SHOW:
|
|
- or go back to the newest paste.
| 1 | - | /ip firewall filter |
| 1 | + | описание что это тут https://t.me/mikrotik_rus/80 |
| 2 | ||
| 3 | /ip firewall filter | |
| 4 | add action=jump chain=forward comment="Goto check TLS-hello" \ | |
| 5 | connection-bytes=0-3000 dst-port=443 in-interface=eth2 jump-target=\ | |
| 6 | tls-filter protocol=tcp | |
| 7 | add action=accept chain=forward comment=\ | |
| 8 | "Defconf: accept estableshed, related" connection-state=\ | |
| 9 | established,related | |
| 10 | add action=drop chain=forward comment="Defconf: drop invalid packets" \ | |
| 11 | connection-state=invalid | |
| 12 | add action=drop chain=forward comment=\ | |
| 13 | "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ | |
| 14 | connection-state=new in-interface=eth1 | |
| 15 | add action=reject chain=tls-filter comment=vk.com protocol=tcp reject-with=\ | |
| 16 | tcp-reset tls-host=vk.com | |
| 17 | add action=reject chain=tls-filter protocol=tcp reject-with=tcp-reset \ | |
| 18 | tls-host=*.vk.com | |
| 19 | add action=reject chain=tls-filter comment=mikrotik.com protocol=tcp \ | |
| 20 | reject-with=tcp-reset tls-host=mikrotik.com | |
| 21 | add action=reject chain=tls-filter protocol=tcp reject-with=tcp-reset \ | |
| 22 | tls-host=*.mikrotik.com |
