1 BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop
2 Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d
/ip firewall nat chain=srcnat out-interface=”your interface which provides internet” src-address=”network 1? action=masquerade
you need to add chains for each subnet you have ,for the head office subnet you need to add this
/ip firewall nat chain=srcnat out-interface=”your interface which provides internet” action=masquerade
/ ip firewall mangle
add chain=prerouting dst-address=192.168.0.1 protocol=udp dst-port=5060-5080
action=mark-connection new-connection-mark=voip-con passthrough=yes
comment=”” disabled=no
add chain=prerouting dst-address=192.168.0.1 protocol=udp
dst-port=19000-20000 action=mark-connection new-connection-mark=voip-con
passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=voip-con action=mark-packet
new-packet-mark=voip passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=22-23 action=mark-connection
new-connection-mark=sshtelnet-con passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=sshtelnet-con action=mark-packet
new-packet-mark=sshtelnet passthrough=no comment=”” disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=p2p-con passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=p2p-con action=mark-packet
new-packet-mark=p2p passthrough=no comment=”” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=everything-con
passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=everything-con action=mark-packet
new-packet-mark=everything passthrough=yes comment=”” disabled=no
DemarthaWhy? "Why can, Why can't, Why not" 