/ip firewall src-nat add action=masquerade out-interface=WAN
/ip firewall nat add chain=dstnat protocol=udp dst-port=5060 action=dst-nat to-addresses=192.168.88.100 to-ports=5060
/ip firewall nat add chain=dstnat protocol=udp dst-port=10000-20000 action=dst-nat to-addresses=192.168.88.100 to-ports=10000-20000
/ip firewall address-list add list=blacklist address=188.161.208.1-188.161.211.254
/ip firewall filter add chain=input src-address-list=blacklist action=drop
/system script add \
name=resolvehostnames policy=write,read \
source="# define variables\r\
\n:local list\r\
\n:local comment\r\
\n:local newip\r\
\n\r\
\n# Loop through each entry in the address list.\r\
\n:foreach i in=[/ip firewall address-list find] do={\r\
\n\r\
\n# Get the first five characters of the list name\r\
\n :set list [:pick [/ip firewall address-list get \$i list] 0 5]\r\
\n\r\
\n# If they're 'host_', then we've got a match - process it\r\
\n :if (\$list = \"host_\") do={\r\
\n\r\
\n# Get the comment for this address list item (this is the host name to u\
se)\r\
\n :set comment [/ip firewall address-list get \$i comment]\r\
\n\r\
\n# Resolve it and set the address list entry accordingly.\r\
\n :set newip [:resolve \$comment]\r\
\n /ip firewall address-list set \$i address=\$newip\r\
\n }\r\
\n }"
/system scheduler add \
comment="" disabled=no interval=1h name=updatehostnames on-event=resolvehostnames \
start-date=jan/01/1970 start-time=00:00:00
/ip firewall address-list add address=0.0.0.0 comment=mouselike.org list=host_allowedlist
/ip firewall address-list add address=192.168.88.100 comment=IP01 list=allowed_staticiplist
/ip firewall filter add chain=forward action=jump jump-target=allowedsip protocol=udp dst-port=5060
/ip firewall filter add chain=allowedsip action=accept protocol=udp src-address-list=host_allowedlist dst-port=5060
/ip firewall filter add chain=allowedsip action=accept protocol=udp src-address-list=allowed_staticiplist dst-port=5060
/ip firewall filter add chain=allowedsip action=drop
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=voip_in passthrough=no dst-address=192.168.88.100 in-interface=WAN
add chain=postrouting action=mark-packet new-packet-mark=voip_out passthrough=no src-address=192.168.88.100 out-interface=WAN
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=others_in passthrough=no in-interface=WAN
add chain=postrouting action=mark-packet new-packet-mark=others_out passthrough=no out-interface=WAN
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
10000000 max-limit=11000000 name=DSL_IN packet-mark="" parent=global-in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500000 \
max-limit=600000 name=DSL_OUT packet-mark="" parent=global-out priority=1 \
queue=default
/queue tree
add name=voip_in packet-mark=voip_in parent=DSL_IN priority=3
add name=voip_out packet-mark=voip_out parent=DSL_OUT priority=3
add name=remaining_in packet-mark=others_in parent=DSL_IN priority=6
add name=remaining_out packet-mark=others_out parent=DSL_OUT priority=6
歡迎光臨 電訊茶室 (http://www.telecom-cafe.com/forum/) | Powered by Discuz! 7.2 |