# may/22/2021 07:11:13 by RouterOS 6.48.2# software id = *******## model =

1. # may/22/2021 07:11:13 by RouterOS 6.48.2
2. # software id = *******
3. #
4. # model = RB760iGS
5. # serial number = *********
6. /interface bridge
7. add admin-mac=********* auto-mac=no comment=defconf name=bridge
8. /interface pppoe-client
9. add add-default-route=yes dial-on-demand=yes disabled=no interface=ether1 name=pppoe-out1 password=********* use-peer-dns=yes user=*********
10. /interface list
11. add comment=defconf name=WAN
12. add comment=defconf name=LAN
13. /interface wireless security-profiles
14. set [ find default=yes ] supplicant-identity=MikroTik
15. /ip pool
16. add name=dhcp ranges=192.168.0.X-192.168.0.X
17. /ip dhcp-server
18. add address-pool=dhcp disabled=no interface=bridge name=defconf
19. /interface bridge port
20. add bridge=bridge comment=defconf interface=ether2
21. add bridge=bridge comment=defconf interface=ether3
22. add bridge=bridge comment=defconf interface=ether4
23. add bridge=bridge comment=defconf interface=ether5
24. add bridge=bridge comment=defconf interface=sfp1
25. /ip neighbor discovery-settings
26. set discover-interface-list=LAN
27. /interface list member
28. add comment=defconf interface=bridge list=LAN
29. add comment=defconf interface=ether1 list=WAN
30. add interface=pppoe-out1 list=WAN
31. /ip address
32. add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
33. /ip cloud
34. set ddns-enabled=yes ddns-update-interval=5m
35. /ip dhcp-client
36. add comment=defconf interface=ether1
37. /ip dhcp-server network
38. add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.X,192.168.0.X,192.168.0.1 gateway=192.168.0.1 netmask=24 ntp-server=192.168.0.X
39. /ip dns
40. set allow-remote-requests=yes cache-size=4096KiB servers=208.67.222.222,208.67.220.220
41. /ip firewall address-list
42. add address=192.168.0.X list=nonet
43. add address=192.168.0.X list=nonet
44. add address=192.168.0.X list=nonet
45. /ip firewall filter
46. add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=tcp
47. add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
48. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
49. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
50. add action=accept chain=input comment="defconf: accept ICMP" in-interface-list=LAN protocol=icmp
51. add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
52. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
53. add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
54. add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
55. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
56. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
57. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
58. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
59. add action=drop chain=output comment=nonet out-interface-list=WAN src-address-list=nonet
60. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
61. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
62. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
63. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
64. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
65. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
66. add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
67. add action=drop chain=input comment="dropping port scanners" src-address-list="port scanners"
68. /ip firewall nat
69. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
70. /system clock
71. set time-zone-name=Europe/Budapest
72. /system leds
73. set 0 interface=pppoe-out1
74. /system ntp client
75. set enabled=yes primary-ntp=192.168.0.X secondary-ntp=192.168.0.X
76. /system routerboard settings
77. set silent-boot=yes
78. /system routerboard mode-button
79. set enabled=yes
80. /system routerboard reset-button
81. set enabled=yes
82. /tool e-mail
83. set address=192.168.0.X from=********* password=******** start-tls=yes user=***********
84. /tool graphing interface
85. add allow-address=192.168.0.0/24
86. /tool graphing queue
87. add allow-address=192.168.0.0/24
88. /tool graphing resource
89. add allow-address=192.168.0.0/24
90. /tool mac-server
91. set allowed-interface-list=LAN
92. /tool mac-server mac-winbox
93. set allowed-interface-list=LAN
94.