/ ip firewall mangle
add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
action=mark-connection new-connection-mark=squid-connection-HIT \
passthrough=yes comment="\"Cache-squid\" disabled=no" disabled=no
add chain=input connection-mark=squid-connection-HIT action=mark-packet \
new-packet-mark=squid-packet-HIT passthrough=yes comment="\"\" \
disabled=no" disabled=no
add chain=prerouting in-interface=1.Lan src-address=192.168.1.0/24 \
action=mark-packet new-packet-mark=test-up passthrough=no comment="\"UP \
\n" disabled=no
add chain=forward src-address=192.168.1.0/24 action=mark-connection \
new-connection-mark=test-conn passthrough=yes comment="\"CONN-MARK\" \
disabled=no" disabled=no
add chain=forward in-interface=1.Lan connection-mark=test-conn \
action=mark-packet new-packet-mark=test-down passthrough=yes \
\n" disabled=no isabled=no \\
add chain=output out-interface=1.Lan dst-address=192.168.1.0/24 \
action=mark-packet new-packet-mark=test-down passthrough=no \
comment="\"DOWN-VIA PROXY\" \\ disabled=no" \
disabled=no
/ ip firewall nat
add chain=srcnat action=masquerade comment="" disabled=no
add chain=dstnat in-interface=1.Lan protocol=tcp dst-port=80 action=redirect \
to-ports=3128 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=forward action=accept comment="" disabled=no
add chain=input in-interface=2.Speedy protocol=tcp dst-port=80 action=drop \
comment="" disabled=no
add chain=input in-interface=2.Speedy protocol=tcp dst-port=3128 action=drop \
comment="\"bloqueio do proxy externo\"" disabled=no
add chain=input in-interface=2.Speedy protocol=tcp dst-port=3128 action=drop \
\n" disabled=no OQUEIO DO PROXY EXTERNO
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=yes
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
[admin@Explos o] ip firewall>