Welcome Guest, Not a member yet? Create Account  




Адаптировать правила с Микротика

#1

Подскажите пожалуйста, можно ли на vyatte сделать так же, как и на микроте? Честно второй день читаю про firewall на vyatte  и до сих пор не понял принцип работты...... :(

/ip firewall filter
add action=jump chain=forward jump-target=crb_forward
add chain=crb_forward comment=cabinet_accept_dst dst-address=118.x.x.x
add chain=crb_forward comment=cabinet_accept_src src-address=118.x.x.x
add chain=crb_forward comment=redirect_dns_accept port=53 protocol=udp
add action=drop chain=crb_forward comment=drop_no_auth dst-address-list=!crb_auth_list src-address-list=!crb_auth_list
add chain=crb_forward comment=trust_blocked_accept_dst dst-address-list=crb_trust_blocked_list
add chain=crb_forward comment=trust_blocked_accept_src src-address-list=crb_trust_blocked_list
add action=drop chain=crb_forward comment=blocked_drop_dst dst-address-list=crb_blocked_list
add action=drop chain=crb_forward comment=blocked_drop_src src-address-list=crb_blocked_list
add chain=crb_forward comment=trust_negbal_accept_dst dst-address-list=crb_trust_negbal_list
add chain=crb_forward comment=trust_negbal_accept_src src-address-list=crb_trust_negbal_list
add action=drop chain=crb_forward comment=negbal_drop_dst dst-address-list=crb_negbal_list
add action=drop chain=crb_forward comment=negbal_drop_src src-address-list=crb_negbal_list
add chain=crb_forward comment=default_accept

/ip firewall nat
add action=jump chain=srcnat jump-target=crb_snat
add action=jump chain=dstnat jump-target=crb_dnat
add chain=crb_dnat comment=dnat_cabinet_accept_dst dst-address=118.x.x.x
add chain=crb_dnat comment=dnat_cabinet_accept_src src-address=118.x.x.x
add action=dst-nat chain=crb_dnat comment=noauth_redirect dst-address-list=!crb_auth_list dst-port=80 protocol=tcp src-address-list=!crb_auth_list to-addresses=118.x.x.x to-ports=440
add action=return chain=crb_dnat comment=trust_bloked_return dst-address-list=crb_trust_blocked_list dst-port=80 protocol=tcp
add action=dst-nat chain=crb_dnat comment=blocked_redirect dst-port=80 protocol=tcp src-address-list=crb_blocked_list to-addresses=118.x.x.x to-ports=444
add action=dst-nat chain=crb_dnat comment=negbal_redirect dst-address-list=!crb_trust_negbal_list dst-port=80 protocol=tcp src-address-list=crb_negbal_list to-addresses=118.x.x.x to-ports=442
add action=masquerade chain=crb_snat comment=snat_abonents_masquerade dst-address-list=!crb_local_net out-interface=ether1-gateway src-address-list=crb_local_net
Reply

#2
(This post was last modified: 06/10/2017, 17:04 by syncer.)

Наверняка можно
поищу кого-то кто знает микротик и подскажу
============
Open source routing platform for everyone!
Donate to VyOS project!

Looking for professional services?
Get them here!
Reply





Users browsing this thread:
1 Guest(s)