/ip firewall filter
add action=drop chain=forward comment=PPTP dst-port=1723 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=\
1194 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=\
1194 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=443 \
protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" disabled=yes \
dst-port=443 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=\
1290 protocol=tcp
add action=drop chain=forward comment="IPSec ESP" protocol=ipsec-esp
add action=drop chain=forward comment="IPSec AH" protocol=ipsec-ah
add action=drop chain=forward comment=L2TP dst-port=1701 protocol=udp
add action=drop chain=forward comment="IKE Connection" dst-port=500 protocol=\
udp
add action=drop chain=forward comment="NAT Traversal" dst-port=4500 protocol=\
udp
add action=drop chain=forward comment="Proxy Traffic" protocol=ipencap
add action=drop chain=forward comment="Tunneling Protocol and Traffic" \
protocol=gre
add action=drop chain=forward comment=PPTP dst-port=1723 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=\
1194 protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=\
1194 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN UDP port" dst-port=443 \
protocol=udp
add action=drop chain=forward comment="Default OpenVPN TCP port" disabled=yes \
dst-port=443 protocol=tcp
add action=drop chain=forward comment="Default OpenVPN TCP port" dst-port=\
1290 protocol=tcp
add action=drop chain=forward comment="IPSec ESP" protocol=ipsec-esp
add action=drop chain=forward comment="IPSec AH" protocol=ipsec-ah
add action=drop chain=forward comment=L2TP dst-port=1701 protocol=udp
add action=drop chain=forward comment="IKE Connection" dst-port=500 protocol=\
udp
add action=drop chain=forward comment="NAT Traversal" dst-port=4500 protocol=\
udp
add action=drop chain=forward comment="Proxy Traffic" protocol=ipencap
add action=drop chain=forward comment="Tunneling Protocol and Traffic" \
protocol=gre
2. Mikrotik Block Hotspot Shield And Other VPN Ports
/ip firewall address-list
add address=157.56.106.0/24 list=Addr-List-HotspotShield
add address=157.56.144.0/24 list=Addr-List-HotspotShield
add address=198.144.116.0/24 list=Addr-List-HotspotShield
add address=204.14.77.0/24 list=Addr-List-HotspotShield
add address=204.14.0.0/16 list=Addr-List-HotspotShield
add address=205.164.34.0/24 list=Addr-List-HotspotShield
add address=209.73.0.0/16 list=Addr-List-HotspotShield
add address=212.118.232.0/24 list=Addr-List-HotspotShield
add address=216.172.138.0/24 list=Addr-List-HotspotShield
add address=216.172.0.0/16 list=Addr-List-HotspotShield
add address=46.0.0.0/8 list=Addr-List-HotspotShield
add address=66.171.229.0/24 list=Addr-List-HotspotShield
add address=68.68.107.0/24 list=Addr-List-HotspotShield
add address=68.68.108.0/24 list=Addr-List-HotspotShield
add address=69.22.168.0/24 list=Addr-List-HotspotShield
add address=69.22.170.0/24 list=Addr-List-HotspotShield
add address=74.115.0.0/16 list=Addr-List-HotspotShield
add address=94.245.121.0/24 list=Addr-List-HotspotShield
add address=69.22.185.0/24 list=Addr-List-HotspotShield
add address=174.129.0.0/16 list=Addr-List-HotspotShield
add address=216.172.135.0/24 list=Addr-List-HotspotShield
add address=67.220.0.0/16 list=Addr-List-HotspotShield
add address=50.0.0.0/8 list=Addr-List-HotspotShield
add address=79.125.0.0/16 list=Addr-List-HotspotShield
add address=75.101.0.0/16 list=Addr-List-HotspotShield
add address=176.56.0.0/16 list=Addr-List-HotspotShield
add address=54.75.0.0/16 list=Addr-List-HotspotShield
add address=54.161.0.0/16 list=Addr-List-HotspotShield
add address=199.188.0.0/16 list=Addr-List-HotspotShield
add address=64.55.144.0/24 list=Addr-List-HotspotShield
add address=54.192.201.0/24 list=Addr-List-HotspotShield
add address=173.245.64.0/24 list=Addr-List-HotspotShield
add address=209.107.208.0/24 list=Addr-List-HotspotShield
add address=66.160.196.0/24 list=Addr-List-HotspotShield
add address=216.151.191.0/24 list=Addr-List-HotspotShield
add address=85.237.211.0/24 list=Addr-List-HotspotShield
add address=206.223.118.0/24 list=Addr-List-HotspotShield
add address=72.52.92.0/24 list=Addr-List-HotspotShield
add address=64.71.150.0/24 list=Addr-List-HotspotShield
add address=72.13.93.0/24 list=Addr-List-HotspotShield
add address=68.68.109.0/24 list=Addr-List-HotspotShield
add address=69.31.103.0/24 list=Addr-List-HotspotShield
/ip firewall filter
add action=drop chain=forward comment="Block Hotspot Shield by Addresses " \
disabled=yes src-address-list=Addr-List-HotspotShield
add action=drop chain=forward comment="Block Hotspot Shield by Ports " \
disabled=yes dst-port=\
5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
protocol=tcp
add action=drop chain=forward comment="Block Hotspot Shield by Ports " \
disabled=yes dst-port=\
5345,3398,990,179,3451,105,706,995,800,5245,3451,15009,5050,1194,8245 \
protocol=udp
add action=drop chain=forward comment=\
"Block Other VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=\
1701,1723,47,4500,500 protocol=udp
add action=drop chain=forward comment=\
"Block Other VPN Ports (PPTP,L2TP,IPSec) " disabled=yes dst-port=\
1701,1723,47,4500,500 protocol=tcp
Ref: http://www.itlearnweb.com/2016/05/block-hotspot-shield-and-other-vpn-ports.html?m=1
Phalla.CCMT
Phalla.CCMT
EmoticonEmoticon