# jun/28/2018 12:05:30 by RouterOS 6.42.3# software id = ###/interface

1. # jun/28/2018 12:05:30 by RouterOS 6.42.3
2. # software id =
3. #
4. #
5. #
6. /interface sstp-server
7. add comment="From mAP (Wherever it is)" disabled=no name=sstp-in1 user=sstp
8. /interface bridge
9. add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes disabled=no \
10. fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s \
11. mtu=auto name=Br-Loopback priority=0x8000 protocol-mode=rstp \
12. transmit-hold-count=6 vlan-filtering=no
13. add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes disabled=no \
14. fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s \
15. mtu=auto name=lo0 priority=0x8000 protocol-mode=rstp transmit-hold-count=\
16. 6 vlan-filtering=no
17. /interface ethernet
18. set [ find default-name=ether2 ] advertise=\
19. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
20. arp-timeout=auto auto-negotiation=yes cable-settings=default \
21. disable-running-check=yes disabled=no full-duplex=yes loop-protect=\
22. default loop-protect-disable-time=5m loop-protect-send-interval=5s \
23. mac-address=00:0C:29:B4:B8:AB mtu=1500 name=LAN orig-mac-address=\
24. 00:0C:29:B4:B8:AB speed=1Gbps
25. set [ find default-name=ether1 ] advertise=\
26. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
27. arp-timeout=auto auto-negotiation=yes cable-settings=default \
28. disable-running-check=yes disabled=no full-duplex=yes loop-protect=\
29. default loop-protect-disable-time=5m loop-protect-send-interval=5s \
30. mac-address=00:0C:29:B4:B8:A1 mtu=1500 name=WAN orig-mac-address=\
31. 00:0C:29:B4:B8:A1 speed=1Gbps
32. /interface gre
33. add allow-fast-path=no clamp-tcp-mss=yes comment="From Balnet home" disabled=\
34. no dont-fragment=no dscp=inherit ipsec-secret=PASSWORD keepalive=10s,10 \
35. local-address=78.107.254.100 mtu=auto name=gre-tunnel1 remote-address=\
36. 91.211.104.130
37. /interface 6to4
38. add clamp-tcp-mss=yes comment="Hurricane Electric IPv6 Tunnel Broker" \
39. disabled=no dont-fragment=no dscp=inherit !ipsec-secret !keepalive \
40. local-address=78.107.254.100 mtu=auto name=sit1 remote-address=\
41. 216.66.86.114
42. /queue interface
43. set Br-Loopback queue=no-queue
44. set gre-tunnel1 queue=no-queue
45. set lo0 queue=no-queue
46. set sit1 queue=no-queue
47. set sstp-in1 queue=no-queue
48. /interface list
49. set [ find name=all ] comment="contains all interfaces" exclude="" include="" \
50. name=all
51. set [ find name=none ] comment="contains no interfaces" exclude="" include="" \
52. name=none
53. set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" \
54. include="" name=dynamic
55. add exclude="" include="" name=ISP
56. add exclude="" include="" name=AWS
57. /interface lte apn
58. set [ find default=yes ] add-default-route=yes apn=internet \
59. default-route-distance=2 name=default use-peer-dns=yes
60. /interface wireless security-profiles
61. set [ find default=yes ] authentication-types="" eap-methods=passthrough \
62. group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
63. management-protection=disabled mode=none mschapv2-username="" name=\
64. default radius-eap-accounting=no radius-mac-accounting=no \
65. radius-mac-authentication=no radius-mac-caching=disabled \
66. radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
67. static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
68. none static-sta-private-algo=none static-transmit-key=key-0 \
69. supplicant-identity=MikroTik tls-certificate=none tls-mode=\
70. no-certificates unicast-ciphers=aes-ccm
71. /ip dhcp-client option
72. set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
73. set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
74. set hostname code=12 name=hostname value="\$(HOSTNAME)"
75. /ip dhcp-server option
76. add code=43 name=unifi value=0x0104C0A8030A
77. /ip hotspot profile
78. set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
79. hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=\
80. 0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
81. smtp-server=0.0.0.0 split-user-domain=no use-radius=no
82. add dns-name="" hotspot-address=192.168.1.1 html-directory=hotspot \
83. html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
84. login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 \
85. split-user-domain=no use-radius=no
86. /ip hotspot user profile
87. set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none \
88. !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=\
89. default !parent-queue !queue-type shared-users=1 status-autorefresh=1m \
90. transparent-proxy=no
91. /ip ipsec mode-config
92. set [ find default=yes ] name=request-only
93. /ip ipsec policy group
94. set [ find default=yes ] name=default
95. /ip ipsec proposal
96. set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
97. aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=\
98. modp1024
99. /ip pool
100. add name=dhcp ranges=192.168.1.2-192.168.1.254
101. add name=vpn_pool ranges=192.168.2.1-192.168.2.10
102. add name=hs-pool-4 ranges=192.168.1.11-192.168.1.254
103. add name=dhcp2 ranges=192.168.2.2-192.168.2.254
104. /ip dhcp-server
105. add address-pool=dhcp authoritative=yes bootp-support=static disabled=no \
106. interface=LAN lease-script="" lease-time=10m name=dhcp1 use-radius=no
107. /ipv6 pool
108. add name=myPool prefix=2001:db8:7501::/60 prefix-length=62
109. /port
110. set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
111. stop-bits=1
112. /ppp profile
113. set *0 address-list="" !bridge !bridge-horizon !bridge-path-cost \
114. !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
115. !incoming-filter !insert-queue-before !interface-list !local-address \
116. name=default on-down="" on-up="" only-one=default !outgoing-filter \
117. !parent-queue !queue-type !rate-limit !remote-address \
118. remote-ipv6-prefix-pool=none !session-timeout use-compression=default \
119. use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default \
120. !wins-server
121. add address-list="" !bridge !bridge-horizon !bridge-path-cost \
122. !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
123. !incoming-filter !insert-queue-before !interface-list local-address=\
124. vpn_pool name=l2tp_Provile on-down="" on-up="" only-one=default \
125. !outgoing-filter !parent-queue !queue-type !rate-limit remote-address=\
126. vpn_pool !session-timeout use-compression=default use-encryption=default \
127. use-ipv6=yes use-mpls=default use-upnp=default !wins-server
128. set *FFFFFFFE address-list="" !bridge !bridge-horizon !bridge-path-cost \
129. !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
130. !incoming-filter !insert-queue-before !interface-list !local-address \
131. name=default-encryption on-down="" on-up="" only-one=default \
132. !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address \
133. remote-ipv6-prefix-pool=none !session-timeout use-compression=default \
134. use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default \
135. !wins-server
136. /interface l2tp-client
137. add add-default-route=no allow=pap,chap,mschap1,mschap2 allow-fast-path=no \
138. connect-to=aruba.XXX.ru dial-on-demand=no disabled=no keepalive-timeout=\
139. 60 max-mru=1450 max-mtu=1450 mrru=disabled name=aruba profile=\
140. default-encryption use-ipsec=no user=chr
141. /interface pptp-client
142. add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=\
143. 34.197.214.15 default-route-distance=9 dial-on-demand=no disabled=yes \
144. keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=disabled name=aws1 \
145. profile=default-encryption user=aws1
146. add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
147. 18.220.96.78 dial-on-demand=no disabled=yes keepalive-timeout=60 max-mru=\
148. 1450 max-mtu=1450 mrru=disabled name=aws2 profile=default-encryption \
149. user=aws2
150. /queue interface
151. set aruba queue=no-queue
152. set aws1 queue=no-queue
153. set aws2 queue=no-queue
154. /queue type
155. set 0 kind=pfifo name=default pfifo-limit=50
156. set 1 kind=pfifo name=ethernet-default pfifo-limit=50
157. set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
158. set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
159. red-limit=60 red-max-threshold=50 red-min-threshold=10
160. set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
161. set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 \
162. pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
163. pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 \
164. pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
165. set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 \
166. pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
167. pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB \
168. pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
169. pcq-total-limit=2000KiB
170. set 7 kind=none name=only-hardware-queue
171. set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
172. set 9 kind=pfifo name=default-small pfifo-limit=10
173. /queue interface
174. set LAN queue=only-hardware-queue
175. set WAN queue=only-hardware-queue
176. /queue simple
177. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
178. disabled=yes limit-at=0/0 max-limit=90M/90M name=queue-limit \
179. packet-marks="" parent=none priority=8/8 queue=\
180. pcq-upload-default/pcq-download-default target=192.168.1.0/24 !time
181. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
182. disabled=no limit-at=99M/99M max-limit=99M/99M name=Macbook packet-marks=\
183. "" parent=none priority=8/8 queue=default-small/default-small target=\
184. 192.168.1.123/32 !time
185. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
186. disabled=no limit-at=99M/99M max-limit=99M/99M name=iPhone_admin \
187. packet-marks="" parent=none priority=8/8 queue=\
188. default-small/default-small target=192.168.1.89/32 !time
189. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
190. disabled=no limit-at=99M/99M max-limit=99M/99M name=iPhone_Nastya \
191. packet-marks="" parent=none priority=8/8 queue=\
192. default-small/default-small target=192.168.1.86/32 !time
193. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
194. disabled=no limit-at=99M/99M max-limit=99M/99M name=iPad_Nastya \
195. packet-marks="" parent=none priority=8/8 queue=\
196. default-small/default-small target=192.168.1.250/32 !time
197. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
198. disabled=no limit-at=99M/99M max-limit=99M/99M name=Aruba packet-marks="" \
199. parent=none priority=8/8 queue=default-small/default-small target=\
200. 192.168.2.1/32 !time
201. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
202. disabled=no limit-at=99M/99M max-limit=99M/99M name=Graylog packet-marks=\
203. "" parent=none priority=8/8 queue=default-small/default-small target=\
204. 192.168.1.98/32 !time
205. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
206. disabled=no limit-at=99M/99M max-limit=99M/99M name=mAP packet-marks="" \
207. parent=none priority=8/8 queue=default-small/default-small target=\
208. 192.168.99.2/32 !time
209. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
210. disabled=no limit-at=99M/99M max-limit=99M/99M name=WinServer \
211. packet-marks="" parent=none priority=8/8 queue=\
212. default-small/default-small target=192.168.1.122/32 !time
213. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
214. disabled=no limit-at=99M/99M max-limit=99M/99M name=Unifi packet-marks="" \
215. parent=none priority=8/8 queue=default-small/default-small target=\
216. 192.168.1.102/32 !time
217. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
218. disabled=no limit-at=99M/99M max-limit=99M/99M name=GeoPC packet-marks="" \
219. parent=none priority=8/8 queue=default-small/default-small target=\
220. 192.168.1.248/32 !time
221. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
222. disabled=no limit-at=99M/99M max-limit=99M/99M name=Dante packet-marks="" \
223. parent=none priority=8/8 queue=default-small/default-small target=\
224. 192.168.1.91/32 !time
225. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
226. disabled=no limit-at=99M/99M max-limit=99M/99M name=Zabbix packet-marks=\
227. "" parent=none priority=8/8 queue=default-small/default-small target=\
228. 192.168.1.87/32 !time
229. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
230. disabled=no limit-at=99M/99M max-limit=99M/99M name=SoftEther \
231. packet-marks="" parent=none priority=8/8 queue=\
232. default-small/default-small target=192.168.1.214/32 !time
233. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
234. disabled=no limit-at=99M/99M max-limit=99M/99M name=TOR packet-marks="" \
235. parent=none priority=8/8 queue=default-small/default-small target=\
236. 192.168.1.217/32 !time
237. add bucket-size=0.1/0.1 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
238. disabled=no limit-at=99M/99M max-limit=99M/99M name=I2P packet-marks="" \
239. parent=none priority=8/8 queue=default-small/default-small target=\
240. 192.168.1.213/32 !time
241. /routing bgp instance
242. set default as=64999 client-to-client-reflection=yes !cluster-id \
243. !confederation disabled=no ignore-as-path-len=yes name=default \
244. out-filter="" redistribute-connected=no redistribute-ospf=no \
245. redistribute-other-bgp=no redistribute-rip=no redistribute-static=no \
246. router-id=172.30.1.2 routing-table=""
247. /routing ospf instance
248. set [ find default=yes ] disabled=no distribute-default=never !domain-id \
249. !domain-tag in-filter=ospf-in metric-bgp=auto metric-connected=20 \
250. metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 \
251. !mpls-te-area !mpls-te-router-id name=default out-filter=ospf-out \
252. redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
253. redistribute-rip=no redistribute-static=no router-id=0.0.0.0 \
254. !routing-table !use-dn
255. /routing ospf area
256. set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
257. backbone type=default
258. /routing ospf-v3 instance
259. set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto \
260. metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
261. metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
262. no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
263. router-id=0.0.0.0
264. /routing ospf-v3 area
265. set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
266. backbone type=default
267. /snmp community
268. set [ find default=yes ] addresses=0.0.0.0/0 authentication-protocol=MD5 \
269. encryption-protocol=DES name=public read-access=yes security=none \
270. write-access=no
271. /system logging action
272. set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
273. set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
274. disk-stop-on-full=no name=disk target=disk
275. set 2 name=echo remember=yes target=echo
276. set 3 bsd-syslog=no name=remote remote=127.0.0.1 remote-port=514 src-address=\
277. 127.0.0.1 syslog-facility=daemon syslog-severity=auto syslog-time-format=\
278. bsd-syslog target=remote
279. add email-start-tls=yes email-to=zaken.zak@gmail.com name=emailWIN target=\
280. email
281. add email-start-tls=yes email-to=zaken.zak@gmail.com name=emailBadList \
282. target=email
283. add bsd-syslog=no name=syslog remote=192.168.1.98 remote-port=514 \
284. src-address=0.0.0.0 syslog-facility=syslog syslog-severity=auto \
285. syslog-time-format=bsd-syslog target=remote
286. /user group
287. set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
288. eb,sniff,sensitive,api,romon,tikapp,!ftp,!write,!policy,!dude" skin=\
289. default
290. set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
291. ssword,web,sniff,sensitive,api,romon,tikapp,!ftp,!policy,!dude" skin=\
292. default
293. set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
294. winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" skin=default
295. /caps-man aaa
296. set interim-update=disabled mac-caching=disabled mac-format=XX:XX:XX:XX:XX:XX \
297. mac-mode=as-username
298. /caps-man manager
299. set ca-certificate=none certificate=none enabled=no package-path="" \
300. require-peer-certificate=no upgrade-policy=none
301. /caps-man manager interface
302. set [ find default=yes ] disabled=no forbid=no interface=all
303. /certificate settings
304. set crl-download=yes crl-store=system crl-use=yes
305. /interface bridge settings
306. set allow-fast-path=no use-ip-firewall=no use-ip-firewall-for-pppoe=no \
307. use-ip-firewall-for-vlan=no
308. /ip firewall connection tracking
309. set enabled=auto generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
310. tcp-close-wait-timeout=10s tcp-established-timeout=1d \
311. tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
312. tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
313. tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m \
314. udp-stream-timeout=3m udp-timeout=10s
315. /ip neighbor discovery-settings
316. set discover-interface-list=!dynamic
317. /ip settings
318. set accept-redirects=no accept-source-route=no allow-fast-path=yes \
319. arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
320. max-neighbor-entries=8192 route-cache=yes rp-filter=no secure-redirects=\
321. yes send-redirects=yes tcp-syncookies=no
322. /ipv6 settings
323. set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
324. yes-if-forwarding-disabled forward=yes max-neighbor-entries=8192
325. /interface detect-internet
326. set detect-interface-list=none internet-interface-list=none \
327. lan-interface-list=none wan-interface-list=none
328. /interface l2tp-server server
329. set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 \
330. caller-id-type=ip-address default-profile=l2tp_Provile enabled=no \
331. keepalive-timeout=30 max-mru=1450 max-mtu=1450 max-sessions=unlimited \
332. mrru=disabled one-session-per-host=no use-ipsec=no
333. /interface list member
334. add disabled=no interface=WAN list=ISP
335. add disabled=no list=ISP
336. add disabled=no interface=aws1 list=AWS
337. add disabled=no interface=aws2 list=AWS
338. add disabled=no list=ISP
339. /interface ovpn-server server
340. set auth=sha1,md5 cipher=blowfish128,aes128 default-profile=default enabled=\
341. no keepalive-timeout=60 mac-address=FE:F3:B3:18:84:1D max-mtu=1500 mode=\
342. ip netmask=24 port=1194 require-client-certificate=no
343. /interface pptp-server server
344. set authentication=pap,chap,mschap1,mschap2 default-profile=l2tp_Provile \
345. enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
346. /interface sstp-server server
347. set authentication=mschap2 certificate=none default-profile=l2tp_Provile \
348. enabled=yes force-aes=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 \
349. mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=\
350. no
351. /interface wireless align
352. set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
353. 00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
354. frames-per-second=25 receive-all=no ssid-all=no
355. /interface wireless cap
356. set bridge=none caps-man-addresses="" caps-man-certificate-common-names="" \
357. caps-man-names="" certificate=none discovery-interfaces="" enabled=no \
358. interfaces="" lock-to-caps-man=no static-virtual=no
359. /interface wireless sniffer
360. set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
361. multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
362. no streaming-max-rate=0 streaming-server=0.0.0.0
363. /interface wireless snooper
364. set channel-time=200ms multiple-channels=yes receive-errors=no
365. /ip accounting
366. set account-local-traffic=no enabled=no threshold=256
367. /ip accounting web-access
368. set accessible-via-web=no address=0.0.0.0/0
369. /ip address
370. add address=192.168.1.1/24 disabled=no interface=LAN network=192.168.1.0
371. add address=172.16.255.1/30 disabled=no interface=gre-tunnel1 network=\
372. 172.16.255.0
373. add address=172.31.184.254/32 disabled=no interface=lo0 network=\
374. 172.31.184.254
375. /ip dhcp-client
376. add add-default-route=yes default-route-distance=1 dhcp-options="" disabled=\
377. no interface=WAN use-peer-dns=no use-peer-ntp=yes
378. /ip dhcp-server config
379. set store-leases-disk=5m
380. /ip dhcp-server lease
381. add address=192.168.1.123 address-lists="" always-broadcast=yes client-id=\
382. 1:ac:bc:32:9f:1b:d5 dhcp-option="" disabled=no !insert-queue-before \
383. mac-address=AC:BC:32:9F:1B:D5 server=dhcp1
384. add address=192.168.1.248 address-lists="" always-broadcast=yes client-id=\
385. 1:dc:85:de:8a:e8:33 dhcp-option="" disabled=no !insert-queue-before \
386. mac-address=DC:85:DE:8A:E8:33 server=dhcp1
387. add address=192.168.1.220 address-lists="" client-id=1:a0:e4:53:eb:c7:5b \
388. dhcp-option="" disabled=no !insert-queue-before mac-address=\
389. A0:E4:53:EB:C7:5B server=dhcp1
390. add address=192.168.1.250 address-lists="" always-broadcast=yes client-id=\
391. 1:34:c0:59:58:95:68 dhcp-option="" disabled=no !insert-queue-before \
392. mac-address=34:C0:59:58:95:68 server=dhcp1
393. add address=192.168.1.208 address-lists="" dhcp-option="" disabled=no \
394. !insert-queue-before mac-address=00:0C:29:75:BD:3B server=dhcp1
395. add address=192.168.1.205 address-lists="" dhcp-option="" disabled=no \
396. !insert-queue-before mac-address=00:0C:29:B2:20:FE server=dhcp1
397. add address=192.168.1.202 address-lists="" dhcp-option="" disabled=no \
398. !insert-queue-before mac-address=00:0C:29:6B:65:53 server=dhcp1
399. add address=192.168.1.109 address-lists="" always-broadcast=yes client-id=\
400. 1:58:48:22:fc:2c:7b dhcp-option="" disabled=no !insert-queue-before \
401. mac-address=58:48:22:FC:2C:7B server=dhcp1
402. add address=192.168.1.122 address-lists="" dhcp-option="" disabled=no \
403. !insert-queue-before mac-address=00:0C:29:C2:E0:03 server=dhcp1
404. add address=192.168.1.10 address-lists="" always-broadcast=yes dhcp-option="" \
405. disabled=yes !insert-queue-before mac-address=5C:CF:7F:78:29:D2 server=\
406. dhcp1
407. add address=192.168.1.95 address-lists="" always-broadcast=yes dhcp-option="" \
408. disabled=no !insert-queue-before mac-address=68:C6:3A:9E:E2:D9 server=\
409. dhcp1
410. add address=192.168.1.217 address-lists="" dhcp-option="" disabled=no \
411. !insert-queue-before mac-address=00:0C:29:8F:02:C6
412. add address=192.168.1.213 address-lists="" dhcp-option="" disabled=no \
413. !insert-queue-before mac-address=00:0C:29:70:B9:F9 server=dhcp1
414. add address=192.168.1.214 address-lists="" dhcp-option="" disabled=no \
415. !insert-queue-before mac-address=00:0C:29:00:AC:AD
416. add address=192.168.1.200 address-lists="" dhcp-option="" disabled=no \
417. !insert-queue-before mac-address=00:0C:29:A2:A6:33
418. add address=192.168.1.102 address-lists="" dhcp-option="" disabled=no \
419. !insert-queue-before mac-address=00:0C:29:C3:0D:EC server=dhcp1
420. add address=192.168.1.91 address-lists="" dhcp-option="" disabled=no \
421. !insert-queue-before mac-address=00:0C:29:A5:3F:5B server=dhcp1
422. add address=192.168.1.87 address-lists="" dhcp-option="" disabled=no \
423. !insert-queue-before mac-address=00:0C:29:F8:C0:40 server=dhcp1
424. add address=192.168.1.98 address-lists="" dhcp-option="" disabled=no \
425. !insert-queue-before mac-address=00:0C:29:66:3F:90 server=dhcp1
426. add address=192.168.1.86 address-lists="" always-broadcast=yes client-id=\
427. 1:40:33:1a:4e:56:c6 dhcp-option="" disabled=no !insert-queue-before \
428. mac-address=40:33:1A:4E:56:C6 server=dhcp1
429. add address=192.168.1.80 address-lists="" dhcp-option="" disabled=no \
430. !insert-queue-before mac-address=00:0C:29:35:66:BB server=dhcp1
431. add address=192.168.1.76 address-lists="" always-broadcast=yes client-id=\
432. 1:2c:f0:a2:6d:66:4d dhcp-option="" disabled=no !insert-queue-before \
433. mac-address=2C:F0:A2:6D:66:4D server=dhcp1
434. add address=192.168.1.74 address-lists="" dhcp-option="" disabled=no \
435. !insert-queue-before mac-address=00:0C:29:C0:24:7C server=dhcp1
436. /ip dhcp-server network
437. add address=192.168.1.0/24 caps-manager="" dhcp-option=unifi dns-server=\
438. 192.168.1.1 gateway=192.168.1.1 netmask=24 ntp-server="" wins-server=""
439. /ip dns
440. set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
441. max-concurrent-queries=100 max-concurrent-tcp-sessions=20 \
442. max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
443. servers=192.168.1.74
444. /ip firewall address-list
445. add address=34.207.241.193 disabled=no list=AcceptKnocking
446. add address=188.94.227.190 disabled=no list=AcceptKnocking
447. add address=91.211.104.130 disabled=no list=AcceptKnocking
448. add address=176.125.114.225 disabled=no list=AcceptKnocking
449. add address=0.0.0.0/8 disabled=no list=BOGONS
450. add address=10.0.0.0/8 disabled=yes list=BOGONS
451. add address=100.64.0.0/10 disabled=no list=BOGONS
452. add address=127.0.0.0/8 disabled=no list=BOGONS
453. add address=169.254.0.0/16 disabled=no list=BOGONS
454. add address=172.16.0.0/12 disabled=no list=BOGONS
455. add address=192.0.0.0/24 disabled=no list=BOGONS
456. add address=192.0.2.0/24 disabled=no list=BOGONS
457. add address=192.168.0.0/16 disabled=no list=BOGONS
458. add address=198.18.0.0/15 disabled=no list=BOGONS
459. add address=198.51.100.0/24 disabled=no list=BOGONS
460. add address=203.0.113.0/24 disabled=no list=BOGONS
461. add address=224.0.0.0/3 disabled=no list=BOGONS
462. add address=aws.XXX.ru disabled=no list=dst/Yota
463. add address=aws2.XXX.ru disabled=no list=dst/Beeline
464. add address=192.168.1.200 disabled=no list=via/Yota
465. add address=192.168.1.3 disabled=no list=Prohibit-Internet
466. add address=8.8.8.8 comment=on disabled=no list=netwatch_8888
467. add address=8.8.4.4 comment=on disabled=no list=netwatch_8844
468. add address=13.59.216.101 comment=on disabled=no list=netwatch_AWS2
469. add address=34.207.241.193 comment=on disabled=no list=netwatch_AWS
470. add address=192.168.23.167 comment=off disabled=no list=netwatch_yuraBPriem
471. add address=8.8.4.4 comment=off disabled=no list=netwatch_Testconecction
472. add address=192.168.2.1 comment=off disabled=no list=netwatch_Yota
473. add address=192.168.3.1 comment=on disabled=no list=netwatch_BeelineStick
474. add address=95.189.98.154 disabled=no list=AcceptKnocking
475. add address=192.168.1.91 disabled=yes list=via/HE
476. add address=149.154.164.0/22 comment=Telegram disabled=no list=rkn
477. add address=91.108.8.0/22 comment=Telegram disabled=no list=rkn
478. add address=91.108.56.0/23 comment=Telegram disabled=no list=rkn
479. add address=149.154.160.0/20 comment=Telegram disabled=no list=rkn
480. add address=91.108.12.0/22 comment=Telegram disabled=no list=rkn
481. add address=149.154.172.0/22 comment=Telegram disabled=no list=rkn
482. add address=91.108.4.0/22 comment=Telegram disabled=no list=rkn
483. add address=91.108.16.0/22 comment=Telegram disabled=no list=rkn
484. add address=149.154.168.0/22 comment=Telegram disabled=no list=rkn
485. add address=91.108.20.0/22 comment=Telegram disabled=no list=rkn
486. add address=67.198.55.0/24 comment=Telegram disabled=no list=rkn
487. add address=109.239.140.0/24 comment=Telegram disabled=no list=rkn
488. add address=78.31.8.0/22 comment=spotify.com disabled=no list=rkn
489. add address=193.182.8.0/21 comment=spotify.com disabled=no list=rkn
490. add address=194.68.28.0/22 comment=spotify.com disabled=no list=rkn
491. add address=193.235.32.0/24 comment=spotify.com disabled=no list=rkn
492. add address=193.235.203.0/24 comment=spotify.com disabled=no list=rkn
493. add address=193.235.206.0/24 comment=spotify.com disabled=no list=rkn
494. add address=108.174.2.0/24 comment=LinkedIn disabled=no list=rkn
495. add address=108.174.3.0/24 comment=LinkedIn disabled=no list=rkn
496. add address=108.174.4.0/24 comment=LinkedIn disabled=no list=rkn
497. add address=108.174.5.0/24 comment=LinkedIn disabled=no list=rkn
498. add address=108.174.6.0/24 comment=LinkedIn disabled=no list=rkn
499. add address=108.174.7.0/24 comment=LinkedIn disabled=no list=rkn
500. add address=8.39.61.0/24 comment=LinkedIn disabled=no list=rkn
501. add address=144.2.223.0/24 comment=LinkedIn disabled=no list=rkn
502. add address=216.200.149.0/24 comment=LinkedIn disabled=no list=rkn
503. add address=91.225.250.0/24 comment=LinkedIn disabled=no list=rkn
504. add address=91.225.248.0/24 comment=LinkedIn disabled=no list=rkn
505. add address=91.225.249.0/24 comment=LinkedIn disabled=no list=rkn
506. add address=8.22.161.0/24 comment=LinkedIn disabled=no list=rkn
507. add address=64.152.25.0/24 comment=LinkedIn disabled=no list=rkn
508. add address=103.20.94.0/24 comment=LinkedIn disabled=no list=rkn
509. add address=103.20.95.0/24 comment=LinkedIn disabled=no list=rkn
510. add address=108.174.0.0/24 comment=LinkedIn disabled=no list=rkn
511. add address=108.174.1.0/24 comment=LinkedIn disabled=no list=rkn
512. add address=108.174.8.0/24 comment=LinkedIn disabled=no list=rkn
513. add address=108.174.9.0/24 comment=LinkedIn disabled=no list=rkn
514. add address=108.174.10.0/24 comment=LinkedIn disabled=no list=rkn
515. add address=108.174.11.0/24 comment=LinkedIn disabled=no list=rkn
516. add address=108.174.12.0/24 comment=LinkedIn disabled=no list=rkn
517. add address=108.174.13.0/24 comment=LinkedIn disabled=no list=rkn
518. add address=144.2.0.0/24 comment=LinkedIn disabled=no list=rkn
519. add address=144.2.1.0/24 comment=LinkedIn disabled=no list=rkn
520. add address=144.2.2.0/24 comment=LinkedIn disabled=no list=rkn
521. add address=144.2.3.0/24 comment=LinkedIn disabled=no list=rkn
522. add address=144.2.192.0/24 comment=LinkedIn disabled=no list=rkn
523. add address=144.2.193.0/24 comment=LinkedIn disabled=no list=rkn
524. add address=144.2.194.0/24 comment=LinkedIn disabled=no list=rkn
525. add address=144.2.195.0/24 comment=LinkedIn disabled=no list=rkn
526. add address=185.63.144.0/24 comment=LinkedIn disabled=no list=rkn
527. add address=185.63.145.0/24 comment=LinkedIn disabled=no list=rkn
528. add address=185.63.147.0/24 comment=LinkedIn disabled=no list=rkn
529. add address=199.101.161.0/24 comment=LinkedIn disabled=no list=rkn
530. add address=8.39.53.0/24 comment=LinkedIn disabled=no list=rkn
531. add address=65.156.227.0/24 comment=LinkedIn disabled=no list=rkn
532. add address=216.52.16.0/24 comment=LinkedIn disabled=no list=rkn
533. add address=216.52.17.0/24 comment=LinkedIn disabled=no list=rkn
534. add address=216.52.18.0/24 comment=LinkedIn disabled=no list=rkn
535. add address=216.52.20.0/24 comment=LinkedIn disabled=no list=rkn
536. add address=216.52.21.0/24 comment=LinkedIn disabled=no list=rkn
537. add address=216.52.22.0/24 comment=LinkedIn disabled=no list=rkn
538. add address=202.4.184.0/24 comment=LinkedIn disabled=no list=rkn
539. add address=13.125.0.0/16 comment=Fuck_RKN disabled=no list=rkn
540. add address=13.56.0.0/14 comment=Fuck_RKN disabled=no list=rkn
541. add address=18.130.0.0/16 comment=Fuck_RKN disabled=no list=rkn
542. add address=18.184.0.0/15 comment=Fuck_RKN disabled=no list=rkn
543. add address=18.194.0.0/15 comment=Fuck_RKN disabled=no list=rkn
544. add address=18.196.0.0/15 comment=Fuck_RKN disabled=no list=rkn
545. add address=34.192.0.0/10 comment=Fuck_RKN disabled=no list=rkn
546. add address=34.240.0.0/13 comment=Fuck_RKN disabled=no list=rkn
547. add address=34.248.0.0/13 comment=Fuck_RKN disabled=no list=rkn
548. add address=35.156.0.0/14 comment=Fuck_RKN disabled=no list=rkn
549. add address=35.160.0.0/13 comment=Fuck_RKN disabled=no list=rkn
550. add address=35.178.0.0/15 comment=Fuck_RKN disabled=no list=rkn
551. add address=35.180.0.0/16 comment=Fuck_RKN disabled=no list=rkn
552. add address=35.184.0.0/13 comment=Fuck_RKN disabled=no list=rkn
553. add address=35.192.0.0/12 comment=Fuck_RKN disabled=no list=rkn
554. add address=35.208.0.0/12 comment=Fuck_RKN disabled=no list=rkn
555. add address=35.224.0.0/12 comment=Fuck_RKN disabled=no list=rkn
556. add address=52.192.0.0/11 comment=Fuck_RKN disabled=no list=rkn
557. add address=52.56.0.0/16 comment=Fuck_RKN disabled=no list=rkn
558. add address=52.57.0.0/16 comment=Fuck_RKN disabled=no list=rkn
559. add address=52.58.0.0/15 comment=Fuck_RKN disabled=no list=rkn
560. add address=52.64.0.0/12 comment=Fuck_RKN disabled=no list=rkn
561. add address=54.144.0.0/12 comment=Fuck_RKN disabled=no list=rkn
562. add address=54.160.0.0/12 comment=Fuck_RKN disabled=no list=rkn
563. add address=54.228.0.0/15 comment=Fuck_RKN disabled=no list=rkn
564. add address=68.171.224.0/19 comment=Fuck_RKN disabled=no list=rkn
565. add address=74.82.64.0/19 comment=Fuck_RKN disabled=no list=rkn
566. add address=91.108.56.0/22 comment=Fuck_RKN disabled=no list=rkn
567. add address=103.246.200.0/22 comment=Fuck_RKN disabled=no list=rkn
568. add address=149.154.160.0/22 comment=Fuck_RKN disabled=no list=rkn
569. add address=178.239.88.0/21 comment=Fuck_RKN disabled=no list=rkn
570. add address=203.104.128.0/20 comment=Fuck_RKN disabled=no list=rkn
571. add address=203.104.144.0/21 comment=Fuck_RKN disabled=no list=rkn
572. add address=203.104.152.0/22 comment=Fuck_RKN disabled=no list=rkn
573. add address=178.62.9.171 comment=Fuck_RKN disabled=no list=rkn
574. add address=2ip.ru comment="Just for testing" disabled=yes list=rkn
575. add address=13.230.0.0/15 comment="Fuck RKN" disabled=no list=rkn
576. add address=18.144.0.0/16 comment="Fuck RKN" disabled=no list=rkn
577. add address=18.204.0.0/14 comment="Fuck RKN" disabled=no list=rkn
578. add address=18.218.0.0/16 comment="Fuck RKN" disabled=no list=rkn
579. add address=18.236.0.0/15 comment="Fuck RKN" disabled=no list=rkn
580. add address=23.251.128.0/19 comment="Fuck RKN" disabled=no list=rkn
581. add address=35.176.0.0/15 comment="Fuck RKN" disabled=no list=rkn
582. add address=45.76.82.0/23 comment="Fuck RKN" disabled=no list=rkn
583. add address=46.101.128.0/17 comment="Fuck RKN" disabled=no list=rkn
584. add address=47.91.64.0/19 comment="Fuck RKN" disabled=no list=rkn
585. add address=51.136.0.0/15 comment="Fuck RKN" disabled=no list=rkn
586. add address=51.15.0.0/16 comment="Fuck RKN" disabled=no list=rkn
587. add address=52.32.0.0/16 comment="Fuck RKN" disabled=no list=rkn
588. add address=54.212.0.0/15 comment="Fuck RKN" disabled=no list=rkn
589. add address=54.64.0.0/13 comment="Fuck RKN" disabled=no list=rkn
590. add address=64.137.0.0/17 comment="Fuck RKN" disabled=no list=rkn
591. add address=91.121.0.0/16 comment="Fuck RKN" disabled=no list=rkn
592. add address=94.177.224.0/21 comment="Fuck RKN" disabled=no list=rkn
593. add address=98.158.176.0/20 comment="Fuck RKN" disabled=no list=rkn
594. add address=128.199.0.0/16 comment="Fuck RKN" disabled=no list=rkn
595. add address=139.59.0.0/16 comment="Fuck RKN" disabled=no list=rkn
596. add address=159.122.128.0/18 comment="Fuck RKN" disabled=no list=rkn
597. add address=159.203.0.0/16 comment="Fuck RKN" disabled=no list=rkn
598. add address=159.65.0.0/16 comment="Fuck RKN" disabled=no list=rkn
599. add address=159.89.0.0/16 comment="Fuck RKN" disabled=no list=rkn
600. add address=165.227.0.0/16 comment="Fuck RKN" disabled=no list=rkn
601. add address=167.99.0.0/16 comment="Fuck RKN" disabled=no list=rkn
602. add address=174.104.0.0/15 comment="Fuck RKN" disabled=no list=rkn
603. add address=174.138.0.0/17 comment="Fuck RKN" disabled=no list=rkn
604. add address=176.67.169.0/24 comment="Fuck RKN" disabled=no list=rkn
605. add address=178.63.0.0/16 comment="Fuck RKN" disabled=no list=rkn
606. add address=185.166.212.0/23 comment="Fuck RKN" disabled=no list=rkn
607. add address=185.229.227.0/24 comment="Fuck RKN" disabled=no list=rkn
608. add address=188.166.0.0/17 comment="Fuck RKN" disabled=no list=rkn
609. add address=195.154.0.0/17 comment="Fuck RKN" disabled=no list=rkn
610. add address=206.189.0.0/16 comment="Fuck RKN" disabled=no list=rkn
611. /ip firewall filter
612. add action=passthrough chain="Add Accept --->" !connection-bytes \
613. !connection-limit !connection-mark !connection-nat-state !connection-rate \
614. !connection-state !connection-type !content disabled=no !dscp \
615. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
616. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
617. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
618. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
619. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
620. !packet-mark !packet-size !per-connection-classifier !port !priority \
621. !protocol !psd !random !routing-mark !routing-table !src-address \
622. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
623. !tcp-mss !time !ttl
624. add action=accept chain=input !connection-bytes !connection-limit \
625. !connection-mark !connection-nat-state !connection-rate !connection-state \
626. !connection-type !content disabled=no !dscp !dst-address \
627. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
628. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
629. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
630. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
631. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
632. !packet-size !per-connection-classifier !port !priority protocol=igmp \
633. !psd !random !routing-mark !routing-table !src-address !src-address-list \
634. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
635. !tls-host !ttl
636. add action=accept chain=input !connection-bytes !connection-limit \
637. !connection-mark !connection-nat-state !connection-rate !connection-state \
638. !connection-type !content disabled=no !dscp !dst-address \
639. !dst-address-list !dst-address-type !dst-limit dst-port=5050 !fragment \
640. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
641. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
642. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
643. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
644. !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
645. !random !routing-mark !routing-table !src-address !src-address-list \
646. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
647. !tls-host !ttl
648. add action=accept chain=input !connection-bytes !connection-limit \
649. !connection-mark !connection-nat-state !connection-rate !connection-state \
650. !connection-type !content disabled=no !dscp !dst-address \
651. !dst-address-list !dst-address-type !dst-limit dst-port=443 !fragment \
652. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
653. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
654. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
655. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
656. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
657. !random !routing-mark !routing-table !src-address !src-address-list \
658. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
659. !tls-host !ttl
660. add action=accept chain=input !connection-bytes !connection-limit \
661. !connection-mark !connection-nat-state !connection-rate !connection-state \
662. !connection-type !content disabled=no !dscp !dst-address \
663. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
664. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
665. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
666. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
667. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
668. !packet-size !per-connection-classifier !port !priority protocol=icmp \
669. !psd !random !routing-mark !routing-table !src-address !src-address-list \
670. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
671. !tls-host !ttl
672. add action=drop chain=input !connection-bytes !connection-limit \
673. !connection-mark !connection-nat-state !connection-rate connection-state=\
674. invalid !connection-type !content disabled=no !dscp !dst-address \
675. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
676. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
677. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
678. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
679. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
680. !packet-size !per-connection-classifier !port !priority !protocol !psd \
681. !random !routing-mark !routing-table !src-address !src-address-list \
682. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
683. !tls-host !ttl
684. add action=accept chain=input !connection-bytes !connection-limit \
685. !connection-mark !connection-nat-state !connection-rate connection-state=\
686. established,related !connection-type !content disabled=no !dscp \
687. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
688. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
689. !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
690. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
691. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
692. !packet-mark !packet-size !per-connection-classifier !port !priority \
693. !protocol !psd !random !routing-mark !routing-table !src-address \
694. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
695. !tcp-mss !time !tls-host !ttl
696. add action=accept chain=input !connection-bytes !connection-limit \
697. !connection-mark !connection-nat-state !connection-rate !connection-state \
698. !connection-type !content disabled=no !dscp !dst-address \
699. !dst-address-list !dst-address-type !dst-limit dst-port=8295 !fragment \
700. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
701. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
702. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
703. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
704. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
705. !random !routing-mark !routing-table !src-address src-address-list=\
706. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-flags \
707. !tcp-mss !time !ttl
708. add action=add-src-to-address-list address-list=AcceptKnocking \
709. address-list-timeout=1h chain=input !connection-bytes !connection-limit \
710. !connection-mark !connection-nat-state !connection-rate !connection-state \
711. !connection-type !content disabled=no !dscp !dst-address \
712. !dst-address-list !dst-address-type !dst-limit dst-port=65444 !fragment \
713. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
714. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
715. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
716. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
717. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
718. !random !routing-mark !routing-table !src-address src-address-list=\
719. AcceptKnocking_st3 !src-address-type !src-mac-address !src-port \
720. !tcp-flags !tcp-mss !time !ttl
721. add action=add-src-to-address-list address-list=AcceptKnocking_st3 \
722. address-list-timeout=none-dynamic chain=input !connection-bytes \
723. !connection-limit !connection-mark !connection-nat-state !connection-rate \
724. !connection-state !connection-type !content disabled=no !dscp \
725. !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=9888 \
726. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
727. !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
728. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
729. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
730. !packet-mark !packet-size !per-connection-classifier !port !priority \
731. protocol=tcp !psd !random !routing-mark !routing-table !src-address \
732. src-address-list=AcceptKnocking_st2 !src-address-type !src-mac-address \
733. !src-port !tcp-flags !tcp-mss !time !ttl
734. add action=add-src-to-address-list address-list=AcceptKnocking_st2 \
735. address-list-timeout=1m chain=input !connection-bytes !connection-limit \
736. !connection-mark !connection-nat-state !connection-rate !connection-state \
737. !connection-type !content disabled=no !dscp !dst-address \
738. !dst-address-list !dst-address-type !dst-limit dst-port=8889 !fragment \
739. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
740. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
741. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
742. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
743. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
744. !random !routing-mark !routing-table !src-address src-address-list=\
745. AcceptKnocking_st1 !src-address-type !src-mac-address !src-port \
746. !tcp-flags !tcp-mss !time !ttl
747. add action=add-src-to-address-list address-list=AcceptKnocking_st1 \
748. address-list-timeout=1m chain=input !connection-bytes !connection-limit \
749. !connection-mark !connection-nat-state !connection-rate !connection-state \
750. !connection-type !content disabled=no !dscp !dst-address \
751. !dst-address-list !dst-address-type !dst-limit dst-port=8888 !fragment \
752. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
753. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
754. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
755. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
756. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
757. !random !routing-mark !routing-table !src-address !src-address-list \
758. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
759. !ttl
760. add action=accept chain=input comment=adblock_helper !connection-bytes \
761. !connection-limit !connection-mark !connection-nat-state !connection-rate \
762. connection-state=established,related !connection-type !content disabled=\
763. no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
764. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
765. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
766. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
767. !nth !out-bridge-port !out-bridge-port-list !out-interface \
768. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
769. !port !priority !protocol !psd !random !routing-mark !routing-table \
770. !src-address !src-address-list !src-address-type !src-mac-address \
771. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
772. add action=reject chain=input comment=adblock_helper !connection-bytes \
773. !connection-limit !connection-mark !connection-nat-state !connection-rate \
774. !connection-state !connection-type !content disabled=no !dscp \
775. !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=\
776. 80,443 !fragment !hotspot !icmp-options !in-bridge-port \
777. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
778. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
779. !nth !out-bridge-port !out-bridge-port-list !out-interface \
780. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
781. !port !priority protocol=tcp !psd !random reject-with=tcp-reset \
782. !routing-mark !routing-table !src-address !src-address-list \
783. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
784. !tls-host !ttl
785. add action=passthrough chain="Add Accept <---" !connection-bytes \
786. !connection-limit !connection-mark !connection-nat-state !connection-rate \
787. !connection-state !connection-type !content disabled=no !dscp \
788. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
789. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
790. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
791. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
792. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
793. !packet-mark !packet-size !per-connection-classifier !port !priority \
794. !protocol !psd !random !routing-mark !routing-table !src-address \
795. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
796. !tcp-mss !time !tls-host !ttl
797. add action=drop chain=input !connection-bytes !connection-limit \
798. !connection-mark !connection-nat-state !connection-rate !connection-state \
799. !connection-type !content disabled=no !dscp !dst-address \
800. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
801. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
802. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
803. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
804. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
805. !packet-size !per-connection-classifier !port !priority !protocol !psd \
806. !random !routing-mark !routing-table !src-address !src-address-list \
807. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
808. !tls-host !ttl
809. add action=drop chain=forward !connection-bytes !connection-limit \
810. !connection-mark !connection-nat-state !connection-rate connection-state=\
811. invalid !connection-type !content disabled=no !dscp !dst-address \
812. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
813. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
814. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
815. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
816. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
817. !packet-size !per-connection-classifier !port !priority !protocol !psd \
818. !random !routing-mark !routing-table !src-address !src-address-list \
819. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
820. !tls-host !ttl
821. add action=reject chain=forward comment=Prohibit-Internet !connection-bytes \
822. !connection-limit !connection-mark !connection-nat-state !connection-rate \
823. !connection-state !connection-type !content disabled=no !dscp \
824. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
825. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
826. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
827. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
828. !out-bridge-port !out-bridge-port-list !out-interface out-interface-list=\
829. ISP !packet-mark !packet-size !per-connection-classifier !port !priority \
830. protocol=tcp !psd !random reject-with=tcp-reset !routing-mark \
831. !routing-table !src-address src-address-list=Prohibit-Internet \
832. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
833. !tls-host !ttl
834. add action=reject chain=forward comment=Prohibit-Internet !connection-bytes \
835. !connection-limit !connection-mark !connection-nat-state !connection-rate \
836. !connection-state !connection-type !content disabled=no !dscp \
837. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
838. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
839. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
840. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
841. !out-bridge-port !out-bridge-port-list !out-interface out-interface-list=\
842. ISP !packet-mark !packet-size !per-connection-classifier !port !priority \
843. !protocol !psd !random reject-with=icmp-admin-prohibited !routing-mark \
844. !routing-table !src-address src-address-list=Prohibit-Internet \
845. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
846. !tls-host !ttl
847. add action=accept chain=forward !connection-bytes !connection-limit \
848. !connection-mark !connection-nat-state !connection-rate connection-state=\
849. established,related !connection-type !content disabled=no !dscp \
850. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
851. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
852. !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
853. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
854. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
855. !packet-mark !packet-size !per-connection-classifier !port !priority \
856. !protocol !psd !random !routing-mark !routing-table !src-address \
857. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
858. !tcp-mss !time !tls-host !ttl
859. add action=accept chain=forward !connection-bytes !connection-limit \
860. !connection-mark connection-nat-state=dstnat !connection-rate \
861. !connection-state !connection-type !content disabled=no !dscp \
862. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
863. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
864. !in-interface in-interface-list=ISP !ingress-priority !ipsec-policy \
865. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
866. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
867. !packet-mark !packet-size !per-connection-classifier !port !priority \
868. !protocol !psd !random !routing-mark !routing-table !src-address \
869. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
870. !tcp-mss !time !tls-host !ttl
871. add action=drop chain=forward !connection-bytes !connection-limit \
872. !connection-mark !connection-nat-state !connection-rate !connection-state \
873. !connection-type !content disabled=no !dscp !dst-address \
874. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
875. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
876. in-interface-list=ISP !ingress-priority !ipsec-policy !ipv4-options \
877. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
878. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
879. !packet-size !per-connection-classifier !port !priority !protocol !psd \
880. !random !routing-mark !routing-table !src-address !src-address-list \
881. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
882. !tls-host !ttl
883. add action=drop chain=input comment="Ping block" !connection-bytes \
884. !connection-limit !connection-mark !connection-nat-state !connection-rate \
885. !connection-state !connection-type !content disabled=yes !dscp \
886. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
887. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
888. in-interface=WAN !in-interface-list !ingress-priority !ipsec-policy \
889. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
890. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
891. !packet-mark !packet-size !per-connection-classifier !port !priority \
892. protocol=icmp !psd !random !routing-mark !routing-table !src-address \
893. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
894. !tcp-mss !time !ttl
895. add action=drop chain=input comment="Port blocking block" !connection-bytes \
896. !connection-limit !connection-mark !connection-nat-state !connection-rate \
897. !connection-state !connection-type !content disabled=yes !dscp \
898. !dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 \
899. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
900. in-interface=WAN !in-interface-list !ingress-priority !ipsec-policy \
901. !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth \
902. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
903. !packet-mark !packet-size !per-connection-classifier !port !priority \
904. protocol=udp !psd !random !routing-mark !routing-table !src-address \
905. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
906. !tcp-mss !time !ttl
907. add action=drop chain=input !connection-bytes !connection-limit \
908. !connection-mark !connection-nat-state !connection-rate !connection-state \
909. !connection-type !content disabled=yes !dscp !dst-address \
910. !dst-address-list !dst-address-type !dst-limit dst-port=53 !fragment \
911. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
912. WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
913. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
914. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
915. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
916. !random !routing-mark !routing-table !src-address !src-address-list \
917. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
918. !ttl
919. add action=accept chain=forward !connection-bytes !connection-limit \
920. !connection-mark !connection-nat-state !connection-rate !connection-state \
921. !connection-type !content disabled=yes !dscp !dst-address \
922. !dst-address-list !dst-address-type !dst-limit !dst-port !fragment \
923. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
924. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
925. !layer7-protocol !limit log=yes log-prefix=ESXI !nth !out-bridge-port \
926. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
927. !packet-size !per-connection-classifier !port !priority !protocol !psd \
928. !random !routing-mark !routing-table src-address=192.168.1.3 \
929. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
930. !tcp-mss !time !tls-host !ttl
931. /ip firewall mangle
932. add action=passthrough chain="Not Edit and Not Mixer ----->"
933. add action=mark-connection chain=prerouting !connection-bytes \
934. !connection-limit connection-mark=no-mark !connection-nat-state \
935. !connection-rate connection-state=new !connection-type !content disabled=\
936. no !dscp dst-address=192.168.1.91 !dst-address-list !dst-address-type \
937. !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
938. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
939. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
940. new-connection-mark=todante !nth !out-bridge-port !out-bridge-port-list \
941. !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
942. yes !per-connection-classifier !port !priority !protocol !psd !random \
943. !routing-mark !routing-table !src-address !src-address-list \
944. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
945. !tls-host !ttl
946. add action=mark-connection chain=prerouting !connection-bytes \
947. !connection-limit connection-mark=no-mark !connection-nat-state \
948. !connection-rate connection-state=new !connection-type !content disabled=\
949. no !dscp dst-address=192.168.1.80 !dst-address-list !dst-address-type \
950. !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
951. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
952. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
953. new-connection-mark=todante !nth !out-bridge-port !out-bridge-port-list \
954. !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
955. yes !per-connection-classifier !port !priority !protocol !psd !random \
956. !routing-mark !routing-table !src-address !src-address-list \
957. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
958. !tls-host !ttl
959. add action=mark-connection chain=prerouting !connection-bytes \
960. !connection-limit connection-mark=no-mark !connection-nat-state \
961. !connection-rate connection-state=new !connection-type !content disabled=\
962. no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
963. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
964. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
965. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
966. new-connection-mark=v6_conmark !nth !out-bridge-port \
967. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
968. !packet-size passthrough=yes !per-connection-classifier !port !priority \
969. !protocol !psd !random !routing-mark !routing-table src-address=\
970. 192.168.1.91 !src-address-list !src-address-type !src-mac-address \
971. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
972. add action=mark-connection chain=prerouting !connection-bytes \
973. !connection-limit connection-mark=no-mark !connection-nat-state \
974. !connection-rate connection-state=new !connection-type !content disabled=\
975. no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
976. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
977. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
978. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
979. new-connection-mark=v6_conmark !nth !out-bridge-port \
980. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
981. !packet-size passthrough=yes !per-connection-classifier !port !priority \
982. !protocol !psd !random !routing-mark !routing-table src-address=\
983. 192.168.1.80 !src-address-list !src-address-type !src-mac-address \
984. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
985. add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
986. connection-mark=v6_conmark !connection-nat-state !connection-rate \
987. !connection-state !connection-type !content disabled=no !dscp \
988. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
989. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
990. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
991. !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
992. new-routing-mark=v6 !nth !out-bridge-port !out-bridge-port-list \
993. !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
994. yes !per-connection-classifier !port !priority !protocol !psd !random \
995. !routing-mark !routing-table src-address=192.168.1.91 !src-address-list \
996. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
997. !tls-host !ttl
998. add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
999. connection-mark=v6_conmark !connection-nat-state !connection-rate \
1000. !connection-state !connection-type !content disabled=no !dscp \
1001. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
1002. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
1003. !in-interface !in-interface-list !ingress-priority !ipsec-policy \
1004. !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1005. new-routing-mark=v6 !nth !out-bridge-port !out-bridge-port-list \
1006. !out-interface !out-interface-list !packet-mark !packet-size passthrough=\
1007. yes !per-connection-classifier !port !priority !protocol !psd !random \
1008. !routing-mark !routing-table src-address=192.168.1.80 !src-address-list \
1009. !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
1010. !tls-host !ttl
1011. add action=mark-routing chain=prerouting !connection-bytes !connection-limit \
1012. !connection-mark !connection-nat-state !connection-rate !connection-state \
1013. !connection-type !content disabled=no !dscp !dst-address \
1014. dst-address-list=rkn !dst-address-type !dst-limit !dst-port !fragment \
1015. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
1016. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1017. !layer7-protocol !limit log=no log-prefix="" new-routing-mark=rkn !nth \
1018. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
1019. !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
1020. !priority !protocol !psd !random !routing-mark !routing-table \
1021. src-address=192.168.1.0/24 !src-address-list !src-address-type \
1022. !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
1023. # no interface
1024. add action=mark-connection chain=prerouting comment=Beeline !connection-bytes \
1025. !connection-limit !connection-mark !connection-nat-state !connection-rate \
1026. connection-state=new !connection-type !content disabled=no !dscp \
1027. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
1028. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
1029. in-interface=*6 !in-interface-list !ingress-priority !ipsec-policy \
1030. !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1031. new-connection-mark=Prerouting/Beeline !nth !out-bridge-port \
1032. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1033. !packet-size passthrough=no !per-connection-classifier !port !priority \
1034. !protocol !psd !random !routing-mark !routing-table !src-address \
1035. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
1036. !tcp-mss !time !tls-host !ttl
1037. add action=mark-routing chain=output comment=Beeline !connection-bytes \
1038. !connection-limit connection-mark=Prerouting/Beeline \
1039. !connection-nat-state !connection-rate !connection-state !connection-type \
1040. !content disabled=no !dscp !dst-address !dst-address-list \
1041. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1042. !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
1043. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1044. log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
1045. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
1046. !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
1047. !priority !protocol !psd !random !routing-mark !routing-table \
1048. !src-address !src-address-list !src-address-type !src-mac-address \
1049. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
1050. # no interface
1051. add action=mark-routing chain=prerouting comment=Beeline !connection-bytes \
1052. !connection-limit connection-mark=Prerouting/Beeline \
1053. !connection-nat-state !connection-rate !connection-state !connection-type \
1054. !content disabled=no !dscp !dst-address !dst-address-list \
1055. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1056. !in-bridge-port !in-bridge-port-list in-interface=!*6 !in-interface-list \
1057. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1058. log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
1059. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
1060. !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
1061. !priority !protocol !psd !random !routing-mark !routing-table \
1062. !src-address !src-address-list !src-address-type !src-mac-address \
1063. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
1064. add action=mark-routing chain=prerouting comment="Beeline List" \
1065. connection-mark=no-mark dst-address-list=!BOGONS new-routing-mark=\
1066. Next-Hop/Beeline passthrough=no src-address-list=via/Beeline
1067. add action=mark-routing chain=output comment="Beeline List" connection-mark=\
1068. no-mark dst-address-list=dst/Beeline new-routing-mark=Next-Hop/Beeline \
1069. passthrough=no
1070. # YotaUSB not ready
1071. add action=mark-connection chain=prerouting comment=Yota !connection-bytes \
1072. !connection-limit !connection-mark !connection-nat-state !connection-rate \
1073. connection-state=new !connection-type !content disabled=no !dscp \
1074. !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port \
1075. !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list \
1076. in-interface=*5 !in-interface-list !ingress-priority !ipsec-policy \
1077. !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1078. new-connection-mark=Prerouting/Yota !nth !out-bridge-port \
1079. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1080. !packet-size passthrough=no !per-connection-classifier !port !priority \
1081. !protocol !psd !random !routing-mark !routing-table !src-address \
1082. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
1083. !tcp-mss !time !tls-host !ttl
1084. add action=mark-routing chain=output comment=Yota connection-mark=\
1085. Prerouting/Yota new-routing-mark=Next-Hop/Yota passthrough=no
1086. add action=mark-routing chain=output comment=Yota dst-address-list=!BOGONS \
1087. new-routing-mark=Next-Hop/Yota passthrough=no src-address=10.0.0.10
1088. # YotaUSB not ready
1089. add action=mark-routing chain=prerouting comment=Yota !connection-bytes \
1090. !connection-limit connection-mark=Prerouting/Yota !connection-nat-state \
1091. !connection-rate !connection-state !connection-type !content disabled=no \
1092. !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
1093. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
1094. !in-bridge-port-list in-interface=!*5 !in-interface-list \
1095. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1096. log=no log-prefix="" new-routing-mark=Next-Hop/Yota !nth !out-bridge-port \
1097. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1098. !packet-size passthrough=no !per-connection-classifier !port !priority \
1099. !protocol !psd !random !routing-mark !routing-table !src-address \
1100. !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
1101. !tcp-mss !time !tls-host !ttl
1102. add action=mark-routing chain=prerouting comment="Yota List" connection-mark=\
1103. no-mark dst-address-list=!BOGONS new-routing-mark=Next-Hop/Yota \
1104. passthrough=no src-address-list=via/Yota
1105. add action=mark-routing chain=output comment="Yota List" connection-mark=\
1106. no-mark dst-address-list=dst/Yota new-routing-mark=Next-Hop/Yota \
1107. passthrough=no
1108. add action=mark-connection chain=prerouting comment=78.107.248.100 \
1109. connection-state=new dst-address=78.107.254.100 in-interface=WAN \
1110. new-connection-mark=Prerouting/78.107.254.100 passthrough=no
1111. add action=mark-routing chain=output comment=78.107.248.100 connection-mark=\
1112. Prerouting/78.107.254.100 new-routing-mark=Next-Hop/78.107.248.1 \
1113. passthrough=no
1114. add action=mark-routing chain=output comment=78.107.248.100 dst-address-list=\
1115. !BOGONS new-routing-mark=Next-Hop/78.107.248.1 passthrough=no \
1116. src-address=78.107.248.100
1117. add action=mark-routing chain=prerouting comment=78.107.248.100 \
1118. connection-mark=Prerouting/78.107.254.100 in-interface=!WAN \
1119. new-routing-mark=Next-Hop/78.107.248.1 passthrough=no
1120. # aws1 not ready
1121. add action=mark-connection chain=prerouting comment=aws1 connection-state=new \
1122. in-interface=aws1 new-connection-mark=Prerouting/aws1 passthrough=no
1123. add action=mark-routing chain=output comment=aws1 connection-mark=\
1124. Prerouting/aws1 new-routing-mark=Next-Hop/aws1 passthrough=no
1125. # aws1 not ready
1126. add action=mark-routing chain=prerouting comment=aws1 connection-mark=\
1127. Prerouting/aws1 in-interface=!aws1 new-routing-mark=Next-Hop/aws1 \
1128. passthrough=no
1129. # aws2 not ready
1130. add action=mark-connection chain=prerouting comment=aws2 connection-state=new \
1131. in-interface=aws2 new-connection-mark=Prerouting/aws2 passthrough=no
1132. add action=mark-routing chain=output comment=aws2 connection-mark=\
1133. Prerouting/aws2 new-routing-mark=Next-Hop/aws2 passthrough=no
1134. # aws2 not ready
1135. add action=mark-routing chain=prerouting comment=aws2 connection-mark=\
1136. Prerouting/aws2 in-interface=!aws2 new-routing-mark=Next-Hop/aws2 \
1137. passthrough=no
1138. add action=passthrough chain="Not Edit and Not Mixer <-----"
1139. add action=mark-routing chain=prerouting comment=TEST connection-mark=no-mark \
1140. disabled=yes dst-address-list=!BOGONS dst-port=80 in-interface-list=!ISP \
1141. new-routing-mark=Next-Hop/Beeline passthrough=no protocol=tcp \
1142. src-address-list=BOGONS
1143. add action=mark-routing chain=prerouting comment="All Via USB Yota" \
1144. !connection-bytes !connection-limit connection-mark=no-mark \
1145. !connection-nat-state !connection-rate !connection-state !connection-type \
1146. !content disabled=yes !dscp !dst-address dst-address-list=!BOGONS \
1147. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1148. !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=!ISP \
1149. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1150. log=no log-prefix="" new-routing-mark=Next-Hop/Yota !nth !out-bridge-port \
1151. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1152. !packet-size passthrough=no !per-connection-classifier !port !priority \
1153. !protocol !psd !random !routing-mark !routing-table !src-address \
1154. src-address-list=BOGONS !src-address-type !src-mac-address !src-port \
1155. !tcp-flags !tcp-mss !time !tls-host !ttl
1156. add action=mark-routing chain=prerouting comment="All Via USB Beeline" \
1157. !connection-bytes !connection-limit connection-mark=no-mark \
1158. !connection-nat-state !connection-rate !connection-state !connection-type \
1159. !content disabled=yes !dscp !dst-address dst-address-list=!BOGONS \
1160. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1161. !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=!ISP \
1162. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1163. log=no log-prefix="" new-routing-mark=Next-Hop/Beeline !nth \
1164. !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
1165. !packet-mark !packet-size passthrough=no !per-connection-classifier !port \
1166. !priority !protocol !psd !random !routing-mark !routing-table \
1167. !src-address src-address-list=BOGONS !src-address-type !src-mac-address \
1168. !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
1169. /ip firewall nat
1170. add action=masquerade chain=srcnat dst-address-list=rkn src-address=\
1171. 192.168.1.0/24 !to-addresses !to-ports
1172. # no interface
1173. add action=masquerade chain=srcnat comment=Beeline !connection-bytes \
1174. !connection-limit !connection-mark !connection-rate !connection-type \
1175. !content disabled=no !dscp !dst-address !dst-address-list \
1176. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1177. !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
1178. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1179. log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
1180. out-interface=*6 !out-interface-list !packet-mark !packet-size \
1181. !per-connection-classifier !port !priority !protocol !psd !random \
1182. !routing-mark !routing-table !src-address !src-address-list \
1183. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1184. !to-addresses !to-ports !ttl
1185. # YotaUSB not ready
1186. add action=masquerade chain=srcnat comment=Yota !connection-bytes \
1187. !connection-limit !connection-mark !connection-rate !connection-type \
1188. !content disabled=no !dscp !dst-address !dst-address-list \
1189. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1190. !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
1191. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1192. log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
1193. out-interface=*5 !out-interface-list !packet-mark !packet-size \
1194. !per-connection-classifier !port !priority !protocol !psd !random \
1195. !routing-mark !routing-table src-address=192.168.1.200 !src-address-list \
1196. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1197. !to-addresses !to-ports !ttl
1198. add action=src-nat chain=srcnat comment=78.107.248.1 !connection-bytes \
1199. !connection-limit !connection-mark !connection-rate !connection-type \
1200. !content disabled=no !dscp !dst-address !dst-address-list \
1201. !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options \
1202. !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
1203. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1204. log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
1205. out-interface=WAN !out-interface-list !packet-mark !packet-size \
1206. !per-connection-classifier !port !priority !protocol !psd !random \
1207. !routing-mark routing-table=Next-Hop/78.107.248.1 !src-address \
1208. !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss \
1209. !time to-addresses=78.107.248.100 !to-ports !ttl
1210. add action=masquerade chain=srcnat !connection-bytes !connection-limit \
1211. !connection-mark !connection-rate !connection-type !content disabled=no \
1212. !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
1213. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
1214. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1215. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1216. !nth !out-bridge-port !out-bridge-port-list out-interface=WAN \
1217. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1218. !port !priority !protocol !psd !random !routing-mark !routing-table \
1219. !src-address !src-address-list !src-address-type !src-mac-address \
1220. !src-port !tcp-mss !time !to-addresses !to-ports !ttl
1221. add action=masquerade chain=srcnat !connection-bytes !connection-limit \
1222. !connection-mark !connection-rate !connection-type !content disabled=no \
1223. !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
1224. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
1225. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1226. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1227. !nth !out-bridge-port !out-bridge-port-list out-interface=aruba \
1228. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1229. !port !priority !protocol !psd !random !routing-mark !routing-table \
1230. !src-address !src-address-list !src-address-type !src-mac-address \
1231. !src-port !tcp-mss !time !tls-host !to-addresses !to-ports !ttl
1232. add action=dst-nat chain=dstnat comment="FTP Win" !connection-bytes \
1233. !connection-limit !connection-mark !connection-rate !connection-type \
1234. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1235. !dst-address-type !dst-limit dst-port=19 !fragment !hotspot !icmp-options \
1236. !in-bridge-port !in-bridge-port-list in-interface=WAN !in-interface-list \
1237. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1238. log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
1239. !out-interface !out-interface-list !packet-mark !packet-size \
1240. !per-connection-classifier !port !priority protocol=tcp !psd !random \
1241. !routing-mark !routing-table !src-address src-address-list=AcceptKnocking \
1242. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1243. to-addresses=192.168.1.122 to-ports=21 !ttl
1244. add action=dst-nat chain=dstnat comment=Dante !connection-bytes \
1245. !connection-limit !connection-mark !connection-rate !connection-type \
1246. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1247. !dst-address-type !dst-limit dst-port=1080 !fragment !hotspot \
1248. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1249. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1250. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1251. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1252. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1253. !random !routing-mark !routing-table !src-address !src-address-list \
1254. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1255. to-addresses=192.168.1.91 to-ports=1080 !ttl
1256. add action=dst-nat chain=dstnat comment=WEBDAV !connection-bytes \
1257. !connection-limit !connection-mark !connection-rate !connection-type \
1258. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1259. !dst-address-type !dst-limit dst-port=81 !fragment !hotspot !icmp-options \
1260. !in-bridge-port !in-bridge-port-list in-interface=WAN !in-interface-list \
1261. !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
1262. log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
1263. !out-interface !out-interface-list !packet-mark !packet-size \
1264. !per-connection-classifier !port !priority protocol=tcp !psd !random \
1265. !routing-mark !routing-table !src-address src-address-list=AcceptKnocking \
1266. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1267. to-addresses=192.168.1.122 to-ports=80 !ttl
1268. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1269. 78.107.254.100 dst-port=500 in-interface=WAN protocol=udp to-addresses=\
1270. 192.168.1.214 to-ports=500
1271. add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
1272. dst-port=19142 in-interface=WAN protocol=tcp src-address-list=\
1273. AcceptKnocking to-addresses=192.168.1.248 to-ports=80
1274. add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
1275. dst-port=19142 in-interface=WAN protocol=udp src-address-list=\
1276. AcceptKnocking to-addresses=192.168.1.248 to-ports=80
1277. add action=dst-nat chain=dstnat comment=ZABBIX dst-address=78.107.254.100 \
1278. dst-port=82 in-interface=WAN protocol=tcp src-address-list=AcceptKnocking \
1279. to-addresses=192.168.1.208 to-ports=80
1280. add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
1281. !connection-limit !connection-mark !connection-rate !connection-type \
1282. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1283. !dst-address-type !dst-limit dst-port=2443 !fragment !hotspot \
1284. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1285. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1286. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1287. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1288. !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
1289. !random !routing-mark !routing-table !src-address src-address-list=\
1290. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1291. !time !tls-host to-addresses=192.168.1.214 to-ports=443 !ttl
1292. add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
1293. !connection-limit !connection-mark !connection-rate !connection-type \
1294. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1295. !dst-address-type !dst-limit dst-port=2443 !fragment !hotspot \
1296. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1297. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1298. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1299. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1300. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1301. !random !routing-mark !routing-table !src-address src-address-list=\
1302. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1303. !time !tls-host to-addresses=192.168.1.214 to-ports=443 !ttl
1304. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1305. 78.107.254.100 dst-port=500 in-interface=WAN protocol=tcp to-addresses=\
1306. 192.168.1.214 to-ports=500
1307. add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
1308. 78.107.254.100 dst-port=992 in-interface=WAN protocol=tcp \
1309. src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=992
1310. add action=dst-nat chain=dstnat comment=RDP !connection-bytes \
1311. !connection-limit !connection-mark !connection-rate !connection-type \
1312. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1313. !dst-address-type !dst-limit dst-port=33389 !fragment !hotspot \
1314. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1315. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1316. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1317. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1318. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1319. !random !routing-mark !routing-table !src-address src-address-list=\
1320. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1321. !time !tls-host to-addresses=192.168.1.122 to-ports=3389 !ttl
1322. add action=dst-nat chain=dstnat comment=RDP !connection-bytes \
1323. !connection-limit !connection-mark !connection-rate !connection-type \
1324. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1325. !dst-address-type !dst-limit dst-port=888 !fragment !hotspot \
1326. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1327. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1328. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1329. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1330. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1331. !random !routing-mark !routing-table !src-address !src-address-list \
1332. !src-address-type !src-mac-address !src-port !tcp-mss !time to-addresses=\
1333. 192.168.1.201 to-ports=80 !ttl
1334. add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
1335. 78.107.254.100 dst-port=992 in-interface=WAN protocol=udp \
1336. src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=992
1337. add action=dst-nat chain=dstnat comment="TOR SSH work" dst-address=\
1338. 78.107.254.100 dst-port=2222 in-interface=WAN protocol=tcp \
1339. src-address-list=AcceptKnocking to-addresses=192.168.1.217 to-ports=22
1340. add action=dst-nat chain=dstnat comment="SoftEther VPN work" dst-address=\
1341. 78.107.254.100 dst-port=2223 in-interface=WAN protocol=tcp \
1342. src-address-list=AcceptKnocking to-addresses=192.168.1.214 to-ports=22
1343. add action=dst-nat chain=dstnat comment="I2P SSH" dst-address=78.107.254.100 \
1344. dst-port=2224 in-interface=WAN protocol=tcp src-address-list=\
1345. AcceptKnocking to-addresses=192.168.1.213 to-ports=22
1346. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1347. 78.107.254.100 dst-port=1194 in-interface=WAN log=yes protocol=udp \
1348. to-addresses=192.168.1.214 to-ports=1194
1349. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1350. 78.107.254.100 dst-port=1194 in-interface=WAN protocol=tcp to-addresses=\
1351. 192.168.1.214 to-ports=1194
1352. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1353. 78.107.254.100 dst-port=1701 in-interface=WAN protocol=udp to-addresses=\
1354. 192.168.1.214 to-ports=1701
1355. add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
1356. !connection-limit !connection-mark !connection-rate !connection-type \
1357. !content disabled=yes !dscp dst-address=78.107.254.100 !dst-address-list \
1358. !dst-address-type !dst-limit dst-port=443 !fragment !hotspot \
1359. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1360. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1361. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1362. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1363. !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
1364. !random !routing-mark !routing-table !src-address !src-address-list \
1365. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1366. to-addresses=192.168.1.214 to-ports=443 !ttl
1367. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1368. 78.107.254.100 dst-port=1701 in-interface=WAN protocol=tcp to-addresses=\
1369. 192.168.1.214 to-ports=1701
1370. add action=dst-nat chain=dstnat comment="SoftEther PORT" !connection-bytes \
1371. !connection-limit !connection-mark !connection-rate !connection-type \
1372. !content disabled=yes !dscp dst-address=78.107.254.100 !dst-address-list \
1373. !dst-address-type !dst-limit dst-port=443 !fragment !hotspot \
1374. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1375. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1376. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1377. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1378. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1379. !random !routing-mark !routing-table !src-address !src-address-list \
1380. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1381. to-addresses=192.168.1.214 to-ports=443 !ttl
1382. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1383. 78.107.254.100 dst-port=4500 in-interface=WAN protocol=udp to-addresses=\
1384. 192.168.1.214 to-ports=4500
1385. add action=dst-nat chain=dstnat comment="SoftEther PORT" dst-address=\
1386. 78.107.254.100 dst-port=4500 in-interface=WAN protocol=tcp to-addresses=\
1387. 192.168.1.214 to-ports=4500
1388. add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
1389. 78.107.254.100 dst-port=5555 in-interface=WAN protocol=tcp to-addresses=\
1390. 192.168.1.214 to-ports=5555
1391. add action=dst-nat chain=dstnat comment="SoftEther Admin port" dst-address=\
1392. 78.107.254.100 dst-port=5555 in-interface=WAN protocol=udp to-addresses=\
1393. 192.168.1.214 to-ports=5555
1394. add action=dst-nat chain=dstnat comment="VNC Macbook" !connection-bytes \
1395. !connection-limit !connection-mark !connection-rate !connection-type \
1396. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1397. !dst-address-type !dst-limit dst-port=6666 !fragment !hotspot \
1398. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1399. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1400. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1401. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1402. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1403. !random !routing-mark !routing-table !src-address src-address-list=\
1404. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1405. !time to-addresses=192.168.1.222 to-ports=6666 !ttl
1406. add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
1407. dst-port=10785 in-interface=WAN protocol=udp to-addresses=192.168.1.213 \
1408. to-ports=10785
1409. add action=dst-nat chain=dstnat comment="I2P UDP" dst-address=78.107.254.100 \
1410. dst-port=10786 in-interface=WAN protocol=udp to-addresses=192.168.1.204 \
1411. to-ports=10786
1412. add action=dst-nat chain=dstnat comment="Zabbix port Forward" \
1413. !connection-bytes !connection-limit !connection-mark !connection-rate \
1414. !connection-type !content disabled=no !dscp dst-address=78.107.254.100 \
1415. !dst-address-list !dst-address-type !dst-limit dst-port=82 !fragment \
1416. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
1417. WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1418. !layer7-protocol !limit log=yes log-prefix=1 !nth !out-bridge-port \
1419. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1420. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1421. !random !routing-mark !routing-table !src-address src-address-list=\
1422. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1423. !time to-addresses=192.168.1.208 to-ports=80 !ttl
1424. add action=dst-nat chain=dstnat comment="hEX port Forward" !connection-bytes \
1425. !connection-limit !connection-mark !connection-rate !connection-type \
1426. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1427. !dst-address-type !dst-limit dst-port=8296 !fragment !hotspot \
1428. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1429. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1430. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1431. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1432. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1433. !random !routing-mark !routing-table !src-address src-address-list=\
1434. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1435. !time !tls-host to-addresses=192.168.1.4 to-ports=8291 !ttl
1436. add action=dst-nat chain=dstnat comment="CyberPower port Forward" \
1437. !connection-bytes !connection-limit !connection-mark !connection-rate \
1438. !connection-type !content disabled=no !dscp !dst-address \
1439. !dst-address-list !dst-address-type !dst-limit dst-port=3052 !fragment \
1440. !hotspot !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
1441. WAN !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1442. !layer7-protocol !limit log=yes log-prefix=1 !nth !out-bridge-port \
1443. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1444. !packet-size !per-connection-classifier !port !priority protocol=tcp !psd \
1445. !random !routing-mark !routing-table !src-address src-address-list=\
1446. AcceptKnocking !src-address-type !src-mac-address !src-port !tcp-mss \
1447. !time to-addresses=192.168.1.205 to-ports=3052 !ttl
1448. add action=redirect chain=dstnat dst-port=53 protocol=udp !to-addresses \
1449. !to-ports
1450. add action=dst-nat chain=dstnat comment=Dante !connection-bytes \
1451. !connection-limit !connection-mark !connection-rate !connection-type \
1452. !content disabled=no !dscp dst-address=78.107.254.100 !dst-address-list \
1453. !dst-address-type !dst-limit dst-port=1080 !fragment !hotspot \
1454. !icmp-options !in-bridge-port !in-bridge-port-list in-interface=WAN \
1455. !in-interface-list !ingress-priority !ipsec-policy !ipv4-options \
1456. !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
1457. !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
1458. !packet-size !per-connection-classifier !port !priority protocol=udp !psd \
1459. !random !routing-mark !routing-table !src-address !src-address-list \
1460. !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host \
1461. to-addresses=192.168.1.91 to-ports=1080 !ttl
1462. add action=dst-nat chain=dstnat !connection-bytes !connection-limit \
1463. !connection-mark !connection-rate !connection-type !content disabled=no \
1464. !dscp dst-address=78.107.254.100 !dst-address-list !dst-address-type \
1465. !dst-limit dst-port=1080 !fragment !hotspot !icmp-options !in-bridge-port \
1466. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1467. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1468. !nth !out-bridge-port !out-bridge-port-list !out-interface \
1469. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1470. !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
1471. !src-address !src-address-list !src-address-type !src-mac-address \
1472. !src-port !tcp-mss !time !tls-host to-addresses=192.168.1.91 !to-ports \
1473. !ttl
1474. add action=dst-nat chain=dstnat !connection-bytes !connection-limit \
1475. !connection-mark !connection-rate !connection-type !content disabled=no \
1476. !dscp dst-address=78.107.254.100 !dst-address-list !dst-address-type \
1477. !dst-limit dst-port=8443 !fragment !hotspot !icmp-options !in-bridge-port \
1478. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1479. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1480. !nth !out-bridge-port !out-bridge-port-list !out-interface \
1481. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1482. !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
1483. !src-address !src-address-list !src-address-type !src-mac-address \
1484. !src-port !tcp-mss !time !tls-host to-addresses=192.168.1.80 !to-ports \
1485. !ttl
1486. add action=masquerade chain=srcnat !connection-bytes !connection-limit \
1487. !connection-mark !connection-rate !connection-type !content disabled=no \
1488. !dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
1489. !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
1490. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1491. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1492. !nth !out-bridge-port !out-bridge-port-list out-interface=WAN \
1493. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1494. !port !priority !protocol !psd !random !routing-mark !routing-table \
1495. !src-address !src-address-list !src-address-type !src-mac-address \
1496. !src-port !tcp-mss !time !tls-host !to-addresses !to-ports !ttl
1497. add action=masquerade chain=srcnat !connection-bytes !connection-limit \
1498. !connection-mark !connection-rate !connection-type !content disabled=no \
1499. !dscp dst-address=192.168.1.91 !dst-address-list !dst-address-type \
1500. !dst-limit dst-port=1080 !fragment !hotspot !icmp-options !in-bridge-port \
1501. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1502. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1503. !nth !out-bridge-port !out-bridge-port-list out-interface=LAN \
1504. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1505. !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
1506. src-address=192.168.1.0/24 !src-address-list !src-address-type \
1507. !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses \
1508. !to-ports !ttl
1509. add action=masquerade chain=srcnat !connection-bytes !connection-limit \
1510. !connection-mark !connection-rate !connection-type !content disabled=no \
1511. !dscp dst-address=192.168.1.80 !dst-address-list !dst-address-type \
1512. !dst-limit dst-port=8443 !fragment !hotspot !icmp-options !in-bridge-port \
1513. !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
1514. !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" \
1515. !nth !out-bridge-port !out-bridge-port-list out-interface=LAN \
1516. !out-interface-list !packet-mark !packet-size !per-connection-classifier \
1517. !port !priority protocol=tcp !psd !random !routing-mark !routing-table \
1518. src-address=192.168.1.0/24 !src-address-list !src-address-type \
1519. !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses \
1520. !to-ports !ttl
1521. /ip firewall service-port
1522. set ftp disabled=no ports=21
1523. set tftp disabled=no ports=69
1524. set irc disabled=no ports=6667
1525. set h323 disabled=no
1526. set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
1527. set pptp disabled=no
1528. set udplite disabled=no
1529. set dccp disabled=no
1530. set sctp disabled=no
1531. /ip hotspot service-port
1532. set ftp disabled=no ports=21
1533. /ip hotspot user
1534. set [ find default=yes ] comment="counters and limits for trial users" \
1535. disabled=no name=default-trial
1536. add disabled=no name=admin profile=default
1537. /ip ipsec policy
1538. set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=\
1539. all src-address=::/0 template=yes
1540. /ip ipsec user settings
1541. set xauth-use-radius=no
1542. /ip proxy
1543. set always-from-cache=no anonymous=no cache-administrator=webmaster \
1544. cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
1545. max-cache-object-size=2048KiB max-cache-size=unlimited \
1546. max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
1547. parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no \
1548. src-address=::
1549. /ip route
1550. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1551. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
1552. dst-address=0.0.0.0/0 gateway=aruba !route-tag routing-mark=v6 scope=30 \
1553. target-scope=10
1554. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1555. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
1556. dst-address=0.0.0.0/0 gateway=10.0.254.1 !route-tag routing-mark=rkn \
1557. scope=30 target-scope=10
1558. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1559. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1560. dst-address=0.0.0.0/0 gateway=5.5.5.5 !route-tag routing-mark=\
1561. Next-Hop/Beeline scope=30 target-scope=10
1562. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1563. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1564. dst-address=0.0.0.0/0 gateway=10.0.0.1 !route-tag routing-mark=\
1565. Next-Hop/Yota scope=30 target-scope=10
1566. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1567. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
1568. dst-address=0.0.0.0/0 gateway=78.107.248.1 !route-tag routing-mark=\
1569. Next-Hop/78.107.248.1 scope=30 target-scope=10
1570. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1571. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1572. dst-address=0.0.0.0/0 gateway=aws1 !route-tag routing-mark=Next-Hop/aws1 \
1573. scope=30 target-scope=10
1574. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1575. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1576. dst-address=0.0.0.0/0 gateway=aws2 !route-tag routing-mark=Next-Hop/aws2 \
1577. scope=30 target-scope=10
1578. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1579. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=254 \
1580. dst-address=0.0.0.0/0 gateway=Br-Loopback !route-tag !routing-mark scope=\
1581. 30 target-scope=10
1582. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1583. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1584. dst-address=0.0.0.0/0 gateway=sit1 !route-tag !routing-mark scope=30 \
1585. target-scope=10
1586. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1587. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
1588. dst-address=149.154.167.220/32 gateway=aruba !route-tag !routing-mark \
1589. scope=30 target-scope=10
1590. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1591. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1592. dst-address=192.168.7.0/24 gateway=sstp-in1 !route-tag !routing-mark \
1593. scope=30 target-scope=10
1594. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1595. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1596. dst-address=192.168.11.0/24 gateway=gre-tunnel1 !route-tag !routing-mark \
1597. scope=30 target-scope=10
1598. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1599. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=yes distance=1 \
1600. dst-address=192.168.111.0/24 gateway=192.168.99.2 pref-src=192.168.1.1 \
1601. !route-tag !routing-mark scope=30 target-scope=10
1602. /ip route rule
1603. add action=lookup-only-in-table disabled=no !dst-address !interface \
1604. routing-mark=Next-Hop/Beeline !src-address table=Next-Hop/Beeline
1605. add action=lookup-only-in-table disabled=no !dst-address !interface \
1606. routing-mark=Next-Hop/Yota !src-address table=Next-Hop/Yota
1607. add action=lookup-only-in-table disabled=no !dst-address !interface \
1608. routing-mark=Next-Hop/78.107.248.1 !src-address table=\
1609. Next-Hop/78.107.248.1
1610. add action=lookup-only-in-table disabled=no !dst-address !interface \
1611. routing-mark=Next-Hop/aws1 !src-address table=Next-Hop/aws1
1612. add action=lookup-only-in-table disabled=no !dst-address !interface \
1613. routing-mark=Next-Hop/aws2 !src-address table=Next-Hop/aws2
1614. /ip service
1615. set telnet address="" disabled=yes port=23
1616. set ftp address="" disabled=yes port=21
1617. set www address="" disabled=yes port=83
1618. set ssh address="" disabled=yes port=222
1619. set www-ssl address="" certificate=none disabled=yes port=443
1620. set api address="" disabled=yes port=8728
1621. set winbox address="" disabled=no port=8295
1622. set api-ssl address="" certificate=none disabled=yes port=8729
1623. /ip smb
1624. set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
1625. all
1626. /ip smb shares
1627. set [ find default=yes ] comment="default share" directory=/pub disabled=no \
1628. max-sessions=10 name=pub
1629. /ip smb users
1630. set [ find default=yes ] disabled=no name=guest read-only=yes
1631. /ip socks
1632. set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
1633. /ip ssh
1634. set always-allow-password-login=no forwarding-enabled=no host-key-size=2048 \
1635. strong-crypto=no
1636. /ip traffic-flow
1637. set active-flow-timeout=30m cache-entries=128k enabled=no \
1638. inactive-flow-timeout=15s interfaces=all
1639. /ip traffic-flow ipfix
1640. set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes \
1641. dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes \
1642. igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes \
1643. ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=\
1644. yes nat-dst-port=yes nat-src-address=yes nat-src-port=yes out-interface=\
1645. yes packets=yes protocol=yes src-address=yes src-address-mask=yes \
1646. src-mac-address=yes src-port=yes tcp-ack-num=yes tcp-flags=yes \
1647. tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
1648. /ip upnp
1649. set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
1650. /ipv6 address
1651. add address=2001:470:6c:570::2/64 advertise=yes disabled=no eui-64=no \
1652. from-pool="" interface=LAN no-dad=no
1653. add address=2001:470:6c:570::2/64 advertise=no disabled=no eui-64=no \
1654. from-pool="" interface=sit1 no-dad=no
1655. /ipv6 nd
1656. set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=\
1657. no hop-limit=unspecified interface=all managed-address-configuration=no \
1658. mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
1659. ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
1660. unspecified
1661. /ipv6 nd prefix default
1662. set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
1663. /ipv6 route
1664. add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
1665. !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
1666. dst-address=2000::/3 gateway=sit1 !route-tag scope=30 target-scope=10
1667. /mpls
1668. set dynamic-label-range=16-1048575 propagate-ttl=yes
1669. /mpls interface
1670. set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
1671. /mpls ldp
1672. set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
1673. lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
1674. use-explicit-null=no
1675. /port firmware
1676. set directory=firmware ignore-directip-modem=no
1677. /ppp aaa
1678. set accounting=yes interim-update=0s use-circuit-id-in-nas-port-id=no \
1679. use-radius=no
1680. /ppp secret
1681. add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
1682. local-address=192.168.2.1 name=admin profile=default remote-address=\
1683. 192.168.2.2 !remote-ipv6-prefix routes="" service=pptp
1684. add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
1685. local-address=192.168.2.1 name=mac profile=default remote-address=\
1686. 192.168.2.2 !remote-ipv6-prefix routes="" service=pptp
1687. add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
1688. !local-address name=admin profile=l2tp_Provile !remote-address \
1689. !remote-ipv6-prefix routes="" service=l2tp
1690. add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
1691. !local-address name=office profile=l2tp_Provile !remote-address \
1692. !remote-ipv6-prefix routes="" service=any
1693. add caller-id="" disabled=yes limit-bytes-in=0 limit-bytes-out=0 \
1694. !local-address name=aws profile=l2tp_Provile !remote-address \
1695. !remote-ipv6-prefix routes="" service=any
1696. add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
1697. local-address=192.168.99.1 name=sstp profile=default remote-address=\
1698. 192.168.99.2 !remote-ipv6-prefix routes="" service=sstp
1699. /radius incoming
1700. set accept=no port=3799
1701. /routing bfd interface
1702. set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
1703. multiplier=5
1704. /routing mme
1705. set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
1706. gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
1707. 0.0.0.0 timeout=1m ttl=50
1708. /routing ospf interface
1709. add authentication=md5 authentication-key-id=1 cost=10 dead-interval=40s \
1710. disabled=yes hello-interval=10s instance-id=0 network-type=point-to-point \
1711. passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
1712. add authentication=md5 authentication-key-id=1 cost=10 dead-interval=40s \
1713. disabled=yes hello-interval=10s instance-id=0 network-type=point-to-point \
1714. passive=no priority=1 retransmit-interval=5s transmit-delay=1s use-bfd=no
1715. /routing rip
1716. set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
1717. metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
1718. redistribute-connected=no redistribute-ospf=no redistribute-static=no \
1719. routing-table=main timeout-timer=3m update-timer=30s
1720. /routing ripng
1721. set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
1722. metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
1723. redistribute-connected=no redistribute-ospf=no redistribute-static=no \
1724. timeout-timer=3m update-timer=30s
1725. /snmp
1726. set contact=j0e0e@yandex.ru enabled=yes engine-id="" location=537 \
1727. src-address=:: trap-community=public trap-generators=interfaces \
1728. trap-interfaces=all trap-target=192.168.1.88 trap-version=2
1729. /system clock
1730. set time-zone-autodetect=yes time-zone-name=Europe/Moscow
1731. /system clock manual
1732. set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
1733. "jan/01/1970 00:00:00" time-zone=+00:00
1734. /system console
1735. set [ find vcno=1 ] channel=0 disabled=no term=linux
1736. set [ find vcno=2 ] channel=0 disabled=no term=linux
1737. set [ find vcno=3 ] channel=0 disabled=no term=linux
1738. set [ find vcno=4 ] channel=0 disabled=no term=linux
1739. set [ find vcno=5 ] channel=0 disabled=no term=linux
1740. set [ find vcno=6 ] channel=0 disabled=no term=linux
1741. set [ find vcno=7 ] channel=0 disabled=no term=linux
1742. set [ find vcno=8 ] channel=0 disabled=no term=linux
1743. /system console screen
1744. set blank-interval=10min line-count=25
1745. /system hardware
1746. set multi-cpu=yes
1747. /system health
1748. set state-after-reboot=enabled
1749. /system identity
1750. set name=MikroTik_GW_1.1
1751. /system leds settings
1752. set all-leds-off=never
1753. /system logging
1754. set 0 action=disk disabled=no prefix="" topics=info
1755. set 1 action=remote disabled=no prefix=error topics=error
1756. set 2 action=remote disabled=yes prefix="" topics=warning
1757. set 3 action=disk disabled=no prefix="" topics=critical
1758. add action=disk disabled=yes prefix="" topics=firewall
1759. add action=syslog disabled=yes prefix=dhcp topics=dhcp
1760. add action=memory disabled=no prefix="" topics=l2tp
1761. add action=disk disabled=no prefix="" topics=error
1762. add action=remote disabled=yes prefix="" topics=info
1763. add action=syslog disabled=no prefix=warning topics=warning
1764. add action=disk disabled=yes prefix=fetch: topics=!info
1765. add action=remote disabled=no prefix="" topics=""
1766. add action=syslog disabled=no prefix=crit topics=critical
1767. add action=syslog disabled=no prefix=info topics=info
1768. /system note
1769. set note="" show-at-login=yes
1770. /system ntp client
1771. set enabled=yes primary-ntp=95.104.193.195 secondary-ntp=91.206.16.3 \
1772. server-dns-names=""
1773. /system resource irq
1774. set 0 cpu=auto
1775. set 1 cpu=auto
1776. set 2 cpu=auto
1777. set 3 cpu=auto
1778. set 4 cpu=auto
1779. set 5 cpu=auto
1780. set 6 cpu=auto
1781. set 7 cpu=auto
1782. set 8 cpu=auto
1783. set 9 cpu=auto
1784. set 10 cpu=auto
1785. set 11 cpu=auto
1786. set 12 cpu=auto
1787. set 13 cpu=auto
1788. set 14 cpu=auto
1789. /system resource irq rps
1790. set WAN disabled=no
1791. set LAN disabled=no
1792. /system upgrade mirror
1793. set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
1794. 0.0.0.0 user=""
1795. /system watchdog
1796. set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
1797. none watchdog-timer=yes
1798. /tool bandwidth-server
1799. set allocate-udp-ports-from=2000 authenticate=no enabled=no max-sessions=100
1800. /tool e-mail
1801. set address=173.194.222.109 from=mikrotik@ladmin1ty.com port=587 start-tls=\
1802. yes user=mikrotik@ladmin1ty.com
1803. /tool graphing
1804. set page-refresh=300 store-every=5min
1805. /tool graphing interface
1806. add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
1807. /tool graphing resource
1808. add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
1809. /tool mac-server
1810. set allowed-interface-list=all
1811. /tool mac-server mac-winbox
1812. set allowed-interface-list=all
1813. /tool mac-server ping
1814. set enabled=no
1815. /tool romon
1816. set enabled=yes id=00:00:00:00:00:00
1817. /tool romon port
1818. set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
1819. /tool sms
1820. set allowed-number="" channel=0 keep-max-sms=0 port=none receive-enabled=no
1821. /tool sniffer
1822. set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any \
1823. filter-interface="" filter-ip-address="" filter-ip-protocol="" \
1824. filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
1825. filter-operator-between-entries=or filter-port="" filter-stream=no \
1826. memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=\
1827. no streaming-server=0.0.0.0
1828. /tool traffic-generator
1829. set latency-distribution-max=100us measure-out-of-order=no \
1830. stats-samples-to-keep=100 test-id=0
1831. /user aaa
1832. set accounting=yes default-group=read exclude-groups="" interim-update=0s \
1833. use-radius=no