Code: Select all
/ip firewall filter
10 ;;; New_FW
chain=forward action=accept connection-state=new log=no log-prefix=""
11 ;;; ER_FW
chain=forward action=accept connection-state=invalid,established,related log=no log-prefix=""
12 ;;; Drop NAT
chain=forward action=drop log=no log-prefix="forward_drop"
and
/ip dhcp-client print
Flags: X - disabled, I - invalid
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 EoIP-id2020-LAN100 no no bound
and
/interface eoip
5 R name="EoIP-id1010-iManiac-LAN200" mtu=1500 actual-mtu=1500 l2mtu=65535 mac-address=XX:XX:XX:XX:XX:XX arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m
local-address=0.0.0.0 remote-address=X.X.X.X current-remote-address=X.X.X.X tunnel-id=1010 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
6 R name="EoIP-id2020-iManiac-LAN100" mtu=1500 actual-mtu=1500 l2mtu=65535 mac-address=XX:XX:XX:XX:XX:XX arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m
local-address=0.0.0.0 remote-address=X.X.X.X current-remote-address=X.X.X.X tunnel-id=2020 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
ALL packet drop from EoIP but else in /ip firewall filter forward add invalid packet to its ok!
chain=forward action=accept connection-state=invalid,established,related log=no log-prefix=""