API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 19th, 2016
519
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ActionScript 9.00 KB | None | 0 0
raw download clone embed print report
  1. # mar/19/2016 09:30:10 by RouterOS 6.34.2
  2. #
  3. /interface ethernet
  4. set [ find default-name=ether1 ] comment=WAN name=eth1-wan
  5. set [ find default-name=ether2 ] comment=LAN name=eth2-lan
  6. set [ find default-name=ether3 ] master-port=eth2-lan name=eth3-lan
  7. set [ find default-name=ether4 ] master-port=eth2-lan name=eth4-lan
  8. set [ find default-name=ether5 ] master-port=eth2-lan name=eth5-lan
  9. /ip neighbor discovery
  10. set eth1-wan comment=WAN discover=no
  11. set eth2-lan comment=LAN
  12. set eth3-lan discover=no
  13. set eth4-lan discover=no
  14. set eth5-lan discover=no
  15. /interface wireless security-profiles
  16. add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=wpa2 supplicant-identity="" wpa-pre-shared-key=password wpa2-pre-shared-key=password
  17. /interface wireless
  18. set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode area=home band=2ghz-b/g/n channel-width=20/40mhz-eC comment=WIR country=russia default-authentication=no disabled=no distance=indoors frequency=2472 hide-ssid=yes \
  19.     hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=full security-profile=wpa2 ssid=0xdeadbeef tx-power=21 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wmm-support=enabled
  20. /interface wireless manual-tx-power-table
  21. set wlan1 comment=WIR
  22. /interface wireless nstreme
  23. set wlan1 comment=WIR
  24. /ip neighbor discovery
  25. set wlan1 comment=WIR discover=no
  26. /ip ipsec proposal
  27. set [ find default=yes ] enc-algorithms=aes-128-cbc
  28. /ip pool
  29. add name=dhcp_lan_pool ranges=192.168.10.100-192.168.10.254
  30. add name=dhcp_wir_pool ranges=192.168.1.100-192.168.1.254
  31. /ip dhcp-server
  32. add add-arp=yes address-pool=dhcp_lan_pool disabled=no interface=eth2-lan name=dhcp_lan
  33. add add-arp=yes address-pool=dhcp_wir_pool disabled=no interface=wlan1 name=dhcp_wireless
  34. /system logging action
  35. set 0 memory-lines=200
  36. add name=weblog remote=192.168.10.178 remote-port=546 src-address=192.168.10.1 target=remote
  37. /ip settings
  38. set tcp-syncookies=yes
  39. /interface wireless access-list
  40. add comment=emachines interface=wlan1 mac-address=88:9F:FA:84:BE:72 vlan-mode=no-tag
  41. add comment="android asus" interface=wlan1 mac-address=BC:EE:7B:D2:A6:FE vlan-mode=no-tag
  42. add comment="android htc" interface=wlan1 mac-address=7C:61:93:35:D8:5E vlan-mode=no-tag
  43. add comment="android philips" interface=wlan1 mac-address=00:1D:07:ED:30:A6 vlan-mode=no-tag
  44. add comment=blackberry interface=wlan1 mac-address=48:9D:24:98:4A:8C vlan-mode=no-tag
  45. add comment="android sony" interface=wlan1 mac-address=30:A8:DB:8B:3D:E1 vlan-mode=no-tag
  46. /ip address
  47. add address=192.168.10.1/24 interface=eth2-lan network=192.168.10.0
  48. add address=192.168.1.1/24 interface=wlan1 network=192.168.1.0
  49. /ip dhcp-client
  50. add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=eth1-wan
  51. /ip dhcp-server network
  52. add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1 netmask=24 ntp-server=192.36.143.130
  53. add address=192.168.10.0/24 dns-server=192.168.10.1,8.8.8.8 gateway=192.168.10.1 netmask=24 ntp-server=192.36.143.130
  54. /ip dns
  55. set allow-remote-requests=yes servers=8.8.8.8,8.8.2.2
  56. /ip firewall address-list
  57. add address=0.0.0.0/8 list=BOGON
  58. add address=10.0.0.0/8 list=BOGON
  59. add address=100.64.0.0/10 list=BOGON
  60. add address=127.0.0.0/8 list=BOGON
  61. add address=169.254.0.0/16 list=BOGON
  62. add address=172.16.0.0/12 list=BOGON
  63. add address=192.0.0.0/24 list=BOGON
  64. add address=192.0.2.0/24 list=BOGON
  65. add address=192.168.0.0/16 list=BOGON
  66. add address=198.18.0.0/15 list=BOGON
  67. add address=198.51.100.0/24 list=BOGON
  68. add address=203.0.113.0/24 list=BOGON
  69. add address=224.0.0.0/4 list=BOGON
  70. add address=240.0.0.0/4 list=BOGON
  71. /ip firewall filter
  72. add action=fasttrack-connection chain=forward connection-state=established,related
  73. add chain=forward comment="torrent forwarding" dst-address=192.168.10.178 dst-port=65192 in-interface=!eth2-lan protocol=udp
  74. add chain=forward comment="torrent forwarding" dst-address=192.168.10.178 dst-port=65192 in-interface=!eth2-lan protocol=tcp
  75. add chain=forward comment="torrent forwarding" dst-address=192.168.10.213 dst-port=65194 in-interface=!eth2-lan protocol=tcp
  76. add chain=forward comment="torrent forwarding" dst-address=192.168.10.213 dst-port=65194 in-interface=!eth2-lan protocol=udp
  77. add action=reject chain=input comment="drop all new in eth1-wan" connection-state=new in-interface=eth1-wan log-prefix=reject_new reject-with=icmp-port-unreachable
  78. add action=reject chain=input comment="drop from bogon" in-interface=eth1-wan src-address-list=BOGON
  79. add action=drop chain=input comment="drop invalid connections" connection-state=invalid
  80. add action=drop chain=forward comment="drop invalid connections" connection-state=invalid
  81. add action=reject chain=input comment="drop all from blacklist" reject-with=icmp-port-unreachable src-address-list=blacklist
  82. add action=add-src-to-address-list address-list=blacklist address-list-timeout=2m chain=input comment="icmp ttl expired attack" icmp-options=11 in-interface=eth1-wan protocol=icmp
  83. add action=add-src-to-address-list address-list=blacklist address-list-timeout=2m chain=input comment=syn-flood connection-limit=30,32 in-interface=eth1-wan protocol=tcp tcp-flags=syn
  84. add action=add-src-to-address-list address-list=blacklist address-list-timeout=4w2d chain=input comment="web proxy" dst-port=8080 in-interface=eth1-wan protocol=tcp
  85. add action=add-src-to-address-list address-list=blacklist address-list-timeout=4w2d chain=input comment="tcp priviliged ports" dst-port=1-1030 in-interface=eth1-wan protocol=tcp
  86. add action=add-src-to-address-list address-list=blacklist address-list-timeout=4w2d chain=input comment="udp priviliged ports" dst-port=1-1030 in-interface=eth1-wan log=yes protocol=udp
  87. add action=add-src-to-address-list address-list=blacklist address-list-timeout=4w2d chain=input comment="mikrotik ports" dst-port=8291,8728,8729,2000,5678 in-interface=eth1-wan protocol=tcp
  88. add action=reject chain=input comment="drop all from blacklist" reject-with=icmp-port-unreachable src-address-list=blacklist
  89. /ip firewall nat
  90. add action=dst-nat chain=dstnat comment="torrent forwarding" dst-port=65192 protocol=udp to-addresses=192.168.10.178 to-ports=65192
  91. add action=dst-nat chain=dstnat comment="torrent forwarding" dst-port=65192 protocol=tcp to-addresses=192.168.10.178 to-ports=65192
  92. add action=dst-nat chain=dstnat comment="torrent forwarding" dst-port=65194 protocol=udp to-addresses=192.168.10.213 to-ports=65194
  93. add action=dst-nat chain=dstnat comment="torrent forwarding" dst-port=65194 protocol=tcp to-addresses=192.168.10.213 to-ports=65194
  94. add action=masquerade chain=srcnat out-interface=eth1-wan src-address=192.168.10.0/24
  95. add action=masquerade chain=srcnat out-interface=eth1-wan src-address=192.168.1.0/24
  96. add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=192.168.10.0/24 to-ports=8080
  97. add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address=192.168.1.0/24 to-ports=8080
  98. /ip firewall service-port
  99. set ftp disabled=yes
  100. set tftp disabled=yes
  101. set irc disabled=yes
  102. set h323 disabled=yes
  103. set sip disabled=yes
  104. set pptp disabled=yes
  105. /ip proxy
  106. set cache-path=disk1/web_proxy enabled=yes max-cache-size=none src-address=192.168.10.1
  107. /ip proxy access
  108. add action=deny dst-host=*.yadro.ru* method=GET path=""
  109. add action=deny dst-host=*liveinternet.ru* method=GET
  110. add action=deny disabled=yes dst-host=*vk.com* method=POST
  111. add action=deny dst-host=*adriver.ru* method=GET
  112. add action=deny dst-host=*scorecardresearch.com* method=GET
  113. add action=deny dst-host=*rl0.ru* method=GET
  114. add action=deny dst-host=*mshcdn.com* method=GET
  115. add action=deny dst-host=*1dmp.io* method=GET
  116. add action=deny dst-host=*madnet.ru* method=GET
  117. add action=deny dst-host=*doubleclick.net* method=GET
  118. add action=deny dst-host=*imrk.net* method=GET
  119. add action=deny dst-host=*.revee.com* method=GET
  120. /ip service
  121. set telnet address=192.168.10.0/24 disabled=yes
  122. set ftp address=192.168.10.0/24 disabled=yes
  123. set www address=192.168.10.0/24
  124. set ssh address=192.168.10.0/24
  125. set www-ssl address=192.168.10.0/24
  126. set api address=192.168.10.0/24 disabled=yes
  127. set winbox address=192.168.10.0/24
  128. set api-ssl address=192.168.10.0/24 disabled=yes
  129. /ip smb
  130. set allow-guests=no domain=WORKGROUP enabled=yes interfaces=eth2-lan
  131. /ip smb shares
  132. set [ find default=yes ] disabled=yes
  133. add comment=silicon-power directory=/disk1 disabled=yes name=mikrotik
  134. /ip smb users
  135. add name=Stanislav read-only=no
  136. /system clock
  137. set time-zone-name=Europe/Moscow
  138. /system leds
  139. set 0 interface=wlan1
  140. /system logging
  141. add action=weblog disabled=yes prefix=prefix topics=web-proxy,!debug
  142. add action=weblog disabled=yes prefix=prefix topics=wireless
  143. add action=weblog disabled=yes prefix=prefix topics=firewall
  144. add action=weblog disabled=yes prefix=prefix topics=dhcp,!debug
  145. add action=weblog disabled=yes prefix=prefix topics=dns,!packet
  146. /system ntp client
  147. set enabled=yes primary-ntp=91.206.16.3 secondary-ntp=185.22.60.71 server-dns-names=8.8.8.8
  148. /system routerboard settings
  149. set protected-routerboot=disabled
  150. /tool mac-server
  151. set [ find default=yes ] disabled=yes
  152. add interface=eth2-lan
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!