kt72ru писал(а): ↑10 фев 2019, 19:12
klaus писал(а): ↑09 фев 2019, 04:25
add action=accept chain=output comment="Allow rtp to Virtual ATS" \
dst-address-list=VirtATSRT dst-port=8192-40960 protocol=udp src-port=""
add action=accept chain=output comment="Acept 5060 to VirtualATS" \
dst-address-list=VirtATSRT dst-port=5060 log=yes port="" protocol=tcp
эти две строки вообще можно удалить, они ни на что не влияют, только проц грузят.
покажите полный /ip firewall filter
/ip firewall filter
add action=accept chain=input comment="Accept input esteblishment & releated" \
connection-state=established,related
add action=accept chain=forward comment=\
"Accept forward esteblishment & releated" connection-state=\
established,related
add action=accept chain=forward comment="Allow DNS for DomainControllers" \
disabled=yes dst-port=53 protocol=tcp src-address-list=DomainControllers
add action=accept chain=forward comment="Allow NTP for Domain Controllers" \
disabled=yes dst-port=123 protocol=udp src-address-list=DomainControllers
add action=accept chain=input comment="Accept input LAN" src-address=\
192.168.0.0/20
add action=accept chain=forward comment="Accept forward LAN" src-address=\
192.168.0.0/20
add action=accept chain=forward comment="Accept pop3" dst-port=110 protocol=\
tcp
add action=accept chain=forward comment="Accept smtp 25,2525" dst-port=\
25,2525 protocol=tcp
add action=accept chain=input comment="Allow PPTP " connection-state="" \
dst-port=1723 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment="Allow GRE ( for PPTP)" protocol=gre
add action=accept chain=forward comment="Accept Imap " dst-port=143 protocol=\
tcp
add action=accept chain=forward comment="Accept smtps 465(safely smtp)" \
dst-port=465 protocol=tcp
add action=accept chain=forward comment="Accept Imaps" dst-port=993 protocol=\
tcp
add action=accept chain=forward comment="Accept pop3s " dst-port=995 \
protocol=tcp
add action=accept chain=forward comment="Accept RDP" dst-port=3389 protocol=\
tcp
add action=accept chain=forward comment="Accept Radmin" dst-port=4899 \
protocol=tcp
add action=accept chain=forward comment=\
"Accept forward to IP LDK 300 ( \C2 \C8\EC\EF\E5\F0\E8\E8)" dst-port=\
5002,5103 protocol=tcp
add action=accept chain=forward comment="Accept forward Napoleon" dst-port=\
8888 protocol=tcp
add action=accept chain=forward comment="Accept forward Napoleon FTP" \
connection-type=ftp dst-port=56000-56999 protocol=tcp
add action=accept chain=output comment="Allow rtp to Virtual ATS" \
dst-address-list=VirtATSRT dst-port=8192-40960 protocol=udp src-port=""
add action=accept chain=output comment="Acept 5060 to VirtualATS" \
dst-address-list=VirtATSRT dst-port=5060 log=yes port="" protocol=tcp
add action=accept chain=forward comment="Accept output" dst-address=8.8.4.4 \
protocol=icmp
# RostelecomPPOE not ready
add action=drop chain=output comment="Drop ping from RTC to 8.8.4.4" \
dst-address=8.8.4.4 out-interface=RostelecomPPOE protocol=icmp
add action=drop chain=input comment="Drop 5060 from Wan" disabled=yes \
dst-port=5060 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop invalid input" connection-state=\