API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2015
945
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.83 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall layer7-protocol
  2. add name=NoZond regexp="^.+(vortex.data.microsoft.com|vortex-win.data.microsoft.com|telecommand.telemetry.m\
  3. icrosoft.com|telecommand.telemetry.microsoft.com.nsatc.net|oca.telemetry.microsoft.com|oca.telemetry.mi\
  4. crosoft.com.nsatc.net|sqm.telemetry.microsoft.com|sqm.telemetry.microsoft.com.nsatc.net|watson.telemetr\
  5. y.microsoft.com|watson.telemetry.microsoft.com.nsatc.net|redir.metaservices.microsoft.com|choice.micros\
  6. oft.com|choice.microsoft.com.nsatc.net|df.telemetry.microsoft.com|reports.wes.df.telemetry.microsoft.co\
  7. m|wes.df.telemetry.microsoft.com|services.wes.df.telemetry.microsoft.com|sqm.df.telemetry.microsoft.com\
  8. |telemetry.microsoft.com|watson.ppe.telemetry.microsoft.com|telemetry.appex.bing.net|telemetry.urs.micr\
  9. osoft.com|telemetry.appex.bing.net|settings-sandbox.data.microsoft.com|vortex-sandbox.data.microsoft.co\
  10. m|survey.watson.microsoft.com|watson.live.com|watson.microsoft.com|statsfe2.ws.microsoft.com|corpext.ms\
  11. itadfs.glbdns2.microsoft.com|compatexchange.cloudapp.net|cs1.wpc.v0cdn.net|a-0001.a-msedge.net|statsfe2\
  12. .update.microsoft.com.akadns.net|diagnostics.support.microsoft.com|corp.sts.microsoft.com|statsfe1.ws.m\
  13. icrosoft.com|pre.footprintpredict.com|i1.services.social.microsoft.com|i1.services.social.microsoft.com\
  14. .nsatc.net|feedback.windows.com|feedback.microsoft-hohm.com|feedback.search.microsoft.com|rad.msn.com|p\
  15. review.msn.com|ad.doubleclick.net|ads.msn.com|ads1.msads.net|ads1.msn.com|a.ads1.msn.com|a.ads2.msn.com\
  16. |adnexus.net|adnxs.com|az361816.vo.msecnd.net|az512334.vo.msecnd.net).*\$"
  17. /ip firewall address-list
  18. add address=62.117.66.160/29 list=goverment
  19. add address=82.112.188.0/24 list=goverment
  20. add address=217.106.225.128/27 list=goverment
  21. add address=46.61.232.10 list=goverment
  22. add address=81.176.70.0/26 list=goverment
  23. add address=81.176.235.0/27 list=goverment
  24. add address=217.107.209.0/24 list=goverment
  25. add address=85.142.52.0/24 list=goverment
  26. add address=91.224.182.0/23 list=goverment
  27. add address=91.227.32.0/24 list=goverment
  28. add address=92.39.133.160/28 list=goverment
  29. add address=95.173.144.0/20 list=goverment
  30. add address=94.199.64.0/21 list=goverment
  31. add address=95.173.128.0/19 list=goverment
  32. add address=109.207.0.0/20 list=goverment
  33. add address=5.143.224.0/21 list=goverment
  34. add address=95.167.189.0/25 list=goverment
  35. add address=178.237.240.0/20 list=goverment
  36. add address=194.165.22.0/23 list=goverment
  37. add address=194.226.80.0/20 list=goverment
  38. add address=194.226.116.0/22 list=goverment
  39. add address=194.226.127.0/24 list=goverment
  40. add address=77.41.159.0/24 list=goverment
  41. add address=194.85.30.0/24 list=goverment
  42. add address=195.149.110.0/24 list=goverment
  43. add address=178.237.206.0/24 list=goverment
  44. add address=91.190.236.0/22 list=goverment
  45. add address=212.42.32.0/19 list=goverment
  46. add address=213.24.76.0/23 list=goverment
  47. add address=193.27.214.0/23 list=goverment
  48. add address=193.47.146.0/24 list=goverment
  49. add address=194.150.202.0/23 list=goverment
  50. add address=194.190.89.0/24 list=goverment
  51. add address=91.236.22.0/23 list=goverment
  52. add address=194.226.22.0/23 list=goverment
  53. add address=212.23.85.128/25 list=goverment
  54. add address=212.23.73.4/30 list=goverment
  55. add address=213.171.40.80/29 list=goverment
  56. add address=195.58.0.212/30 list=goverment
  57. add address=195.58.30.64/26 list=goverment
  58. add address=95.167.76.160/27 list=goverment
  59. add address=213.243.88.0/24 list=goverment
  60. add address=212.69.117.192/27 list=goverment
  61. add address=195.230.86.64/26 list=goverment
  62. add address=91.198.38.0/24 list=goverment
  63. add address=217.107.45.0/29 list=goverment
  64. add address=217.106.203.72/29 list=goverment
  65. add address=217.107.5.64/29 list=goverment
  66. add address=217.107.5.0/29 list=goverment
  67. add address=195.239.251.48/29 list=goverment
  68. add address=217.106.150.80/29 list=goverment
  69. add address=82.198.176.144/29 list=goverment
  70. add address=82.198.176.16/29 list=goverment
  71. add address=217.106.203.240/29 list=goverment
  72. add address=212.11.130.0/23 list=goverment
  73. add address=212.11.128.0/23 list=goverment
  74. add address=87.245.157.240/29 list=goverment
  75. add address=94.79.48.0/25 list=goverment
  76. add address=77.108.103.144/29 list=goverment
  77. add address=62.33.63.144/28 list=goverment
  78. add address=217.107.5.24/29 list=goverment
  79. add address=217.23.88.248/29 list=goverment
  80. add address=87.226.239.180/30 list=goverment
  81. add address=87.226.156.64/26 list=goverment
  82. add address=93.153.144.60/30 list=goverment
  83. add address=91.239.228.0/23 list=goverment
  84. add address=217.148.216.156/30 list=goverment
  85. add address=213.59.91.128/27 list=goverment
  86. add address=213.59.91.176/28 list=goverment
  87. add address=213.24.160.0/28 list=goverment
  88. add address=95.167.157.156/30 list=goverment
  89. add address=90.150.176.52/30 list=goverment
  90. add address=77.35.98.240/28 list=goverment
  91. add address=82.162.103.144/28 list=goverment
  92. add address=78.108.192.0/21 list=goverment
  93. add address=94.79.34.128/29 list=goverment
  94. add address=94.79.34.192/29 list=goverment
  95. add address=95.167.68.216/29 list=goverment
  96. add address=95.167.72.48/30 list=goverment
  97. add address=213.177.111.0/24 list=goverment
  98. add address=82.208.81.0/24 list=goverment
  99. add address=94.79.34.208/29 list=goverment
  100. add address=94.79.34.200/29 list=goverment
  101. add address=94.79.34.184/29 list=goverment
  102. add address=94.79.34.240/29 list=goverment
  103. add address=94.79.35.248/29 list=goverment
  104. add address=194.226.97.0/24 list=goverment
  105. add address=95.167.59.244/30 list=goverment
  106. add address=95.167.59.248/30 list=goverment
  107. add address=92.50.198.72/30 list=goverment
  108. add address=193.164.232.128/27 list=goverment
  109. add address=194.85.152.24/30 list=goverment
  110. add address=213.59.91.48/29 list=goverment
  111. add address=213.59.122.88/29 list=goverment
  112. add address=91.226.250.0/24 list=goverment
  113. add address=213.59.59.128/29 list=goverment
  114. add address=213.59.59.16/29 list=goverment
  115. add address=94.25.90.240/29 list=goverment
  116. add address=92.241.99.224/28 list=goverment
  117. add address=88.151.200.0/21 list=goverment
  118. add address=80.73.16.0/20 list=goverment
  119. add address=217.106.147.0/29 list=goverment
  120. add address=195.85.234.0/23 list=goverment
  121. add address=195.85.236.0/24 list=goverment
  122. add address=195.225.232.0/22 list=goverment
  123. add address=77.72.137.96/27 list=goverment
  124. add address=212.45.5.160/29 list=goverment
  125. add address=92.39.106.168/30 list=goverment
  126. add address=213.234.15.248/30 list=goverment
  127. add address=46.29.152.0/21 list=goverment
  128. add address=194.8.70.0/23 list=goverment
  129. add address=217.107.5.8/29 list=goverment
  130. add address=62.117.121.248/29 list=goverment
  131. add address=81.195.118.48/30 list=goverment
  132. add address=212.100.159.120/29 list=goverment
  133. add address=213.189.199.128/28 list=goverment
  134. add address=217.106.150.88/29 list=goverment
  135. add address=217.106.150.72/29 list=goverment
  136. add address=217.106.203.32/29 list=goverment
  137. add address=217.106.93.192/26 list=goverment
  138. add address=217.106.95.112/28 list=goverment
  139. add address=195.34.233.32/29 list=goverment
  140. add address=83.219.23.48/29 list=goverment
  141. add address=83.219.5.248/29 list=goverment
  142. add address=83.219.25.0/29 list=goverment
  143. add address=90.150.176.188/30 list=goverment
  144. add address=90.150.176.64/30 list=goverment
  145. add address=195.66.72.0/24 list=goverment
  146. add address=194.8.246.0/23 list=goverment
  147. add address=95.167.162.236/30 list=goverment
  148. add address=195.98.73.56/29 list=goverment
  149. add address=217.106.115.168/29 list=goverment
  150. add address=95.167.116.188/30 list=goverment
  151. add address=188.128.98.204/30 list=goverment
  152. add address=94.25.70.64/30 list=goverment
  153. add address=217.20.86.232/29 list=goverment
  154. add address=217.20.86.240/28 list=goverment
  155. add address=213.59.59.144/29 list=goverment
  156. add address=217.107.5.40/29 list=goverment
  157. add address=194.190.9.0/24 list=goverment
  158. add address=195.42.75.8/29 list=goverment
  159. add address=46.20.70.160/28 list=goverment
  160. add address=89.28.253.168/29 list=goverment
  161. add address=213.59.122.72/29 list=goverment
  162. add address=217.107.5.16/29 list=goverment
  163. add address=82.179.86.32/27 list=goverment
  164. add address=195.80.224.0/24 list=goverment
  165. add address=81.1.236.192/27 list=goverment
  166. add address=81.1.237.176/29 list=goverment
  167. add address=82.138.54.72/29 list=goverment
  168. add address=37.28.161.48/30 list=goverment
  169. add address=195.208.85.192/26 list=goverment
  170. add address=212.120.184.56/29 list=goverment
  171. add address=212.120.190.240/29 list=goverment
  172. add address=212.120.191.248/29 list=goverment
  173. add address=212.120.191.120/29 list=goverment
  174. add address=83.219.6.72/29 list=goverment
  175. add address=83.219.25.112/29 list=goverment
  176. add address=90.150.189.216/29 list=goverment
  177. add address=212.120.189.224/29 list=goverment
  178. add address=90.150.189.168/29 list=goverment
  179. add address=90.150.189.224/29 list=goverment
  180. add address=90.150.189.208/29 list=goverment
  181. add address=90.150.189.160/29 list=goverment
  182. add address=90.150.189.184/29 list=goverment
  183. add address=90.150.189.248/29 list=goverment
  184. add address=90.150.189.200/29 list=goverment
  185. add address=90.150.189.144/29 list=goverment
  186. add address=90.150.189.192/29 list=goverment
  187. add address=90.150.189.128/29 list=goverment
  188. add address=90.150.189.152/29 list=goverment
  189. add address=90.150.189.136/29 list=goverment
  190. add address=90.150.189.176/29 list=goverment
  191. add address=90.150.189.232/29 list=goverment
  192. add address=87.117.21.32/29 list=goverment
  193. add address=87.117.21.8/29 list=goverment
  194. add address=87.117.21.16/29 list=goverment
  195. add address=87.117.21.80/29 list=goverment
  196. add address=87.117.21.0/29 list=goverment
  197. add address=87.117.21.48/29 list=goverment
  198. add address=87.117.21.56/29 list=goverment
  199. add address=87.117.21.72/29 list=goverment
  200. add address=87.117.21.40/29 list=goverment
  201. add address=87.117.21.24/29 list=goverment
  202. add address=87.117.21.64/29 list=goverment
  203. add address=87.117.23.128/28 list=goverment
  204. add address=87.117.20.128/28 list=goverment
  205. add address=87.117.20.64/27 list=goverment
  206. add address=87.117.20.96/27 list=goverment
  207. add address=87.117.46.232/29 list=goverment
  208. add address=87.117.18.144/29 list=goverment
  209. add address=93.178.104.68/30 list=goverment
  210. add address=95.167.4.168/29 list=goverment
  211. add address=85.236.29.160/27 list=goverment
  212. add address=84.53.210.144/28 list=goverment
  213. add address=93.178.104.64/30 list=goverment
  214. add address=213.234.8.8/30 list=goverment
  215. add address=89.175.8.68/30 list=goverment
  216. add address=77.82.124.112/29 list=goverment
  217. add address=89.109.7.176/29 list=goverment
  218. add address=213.234.11.4/30 list=goverment
  219. add address=217.149.182.120/30 list=goverment
  220. add address=188.247.40.60/30 list=goverment
  221. add address=188.247.36.160/29 list=goverment
  222. add address=92.39.107.60/30 list=goverment
  223. add address=82.162.157.64/28 list=goverment
  224. add address=86.102.100.48/28 list=goverment
  225. add address=86.102.72.240/28 list=goverment
  226. add address=77.35.76.80/28 list=goverment
  227. add address=82.162.126.96/28 list=goverment
  228. add address=82.162.80.192/28 list=goverment
  229. add address=81.2.1.0/28 list=goverment
  230. add address=82.162.72.208/28 list=goverment
  231. add address=85.114.93.88/29 list=goverment
  232. add address=178.209.115.248/29 list=goverment
  233. add address=87.245.163.0/25 list=goverment
  234. add address=212.119.175.0/24 list=goverment
  235. add address=46.47.211.0/24 list=goverment
  236. add address=195.230.66.0/24 list=goverment
  237. add address=80.247.32.0/20 list=goverment
  238. add address=193.105.14.0/24 list=goverment
  239. add address=195.230.68.0/24 list=goverment
  240. add address=195.3.240.0/22 list=goverment
  241. add address=195.93.246.0/23 list=goverment
  242. add address=109.73.4.224/27 list=goverment
  243. add address=89.108.112.0/20 list=goverment
  244. add address=91.219.192.0/22 list=goverment
  245. add address=195.128.157.0/24 list=goverment
  246. add address=213.232.192.0/18 list=goverment
  247. add address=89.111.176.0/20 list=goverment
  248. add address=109.73.0.0/22 list=goverment
  249. add address=194.85.88.0/23 list=goverment
  250. add address=0.0.0.0/8 list=BOGON
  251. add address=10.0.0.0/8 list=BOGON
  252. add address=100.64.0.0/10 list=BOGON
  253. add address=127.0.0.0/8 list=BOGON
  254. add address=169.254.0.0/16 list=BOGON
  255. add address=172.16.0.0/12 list=BOGON
  256. add address=192.0.0.0/24 list=BOGON
  257. add address=192.0.2.0/24 list=BOGON
  258. add address=192.168.0.0/16 list=BOGON
  259. add address=198.18.0.0/15 list=BOGON
  260. add address=198.51.100.0/24 list=BOGON
  261. add address=203.0.113.0/24 list=BOGON
  262. add address=224.0.0.0/4 list=BOGON
  263. add address=240.0.0.0/4 list=BOGON
  264. /ip firewall filter
  265. add action=fasttrack-connection chain=forward comment="default configuration" connection-state=\
  266. established,related
  267. add action=reject chain=forward comment=NoZond layer7-protocol=NoZond protocol=tcp reject-with=tcp-reset
  268. add action=drop chain=forward comment=NoZond layer7-protocol=NoZond protocol=udp
  269. add chain=input comment="accept established connections" connection-state=established
  270. add chain=forward comment="accept established connections" connection-state=established
  271. add chain=input comment="accept related connections" connection-state=related
  272. add chain=forward comment="accept related connections" connection-state=related
  273. add chain=forward comment="accept from local to internet" in-interface=!ether1-gateway out-interface=\
  274. ether1-gateway
  275. add chain=input comment="access to mikrotik only from our local network" in-interface=!ether1-gateway \
  276. src-address=192.168.1.0/24
  277. add chain=forward comment=PPTP disabled=yes out-interface=all-ppp
  278. add chain=output comment=PPTP disabled=yes out-interface=all-ppp
  279. add chain=forward comment=PPTP disabled=yes in-interface=all-ppp
  280. add chain=input comment=PPTP disabled=yes in-interface=all-ppp
  281. add action=drop chain=input comment="drop invalid connections" connection-state=invalid
  282. add action=drop chain=forward comment="drop invalid connections" connection-state=invalid
  283. add action=drop chain=input comment=goverment in-interface=ether1-gateway src-address-list=goverment
  284. add action=drop chain=output comment=goverment dst-address-list=goverment
  285. add action=drop chain=input comment=BOGON in-interface=ether1-gateway src-address-list=BOGON
  286. add chain=input comment="allow ping" disabled=yes protocol=icmp
  287. add chain=forward comment="allow ping" protocol=icmp
  288. add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=\
  289. ssh_blacklist
  290. add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input \
  291. comment="drop ssh brute forcers" connection-state=new dst-port=22 protocol=tcp src-address-list=\
  292. ssh_stage3
  293. add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment=\
  294. "drop ssh brute forcers" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
  295. add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment=\
  296. "drop ssh brute forcers" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
  297. add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment=\
  298. "drop ssh brute forcers" connection-state=new dst-port=22 protocol=tcp
  299. add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=\
  300. black_list
  301. add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment=\
  302. "drop ftp brute forcers" connection-state=new dst-port=21 protocol=tcp src-address-list=ftp_stage3
  303. add action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m chain=input comment=\
  304. "drop ftp brute forcers" connection-state=new dst-port=21 protocol=tcp src-address-list=ftp_stage2
  305. add action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m chain=input comment=\
  306. "drop ftp brute forcers" connection-state=new dst-port=21 protocol=tcp src-address-list=ftp_stage1
  307. add action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m chain=input comment=\
  308. "drop ftp brute forcers" connection-state=new dst-port=21 protocol=tcp
  309. add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=\
  310. black_list
  311. add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment=\
  312. "drop telnet brute forcers" connection-state=new dst-port=23 protocol=tcp src-address-list=\
  313. telnet_stage3
  314. add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input comment=\
  315. "drop telnet brute forcers" connection-state=new dst-port=23 protocol=tcp src-address-list=\
  316. telnet_stage2
  317. add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input comment=\
  318. "drop telnet brute forcers" connection-state=new dst-port=23 protocol=tcp src-address-list=\
  319. telnet_stage1
  320. add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input comment=\
  321. "drop telnet brute forcers" connection-state=new dst-port=23 protocol=tcp
  322. add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 protocol=tcp \
  323. src-address-list=black_list
  324. add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment=\
  325. "drop winbox brute forcers" connection-state=new dst-port=8291 protocol=tcp src-address-list=\
  326. Winbox_stage3
  327. add action=add-src-to-address-list address-list=wWinbox_stage3 address-list-timeout=1m chain=input \
  328. comment="drop winbox brute forcers" connection-state=new dst-port=8291 protocol=tcp src-address-list=\
  329. Winbox_stage2
  330. add action=add-src-to-address-list address-list=wWinbox_stage2 address-list-timeout=1m chain=input \
  331. comment="drop winbox brute forcers" connection-state=new dst-port=8291 protocol=tcp src-address-list=\
  332. Winbox_stage1
  333. add action=add-src-to-address-list address-list=Winbox_stage1 address-list-timeout=1m chain=input comment=\
  334. "drop winbox brute forcers" connection-state=new dst-port=8291 protocol=tcp
  335. add action=drop chain=input comment="port scanners" src-address-list="port scanners"
  336. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  337. comment="port scanners" protocol=tcp psd=21,3s,3,1
  338. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  339. comment="port scanners" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
  340. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  341. comment="port scanners" protocol=tcp tcp-flags=fin,syn
  342. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  343. comment="port scanners" protocol=tcp tcp-flags=syn,rst
  344. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  345. comment="port scanners" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
  346. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  347. comment="port scanners" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
  348. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
  349. comment="port scanners" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
  350. add action=drop chain=input comment="drop 80 dos attack" dst-port=80 protocol=tcp src-address-list=\
  351. web_blacklist
  352. add action=add-src-to-address-list address-list=web_blacklist address-list-timeout=2d chain=input comment=\
  353. "drop 80 dos attack" connection-limit=40,32 dst-port=80 limit=20,5 protocol=tcp
  354. add chain=input comment="drop 80 dos attack" dst-port=80 in-interface=ether1-gateway protocol=tcp \
  355. src-address-list=!web_blacklist
  356. add action=drop chain=output comment="r00t backdor" dst-address=218.93.250.18
  357. add action=drop chain=input comment="r00t backdor" dst-address=218.93.250.18
  358. add action=drop chain=forward comment="r00t backdor" dst-address=218.93.250.18
  359. add action=drop chain=input comment="r00t backdor" src-address=218.93.250.18
  360. add action=drop chain=output comment="r00t backdor" src-address=218.93.250.18
  361. add action=drop chain=forward comment="r00t backdor" src-address=218.93.250.18
  362. add action=drop chain=input comment="dns flood" disabled=yes in-interface=ether1-gateway port=53 protocol=\
  363. udp
  364. add action=drop chain=input comment="dns flood" in-interface=ether1-gateway port=53 protocol=udp \
  365. src-address-list=dns_black_list
  366. add action=add-src-to-address-list address-list=dns_black_list address-list-timeout=1d chain=input \
  367. comment="dns flood" connection-state=new port=53 protocol=udp
  368. add action=drop chain=forward comment="all other drop" src-address=0.0.0.0/8
  369. add action=drop chain=forward comment="all other drop" dst-address=0.0.0.0/8
  370. add action=drop chain=forward comment="all other drop" src-address=127.0.0.0/8
  371. add action=drop chain=forward comment="all other drop" dst-address=127.0.0.0/8
  372. add action=drop chain=forward comment="all other drop" src-address=224.0.0.0/3
  373. add action=drop chain=forward comment="all other drop" dst-address=224.0.0.0/3
  374. add action=drop chain=input comment="all other drop" log=yes log-prefix=input-drop
  375. add action=drop chain=forward comment="all other drop"
  376. /ip firewall mangle
  377. add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local \
  378. new-connection-mark=Pcc_Conn_1 per-connection-classifier=both-addresses-and-ports:5/0
  379. add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local \
  380. new-connection-mark=Pcc_Conn_2 per-connection-classifier=both-addresses-and-ports:5/1
  381. add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local \
  382. new-connection-mark=Pcc_Conn_3 per-connection-classifier=both-addresses-and-ports:5/2
  383. add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local \
  384. new-connection-mark=Pcc_Conn_4 per-connection-classifier=both-addresses-and-ports:5/3
  385. add action=mark-connection chain=prerouting dst-address-list=russianbl dst-address-type=!local \
  386. new-connection-mark=Pcc_Conn_5 per-connection-classifier=both-addresses-and-ports:5/4
  387. add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=tcp
  388. add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=pptp protocol=udp
  389. add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 \
  390. protocol=udp
  391. add action=mark-routing chain=prerouting connection-mark=pptp dst-port=53 new-routing-mark=Route_1 \
  392. protocol=tcp
  393. add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_1 dst-address-list=russianbl \
  394. dst-address-type=!local new-routing-mark=Route_1
  395. add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_2 dst-address-list=russianbl \
  396. dst-address-type=!local new-routing-mark=Route_2
  397. add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_3 dst-address-list=russianbl \
  398. dst-address-type=!local new-routing-mark=Route_3
  399. add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_4 dst-address-list=russianbl \
  400. dst-address-type=!local new-routing-mark=Route_4
  401. add action=mark-routing chain=prerouting connection-mark=Pcc_Conn_5 dst-address-list=russianbl \
  402. dst-address-type=!local new-routing-mark=Route_5
  403. /ip firewall nat
  404. add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
  405. # vpnbook.com not ready
  406. add action=masquerade chain=srcnat out-interface=vpnbook.com src-address=192.168.1.0/24
  407. # worldvpn.net not ready
  408. add action=masquerade chain=srcnat out-interface=worldvpn.net src-address=192.168.1.0/24
  409. # freecloudvpn.com not ready
  410. add action=masquerade chain=srcnat out-interface=freecloudvpn.com src-address=192.168.1.0/24
  411. # freevpn.me not ready
  412. add action=masquerade chain=srcnat out-interface=freevpn.me src-address=192.168.1.0/24
  413. # freevpnaccess.com not ready
  414. add action=masquerade chain=srcnat out-interface=freevpnaccess.com src-address=192.168.1.0/24
  415. # vpnme.me not ready
  416. add action=masquerade chain=srcnat out-interface=vpnme.me src-address=192.168.1.0/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!