Tak nastavení pro firewall mám nastaveno:
add action=accept chain=forward comment="default configuration" in-interface=ether1-gateway \
protocol=icmp
add action=accept chain=forward comment="Accept established,related" connection-state=\
established,related in-interface=ether1-gateway
add action=accept chain=input comment="Accept established,related" connection-state=\
established,related in-interface=ether1-gateway
add action=accept chain=input comment=Winbox dst-port=8291 in-interface=ether1-gateway \
protocol=tcp
add action=fasttrack-connection chain=forward comment=" fasttrack" connection-state=\
established,related
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid in-interface=\
ether1-gateway
add action=drop chain=input comment="Drop Invalid" connection-state=invalid in-interface=\
ether1-gateway
add action=drop chain=input comment="drop all from WAN" in-interface=ether1-gateway
add action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=\
!dstnat connection-state=new in-interface=ether1-gateway
add action=drop chain=input comment="Block TCP port 53" dst-port=53 \
in-interface=ether1-gateway protocol=tcp
add action=drop chain=input comment="Block TCP port 22" dst-port=22 \
in-interface=ether1-gateway protocol=tcp
add action=drop chain=input comment="Block UDP port 22" dst-port=22 \
in-interface=ether1-gateway protocol=udp
add action=drop chain=input comment="Block UDP port 23" dst-port=23 \
in-interface=ether1-gateway protocol=udp
add action=drop chain=input comment="Block TCP port 23" dst-port=23 \
in-interface=ether1-gateway protocol=tcp
add action=drop chain=input comment="Block UDP port 53" dst-port=53 \
in-interface=ether1-gateway protocol=udp