Boa tarde Pessoal, alguem consegue me ensinar como fazer drop input de tudo que entra pela internet com uma conexao vpn em cima de uma conexao ppp, toda vez que mando dar drop input no interface list wan o vpn cai e so fica funcionando o ppp
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-mark=ipsec connection-state=established,related
add action=add-src-to-address-list address-list="Drop - Input - Wan" \
address-list-timeout=1d chain=input comment="Drop - Input - VPN" \
in-interface=Wan
add action=drop chain=input in-interface=Wan
add action=fasttrack-connection chain=forward comment="FastTrack - Rede Predio" \
connection-mark=!ipsec connection-state=established,related
add action=drop chain=forward comment="drop VPN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface=VPN
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=add-src-to-address-list address-list="Drop - Input - VPN" \
address-list-timeout=none-dynamic chain=input comment="Drop - Input - PPP" \
in-interface=all-ppp
add action=drop chain=input in-interface=VPN
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Rota para VPN" in-interface=\
VPN-bridge new-routing-mark=Vpn passthrough=yes
add action=mark-connection chain=prerouting comment="Mark Conection VPN" \
in-interface=VPN new-connection-mark=ipsec passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=VPN src-address=10.0.0.0/24
add action=masquerade chain=srcnat out-interface=Predio src-address=10.1.1.0/24