1. Looks great, I would also consider changing the default port on wireguard to something else, 15496 etc.....
2. you can get rid of this default setting which is often hard to find ( DNS static settings ).
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
3. I tend to put all USER rules after the default ones, so suggesting move wireguard input chain rule after the local loopback rule.
4. Just to clarify, you are running your own SSH server on the LAN? If so for what purpose... (back up to wireguard ??)
5. This port forwarding rule I do not understand and is unusual. not sure its a security risk but its certainly not standard????
add action=dst-nat chain=dstnat comment="Torrent Access" dst-address=0.0.0.0 \
dst-port=53804 in-interface=ether1 protocol=tcp to-addresses=\
192.168.88.220 to-ports=53804
I would remove the dst-address bit ASAP.
6. Set mac-server only to NONE.
/tool mac-server
set allowed-interface-list=LAN
2. you can get rid of this default setting which is often hard to find ( DNS static settings ).
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
3. I tend to put all USER rules after the default ones, so suggesting move wireguard input chain rule after the local loopback rule.
4. Just to clarify, you are running your own SSH server on the LAN? If so for what purpose... (back up to wireguard ??)
5. This port forwarding rule I do not understand and is unusual. not sure its a security risk but its certainly not standard????
add action=dst-nat chain=dstnat comment="Torrent Access" dst-address=0.0.0.0 \
dst-port=53804 in-interface=ether1 protocol=tcp to-addresses=\
192.168.88.220 to-ports=53804
I would remove the dst-address bit ASAP.
6. Set mac-server only to NONE.
/tool mac-server
set allowed-interface-list=LAN
Statistics: Posted by anav — Sat Jan 20, 2024 6:46 pm