Настроечки файерволла моего 951Ui-2HnD
/ip firewall filter
add action=jump chain=forward comment="anti-spam policy" connection-mark=smtp jump-target=smtp-first-drop
add action=add-src-to-address-list address-list=approved-smtp address-list-timeout=1d chain=smtp-first-drop src-address-list=first-smtp
add action=return chain=smtp-first-drop src-address-list=approved-smtp
add action=return chain=smtp-first-drop src-address-list=approved-smtp
add action=add-src-to-address-list address-list=first-smtp address-list-timeout=1d chain=smtp-first-drop
add action=reject chain=smtp-first-drop
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid
add chain=input comment="Allow Established connections" connection-state=established
add chain=input comment="Allow UDP" protocol=udp
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input comment="Allow access from local network" src-address=192.168.1.0/24
add action=drop chain=input comment="Drop reject all other"
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid protocol=tcp
add chain=forward comment="Allow already established connections" connection-state=established
add chain=forward comment="Allow related connections" connection-state=related
add chain=forward src-address=192.168.1.0/24
add action=drop chain=forward src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=forward comment="Drop all"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes