بسم الله الرحمن الرحيم
نضع بين أيديكم الحماية المدفوعه والشاملة... لشبكات الواي فاي Mikrotik Firewall 2025 الهوتسبوت واليوزر مانجر.
مقدمة من الأخ المهندس / سلمان دهمش
/ip firewall address-list
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
/ip firewall raw
add action=jump jump-target=salmanfirewall chain=prerouting in-interface=all-vlan
add action=jump jump-target=salmanfirewall chain=prerouting in-interface=bridge1
add action=drop chain=salmanfirewall dst-address-type=!local dst-port=71-64999,22,23,123,25,69,21,0,2,48,50,46 hotspot=!auth protocol=udp src-address-list=not_in_internet
add action=drop chain=salmanfirewall dst-address-type=!local dst-port=81-64999,22,23,123,25,69,21,0,2,48,50,46 hotspot=!auth protocol=tcp src-address-list=not_in_internet
add action=drop chain=salmanfirewall dst-address-type=!local hotspot=!auth protocol=icmp src-address-list=not_in_internet
add action=drop chain=salmanfirewall hotspot=!auth protocol=igmp src-address-list=not_in_internet
add action=drop chain=salmanfirewall dst-address-type=!local dst-port=12345,5554,1433-1434,777,0,2,48,50,605 hotspot=from-client protocol=tcp src-address-list=not_in_internet
add action=drop chain=salmanfirewall dst-port=1200-1201,1207,146 hotspot=from-client protocol=udp src-address-list=not_in_internet
add action=drop chain=salmanfirewall port=161,162 protocol=udp
add action=drop chain=salmanfirewall port=161,162,5678 protocol=udp
add action=drop chain=salmanfirewall port=161,162,5678,853,7 protocol=tcp
add action=drop chain=salmanfirewall dst-address-list=not_in_internet protocol=tcp psd=21,3s,3,1 src-address-list=not_in_internet
add action=drop chain=salmanfirewall dst-address-list=not_in_internet protocol=udp psd=21,3s,3,1 src-address-list=not_in_internet