Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jun/28/2018 12:05:30 by RouterOS 6.42.3
- # software id =
- #
- #
- #
- /interface sstp-server
- add comment="From mAP (Wherever it is)" disabled=no name=sstp-in1 user=sstp
- /interface bridge
- add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes disabled=no \
- fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s \
- mtu=auto name=Br-Loopback priority=0x8000 protocol-mode=rstp \
- transmit-hold-count=6 vlan-filtering=no
- add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes disabled=no \
- fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s \
- mtu=auto name=lo0 priority=0x8000 protocol-mode=rstp transmit-hold-count=\
- 6 vlan-filtering=no
- /interface ethernet
- set [ find default-name=ether2 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
- arp-timeout=auto auto-negotiation=yes cable-settings=default \
- disable-running-check=yes disabled=no full-duplex=yes loop-protect=\
- default loop-protect-disable-time=5m loop-protect-send-interval=5s \
- mac-address=00:0C:29:B4:B8:AB mtu=1500 name=LAN orig-mac-address=\
- 00:0C:29:B4:B8:AB speed=1Gbps
- set [ find default-name=ether1 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
- arp-timeout=auto auto-negotiation=yes cable-settings=default \
- disable-running-check=yes disabled=no full-duplex=yes loop-protect=\
- default loop-protect-disable-time=5m loop-protect-send-interval=5s \
- mac-address=00:0C:29:B4:B8:A1 mtu=1500 name=WAN orig-mac-address=\
- 00:0C:29:B4:B8:A1 speed=1Gbps
- /interface gre
- add allow-fast-path=no clamp-tcp-mss=yes comment="From Balnet home" disabled=\
- no dont-fragment=no dscp=inherit ipsec-secret=PASSWORD keepalive=10s,10 \
- local-address=78.107.254.100 mtu=auto name=gre-tunnel1 remote-address=\
- 91.211.104.130
- /interface 6to4
- add clamp-tcp-mss=yes comment="Hurricane Electric IPv6 Tunnel Broker" \
- disabled=no dont-fragment=no dscp=inherit !ipsec-secret !keepalive \
- local-address=78.107.254.100 mtu=auto name=sit1 remote-address=\
- 216.66.86.114
- /queue interface
- set Br-Loopback queue=no-queue
- set gre-tunnel1 queue=no-queue
- set lo0 queue=no-queue
- set sit1 queue=no-queue
- set sstp-in1 queue=no-queue
- /interface list
- set [ find name=all ] comment="contains all interfaces" exclude="" include="" \
- name=all
- set [ find name=none ] comment="contains no interfaces" exclude="" include="" \
- name=none
- set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" \
- include="" name=dynamic
- add exclude="" include="" name=ISP
- add exclude="" include="" name=AWS
- /interface lte apn
- set [ find default=yes ] add-default-route=yes apn=internet \
- default-route-distance=2 name=default use-peer-dns=yes
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types="" eap-methods=passthrough \
- group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
- management-protection=disabled mode=none mschapv2-username="" name=\
- default radius-eap-accounting=no radius-mac-accounting=no \
- radius-mac-authentication=no radius-mac-caching=disabled \
- radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
- static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
- none static-sta-private-algo=none static-transmit-key=key-0 \
- supplicant-identity=MikroTik tls-certificate=none tls-mode=\
- no-certificates unicast-ciphers=aes-ccm
- /ip dhcp-client option
- set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
- set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
- set hostname code=12 name=hostname value="\$(HOSTNAME)"
- /ip dhcp-server option
- add code=43 name=unifi value=0x0104C0A8030A
- /ip hotspot profile
- set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
- hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=\
- 0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
- smtp-server=0.0.0.0 split-user-domain=no use-radius=no
- add dns-name="" hotspot-address=192.168.1.1 html-directory=hotspot \
- html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
- login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 \
- split-user-domain=no use-radius=no
- /ip hotspot user profile
- set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none \
- !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=\
- default !parent-queue !queue-type shared-users=1 status-autorefresh=1m \
- transparent-proxy=no
- /ip ipsec mode-config
- set [ find default=yes ] name=request-only
- /ip ipsec policy group
- set [ find default=yes ] name=default
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
- aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=\
- modp1024
- /ip pool
- add name=dhcp ranges=192.168.1.2-192.168.1.254
- add name=vpn_pool ranges=192.168.2.1-192.168.2.10
- add name=hs-pool-4 ranges=192.168.1.11-192.168.1.254
- add name=dhcp2 ranges=192.168.2.2-192.168.2.254
- /ip dhcp-server
- add address-pool=dhcp authoritative=yes bootp-support=static disabled=no \
- interface=LAN lease-script="" lease-time=10m name=dhcp1 use-radius=no
- /ipv6 pool
- add name=myPool prefix=2001:db8:7501::/60 prefix-length=62
- /port
- set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
- stop-bits=1
- /ppp profile
- set *0 address-list="" !bridge !bridge-horizon !bridge-path-cost \
- !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
- !incoming-filter !insert-queue-before !interface-list !local-address \
- name=default on-down="" on-up="" only-one=default !outgoing-filter \
- !parent-queue !queue-type !rate-limit !remote-address \
- remote-ipv6-prefix-pool=none !session-timeout use-compression=default \
- use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default \
- !wins-server
- add address-list="" !bridge !bridge-horizon !bridge-path-cost \
- !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
- !incoming-filter !insert-queue-before !interface-list local-address=\
- vpn_pool name=l2tp_Provile on-down="" on-up="" only-one=default \
- !outgoing-filter !parent-queue !queue-type !rate-limit remote-address=\
- vpn_pool !session-timeout use-compression=default use-encryption=default \
- use-ipv6=yes use-mpls=default use-upnp=default !wins-server
- set *FFFFFFFE address-list="" !bridge !bridge-horizon !bridge-path-cost \
- !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
- !incoming-filter !insert-queue-before !interface-list !local-address \
- name=default-encryption on-down="" on-up="" only-one=default \
- !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address \
- remote-ipv6-prefix-pool=none !session-timeout use-compression=default \
- use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default \
- !wins-server
- /interface l2tp-client
- add add-default-route=no allow=pap,chap,mschap1,mschap2 allow-fast-path=no \
- connect-to=aruba.XXX.ru dial-on-demand=no disabled=no keepalive-timeout=\
- 60 max-mru=1450 max-mtu=1450 mrru=disabled name=aruba profile=\
- default-encryption use-ipsec=no user=chr
- /interface pptp-client
- add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=\
- 34.197.214.15 default-route-distance=9 dial-on-demand=no disabled=yes \
- keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=disabled name=aws1 \
- profile=default-encryption user=aws1
- add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
- 18.220.96.78 dial-on-demand=no disabled=yes keepalive-timeout=60 max-mru=\
- 1450 max-mtu=1450 mrru=disabled name=aws2 profile=default-encryption \
- user=aws2
- /queue interface
- set aruba queue=no-queue
- set aws1 queue=no-queue
- set aws2 queue=no-queue
- /queue type
- set 0 kind=pfifo name=default pfifo-limit=50
- set 1 kind=pfifo name=ethernet-default pfifo-limit=50
- set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
- set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
- red-limit=60 red-max-threshold=50 red-min-threshold=10
- set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
- set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 \
- pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
- pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 \
- pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
- set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 \
- pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
- pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB \
- pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
- pcq-total-limit=2000KiB
- set 7 kind=none name=only-hardware-queue
- set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
- set 9 kind=pfifo name=default-small pfifo-limit=10
- /queue interface
- set LAN queue=only-hardware-queue
- set WAN queue=only-hardware-queue
- /queue simple
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=yes limit-at=0/0 max-limit=90M/90M name=queue-limit \
- packet-marks="" parent=none priority=8/8 queue=\
- pcq-upload-default/pcq-download-default target=192.168.1.0/24 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Macbook packet-marks=\
- "" parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.123/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=iPhone_admin \
- packet-marks="" parent=none priority=8/8 queue=\
- default-small/default-small target=192.168.1.89/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=iPhone_Nastya \
- packet-marks="" parent=none priority=8/8 queue=\
- default-small/default-small target=192.168.1.86/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=iPad_Nastya \
- packet-marks="" parent=none priority=8/8 queue=\
- default-small/default-small target=192.168.1.250/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Aruba packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.2.1/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Graylog packet-marks=\
- "" parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.98/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=mAP packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.99.2/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=WinServer \
- packet-marks="" parent=none priority=8/8 queue=\
- default-small/default-small target=192.168.1.122/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Unifi packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.102/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=GeoPC packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.248/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Dante packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.91/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=Zabbix packet-marks=\
- "" parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.87/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=SoftEther \
- packet-marks="" parent=none priority=8/8 queue=\
- default-small/default-small target=192.168.1.214/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=TOR packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.217/32 !time
- add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
- disabled=no limit-at=99M/99M max-limit=99M/99M name=I2P packet-marks="" \
- parent=none priority=8/8 queue=default-small/default-small target=\
- 192.168.1.213/32 !time
- /routing bgp instance
- set default as=64999 client-to-client-reflection=yes !cluster-id \
- !confederation disabled=no ignore-as-path-len=yes name=default \
- out-filter="" redistribute-connected=no redistribute-ospf=no \
- redistribute-other-bgp=no redistribute-rip=no redistribute-static=no \
- router-id=172.30.1.2 routing-table=""
- /routing ospf instance
- set [ find default=yes ] disabled=no distribute-default=never !domain-id \
- !domain-tag in-filter=ospf-in metric-bgp=auto metric-connected=20 \
- metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 \
- !mpls-te-area !mpls-te-router-id name=default out-filter=ospf-out \
- redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
- redistribute-rip=no redistribute-static=no router-id=0.0.0.0 \
- !routing-table !use-dn
- /routing ospf area
- set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
- backbone type=default
- /routing ospf-v3 instance
- set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto \
- metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
- metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
- no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
- router-id=0.0.0.0
- /routing ospf-v3 area
- set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
- backbone type=default
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0 authentication-protocol=MD5 \
- encryption-protocol=DES name=public read-access=yes security=none \
- write-access=no
- /system logging action
- set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
- set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
- disk-stop-on-full=no name=disk target=disk
- set 2 name=echo remember=yes target=echo
- set 3 bsd-syslog=no name=remote remote=127.0.0.1 remote-port=514 src-address=\
- 127.0.0.1 syslog-facility=daemon syslog-severity=auto syslog-time-format=\
- bsd-syslog target=remote
- add email-start-tls=yes email-to=zaken.zak@gmail.com name=emailWIN target=\
- email
- add email-start-tls=yes email-to=zaken.zak@gmail.com name=emailBadList \
- target=email
- add bsd-syslog=no name=syslog remote=192.168.1.98 remote-port=514 \
- src-address=0.0.0.0 syslog-facility=syslog syslog-severity=auto \
- syslog-time-format=bsd-syslog target=remote
- /user group
- set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
- eb,sniff,sensitive,api,romon,tikapp,!ftp,!write,!policy,!dude" skin=\
- default
- set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
- ssword,web,sniff,sensitive,api,romon,tikapp,!ftp,!policy,!dude" skin=\
- default
- set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
- winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" skin=default
- /caps-man aaa
- set interim-update=disabled mac-caching=disabled mac-format=XX:XX:XX:XX:XX:XX \
- mac-mode=as-username
- /caps-man manager
- set ca-certificate=none certificate=none enabled=no package-path="" \
- require-peer-certificate=no upgrade-policy=none
- /caps-man manager interface
- set [ find default=yes ] disabled=no forbid=no interface=all
- /certificate settings
- set crl-download=yes crl-store=system crl-use=yes
- /interface bridge settings
- set allow-fast-path=no use-ip-firewall=no use-ip-firewall-for-pppoe=no \
- use-ip-firewall-for-vlan=no
- /ip firewall connection tracking
- set enabled=auto generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
- tcp-close-wait-timeout=10s tcp-established-timeout=1d \
- tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
- tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
- tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m \
- udp-stream-timeout=3m udp-timeout=10s
- /ip neighbor discovery-settings
- set discover-interface-list=!dynamic
- /ip settings
- set accept-redirects=no accept-source-route=no allow-fast-path=yes \
- arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
- max-neighbor-entries=8192 route-cache=yes rp-filter=no secure-redirects=\
- yes send-redirects=yes tcp-syncookies=no
- /ipv6 settings
- set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
- yes-if-forwarding-disabled forward=yes max-neighbor-entries=8192
- /interface detect-internet
- set detect-interface-list=none internet-interface-list=none \
- lan-interface-list=none wan-interface-list=none
- /interface l2tp-server server
- set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 \
- caller-id-type=ip-address default-profile=l2tp_Provile enabled=no \
- keepalive-timeout=30 max-mru=1450 max-mtu=1450 max-sessions=unlimited \
- mrru=disabled one-session-per-host=no use-ipsec=no
- /interface list member
- add disabled=no interface=WAN list=ISP
- add disabled=no list=ISP
- add disabled=no interface=aws1 list=AWS
- add disabled=no interface=aws2 list=AWS
- add disabled=no list=ISP
- /interface ovpn-server server
- set auth=sha1,md5 cipher=blowfish128,aes128 default-profile=default enabled=\
- no keepalive-timeout=60 mac-address=FE:F3:B3:18:84:1D max-mtu=1500 mode=\
- ip netmask=24 port=1194 require-client-certificate=no
- /interface pptp-server server
- set authentication=pap,chap,mschap1,mschap2 default-profile=l2tp_Provile \
- enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
- /interface sstp-server server
- set authentication=mschap2 certificate=none default-profile=l2tp_Provile \
- enabled=yes force-aes=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 \
- mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=\
- no
- /interface wireless align
- set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
- 00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
- frames-per-second=25 receive-all=no ssid-all=no
- /interface wireless cap
- set bridge=none caps-man-addresses="" caps-man-certificate-common-names="" \
- caps-man-names="" certificate=none discovery-interfaces="" enabled=no \
- interfaces="" lock-to-caps-man=no static-virtual=no
- /interface wireless sniffer
- set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
- multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
- no streaming-max-rate=0 streaming-server=0.0.0.0
- /interface wireless snooper
- set channel-time=200ms multiple-channels=yes receive-errors=no
- /ip accounting
- set account-local-traffic=no enabled=no threshold=256
- /ip accounting web-access
- set accessible-via-web=no address=0.0.0.0/0
- /ip address
- add address=192.168.1.1/24 disabled=no interface=LAN network=192.168.1.0
- add address=172.16.255.1/30 disabled=no interface=gre-tunnel1 network=\
- 172.16.255.0
- add address=172.31.184.254/32 disabled=no interface=lo0 network=\
- 172.31.184.254
- /ip dhcp-client
- add add-default-route=yes default-route-distance=1 dhcp-options="" disabled=\
- no interface=WAN use-peer-dns=no use-peer-ntp=yes
- /ip dhcp-server config
- set store-leases-disk=5m
- /ip dhcp-server lease
- add address=192.168.1.123 address-lists="" always-broadcast=yes client-id=\
- 1:ac:bc:32:9f:1b:d5 dhcp-option="" disabled=no !insert-queue-before \
- mac-address=AC:BC:32:9F:1B:D5 server=dhcp1
- add address=192.168.1.248 address-lists="" always-broadcast=yes client-id=\
- 1:dc:85:de:8a:e8:33 dhcp-option="" disabled=no !insert-queue-before \
- mac-address=DC:85:DE:8A:E8:33 server=dhcp1
- add address=192.168.1.220 address-lists="" client-id=1:a0:e4:53:eb:c7:5b \
- dhcp-option="" disabled=no !insert-queue-before mac-address=\
- A0:E4:53:EB:C7:5B server=dhcp1
- add address=192.168.1.250 address-lists="" always-broadcast=yes client-id=\
- 1:34:c0:59:58:95:68 dhcp-option="" disabled=no !insert-queue-before \
- mac-address=34:C0:59:58:95:68 server=dhcp1
- add address=192.168.1.208 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:75:BD:3B server=dhcp1
- add address=192.168.1.205 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:B2:20:FE server=dhcp1
- add address=192.168.1.202 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:6B:65:53 server=dhcp1
- add address=192.168.1.109 address-lists="" always-broadcast=yes client-id=\
- 1:58:48:22:fc:2c:7b dhcp-option="" disabled=no !insert-queue-before \
- mac-address=58:48:22:FC:2C:7B server=dhcp1
- add address=192.168.1.122 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:C2:E0:03 server=dhcp1
- add address=192.168.1.10 address-lists="" always-broadcast=yes dhcp-option="" \
- disabled=yes !insert-queue-before mac-address=5C:CF:7F:78:29:D2 server=\
- dhcp1
- add address=192.168.1.95 address-lists="" always-broadcast=yes dhcp-option="" \
- disabled=no !insert-queue-before mac-address=68:C6:3A:9E:E2:D9 server=\
- dhcp1
- add address=192.168.1.217 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:8F:02:C6
- add address=192.168.1.213 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:70:B9:F9 server=dhcp1
- add address=192.168.1.214 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:00:AC:AD
- add address=192.168.1.200 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:A2:A6:33
- add address=192.168.1.102 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:C3:0D:EC server=dhcp1
- add address=192.168.1.91 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:A5:3F:5B server=dhcp1
- add address=192.168.1.87 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:F8:C0:40 server=dhcp1
- add address=192.168.1.98 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:66:3F:90 server=dhcp1
- add address=192.168.1.86 address-lists="" always-broadcast=yes client-id=\
- 1:40:33:1a:4e:56:c6 dhcp-option="" disabled=no !insert-queue-before \
- mac-address=40:33:1A:4E:56:C6 server=dhcp1
- add address=192.168.1.80 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:35:66:BB server=dhcp1
- add address=192.168.1.76 address-lists="" always-broadcast=yes client-id=\
- 1:2c:f0:a2:6d:66:4d dhcp-option="" disabled=no !insert-queue-before \
- mac-address=2C:F0:A2:6D:66:4D server=dhcp1
- add address=192.168.1.74 address-lists="" dhcp-option="" disabled=no \
- !insert-queue-before mac-address=00:0C:29:C0:24:7C server=dhcp1
- /ip dhcp-server network
- add address=192.168.1.0/24 caps-manager="" dhcp-option=unifi dns-server=\
- 192.168.1.1 gateway=192.168.1.1 netmask=24 ntp-server="" wins-server=""
- /ip dns
- set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
- max-concurrent-queries=100 max-concurrent-tcp-sessions=20 \
- max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
- servers=192.168.1.74
- /ip firewall address-list
- add address=34.207.241.193 disabled=no list=AcceptKnocking
- add address=188.94.227.190 disabled=no list=AcceptKnocking
- add address=91.211.104.130 disabled=no list=AcceptKnocking
- add address=176.125.114.225 disabled=no list=AcceptKnocking
- add address=0.0.0.0/8 disabled=no list=BOGONS
- add address=10.0.0.0/8 disabled=yes list=BOGONS
- add address=100.64.0.0/10 disabled=no list=BOGONS
- add address=127.0.0.0/8 disabled=no list=BOGONS
- add address=169.254.0.0/16 disabled=no list=BOGONS
- add address=172.16.0.0/12 disabled=no list=BOGONS
- add address=192.0.0.0/24 disabled=no list=BOGONS
- add address=192.0.2.0/24 disabled=no list=BOGONS
- add address=192.168.0.0/16 disabled=no list=BOGONS
- add address=198.18.0.0/15 disabled=no list=BOGONS
- add address=198.51.100.0/24 disabled=no list=BOGONS
- add address=203.0.113.0/24 disabled=no list=BOGONS
- add address=224.0.0.0/3 disabled=no list=BOGONS
- add address=aws.XXX.ru disabled=no list=dst/Yota
- add address=aws2.XXX.ru disabled=no list=dst/Beeline
- add address=192.168.1.200 disabled=no list=via/Yota
- add address=192.168.1.3 disabled=no list=Prohibit-Internet
- add address=8.8.8.8 comment=on disabled=no list=netwatch_8888
- add address=8.8.4.4 comment=on disabled=no list=netwatch_8844
- add address=13.59.216.101 comment=on disabled=no list=netwatch_AWS2
- add address=34.207.241.193 comment=on disabled=no list=netwatch_AWS
- add address=192.168.23.167 comment=off disabled=no list=netwatch_yuraBPriem
- add address=8.8.4.4 comment=off disabled=no list=netwatch_Testconecction
- add address=192.168.2.1 comment=off disabled=no list=netwatch_Yota
- add address=192.168.3.1 comment=on disabled=no list=netwatch_BeelineStick
- add address=95.189.98.154 disabled=no list=AcceptKnocking
- add address=192.168.1.91 disabled=yes list=via/HE
- add address=149.154.164.0/22 comment=Telegram disabled=no list=rkn
- add address=91.108.8.0/22 comment=Telegram disabled=no list=rkn
- add address=91.108.56.0/23 comment=Telegram disabled=no list=rkn
- add address=149.154.160.0/20 comment=Telegram disabled=no list=rkn
- add address=91.108.12.0/22 comment=Telegram disabled=no list=rkn
- add address=149.154.172.0/22 comment=Telegram disabled=no list=rkn
- add address=91.108.4.0/22 comment=Telegram disabled=no list=rkn
- add address=91.108.16.0/22 comment=Telegram disabled=no list=rkn
- add address=149.154.168.0/22 comment=Telegram disabled=no list=rkn
- add address=91.108.20.0/22 comment=Telegram disabled=no list=rkn
- add address=67.198.55.0/24 comment=Telegram disabled=no list=rkn
- add address=109.239.140.0/24 comment=Telegram disabled=no list=rkn
- add address=78.31.8.0/22 comment=spotify.com disabled=no list=rkn
- add address=193.182.8.0/21 comment=spotify.com disabled=no list=rkn
- add address=194.68.28.0/22 comment=spotify.com disabled=no list=rkn
- add address=193.235.32.0/24 comment=spotify.com disabled=no list=rkn
- add address=193.235.203.0/24 comment=spotify.com disabled=no list=rkn
- add address=193.235.206.0/24 comment=spotify.com disabled=no list=rkn
- add address=108.174.2.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.3.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.4.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.5.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.6.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.7.0/24 comment=LinkedIn disabled=no list=rkn
- add address=8.39.61.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.223.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.200.149.0/24 comment=LinkedIn disabled=no list=rkn
- add address=91.225.250.0/24 comment=LinkedIn disabled=no list=rkn
- add address=91.225.248.0/24 comment=LinkedIn disabled=no list=rkn
- add address=91.225.249.0/24 comment=LinkedIn disabled=no list=rkn
- add address=8.22.161.0/24 comment=LinkedIn disabled=no list=rkn
- add address=64.152.25.0/24 comment=LinkedIn disabled=no list=rkn
- add address=103.20.94.0/24 comment=LinkedIn disabled=no list=rkn
- add address=103.20.95.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.0.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.1.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.8.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.9.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.10.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.11.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.12.0/24 comment=LinkedIn disabled=no list=rkn
- add address=108.174.13.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.0.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.1.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.2.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.3.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.192.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.193.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.194.0/24 comment=LinkedIn disabled=no list=rkn
- add address=144.2.195.0/24 comment=LinkedIn disabled=no list=rkn
- add address=185.63.144.0/24 comment=LinkedIn disabled=no list=rkn
- add address=185.63.145.0/24 comment=LinkedIn disabled=no list=rkn
- add address=185.63.147.0/24 comment=LinkedIn disabled=no list=rkn
- add address=199.101.161.0/24 comment=LinkedIn disabled=no list=rkn
- add address=8.39.53.0/24 comment=LinkedIn disabled=no list=rkn
- add address=65.156.227.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.16.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.17.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.18.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.20.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.21.0/24 comment=LinkedIn disabled=no list=rkn
- add address=216.52.22.0/24 comment=LinkedIn disabled=no list=rkn
- add address=202.4.184.0/24 comment=LinkedIn disabled=no list=rkn
- add address=13.125.0.0/16 comment=Fuck_RKN disabled=no list=rkn
- add address=13.56.0.0/14 comment=Fuck_RKN disabled=no list=rkn
- add address=18.130.0.0/16 comment=Fuck_RKN disabled=no list=rkn
- add address=18.184.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=18.194.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=18.196.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=34.192.0.0/10 comment=Fuck_RKN disabled=no list=rkn
- add address=34.240.0.0/13 comment=Fuck_RKN disabled=no list=rkn
- add address=34.248.0.0/13 comment=Fuck_RKN disabled=no list=rkn
- add address=35.156.0.0/14 comment=Fuck_RKN disabled=no list=rkn
- add address=35.160.0.0/13 comment=Fuck_RKN disabled=no list=rkn
- add address=35.178.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=35.180.0.0/16 comment=Fuck_RKN disabled=no list=rkn
- add address=35.184.0.0/13 comment=Fuck_RKN disabled=no list=rkn
- add address=35.192.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=35.208.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=35.224.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=52.192.0.0/11 comment=Fuck_RKN disabled=no list=rkn
- add address=52.56.0.0/16 comment=Fuck_RKN disabled=no list=rkn
- add address=52.57.0.0/16 comment=Fuck_RKN disabled=no list=rkn
- add address=52.58.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=52.64.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=54.144.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=54.160.0.0/12 comment=Fuck_RKN disabled=no list=rkn
- add address=54.228.0.0/15 comment=Fuck_RKN disabled=no list=rkn
- add address=68.171.224.0/19 comment=Fuck_RKN disabled=no list=rkn
- add address=74.82.64.0/19 comment=Fuck_RKN disabled=no list=rkn
- add address=91.108.56.0/22 comment=Fuck_RKN disabled=no list=rkn
- add address=103.246.200.0/22 comment=Fuck_RKN disabled=no list=rkn
- add address=149.154.160.0/22 comment=Fuck_RKN disabled=no list=rkn
- add address=178.239.88.0/21 comment=Fuck_RKN disabled=no list=rkn
- add address=203.104.128.0/20 comment=Fuck_RKN disabled=no list=rkn
- add address=203.104.144.0/21 comment=Fuck_RKN disabled=no list=rkn
- add address=203.104.152.0/22 comment=Fuck_RKN disabled=no list=rkn
- add address=178.62.9.171 comment=Fuck_RKN disabled=no list=rkn
- add address=2ip.ru comment="Just for testing" disabled=yes list=rkn
- add address=13.230.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=18.144.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=18.204.0.0/14 comment="Fuck RKN" disabled=no list=rkn
- add address=18.218.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=18.236.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=23.251.128.0/19 comment="Fuck RKN" disabled=no list=rkn
- add address=35.176.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=45.76.82.0/23 comment="Fuck RKN" disabled=no list=rkn
- add address=46.101.128.0/17 comment="Fuck RKN" disabled=no list=rkn
- add address=47.91.64.0/19 comment="Fuck RKN" disabled=no list=rkn
- add address=51.136.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=51.15.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=52.32.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=54.212.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=54.64.0.0/13 comment="Fuck RKN" disabled=no list=rkn
- add address=64.137.0.0/17 comment="Fuck RKN" disabled=no list=rkn
- add address=91.121.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=94.177.224.0/21 comment="Fuck RKN" disabled=no list=rkn
- add address=98.158.176.0/20 comment="Fuck RKN" disabled=no list=rkn
- add address=128.199.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=139.59.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=159.122.128.0/18 comment="Fuck RKN" disabled=no list=rkn
- add address=159.203.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=159.65.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=159.89.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=165.227.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=167.99.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=174.104.0.0/15 comment="Fuck RKN" disabled=no list=rkn
- add address=174.138.0.0/17 comment="Fuck RKN" disabled=no list=rkn
- add address=176.67.169.0/24 comment="Fuck RKN" disabled=no list=rkn
- add address=178.63.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- add address=185.166.212.0/23 comment="Fuck RKN" disabled=no list=rkn
- add address=185.229.227.0/24 comment="Fuck RKN" disabled=no list=rkn
- add address=188.166.0.0/17 comment="Fuck RKN" disabled=no list=rkn
- add address=195.154.0.0/17 comment="Fuck RKN" disabled=no list=rkn
- add address=206.189.0.0/16 comment="Fuck RKN" disabled=no list=rkn
- /ip firewall filter
- add action=passthrough chain="Add Accept --->" !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=igmp \
- !psd !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=5050 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=443 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=icmp \
- !psd !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=drop chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate connection-state=\
- invalid !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority !protocol !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate connection-state=\
- established,related !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=accept chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=8295 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !ttl
- add action=add-src-to-address-list address-list=AcceptKnocking \
- address-list-timeout=1h chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=65444 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking_st3 !src-address-type !src-mac-address !src-port \
- !tcp-flags !tcp-mss !time !ttl
- add action=add-src-to-address-list address-list=AcceptKnocking_st3 \
- address-list-timeout=none-dynamic chain=input !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=9888 \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- protocol=tcp !psd !random !routing-mark !routing-table !src-address \
- src-address-list=AcceptKnocking_st2 !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !ttl
- add action=add-src-to-address-list address-list=AcceptKnocking_st2 \
- address-list-timeout=1m chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=8889 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking_st1 !src-address-type !src-mac-address !src-port \
- !tcp-flags !tcp-mss !time !ttl
- add action=add-src-to-address-list address-list=AcceptKnocking_st1 \
- address-list-timeout=1m chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=8888 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !ttl
- add action=accept chain=input comment=adblock_helper !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- connection-state=established,related !connection-type !content disabled=\
- no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list !out-interface \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- add action=reject chain=input comment=adblock_helper !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=\
- 80,443 !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list !out-interface \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority protocol=tcp !psd !random reject-with=tcp-reset \
- !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=passthrough chain="Add Accept <---" !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=drop chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority !protocol !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=drop chain=forward !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate connection-state=\
- invalid !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority !protocol !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=reject chain=forward comment=Prohibit-Internet !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface out-interface-list=\
- ISP !packet-mark !packet-size !per-connection-classifier !port !priority \
- protocol=tcp !psd !random reject-with=tcp-reset !routing-mark \
- !routing-table !src-address src-address-list=Prohibit-Internet \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=reject chain=forward comment=Prohibit-Internet !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface out-interface-list=\
- ISP !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random reject-with=icmp-admin-prohibited !routing-mark \
- !routing-table !src-address src-address-list=Prohibit-Internet \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=accept chain=forward !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate connection-state=\
- established,related !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=accept chain=forward !connection-bytes !connection-limit \
- !connection-mark connection-nat-state=dstnat !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=drop chain=forward !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority !protocol !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=drop chain=input comment="Ping block" !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=yes !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- in-interface=WAN !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- protocol=icmp !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !ttl
- add action=drop chain=input comment="Port blocking block" !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=yes !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- in-interface=WAN !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size !per-connection-classifier !port !priority \
- protocol=udp !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !ttl
- add action=drop chain=input !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=yes !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=53 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
- WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !ttl
- add action=accept chain=forward !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=yes !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=yes log-prefix=ESXI !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority !protocol !psd \
- !random !routing-mark !routing-table src-address=192.168.1.3 \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- /ip firewall mangle
- add action=passthrough chain="Not Edit and Not Mixer ----->"
- add action=mark-connection chain=prerouting !connection-bytes \
- !connection-limit connection-mark=no-mark !connection-nat-state \
- !connection-rate connection-state=new !connection-type !content disabled=\
- no !dscp dst-address=192.168.1.91 !dst-address-list !dst-address-type \
- !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=todante !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
- yes !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=mark-connection chain=prerouting !connection-bytes \
- !connection-limit connection-mark=no-mark !connection-nat-state \
- !connection-rate connection-state=new !connection-type !content disabled=\
- no !dscp dst-address=192.168.1.80 !dst-address-list !dst-address-type \
- !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=todante !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
- yes !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=mark-connection chain=prerouting !connection-bytes \
- !connection-limit connection-mark=no-mark !connection-nat-state \
- !connection-rate connection-state=new !connection-type !content disabled=\
- no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=v6_conmark !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=yes !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table src-address=\
- 192.168.1.91 !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- add action=mark-connection chain=prerouting !connection-bytes \
- !connection-limit connection-mark=no-mark !connection-nat-state \
- !connection-rate connection-state=new !connection-type !content disabled=\
- no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=v6_conmark !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=yes !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table src-address=\
- 192.168.1.80 !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
- connection-mark=v6_conmark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-routing-mark=v6 !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
- yes !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table src-address=192.168.1.91 !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
- connection-mark=v6_conmark !connection-nat-state !connection-rate \
- !connection-state !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- !in-interface !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-routing-mark=v6 !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
- yes !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table src-address=192.168.1.80 !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
- !tls-host !ttl
- add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
- !connection-mark !connection-nat-state !connection-rate !connection-state \
- !connection-type !content disabled=no !dscp !dst-address \
- dst-address-list=rkn !dst-address-type !dst-limit !dst-port !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" new-routing-mark=rkn !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
- !priority !protocol !psd !random !routing-mark !routing-table \
- src-address=192.168.1.0/24 !src-address-list !src-address-type \
- !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- # no interface
- add action=mark-connection chain=prerouting comment=Beeline !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- connection-state=new !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- in-interface=*6 !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=Prerouting/Beeline !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=no !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=output comment=Beeline !connection-bytes \
- !connection-limit connection-mark=Prerouting/Beeline \
- !connection-nat-state !connection-rate !connection-state !connection-type \
- !content disabled=no !dscp !dst-address !dst-address-list \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
- !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- # no interface
- add action=mark-routing chain=prerouting comment=Beeline !connection-bytes \
- !connection-limit connection-mark=Prerouting/Beeline \
- !connection-nat-state !connection-rate !connection-state !connection-type \
- !content disabled=no !dscp !dst-address !dst-address-list \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list in-interface=!*6 !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
- !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=prerouting comment="Beeline List" \
- connection-mark=no-mark dst-address-list=!BOGONS new-routing-mark=\
- Next-Hop/Beeline passthrough=no src-address-list=via/Beeline
- add action=mark-routing chain=output comment="Beeline List" connection-mark=\
- no-mark dst-address-list=dst/Beeline new-routing-mark=Next-Hop/Beeline \
- passthrough=no
- # YotaUSB not ready
- add action=mark-connection chain=prerouting comment=Yota !connection-bytes \
- !connection-limit !connection-mark !connection-nat-state !connection-rate \
- connection-state=new !connection-type !content disabled=no !dscp \
- !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
- !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
- in-interface=*5 !in-interface-list !ingress-priority !ipsec-policy \
- !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- new-connection-mark=Prerouting/Yota !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=no !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=output comment=Yota connection-mark=\
- Prerouting/Yota new-routing-mark=Next-Hop/Yota passthrough=no
- add action=mark-routing chain=output comment=Yota dst-address-list=!BOGONS \
- new-routing-mark=Next-Hop/Yota passthrough=no src-address=10.0.0.10
- # YotaUSB not ready
- add action=mark-routing chain=prerouting comment=Yota !connection-bytes \
- !connection-limit connection-mark=Prerouting/Yota !connection-nat-state \
- !connection-rate !connection-state !connection-type !content disabled=no \
- !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list in-interface=!*5 !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" new-routing-mark=Next-Hop/Yota !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=no !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
- !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=prerouting comment="Yota List" connection-mark=\
- no-mark dst-address-list=!BOGONS new-routing-mark=Next-Hop/Yota \
- passthrough=no src-address-list=via/Yota
- add action=mark-routing chain=output comment="Yota List" connection-mark=\
- no-mark dst-address-list=dst/Yota new-routing-mark=Next-Hop/Yota \
- passthrough=no
- add action=mark-connection chain=prerouting comment=78.107.248.100 \
- connection-state=new dst-address=78.107.254.100 in-interface=WAN \
- new-connection-mark=Prerouting/78.107.254.100 passthrough=no
- add action=mark-routing chain=output comment=78.107.248.100 connection-mark=\
- Prerouting/78.107.254.100 new-routing-mark=Next-Hop/78.107.248.1 \
- passthrough=no
- add action=mark-routing chain=output comment=78.107.248.100 dst-address-list=\
- !BOGONS new-routing-mark=Next-Hop/78.107.248.1 passthrough=no \
- src-address=78.107.248.100
- add action=mark-routing chain=prerouting comment=78.107.248.100 \
- connection-mark=Prerouting/78.107.254.100 in-interface=!WAN \
- new-routing-mark=Next-Hop/78.107.248.1 passthrough=no
- # aws1 not ready
- add action=mark-connection chain=prerouting comment=aws1 connection-state=new \
- in-interface=aws1 new-connection-mark=Prerouting/aws1 passthrough=no
- add action=mark-routing chain=output comment=aws1 connection-mark=\
- Prerouting/aws1 new-routing-mark=Next-Hop/aws1 passthrough=no
- # aws1 not ready
- add action=mark-routing chain=prerouting comment=aws1 connection-mark=\
- Prerouting/aws1 in-interface=!aws1 new-routing-mark=Next-Hop/aws1 \
- passthrough=no
- # aws2 not ready
- add action=mark-connection chain=prerouting comment=aws2 connection-state=new \
- in-interface=aws2 new-connection-mark=Prerouting/aws2 passthrough=no
- add action=mark-routing chain=output comment=aws2 connection-mark=\
- Prerouting/aws2 new-routing-mark=Next-Hop/aws2 passthrough=no
- # aws2 not ready
- add action=mark-routing chain=prerouting comment=aws2 connection-mark=\
- Prerouting/aws2 in-interface=!aws2 new-routing-mark=Next-Hop/aws2 \
- passthrough=no
- add action=passthrough chain="Not Edit and Not Mixer <-----"
- add action=mark-routing chain=prerouting comment=TEST connection-mark=no-mark \
- disabled=yes dst-address-list=!BOGONS dst-port=80 in-interface-list=!ISP \
- new-routing-mark=Next-Hop/Beeline passthrough=no protocol=tcp \
- src-address-list=BOGONS
- add action=mark-routing chain=prerouting comment="All Via USB Yota" \
- !connection-bytes !connection-limit connection-mark=no-mark \
- !connection-nat-state !connection-rate !connection-state !connection-type \
- !content disabled=yes !dscp !dst-address dst-address-list=!BOGONS \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=!ISP \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" new-routing-mark=Next-Hop/Yota !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size passthrough=no !per-connection-classifier !port !priority \
- !protocol !psd !random !routing-mark !routing-table !src-address \
- src-address-list=BOGONS !src-address-type !src-mac-address !src-port \
- !tcp-flags !tcp-mss !time !tls-host !ttl
- add action=mark-routing chain=prerouting comment="All Via USB Beeline" \
- !connection-bytes !connection-limit connection-mark=no-mark \
- !connection-nat-state !connection-rate !connection-state !connection-type \
- !content disabled=yes !dscp !dst-address dst-address-list=!BOGONS \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=!ISP \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
- !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
- !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
- !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address src-address-list=BOGONS !src-address-type !src-mac-address \
- !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
- /ip firewall nat
- add action=masquerade chain=srcnat dst-address-list=rkn src-address=\
- 192.168.1.0/24 !to-addresses !to-ports
- # no interface
- add action=masquerade chain=srcnat comment=Beeline !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp !dst-address !dst-address-list \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
- out-interface=*6 !out-interface-list !packet-mark !packet-size \
- !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- !to-addresses !to-ports !ttl
- # YotaUSB not ready
- add action=masquerade chain=srcnat comment=Yota !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp !dst-address !dst-address-list \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
- out-interface=*5 !out-interface-list !packet-mark !packet-size \
- !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark !routing-table src-address=192.168.1.200 !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- !to-addresses !to-ports !ttl
- add action=src-nat chain=srcnat comment=78.107.248.1 !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp !dst-address !dst-address-list \
- !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
- out-interface=WAN !out-interface-list !packet-mark !packet-size \
- !per-connection-classifier !port !priority !protocol !psd !random \
- !routing-mark routing-table=Next-Hop/78.107.248.1 !src-address \
- !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss \
- !time to-addresses=78.107.248.100 !to-ports !ttl
- add action=masquerade chain=srcnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list out-interface=WAN \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-mss !time !to-addresses !to-ports !ttl
- add action=masquerade chain=srcnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list out-interface=aruba \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-mss !time !tls-host !to-addresses !to-ports !ttl
- add action=dst-nat chain=dstnat comment="FTP Win" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=19 !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list in-interface=WAN !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size \
- !per-connection-classifier !port !priority protocol=tcp !psd !random \
- !routing-mark !routing-table !src-address src-address-list=AcceptKnocking \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.122 to-ports=21 !ttl
- add action=dst-nat chain=dstnat comment=Dante !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=1080 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.91 to-ports=1080 !ttl
- add action=dst-nat chain=dstnat comment=WEBDAV !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=81 !fragment !hotspot !icmp-options \
- !in-bridge-port !in-bridge-port-list in-interface=WAN !in-interface-list \
- !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
- log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
- !out-interface !out-interface-list !packet-mark !packet-size \
- !per-connection-classifier !port !priority protocol=tcp !psd !random \
- !routing-mark !routing-table !src-address src-address-list=AcceptKnocking \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.122 to-ports=80 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=500 in-interface=WAN protocol=udp to-addresses=\
- 192.168.1.214 to-ports=500
- add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
- dst-port=19142 in-interface=WAN protocol=tcp src-address-list=\
- AcceptKnocking to-addresses=192.168.1.248 to-ports=80
- add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
- dst-port=19142 in-interface=WAN protocol=udp src-address-list=\
- AcceptKnocking to-addresses=192.168.1.248 to-ports=80
- add action=dst-nat chain=dstnat comment=ZABBIX dst-address=78.107.254.100 \
- dst-port=82 in-interface=WAN protocol=tcp src-address-list=AcceptKnocking \
- to-addresses=192.168.1.208 to-ports=80
- add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=2443 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time !tls-host to-addresses=192.168.1.214 to-ports=443 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=2443 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time !tls-host to-addresses=192.168.1.214 to-ports=443 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=500 in-interface=WAN protocol=tcp to-addresses=\
- 192.168.1.214 to-ports=500
- add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
- 78.107.254.100 dst-port=992 in-interface=WAN protocol=tcp \
- src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=992
- add action=dst-nat chain=dstnat comment=RDP !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=33389 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time !tls-host to-addresses=192.168.1.122 to-ports=3389 !ttl
- add action=dst-nat chain=dstnat comment=RDP !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=888 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time to-addresses=\
- 192.168.1.201 to-ports=80 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
- 78.107.254.100 dst-port=992 in-interface=WAN protocol=udp \
- src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=992
- add action=dst-nat chain=dstnat comment="TOR SSH work" dst-address=\
- 78.107.254.100 dst-port=2222 in-interface=WAN protocol=tcp \
- src-address-list=AcceptKnocking to-addresses=192.168.1.217 to-ports=22
- add action=dst-nat chain=dstnat comment="SoftEther VPN work" dst-address=\
- 78.107.254.100 dst-port=2223 in-interface=WAN protocol=tcp \
- src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=22
- add action=dst-nat chain=dstnat comment="I2P SSH" dst-address=78.107.254.100 \
- dst-port=2224 in-interface=WAN protocol=tcp src-address-list=\
- AcceptKnocking to-addresses=192.168.1.213 to-ports=22
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=1194 in-interface=WAN log=yes protocol=udp \
- to-addresses=192.168.1.214 to-ports=1194
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=1194 in-interface=WAN protocol=tcp to-addresses=\
- 192.168.1.214 to-ports=1194
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=1701 in-interface=WAN protocol=udp to-addresses=\
- 192.168.1.214 to-ports=1701
- add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=yes !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=443 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.214 to-ports=443 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=1701 in-interface=WAN protocol=tcp to-addresses=\
- 192.168.1.214 to-ports=1701
- add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=yes !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=443 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.214 to-ports=443 !ttl
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=4500 in-interface=WAN protocol=udp to-addresses=\
- 192.168.1.214 to-ports=4500
- add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
- 78.107.254.100 dst-port=4500 in-interface=WAN protocol=tcp to-addresses=\
- 192.168.1.214 to-ports=4500
- add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
- 78.107.254.100 dst-port=5555 in-interface=WAN protocol=tcp to-addresses=\
- 192.168.1.214 to-ports=5555
- add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
- 78.107.254.100 dst-port=5555 in-interface=WAN protocol=udp to-addresses=\
- 192.168.1.214 to-ports=5555
- add action=dst-nat chain=dstnat comment="VNC Macbook" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=6666 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time to-addresses=192.168.1.222 to-ports=6666 !ttl
- add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
- dst-port=10785 in-interface=WAN protocol=udp to-addresses=192.168.1.213 \
- to-ports=10785
- add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
- dst-port=10786 in-interface=WAN protocol=udp to-addresses=192.168.1.204 \
- to-ports=10786
- add action=dst-nat chain=dstnat comment="Zabbix port Forward" \
- !connection-bytes !connection-limit !connection-mark !connection-rate \
- !connection-type !content disabled=no !dscp dst-address=78.107.254.100 \
- !dst-address-list !dst-address-type !dst-limit dst-port=82 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
- WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=yes log-prefix=1 !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time to-addresses=192.168.1.208 to-ports=80 !ttl
- add action=dst-nat chain=dstnat comment="hEX port Forward" !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=8296 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time !tls-host to-addresses=192.168.1.4 to-ports=8291 !ttl
- add action=dst-nat chain=dstnat comment="CyberPower port Forward" \
- !connection-bytes !connection-limit !connection-mark !connection-rate \
- !connection-type !content disabled=no !dscp !dst-address \
- !dst-address-list !dst-address-type !dst-limit dst-port=3052 !fragment \
- !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
- WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=yes log-prefix=1 !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
- !random !routing-mark !routing-table !src-address src-address-list=\
- AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
- !time to-addresses=192.168.1.205 to-ports=3052 !ttl
- add action=redirect chain=dstnat dst-port=53 protocol=udp !to-addresses \
- !to-ports
- add action=dst-nat chain=dstnat comment=Dante !connection-bytes \
- !connection-limit !connection-mark !connection-rate !connection-type \
- !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
- !dst-address-type !dst-limit dst-port=1080 !fragment !hotspot \
- !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
- !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
- !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
- !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
- !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
- !random !routing-mark !routing-table !src-address !src-address-list \
- !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
- to-addresses=192.168.1.91 to-ports=1080 !ttl
- add action=dst-nat chain=dstnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp dst-address=78.107.254.100 !dst-address-list !dst-address-type \
- !dst-limit dst-port=1080 !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list !out-interface \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-mss !time !tls-host to-addresses=192.168.1.91 !to-ports \
- !ttl
- add action=dst-nat chain=dstnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp dst-address=78.107.254.100 !dst-address-list !dst-address-type \
- !dst-limit dst-port=8443 !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list !out-interface \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-mss !time !tls-host to-addresses=192.168.1.80 !to-ports \
- !ttl
- add action=masquerade chain=srcnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
- !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list out-interface=WAN \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority !protocol !psd !random !routing-mark !routing-table \
- !src-address !src-address-list !src-address-type !src-mac-address \
- !src-port !tcp-mss !time !tls-host !to-addresses !to-ports !ttl
- add action=masquerade chain=srcnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp dst-address=192.168.1.91 !dst-address-list !dst-address-type \
- !dst-limit dst-port=1080 !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list out-interface=LAN \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
- src-address=192.168.1.0/24 !src-address-list !src-address-type \
- !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses \
- !to-ports !ttl
- add action=masquerade chain=srcnat !connection-bytes !connection-limit \
- !connection-mark !connection-rate !connection-type !content disabled=no \
- !dscp dst-address=192.168.1.80 !dst-address-list !dst-address-type \
- !dst-limit dst-port=8443 !fragment !hotspot !icmp-options !in-bridge-port \
- !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
- !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
- !nth !out-bridge-port !out-bridge-port-list out-interface=LAN \
- !out-interface-list !packet-mark !packet-size !per-connection-classifier \
- !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
- src-address=192.168.1.0/24 !src-address-list !src-address-type \
- !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses \
- !to-ports !ttl
- /ip firewall service-port
- set ftp disabled=no ports=21
- set tftp disabled=no ports=69
- set irc disabled=no ports=6667
- set h323 disabled=no
- set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
- set pptp disabled=no
- set udplite disabled=no
- set dccp disabled=no
- set sctp disabled=no
- /ip hotspot service-port
- set ftp disabled=no ports=21
- /ip hotspot user
- set [ find default=yes ] comment="counters and limits for trial users" \
- disabled=no name=default-trial
- add disabled=no name=admin profile=default
- /ip ipsec policy
- set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=\
- all src-address=::/0 template=yes
- /ip ipsec user settings
- set xauth-use-radius=no
- /ip proxy
- set always-from-cache=no anonymous=no cache-administrator=webmaster \
- cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
- max-cache-object-size=2048KiB max-cache-size=unlimited \
- max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
- parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no \
- src-address=::
- /ip route
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
- dst-address=0.0.0.0/0 gateway=aruba !route-tag routing-mark=v6 scope=30 \
- target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
- dst-address=0.0.0.0/0 gateway=10.0.254.1 !route-tag routing-mark=rkn \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=0.0.0.0/0 gateway=5.5.5.5 !route-tag routing-mark=\
- Next-Hop/Beeline scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=0.0.0.0/0 gateway=10.0.0.1 !route-tag routing-mark=\
- Next-Hop/Yota scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
- dst-address=0.0.0.0/0 gateway=78.107.248.1 !route-tag routing-mark=\
- Next-Hop/78.107.248.1 scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=0.0.0.0/0 gateway=aws1 !route-tag routing-mark=Next-Hop/aws1 \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=0.0.0.0/0 gateway=aws2 !route-tag routing-mark=Next-Hop/aws2 \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=254 \
- dst-address=0.0.0.0/0 gateway=Br-Loopback !route-tag !routing-mark scope=\
- 30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=0.0.0.0/0 gateway=sit1 !route-tag !routing-mark scope=30 \
- target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
- dst-address=149.154.167.220/32 gateway=aruba !route-tag !routing-mark \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=192.168.7.0/24 gateway=sstp-in1 !route-tag !routing-mark \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=192.168.11.0/24 gateway=gre-tunnel1 !route-tag !routing-mark \
- scope=30 target-scope=10
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
- dst-address=192.168.111.0/24 gateway=192.168.99.2 pref-src=192.168.1.1 \
- !route-tag !routing-mark scope=30 target-scope=10
- /ip route rule
- add action=lookup-only-in-table disabled=no !dst-address !interface \
- routing-mark=Next-Hop/Beeline !src-address table=Next-Hop/Beeline
- add action=lookup-only-in-table disabled=no !dst-address !interface \
- routing-mark=Next-Hop/Yota !src-address table=Next-Hop/Yota
- add action=lookup-only-in-table disabled=no !dst-address !interface \
- routing-mark=Next-Hop/78.107.248.1 !src-address table=\
- Next-Hop/78.107.248.1
- add action=lookup-only-in-table disabled=no !dst-address !interface \
- routing-mark=Next-Hop/aws1 !src-address table=Next-Hop/aws1
- add action=lookup-only-in-table disabled=no !dst-address !interface \
- routing-mark=Next-Hop/aws2 !src-address table=Next-Hop/aws2
- /ip service
- set telnet address="" disabled=yes port=23
- set ftp address="" disabled=yes port=21
- set www address="" disabled=yes port=83
- set ssh address="" disabled=yes port=222
- set www-ssl address="" certificate=none disabled=yes port=443
- set api address="" disabled=yes port=8728
- set winbox address="" disabled=no port=8295
- set api-ssl address="" certificate=none disabled=yes port=8729
- /ip smb
- set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
- all
- /ip smb shares
- set [ find default=yes ] comment="default share" directory=/pub disabled=no \
- max-sessions=10 name=pub
- /ip smb users
- set [ find default=yes ] disabled=no name=guest read-only=yes
- /ip socks
- set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
- /ip ssh
- set always-allow-password-login=no forwarding-enabled=no host-key-size=2048 \
- strong-crypto=no
- /ip traffic-flow
- set active-flow-timeout=30m cache-entries=128k enabled=no \
- inactive-flow-timeout=15s interfaces=all
- /ip traffic-flow ipfix
- set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes \
- dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes \
- igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes \
- ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=\
- yes nat-dst-port=yes nat-src-address=yes nat-src-port=yes out-interface=\
- yes packets=yes protocol=yes src-address=yes src-address-mask=yes \
- src-mac-address=yes src-port=yes tcp-ack-num=yes tcp-flags=yes \
- tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
- /ip upnp
- set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
- /ipv6 address
- add address=2001:470:6c:570::2/64 advertise=yes disabled=no eui-64=no \
- from-pool="" interface=LAN no-dad=no
- add address=2001:470:6c:570::2/64 advertise=no disabled=no eui-64=no \
- from-pool="" interface=sit1 no-dad=no
- /ipv6 nd
- set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=\
- no hop-limit=unspecified interface=all managed-address-configuration=no \
- mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
- ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
- unspecified
- /ipv6 nd prefix default
- set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
- /ipv6 route
- add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
- !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
- dst-address=2000::/3 gateway=sit1 !route-tag scope=30 target-scope=10
- /mpls
- set dynamic-label-range=16-1048575 propagate-ttl=yes
- /mpls interface
- set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
- /mpls ldp
- set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
- lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
- use-explicit-null=no
- /port firmware
- set directory=firmware ignore-directip-modem=no
- /ppp aaa
- set accounting=yes interim-update=0s use-circuit-id-in-nas-port-id=no \
- use-radius=no
- /ppp secret
- add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
- local-address=192.168.2.1 name=admin profile=default remote-address=\
- 192.168.2.2 !remote-ipv6-prefix routes="" service=pptp
- add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
- local-address=192.168.2.1 name=mac profile=default remote-address=\
- 192.168.2.2 !remote-ipv6-prefix routes="" service=pptp
- add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
- !local-address name=admin profile=l2tp_Provile !remote-address \
- !remote-ipv6-prefix routes="" service=l2tp
- add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
- !local-address name=office profile=l2tp_Provile !remote-address \
- !remote-ipv6-prefix routes="" service=any
- add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
- !local-address name=aws profile=l2tp_Provile !remote-address \
- !remote-ipv6-prefix routes="" service=any
- add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
- local-address=192.168.99.1 name=sstp profile=default remote-address=\
- 192.168.99.2 !remote-ipv6-prefix routes="" service=sstp
- /radius incoming
- set accept=no port=3799
- /routing bfd interface
- set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
- multiplier=5
- /routing mme
- set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
- gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
- 0.0.0.0 timeout=1m ttl=50
- /routing ospf interface
- add authentication=md5 authentication-key-id=1 cost=10 dead-interval=40s \
- disabled=yes hello-interval=10s instance-id=0 network-type=point-to-point \
- passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
- add authentication=md5 authentication-key-id=1 cost=10 dead-interval=40s \
- disabled=yes hello-interval=10s instance-id=0 network-type=point-to-point \
- passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
- /routing rip
- set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
- metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
- redistribute-connected=no redistribute-ospf=no redistribute-static=no \
- routing-table=main timeout-timer=3m update-timer=30s
- /routing ripng
- set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
- metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
- redistribute-connected=no redistribute-ospf=no redistribute-static=no \
- timeout-timer=3m update-timer=30s
- /snmp
- set contact=j0e0e@yandex.ru enabled=yes engine-id="" location=537 \
- src-address=:: trap-community=public trap-generators=interfaces \
- trap-interfaces=all trap-target=192.168.1.88 trap-version=2
- /system clock
- set time-zone-autodetect=yes time-zone-name=Europe/Moscow
- /system clock manual
- set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
- "jan/01/1970 00:00:00" time-zone=+00:00
- /system console
- set [ find vcno=1 ] channel=0 disabled=no term=linux
- set [ find vcno=2 ] channel=0 disabled=no term=linux
- set [ find vcno=3 ] channel=0 disabled=no term=linux
- set [ find vcno=4 ] channel=0 disabled=no term=linux
- set [ find vcno=5 ] channel=0 disabled=no term=linux
- set [ find vcno=6 ] channel=0 disabled=no term=linux
- set [ find vcno=7 ] channel=0 disabled=no term=linux
- set [ find vcno=8 ] channel=0 disabled=no term=linux
- /system console screen
- set blank-interval=10min line-count=25
- /system hardware
- set multi-cpu=yes
- /system health
- set state-after-reboot=enabled
- /system identity
- set name=MikroTik_GW_1.1
- /system leds settings
- set all-leds-off=never
- /system logging
- set 0 action=disk disabled=no prefix="" topics=info
- set 1 action=remote disabled=no prefix=error topics=error
- set 2 action=remote disabled=yes prefix="" topics=warning
- set 3 action=disk disabled=no prefix="" topics=critical
- add action=disk disabled=yes prefix="" topics=firewall
- add action=syslog disabled=yes prefix=dhcp topics=dhcp
- add action=memory disabled=no prefix="" topics=l2tp
- add action=disk disabled=no prefix="" topics=error
- add action=remote disabled=yes prefix="" topics=info
- add action=syslog disabled=no prefix=warning topics=warning
- add action=disk disabled=yes prefix=fetch: topics=!info
- add action=remote disabled=no prefix="" topics=""
- add action=syslog disabled=no prefix=crit topics=critical
- add action=syslog disabled=no prefix=info topics=info
- /system note
- set note="" show-at-login=yes
- /system ntp client
- set enabled=yes primary-ntp=95.104.193.195 secondary-ntp=91.206.16.3 \
- server-dns-names=""
- /system resource irq
- set 0 cpu=auto
- set 1 cpu=auto
- set 2 cpu=auto
- set 3 cpu=auto
- set 4 cpu=auto
- set 5 cpu=auto
- set 6 cpu=auto
- set 7 cpu=auto
- set 8 cpu=auto
- set 9 cpu=auto
- set 10 cpu=auto
- set 11 cpu=auto
- set 12 cpu=auto
- set 13 cpu=auto
- set 14 cpu=auto
- /system resource irq rps
- set WAN disabled=no
- set LAN disabled=no
- /system upgrade mirror
- set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
- 0.0.0.0 user=""
- /system watchdog
- set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
- none watchdog-timer=yes
- /tool bandwidth-server
- set allocate-udp-ports-from=2000 authenticate=no enabled=no max-sessions=100
- /tool e-mail
- set address=173.194.222.109 from=mikrotik@ladmin1ty.com port=587 start-tls=\
- yes user=mikrotik@ladmin1ty.com
- /tool graphing
- set page-refresh=300 store-every=5min
- /tool graphing interface
- add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
- /tool graphing resource
- add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
- /tool mac-server
- set allowed-interface-list=all
- /tool mac-server mac-winbox
- set allowed-interface-list=all
- /tool mac-server ping
- set enabled=no
- /tool romon
- set enabled=yes id=00:00:00:00:00:00
- /tool romon port
- set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
- /tool sms
- set allowed-number="" channel=0 keep-max-sms=0 port=none receive-enabled=no
- /tool sniffer
- set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any \
- filter-interface="" filter-ip-address="" filter-ip-protocol="" \
- filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
- filter-operator-between-entries=or filter-port="" filter-stream=no \
- memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\
- no streaming-server=0.0.0.0
- /tool traffic-generator
- set latency-distribution-max=100us measure-out-of-order=no \
- stats-samples-to-keep=100 test-id=0
- /user aaa
- set accounting=yes default-group=read exclude-groups="" interim-update=0s \
- use-radius=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement