Page
/ip firewall filter
add action=accept chain=forward connection-state=established,related comment="Allow established/related input"
# Autoriser ICMP
add action=accept chain=input dst-address=192.168.96.0/24 protocol=icmp comment="Allow ICMP"
add action=accept chain=input dst-address=192.168.97.0/24 protocol=icmp
# Autoriser Winbox
add action=accept chain=input dst-address=192.168.96.0/24 protocol=tcp dst-port=8291 comment="Allow Winbox"
add action=accept chain=input dst-address=192.168.97.0/24 protocol=tcp dst-port=8291
# Forward ICMP
add action=accept chain=forward dst-address=192.168.96.0/24 protocol=icmp comment="Allow ICMP forward"
add action=accept chain=forward dst-address=192.168.97.0/24 protocol=icmp
# Forward Winbox
add action=accept chain=forward dst-address=192.168.96.0/24 protocol=tcp dst-port=8291 comment="Allow Winbox forward"
add action=accept chain=forward dst-address=192.168.97.0/24 protocol=tcp dst-port=8291
# Forward RDP
add action=accept chain=forward dst-address=192.168.96.0/24 protocol=tcp dst-port=3389 comment="Allow RDP forward"
add action=accept chain=forward dst-address=192.168.97.0/24 protocol=tcp dst-port=3389
# Bloquer SMB vers PC01 et PC02
add action=drop chain=forward dst-address=192.168.96.0/24 protocol=tcp dst-port=445 comment="Block SMB TCP"
add action=drop chain=forward dst-address=192.168.97.0/24 protocol=tcp dst-port=445
add action=drop chain=forward dst-address=192.168.96.0/24 protocol=udp dst-port=445 comment="Block SMB UDP"
add action=drop chain=forward dst-address=192.168.97.0/24 protocol=udp dst-port=445
# DROP TOUT LE RESTE EN FORWARD
add chain=forward action=drop comment="Drop all other traffic"
add chain=input action=dropLast updated