показывает же ,что не работает

Но соединения остались

Там состояние идл. Вы давно его отключили?

Фаервол лучше показуй

да здесь вообще ничего не трогал

Дропай все эти соединения

он поевляються с каждым разом

Фаервол показуй

как

что конкретно

Filter

/ip firewall  filter  pr

Всем привет, кто нибудь поднимал vpls cisco -> mikrotik ?

0  D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth

1  D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth

2  D chain=input action=jump jump-target=hs-input hotspot=from-client

3  D chain=input action=drop protocol=tcp hotspot=!from-client
     dst-port=64872-64875

4  D chain=hs-input action=jump jump-target=pre-hs-input

5  D chain=hs-input action=accept protocol=udp dst-port=64872

6  D chain=hs-input action=accept protocol=tcp dst-port=64872-64875

7  D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth

8  D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp

9  D chain=hs-unauth action=reject reject-with=icmp-net-prohibited

10  D chain=hs-unauth-to action=reject reject-with=icmp-host-prohibited

11 X  ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough

12    ;;; drop ssh brute forcers
     chain=input action=drop protocol=tcp src-address-list=ssh_blacklist
     dst-port=221 log=no log-prefix=""

13    chain=input action=add-src-to-address-list connection-state=new
     protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist
     address-list-timeout=1w3d dst-port=221 log=no log-prefix=""

14    chain=input action=add-src-to-address-list connection-state=new
     protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3
     address-list-timeout=1m dst-port=221 log=no log-prefix=""

15    chain=input action=add-src-to-address-list connection-state=new
     protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2
     address-list-timeout=1m dst-port=221 log=no log-prefix=""

16    chain=input action=add-src-to-address-list connection-state=new
     protocol=tcp address-list=ssh_stage1 address-list-timeout=1h1m
     dst-port=221 log=no log-prefix=""

17 X  ;;; torrent /announce...
     chain=forward action=drop protocol=tcp src-address=!192.168.88.83
     in-interface=bridge-lan dst-port=2710,80 content=info_hash= log=no
     log-prefix=""

18 X  ;;; torrent-DHT-Out-Magnet d1:ad2:id20:
     chain=forward action=drop protocol=udp src-address=!192.168.88.83
     in-interface=bridge-lan dst-port=1025-65535 content=d1:ad2:id20:
     packet-size=95-190 log=no log-prefix=""

19    chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=80
     log=no log-prefix=""

20    chain=input action=accept protocol=tcp dst-address=94.255.83.207
     dst-port=8080 log=no log-prefix=""

21    ;;; VPN guard
     chain=input action=drop protocol=udp src-address-list=!home dst-port=1701
     log=yes log-prefix="PVN drop----"

22    ;;; VPN guard 500p
     chain=input action=drop protocol=udp src-address-list=!home dst-port=500
     log=yes log-prefix="PVN 500----"

23    ;;; Dostup Admina k seti
     chain=forward action=accept src-address=192.168.20.22
     dst-address=192.168.0.0/24 log=no log-prefix="YA-"

24    ;;; Dostup Admina k seti
     chain=forward action=accept src-address=192.168.88.33
     dst-address=192.168.0.0/24 log=no log-prefix="YA-"

25    ;;; Dostup Admina k seti lenovo
     chain=forward action=accept src-address=192.168.88.60
     dst-address=192.168.0.0/24 log=yes log-prefix="YA-"

26    ;;; Dostup vova k seti
     chain=forward action=accept src-address=192.168.88.83
     dst-address=192.168.0.0/24 log=no log-prefix=""

27    ;;; Dostup vova k seti
     chain=forward action=accept src-address=192.168.88.163
     dst-address=192.168.0.0/24 log=no log-prefix=""

28    ;;; Dostup vova k seti
     chain=forward action=accept src-address=192.168.88.75
     dst-address=192.168.0.0/24 log=no log-prefix=""

29    ;;; Dostup vova k seti
     chain=forward action=accept src-address=192.168.20.83
     dst-address=192.168.0.0/24 log=no log-prefix=""

30    ;;; Dostup Admina k seti lenovo
     chain=forward action=accept src-address=192.168.20.42
     dst-address=192.168.0.0/24 log=yes log-prefix="YA-"

31    ;;; Block Hotspot-Lan
     chain=forward action=drop src-address=192.168.20.0/24
     dst-address=192.168.0.0/24 log=yes log-prefix="LEZUT-"

32    ;;; Block Hotspot-Lan
     chain=forward action=drop src-address=10.24.93.0/24
     dst-address=192.168.0.0/24 log=yes log-prefix="LEZUT-"

33    ;;; Block Hotspot-Lan 0.88
     chain=forward action=drop src-address=192.168.88.0/24
     dst-address=192.168.0.0/24 src-address-list=!INPUT-IP log=yes
     log-prefix="LEZUT 0.88-"

34    ;;; BLOCKasCAN TO ADRESS
     chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1
     address-list=BlockScan address-list-timeout=none-dynamic log=no
     log-prefix="BLOCKSCAN-----"

35    chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=53
     log=yes log-prefix="scan-"

36    chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=25
     log=yes log-prefix="scan-25"

37    chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=80
     log=yes log-prefix="scan-25"

38    chain=input action=drop src-address-list=BlockScan log=no
     log-prefix="dropScan-----"

39 X  ;;; anti-floood    block   out 80 port (253.268.245:80   --- 94.255.56.32:>
9)
     chain=input action=drop protocol=tcp in-interface=pppoe-out1 src-port=80
     log=no log-prefix="80"

40    ;;; anti-floood    block   out 25 port (253.268.245:25   --- 94.255.56.32:>
9)
     chain=input action=drop protocol=tcp in-interface=pppoe-out1 src-port=25
     log=no log-prefix=""

41    chain=input

42    chain=input

43    chain=input

44    chain=input

45    chain=forward action=add-src-to-address-list dst-address=216.218.185.162
     address-list=Trojanes_pc_src address-list-timeout=none-static
     in-interface=bridge-lan out-interface=pppoe-out1 log=no log-prefix=""

Язабан

Dostup Admina k seti

чот проорал

log-prefix="LEZUT-"