zulonas · February 7, 2022 12:52
diff --git a/mikrotik IPv6 Firewall b/mikrotik IPv6 Firewall
 /ipv6 firewall filter
 add chain=input action=accept comment="Allow established connections" connection-state=established
 add chain=input action=accept comment="Allow related connections" connection-state=related
 add chain=input action=accept comment="Allow ICMP" protocol=icmpv6
 add chain=input action=reject comment="Reject invalid packets" connection-state=invalid
 add chain=input action=accept comment="Allow lo" in-interface=lo
 add chain=input action=accept comment="Allow local network" in-interface=LAN
 add action=add-src-to-address-list address-list=trying_to_login address-list-timeout=1d chain=input dst-port=22 protocol=tcp comment="list IP's who try remote login"
 add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
 add chain=input action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
 add chain=input action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
 add chain=forward action=accept comment="Allow established connections" connection-state=established
 add chain=forward action=accept comment="Allow related connections" connection-state=related
 add chain=forward action=accept comment="Allow ICMP" protocol=icmpv6
 add chain=forward action=reject comment="Reject invalid packets" connection-state=invalid
 add chain=forward action=accept comment="Allow any to internet" out-interface=sit1
 add chain=forward action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
 add chain=forward action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
	/ipv6 firewall filter
	add chain=input action=accept comment="Allow established connections" connection-state=established
	add chain=input action=accept comment="Allow related connections" connection-state=related
	add chain=input action=accept comment="Allow ICMP" protocol=icmpv6
	add chain=input action=reject comment="Reject invalid packets" connection-state=invalid
	add chain=input action=accept comment="Allow lo" in-interface=lo
	add chain=input action=accept comment="Allow local network" in-interface=LAN
	add action=add-src-to-address-list address-list=trying_to_login address-list-timeout=1d chain=input dst-port=22 protocol=tcp comment="list IP's who try remote login"
	add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
	add chain=input action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
	add chain=input action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited
	add chain=forward action=accept comment="Allow established connections" connection-state=established
	add chain=forward action=accept comment="Allow related connections" connection-state=related
	add chain=forward action=accept comment="Allow ICMP" protocol=icmpv6
	add chain=forward action=reject comment="Reject invalid packets" connection-state=invalid
	add chain=forward action=accept comment="Allow any to internet" out-interface=sit1
	add chain=forward action=reject comment="Reject TCP connections by default" protocol=tcp reject-with=tcp-reset
	add chain=forward action=reject comment="Reject other protocols by default" reject-with=icmp-admin-prohibited