Routing -> Filters

dynamic-in

predefined filter chain for all other dynamic routes,

i.e. all dynamic routes except (1) those added by routing protocols and (2) connected routes.

In this category falls routes added by some external program, for example PPP daemon.

不 route Private Network to WAN

[1]

/ip firewall filter

add action=drop chain=forward in-interface=ether1 src-address-list=PrivateNetwork

add action=reject chain=forward out-interface=ether1 dst-address-list=PrivateNetwork

[2]

/ip firewall address-list

add address=10.0.0.0/8 list=PrivateNetwork
add address=192.168.0.0/16 list=PrivateNetwork
add address=172.16.0.0/12 list=PrivateNetwork
add address=169.254.0.0/16 list=PrivateNetwork