Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /caps-man channel
- add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel1
- add band=2ghz-b/g/n extension-channel=eC frequency=2462 name=channel11
- add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel1
- add band=2ghz-b/g/n extension-channel=eC frequency=2462 name=channel11
- /caps-man datapath
- add client-to-client-forwarding=yes name=datapath-raspy
- add client-to-client-forwarding=yes name=datapath1
- add client-to-client-forwarding=yes name=datapath-guest
- add client-to-client-forwarding=yes name=datapath-raspy
- add client-to-client-forwarding=yes name=datapath1
- add client-to-client-forwarding=yes name=datapath-guest
- /interface bridge
- add name=bridge-TRUNK
- /interface ethernet
- set [ find default-name=ether1 ] comment=F300_ST speed=100Mbps
- set [ find default-name=ether2 ] comment=QRT_AP speed=100Mbps
- set [ find default-name=ether3 ] comment="Switch Sottoscala" speed=100Mbps
- set [ find default-name=ether4 ] comment="Appart. Lau" speed=100Mbps
- set [ find default-name=ether5 ] arp=proxy-arp comment=\
- "00:04:56:FD:24:D1 WLAN - D0 LAN 10.34.3.164" name=ether5-WAN speed=\
- 100Mbps
- set [ find default-name=ether6 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether7 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
- "RB750 Labor. Radio"
- set [ find default-name=ether8 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
- "Acces Point 1P"
- set [ find default-name=ether9 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
- MANAGEMENT
- set [ find default-name=ether10 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
- "Camera Stef"
- set [ find default-name=sfp1 ] disabled=yes
- /interface vlan
- add disabled=yes interface=ether8 name=vlan11 vlan-id=11
- add interface=bridge-TRUNK name=vlan11-LAN vlan-id=11
- add disabled=yes interface=ether8 name=vlan12 vlan-id=12
- add interface=bridge-TRUNK name=vlan12-Guest vlan-id=12
- add interface=bridge-TRUNK name=vlan15-Voip1 vlan-id=15
- add interface=bridge-TRUNK name=vlan16-Voip2 vlan-id=16
- add interface=bridge-TRUNK name=vlan17-security vlan-id=17
- add arp=proxy-arp interface=bridge-TRUNK name=vlan19-SkyQ vlan-id=19
- add interface=bridge-TRUNK name=vlan20-PPPoE vlan-id=20
- add interface=bridge-TRUNK name=vlan100-Hotspot vlan-id=100
- /interface pppoe-client
- add add-default-route=yes allow=pap disabled=no interface=vlan20-PPPoE \
- keepalive-timeout=60 name=pppoe-out1 password=WISP use-peer-dns=yes \
- user=nga.granata.stefano
- /caps-man security
- add authentication-types=wpa-psk encryption=aes-ccm name=security1 \
- passphrase=ac3bf78454
- add authentication-types=wpa-psk encryption=aes-ccm name=security-guest \
- passphrase=12345678
- add authentication-types=wpa2-psk encryption=aes-ccm name=security-raspy \
- passphrase=4695646956
- add authentication-types=wpa-psk encryption=aes-ccm name=security1 \
- passphrase=ac3bf78454
- add authentication-types=wpa-psk encryption=aes-ccm name=security-guest \
- passphrase=12345678
- add authentication-types=wpa2-psk encryption=aes-ccm name=security-raspy \
- passphrase=4695646956
- /caps-man configuration
- add country=italy datapath=datapath1 distance=indoors hide-ssid=no mode=ap \
- name=cfg-master security=security1 ssid=XXXXXXXX
- add country=italy datapath=datapath-guest name=cfg-guest security=\
- security-guest ssid=XXXXXXXXXXXXXXXXXX
- add country=italy datapath=datapath1 distance=indoors hide-ssid=no mode=ap \
- name=cfg-master security=security1 ssid=XXXXXXXXXXXXXXX
- add country=italy datapath=datapath-guest name=cfg-guest security=\
- security-guest ssid=XXXXXXXXXXXX
- /interface ethernet switch port
- set 0 vlan-mode=fallback
- set 1 vlan-mode=secure
- set 2 vlan-mode=secure
- set 3 vlan-mode=secure
- set 4 vlan-mode=secure
- set 5 vlan-mode=fallback
- set 6 vlan-mode=secure
- set 7 vlan-mode=secure
- set 8 vlan-mode=secure
- set 9 vlan-mode=fallback
- set 10 default-vlan-id=11 vlan-mode=secure
- set 11 vlan-mode=fallback
- set 12 vlan-mode=fallback
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip ipsec peer profile
- add dh-group=modp1024 enc-algorithm=aes-256,aes-128,3des name=profile_1
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des \
- pfs-group=none
- /ip pool
- add name=dhcp_pool_LAN ranges=192.168.1.201-192.168.1.250
- add name=dhcp_pool_GUEST ranges=10.10.15.50-10.10.15.150
- add name=dhcp_pool_Hotspot ranges=172.16.0.10-172.16.0.255
- add name=dhcp_pool_SkyQ ranges=10.90.90.2-10.90.90.14
- add name=dhcp_pool_Voip1 ranges=192.168.61.100-192.168.61.200
- add name=l2tp_pool ranges=10.10.0.2-10.10.0.100
- add name=pool_security ranges=90.90.90.10-90.90.90.250
- /ip dhcp-server
- add address-pool=dhcp_pool_LAN authoritative=after-2sec-delay disabled=no \
- interface=vlan11-LAN lease-time=23h59m name=dhcp-LAN
- add address-pool=dhcp_pool_GUEST disabled=no interface=vlan12-Guest name=\
- dhcp-GUEST
- add address-pool=dhcp_pool_Hotspot authoritative=after-2sec-delay disabled=no \
- interface=vlan100-Hotspot lease-time=1h name=dhcp-Hotspot
- add address-pool=dhcp_pool_SkyQ disabled=no interface=vlan19-SkyQ name=\
- dhcp-SkyQ
- add address-pool=dhcp_pool_Voip1 disabled=no interface=vlan15-Voip1 name=\
- dhcp-Voip1
- /ip hotspot user profile
- add address-pool=dhcp_pool_Hotspot name=Trial rate-limit=512k/4M \
- transparent-proxy=yes
- /ip hotspot profile
- add dns-name=hotspot.granatalauro.it hotspot-address=172.16.0.1 \
- http-cookie-lifetime=1d login-by=cookie,http-chap,trial name=hsprof1 \
- trial-uptime-limit=2h trial-user-profile=Trial
- /ip hotspot
- add address-pool=dhcp_pool_Hotspot addresses-per-mac=1 disabled=no interface=\
- vlan100-Hotspot name=hotspot1 profile=hsprof1
- /ppp profile
- add local-address=10.10.0.1 name=L2TP-VPN remote-address=l2tp_pool \
- use-encryption=yes
- set *FFFFFFFE dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 \
- remote-address=192.168.1.233
- /queue simple
- add max-limit=1M/6M name=user1 target=10.10.15.1/32
- add max-limit=1M/6M name=user2 target=10.10.15.2/32
- add max-limit=1M/6M name=user3 target=10.10.15.3/32
- add max-limit=1M/6M name=user4 target=10.10.15.4/32
- add max-limit=1M/6M name=user5 target=10.10.15.5/32
- add max-limit=1M/6M name=user6 target=10.10.15.6/32
- add max-limit=1M/6M name=user7 target=10.10.15.7/32
- add max-limit=1M/6M name=user8 target=10.10.15.8/32
- add max-limit=1M/6M name=user9 target=10.10.15.9/32
- add max-limit=1M/6M name=user10 target=10.10.15.10/32
- add max-limit=1M/6M name=user11 target=10.10.15.11/32
- add max-limit=1M/6M name=user12 target=10.10.15.12/32
- add max-limit=1M/6M name=user13 target=10.10.15.13/32
- add max-limit=1M/6M name=user14 target=10.10.15.14/32
- add max-limit=1M/6M name=user15 target=10.10.15.15/32
- add max-limit=1M/6M name=user16 target=10.10.15.16/32
- add max-limit=1M/6M name=user17 target=10.10.15.17/32
- add max-limit=1M/6M name=user18 target=10.10.15.18/32
- add max-limit=1M/6M name=user19 target=10.10.15.19/32
- add max-limit=1M/6M name=user20 target=10.10.15.20/32
- add max-limit=1M/6M name=user21 target=10.10.15.21/32
- add max-limit=1M/6M name=user22 target=10.10.15.22/32
- add max-limit=1M/6M name=user23 target=10.10.15.23/32
- add max-limit=1M/6M name=user24 target=10.10.15.24/32
- add max-limit=1M/6M name=user25 target=10.10.15.25/32
- add max-limit=1M/6M name=user26 target=10.10.15.26/32
- add max-limit=1M/6M name=user27 target=10.10.15.27/32
- add max-limit=1M/6M name=user28 target=10.10.15.28/32
- add max-limit=1M/6M name=user29 target=10.10.15.29/32
- add max-limit=1M/6M name=user30 target=10.10.15.30/32
- add max-limit=1M/6M name=user31 target=10.10.15.31/32
- add max-limit=1M/6M name=user32 target=10.10.15.32/32
- add max-limit=1M/6M name=user33 target=10.10.15.33/32
- add max-limit=1M/6M name=user34 target=10.10.15.34/32
- add max-limit=1M/6M name=user35 target=10.10.15.35/32
- add max-limit=1M/6M name=user36 target=10.10.15.36/32
- add max-limit=1M/6M name=user37 target=10.10.15.37/32
- add max-limit=1M/6M name=user38 target=10.10.15.38/32
- add max-limit=1M/6M name=user39 target=10.10.15.39/32
- add max-limit=1M/6M name=user40 target=10.10.15.40/32
- add max-limit=1M/6M name=user41 target=10.10.15.41/32
- add max-limit=1M/6M name=user42 target=10.10.15.42/32
- add max-limit=1M/6M name=user43 target=10.10.15.43/32
- add max-limit=1M/6M name=user44 target=10.10.15.44/32
- add max-limit=1M/6M name=user45 target=10.10.15.45/32
- add max-limit=1M/6M name=user46 target=10.10.15.46/32
- add max-limit=1M/6M name=user47 target=10.10.15.47/32
- add max-limit=1M/6M name=user48 target=10.10.15.48/32
- add max-limit=1M/6M name=user49 target=10.10.15.49/32
- add max-limit=1M/6M name=user50 target=10.10.15.50/32
- add max-limit=1M/6M name=user51 target=10.10.15.51/32
- add max-limit=1M/6M name=user52 target=10.10.15.52/32
- add max-limit=1M/6M name=user53 target=10.10.15.53/32
- add max-limit=1M/6M name=user54 target=10.10.15.54/32
- add max-limit=1M/6M name=user55 target=10.10.15.55/32
- add disabled=yes max-limit=1M/6M name=user56 target=10.10.15.56/32
- add disabled=yes max-limit=1M/6M name=user57 target=10.10.15.57/32
- add max-limit=1M/6M name=user58 target=10.10.15.58/32
- add max-limit=1M/6M name=user59 target=10.10.15.59/32
- add max-limit=1M/6M name=user60 target=10.10.15.60/32
- add max-limit=1M/6M name=user61 target=10.10.15.61/32
- add max-limit=1M/6M name=user62 target=10.10.15.62/32
- add max-limit=1M/6M name=user63 target=10.10.15.63/32
- add max-limit=1M/6M name=user64 target=10.10.15.64/32
- add max-limit=1M/6M name=user65 target=10.10.15.55/32
- add max-limit=1M/6M name=user66 target=10.10.15.66/32
- add max-limit=1M/6M name=user67 target=10.10.15.67/32
- add max-limit=1M/6M name=user68 target=10.10.15.68/32
- add max-limit=1M/6M name=user69 target=10.10.15.69/32
- add max-limit=1M/6M name=user70 target=10.10.15.70/32
- add max-limit=1M/6M name=user71 target=10.10.15.71/32
- add max-limit=1M/6M name=user72 target=10.10.15.72/32
- add max-limit=1M/6M name=user73 target=10.10.15.73/32
- add max-limit=1M/6M name=user74 target=10.10.15.74/32
- add max-limit=1M/6M name=user75 target=10.10.15.75/32
- add max-limit=1M/6M name=user76 target=10.10.15.76/32
- add max-limit=1M/6M name=user77 target=10.10.15.77/32
- add max-limit=1M/6M name=user78 target=10.10.15.88/32
- add max-limit=1M/6M name=user79 target=10.10.15.79/32
- add max-limit=1M/6M name=user80 target=10.10.15.80/32
- add max-limit=1M/6M name=user81 target=10.10.15.81/32
- add max-limit=1M/6M name=user82 target=10.10.15.82/32
- add max-limit=1M/6M name=user83 target=10.10.15.83/32
- add max-limit=1M/6M name=user84 target=10.10.15.84/32
- add max-limit=1M/6M name=user85 target=10.10.15.85/32
- add max-limit=1M/6M name=user86 target=10.10.15.86/32
- add max-limit=1M/6M name=user87 target=10.10.15.87/32
- add max-limit=1M/6M name=user88 target=10.10.15.88/32
- add max-limit=1M/6M name=user89 target=10.10.15.89/32
- add max-limit=1M/6M name=user90 target=10.10.15.90/32
- add max-limit=1M/6M name=user91 target=10.10.15.91/32
- add max-limit=1M/6M name=user92 target=10.10.15.92/32
- add max-limit=1M/6M name=user93 target=10.10.15.93/32
- add max-limit=1M/6M name=user94 target=10.10.15.94/32
- add max-limit=1M/6M name=user95 target=10.10.15.95/32
- add max-limit=1M/6M name=user96 target=10.10.15.96/32
- add max-limit=1M/6M name=user97 target=10.10.15.97/32
- add max-limit=1M/6M name=user98 target=10.10.15.98/32
- add max-limit=1M/6M name=user99 target=10.10.15.99/32
- add max-limit=1M/6M name=user100 target=10.10.15.100/32
- add max-limit=1M/6M name=user101 target=10.10.15.101/32
- add max-limit=1M/6M name=user102 target=10.10.15.102/32
- add max-limit=1M/6M name=user103 target=10.10.15.103/32
- add max-limit=1M/6M name=user104 target=10.10.15.104/32
- add max-limit=1M/6M name=user105 target=10.10.15.105/32
- add max-limit=1M/6M name=user106 target=10.10.15.106/32
- add max-limit=1M/6M name=user107 target=10.10.15.107/32
- add max-limit=1M/6M name=user108 target=10.10.15.108/32
- add max-limit=1M/6M name=user109 target=10.10.15.109/32
- add max-limit=1M/6M name=user110 target=10.10.15.110/32
- add max-limit=1M/6M name=user111 target=10.10.15.111/32
- add max-limit=1M/6M name=user112 target=10.10.15.112/32
- add max-limit=1M/6M name=user113 target=10.10.15.113/32
- add max-limit=1M/6M name=user114 target=10.10.15.114/32
- add max-limit=1M/6M name=user115 target=10.10.15.115/32
- add max-limit=1M/6M name=user116 target=10.10.15.116/32
- add max-limit=1M/6M name=user117 target=10.10.15.117/32
- add max-limit=1M/6M name=user118 target=10.10.15.118/32
- add max-limit=1M/6M name=user119 target=10.10.15.119/32
- add max-limit=1M/6M name=user120 target=10.10.15.120/32
- add max-limit=1M/6M name=user121 target=10.10.15.121/32
- add max-limit=1M/6M name=user122 target=10.10.15.122/32
- add max-limit=1M/6M name=user123 target=10.10.15.123/32
- add max-limit=1M/6M name=user124 target=10.10.15.124/32
- add max-limit=1M/6M name=user125 target=10.10.15.125/32
- add max-limit=1M/6M name=user126 target=10.10.15.126/32
- add max-limit=1M/6M name=user127 target=10.10.15.127/32
- add max-limit=1M/6M name=user128 target=10.10.15.128/32
- add max-limit=1M/6M name=user129 target=10.10.15.129/32
- add max-limit=1M/6M name=user130 target=10.10.15.130/32
- add max-limit=1M/6M name=user131 target=10.10.15.131/32
- add max-limit=1M/6M name=user132 target=10.10.15.132/32
- add max-limit=1M/6M name=user133 target=10.10.15.133/32
- add max-limit=1M/6M name=user134 target=10.10.15.134/32
- add max-limit=1M/6M name=user135 target=10.10.15.135/32
- add max-limit=1M/6M name=user136 target=10.10.15.136/32
- add max-limit=1M/6M name=user137 target=10.10.15.137/32
- add max-limit=1M/6M name=user138 target=10.10.15.138/32
- add max-limit=1M/6M name=user139 target=10.10.15.139/32
- add max-limit=1M/6M name=user140 target=10.10.15.140/32
- add max-limit=1M/6M name=user141 target=10.10.15.141/32
- add max-limit=1M/6M name=user142 target=10.10.15.142/32
- add max-limit=1M/6M name=user143 target=10.10.15.143/32
- add max-limit=1M/6M name=user144 target=10.10.15.144/32
- add max-limit=1M/6M name=user145 target=10.10.15.145/32
- add max-limit=1M/6M name=user146 target=10.10.15.146/32
- add max-limit=1M/6M name=user147 target=10.10.15.147/32
- add max-limit=1M/6M name=user148 target=10.10.15.148/32
- add max-limit=1M/6M name=user149 target=10.10.15.149/32
- add max-limit=1M/6M name=user150 target=10.10.15.150/32
- add max-limit=1M/6M name=user151 target=10.10.15.151/32
- add max-limit=1M/6M name=user152 target=10.10.15.152/32
- add max-limit=1M/6M name=user153 target=10.10.15.153/32
- add max-limit=1M/6M name=user154 target=10.10.15.154/32
- add max-limit=1M/6M name=user155 target=10.10.15.155/32
- add max-limit=1M/6M name=user156 target=10.10.15.156/32
- add max-limit=1M/6M name=user157 target=10.10.15.157/32
- add max-limit=1M/6M name=user158 target=10.10.15.158/32
- add max-limit=1M/6M name=user159 target=10.10.15.159/32
- add max-limit=1M/6M name=user160 target=10.10.15.160/32
- add max-limit=1M/6M name=user161 target=10.10.15.161/32
- add max-limit=1M/6M name=user162 target=10.10.15.162/32
- add max-limit=1M/6M name=user163 target=10.10.15.163/32
- add max-limit=1M/6M name=user164 target=10.10.15.164/32
- add max-limit=1M/6M name=user165 target=10.10.15.155/32
- add max-limit=1M/6M name=user166 target=10.10.15.166/32
- add max-limit=1M/6M name=user167 target=10.10.15.167/32
- add max-limit=1M/6M name=user168 target=10.10.15.168/32
- add max-limit=1M/6M name=user169 target=10.10.15.169/32
- add max-limit=1M/6M name=user170 target=10.10.15.170/32
- add max-limit=1M/6M name=user171 target=10.10.15.171/32
- add max-limit=1M/6M name=user172 target=10.10.15.172/32
- add max-limit=1M/6M name=user173 target=10.10.15.173/32
- add max-limit=1M/6M name=user174 target=10.10.15.174/32
- add max-limit=1M/6M name=user175 target=10.10.15.175/32
- add max-limit=1M/6M name=user176 target=10.10.15.176/32
- add max-limit=1M/6M name=user177 target=10.10.15.177/32
- add max-limit=1M/6M name=user178 target=10.10.15.188/32
- add max-limit=1M/6M name=user179 target=10.10.15.179/32
- add max-limit=1M/6M name=user180 target=10.10.15.180/32
- add max-limit=1M/6M name=user181 target=10.10.15.181/32
- add max-limit=1M/6M name=user182 target=10.10.15.182/32
- add max-limit=1M/6M name=user183 target=10.10.15.183/32
- add max-limit=1M/6M name=user184 target=10.10.15.184/32
- add max-limit=1M/6M name=user185 target=10.10.15.185/32
- add max-limit=1M/6M name=user186 target=10.10.15.186/32
- add max-limit=1M/6M name=user187 target=10.10.15.187/32
- add max-limit=1M/6M name=user188 target=10.10.15.188/32
- add max-limit=1M/6M name=user189 target=10.10.15.189/32
- add max-limit=1M/6M name=user190 target=10.10.15.190/32
- add max-limit=1M/6M name=user191 target=10.10.15.191/32
- add max-limit=1M/6M name=user192 target=10.10.15.192/32
- add max-limit=1M/6M name=user193 target=10.10.15.193/32
- add max-limit=1M/6M name=user194 target=10.10.15.194/32
- add max-limit=1M/6M name=user195 target=10.10.15.195/32
- add max-limit=1M/6M name=user196 target=10.10.15.196/32
- add max-limit=1M/6M name=user197 target=10.10.15.197/32
- add max-limit=1M/6M name=user198 target=10.10.15.198/32
- add max-limit=1M/6M name=user199 target=10.10.15.199/32
- add max-limit=1M/6M name=user200 target=10.10.15.200/32
- add max-limit=1M/6M name=user201 target=10.10.15.201/32
- add max-limit=1M/6M name=user202 target=10.10.15.202/32
- add max-limit=1M/6M name=user203 target=10.10.15.203/32
- add max-limit=1M/6M name=user204 target=10.10.15.204/32
- add max-limit=1M/6M name=user205 target=10.10.15.205/32
- add max-limit=1M/6M name=user206 target=10.10.15.206/32
- add max-limit=1M/6M name=user207 target=10.10.15.207/32
- add max-limit=1M/6M name=user208 target=10.10.15.208/32
- add max-limit=1M/6M name=user209 target=10.10.15.209/32
- add max-limit=1M/6M name=user210 target=10.10.15.210/32
- add max-limit=1M/6M name=user211 target=10.10.15.211/32
- add max-limit=1M/6M name=user212 target=10.10.15.212/32
- add max-limit=1M/6M name=user213 target=10.10.15.213/32
- add max-limit=1M/6M name=user214 target=10.10.15.214/32
- add max-limit=1M/6M name=user215 target=10.10.15.215/32
- add max-limit=1M/6M name=user216 target=10.10.15.216/32
- add max-limit=1M/6M name=user217 target=10.10.15.217/32
- add max-limit=1M/6M name=user218 target=10.10.15.218/32
- add max-limit=1M/6M name=user219 target=10.10.15.219/32
- add max-limit=1M/6M name=user220 target=10.10.15.220/32
- add max-limit=1M/6M name=user221 target=10.10.15.221/32
- add max-limit=1M/6M name=user222 target=10.10.15.222/32
- add max-limit=1M/6M name=user223 target=10.10.15.223/32
- add max-limit=1M/6M name=user224 target=10.10.15.224/32
- add max-limit=1M/6M name=user225 target=10.10.15.225/32
- add max-limit=1M/6M name=user226 target=10.10.15.226/32
- add max-limit=1M/6M name=user227 target=10.10.15.227/32
- add max-limit=1M/6M name=user228 target=10.10.15.228/32
- add max-limit=1M/6M name=user229 target=10.10.15.229/32
- add max-limit=1M/6M name=user230 target=10.10.15.230/32
- add max-limit=1M/6M name=user231 target=10.10.15.231/32
- add max-limit=1M/6M name=user232 target=10.10.15.232/32
- add max-limit=1M/6M name=user233 target=10.10.15.233/32
- add max-limit=1M/6M name=user234 target=10.10.15.234/32
- add max-limit=1M/6M name=user235 target=10.10.15.235/32
- add max-limit=1M/6M name=user236 target=10.10.15.236/32
- add max-limit=1M/6M name=user237 target=10.10.15.237/32
- add max-limit=1M/6M name=user238 target=10.10.15.238/32
- add max-limit=1M/6M name=user239 target=10.10.15.239/32
- add max-limit=1M/6M name=user240 target=10.10.15.240/32
- add max-limit=1M/6M name=user241 target=10.10.15.241/32
- add max-limit=1M/6M name=user242 target=10.10.15.242/32
- add max-limit=1M/6M name=user243 target=10.10.15.243/32
- add max-limit=1M/6M name=user244 target=10.10.15.244/32
- add max-limit=1M/6M name=user245 target=10.10.15.245/32
- add max-limit=1M/6M name=user246 target=10.10.15.246/32
- add max-limit=1M/6M name=user247 target=10.10.15.247/32
- add max-limit=1M/6M name=user248 target=10.10.15.248/32
- add max-limit=1M/6M name=user249 target=10.10.15.249/32
- add max-limit=1M/6M name=user250 target=10.10.15.250/32
- add max-limit=1M/6M name=user251 target=10.10.15.251/32
- add max-limit=1M/6M name=user252 target=10.10.15.252/32
- add max-limit=1M/6M name=user253 target=10.10.15.253/32
- add disabled=yes max-limit=1M/6M name=user254 target=10.10.15.254/32
- add max-limit=512k/512k name=Android target=192.168.1.249/32
- add comment=UBUNTU max-limit=256k/8M name=UBUNTU queue=\
- pcq-upload-default/pcq-download-default target=192.168.1.41/32
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0
- /system logging action
- set 0 memory-lines=100
- /caps-man access-list
- add action=accept disabled=no mac-address=D4:F4:6F:A0:21:7B ssid-regexp=""
- add action=accept disabled=no mac-address=00:1E:C2:9E:58:CB ssid-regexp=""
- add action=reject disabled=no ssid-regexp=""
- add action=accept disabled=yes signal-range=-79..120 ssid-regexp=""
- add action=reject disabled=yes signal-range=-120..-80 ssid-regexp=""
- add action=accept disabled=no mac-address=D4:F4:6F:A0:21:7B ssid-regexp=""
- add action=accept disabled=no mac-address=00:1E:C2:9E:58:CB ssid-regexp=""
- add action=reject disabled=no ssid-regexp=""
- add action=accept disabled=yes signal-range=-79..120 ssid-regexp=""
- add action=reject disabled=yes signal-range=-120..-80 ssid-regexp=""
- /caps-man provisioning
- add action=create-enabled master-configuration=cfg-master \
- slave-configurations=cfg-guest
- add action=create-enabled master-configuration=cfg-master \
- slave-configurations=cfg-guest
- /interface bridge port
- add bridge=bridge-TRUNK interface=ether2
- add bridge=bridge-TRUNK interface=ether1
- add bridge=bridge-TRUNK interface=ether4
- add bridge=bridge-TRUNK interface=ether8
- add bridge=bridge-TRUNK interface=ether7
- add bridge=bridge-TRUNK interface=ether3
- add bridge=bridge-TRUNK interface=ether9
- add bridge=bridge-TRUNK interface=ether10
- add bridge=bridge-TRUNK interface=ether6
- /ip neighbor discovery-settings
- set discover-interface-list=all
- /interface ethernet switch vlan
- add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
- switch=switch1 vlan-id=11
- add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
- switch1 vlan-id=13
- add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
- switch=switch1 vlan-id=12
- add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
- switch1 vlan-id=14
- add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
- switch1 vlan-id=19
- add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
- switch1 vlan-id=15
- add independent-learning=no ports=ether1,ether2,ether4,switch1-cpu switch=\
- switch1 vlan-id=16
- add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=11
- add ports=ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=12
- add ports=switch2-cpu switch=switch2 vlan-id=13
- add ports=ether7,ether8,switch2-cpu switch=switch2 vlan-id=16
- add ports=ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=19
- add independent-learning=no ports=ether1,ether2,switch1-cpu switch=switch1 \
- vlan-id=17
- add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
- switch=switch1 vlan-id=100
- add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=100
- add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu \
- switch=switch1 vlan-id=18
- add ports=ether6,ether7,ether8,ether10,switch2-cpu switch=switch2 vlan-id=18
- add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
- 20
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=L2TP-VPN enabled=yes \
- max-mru=1460 max-mtu=1460 use-ipsec=yes
- /interface ovpn-server server
- set certificate=ca.crt_0 cipher=blowfish128,aes128,aes192,aes256 enabled=yes \
- port=1190
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=192.168.1.1/24 interface=vlan11-LAN network=192.168.1.0
- add address=192.168.50.1/24 interface=vlan11-LAN network=192.168.50.0
- add address=10.10.15.1/24 interface=vlan12-Guest network=10.10.15.0
- add address=192.168.61.1/24 comment="VOIP Negozio 0758039683" interface=\
- vlan15-Voip1 network=192.168.61.0
- add address=192.168.62.1/24 comment="VOIP Casa Lauro 0758039821" interface=\
- vlan16-Voip2 network=192.168.62.0
- add address=192.168.30.1/24 interface=vlan11-LAN network=192.168.30.0
- add address=10.90.90.1/28 interface=vlan19-SkyQ network=10.90.90.0
- add address=172.16.0.1/24 interface=vlan100-Hotspot network=172.16.0.0
- add address=192.168.20.254/24 interface=vlan20-PPPoE network=192.168.20.0
- add address=192.168.0.254/24 interface=vlan11-LAN network=192.168.0.0
- /ip dhcp-client
- add dhcp-options=hostname,clientid disabled=no interface=ether5-WAN \
- use-peer-dns=no use-peer-ntp=no
- /ip dhcp-server lease
- add address=192.168.1.200 always-broadcast=yes mac-address=70:EE:50:1C:2D:28 \
- server=dhcp-LAN
- add address=192.168.1.51 always-broadcast=yes client-id=1:f4:6d:4:96:b6:94 \
- mac-address=F4:6D:04:96:B6:94 server=dhcp-LAN
- add address=192.168.1.58 client-id=1:0:1e:ec:50:53:a1 mac-address=\
- 00:1E:EC:50:53:A1 server=dhcp-LAN
- add address=192.168.1.73 client-id=1:18:ee:69:4e:f7:3b mac-address=\
- 18:EE:69:4E:F7:3B server=dhcp-LAN
- add address=192.168.1.57 client-id=1:54:35:30:71:a:e3 mac-address=\
- 54:35:30:71:0A:E3 server=dhcp-LAN
- add address=192.168.1.59 client-id=1:34:2:86:5b:2a:1b mac-address=\
- 34:02:86:5B:2A:1B server=dhcp-LAN
- add address=192.168.1.38 client-id=1:dc:71:44:4d:c7:46 mac-address=\
- DC:71:44:4D:C7:46 server=dhcp-LAN
- add address=192.168.1.81 always-broadcast=yes client-id=1:0:1e:c2:9e:58:cb \
- mac-address=00:1E:C2:9E:58:CB server=dhcp-LAN
- add address=192.168.1.82 always-broadcast=yes client-id=1:0:1e:c2:7:e4:79 \
- mac-address=00:1E:C2:07:E4:79 server=dhcp-LAN
- add address=192.168.1.79 always-broadcast=yes client-id=1:dc:41:5f:1d:2:15 \
- mac-address=DC:41:5F:1D:02:15 server=dhcp-LAN
- add address=192.168.1.55 always-broadcast=yes client-id=1:54:4:a6:1c:c1:20 \
- mac-address=54:04:A6:1C:C1:20 server=dhcp-LAN
- add address=192.168.1.100 client-id=1:0:1d:60:36:88:93 mac-address=\
- 00:1D:60:36:88:93 server=dhcp-LAN
- add address=192.168.1.74 always-broadcast=yes client-id=1:dc:9b:9c:a:d7:66 \
- mac-address=DC:9B:9C:0A:D7:66 server=dhcp-LAN
- add address=192.168.1.78 always-broadcast=yes client-id=1:1c:5c:f2:49:9e:3a \
- mac-address=1C:5C:F2:49:9E:3A server=dhcp-LAN
- add address=192.168.1.42 always-broadcast=yes client-id=1:f4:f2:6d:13:d8:ad \
- mac-address=F4:F2:6D:13:D8:AD server=dhcp-LAN
- add address=192.168.1.43 client-id=1:b8:27:eb:d6:8:18 mac-address=\
- B8:27:EB:D6:08:18 server=dhcp-LAN
- add address=192.168.1.44 client-id=1:b8:27:eb:ed:6e:25 mac-address=\
- B8:27:EB:ED:6E:25 server=dhcp-LAN
- add address=192.168.1.41 mac-address=02:19:04:80:E0:FC server=dhcp-LAN
- add address=192.168.1.39 always-broadcast=yes client-id=1:88:83:5d:3f:a3:84 \
- mac-address=88:83:5D:3F:A3:84 server=dhcp-LAN
- add address=192.168.1.49 client-id=1:f8:d0:27:e5:10:d5 mac-address=\
- F8:D0:27:E5:10:D5 server=dhcp-LAN
- add address=192.168.1.29 always-broadcast=yes comment=XXXXXXXXXXXXXXXXXXXX mac-address=\
- 00:19:BA:0B:30:F5 server=dhcp-LAN
- add address=10.90.90.2 always-broadcast=yes comment=SkyQ mac-address=\
- 20:47:ED:F8:5E:DA server=dhcp-SkyQ
- add address=192.168.1.45 client-id=1:dc:56:e7:47:e4:1f mac-address=\
- DC:56:E7:47:E4:1F server=dhcp-LAN
- add address=192.168.1.25 client-id=1:80:5e:c0:14:c4:33 comment=\
- "Yealink Negozio" mac-address=80:5E:C0:14:C4:33 server=dhcp-LAN
- add address=10.90.90.3 always-broadcast=yes comment="Mini Camera" \
- mac-address=20:47:ED:F0:4A:52 server=dhcp-SkyQ
- add address=192.168.1.32 client-id=1:0:1d:ec:a:6d:df mac-address=\
- 00:1D:EC:0A:6D:DF server=dhcp-LAN
- add address=192.168.1.72 client-id=1:3c:2e:ff:1a:c2:a8 mac-address=\
- 3C:2E:FF:1A:C2:A8 server=dhcp-LAN
- add address=192.168.1.211 mac-address=4E:FA:EB:1D:ED:4C server=dhcp-LAN
- add address=192.168.1.226 client-id=1:d8:8f:76:32:18:e3 mac-address=\
- D8:8F:76:32:18:E3 server=dhcp-GUEST
- add address=192.168.1.218 client-id=1:ec:9b:f3:7a:69:20 mac-address=\
- EC:9B:F3:7A:69:20 server=dhcp-GUEST
- add address=192.168.1.76 client-id=1:d0:2b:20:c7:41:f2 mac-address=\
- D0:2B:20:C7:41:F2 server=dhcp-LAN
- add address=192.168.1.26 client-id=1:0:21:29:1f:85:26 comment=\
- "LynkSys PAP NEGOZIO" mac-address=00:21:29:1F:85:26 server=dhcp-LAN
- /ip dhcp-server network
- add address=10.10.10.0/24 gateway=10.10.10.1
- add address=10.10.15.0/24 gateway=10.10.15.1
- add address=10.90.90.0/28 gateway=10.90.90.1
- add address=15.15.30.0/24 gateway=15.15.30.1
- add address=90.90.90.0/24 gateway=90.90.90.1
- add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1
- add address=192.168.0.0/24 gateway=192.168.0.1
- add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
- add address=192.168.15.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.15.1
- add address=192.168.61.0/24 gateway=192.168.61.1
- /ip dns
- set cache-max-ttl=5m servers=8.8.8.8
- /ip firewall address-list
- add address=10.0.0.0/8 disabled=yes list=allow-ip
- add address=10.10.15.0/24 disabled=yes list=allow-ip
- add address=10.34.2.0/23 disabled=yes list=allow-ip
- add address=10.90.90.0/24 disabled=yes list=allow-ip
- add address=10.90.90.0/28 disabled=yes list=allow-ip
- add address=10.255.255.245 disabled=yes list=allow-ip
- add address=192.168.1.0/24 disabled=yes list=allow-ip
- add address=192.168.30.0/24 disabled=yes list=allow-ip
- add address=192.168.50.0/24 disabled=yes list=allow-ip
- add address=192.168.55.0/24 disabled=yes list=allow-ip
- add address=192.168.61.0/24 disabled=yes list=allow-ip
- add address=192.168.62.0/24 disabled=yes list=allow-ip
- add address=192.168.70.0/24 disabled=yes list=allow-ip
- add address=92.245.170.0/23 disabled=yes list=Reti_Pubbliche_WISP
- add address=92.245.172.0/23 disabled=yes list=Reti_Pubbliche_WISP
- add address=212.69.136.0/21 disabled=yes list=Reti_Pubbliche_WISP
- add address=89.32.156.0/22 disabled=yes list=Reti_Pubbliche_WISP
- add address=89.36.204.0/22 disabled=yes list=Reti_Pubbliche_WISP
- add address=46.102.112.0/22 disabled=yes list=Reti_Pubbliche_WISP
- add address=185.39.24.0/22 disabled=yes list=Reti_Pubbliche_WISP
- add address=79.143.112.0/21 disabled=yes list=Reti_Pubbliche_WISP
- add address=91.231.172.0/23 disabled=yes list=Reti_Pubbliche_WISP
- add address=87.252.106.0/23 disabled=yes list=Reti_Pubbliche_WISP
- add address=185.84.84.0/22 disabled=yes list=Reti_Pubbliche_WISP
- add address=10.0.0.0/8 disabled=yes list=Reti_Private_WISP
- /ip firewall filter
- add action=passthrough chain=unused-hs-chain comment=\
- "place hotspot rules here" disabled=yes
- add action=drop chain=forward comment="Blocco TUTTO da LAN a GUEST" disabled=\
- yes dst-address=10.10.15.0/24 src-address=192.168.1.0/24
- add action=accept chain=input dst-port=500,1701,4500 protocol=udp
- add action=accept chain=forward comment=\
- "ACCETTA da LAN solo verso il dispositivo XX:XX:XX:XX:X di GUEST" \
- dst-address=192.168.1.0/24 src-address=10.10.15.0/24 src-mac-address=\
- 20:47:ED:F8:5E:DA
- add action=accept chain=forward comment=\
- "ACCETTA da LAN solo verso il dispositivo XX:XX:XX:XX:X di GUEST" \
- dst-address=192.168.1.0/24 src-address=10.90.90.0/24 src-mac-address=\
- 20:47:ED:F8:5E:DA
- add action=drop chain=forward comment="DROP da GUEST a LAN" dst-address=\
- 192.168.1.0/24 src-address=10.10.15.0/24
- add action=drop chain=forward comment="DROP da SkyQ a LAN" dst-address=\
- 192.168.1.0/24 src-address=10.90.90.0/24
- add action=drop chain=forward comment="DROP da LAN a Security" disabled=yes \
- dst-address=90.90.90.11 log=yes src-address=192.168.1.0/24 \
- src-mac-address=!F4:6D:04:96:B6:94
- add action=drop chain=forward comment="DROP da LAN a Security" disabled=yes \
- dst-address=90.90.90.11 log=yes src-address=192.168.1.0/24 \
- src-mac-address=!3C:2E:FF:97:AA:A5
- add action=accept chain=input comment="ACCEPT SSH e TELNET da Bridge-LAN" \
- dst-port=22-23 in-interface=vlan11-LAN protocol=tcp
- add action=drop chain=input comment="DROOP 80 from PPPOE" dst-port=80 \
- in-interface=pppoe-out1 protocol=tcp
- add action=accept chain=input comment="ACCEPT 80 from LAN" dst-port=80 \
- in-interface=vlan11-LAN protocol=tcp
- add action=drop chain=input comment="DROOP ALL 80 " dst-port=80 protocol=tcp
- add action=drop chain=input dst-port=22-23 protocol=tcp src-address-list=\
- IP_BlackList
- add action=accept chain=output comment="Drop FTP Brute Forcers" content=\
- "530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=FTP_BlackList \
- address-list-timeout=1d chain=output content="530 Login incorrect" \
- protocol=tcp
- add action=drop chain=input dst-port=21 protocol=tcp src-address-list=\
- FTP_BlackList
- add action=add-src-to-address-list address-list=SSH_BlackList_1 \
- address-list-timeout=1m chain=input comment=\
- "Drop SSH&TELNET Brute Forcers" connection-state=new dst-port=22-23 \
- protocol=tcp
- add action=add-src-to-address-list address-list=SSH_BlackList_2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22-23 \
- protocol=tcp src-address-list=SSH_BlackList_1
- add action=add-src-to-address-list address-list=SSH_BlackList_3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22-23 \
- protocol=tcp src-address-list=SSH_BlackList_2
- add action=add-src-to-address-list address-list=IP_BlackList \
- address-list-timeout=1d chain=input connection-state=new dst-port=22-23 \
- protocol=tcp src-address-list=SSH_BlackList_3
- add action=drop chain=input comment=drop_ssh_brute_forcers dst-port=22 \
- protocol=tcp src-address-list=ssh_blacklist
- add action=add-src-to-address-list address-list=ssh_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage3
- add action=add-src-to-address-list address-list=ssh_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage2
- add action=add-src-to-address-list address-list=ssh_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage1
- add action=add-src-to-address-list address-list=ssh_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp
- add action=drop chain=input comment=drop_telnet_brute_forcers dst-port=23 \
- protocol=tcp src-address-list=telnet_blacklist
- add action=add-src-to-address-list address-list=telnet_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=23 \
- protocol=tcp src-address-list=telnet_stage3
- add action=add-src-to-address-list address-list=telnet_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=23 \
- protocol=tcp src-address-list=telnet_stage2
- add action=add-src-to-address-list address-list=telnet_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=23 \
- protocol=tcp src-address-list=telnet_stage1
- add action=add-src-to-address-list address-list=telnet_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=23 \
- protocol=tcp
- add action=drop chain=input comment=drop_winbox_brute_forcers dst-port=8291 \
- protocol=tcp src-address-list=winbox_blacklist
- add action=add-src-to-address-list address-list=winbox_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage3
- add action=add-src-to-address-list address-list=winbox_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage2
- add action=add-src-to-address-list address-list=winbox_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage1
- add action=add-src-to-address-list address-list=winbox_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp
- add action=drop chain=input comment=drop_ftp_brute_forcers dst-port=21 \
- protocol=tcp src-address-list=ftp_blacklist
- add action=add-src-to-address-list address-list=ftp_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=21 \
- protocol=tcp src-address-list=ftp_stage3
- add action=add-src-to-address-list address-list=ftp_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=21 \
- protocol=tcp src-address-list=ftp_stage2
- add action=add-src-to-address-list address-list=ftp_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=21 \
- protocol=tcp src-address-list=ftp_stage1
- add action=add-src-to-address-list address-list=ftp_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=21 \
- protocol=tcp
- add action=drop chain=input dst-port=4145 protocol=tcp
- add action=drop chain=input dst-port=4145 protocol=udp
- add action=drop chain=output comment=Block_Telnet_internal_AS \
- dst-address-list=Reti_Pubbliche_WISP dst-port=23 protocol=tcp \
- src-address-list=Reti_Pubbliche_WISP
- add action=drop chain=output comment=Block_SSH_internal_AS dst-address-list=\
- Reti_Pubbliche_WISP dst-port=22 protocol=tcp src-address-list=\
- Reti_Pubbliche_WISP
- add action=drop chain=output comment=Block_FTP_internal_AS dst-address-list=\
- Reti_Pubbliche_WISP dst-port=21 protocol=tcp src-address-list=\
- Reti_Pubbliche_WISP
- add action=drop chain=output comment=Block_Winbox_internal_AS \
- dst-address-list=Reti_Pubbliche_WISP dst-port=8291 protocol=tcp \
- src-address-list=Reti_Pubbliche_WISP
- add action=drop chain=output comment=Block_Telnet_internal_AS \
- dst-address-list=Reti_Private_WISP dst-port=23 protocol=tcp
- add action=drop chain=output comment=Block_SSH_internal_AS dst-address-list=\
- Reti_Private_WISP dst-port=22 protocol=tcp
- add action=accept chain=input comment="ACCEPT 80 from L2TP" dst-port=80 \
- in-interface=all-ppp protocol=tcp
- add action=drop chain=output comment=Block_Winbox_internal_AS \
- dst-address-list=Reti_Private_WISP dst-port=8291 protocol=tcp
- add action=drop chain=output comment=Block_FTP_internal_AS dst-address-list=\
- Reti_Private_WISP dst-port=21 protocol=tcp
- add action=accept chain=input comment="VPN L2TP UDP 500" dst-port=500 \
- in-interface=pppoe-out1 protocol=udp
- add action=accept chain=input comment="VPN L2TP UDP 1701" dst-port=1701 \
- in-interface=pppoe-out1 protocol=udp
- add action=accept chain=input comment="VPN L2TP 4500" dst-port=4500 \
- in-interface=pppoe-out1 protocol=udp
- add action=accept chain=input comment="VPN L2TP ESP" in-interface=pppoe-out1 \
- protocol=ipsec-esp
- add action=accept chain=input comment="VPN L2TP AH" in-interface=pppoe-out1 \
- protocol=ipsec-ah
- add action=drop chain=input comment="L2TP brutforce IP IPSec drop" \
- connection-state=new log=yes protocol=ipsec-esp src-address-list=\
- l2tp-brutforce
- add action=drop chain=input comment="L2TP brutforce IP drop" \
- connection-state=new dst-port=1701,500,4500 log=yes protocol=udp \
- src-address-list=l2tp-brutforce
- add action=add-src-to-address-list address-list=l2tp-brutforce \
- address-list-timeout=2w chain=input comment="L2TP brutforce IP to list" \
- connection-state=new dst-port=1701 protocol=udp src-address-list=probe2
- add action=add-src-to-address-list address-list=probe2 address-list-timeout=\
- 1m chain=input comment="L2TP brutforce protection stage 2" \
- connection-state=new dst-port=1701 protocol=udp src-address-list=probe1
- add action=add-src-to-address-list address-list=probe1 address-list-timeout=\
- 1m chain=input comment="L2TP brutforce protection stage 1" \
- connection-state=new dst-port=1701 protocol=udp
- add action=add-dst-to-address-list address-list=l2tp-brutforce \
- address-list-timeout=1m chain=output comment=\
- "L2TP-brutforce protection stage 3 v2" content="M=bad" dst-address-list=\
- l2tp-brutforce-level2
- add action=add-dst-to-address-list address-list=l2tp-brutforce-level2 \
- address-list-timeout=1m chain=output comment=\
- "L2TP-brutforce protection stage 2 v2" content="M=bad" dst-address-list=\
- l2tp-brutforce-level1
- add action=add-dst-to-address-list address-list=l2tp-brutforce-level1 \
- address-list-timeout=1m chain=output comment=\
- "L2TP-brutforce protection stage 1 v2" content="M=bad"
- /ip firewall mangle
- add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
- L2TPVPN passthrough=no src-address=10.90.90.2-10.90.90.14
- /ip firewall nat
- add action=passthrough chain=unused-hs-chain comment=\
- "place hotspot rules here" disabled=yes
- add action=accept chain=dstnat disabled=yes in-interface=*F src-address=\
- 192.168.1.31
- add action=accept chain=dstnat disabled=yes in-interface=vlan11-LAN \
- src-address=192.168.1.41
- add action=accept chain=dstnat disabled=yes in-interface=vlan11-LAN \
- src-address=192.168.1.31
- add action=masquerade chain=srcnat comment=IP_ePMP1000 out-interface=\
- ether5-WAN
- add action=masquerade chain=srcnat comment=IP_ePMP1000 out-interface=\
- vlan20-PPPoE
- add action=masquerade chain=srcnat comment=PPPOE out-interface=pppoe-out1
- add action=masquerade chain=srcnat comment=L2TP disabled=yes out-interface=\
- *30
- add action=masquerade chain=srcnat comment=GUEST-VLAN out-interface=\
- vlan11-LAN src-address=10.10.15.0/24
- add action=masquerade chain=srcnat dst-address=192.168.50.0/24
- add action=masquerade chain=srcnat dst-address=10.90.90.50
- add action=masquerade chain=srcnat dst-address=192.168.70.0/24
- add action=masquerade chain=srcnat dst-address=192.168.15.0/24
- add action=masquerade chain=srcnat dst-address=192.168.20.0/24
- add action=masquerade chain=srcnat dst-address=192.168.10.0/24
- add action=masquerade chain=srcnat disabled=yes dst-address=192.168.61.0/24
- add action=masquerade chain=srcnat disabled=yes dst-address=192.168.61.200
- add action=masquerade chain=srcnat dst-address=192.168.62.0/24
- add action=masquerade chain=srcnat dst-address=192.168.62.254
- add action=dst-nat chain=dstnat comment=VPN dst-port=1193 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.31 to-ports=1193
- add action=dst-nat chain=dstnat comment="VPN .41" dst-port=1199 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.41
- add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
- 5071 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.43 \
- to-ports=5060
- add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
- 5071 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.43 \
- to-ports=5061
- add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
- 5361 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.43
- add action=dst-nat chain=dstnat comment=Voip_Tel_Stef disabled=yes dst-port=\
- 5060 in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.43
- add action=dst-nat chain=dstnat comment=VPN dst-port=1190 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.1.1
- add action=dst-nat chain=dstnat comment=VPN dst-port=443 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.1.31 to-ports=443
- add action=dst-nat chain=dstnat comment="eMule .41" dst-port=4711-4712 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
- add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5041 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
- add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5046 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41
- add action=dst-nat chain=dstnat comment="eMule .41" dst-port=5049 \
- in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.41
- add action=dst-nat chain=dstnat comment="eMule .51" dst-port=11051 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
- add action=dst-nat chain=dstnat comment="eMule .51" dst-port=11052 \
- in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.51
- add action=dst-nat chain=dstnat comment="Torrent .51" dst-port=10051 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
- add action=dst-nat chain=dstnat comment="PlexServer .41" dst-port=32400 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41 to-ports=\
- 32400
- add action=dst-nat chain=dstnat comment=Homebridge dst-port=8080 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.42 to-ports=\
- 8080
- add action=dst-nat chain=dstnat comment="WEBIF NAS2" dst-port=8022 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.22 to-ports=\
- 80
- add action=dst-nat chain=dstnat comment="FTP NAS2" dst-port=2122 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.22 to-ports=\
- 21
- add action=dst-nat chain=dstnat comment="FTP NAS1" dst-port=21 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.1.21 to-ports=21
- add action=dst-nat chain=dstnat comment="WakeUP .51" dst-port=7 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.51 to-ports=7
- add action=dst-nat chain=dstnat comment="WakeUP .51" dst-port=9 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.51 to-ports=9
- add action=dst-nat chain=dstnat comment="WakeUP .100" dst-port=90 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
- 90
- add action=dst-nat chain=dstnat comment="Transmission .41" dst-port=51413 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.41 to-ports=\
- 51413
- add action=dst-nat chain=dstnat comment="uTorrent .100" dst-port=50100 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
- 50100
- add action=dst-nat chain=dstnat comment=DVR dst-port=8333 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.30.240 to-ports=8333
- add action=dst-nat chain=dstnat comment=DVR dst-port=5333 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.30.240 to-ports=5333
- add action=dst-nat chain=dstnat comment="eMule .81" dst-port=10381 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.81 to-ports=\
- 10381
- add action=dst-nat chain=dstnat comment=uTorrent.100 dst-port=10100 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=\
- 10100
- add action=dst-nat chain=dstnat comment=uTorrent.51 dst-port=10051 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.51
- add action=dst-nat chain=dstnat comment=uTorrent.55 dst-port=10155 \
- in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.55
- add action=dst-nat chain=dstnat comment=echolink dst-port=5198 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.222 to-ports=5198
- add action=dst-nat chain=dstnat comment=echolink dst-port=5199 in-interface=\
- pppoe-out1 protocol=udp to-addresses=192.168.1.222 to-ports=5199
- add action=dst-nat chain=dstnat comment=echolink dst-port=5200 in-interface=\
- pppoe-out1 protocol=tcp to-addresses=192.168.1.222 to-ports=5200
- add action=masquerade chain=srcnat comment="masquerade hotspot network" \
- src-address=10.10.98.0/23
- add action=dst-nat chain=dstnat comment="DMZ .199" disabled=yes in-interface=\
- pppoe-out1 to-addresses=192.168.0.199
- add action=masquerade chain=srcnat comment="PROVOCA PROBLEMI FIREWALL" \
- disabled=yes
- /ip hotspot service-port
- set ftp disabled=yes
- /ip hotspot walled-garden
- add comment="place hotspot rules here" disabled=yes
- /ip hotspot walled-garden ip
- add action=accept disabled=no dst-address=172.16.0.1
- /ip ipsec peer
- add address=0.0.0.0/0 generate-policy=port-strict passive=yes profile=\
- profile_1 secret=4695646956
- /ip ipsec policy
- set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
- /ip proxy
- set port=41258
- /ip route
- add distance=1 gateway=*30 routing-mark=L2TPVPN
- add distance=1 dst-address=10.34.2.38/32 gateway=10.34.2.35
- add distance=2 dst-address=10.90.90.0/24 gateway=vlan11-LAN
- add distance=1 dst-address=169.254.1.1/32 gateway=vlan11-LAN
- add distance=1 dst-address=192.168.1.37/32 gateway=192.168.1.31
- add distance=1 dst-address=192.168.10.1/32 gateway=192.168.10.2
- add distance=1 dst-address=192.168.10.1/32 gateway=192.168.10.254
- add distance=1 dst-address=192.168.20.1/32 gateway=192.168.50.17
- add distance=1 dst-address=192.168.20.20/32 gateway=192.168.20.254
- add distance=1 dst-address=192.168.55.0/24 gateway=192.168.1.11
- add distance=1 dst-address=192.168.70.0/24 gateway=192.168.1.238
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes port=2180
- set ssh disabled=yes
- /ppp secret
- add name=XXXXXX password=XXXXXXXXXXXXXXXXXXXX profile=L2TP-VPN service=l2tp
- /system clock
- set time-zone-name=Europe/Zurich
- /system identity
- set name=XXXXXXXXXXXXXXXXX
- /system ntp client
- set enabled=yes primary-ntp=193.204.114.232
- /system scheduler
- add comment="Update No-IP DDNS" disabled=yes interval=5m name=\
- no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test \
- start-date=feb/26/2017 start-time=17:42:17
- add interval=1d name=Day on-event=\
- "/queue simple\r\
- \nset [find comment=UBUNTU] max-limit=256K/8M\r\
- \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=jan/01/1970 start-time=07:30:00
- add interval=1d name=Night on-event=\
- "/queue simple\r\
- \nset [find comment=UBUNTU] max-limit=5M/0\r\
- \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
- start-date=jan/01/1970 start-time=01:30:00
- add interval=5m name=fetch_new on-event=fetch_new policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
- start-date=may/07/2018 start-time=09:25:15
- /system script
- add dont-require-permissions=no name=fetch_new owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
- tool fetch host=\"freedns.afraid.org\" url=\"https://freedns.afraid.org/dy\
- namic/update.php\\\?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\" keep-result=\
- no\r\
- \n"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement