From 9dfaca399ff8d74c4270c6094dabbeb422b49267 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Sun, 26 Jun 2022 19:09:59 +0100 Subject: [PATCH] comments --- includes/routeros-v7-aggregation-router/firewall.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/routeros-v7-aggregation-router/firewall.j2 b/includes/routeros-v7-aggregation-router/firewall.j2 index 8ed7774..e31e187 100644 --- a/includes/routeros-v7-aggregation-router/firewall.j2 +++ b/includes/routeros-v7-aggregation-router/firewall.j2 @@ -81,12 +81,12 @@ add action=drop chain=input comment="protect router's control plane" {%- endfor %} /ip firewall nat -add action=return chain=srcnat src-address-list=public-addresses -add action=return chain=srcnat dst-address-list=no-cgnat-to +add action=return chain=srcnat src-address-list=public-addresses comment="do not CGNAT" +add action=return chain=srcnat dst-address-list=no-cgnat-to comment="do not CGNAT" {%- for nat_source_ip in nat_source_ips|sort %} -add action=src-nat chain=srcnat out-interface-list=uplink per-connection-classifier=src-address:{{ nat_source_ips|length }}/{{ loop.index0 }} src-address-list=customer-private to-addresses={{ nat_source_ip }} comment="CGNAT" +add action=src-nat chain=srcnat out-interface-list=uplink per-connection-classifier=src-address:{{ nat_source_ips|length }}/{{ loop.index0 }} src-address-list=customer-private to-addresses={{ nat_source_ip }} comment="perform CGNAT" {%- endfor %} -add chain=dstnat comment="redirect NTP to local NTP server for provisioning" dst-port=123 protocol=udp src-address-list=provisioning to-addresses=127.0.0.1 +add chain=dstnat comment="redirect NTP to local NTP server for provisioning" dst-port=123 protocol=udp src-address-list=provisioning to-addresses=127.0.0.1 comment="redirect NTP to localhost for TLS to work in provisioning" /ipv6 firewall filter add action=accept chain=forward comment="forward existing connections" connection-state=established,related