Код: Выделить всё
add action=drop chain=input comment=invalid connection-state=invalid
add action=accept chain=input
connection-state=established,related
add action=accept chain=input dst-port=8291 in-interface=pppoe-out1 protocol=\
tcp src-port=""
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=\
500,4500,1701 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input in-interface=!bridge1
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward connection-state=\
established,related
add action=accept chain=forward disabled=yes in-interface=bridge1 \
out-interface=pppoe-out1
add action=drop chain=forward in-interface=pppoe-out1 out-interface=bridge1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1