简单过滤NAT,二级及绕过过滤!
/ ip firewall mangleadd chain=forward out-interface=ADSL protocol=tcp tcp-flags=syn \
action=change-mss new-mss=1420 comment="Change Pack MSS" disabled=yes (修改MSS)
add chain=forward in-interface=LAN out-interface=WAN action=change-ttl \
new-ttl=increment:1 comment="ALL Increment TTL" disabled=no (修正NAT TTL减少)
add chain=forward in-interface=LAN out-interface=WAN \
src-address=192.168.8.X action=change-ttl new-ttl=increment:1 \
comment="X Increment TTL" disabled=no (修正NAT TTL减少,X为特定一台)
add chain=forward in-interface=WAN out-interface=LAN \
dst-address=192.168.8.X action=passthrough comment="X NAT \
passthrough" disabled=no (许可特定机器NAT)
add chain=forward in-interface=WAN out-interface=LAN action=change-ttl \
new-ttl=set:1 comment="ALL change ttl" disabled=no
页:
[1]