API tools faq
paste
Miguel-Brbyte

Integração CTLR com MK

Miguel-Brbyte
Jan 9th, 2020 (edited)
336
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 6.08 KB | None | 0 0
raw download clone embed print report
  1. {
  2. ######## Substituir os VALUE="XXXX" com as informações corretas, para a integração do MK com o Controllr ########
  3. :global name="IPCTLR" value="192.168.10.2";
  4. :global name="IPCTLRPUBLIC" value="177.52.73.7";
  5. :global name="RADIUSNAS" value="192.168.10.1";
  6. :global name="PINCOMING" value="3799";
  7. #################################################################################################################
  8. :log warning "Iniciando configuracao do Controllr no MK";
  9. :delay 5s;
  10. :log warning "Criando o Radius do Controllr";
  11. :if ([/radius find comment~"####CONTROLLR####"] !="") do={:log warning "ja existe um Radius cadastrado";} else={:log warning "Nao existe nenhum Radius cadastrado"; /radius add address=$IPCTLR comment="####CONTROLLR####" secret=brbyte service=ppp src-address=$RADIUSNAS timeout=3s disabled=no};
  12. :delay 5s;
  13. :log warning "Habilitando o Incoming";
  14. /radius incoming set accept=yes port=$PINCOMING;
  15. :delay 5s;
  16. :log warning "Setando as regras do Filter rules";
  17. :if ([/ip firewall filter find comment~"CTLR-MSG"] !="") do={:log warning "Ja existe Firewall criadas do Controllr";} else={:log warning "Nao esta presente nenhum firewall do Controllr"; /ip firewall filter {
  18. remove [find comment=Controllr]
  19. remove [find comment=CTLR-MSG-BLOCKED]
  20. add action=accept chain=forward comment="CONTROLLR" dst-port=7840 protocol=tcp
  21. add action=drop chain=forward   comment="CTLR-MSG-BLOQUEIO"     disabled=no dst-address-list=!released_ips dst-port=!53 protocol=udp src-address-list=brb-block
  22. add action=drop chain=forward   comment="CTLR-MSG-BLOQUEIO"     disabled=no dst-address-list=!released_ips protocol=tcp src-address-list=brb-block
  23. add action=drop chain=forward   comment="CTLR-MSG-CANCELAMENTO" disabled=no dst-address-list=!released_ips dst-port=!53 protocol=udp src-address-list=brb-cancel
  24. add action=drop chain=forward   comment="CTLR-MSG-CANCELAMENTO" disabled=no dst-address-list=!released_ips protocol=tcp src-address-list=brb-cancel
  25. add action=drop chain=forward   comment="CTLR-MSG-NOTIFICACAO"  disabled=no dst-address-list=!released_ips dst-port=!53 protocol=udp src-address-list=brb-block-read-notification
  26. add action=drop chain=forward   comment="CTLR-MSG-NOTIFICACAO"  disabled=no dst-address-list=!released_ips protocol=tcp src-address-list=brb-block-read-notification};
  27. };
  28. :delay 5s;
  29. :log warning "Setando as regras de redirecionamento - NAT para acessar o seu Controllr fora da rede";
  30. :if ([/ip firewall nat find comment~"ACESSO CONTROLLR"] !="") do={:log warning "Ja existe NAT criadas do Controllr";} else={:log warning "nao esta presente nenhuma nat do Controllr"; /ip firewall nat {
  31. add action=dst-nat chain=dstnat comment="ACESSO CONTROLLR WEB"     dst-port=8080 protocol=tcp to-addresses=$IPCTLR to-ports=8080
  32. add action=dst-nat chain=dstnat comment="ACESSO CONTROLLR SSH"     dst-port=2229 protocol=tcp to-addresses=$IPCTLR to-ports=2229
  33. add action=dst-nat chain=dstnat comment="ACESSO CONTROLLR SERVICO" dst-port=8083 protocol=tcp to-addresses=$IPCTLR to-ports=8083
  34. add action=dst-nat chain=dstnat comment="ACESSO CONTROLLR HOTSITE" disabled=yes dst-address=$IPCTLRPUBLIC dst-port=80 protocol=tcp to-addresses=$IPCTLR to-ports=80};
  35. };
  36. #OBS: O redirecionamento para o Hotsite está desabilitado, pois **dst-address** tem que ser o seu IP publico, para poder acessar o Hotsite dentro e fora da rede pelo IP publico.
  37. :delay 5s;
  38. :log warning "Redirecionamento para as telas de pendencias";
  39. :if ([/ip firewall nat find comment~"CTLR-MSG"] !="") do={:log warning "Ja existe NAT criadas do Controllr";} else={:log warning "Nao esta presente nenhuma nat do Controllr"; /ip firewall nat{
  40. remove [find comment=CTLR-MSG-BLOCKED-HTTP-80]
  41. remove [find comment=CTLR-MSG-BLOCKED-HTTPS-443]
  42. remove [find comment=CTLR-MSG-PENDING-HTTP-80]
  43. remove [find comment=CTLR-MSG-PENDING-HTTPS-443]
  44. add action=dst-nat chain=dstnat comment="CTLR-MSG-NOTIFICACAO"  disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=brb-block-read-notification to-addresses=$IPCTLR to-ports=8090
  45. add action=dst-nat chain=dstnat comment="CTLR-MSG-REDUCAO-VEL"  disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=brb-pendency                to-addresses=$IPCTLR to-ports=8091
  46. add action=dst-nat chain=dstnat comment="CTLR-MSG-BLOQUEIO"     disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=brb-block                   to-addresses=$IPCTLR to-ports=8092
  47. add action=dst-nat chain=dstnat comment="CTLR-MSG-CANCELAMENTO" disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=brb-cancel                  to-addresses=$IPCTLR to-ports=8093};
  48. };
  49. :delay 5s;
  50. :log warning "Criando address list";
  51. :if ([/ip firewall address-list find list=released_ips] !="") do={:log warning "Removendo released_ips antigos"; /ip firewall address-list remove [find list=released_ips]; /ip firewall address-list {
  52. add address=$IPCTLR       list=released_ips
  53. add address=8.8.8.8       list=released_ips
  54. add address=8.8.4.4       list=released_ips
  55. add address=$IPCTLRPUBLIC list=released_ips};} else={:log warning "inserindo o released ips"; /ip firewall address-list {
  56. add address=$IPCTLR       list=released_ips
  57. add address=8.8.8.8       list=released_ips
  58. add address=8.8.4.4       list=released_ips
  59. add address=$IPCTLRPUBLIC list=released_ips};
  60. };
  61. :delay 5s;
  62. :log warning "Configurando Scheduler - Agendador";
  63. :if ([/system scheduler find name="CTLR-MSG-REDUCAO-VEL"] !="") do={:log warning "Ja existe agendador criado";} else={:log warning "Nao existe agendador criado"; /system scheduler {
  64. remove [find name=Pendency]
  65. add interval=2m name="CTLR-MSG-REDUCAO-VEL" on-event=":foreach ip in=[/ip firewall address-list find list=\"brb-pendency\"] do={/ip firewall address-list remove \$ip}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup};
  66. };
  67. :delay 5s;
  68. :log warning "Habilitando a porta API do MK";
  69. /ip service set api address="" disabled=no port=8728;
  70. :delay 5s;
  71. :log warning "Setando o Interim Update";
  72. /ppp aaa set interim-update=1m use-radius=yes;
  73. :delay 5s;
  74. :log warning "Configuracoes setadas com sucesso";
  75. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!