**********Atenção onde estão os IPs "10.30.20.2" deve ser alterado para o IP do seu Controllr**********



/ip firewall filter
	
add chain=forward comment="controllr " dst-port=7835 protocol=tcp
add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips \
    dst-port=!53 protocol=udp src-address-list=block
add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips \
    protocol=tcp src-address-list=block

/ip firewall nat

add action=dst-nat chain=dstnat comment=Acesso_Controllr_Web dst-port=8081 \
    protocol=tcp to-addresses=10.30.20.2 to-ports=8081
add action=dst-nat chain=dstnat comment=Acesso_Controllr_SSH dst-port=2229 \
    protocol=tcp to-addresses=10.30.20.2 to-ports=2229
add action=dst-nat chain=dstnat comment=Acesso_Controllr_Banco_Bkp dst-port=\
    8083 protocol=tcp to-addresses=10.30.20.2 to-ports=8083


/ip firewall nat

add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTP-80 disabled=no dst-address-list=\
    !released_ips dst-port=80 protocol=tcp src-address-list=block to-addresses=10.30.20.2 to-ports=\
    8090
add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTPS-443 disabled=no dst-address-list=\
    !released_ips dst-port=443 protocol=tcp src-address-list=block to-addresses=10.30.20.2 to-ports=\
    8091
add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTP-80 disabled=no dst-address-list=\
    !released_ips dst-port=80 protocol=tcp src-address-list=pendency to-addresses=10.30.20.2 to-ports=\
    8092
add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTPS-443 disabled=no dst-address-list=\
    !released_ips dst-port=443 protocol=tcp src-address-list=pendency to-addresses=10.30.20.2 \
    to-ports=8093

/ip firewall address-list

add address=10.30.20.2 list=released_ips
add address=8.8.4.4 list=released_ips
add address=8.8.8.8 list=released_ips