API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 21st, 2016
232
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nagios 11.01 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall export verbose
  2. # dec/13/2015 07:16:49 by RouterOS 6.33.3
  3. # software id = YJAX-K4H6
  4. #
  5. /ip firewall connection tracking
  6. set enabled=auto generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
  7.     tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m \
  8.     tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m \
  9.     udp-stream-timeout=3m udp-timeout=10s
  10. /ip firewall filter
  11. add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state \
  12.     !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
  13.     !dst-address-type !dst-limit dst-port=500 !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
  14.     !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
  15.     !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=udp !psd !random \
  16.     !routing-mark !routing-table src-address=HQ_IP !src-address-list !src-address-type !src-mac-address \
  17.     !src-port !tcp-flags !tcp-mss !time !ttl
  18. add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state \
  19.     !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
  20.     !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
  21.     !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
  22.     !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=ipsec-esp !psd \
  23.     !random !routing-mark !routing-table src-address=HQ_IP !src-address-list !src-address-type !src-mac-address \
  24.     !src-port !tcp-flags !tcp-mss !time !ttl
  25. add action=accept chain=input comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  26.     !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address \
  27.     !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
  28.     !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
  29.     !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=\
  30.     icmp !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type !src-mac-address \
  31.     !src-port !tcp-flags !tcp-mss !time !ttl
  32. add action=accept chain=input comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  33.     !connection-nat-state !connection-rate connection-state=established,related !connection-type !content disabled=no \
  34.     !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
  35.     !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no \
  36.     log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port \
  37.     !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  38.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  39. add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state \
  40.     !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
  41.     !dst-address-type !dst-limit dst-port=80,8291,22 !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
  42.     !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
  43.     !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=tcp !psd !random \
  44.     !routing-mark !routing-table !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
  45.     !tcp-mss !time !ttl
  46. add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state \
  47.     !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
  48.     !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
  49.     !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
  50.     !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=icmp !psd !random \
  51.     !routing-mark !routing-table !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
  52.     !tcp-mss !time !ttl
  53. add action=drop chain=input comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  54.     !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address \
  55.     !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
  56.     in-interface=ether1-gateway !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix=\
  57.     "" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority \
  58.     !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  59.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  60. add action=fasttrack-connection chain=forward comment="default configuration" !connection-bytes !connection-limit \
  61.     !connection-mark !connection-nat-state !connection-rate connection-state=established,related !connection-type \
  62.     !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot \
  63.     !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
  64.     log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
  65.     !port !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  66.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  67. add action=accept chain=forward comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  68.     !connection-nat-state !connection-rate connection-state=established,related !connection-type !content disabled=no \
  69.     !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
  70.     !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no \
  71.     log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port \
  72.     !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  73.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  74. add action=drop chain=forward comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  75.     !connection-nat-state !connection-rate connection-state=invalid !connection-type !content disabled=no !dscp \
  76.     !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
  77.     !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no \
  78.     log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port \
  79.     !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  80.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  81. add action=drop chain=forward comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  82.     connection-nat-state=!dstnat !connection-rate connection-state=new !connection-type !content disabled=no !dscp \
  83.     !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
  84.     !in-bridge-port in-interface=ether1-gateway !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
  85.     log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier \
  86.     !port !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
  87.     !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
  88. /ip firewall nat
  89. add action=accept chain=srcnat !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type \
  90.     !content disabled=no !dscp dst-address=10.101.0.0/24 !dst-address-list !dst-address-type !dst-limit !dst-port \
  91.     !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options \
  92.     !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-interface !packet-mark !packet-size \
  93.     !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !routing-table src-address=\
  94.     10.104.0.0/24 !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !to-addresses !to-ports \
  95.     !ttl
  96. add action=accept chain=dstnat !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type \
  97.     !content disabled=no !dscp dst-address=10.104.0.0/24 !dst-address-list !dst-address-type !dst-limit !dst-port \
  98.     !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options \
  99.     !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-interface !packet-mark !packet-size \
  100.     !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !routing-table src-address=\
  101.     10.101.0.0/24 !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !to-addresses !to-ports \
  102.     !ttl
  103. add action=masquerade chain=srcnat comment="default configuration" !connection-bytes !connection-limit !connection-mark \
  104.     !connection-rate !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type \
  105.     !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy \
  106.     !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port out-interface=ether1-gateway \
  107.     !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark \
  108.     !routing-table !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time \
  109.     !to-addresses !to-ports !ttl
  110. /ip firewall service-port
  111. set ftp disabled=no ports=21
  112. set tftp disabled=no ports=69
  113. set irc disabled=no ports=6667
  114. set h323 disabled=no
  115. set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
  116. set pptp disabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!