# podstawowa konfiguracja proxy
/ip proxy
set enabled=yes cache-administrator=admin@domena.pl port=3128
# lub
set enabled=yes cache-administrator="Administrator <admin@domena.pl>" port=3128
# blokada stron internetowych
/ip proxy access
add action=deny disabled=no dst-host=www.blokada.domena.pl src-address=192.168.10.0/24
add action=deny disabled=no dst-host=blokada.domena.pl src-address=192.168.10.0/24
# blokada windows update
/ip proxy access
add disabled=no action=deny comment="BLOKADA - windows update" dst-host=:windowsupdate.com \
src-address=192.168.10.0/24
add disabled=no action=deny comment="BLOKADA - windows update" dst-host=:update.microsoft.com \
src-address=192.168.10.0/24
add disabled=no action=deny comment="BLOKADA - windows update" dst-host=:download.microsoft.com \
src-address=192.168.10.0/24
# przekierowanie ruchu wewnętrznego portu 80 na wewnętrzne proxy [tcp]
/ip firewall nat
add disabled=no comment="web-proxy" action=redirect chain=dstnat dst-port=80 \
in-interface=bridge_LAN protocol=tcp to-ports=3128
# blokada proxy od strony internetu [tcp] i [udp]
/ip firewall filter
add action=drop chain=input comment="blokada PROXY od NETa [tcp]" disabled=no dst-port=3128 \
in-interface=bridge_WAN protocol=tcp src-address=0.0.0.0/0
add action=drop chain=input comment="blokada PROXY od NETa [udp]" disabled=no dst-port=3128 \
in-interface=bridge_WAN protocol=udp src-address=0.0.0.0/0