How to Setup Mikrotik Firewall Filter ?

" Ekonetcomp is Home of Mikrotik Config "

"This is ...Mikrotik Firewall  FIlter Configuration. in Command line Instruction format"

# Mikrotik RouterOS Firewall Filter - ekonetcomp.blogspot.com

/ip firewall address-list
add list="bogons_ip" address=0.0.0.0/8
add list="bogons_ip" address=10.0.0.0/8
add list="bogons_ip" address=100.64.0.0/10
add list="bogons_ip" address=127.0.0.0/8
add list="bogons_ip" address=169.254.0.0/16
add list="bogons_ip" address=172.16.0.0/12
add list="bogons_ip" address=192.0.0.0/24
add list="bogons_ip" address=192.0.2.0/24
add list="bogons_ip" address=192.168.0.0/16
add list="bogons_ip" address=198.18.0.0/15
add list="bogons_ip" address=198.51.100.0/24
add list="bogons_ip" address=203.0.113.0/24
add list="bogons_ip" address=224.0.0.0/3
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Marking Bypass Connections" new-connection-mark=restrict_icmp_in_conn passthrough=no protocol=icmp src-address-list=intranet_network disabled=yes
add action=mark-connection chain=forward new-connection-mark=admin_fwd_conn passthrough=no src-address-list=admin disabled=yes
add action=mark-connection chain=input new-connection-mark=admin_in_conn passthrough=no src-address-list=admin disabled=yes
add action=mark-connection chain=forward dst-port=8291 new-connection-mark=winbox_fwd_conn passthrough=no protocol=tcp disabled=yes
add action=mark-connection chain=forward dst-port=8728 new-connection-mark=api_fwd_conn passthrough=no protocol=tcp disabled=yes
add action=mark-connection chain=input dst-port=8291 new-connection-mark=winbox_in_conn passthrough=no protocol=tcp disabled=yes
add action=mark-connection chain=input comment="#" dst-port=8728 new-connection-mark=api_in_conn passthrough=no protocol=tcp disabled=yes
add action=mark-packet chain=prerouting comment="Nat-Travelsal Detector" dst-address-list=private_network in-interface=ether5_public log=yes log-prefix="NAT TRAVERSAL DETECTED" new-packet-mark=nat_traversal passthrough=no disabled=yes
add action=jump chain=forward comment="Virus,Spammer, Mallware Detector" jump-target=virus disabled=yes
add action=mark-connection chain=virus log=yes log-prefix="VIRUS DETECTED" new-connection-mark=virus passthrough=no port=25,1900,2200,5000,6002,14000 protocol=tcp disabled=yes
add action=mark-connection chain=virus log=yes log-prefix="VIRUS DETECTED" new-connection-mark=virus passthrough=no port=25,1900,2200,5000,6002,14000 protocol=udp disabled=yes
add action=jump chain=prerouting comment="#" jump-target=virus disabled=yes  
/ip firewall filter
add action=jump chain=forward comment="Bypass Firewall for Admin Connections" jump-target=admin disabled=yes place-before=0
add action=accept chain=admin connection-mark=restrict_icmp_in_conn log=yes log-prefix="Ping to WAN" disabled=yes place-before=0
add action=jump chain=admin connection-mark=admin_fwd_conn jump-target=bypass_admin disabled=yes place-before=0
add action=jump chain=admin connection-mark=admin_in_conn jump-target=bypass_admin disabled=yes place-before=0
add action=jump chain=admin connection-mark=winbox_fwd_conn jump-target=bypass_admin disabled=yes place-before=0
add action=jump chain=admin connection-mark=api_fwd_conn jump-target=bypass_admin disabled=yes place-before=0 
add action=jump chain=admin connection-mark=winbox_in_conn jump-target=bypass_admin disabled=yes place-before=0
add action=jump chain=admin connection-mark=api_in_conn jump-target=bypass_admin disabled=yes place-before=0 
add action=jump chain=input jump-target=admin disabled=yes place-before=0 
add action=accept chain=bypass_admin comment="#" disabled=yes place-before=0 
add action=jump chain=forward comment="Virus Protector" jump-target=virus_protector disabled=yes
add action=jump chain=virus_protector jump-target=drop_virus log=no log-prefix="DROP Nat-Travelsal" packet-mark=nat_traversal disabled=yes
add action=jump chain=virus_protector connection-mark=virus jump-target=drop_virus log=yes log-prefix="DROP VIRUS" disabled=yes
add action=jump chain=input jump-target=virus_protector disabled=yes
add action=drop chain=drop_virus comment="#" disabled=yes
add chain=input action=jump jump-target=router_protect comment="Router Protector" disabled=yes
add chain=router_protect action=accept connection-state=established,related log=no log-prefix="AIn Establ-Rel" disabled=yes
add chain=router_protect action=accept in-interface=!ether5_public log=no log-prefix="AIn-LAN" disabled=yes
add chain=router_protect action=drop connection-state=invalid log=no log-prefix="DIn INVALID" disabled=yes
add action=drop chain=router_protect connection-nat-state=!dstnat connection-state=new in-interface=ether5_public log=no log-prefix="DIn-WAN New-UnNat" disabled=yes 
add chain=router_protect action=drop dst-address-type=!local log=no log-prefix="DIn Dst UnRouteIp" disabled=yes
add chain=router_protect action=drop src-address-type=!unicast log=no log-prefix="DIn UnUnicast" disabled=yes
add chain=router_protect action=drop in-interface=ether5_public src-address-list=bogons_ip log=no log-prefix="DIn-WAN Bogons" comment=disabled=yes
add chain=input action=jump jump-target=users_protect comment="Users Protector" disabled=yes
add chain=users_protect action=accept connection-state=established,related log=no log-prefix="AFwd Establ-Rel" disabled=yes
add action=drop chain=users_protect connection-state=invalid log=no log-prefix="DFwd Invalid" disabled=yes
add action=drop chain=users_protect connection-nat-state=!dstnat connection-state=new in-interface=ether5_public log=no log-prefix="DFwd-WAN New-UnNat" disabled=yes
add action=drop chain=users_protect in-interface=ether5_public src-address-list=bogons_ip log=no log-prefix="DFwd-WAN Bogons" disabled=yes
add action=drop chain=users_protect dst-address-list=bogons_ip in-interface=!ether5_public log=no log-prefix="DFwd-LAN Bogons" disabled=yes
add action=drop chain=users_protect comment="#" in-interface=!ether5_public src-address-list=!private_network log=no log-prefix="DFwd-LAN UnPrivIP" disabled=yes

# Mikrotik RouterOS Firewall Filter - ekonetcomp.blogspot.com

" Ekonetcomp is Home of Mikrotik Config "