firewall – SmartISP

1️⃣ REGLAS BASE – FILTER (INPUT)

/ip firewall filter add action=accept chain=input comment="Permitir Access Winbox" dst-port=8291 protocol=tcp add action=accept chain=input comment="1 Deja entrar SOLO lo que ya existe" connection-state=established,related add action=drop chain=input comment="2 Cierra servicios peligrosos" dst-port=21,22,23,8292,8080,3128 protocol=tcp add action=drop chain=input dst-port=53 in-interface=WAN protocol=udp add action=drop chain=input comment="3 Block all"

2️⃣ REGLAS BASE – FORWARD (CLIENTES)

/ip firewall filter # 1. FastTrack (CRÍTICO) add chain=forward action=fasttrack-connection connection-state=established,related hw-offload=yes comment="FORWARD - FastTrack"


# 2. Aceptar conexiones establecidas

add chain=forward connection-state=established,related action=accept comment="FORWARD - Established"

# 3. Drop invalid add chain=forward connection-state=invalid action=drop comment="FORWARD - Drop invalid"