API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 21st, 2019
191
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.62 KB | None | 0 0
raw download clone embed print report
  1. /caps-man channel
  2. add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel1
  3. add band=2ghz-b/g/n extension-channel=eC frequency=2462 name=channel11
  4. add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel1
  5. add band=2ghz-b/g/n extension-channel=eC frequency=2462 name=channel11
  6. /caps-man datapath
  7. add client-to-client-forwarding=yes name=datapath-raspy
  8. add client-to-client-forwarding=yes name=datapath1
  9. add client-to-client-forwarding=yes name=datapath-guest
  10. add client-to-client-forwarding=yes name=datapath-raspy
  11. add client-to-client-forwarding=yes name=datapath1
  12. add client-to-client-forwarding=yes name=datapath-guest
  13. /interface bridge
  14. add name=bridge-TRUNK
  15. /interface ethernet
  16. set [ find default-name=ether1 ] comment=F300_ST speed=100Mbps
  17. set [ find default-name=ether2 ] comment=QRT_AP speed=100Mbps
  18. set [ find default-name=ether3 ] comment="Switch Sottoscala" speed=100Mbps
  19. set [ find default-name=ether4 ] comment="Appart. Lau" speed=100Mbps
  20. set [ find default-name=ether5 ] arp=proxy-arp comment=\
  21. "00:04:56:FD:24:D1 WLAN - D0 LAN 10.34.3.164" name=ether5-WAN speed=\
  22. 100Mbps
  23. set [ find default-name=ether6 ] advertise=\
  24. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  25. set [ find default-name=ether7 ] advertise=\
  26. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
  27. "RB750 Labor. Radio"
  28. set [ find default-name=ether8 ] advertise=\
  29. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
  30. "Acces Point 1P"
  31. set [ find default-name=ether9 ] advertise=\
  32. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
  33. MANAGEMENT
  34. set [ find default-name=ether10 ] advertise=\
  35. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
  36. "Camera Stef"
  37. set [ find default-name=sfp1 ] disabled=yes
  38. /interface vlan
  39. add disabled=yes interface=ether8 name=vlan11 vlan-id=11
  40. add interface=bridge-TRUNK name=vlan11-LAN vlan-id=11
  41. add disabled=yes interface=ether8 name=vlan12 vlan-id=12
  42. add interface=bridge-TRUNK name=vlan12-Guest vlan-id=12
  43. add interface=bridge-TRUNK name=vlan15-Voip1 vlan-id=15
  44. add interface=bridge-TRUNK name=vlan16-Voip2 vlan-id=16
  45. add interface=bridge-TRUNK name=vlan17-security vlan-id=17
  46. add arp=proxy-arp interface=bridge-TRUNK name=vlan19-SkyQ vlan-id=19
  47. add interface=bridge-TRUNK name=vlan20-PPPoE vlan-id=20
  48. add interface=bridge-TRUNK name=vlan100-Hotspot vlan-id=100
  49. /interface pppoe-client
  50. add add-default-route=yes allow=pap disabled=no interface=vlan20-PPPoE \
  51. keepalive-timeout=60 name=pppoe-out1 password=WISP use-peer-dns=yes \
  52. user=nga.granata.stefano
  53. /caps-man security
  54. add authentication-types=wpa-psk encryption=aes-ccm name=security1 \
  55. passphrase=ac3bf78454
  56. add authentication-types=wpa-psk encryption=aes-ccm name=security-guest \
  57. passphrase=12345678
  58. add authentication-types=wpa2-psk encryption=aes-ccm name=security-raspy \
  59. passphrase=4695646956
  60. add authentication-types=wpa-psk encryption=aes-ccm name=security1 \
  61. passphrase=ac3bf78454
  62. add authentication-types=wpa-psk encryption=aes-ccm name=security-guest \
  63. passphrase=12345678
  64. add authentication-types=wpa2-psk encryption=aes-ccm name=security-raspy \
  65. passphrase=4695646956
  66. /caps-man configuration
  67. add country=italy datapath=datapath1 distance=indoors hide-ssid=no mode=ap \
  68. name=cfg-master security=security1 ssid=XXXXXXXX
  69. add country=italy datapath=datapath-guest name=cfg-guest security=\
  70. security-guest ssid=XXXXXXXXXXXXXXXXXX
  71. add country=italy datapath=datapath1 distance=indoors hide-ssid=no mode=ap \
  72. name=cfg-master security=security1 ssid=XXXXXXXXXXXXXXX
  73. add country=italy datapath=datapath-guest name=cfg-guest security=\
  74. security-guest ssid=XXXXXXXXXXXX
  75. /interface ethernet switch port
  76. set 0 vlan-mode=fallback
  77. set 1 vlan-mode=secure
  78. set 2 vlan-mode=secure
  79. set 3 vlan-mode=secure
  80. set 4 vlan-mode=secure
  81. set 5 vlan-mode=fallback
  82. set 6 vlan-mode=secure
  83. set 7 vlan-mode=secure
  84. set 8 vlan-mode=secure
  85. set 9 vlan-mode=fallback
  86. set 10 default-vlan-id=11 vlan-mode=secure
  87. set 11 vlan-mode=fallback
  88. set 12 vlan-mode=fallback
  89. /interface wireless security-profiles
  90. set [ find default=yes ] supplicant-identity=MikroTik
  91. /ip ipsec peer profile
  92. add dh-group=modp1024 enc-algorithm=aes-256,aes-128,3des name=profile_1
  93. /ip ipsec proposal
  94. set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des \
  95. pfs-group=none
  96. /ip pool
  97. add name=dhcp_pool_LAN ranges=192.168.1.201-192.168.1.250
  98. add name=dhcp_pool_GUEST ranges=10.10.15.50-10.10.15.150
  99. add name=dhcp_pool_Hotspot ranges=172.16.0.10-172.16.0.255
  100. add name=dhcp_pool_SkyQ ranges=10.90.90.2-10.90.90.14
  101. add name=dhcp_pool_Voip1 ranges=192.168.61.100-192.168.61.200
  102. add name=l2tp_pool ranges=10.10.0.2-10.10.0.100
  103. add name=pool_security ranges=90.90.90.10-90.90.90.250
  104. /ip dhcp-server
  105. add address-pool=dhcp_pool_LAN authoritative=after-2sec-delay disabled=no \
  106. interface=vlan11-LAN lease-time=23h59m name=dhcp-LAN
  107. add address-pool=dhcp_pool_GUEST disabled=no interface=vlan12-Guest name=\
  108. dhcp-GUEST
  109. add address-pool=dhcp_pool_Hotspot authoritative=after-2sec-delay disabled=no \
  110. interface=vlan100-Hotspot lease-time=1h name=dhcp-Hotspot
  111. add address-pool=dhcp_pool_SkyQ disabled=no interface=vlan19-SkyQ name=\
  112. dhcp-SkyQ
  113. add address-pool=dhcp_pool_Voip1 disabled=no interface=vlan15-Voip1 name=\
  114. dhcp-Voip1
  115. /ip hotspot user profile
  116. add address-pool=dhcp_pool_Hotspot name=Trial rate-limit=512k/4M \
  117. transparent-proxy=yes
  118. /ip hotspot profile
  119. add dns-name=hotspot.granatalauro.it hotspot-address=172.16.0.1 \
  120. http-cookie-lifetime=1d login-by=cookie,http-chap,trial name=hsprof1 \
  121. trial-uptime-limit=2h trial-user-profile=Trial
  122. /ip hotspot
  123. add address-pool=dhcp_pool_Hotspot addresses-per-mac=1 disabled=no interface=\
  124. vlan100-Hotspot name=hotspot1 profile=hsprof1
  125. /ppp profile
  126. add local-address=10.10.0.1 name=L2TP-VPN remote-address=l2tp_pool \
  127. use-encryption=yes
  128. set *FFFFFFFE dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 \
  129. remote-address=192.168.1.233
  130. /queue simple
  131. add max-limit=1M/6M name=user1 target=10.10.15.1/32
  132. add max-limit=1M/6M name=user2 target=10.10.15.2/32
  133. add max-limit=1M/6M name=user3 target=10.10.15.3/32
  134. add max-limit=1M/6M name=user4 target=10.10.15.4/32
  135. add max-limit=1M/6M name=user5 target=10.10.15.5/32
  136. add max-limit=1M/6M name=user6 target=10.10.15.6/32
  137. add max-limit=1M/6M name=user7 target=10.10.15.7/32
  138. add max-limit=1M/6M name=user8 target=10.10.15.8/32
  139. add max-limit=1M/6M name=user9 target=10.10.15.9/32
  140. add max-limit=1M/6M name=user10 target=10.10.15.10/32
  141. add max-limit=1M/6M name=user11 target=10.10.15.11/32
  142. add max-limit=1M/6M name=user12 target=10.10.15.12/32
  143. add max-limit=1M/6M name=user13 target=10.10.15.13/32
  144. add max-limit=1M/6M name=user14 target=10.10.15.14/32
  145. add max-limit=1M/6M name=user15 target=10.10.15.15/32
  146. add max-limit=1M/6M name=user16 target=10.10.15.16/32
  147. add max-limit=1M/6M name=user17 target=10.10.15.17/32
  148. add max-limit=1M/6M name=user18 target=10.10.15.18/32
  149. add max-limit=1M/6M name=user19 target=10.10.15.19/32
  150. add max-limit=1M/6M name=user20 target=10.10.15.20/32
  151. add max-limit=1M/6M name=user21 target=10.10.15.21/32
  152. add max-limit=1M/6M name=user22 target=10.10.15.22/32
  153. add max-limit=1M/6M name=user23 target=10.10.15.23/32
  154. add max-limit=1M/6M name=user24 target=10.10.15.24/32
  155. add max-limit=1M/6M name=user25 target=10.10.15.25/32
  156. add max-limit=1M/6M name=user26 target=10.10.15.26/32
  157. add max-limit=1M/6M name=user27 target=10.10.15.27/32
  158. add max-limit=1M/6M name=user28 target=10.10.15.28/32
  159. add max-limit=1M/6M name=user29 target=10.10.15.29/32
  160. add max-limit=1M/6M name=user30 target=10.10.15.30/32
  161. add max-limit=1M/6M name=user31 target=10.10.15.31/32
  162. add max-limit=1M/6M name=user32 target=10.10.15.32/32
  163. add max-limit=1M/6M name=user33 target=10.10.15.33/32
  164. add max-limit=1M/6M name=user34 target=10.10.15.34/32
  165. add max-limit=1M/6M name=user35 target=10.10.15.35/32
  166. add max-limit=1M/6M name=user36 target=10.10.15.36/32
  167. add max-limit=1M/6M name=user37 target=10.10.15.37/32
  168. add max-limit=1M/6M name=user38 target=10.10.15.38/32
  169. add max-limit=1M/6M name=user39 target=10.10.15.39/32
  170. add max-limit=1M/6M name=user40 target=10.10.15.40/32
  171. add max-limit=1M/6M name=user41 target=10.10.15.41/32
  172. add max-limit=1M/6M name=user42 target=10.10.15.42/32
  173. add max-limit=1M/6M name=user43 target=10.10.15.43/32
  174. add max-limit=1M/6M name=user44 target=10.10.15.44/32
  175. add max-limit=1M/6M name=user45 target=10.10.15.45/32
  176. add max-limit=1M/6M name=user46 target=10.10.15.46/32
  177. add max-limit=1M/6M name=user47 target=10.10.15.47/32
  178. add max-limit=1M/6M name=user48 target=10.10.15.48/32
  179. add max-limit=1M/6M name=user49 target=10.10.15.49/32
  180. add max-limit=1M/6M name=user50 target=10.10.15.50/32
  181. add max-limit=1M/6M name=user51 target=10.10.15.51/32
  182. add max-limit=1M/6M name=user52 target=10.10.15.52/32
  183. add max-limit=1M/6M name=user53 target=10.10.15.53/32
  184. add max-limit=1M/6M name=user54 target=10.10.15.54/32
  185. add max-limit=1M/6M name=user55 target=10.10.15.55/32
  186. add disabled=yes max-limit=1M/6M name=user56 target=10.10.15.56/32
  187. add disabled=yes max-limit=1M/6M name=user57 target=10.10.15.57/32
  188. add max-limit=1M/6M name=user58 target=10.10.15.58/32
  189. add max-limit=1M/6M name=user59 target=10.10.15.59/32
  190. add max-limit=1M/6M name=user60 target=10.10.15.60/32
  191. add max-limit=1M/6M name=user61 target=10.10.15.61/32
  192. add max-limit=1M/6M name=user62 target=10.10.15.62/32
  193. add max-limit=1M/6M name=user63 target=10.10.15.63/32
  194. add max-limit=1M/6M name=user64 target=10.10.15.64/32
  195. add max-limit=1M/6M name=user65 target=10.10.15.55/32
  196. add max-limit=1M/6M name=user66 target=10.10.15.66/32
  197. add max-limit=1M/6M name=user67 target=10.10.15.67/32
  198. add max-limit=1M/6M name=user68 target=10.10.15.68/32
  199. add max-limit=1M/6M name=user69 target=10.10.15.69/32
  200. add max-limit=1M/6M name=user70 target=10.10.15.70/32
  201. add max-limit=1M/6M name=user71 target=10.10.15.71/32
  202. add max-limit=1M/6M name=user72 target=10.10.15.72/32
  203. add max-limit=1M/6M name=user73 target=10.10.15.73/32
  204. add max-limit=1M/6M name=user74 target=10.10.15.74/32
  205. add max-limit=1M/6M name=user75 target=10.10.15.75/32
  206. add max-limit=1M/6M name=user76 target=10.10.15.76/32
  207. add max-limit=1M/6M name=user77 target=10.10.15.77/32
  208. add max-limit=1M/6M name=user78 target=10.10.15.88/32
  209. add max-limit=1M/6M name=user79 target=10.10.15.79/32
  210. add max-limit=1M/6M name=user80 target=10.10.15.80/32
  211. add max-limit=1M/6M name=user81 target=10.10.15.81/32
  212. add max-limit=1M/6M name=user82 target=10.10.15.82/32
  213. add max-limit=1M/6M name=user83 target=10.10.15.83/32
  214. add max-limit=1M/6M name=user84 target=10.10.15.84/32
  215. add max-limit=1M/6M name=user85 target=10.10.15.85/32
  216. add max-limit=1M/6M name=user86 target=10.10.15.86/32
  217. add max-limit=1M/6M name=user87 target=10.10.15.87/32
  218. add max-limit=1M/6M name=user88 target=10.10.15.88/32
  219. add max-limit=1M/6M name=user89 target=10.10.15.89/32
  220. add max-limit=1M/6M name=user90 target=10.10.15.90/32
  221. add max-limit=1M/6M name=user91 target=10.10.15.91/32
  222. add max-limit=1M/6M name=user92 target=10.10.15.92/32
  223. add max-limit=1M/6M name=user93 target=10.10.15.93/32
  224. add max-limit=1M/6M name=user94 target=10.10.15.94/32
  225. add max-limit=1M/6M name=user95 target=10.10.15.95/32
  226. add max-limit=1M/6M name=user96 target=10.10.15.96/32
  227. add max-limit=1M/6M name=user97 target=10.10.15.97/32
  228. add max-limit=1M/6M name=user98 target=10.10.15.98/32
  229. add max-limit=1M/6M name=user99 target=10.10.15.99/32
  230. add max-limit=1M/6M name=user100 target=10.10.15.100/32
  231. add max-limit=1M/6M name=user101 target=10.10.15.101/32
  232. add max-limit=1M/6M name=user102 target=10.10.15.102/32
  233. add max-limit=1M/6M name=user103 target=10.10.15.103/32
  234. add max-limit=1M/6M name=user104 target=10.10.15.104/32
  235. add max-limit=1M/6M name=user105 target=10.10.15.105/32
  236. add max-limit=1M/6M name=user106 target=10.10.15.106/32
  237. add max-limit=1M/6M name=user107 target=10.10.15.107/32
  238. add max-limit=1M/6M name=user108 target=10.10.15.108/32
  239. add max-limit=1M/6M name=user109 target=10.10.15.109/32
  240. add max-limit=1M/6M name=user110 target=10.10.15.110/32
  241. add max-limit=1M/6M name=user111 target=10.10.15.111/32
  242. add max-limit=1M/6M name=user112 target=10.10.15.112/32
  243. add max-limit=1M/6M name=user113 target=10.10.15.113/32
  244. add max-limit=1M/6M name=user114 target=10.10.15.114/32
  245. add max-limit=1M/6M name=user115 target=10.10.15.115/32
  246. add max-limit=1M/6M name=user116 target=10.10.15.116/32
  247. add max-limit=1M/6M name=user117 target=10.10.15.117/32
  248. add max-limit=1M/6M name=user118 target=10.10.15.118/32
  249. add max-limit=1M/6M name=user119 target=10.10.15.119/32
  250. add max-limit=1M/6M name=user120 target=10.10.15.120/32
  251. add max-limit=1M/6M name=user121 target=10.10.15.121/32
  252. add max-limit=1M/6M name=user122 target=10.10.15.122/32
  253. add max-limit=1M/6M name=user123 target=10.10.15.123/32
  254. add max-limit=1M/6M name=user124 target=10.10.15.124/32
  255. add max-limit=1M/6M name=user125 target=10.10.15.125/32
  256. add max-limit=1M/6M name=user126 target=10.10.15.126/32
  257. add max-limit=1M/6M name=user127 target=10.10.15.127/32
  258. add max-limit=1M/6M name=user128 target=10.10.15.128/32
  259. add max-limit=1M/6M name=user129 target=10.10.15.129/32
  260. add max-limit=1M/6M name=user130 target=10.10.15.130/32
  261. add max-limit=1M/6M name=user131 target=10.10.15.131/32
  262. add max-limit=1M/6M name=user132 target=10.10.15.132/32
  263. add max-limit=1M/6M name=user133 target=10.10.15.133/32
  264. add max-limit=1M/6M name=user134 target=10.10.15.134/32
  265. add max-limit=1M/6M name=user135 target=10.10.15.135/32
  266. add max-limit=1M/6M name=user136 target=10.10.15.136/32
  267. add max-limit=1M/6M name=user137 target=10.10.15.137/32
  268. add max-limit=1M/6M name=user138 target=10.10.15.138/32
  269. add max-limit=1M/6M name=user139 target=10.10.15.139/32
  270. add max-limit=1M/6M name=user140 target=10.10.15.140/32
  271. add max-limit=1M/6M name=user141 target=10.10.15.141/32
  272. add max-limit=1M/6M name=user142 target=10.10.15.142/32
  273. add max-limit=1M/6M name=user143 target=10.10.15.143/32
  274. add max-limit=1M/6M name=user144 target=10.10.15.144/32
  275. add max-limit=1M/6M name=user145 target=10.10.15.145/32
  276. add max-limit=1M/6M name=user146 target=10.10.15.146/32
  277. add max-limit=1M/6M name=user147 target=10.10.15.147/32
  278. add max-limit=1M/6M name=user148 target=10.10.15.148/32
  279. add max-limit=1M/6M name=user149 target=10.10.15.149/32
  280. add max-limit=1M/6M name=user150 target=10.10.15.150/32
  281. add max-limit=1M/6M name=user151 target=10.10.15.151/32
  282. add max-limit=1M/6M name=user152 target=10.10.15.152/32
  283. add max-limit=1M/6M name=user153 target=10.10.15.153/32
  284. add max-limit=1M/6M name=user154 target=10.10.15.154/32
  285. add max-limit=1M/6M name=user155 target=10.10.15.155/32
  286. add max-limit=1M/6M name=user156 target=10.10.15.156/32
  287. add max-limit=1M/6M name=user157 target=10.10.15.157/32
  288. add max-limit=1M/6M name=user158 target=10.10.15.158/32
  289. add max-limit=1M/6M name=user159 target=10.10.15.159/32
  290. add max-limit=1M/6M name=user160 target=10.10.15.160/32
  291. add max-limit=1M/6M name=user161 target=10.10.15.161/32
  292. add max-limit=1M/6M name=user162 target=10.10.15.162/32
  293. add max-limit=1M/6M name=user163 target=10.10.15.163/32
  294. add max-limit=1M/6M name=user164 target=10.10.15.164/32
  295. add max-limit=1M/6M name=user165 target=10.10.15.155/32
  296. add max-limit=1M/6M name=user166 target=10.10.15.166/32
  297. add max-limit=1M/6M name=user167 target=10.10.15.167/32
  298. add max-limit=1M/6M name=user168 target=10.10.15.168/32
  299. add max-limit=1M/6M name=user169 target=10.10.15.169/32
  300. add max-limit=1M/6M name=user170 target=10.10.15.170/32
  301. add max-limit=1M/6M name=user171 target=10.10.15.171/32
  302. add max-limit=1M/6M name=user172 target=10.10.15.172/32
  303. add max-limit=1M/6M name=user173 target=10.10.15.173/32
  304. add max-limit=1M/6M name=user174 target=10.10.15.174/32
  305. add max-limit=1M/6M name=user175 target=10.10.15.175/32
  306. add max-limit=1M/6M name=user176 target=10.10.15.176/32
  307. add max-limit=1M/6M name=user177 target=10.10.15.177/32
  308. add max-limit=1M/6M name=user178 target=10.10.15.188/32
  309. add max-limit=1M/6M name=user179 target=10.10.15.179/32
  310. add max-limit=1M/6M name=user180 target=10.10.15.180/32
  311. add max-limit=1M/6M name=user181 target=10.10.15.181/32
  312. add max-limit=1M/6M name=user182 target=10.10.15.182/32
  313. add max-limit=1M/6M name=user183 target=10.10.15.183/32
  314. add max-limit=1M/6M name=user184 target=10.10.15.184/32
  315. add max-limit=1M/6M name=user185 target=10.10.15.185/32
  316. add max-limit=1M/6M name=user186 target=10.10.15.186/32
  317. add max-limit=1M/6M name=user187 target=10.10.15.187/32
  318. add max-limit=1M/6M name=user188 target=10.10.15.188/32
  319. add max-limit=1M/6M name=user189 target=10.10.15.189/32
  320. add max-limit=1M/6M name=user190 target=10.10.15.190/32
  321. add max-limit=1M/6M name=user191 target=10.10.15.191/32
  322. add max-limit=1M/6M name=user192 target=10.10.15.192/32
  323. add max-limit=1M/6M name=user193 target=10.10.15.193/32
  324. add max-limit=1M/6M name=user194 target=10.10.15.194/32
  325. add max-limit=1M/6M name=user195 target=10.10.15.195/32
  326. add max-limit=1M/6M name=user196 target=10.10.15.196/32
  327. add max-limit=1M/6M name=user197 target=10.10.15.197/32
  328. add max-limit=1M/6M name=user198 target=10.10.15.198/32
  329. add max-limit=1M/6M name=user199 target=10.10.15.199/32
  330. add max-limit=1M/6M name=user200 target=10.10.15.200/32
  331. add max-limit=1M/6M name=user201 target=10.10.15.201/32
  332. add max-limit=1M/6M name=user202 target=10.10.15.202/32
  333. add max-limit=1M/6M name=user203 target=10.10.15.203/32
  334. add max-limit=1M/6M name=user204 target=10.10.15.204/32
  335. add max-limit=1M/6M name=user205 target=10.10.15.205/32
  336. add max-limit=1M/6M name=user206 target=10.10.15.206/32
  337. add max-limit=1M/6M name=user207 target=10.10.15.207/32
  338. add max-limit=1M/6M name=user208 target=10.10.15.208/32
  339. add max-limit=1M/6M name=user209 target=10.10.15.209/32
  340. add max-limit=1M/6M name=user210 target=10.10.15.210/32
  341. add max-limit=1M/6M name=user211 target=10.10.15.211/32
  342. add max-limit=1M/6M name=user212 target=10.10.15.212/32
  343. add max-limit=1M/6M name=user213 target=10.10.15.213/32
  344. add max-limit=1M/6M name=user214 target=10.10.15.214/32
  345. add max-limit=1M/6M name=user215 target=10.10.15.215/32
  346. add max-limit=1M/6M name=user216 target=10.10.15.216/32
  347. add max-limit=1M/6M name=user217 target=10.10.15.217/32
  348. add max-limit=1M/6M name=user218 target=10.10.15.218/32
  349. add max-limit=1M/6M name=user219 target=10.10.15.219/32
  350. add max-limit=1M/6M name=user220 target=10.10.15.220/32
  351. add max-limit=1M/6M name=user221 target=10.10.15.221/32
  352. add max-limit=1M/6M name=user222 target=10.10.15.222/32
  353. add max-limit=1M/6M name=user223 target=10.10.15.223/32
  354. add max-limit=1M/6M name=user224 target=10.10.15.224/32
  355. add max-limit=1M/6M name=user225 target=10.10.15.225/32
  356. add max-limit=1M/6M name=user226 target=10.10.15.226/32
  357. add max-limit=1M/6M name=user227 target=10.10.15.227/32
  358. add max-limit=1M/6M name=user228 target=10.10.15.228/32
  359. add max-limit=1M/6M name=user229 target=10.10.15.229/32
  360. add max-limit=1M/6M name=user230 target=10.10.15.230/32
  361. add max-limit=1M/6M name=user231 target=10.10.15.231/32
  362. add max-limit=1M/6M name=user232 target=10.10.15.232/32
  363. add max-limit=1M/6M name=user233 target=10.10.15.233/32
  364. add max-limit=1M/6M name=user234 target=10.10.15.234/32
  365. add max-limit=1M/6M name=user235 target=10.10.15.235/32
  366. add max-limit=1M/6M name=user236 target=10.10.15.236/32
  367. add max-limit=1M/6M name=user237 target=10.10.15.237/32
  368. add max-limit=1M/6M name=user238 target=10.10.15.238/32
  369. add max-limit=1M/6M name=user239 target=10.10.15.239/32
  370. add max-limit=1M/6M name=user240 target=10.10.15.240/32
  371. add max-limit=1M/6M name=user241 target=10.10.15.241/32
  372. add max-limit=1M/6M name=user242 target=10.10.15.242/32
  373. add max-limit=1M/6M name=user243 target=10.10.15.243/32
  374. add max-limit=1M/6M name=user244 target=10.10.15.244/32
  375. add max-limit=1M/6M name=user245 target=10.10.15.245/32
  376. add max-limit=1M/6M name=user246 target=10.10.15.246/32
  377. add max-limit=1M/6M name=user247 target=10.10.15.247/32
  378. add max-limit=1M/6M name=user248 target=10.10.15.248/32
  379. add max-limit=1M/6M name=user249 target=10.10.15.249/32
  380. add max-limit=1M/6M name=user250 target=10.10.15.250/32
  381. add max-limit=1M/6M name=user251 target=10.10.15.251/32
  382. add max-limit=1M/6M name=user252 target=10.10.15.252/32
  383. add max-limit=1M/6M name=user253 target=10.10.15.253/32
  384. add disabled=yes max-limit=1M/6M name=user254 target=10.10.15.254/32
  385. add max-limit=512k/512k name=Android target=192.168.1.249/32
  386. add comment=UBUNTU max-limit=256k/8M name=UBUNTU queue=\
  387. pcq-upload-default/pcq-download-default target=192.168.1.41/32
  388. /snmp community
  389. set [ find default=yes ] addresses=0.0.0.0/0
  390. /system logging action
  391. set 0 memory-lines=100
  392. /caps-man access-list
  393. add action=accept disabled=no mac-address=D4:F4:6F:A0:21:7B ssid-regexp=""
  394. add action=accept disabled=no mac-address=00:1E:C2:9E:58:CB ssid-regexp=""
  395. add action=reject disabled=no ssid-regexp=""
  396. add action=accept disabled=yes signal-range=-79..120 ssid-regexp=""
  397. add action=reject disabled=yes signal-range=-120..-80 ssid-regexp=""
  398. add action=accept disabled=no mac-address=D4:F4:6F:A0:21:7B ssid-regexp=""
  399. add action=accept disabled=no mac-address=00:1E:C2:9E:58:CB ssid-regexp=""
  400. add action=reject disabled=no ssid-regexp=""
  401. add action=accept disabled=yes signal-range=-79..120 ssid-regexp=""
  402. add action=reject disabled=yes signal-range=-120..-80 ssid-regexp=""
  403. /caps-man provisioning
  404. add action=create-enabled master-configuration=cfg-master \
  405. slave-configurations=cfg-guest
  406. add action=create-enabled master-configuration=cfg-master \
  407. slave-configurations=cfg-guest
  408. /interface bridge port
  409. add bridge=bridge-TRUNK interface=ether2
  410. add bridge=bridge-TRUNK interface=ether1
  411. add bridge=bridge-TRUNK interface=ether4
  412. add bridge=bridge-TRUNK interface=ether8
  413. add bridge=bridge-TRUNK interface=ether7
  414. add bridge=bridge-TRUNK interface=ether3
  415. add bridge=bridge-TRUNK interface=ether9
  416. add bridge=bridge-TRUNK interface=ether10
  417. add bridge=bridge-TRUNK interface=ether6
  418. /ip neighbor discovery-settings
  419. set discover-interface-list=all
  420. /interface ethernet switch vlan
  421. add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
  422. switch=switch1 vlan-id=11
  423. add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
  424. switch1 vlan-id=13
  425. add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
  426. switch=switch1 vlan-id=12
  427. add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
  428. switch1 vlan-id=14
  429. add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
  430. switch1 vlan-id=19
  431. add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
  432. switch1 vlan-id=15
  433. add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
  434. switch1 vlan-id=16
  435. add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=11
  436. add ports=ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=12
  437. add ports=switch2-cpu switch=switch2 vlan-id=13
  438. add ports=ether7,ether8,switch2-cpu switch=switch2 vlan-id=16
  439. add ports=ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=19
  440. add independent-learning=no ports=ether1,ether2,switch1-cpu switch=switch1 \
  441. vlan-id=17
  442. add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
  443. switch=switch1 vlan-id=100
  444. add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=100
  445. add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
  446. switch=switch1 vlan-id=18
  447. add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=18
  448. add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
  449. 20
  450. /interface l2tp-server server
  451. set authentication=mschap1,mschap2 default-profile=L2TP-VPN enabled=yes \
  452. max-mru=1460 max-mtu=1460 use-ipsec=yes
  453. /interface ovpn-server server
  454. set certificate=ca.crt_0 cipher=blowfish128,aes128,aes192,aes256 enabled=yes \
  455. port=1190
  456. /interface pptp-server server
  457. set enabled=yes
  458. /ip address
  459. add address=192.168.1.1/24 interface=vlan11-LAN network=192.168.1.0
  460. add address=192.168.50.1/24 interface=vlan11-LAN network=192.168.50.0
  461. add address=10.10.15.1/24 interface=vlan12-Guest network=10.10.15.0
  462. add address=192.168.61.1/24 comment="VOIP Negozio 0758039683" interface=\
  463. vlan15-Voip1 network=192.168.61.0
  464. add address=192.168.62.1/24 comment="VOIP Casa Lauro 0758039821" interface=\
  465. vlan16-Voip2 network=192.168.62.0
  466. add address=192.168.30.1/24 interface=vlan11-LAN network=192.168.30.0
  467. add address=10.90.90.1/28 interface=vlan19-SkyQ network=10.90.90.0
  468. add address=172.16.0.1/24 interface=vlan100-Hotspot network=172.16.0.0
  469. add address=192.168.20.254/24 interface=vlan20-PPPoE network=192.168.20.0
  470. add address=192.168.0.254/24 interface=vlan11-LAN network=192.168.0.0
  471. /ip dhcp-client
  472. add dhcp-options=hostname,clientid disabled=no interface=ether5-WAN \
  473. use-peer-dns=no use-peer-ntp=no
  474. /ip dhcp-server lease
  475. add address=192.168.1.200 always-broadcast=yes mac-address=70:EE:50:1C:2D:28 \
  476. server=dhcp-LAN
  477. add address=192.168.1.51 always-broadcast=yes client-id=1:f4:6d:4:96:b6:94 \
  478. mac-address=F4:6D:04:96:B6:94 server=dhcp-LAN
  479. add address=192.168.1.58 client-id=1:0:1e:ec:50:53:a1 mac-address=\
  480. 00:1E:EC:50:53:A1 server=dhcp-LAN
  481. add address=192.168.1.73 client-id=1:18:ee:69:4e:f7:3b mac-address=\
  482. 18:EE:69:4E:F7:3B server=dhcp-LAN
  483. add address=192.168.1.57 client-id=1:54:35:30:71:a:e3 mac-address=\
  484. 54:35:30:71:0A:E3 server=dhcp-LAN
  485. add address=192.168.1.59 client-id=1:34:2:86:5b:2a:1b mac-address=\
  486. 34:02:86:5B:2A:1B server=dhcp-LAN
  487. add address=192.168.1.38 client-id=1:dc:71:44:4d:c7:46 mac-address=\
  488. DC:71:44:4D:C7:46 server=dhcp-LAN
  489. add address=192.168.1.81 always-broadcast=yes client-id=1:0:1e:c2:9e:58:cb \
  490. mac-address=00:1E:C2:9E:58:CB server=dhcp-LAN
  491. add address=192.168.1.82 always-broadcast=yes client-id=1:0:1e:c2:7:e4:79 \
  492. mac-address=00:1E:C2:07:E4:79 server=dhcp-LAN
  493. add address=192.168.1.79 always-broadcast=yes client-id=1:dc:41:5f:1d:2:15 \
  494. mac-address=DC:41:5F:1D:02:15 server=dhcp-LAN
  495. add address=192.168.1.55 always-broadcast=yes client-id=1:54:4:a6:1c:c1:20 \
  496. mac-address=54:04:A6:1C:C1:20 server=dhcp-LAN
  497. add address=192.168.1.100 client-id=1:0:1d:60:36:88:93 mac-address=\
  498. 00:1D:60:36:88:93 server=dhcp-LAN
  499. add address=192.168.1.74 always-broadcast=yes client-id=1:dc:9b:9c:a:d7:66 \
  500. mac-address=DC:9B:9C:0A:D7:66 server=dhcp-LAN
  501. add address=192.168.1.78 always-broadcast=yes client-id=1:1c:5c:f2:49:9e:3a \
  502. mac-address=1C:5C:F2:49:9E:3A server=dhcp-LAN
  503. add address=192.168.1.42 always-broadcast=yes client-id=1:f4:f2:6d:13:d8:ad \
  504. mac-address=F4:F2:6D:13:D8:AD server=dhcp-LAN
  505. add address=192.168.1.43 client-id=1:b8:27:eb:d6:8:18 mac-address=\
  506. B8:27:EB:D6:08:18 server=dhcp-LAN
  507. add address=192.168.1.44 client-id=1:b8:27:eb:ed:6e:25 mac-address=\
  508. B8:27:EB:ED:6E:25 server=dhcp-LAN
  509. add address=192.168.1.41 mac-address=02:19:04:80:E0:FC server=dhcp-LAN
  510. add address=192.168.1.39 always-broadcast=yes client-id=1:88:83:5d:3f:a3:84 \
  511. mac-address=88:83:5D:3F:A3:84 server=dhcp-LAN
  512. add address=192.168.1.49 client-id=1:f8:d0:27:e5:10:d5 mac-address=\
  513. F8:D0:27:E5:10:D5 server=dhcp-LAN
  514. add address=192.168.1.29 always-broadcast=yes comment=XXXXXXXXXXXXXXXXXXXX mac-address=\
  515. 00:19:BA:0B:30:F5 server=dhcp-LAN
  516. add address=10.90.90.2 always-broadcast=yes comment=SkyQ mac-address=\
  517. 20:47:ED:F8:5E:DA server=dhcp-SkyQ
  518. add address=192.168.1.45 client-id=1:dc:56:e7:47:e4:1f mac-address=\
  519. DC:56:E7:47:E4:1F server=dhcp-LAN
  520. add address=192.168.1.25 client-id=1:80:5e:c0:14:c4:33 comment=\
  521. "Yealink Negozio" mac-address=80:5E:C0:14:C4:33 server=dhcp-LAN
  522. add address=10.90.90.3 always-broadcast=yes comment="Mini Camera" \
  523. mac-address=20:47:ED:F0:4A:52 server=dhcp-SkyQ
  524. add address=192.168.1.32 client-id=1:0:1d:ec:a:6d:df mac-address=\
  525. 00:1D:EC:0A:6D:DF server=dhcp-LAN
  526. add address=192.168.1.72 client-id=1:3c:2e:ff:1a:c2:a8 mac-address=\
  527. 3C:2E:FF:1A:C2:A8 server=dhcp-LAN
  528. add address=192.168.1.211 mac-address=4E:FA:EB:1D:ED:4C server=dhcp-LAN
  529. add address=192.168.1.226 client-id=1:d8:8f:76:32:18:e3 mac-address=\
  530. D8:8F:76:32:18:E3 server=dhcp-GUEST
  531. add address=192.168.1.218 client-id=1:ec:9b:f3:7a:69:20 mac-address=\
  532. EC:9B:F3:7A:69:20 server=dhcp-GUEST
  533. add address=192.168.1.76 client-id=1:d0:2b:20:c7:41:f2 mac-address=\
  534. D0:2B:20:C7:41:F2 server=dhcp-LAN
  535. add address=192.168.1.26 client-id=1:0:21:29:1f:85:26 comment=\
  536. "LynkSys PAP NEGOZIO" mac-address=00:21:29:1F:85:26 server=dhcp-LAN
  537. /ip dhcp-server network
  538. add address=10.10.10.0/24 gateway=10.10.10.1
  539. add address=10.10.15.0/24 gateway=10.10.15.1
  540. add address=10.90.90.0/28 gateway=10.90.90.1
  541. add address=15.15.30.0/24 gateway=15.15.30.1
  542. add address=90.90.90.0/24 gateway=90.90.90.1
  543. add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1
  544. add address=192.168.0.0/24 gateway=192.168.0.1
  545. add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
  546. add address=192.168.15.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.15.1
  547. add address=192.168.61.0/24 gateway=192.168.61.1
  548. /ip dns
  549. set cache-max-ttl=5m servers=8.8.8.8
  550. /ip firewall address-list
  551. add address=10.0.0.0/8 disabled=yes list=allow-ip
  552. add address=10.10.15.0/24 disabled=yes list=allow-ip
  553. add address=10.34.2.0/23 disabled=yes list=allow-ip
  554. add address=10.90.90.0/24 disabled=yes list=allow-ip
  555. add address=10.90.90.0/28 disabled=yes list=allow-ip
  556. add address=10.255.255.245 disabled=yes list=allow-ip
  557. add address=192.168.1.0/24 disabled=yes list=allow-ip
  558. add address=192.168.30.0/24 disabled=yes list=allow-ip
  559. add address=192.168.50.0/24 disabled=yes list=allow-ip
  560. add address=192.168.55.0/24 disabled=yes list=allow-ip
  561. add address=192.168.61.0/24 disabled=yes list=allow-ip
  562. add address=192.168.62.0/24 disabled=yes list=allow-ip
  563. add address=192.168.70.0/24 disabled=yes list=allow-ip
  564. add address=92.245.170.0/23 disabled=yes list=Reti_Pubbliche_WISP
  565. add address=92.245.172.0/23 disabled=yes list=Reti_Pubbliche_WISP
  566. add address=212.69.136.0/21 disabled=yes list=Reti_Pubbliche_WISP
  567. add address=89.32.156.0/22 disabled=yes list=Reti_Pubbliche_WISP
  568. add address=89.36.204.0/22 disabled=yes list=Reti_Pubbliche_WISP
  569. add address=46.102.112.0/22 disabled=yes list=Reti_Pubbliche_WISP
  570. add address=185.39.24.0/22 disabled=yes list=Reti_Pubbliche_WISP
  571. add address=79.143.112.0/21 disabled=yes list=Reti_Pubbliche_WISP
  572. add address=91.231.172.0/23 disabled=yes list=Reti_Pubbliche_WISP
  573. add address=87.252.106.0/23 disabled=yes list=Reti_Pubbliche_WISP
  574. add address=185.84.84.0/22 disabled=yes list=Reti_Pubbliche_WISP
  575. add address=10.0.0.0/8 disabled=yes list=Reti_Private_WISP
  576. /ip firewall filter
  577. add action=passthrough chain=unused-hs-chain comment=\
  578. "place hotspot rules here" disabled=yes
  579. add action=drop chain=forward comment="Blocco TUTTO da LAN a GUEST" disabled=\
  580. yes dst-address=10.10.15.0/24 src-address=192.168.1.0/24
  581. add action=accept chain=input dst-port=500,1701,4500 protocol=udp
  582. add action=accept chain=forward comment=\
  583. "ACCETTA da LAN solo verso il dispositivo XX:XX:XX:XX:X di GUEST" \
  584. dst-address=192.168.1.0/24 src-address=10.10.15.0/24 src-mac-address=\
  585. 20:47:ED:F8:5E:DA
  586. add action=accept chain=forward comment=\
  587. "ACCETTA da LAN solo verso il dispositivo XX:XX:XX:XX:X di GUEST" \
  588. dst-address=192.168.1.0/24 src-address=10.90.90.0/24 src-mac-address=\
  589. 20:47:ED:F8:5E:DA
  590. add action=drop chain=forward comment="DROP da GUEST a LAN" dst-address=\
  591. 192.168.1.0/24 src-address=10.10.15.0/24
  592. add action=drop chain=forward comment="DROP da SkyQ a LAN" dst-address=\
  593. 192.168.1.0/24 src-address=10.90.90.0/24
  594. add action=drop chain=forward comment="DROP da LAN a Security" disabled=yes \
  595. dst-address=90.90.90.11 log=yes src-address=192.168.1.0/24 \
  596. src-mac-address=!F4:6D:04:96:B6:94
  597. add action=drop chain=forward comment="DROP da LAN a Security" disabled=yes \
  598. dst-address=90.90.90.11 log=yes src-address=192.168.1.0/24 \
  599. src-mac-address=!3C:2E:FF:97:AA:A5
  600. add action=accept chain=input comment="ACCEPT SSH e TELNET da Bridge-LAN" \
  601. dst-port=22-23 in-interface=vlan11-LAN protocol=tcp
  602. add action=drop chain=input comment="DROOP 80 from PPPOE" dst-port=80 \
  603. in-interface=pppoe-out1 protocol=tcp
  604. add action=accept chain=input comment="ACCEPT 80 from LAN" dst-port=80 \
  605. in-interface=vlan11-LAN protocol=tcp
  606. add action=drop chain=input comment="DROOP ALL 80 " dst-port=80 protocol=tcp
  607. add action=drop chain=input dst-port=22-23 protocol=tcp src-address-list=\
  608. IP_BlackList
  609. add action=accept chain=output comment="Drop FTP Brute Forcers" content=\
  610. "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
  611. add action=add-dst-to-address-list address-list=FTP_BlackList \
  612. address-list-timeout=1d chain=output content="530 Login incorrect" \
  613. protocol=tcp
  614. add action=drop chain=input dst-port=21 protocol=tcp src-address-list=\
  615. FTP_BlackList
  616. add action=add-src-to-address-list address-list=SSH_BlackList_1 \
  617. address-list-timeout=1m chain=input comment=\
  618. "Drop SSH&TELNET Brute Forcers" connection-state=new dst-port=22-23 \
  619. protocol=tcp
  620. add action=add-src-to-address-list address-list=SSH_BlackList_2 \
  621. address-list-timeout=1m chain=input connection-state=new dst-port=22-23 \
  622. protocol=tcp src-address-list=SSH_BlackList_1
  623. add action=add-src-to-address-list address-list=SSH_BlackList_3 \
  624. address-list-timeout=1m chain=input connection-state=new dst-port=22-23 \
  625. protocol=tcp src-address-list=SSH_BlackList_2
  626. add action=add-src-to-address-list address-list=IP_BlackList \
  627. address-list-timeout=1d chain=input connection-state=new dst-port=22-23 \
  628. protocol=tcp src-address-list=SSH_BlackList_3
  629. add action=drop chain=input comment=drop_ssh_brute_forcers dst-port=22 \
  630. protocol=tcp src-address-list=ssh_blacklist
  631. add action=add-src-to-address-list address-list=ssh_blacklist \
  632. address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
  633. protocol=tcp src-address-list=ssh_stage3
  634. add action=add-src-to-address-list address-list=ssh_stage3 \
  635. address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  636. protocol=tcp src-address-list=ssh_stage2
  637. add action=add-src-to-address-list address-list=ssh_stage2 \
  638. address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  639. protocol=tcp src-address-list=ssh_stage1
  640. add action=add-src-to-address-list address-list=ssh_stage1 \
  641. address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  642. protocol=tcp
  643. add action=drop chain=input comment=drop_telnet_brute_forcers dst-port=23 \
  644. protocol=tcp src-address-list=telnet_blacklist
  645. add action=add-src-to-address-list address-list=telnet_blacklist \
  646. address-list-timeout=1w3d chain=input connection-state=new dst-port=23 \
  647. protocol=tcp src-address-list=telnet_stage3
  648. add action=add-src-to-address-list address-list=telnet_stage3 \
  649. address-list-timeout=1m chain=input connection-state=new dst-port=23 \
  650. protocol=tcp src-address-list=telnet_stage2
  651. add action=add-src-to-address-list address-list=telnet_stage2 \
  652. address-list-timeout=1m chain=input connection-state=new dst-port=23 \
  653. protocol=tcp src-address-list=telnet_stage1
  654. add action=add-src-to-address-list address-list=telnet_stage1 \
  655. address-list-timeout=1m chain=input connection-state=new dst-port=23 \
  656. protocol=tcp
  657. add action=drop chain=input comment=drop_winbox_brute_forcers dst-port=8291 \
  658. protocol=tcp src-address-list=winbox_blacklist
  659. add action=add-src-to-address-list address-list=winbox_blacklist \
  660. address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
  661. protocol=tcp src-address-list=winbox_stage3
  662. add action=add-src-to-address-list address-list=winbox_stage3 \
  663. address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
  664. protocol=tcp src-address-list=winbox_stage2
  665. add action=add-src-to-address-list address-list=winbox_stage2 \
  666. address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
  667. protocol=tcp src-address-list=winbox_stage1
  668. add action=add-src-to-address-list address-list=winbox_stage1 \
  669. address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
  670. protocol=tcp
  671. add action=drop chain=input comment=drop_ftp_brute_forcers dst-port=21 \
  672. protocol=tcp src-address-list=ftp_blacklist
  673. add action=add-src-to-address-list address-list=ftp_blacklist \
  674. address-list-timeout=1w3d chain=input connection-state=new dst-port=21 \
  675. protocol=tcp src-address-list=ftp_stage3
  676. add action=add-src-to-address-list address-list=ftp_stage3 \
  677. address-list-timeout=1m chain=input connection-state=new dst-port=21 \
  678. protocol=tcp src-address-list=ftp_stage2
  679. add action=add-src-to-address-list address-list=ftp_stage2 \
  680. address-list-timeout=1m chain=input connection-state=new dst-port=21 \
  681. protocol=tcp src-address-list=ftp_stage1
  682. add action=add-src-to-address-list address-list=ftp_stage1 \
  683. address-list-timeout=1m chain=input connection-state=new dst-port=21 \
  684. protocol=tcp
  685. add action=drop chain=input dst-port=4145 protocol=tcp
  686. add action=drop chain=input dst-port=4145 protocol=udp
  687. add action=drop chain=output comment=Block_Telnet_internal_AS \
  688. dst-address-list=Reti_Pubbliche_WISP dst-port=23 protocol=tcp \
  689. src-address-list=Reti_Pubbliche_WISP
  690. add action=drop chain=output comment=Block_SSH_internal_AS dst-address-list=\
  691. Reti_Pubbliche_WISP dst-port=22 protocol=tcp src-address-list=\
  692. Reti_Pubbliche_WISP
  693. add action=drop chain=output comment=Block_FTP_internal_AS dst-address-list=\
  694. Reti_Pubbliche_WISP dst-port=21 protocol=tcp src-address-list=\
  695. Reti_Pubbliche_WISP
  696. add action=drop chain=output comment=Block_Winbox_internal_AS \
  697. dst-address-list=Reti_Pubbliche_WISP dst-port=8291 protocol=tcp \
  698. src-address-list=Reti_Pubbliche_WISP
  699. add action=drop chain=output comment=Block_Telnet_internal_AS \
  700. dst-address-list=Reti_Private_WISP dst-port=23 protocol=tcp
  701. add action=drop chain=output comment=Block_SSH_internal_AS dst-address-list=\
  702. Reti_Private_WISP dst-port=22 protocol=tcp
  703. add action=accept chain=input comment="ACCEPT 80 from L2TP" dst-port=80 \
  704. in-interface=all-ppp protocol=tcp
  705. add action=drop chain=output comment=Block_Winbox_internal_AS \
  706. dst-address-list=Reti_Private_WISP dst-port=8291 protocol=tcp
  707. add action=drop chain=output comment=Block_FTP_internal_AS dst-address-list=\
  708. Reti_Private_WISP dst-port=21 protocol=tcp
  709. add action=accept chain=input comment="VPN L2TP UDP 500" dst-port=500 \
  710. in-interface=pppoe-out1 protocol=udp
  711. add action=accept chain=input comment="VPN L2TP UDP 1701" dst-port=1701 \
  712. in-interface=pppoe-out1 protocol=udp
  713. add action=accept chain=input comment="VPN L2TP 4500" dst-port=4500 \
  714. in-interface=pppoe-out1 protocol=udp
  715. add action=accept chain=input comment="VPN L2TP ESP" in-interface=pppoe-out1 \
  716. protocol=ipsec-esp
  717. add action=accept chain=input comment="VPN L2TP AH" in-interface=pppoe-out1 \
  718. protocol=ipsec-ah
  719. add action=drop chain=input comment="L2TP brutforce IP IPSec drop" \
  720. connection-state=new log=yes protocol=ipsec-esp src-address-list=\
  721. l2tp-brutforce
  722. add action=drop chain=input comment="L2TP brutforce IP drop" \
  723. connection-state=new dst-port=1701,500,4500 log=yes protocol=udp \
  724. src-address-list=l2tp-brutforce
  725. add action=add-src-to-address-list address-list=l2tp-brutforce \
  726. address-list-timeout=2w chain=input comment="L2TP brutforce IP to list" \
  727. connection-state=new dst-port=1701 protocol=udp src-address-list=probe2
  728. add action=add-src-to-address-list address-list=probe2 address-list-timeout=\
  729. 1m chain=input comment="L2TP brutforce protection stage 2" \
  730. connection-state=new dst-port=1701 protocol=udp src-address-list=probe1
  731. add action=add-src-to-address-list address-list=probe1 address-list-timeout=\
  732. 1m chain=input comment="L2TP brutforce protection stage 1" \
  733. connection-state=new dst-port=1701 protocol=udp
  734. add action=add-dst-to-address-list address-list=l2tp-brutforce \
  735. address-list-timeout=1m chain=output comment=\
  736. "L2TP-brutforce protection stage 3 v2" content="M=bad" dst-address-list=\
  737. l2tp-brutforce-level2
  738. add action=add-dst-to-address-list address-list=l2tp-brutforce-level2 \
  739. address-list-timeout=1m chain=output comment=\
  740. "L2TP-brutforce protection stage 2 v2" content="M=bad" dst-address-list=\
  741. l2tp-brutforce-level1
  742. add action=add-dst-to-address-list address-list=l2tp-brutforce-level1 \
  743. address-list-timeout=1m chain=output comment=\
  744. "L2TP-brutforce protection stage 1 v2" content="M=bad"
  745. /ip firewall mangle
  746. add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
  747. L2TPVPN passthrough=no src-address=10.90.90.2-10.90.90.14
  748. /ip firewall nat
  749. add action=passthrough chain=unused-hs-chain comment=\
  750. "place hotspot rules here" disabled=yes
  751. add action=accept chain=dstnat disabled=yes in-interface=*F src-address=\
  752. 192.168.1.31
  753. add action=accept chain=dstnat disabled=yes in-interface=vlan11-LAN \
  754. src-address=192.168.1.41
  755. add action=accept chain=dstnat disabled=yes in-interface=vlan11-LAN \
  756. src-address=192.168.1.31
  757. add action=masquerade chain=srcnat comment=IP_ePMP1000 out-interface=\
  758. ether5-WAN
  759. add action=masquerade chain=srcnat comment=IP_ePMP1000 out-interface=\
  760. vlan20-PPPoE
  761. add action=masquerade chain=srcnat comment=PPPOE out-interface=pppoe-out1
  762. add action=masquerade chain=srcnat comment=L2TP disabled=yes out-interface=\
  763. *30
  764. add action=masquerade chain=srcnat comment=GUEST-VLAN out-interface=\
  765. vlan11-LAN src-address=10.10.15.0/24
  766. add action=masquerade chain=srcnat dst-address=192.168.50.0/24
  767. add action=masquerade chain=srcnat dst-address=10.90.90.50
  768. add action=masquerade chain=srcnat dst-address=192.168.70.0/24
  769. add action=masquerade chain=srcnat dst-address=192.168.15.0/24
  770. add action=masquerade chain=srcnat dst-address=192.168.20.0/24
  771. add action=masquerade chain=srcnat dst-address=192.168.10.0/24
  772. add action=masquerade chain=srcnat disabled=yes dst-address=192.168.61.0/24
  773. add action=masquerade chain=srcnat disabled=yes dst-address=192.168.61.200
  774. add action=masquerade chain=srcnat dst-address=192.168.62.0/24
  775. add action=masquerade chain=srcnat dst-address=192.168.62.254
  776. add action=dst-nat chain=dstnat comment=VPN dst-port=1193 in-interface=\
  777. pppoe-out1 protocol=udp to-addresses=192.168.1.31 to-ports=1193
  778. add action=dst-nat chain=dstnat comment="VPN .41" dst-port=1199 in-interface=\
  779. pppoe-out1 protocol=udp to-addresses=192.168.1.41
  780. add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
  781. 5071 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.43 \
  782. to-ports=5060
  783. add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
  784. 5071 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.43 \
  785. to-ports=5061
  786. add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
  787. 5361 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.43
  788. add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
  789. 5060 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.43
  790. add action=dst-nat chain=dstnat comment=VPN dst-port=1190 in-interface=\
  791. pppoe-out1 protocol=tcp to-addresses=192.168.1.1
  792. add action=dst-nat chain=dstnat comment=VPN dst-port=443 in-interface=\
  793. pppoe-out1 protocol=tcp to-addresses=192.168.1.31 to-ports=443
  794. add action=dst-nat chain=dstnat comment="eMule .41" dst-port=4711-4712 \
  795. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
  796. add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5041 \
  797. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
  798. add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5046 \
  799. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
  800. add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5049 \
  801. in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.41
  802. add action=dst-nat chain=dstnat comment="eMule .51" dst-port=11051 \
  803. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
  804. add action=dst-nat chain=dstnat comment="eMule .51" dst-port=11052 \
  805. in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.51
  806. add action=dst-nat chain=dstnat comment="Torrent .51" dst-port=10051 \
  807. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
  808. add action=dst-nat chain=dstnat comment="PlexServer .41" dst-port=32400 \
  809. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41 to-ports=\
  810. 32400
  811. add action=dst-nat chain=dstnat comment=Homebridge dst-port=8080 \
  812. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.42 to-ports=\
  813. 8080
  814. add action=dst-nat chain=dstnat comment="WEBIF NAS2" dst-port=8022 \
  815. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.22 to-ports=\
  816. 80
  817. add action=dst-nat chain=dstnat comment="FTP NAS2" dst-port=2122 \
  818. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.22 to-ports=\
  819. 21
  820. add action=dst-nat chain=dstnat comment="FTP NAS1" dst-port=21 in-interface=\
  821. pppoe-out1 protocol=tcp to-addresses=192.168.1.21 to-ports=21
  822. add action=dst-nat chain=dstnat comment="WakeUP .51" dst-port=7 in-interface=\
  823. pppoe-out1 protocol=udp to-addresses=192.168.1.51 to-ports=7
  824. add action=dst-nat chain=dstnat comment="WakeUP .51" dst-port=9 in-interface=\
  825. pppoe-out1 protocol=udp to-addresses=192.168.1.51 to-ports=9
  826. add action=dst-nat chain=dstnat comment="WakeUP .100" dst-port=90 \
  827. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
  828. 90
  829. add action=dst-nat chain=dstnat comment="Transmission .41" dst-port=51413 \
  830. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41 to-ports=\
  831. 51413
  832. add action=dst-nat chain=dstnat comment="uTorrent .100" dst-port=50100 \
  833. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
  834. 50100
  835. add action=dst-nat chain=dstnat comment=DVR dst-port=8333 in-interface=\
  836. pppoe-out1 protocol=tcp to-addresses=192.168.30.240 to-ports=8333
  837. add action=dst-nat chain=dstnat comment=DVR dst-port=5333 in-interface=\
  838. pppoe-out1 protocol=tcp to-addresses=192.168.30.240 to-ports=5333
  839. add action=dst-nat chain=dstnat comment="eMule .81" dst-port=10381 \
  840. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.81 to-ports=\
  841. 10381
  842. add action=dst-nat chain=dstnat comment=uTorrent.100 dst-port=10100 \
  843. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
  844. 10100
  845. add action=dst-nat chain=dstnat comment=uTorrent.51 dst-port=10051 \
  846. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
  847. add action=dst-nat chain=dstnat comment=uTorrent.55 dst-port=10155 \
  848. in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.55
  849. add action=dst-nat chain=dstnat comment=echolink dst-port=5198 in-interface=\
  850. pppoe-out1 protocol=udp to-addresses=192.168.1.222 to-ports=5198
  851. add action=dst-nat chain=dstnat comment=echolink dst-port=5199 in-interface=\
  852. pppoe-out1 protocol=udp to-addresses=192.168.1.222 to-ports=5199
  853. add action=dst-nat chain=dstnat comment=echolink dst-port=5200 in-interface=\
  854. pppoe-out1 protocol=tcp to-addresses=192.168.1.222 to-ports=5200
  855. add action=masquerade chain=srcnat comment="masquerade hotspot network" \
  856. src-address=10.10.98.0/23
  857. add action=dst-nat chain=dstnat comment="DMZ .199" disabled=yes in-interface=\
  858. pppoe-out1 to-addresses=192.168.0.199
  859. add action=masquerade chain=srcnat comment="PROVOCA PROBLEMI FIREWALL" \
  860. disabled=yes
  861. /ip hotspot service-port
  862. set ftp disabled=yes
  863. /ip hotspot walled-garden
  864. add comment="place hotspot rules here" disabled=yes
  865. /ip hotspot walled-garden ip
  866. add action=accept disabled=no dst-address=172.16.0.1
  867. /ip ipsec peer
  868. add address=0.0.0.0/0 generate-policy=port-strict passive=yes profile=\
  869. profile_1 secret=4695646956
  870. /ip ipsec policy
  871. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  872. /ip proxy
  873. set port=41258
  874. /ip route
  875. add distance=1 gateway=*30 routing-mark=L2TPVPN
  876. add distance=1 dst-address=10.34.2.38/32 gateway=10.34.2.35
  877. add distance=2 dst-address=10.90.90.0/24 gateway=vlan11-LAN
  878. add distance=1 dst-address=169.254.1.1/32 gateway=vlan11-LAN
  879. add distance=1 dst-address=192.168.1.37/32 gateway=192.168.1.31
  880. add distance=1 dst-address=192.168.10.1/32 gateway=192.168.10.2
  881. add distance=1 dst-address=192.168.10.1/32 gateway=192.168.10.254
  882. add distance=1 dst-address=192.168.20.1/32 gateway=192.168.50.17
  883. add distance=1 dst-address=192.168.20.20/32 gateway=192.168.20.254
  884. add distance=1 dst-address=192.168.55.0/24 gateway=192.168.1.11
  885. add distance=1 dst-address=192.168.70.0/24 gateway=192.168.1.238
  886. /ip service
  887. set telnet disabled=yes
  888. set ftp disabled=yes port=2180
  889. set ssh disabled=yes
  890. /ppp secret
  891. add name=XXXXXX password=XXXXXXXXXXXXXXXXXXXX profile=L2TP-VPN service=l2tp
  892. /system clock
  893. set time-zone-name=Europe/Zurich
  894. /system identity
  895. set name=XXXXXXXXXXXXXXXXX
  896. /system ntp client
  897. set enabled=yes primary-ntp=193.204.114.232
  898. /system scheduler
  899. add comment="Update No-IP DDNS" disabled=yes interval=5m name=\
  900. no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test \
  901. start-date=feb/26/2017 start-time=17:42:17
  902. add interval=1d name=Day on-event=\
  903. "/queue simple\r\
  904. \nset [find comment=UBUNTU] max-limit=256K/8M\r\
  905. \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
  906. start-date=jan/01/1970 start-time=07:30:00
  907. add interval=1d name=Night on-event=\
  908. "/queue simple\r\
  909. \nset [find comment=UBUNTU] max-limit=5M/0\r\
  910. \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
  911. start-date=jan/01/1970 start-time=01:30:00
  912. add interval=5m name=fetch_new on-event=fetch_new policy=\
  913. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  914. start-date=may/07/2018 start-time=09:25:15
  915. /system script
  916. add dont-require-permissions=no name=fetch_new owner=admin policy=\
  917. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
  918. tool fetch host=\"freedns.afraid.org\" url=\"https://freedns.afraid.org/dy\
  919. namic/update.php\\\?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\" keep-result=\
  920. no\r\
  921. \n"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!