1;;; BLOCK SPAMMERS OR INFECTED USERS
/ ip firewall filter
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop
2;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-addresslist=!
spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d
/ip firewall nat chain=srcnat out-interface=”your interface which provides internet” srcaddress=”
network 1? action=masquerade
you need to add chains for each subnet you have ,for the head office subnet you need
to add this
/ip firewall nat chain=srcnat out-interface=”your interface which provides internet”
action=masquerade
/ ip firewall mangle
add chain=prerouting dst-address=202.168.47.17 protocol=udp dst-port=5060-5080 \
action=mark-connection new-connection-mark=voip-con passthrough=yes \
comment=”” disabled=no
add chain=prerouting dst-address=202.168.47.17 protocol=udp \
dst-port=19000-20000 action=mark-connection new-connection-mark=voip-con \
passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=voip-con action=mark-packet \
new-packet-mark=voip passthrough=no comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=22-23 action=mark-connection \
new-connection-mark=sshtelnet-con passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=sshtelnet-con action=mark-packet \
new-packet-mark=sshtelnet passthrough=no comment=”” disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=p2p-con passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=p2p-con action=mark-packet \
new-packet-mark=p2p passthrough=no comment=”” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=everything-con \
passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=everything-con action=mark-packet \
new-packet-mark=everything passthrough=yes comment=”” disabled=no