tcp
add action=accept chain=forward comment="" disabled=no
add action=drop chain=input comment="" disabled=no dst-port=22-23 protocol=\
tcp
add action=drop chain=input comment="BLOQ. PINGS NO SERV." disabled=no \
protocol=icmp
add action=drop chain=input comment=";;; Drop Blaster Worm" disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=input comment=";;; Drop Messenger Worm" disabled=no \
dst-port=135-139 protocol=udp
add action=drop chain=input comment=";;; Drop Blaster Worm" disabled=no \
dst-port=445 protocol=tcp
add action=drop chain=input comment=";;; Drop Blaster Worm" disabled=no \
dst-port=445 protocol=udp
add action=drop chain=input comment=";;; ________" disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=input comment=";;; ________" disabled=no dst-port=\
1024-1030 protocol=tcp
add action=drop chain=input comment=";;; Drop MyDoom" disabled=no dst-port=\
1080 protocol=tcp
add action=drop chain=input comment=";;; ________" disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=input comment=";;; ndm requester" disabled=no dst-port=\
1363 protocol=tcp
add action=drop chain=input comment=" ;;; ndm server" disabled=no dst-port=\
1364 protocol=tcp
add action=drop chain=input comment=";;; screen cast" disabled=no dst-port=\
1368 protocol=tcp
add action=drop chain=input comment=";;; hromgrafx" disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=input comment=";;; cichlid" disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=input comment=";;; Worm" disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=input comment=";;; Bagle Virus" disabled=no dst-port=\
2745 protocol=tcp
add action=drop chain=input comment=";;; Drop Dumaru.Y" disabled=no dst-port=\
2283 protocol=tcp
add action=drop chain=input comment=";;; Drop Beagle" disabled=no dst-port=\
2535 protocol=tcp
add action=drop chain=input comment=";;; Drop Beagle.C-K" disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=input comment=";;; Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=input comment=";;; Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=input comment=";;; Worm" disabled=no dst-port=4444 \
protocol=tcp
add action=drop chain=input comment=";;; Worm" disabled=no dst-port=4444 \
protocol=udp
add action=drop chain=input comment=";;; Drop Sasser" disabled=no dst-port=\
5554 protocol=tcp
add action=drop chain=forward comment="netbios windows7" disabled=no \
dst-port=5357 protocol=tcp
add action=drop chain=input comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=input comment=";;; Drop Dabber.A-B" disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=input comment=";;; Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=input comment=";;; Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=input comment=";;; Drop NetBus" disabled=no dst-port=\
12345 protocol=tcp
add action=drop chain=input comment=";;; Drop Kuang2" disabled=no dst-port=\
17300 protocol=tcp
add action=drop chain=input comment=";;; Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=input comment=";;; Drop PhatBot, Agobot, Gaobot" \
disabled=no dst-port=65506 protocol=tcp
add action=log chain=input comment="Log everything else" disabled=yes \
log-prefix="DROP INPUT"