/ip firewall address-list
add address=187.72.154.0/24 comment=Combat_Arms disabled=no list=Sem_balance
add address=200.147.3.199 comment=Combat_Arms disabled=no list=Sem_balance
add address=200.229.60.0/24 comment=Combat_Arms disabled=no list=Sem_balance
add address=199.59.148.82 comment=Twiterr disabled=no list=Sem_balance
add address=199.16.156.198 comment=Twiterr disabled=no list=Sem_balance
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=accept chain=prerouting comment="Fora Balance" disabled=no \
dst-address-list=Sem_balance in-interface=LOCAL
add action=accept chain=prerouting comment=****************************** \
disabled=no dst-address=10.0.0.0/24 src-address=10.0.0.0/24
add action=accept chain=prerouting disabled=no dst-address=186.249.1.0/29 \
src-address=10.0.0.0/24
add action=accept chain=prerouting disabled=no dst-address=192.168.12.0/24 \
src-address=10.0.0.0/24
add action=accept chain=prerouting disabled=no dst-address=192.168.25.0/24 \
src-address=192.168.12.0/24
add action=mark-connection chain=prerouting comment=\
*************************** connection-mark=no-mark disabled=no \
in-interface=ISP1 new-connection-mark=ISP1_CON passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
no in-interface=ISP2 new-connection-mark=ISP2_CON passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=pppoe-out3 new-connection-mark=ISP3_CON passthrough=yes
add action=jump chain=prerouting comment=********************* \
connection-mark=no-mark disabled=no in-interface=LOCAL jump-target=\
POLICE_ROUTER
add action=mark-routing chain=prerouting comment=******************** \
connection-mark=ISP1_CON disabled=no new-routing-mark=ISP1_TRAFIC \
passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=ISP2_CON disabled=no \
new-routing-mark=ISP2_TRAFIC passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=ISP3_CON disabled=\
yes new-routing-mark=ISP3_TRAFIC passthrough=yes src-address=\
192.168.12.0/24
add action=mark-routing chain=output comment=********************** \
connection-mark=ISP1_CON disabled=no new-routing-mark=ISP1_TRAFIC \
passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_CON disabled=no \
new-routing-mark=ISP2_TRAFIC passthrough=yes
add action=mark-routing chain=output connection-mark=ISP3_CON disabled=yes \
new-routing-mark=ISP3_TRAFIC passthrough=yes
add action=mark-connection chain=POLICE_ROUTER comment=\
************************** disabled=no dst-address-type=!local \
new-connection-mark=ISP2_CON passthrough=yes per-connection-classifier=\
both-addresses:5/0
add action=mark-connection chain=POLICE_ROUTER disabled=no dst-address-type=\
!local new-connection-mark=ISP1_CON passthrough=yes \
per-connection-classifier=both-addresses:5/1
add action=mark-connection chain=POLICE_ROUTER disabled=no dst-address-type=\
!local new-connection-mark=ISP2_CON passthrough=yes \
per-connection-classifier=both-addresses:5/2
add action=mark-connection chain=POLICE_ROUTER disabled=no dst-address-type=\
!local new-connection-mark=ISP2_CON passthrough=yes \
per-connection-classifier=both-addresses:5/3
add action=mark-connection chain=POLICE_ROUTER disabled=no dst-address-type=\
!local new-connection-mark=ISP2_CON passthrough=yes \
per-connection-classifier=both-addresses:5/4
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ISP1
add action=masquerade chain=srcnat disabled=no out-interface=ISP2
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out3
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061 sip-direct-media=yes
set pptp disabled=yes