抗三波病毒
/ ip firewall filter
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"
禁止PING路由
/ ip firewall filter
add chain=output protocol=icmp action=drop comment="No Ping"
禁止P2P下载
/ ip firewall filter
add chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15 action=drop
禁止比特精灵下载
/ ip firewall filter
add chain=forward protocol=tcp dst-port=16881 action=drop comment="NoBitSpirit"
批量绑定ARP
:foreach szwm in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$szwm]
端口映射
ip firewall nat add chain=dstnat dst-address=(外网IP) protocol=tcp dst-port=外端口 to-addresses=(内网IP) to-ports=内端口 action=dst-nat
封域名
/ ip firewall filter
add chain=forward content=域名action=reject comment="备注"
双线切换
/ system script
add name="dxup" source="/ip route set \[/ip route find comment=tel\] \
gateway=电信网关;
/ip route set \[/ip route find comment=tel\] \
disable=no;" policy=ftp,reboot,read,write,policy,test,winbox,password
add name="cncup" source="/ip routeenable\[/ip route find \
gateway=网通网关\]" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="dxdown" source="/ip route set \[/ip route find comment=tel\] \
gateway=网通网关" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="cncdown" source="/ip route disable \[/ip route find \
gateway=网通网关\]" \
policy=ftp,reboot,read,write,policy,test,winbox,password2100433B