Firewall mikrotik

/ip firewall mangle
add chain=prerouting protocol=udp dst-port=445 action=mark-connection new-connection-mark=conn-conficker comment=”445-UDP” disabled=no passthrough=yes
add chain=prerouting protocol=tcp  dst-port=445 action=mark-connection new-connection-mark=conn-conficker comment=”445-TCP” disabled=no passthrough=yes
add chain=prerouting protocol=tcp  dst-port= 135,137,138,139 action=mark-connection new-connection-mark=conn-conficker comment=”135,137,138,139-TCP” disabled=no passthrough=yes
add chain=prerouting protocol=udp  dst-port=135,137,138,139 action=mark-connection new-connection-mark=conn-conficker comment=”135,137,138,139-UDP” disabled=no passthrough=yes
add chain=prerouting connection-mark=conn-conficker action=mark-packet new-packet-mark=conficker-pkt passthrough=no comment=”conficker-pkt” disabled=no



ip firewall filter add chain=forward packet-mark=conficker-pkt action=drop comment=”dropconficker” disabled=no


ip firewall mangle add src-address=202.147.201.20/30 action=mark-connection new-connection-mark=mark-ipbata chain=prerouting
ip firewall mangle add connection-mark=mark-ipbata action=mark-packet new-packet-mark=ipbata chain=prerouting
queue tree add name=ipbata-downlink parent=ether2-master-local limit-at=512000 packet-mark=ipbata max-limit=1024000
queue tree add name=ipbata-uplink parent=ether1-gateway limit-at=128000 packet-mark=ipbata max-limit=256000

ip firewall mangle add src-address=202.147.201.16/30 action=mark-connection new-connection-mark=mark-ipholistic chain=prerouting
ip firewall mangle add connection-mark=mark-ipholistic action=mark-packet new-packet-mark=ipholistic chain=prerouting
queue tree add name=ipholistic-downlink parent=ether2-master-local limit-at=512000 packet-mark=ipholistic max-limit=1024000
queue tree add name=ipholistic-uplink parent=ether1-gateway limit-at=128000 packet-mark=ipholistic max-limit=256000

/ip firewall filter
add chain=input protocol=icmp action=jump jump-target=icmp
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment="Limited Ping Flood" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp action=drop comment="" disabled=no

/ip firewall filter
add chain=input protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="Flood protect" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no

/ip firewall filter
add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="Flood protect" disabled=no
add chain=input protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no