Набор стандартных правил фаервола для Mikrotik с включенным VPN PPTP и L2TP
/ip firewall filter
add action=accept chain=input comment=”accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=”drop invalid” connection-state=invalid
add action=accept chain=input comment=”accept ICMP” protocol=icmp
add action=drop chain=input comment=”drop all not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=”accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=”drop invalid” connection-state=invalid
add action=accept chain=forward comment=”accept in ipsec policy” ipsec-policy=in,ipsec
add action=accept chain=forward comment=”accept out ipsec policy” ipsec-policy=out,ipsec
add action=drop chain=forward comment=”drop all from WAN not DSTNATed” connection-nat-state=!dstnat in-interface-list=WAN
add chain=input protocol=udp port=1701,500,4500
add chain=input protocol=ipsec-esp
add chain=input protocol=tcp port=1723
add chain=input protocol=gre