Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > /export hide-sensitive compact
- # feb/27/2016 23:48:22 by RouterOS 6.34.1
- # software id = 64RV-JMEM
- #
- /interface bridge
- add admin-mac=00:0C:42:FD:2F:92 auto-mac=no name=bridge-local
- /interface ethernet
- set [ find default-name=ether1 ] name=eth1-gateway
- set [ find default-name=ether2 ] name=eth2-master
- set [ find default-name=ether3 ] master-port=eth2-master name=eth3-slave
- set [ find default-name=ether4 ] master-port=eth2-master name=eth4-slave
- set [ find default-name=ether5 ] master-port=eth2-master name=eth5-slave
- set [ find default-name=ether6 ] name=eth6-master rx-flow-control=auto tx-flow-control=auto
- set [ find default-name=ether7 ] master-port=eth6-master name=eth7-slave
- set [ find default-name=ether8 ] master-port=eth6-master name=eth8-slave
- set [ find default-name=ether9 ] master-port=eth6-master name=eth9-slave
- set [ find default-name=ether10 ] master-port=eth6-master name=eth10-slave
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" default-authentication=no disabled=no distance=indoors frequency=2462 mode=ap-bridge ssid="Hidden network" wireless-protocol=802.11
- /ip neighbor discovery
- set eth1-gateway discover=no
- set eth2-master discover=no
- set eth3-slave discover=no
- set eth4-slave discover=no
- set eth5-slave discover=no
- set eth6-master discover=no
- set eth7-slave discover=no
- set eth8-slave discover=no
- set eth9-slave discover=no
- set eth10-slave discover=no
- set sfp1 discover=no
- set wlan1 discover=no
- set bridge-local discover=no
- /interface wireless nstreme
- set wlan1 enable-polling=no
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys radius-mac-authentication=yes
- /ip pool
- add name=dhcp ranges=192.168.88.10-192.168.88.254
- /ip dhcp-server
- add add-arp=yes address-pool=dhcp disabled=no interface=bridge-local name=default
- /system logging action
- set 0 memory-lines=100
- /tool traffic-generator port
- add interface=eth2-master name=port1
- add interface=eth3-slave name=port2
- /user group
- add name=ftp policy=ftp,!local,!telnet,!ssh,!reboot,!read,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api
- /interface bridge port
- add bridge=bridge-local interface=eth2-master
- add bridge=bridge-local interface=sfp1
- add bridge=bridge-local interface=wlan1
- /interface wireless access-list
- add comment=Mobile-J mac-address=B0:45:19:2E:3A:3B vlan-mode=no-tag
- add comment="Desktop Wireless" disabled=yes interface=wlan1 mac-address=88:9F:FA:4C:88:34 vlan-mode=no-tag
- /ip address
- add address=192.168.88.1/24 comment="default configuration" interface=eth2-master network=192.168.88.0
- /ip arp
- add address=192.168.88.254 comment=Desktop interface=bridge-local mac-address=84:2B:2B:98:B7:D7
- add address=192.168.88.252 comment=Mobile-J interface=bridge-local mac-address=B0:45:19:2E:3A:3B
- add address=192.168.88.253 comment=HTPC interface=bridge-local mac-address=C8:60:00:C9:A7:5A
- add address=192.168.88.249 comment="Desktop Wireless" interface=bridge-local mac-address=88:9F:FA:4C:88:34
- /ip dhcp-client
- add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=eth1-gateway
- /ip dhcp-server lease
- add address=192.168.88.254 client-id=1:84:2b:2b:98:b7:d7 comment=Desktop mac-address=84:2B:2B:98:B7:D7 server=default
- add address=192.168.88.253 comment=HTPC mac-address=C8:60:00:C9:A7:5A server=default
- add address=192.168.88.252 comment=Mobile-J mac-address=B0:45:19:2E:3A:3B server=default
- add address=192.168.88.249 client-id=1:88:9f:fa:4c:88:34 comment="Desktop Wireless" mac-address=88:9F:FA:4C:88:34 server=default
- /ip dhcp-server network
- add address=192.168.88.0/24 comment="default configuration" gateway=192.168.88.1 netmask=24
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=192.168.88.0/24 list=admin-access
- /ip firewall filter
- add chain=forward comment=QBittorrent dst-port=45175 in-interface=eth1-gateway protocol=tcp
- add chain=forward dst-port=45175 in-interface=eth1-gateway protocol=udp
- add chain=forward dst-port=59853 in-interface=eth1-gateway protocol=tcp
- add action=fasttrack-connection chain=forward comment="Start of rules given here http://bit.ly/1jkLMqU" connection-state=established,related
- add action=fasttrack-connection chain=input connection-state=established,related
- add action=jump chain=forward jump-target=sanity-check
- add action=jump chain=input jump-target=sanity-check
- add action=jump chain=sanity-check connection-state=invalid jump-target=drop
- add chain=sanity-check connection-state=established,related
- add chain=input comment="Rules to block FTP, SSH, etc. externally. Found in this forum post http://bit.ly/1MSC1bQ" src-address-list=admin-access
- add action=drop chain=input dst-port=21,22,23,53,80,443,8080,8291 protocol=tcp
- add action=jump chain=input comment="Drop external traffic inboud to the router" in-interface=eth1-gateway jump-target=drop
- add chain=input in-interface=bridge-local
- add chain=forward connection-nat-state=dstnat
- add chain=forward in-interface=bridge-local
- add action=jump chain=input jump-target=drop
- add action=jump chain=forward jump-target=drop
- add action=drop chain=drop comment="Enable when you need to see log of dropped traffic" disabled=yes log=yes log-prefix=drop-log
- add chain=forward comment="Emby Server HTTP & HTTPS" disabled=yes dst-port=8096 in-interface=eth1-gateway protocol=tcp
- add chain=forward disabled=yes dst-port=8920 in-interface=eth1-gateway protocol=tcp
- /ip firewall nat
- add action=masquerade chain=srcnat comment="Default SRCNAT for outbound on ETH1" out-interface=eth1-gateway
- add action=dst-nat chain=dstnat comment="Torrent TCP & UDP" dst-port=45175 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=45175
- add action=dst-nat chain=dstnat dst-port=45175 in-interface=eth1-gateway protocol=udp to-addresses=192.168.88.254 to-ports=45175
- add action=dst-nat chain=dstnat comment="Torrent WebUI Port Forward" dst-port=59853 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=59853
- add action=dst-nat chain=dstnat comment="Emby Port HTTP & HTTPS" disabled=yes dst-port=8096 in-interface=eth1-gateway log=yes protocol=tcp to-addresses=192.168.88.254 to-ports=8096
- add action=dst-nat chain=dstnat disabled=yes dst-port=8920 in-interface=eth1-gateway protocol=tcp to-addresses=192.168.88.254 to-ports=8920
- /ip service
- set telnet disabled=yes
- set ftp address=192.168.88.0/24
- set www disabled=yes
- set ssh address=192.168.88.0/24
- set api disabled=yes
- set winbox address=192.168.88.0/24
- set api-ssl disabled=yes
- /ip upnp interfaces
- add interface=bridge-local type=internal
- add interface=eth1-gateway type=external
- /lcd
- set enabled=no
- /lcd interface pages
- set 0 interfaces=sfp1,eth1-gateway,eth2-master,eth3-slave,eth4-slave,eth5-slave,eth6-master,eth7-slave,eth8-slave,eth9-slave,eth10-slave
- /system clock
- set time-zone-name=America/Detroit
- /system scheduler
- add comment="Automated daily backup" interval=1d name="daily backup" on-event="system backup save name=current-working.backup" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=00:00:00
- /tool bandwidth-server
- set enabled=no
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=eth2-master
- add interface=eth3-slave
- add interface=eth4-slave
- add interface=eth5-slave
- add interface=eth6-master
- add interface=eth7-slave
- add interface=eth8-slave
- add interface=eth9-slave
- add interface=eth10-slave
- add interface=sfp1
- add interface=wlan1
- add interface=bridge-local
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=eth2-master
- add interface=eth3-slave
- add interface=eth4-slave
- add interface=eth5-slave
- add interface=eth6-master
- add interface=eth7-slave
- add interface=eth8-slave
- add interface=eth9-slave
- add interface=eth10-slave
- add interface=sfp1
- add interface=wlan1
- add interface=bridge-local
- /tool romon port
- add
- /tool sniffer
- set filter-interface=all
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement