API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 9th, 2019
170
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.36 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add admin-mac=MA:CN:EI:ZV:ES:TE auto-mac=no name=bridge1
  3. /interface ethernet
  4. set [ find default-name=ether2 ] name=ether1
  5. set [ find default-name=ether3 ] name=ether2
  6. set [ find default-name=ether4 ] name=ether3
  7. set [ find default-name=ether1 ] name=wan
  8. /interface pppoe-client
  9. add add-default-route=yes disabled=no interface=wan max-mtu=1470 name=pppoe-out1 password=xxxxxx user=xxxxxx@beltel.by
  10. /interface list
  11. add comment=defconf name=WAN
  12. add comment=defconf name=LAN
  13. add name=LAN_and_WIFI
  14. /interface wireless security-profiles
  15. set [ find default=yes ] supplicant-identity=4324234
  16. add authentication-types=wpa-psk eap-methods="" mode=dynamic-keys name=profile1 supplicant-identity=xxxxx wpa-pre-shared-key=xxxxxxxxxxx wpa2-pre-shared-key=xxxxxxxxxxx
  17. /interface wireless
  18. set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-a/g=9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=11Mbps country=belarus disabled=no distance=\
  19. indoors frequency=2437 installation=indoor mode=ap-bridge rate-set=configured security-profile=profile1 ssid=xxxxx supported-rates-a/g=\
  20. 9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=11Mbps tx-power-mode=all-rates-fixed wds-ignore-ssid=yes wireless-protocol=802.11 wps-mode=disabled
  21. /interface wireless nstreme
  22. set wlan1 disable-csma=yes enable-polling=no
  23. /ip pool
  24. add name=dhcp1 ranges=192.168.88.2-192.168.88.254
  25. add name=dhcp2 ranges=192.168.89.2-192.168.89.254
  26. /ip dhcp-server
  27. add address-pool=dhcp1 disabled=no interface=bridge1 name=lan-dhcp1
  28. add address-pool=dhcp2 disabled=no interface=wlan1 name=wifi-dhcp2
  29. /queue type
  30. add kind=pcq name=pcq-download pcq-burst-rate=2M pcq-burst-threshold=100 pcq-burst-time=20s pcq-classifier=dst-address pcq-limit=100KiB
  31. add kind=pcq name=pcq-upload pcq-burst-rate=125k pcq-burst-threshold=100 pcq-burst-time=20s pcq-classifier=src-address pcq-limit=100KiB
  32. /queue tree
  33. add max-limit=8M name=1 parent=global queue=pcq-download
  34. add max-limit=512k name=2 parent=global queue=pcq-upload
  35. add max-limit=8M name=queue01 packet-mark=dns_and_ntp_mark parent=1 priority=1 queue=pcq-download
  36. add max-limit=8M name=queue03 packet-mark=forward_sm_traffik1_mark parent=1 priority=5 queue=pcq-download
  37. add max-limit=8M name=queue04 packet-mark=forward_bg_traffik1_mark parent=1 priority=6 queue=pcq-download
  38. add max-limit=512k name=queue20 packet-mark=forward_sm_traffik2_mark parent=2 priority=3 queue=pcq-upload
  39. add max-limit=512k name=queue21 packet-mark=forward_bg_traffik2_mark parent=2 priority=4 queue=pcq-upload
  40. add max-limit=8M name=queue05 packet-mark=no-mark parent=1 queue=pcq-download
  41. add max-limit=512k name=queue22 packet-mark=no-mark parent=2 queue=pcq-upload
  42. /user group
  43. add name=for_scripts policy=read,write,tikapp,!local,!telnet,!ssh,!ftp,!reboot,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude
  44. /interface bridge port
  45. add bridge=bridge1 interface=ether1
  46. add bridge=bridge1 interface=ether2
  47. add bridge=bridge1 interface=ether3
  48. /interface bridge settings
  49. set allow-fast-path=no
  50. /ip firewall connection tracking
  51. set tcp-established-timeout=20m
  52. /ip neighbor discovery-settings
  53. set discover-interface-list=LAN
  54. /ip settings
  55. set allow-fast-path=no rp-filter=strict tcp-syncookies=yes
  56. /interface list member
  57. add interface=bridge1 list=LAN
  58. add interface=wan list=WAN
  59. add interface=wlan1 list=LAN_and_WIFI
  60. add interface=bridge1 list=LAN_and_WIFI
  61. add interface=pppoe-out1 list=WAN
  62. /ip address
  63. add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
  64. add address=192.168.89.1/24 interface=wlan1 network=192.168.89.0
  65. /ip cloud
  66. set update-time=no
  67. /ip dhcp-client
  68. add dhcp-options=hostname,clientid disabled=no interface=wan use-peer-dns=no use-peer-ntp=no
  69. /ip dhcp-server network
  70. add address=192.168.88.0/24 gateway=192.168.88.1
  71. add address=192.168.89.0/24 gateway=192.168.89.1
  72.  
  73. /ip dns static
  74. add address=192.168.88.1 name=router.lan
  75. /ip firewall address-list
  76. add address=192.168.88.2-192.168.89.254 list=lan_and_wifi
  77. add address=84.245.235.193 list=NTP
  78. add address=149.210.230.59 list=NTP
  79. add address=0.0.0.0/8 list=BOGONS
  80. add address=10.0.0.0/8 list=BOGONS
  81. add address=100.64.0.0/10 list=BOGONS
  82. add address=127.0.0.0/8 list=BOGONS
  83. add address=169.254.0.0/16 list=BOGONS
  84. add address=172.16.0.0/12 list=BOGONS
  85. add address=192.0.0.0/24 list=BOGONS
  86. add address=192.0.2.0/24 list=BOGONS
  87. add address=198.18.0.0/15 list=BOGONS
  88. add address=198.51.100.0/24 list=BOGONS
  89. add address=203.0.113.0/24 list=BOGONS
  90. add address=224.0.0.0/3 list=BOGONS
  91. add address=8.8.8.8 list=DNS
  92. add address=8.8.4.4 list=DNS
  93. add address=192.168.88.1 list=DNS_INTERFACE
  94. add address=8.8.8.8 list=DNS_and_NTP
  95. add address=8.8.4.4 list=DNS_and_NTP
  96. add address=xxx.xxx.xxx.xxx list=DNS_and_NTP
  97. add address=xxx.xxx.xxx.xxx list=DNS_and_NTP
  98. add address=192.168.89.1 list=DNS_INTERFACE
  99. add address=192.168.88.2-192.168.88.254 list=ethernet_pool
  100. add address=192.168.89.2-192.168.89.254 list=wifi_pool
  101. add address=8.8.8.8 list=DNS_and_DNS_INTERFACE
  102. add address=8.8.4.4 list=DNS_and_DNS_INTERFACE
  103. add address=192.168.88.1 list=DNS_and_DNS_INTERFACE
  104. add address=192.168.89.1 list=DNS_and_DNS_INTERFACE
  105. /ip firewall filter
  106. add action=accept chain=forward comment=SIP dst-address-list=lan_and_wifi in-interface=pppoe-out1 out-interface-list=LAN_and_WIFI packet-mark=sip1_mark src-address-list=\
  107. SIP
  108. add action=accept chain=forward dst-address-list=SIP in-interface-list=LAN_and_WIFI out-interface=pppoe-out1 packet-mark=sip2_mark src-address-list=lan_and_wifi
  109. add action=accept chain=forward comment="legal forward traffik" connection-state=established,related dst-address-list=lan_and_wifi in-interface=pppoe-out1 \
  110. out-interface-list=LAN_and_WIFI packet-mark=forward_sm_traffik1_mark packet-size=0-1000
  111. add action=accept chain=forward connection-state=established,related dst-address-list=lan_and_wifi in-interface=pppoe-out1 out-interface-list=LAN_and_WIFI packet-mark=\
  112. forward_bg_traffik1_mark packet-size=1000-65535
  113. add action=accept chain=forward connection-state=established,related,new in-interface-list=LAN_and_WIFI out-interface=pppoe-out1 packet-mark=forward_sm_traffik2_mark \
  114. packet-size=0-1000 src-address-list=lan_and_wifi
  115. add action=accept chain=forward connection-state=established,related,new in-interface-list=LAN_and_WIFI out-interface=pppoe-out1 packet-mark=forward_bg_traffik2_mark \
  116. packet-size=1000-65535 src-address-list=lan_and_wifi
  117. add action=accept chain=output comment="DNS and NTP" packet-mark=out_dns_and_ntp_mark port=53,123 protocol=udp
  118. add action=accept chain=input packet-mark=input_dns_and_ntp_mark port=53,123 protocol=udp
  119. add action=accept chain=input comment=dhcp dst-port=67 in-interface-list=LAN_and_WIFI packet-mark=dhcp_mark protocol=udp src-port=68
  120. add action=accept chain=input comment=winbox packet-mark=winbox_mark
  121. add action=accept chain=input comment="for wot vanya" packet-mark=for_wot_mark
  122. add action=drop chain=input comment=drops packet-mark=drop_marks
  123. add action=drop chain=forward packet-mark=drop_marks
  124. add action=accept chain=output comment="for world of tanks" icmp-options=3:0-255 protocol=icmp
  125. add action=drop chain=output packet-mark=drop_marks
  126. add action=drop chain=input comment=drops
  127. add action=drop chain=forward
  128. add action=drop chain=output
  129. add action=drop chain=input comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  130. add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  131. /ip firewall mangle
  132. add action=jump chain=prerouting comment="only TCP and UDP" jump-target=only_tcp_and_udp_chain protocol=!tcp
  133. add action=jump chain=output jump-target=only_tcp_and_udp_chain protocol=!tcp
  134. add action=mark-packet chain=only_tcp_and_udp_chain ipv4-options=loose-source-routing new-packet-mark=drop_marks passthrough=no protocol=!udp
  135. add action=mark-packet chain=prerouting comment="invalide drops" connection-state=invalid new-packet-mark=drop_marks passthrough=no
  136. add action=mark-packet chain=output connection-state=invalid new-packet-mark=drop_marks passthrough=no
  137. add action=mark-packet chain=prerouting comment="drop dnt !dsnat" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN new-packet-mark=drop_marks \
  138. passthrough=no
  139. add action=mark-packet chain=forward comment=SIP dst-address-list=lan_and_wifi in-interface=pppoe-out1 new-packet-mark=sip1_mark out-interface-list=LAN_and_WIFI \
  140. passthrough=no src-address-list=SIP
  141. add action=mark-packet chain=forward dst-address-list=SIP in-interface-list=LAN_and_WIFI new-packet-mark=sip2_mark out-interface=pppoe-out1 passthrough=no \
  142. src-address-list=lan_and_wifi
  143. add action=mark-packet chain=forward comment="legal forward traffik" connection-state=established,related dst-address-list=lan_and_wifi in-interface=pppoe-out1 \
  144. new-packet-mark=forward_sm_traffik1_mark out-interface-list=LAN_and_WIFI packet-size=0-1000 passthrough=no
  145. add action=mark-packet chain=forward connection-state=established,related dst-address-list=lan_and_wifi in-interface=pppoe-out1 new-packet-mark=forward_bg_traffik1_mark \
  146. out-interface-list=LAN_and_WIFI packet-size=1000-65535 passthrough=no
  147. add action=mark-packet chain=forward connection-state=established,related,new in-interface-list=LAN_and_WIFI new-packet-mark=forward_sm_traffik2_mark out-interface=\
  148. pppoe-out1 packet-size=0-1000 passthrough=no src-address-list=lan_and_wifi
  149. add action=mark-packet chain=forward connection-state=established,related,new in-interface-list=LAN_and_WIFI new-packet-mark=forward_bg_traffik2_mark out-interface=\
  150. pppoe-out1 packet-size=1000-65535 passthrough=no src-address-list=lan_and_wifi
  151. add action=mark-packet chain=forward comment="drop other forward" new-packet-mark=drop_marks passthrough=no
  152. add action=mark-packet chain=output comment="accepted for input (DNS/NTP/DHCP) part1" dst-address-list=lan_and_wifi new-packet-mark=out_dns_and_ntp_mark \
  153. out-interface-list=LAN_and_WIFI passthrough=no protocol=udp src-address-list=DNS_INTERFACE src-port=53
  154. add action=mark-packet chain=output dst-address-list=DNS_and_NTP dst-port=53,123 new-packet-mark=out_dns_and_ntp_mark out-interface=pppoe-out1 passthrough=no protocol=udp
  155. add action=mark-packet chain=output comment="drop other output" new-packet-mark=drop_marks passthrough=no
  156. add action=mark-packet chain=input comment="accepted for input (DNS/NTP/DHCP) part2" dst-address-list=DNS_INTERFACE dst-port=53 in-interface-list=LAN_and_WIFI \
  157. new-packet-mark=input_dns_and_ntp_mark passthrough=no protocol=udp src-address-list=lan_and_wifi
  158. add action=mark-packet chain=input in-interface=pppoe-out1 new-packet-mark=input_dns_and_ntp_mark passthrough=no protocol=udp src-address-list=DNS_and_NTP src-port=53,123
  159. add action=mark-packet chain=input dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN_and_WIFI new-packet-mark=dhcp_mark passthrough=no protocol=udp \
  160. src-address=0.0.0.0 src-port=68
  161. add action=mark-packet chain=input dst-address-list=DNS_INTERFACE dst-port=67 in-interface-list=LAN_and_WIFI new-packet-mark=dhcp_mark passthrough=no protocol=udp \
  162. src-address-list=lan_and_wifi src-port=68
  163. add action=mark-packet chain=input comment="world of tanks very bad works winthout this record" connection-state=new in-interface=pppoe-out1 new-packet-mark=for_wot_mark \
  164. passthrough=no port=6881 protocol=udp
  165. add action=mark-packet chain=input comment=winbox dst-port=20561 in-interface-list=LAN_and_WIFI new-packet-mark=winbox_mark passthrough=no protocol=udp src-address-list=\
  166. lan_and_wifi
  167. add action=mark-packet chain=input comment="drop other input" new-packet-mark=drop_marks passthrough=no
  168. /ip firewall nat
  169. add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=pppoe-out1 protocol=udp src-address-list=lan_and_wifi
  170. add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=pppoe-out1 protocol=tcp src-address-list=lan_and_wifi
  171. /ip firewall raw
  172. add action=drop chain=prerouting comment="drops BOGONS" in-interface=pppoe-out1 src-address-list=BOGONS
  173. add action=drop chain=output dst-address-list=BOGONS out-interface=pppoe-out1
  174. add action=accept chain=prerouting comment="accept DHCP WAN" dst-address=255.255.255.255 dst-port=68 in-interface=wan protocol=udp src-address=192.168.1.1 src-port=67
  175. add action=drop chain=prerouting comment="block WAN" in-interface=wan log=yes log-prefix="RAW: 5 "
  176. add action=drop chain=output log=yes log-prefix="RAW: 6 " out-interface=wan
  177. add action=accept chain=prerouting comment="accept DHCP LAN" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN_and_WIFI log=yes protocol=udp src-address=\
  178. 0.0.0.0 src-port=68
  179. add action=accept chain=prerouting dst-address-list=DNS_INTERFACE dst-port=67 in-interface-list=LAN_and_WIFI protocol=udp src-address-list=lan_and_wifi src-port=68
  180. add action=accept chain=output comment=dns dst-address-list=DNS dst-port=53 out-interface-list=WAN protocol=udp
  181. add action=accept chain=output dst-address-list=lan_and_wifi out-interface-list=LAN_and_WIFI protocol=udp src-address-list=DNS_INTERFACE src-port=53
  182. add action=accept chain=prerouting in-interface=pppoe-out1 protocol=udp src-address-list=DNS src-port=53
  183. add action=accept chain=prerouting dst-address-list=DNS_and_DNS_INTERFACE dst-port=53 in-interface-list=LAN_and_WIFI protocol=udp src-address-list=lan_and_wifi
  184. add action=accept chain=prerouting comment=ntp in-interface=pppoe-out1 protocol=udp src-address-list=NTP src-port=123
  185. add action=accept chain=prerouting dst-address-list=NTP dst-port=123 in-interface-list=LAN_and_WIFI protocol=udp src-address-list=lan_and_wifi
  186. add action=accept chain=output dst-address-list=NTP dst-port=123 out-interface=pppoe-out1 protocol=udp
  187. add action=drop chain=prerouting comment="drop illegal" in-interface=pppoe-out1 protocol=udp src-address-list=!SIP src-port=5060-5062
  188. add action=drop chain=output port=53,123 protocol=udp
  189. add action=drop chain=prerouting log-prefix="RAW: 31" port=53,123 protocol=udp
  190. add action=drop chain=prerouting port=53,123 protocol=tcp
  191. /ip firewall service-port
  192. set ftp disabled=yes ports=45634
  193. set tftp disabled=yes ports=36256
  194. set irc disabled=yes ports=56345
  195. set h323 disabled=yes
  196. set sip disabled=yes ports=35445,35456
  197. set pptp disabled=yes
  198. set udplite disabled=yes
  199. set dccp disabled=yes
  200. set sctp disabled=yes
  201. /ip service
  202. set telnet disabled=yes port=24234
  203. set ftp disabled=yes port=24335
  204. set www disabled=yes port=25542
  205. set ssh disabled=yes port=34534
  206. set www-ssl port=54632
  207. set api disabled=yes port=23124
  208. set winbox disabled=yes port=35453
  209. set api-ssl disabled=yes port=43524
  210. /system clock
  211. set time-zone-name=Europe/Minsk
  212. /system identity
  213. set name=238101
  214. /system scheduler
  215. add name="after reboot" on-event=":delay 30\r\
  216. \n/interface disable wan\r\
  217. \n:delay 5\r\
  218. \n/interface enable wan\r\
  219. \n" policy=read,write start-time=startup
  220. add interval=4w2d name="reboot 1_1 in month" on-event="/system reboot" policy=reboot start-date=mar/01/2019 start-time=05:00:00
  221. add interval=4w2d name="reboot 1_2 in month" on-event="/system reboot" policy=reboot start-date=mar/02/2019 start-time=05:00:00
  222. add interval=1d name=reset_counters_all on-event=":delay 2\r\
  223. \n/interface reset-counters wan\r\
  224. \n:delay 2\r\
  225. \n/interface reset-counters pppoe-out1\r\
  226. \n:delay 2\r\
  227. \n/interface reset-counters ether1\r\
  228. \n:delay 2\r\
  229. \n/interface reset-counters ether2\r\
  230. \n:delay 2\r\
  231. \n/interface reset-counters ether3\r\
  232. \n:delay 2\r\
  233. \n/interface reset-counters wlan1\r\
  234. \n:delay 2\r\
  235. \n/interface reset-counters bridge1\r\
  236. \n:delay 2\r\
  237. \n/ip firewall filter reset-counters-all\r\
  238. \n:delay 2\r\
  239. \n/ip firewall nat reset-counters-all\r\
  240. \n:delay 2\r\
  241. \n/ip firewall mangle reset-counters-all\r\
  242. \n:delay 2\r\
  243. \n/ip firewall raw reset-counters-all\r\
  244. \n:delay 2\r\
  245. \n/queue tree reset-counters-all" policy=read,write,policy,test,sniff,sensitive,romon start-date=feb/09/2019 start-time=05:03:01
  246. add interval=1d name="wlan disable/enable p1" on-event="/interface disable wlan1\r\
  247. \n:delay 3\r\
  248. \n/interface enable wlan1" policy=read,write start-date=feb/09/2019 start-time=05:01:31
  249. add interval=1d name="wlan disable/enable p2" on-event="/interface enable wlan1" policy=read,write start-date=feb/09/2019 start-time=08:01:31
  250. /tool mac-server
  251. set allowed-interface-list=LAN_and_WIFI
  252. /tool mac-server mac-winbox
  253. set allowed-interface-list=LAN_and_WIFI
  254. /tool mac-server ping
  255. set enabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!