Postado originalmente por
sergio
Isto abaixo deve dar uma luz:
/ip firewall filter
add action=drop chain=forward comment="Bloqueia conexoes invalidas" \
connection-state=invalid disabled=no
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=1-52 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=54-79 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=81-442 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=444-1862 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=1864-3127 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=3129-3388 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=30,32 disabled=no dst-port=3390-5899 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=5901-8079 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=drop chain=forward comment="Limite de Conexoes Simultaneas" \
connection-limit=20,32 disabled=no dst-port=8081-65535 protocol=tcp \
src-address-list=!sem-limite-conn tcp-flags=syn
add action=accept chain=forward comment="Permite conexoes estabelecidas" \
connection-state=established disabled=no
add action=accept chain=forward comment="Permite conexoes relatadas" \
connection-state=related disabled=no