Já mam tedy ve fw filter tohle
/ip firewall filter
add action=jump chain=forward comment="Standard Processing" jump-target=standard
add action=jump chain=input comment="Standard Processing" in-interface=vlan1001-netjet jump-target=standard
add action=accept chain=forward dst-port=5355 in-interface=bridge protocol=udp
add action=drop chain=forward comment="BLOKUJE SMTP DETEKOVANYM SPAMMERUM" dst-port=25 log=yes log-prefix=SMTP_DROP_SPAMMER_ protocol=tcp src-address-list=SPAMMER
add action=add-src-to-address-list address-list=SPAMMER address-list-timeout=1d chain=forward comment="DETEKUJE SPAMMERY A NA 1D HO BLOKNE" connection-limit=30,32 dst-port=25 limit=50,5 protocol=tcp src-address-list=SPAMMER
#zde je smtp
add action=drop chain=forward comment="povoleni SMTP ven pouze pres zname srv" dst-address=!192.168.0.132 dst-port=25 log=yes log-prefix=smtpdrop_ protocol=tcp src-address=!192.168.0.132
#blokuje rucne pridane adresy
add action=drop chain=input comment="DROP BLACKLIST" in-interface=vlan1001-netjet src-address-list=BLACKLIST
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=none-dynamic chain=input comment="CHECK SYN FLOOD" connection-limit=30,32 in-interface=vlan1001-netjet protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=none-dynamic chain=input comment="CHECK PORT SCANNER" in-interface=vlan1001-netjet protocol=tcp psd=20,3s,3,1
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=none-dynamic chain=input comment="CHECK TELNET" connection-state=new dst-port=23 in-interface=vlan1001-netjet protocol=tcp
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=none-dynamic chain=input comment="CHECK SSH" connection-state=new dst-port=22 in-interface=vlan1001-netjet protocol=tcp
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=none-dynamic chain=input comment="CHECK FTP" connection-state=new dst-port=21 in-interface=vlan1001-netjet protocol=tcp
add action=jump chain=input comment="Jump to VIRUS" in-interface=vlan1001-netjet jump-target=virus log-prefix=virus
add action=drop chain=virus comment="Drop virus - PRC portmapper (UDP)" port=111 protocol=tcp
add action=drop chain=virus comment="Drop virus - PRC portmapper (TCP)" port=111 protocol=udp
add action=drop chain=virus comment="Drop virus - Blaster Worm" log=yes log-prefix=135TCP port=135-139 protocol=tcp
add action=drop chain=virus comment="Drop virus - Messenger Worm" log=yes log-prefix=135UDP port=135-139 protocol=udp
add action=drop chain=virus comment="Drop virus - Blaster Worm (TCP)" log=yes log-prefix=445TCP port=445 protocol=tcp
add action=drop chain=virus comment="Drop virus - Blaster Worm (UDP)" log=yes log-prefix=445UDP port=445 protocol=udp
add action=drop chain=virus comment="Drop virus" port=593 protocol=tcp
add action=drop chain=virus comment="Drop virus" port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop virus - MyDoom" port=1080 protocol=tcp
add action=drop chain=virus comment="Drop virus" port=1214 protocol=tcp
add action=drop chain=virus comment="Drop - NDM requester" port=1363 protocol=tcp
add action=drop chain=virus comment="Drop - screen cast" port=1368 protocol=tcp
add action=drop chain=virus comment="Drop - hromgrafx" port=1373 protocol=tcp
add action=drop chain=virus comment="Drop - cichlid" port=1377 protocol=tcp
add action=drop chain=virus comment="Drop virus - Worm" port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Drop virus - Bagle" port=2745 protocol=tcp
add action=drop chain=virus comment="Drop virus - Dumaru.Y" port=2283 protocol=tcp
add action=drop chain=virus comment="Drop virus - Beagle" port=2535 protocol=tcp
add action=drop chain=virus comment="Drop virus - Beagle.C-K" port=2745 protocol=tcp
add action=drop chain=virus comment="Drop virus - MyDoom" disabled=yes port=3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop - Backdoor OptixPro" port=3410 protocol=tcp
add action=drop chain=virus comment="Drop virus - Worm (TCP)" port=4444 protocol=tcp
add action=drop chain=virus comment="Drop virus - Worm (UDP)" port=4444 protocol=udp
add action=drop chain=virus comment="Drop virus - Sasser" port=5554 protocol=tcp
add action=drop chain=virus comment="Drop virus" port=8181 protocol=tcp
add action=drop chain=virus comment="Drop virus - Beagle.B" port=8866 protocol=tcp
add action=drop chain=virus comment="Drop virus - Dabber.A-B" port=9898 protocol=tcp
add action=drop chain=virus comment="Drop virus - Dumaru.Y" port=10000 protocol=tcp
add action=drop chain=virus comment="Drop virus - MyDoom.B" port=10080 protocol=tcp
add action=drop chain=virus comment="Drop virus - NetBus" port=12345 protocol=tcp
add action=drop chain=virus comment="Drop virus - Kuang2" port=17300 protocol=tcp
add action=drop chain=virus comment="Drop virus - SubSeven" port=27374 protocol=tcp
add action=drop chain=virus comment="Drop - PhatBot, Agobot, Gaobot" port=65506 protocol=tcp
add action=return chain=virus
add action=drop chain=forward comment="DROP NA BLACKLIST" dst-address-list=BLACKLIST
add action=drop chain=forward comment="DROP NA MUJ BLACKLIST" dst-address-list=MUJ_BLACKLIST