/ ip firewall mangle
add chain=output protocol=tcp src-port=2010 content="X-Cache: HIT" action=mark-connection new-connection-mark=conn_squid-up passthrough=yes comment="CACHE FULL" disabled=no
add chain=output connection-mark=conn_squid-up action=mark-packet new-packet-mark=pacotes_squid-up passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=2010 action=mark-connection new-connection-mark=conn_squid-down passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=conn_squid-down action=mark-packet new-packet-mark=pacotes_squid-down passthrough=yes comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=link action=masquerade comment="" disabled=no
add chain=dstnat in-interface=ether2 protocol=tcp dst-port=80 action=redirect to-ports=2010 comment="" disabled=yes
add chain=srcnat src-address=192.168.10.0/24 action=masquerade comment="masquerade hotspot network" disabled=no
add chain=pre-hotspot in-interface=ether2 src-address=192.168.10.1 protocol=tcp dst-port=80 hotspot=auth action=redirect to-ports=2010 comment="" disabled=no
add chain=dstnat in-interface=ether2 src-address=192.168.10.0/24 protocol=tcp dst-port=80 action=redirect to-ports=2010 comment="REDIRECIONAR PROXY" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s \
tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=input protocol=tcp dst-port=2010 action=accept comment="ACEITAR CONEXOES PROXY" disabled=no
add chain=input in-interface=link protocol=tcp dst-port=2010 action=drop comment="BLOQUEIO DO PROXY EXTERNO" disabled=no
add chain=forward src-address=192.168.10.2-192.168.10.254 dst-address=192.168.10.2-192.168.10.254 action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes