Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; Allow winbox from WAN
chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
2 X ;;; Kill PS
chain=forward action=drop src-mac-address=F8:46:1C:CD:19:AE log=no log-prefix=""
3 X ;;; Kill Ema Phone
chain=forward action=drop src-mac-address=24:00:BA:8B:C8:60 log=no log-prefix=""
4 X ;;; Kill Adam Phone
chain=forward action=drop src-mac-address=0C:2C:54:52:10:0C log=no log-prefix=""
5 X ;;; Kill Markeeta
chain=forward action=drop src-mac-address=54:EF:92:A7:2A:5C log=no log-prefix=""
6 X ;;; Kill Ema Tablet
chain=forward action=drop src-mac-address=74:04:2B:E7:EE:2F log=no log-prefix=""
7 X ;;; Kill Adam Tablet
chain=forward action=drop src-mac-address=6C:F3:73:11:8D:B5 log=no log-prefix=""
8 X ;;; Kill RaspiPokoj
chain=forward action=drop src-mac-address=B8:27:EB:3B:3A:65 log=no log-prefix=""
9 X ;;; Kill Adam NTB
chain=forward action=drop src-mac-address=00:1F:3C:25:02:3B log=no log-prefix=""
10 X ;;; Kill Ema NTB
chain=forward action=drop src-mac-address=00:21:6A:01:F6:C2 log=no log-prefix=""
11 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
12 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
13 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
14 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
15 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
16 ;;; defconf: accept out ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec
17 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
18 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
19 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
20 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""