Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # mar/24/2019 13:48:11 by RouterOS 6.44
- # software id = IPVE-L3KJ
- #
- # model = RouterBOARD 750G r3
- # serial number = XXXXXXXXX
- /interface bridge
- add admin-mac=64:D1:54:BF:23:2D auto-mac=no comment=\
- "created from master port" name=bridge1
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
- set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
- set [ find default-name=ether3 ] speed=100Mbps
- set [ find default-name=ether4 ] speed=100Mbps
- set [ find default-name=ether5 ] speed=100Mbps
- /interface vlan
- add interface=bridge1 name=vlan10 vlan-id=10
- add interface=bridge1 name=vlan20 vlan-id=20
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- add name=WAN
- add name=LAN
- /ip firewall layer7-protocol
- add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
- \?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
- \05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
- .\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
- \?\t|\
- \n.\?.\?.\?.\?.\?.\?.\?.\?\
- \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
- \?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
- \?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
- .\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
- .\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
- \16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
- \?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
- \?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
- \1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
- \?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
- \?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
- .\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
- .\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
- .\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
- \?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
- \?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
- .\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
- \?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
- 7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
- \?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
- .\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
- \?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
- \?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
- .\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
- \?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
- .\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
- \?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
- .\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
- S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
- \?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
- .\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
- .\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
- .\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
- \?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
- .\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
- \?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
- .\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
- k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
- \?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
- .\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
- \?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
- u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
- \?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
- \?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
- \?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
- \?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
- \?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
- \85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
- .\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
- .\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
- \?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
- \?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
- \90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
- \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
- \?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
- \98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
- .\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
- .\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
- \?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
- \?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
- \A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
- \?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
- \?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
- \AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
- .\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
- .\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
- \?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
- \?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
- \B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
- \?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
- \?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
- \BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
- .\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
- .\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
- \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
- \?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
- \C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
- \?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
- \?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
- \D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
- .\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
- .\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
- \?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
- \?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
- \DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
- \?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
- \?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
- \E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
- .\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
- .\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
- \?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
- \?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
- \EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
- \?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
- \?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
- \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
- .\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
- .\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
- \?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
- add name=skypetoskype regexp="^..\02............."
- add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
- add name=CSGO regexp=TSource
- /ip hotspot profile
- set [ find default=yes ] html-directory=flash/hotspot
- /ip ipsec policy group
- add name=VPNout
- add name=azure
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc \
- lifetime=1d pfs-group=none
- /ip pool
- add name=dhcp ranges=172.16.1.50-172.16.1.254
- add name=vlan2 ranges=192.168.154.50-192.168.154.254
- add name=vlan1 ranges=192.168.89.50-192.168.89.254
- /ip dhcp-server
- add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
- bridge1 lease-time=8h name=XerxesHome
- add address-pool=vlan2 disabled=no interface=vlan20 name=vlan2-vhosts
- add address-pool=vlan1 disabled=no interface=vlan10 name=vlan1
- /queue type
- set 0 pfifo-limit=75
- set 1 pfifo-limit=75
- set 8 mq-pfifo-limit=100
- /queue interface
- set ether2-master queue=ethernet-default
- set ether3 queue=ethernet-default
- set ether4 queue=ethernet-default
- set ether5 queue=ethernet-default
- /interface bridge port
- add bridge=bridge1 interface=ether3
- add bridge=bridge1 interface=ether4
- add bridge=bridge1 interface=ether5
- add bridge=bridge1 interface=ether2-master learn=yes
- /interface detect-internet
- set detect-interface-list=all
- /interface list member
- add interface=bridge1 list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=ether5 list=discover
- add interface=bridge1 list=mactel
- add interface=bridge1 list=mac-winbox
- add interface=ether1-gateway list=WAN
- add interface=bridge1 list=LAN
- /ip address
- add address=172.16.1.1/24 comment=defconf interface=bridge1 network=\
- 172.16.1.0
- add address=192.168.154.1/24 interface=vlan20 network=192.168.154.0
- add address=192.168.89.1/24 interface=vlan10 network=192.168.89.0
- /ip cloud
- set update-time=no
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
- ether1-gateway use-peer-dns=no use-peer-ntp=no
- /ip dhcp-server lease
- add address=172.16.1.3 client-id=1:78:8a:20:5c:75:31 comment="Unifi AP" \
- mac-address=78:8A:20:5C:75:31 server=XerxesHome
- add address=172.16.1.10 client-id=1:0:c:29:fb:23:c7 comment="Xerxes PI" \
- mac-address=00:0C:29:FB:23:C7 server=XerxesHome
- add address=172.16.1.25 client-id=1:0:c:29:dc:12:70 comment=\
- "Domain Controller" mac-address=00:0C:29:DC:12:70 server=XerxesHome
- add address=172.16.1.20 client-id=1:44:8a:5b:9d:87:ad comment=\
- "Xerxes Desktop" mac-address=44:8A:5B:9D:87:AD server=XerxesHome
- add address=172.16.1.19 client-id=1:74:d4:35:1d:61:ee comment="Dirty Server" \
- mac-address=74:D4:35:1D:61:EE server=XerxesHome
- add address=172.16.1.2 client-id=1:64:d1:54:26:22:22 comment="Xerxes Switch" \
- mac-address=64:D1:54:26:22:22 server=XerxesHome use-src-mac=yes
- add address=172.16.1.5 client-id=1:0:50:56:66:85:89 comment="ESXi Host" \
- mac-address=00:50:56:66:85:89 server=XerxesHome
- /ip dhcp-server network
- add address=172.16.1.0/24 comment=defconf dns-server=172.16.1.25 domain=\
- xerxessec.com gateway=172.16.1.1 netmask=24 ntp-server=129.6.15.28
- add address=192.168.89.0/24 dns-server=172.16.1.25 gateway=192.168.89.1 \
- netmask=24
- add address=192.168.154.0/24 dns-server=172.16.1.25 gateway=192.168.154.1 \
- netmask=24
- /ip dns
- set servers=1.1.1.1
- /ip dns static
- add address=192.168.88.1 name=router
- add address=45.63.19.10 name=vpn.xerxessec.com
- add address=81.198.87.240 name=cloud.mikrotik.com
- /ip firewall address-list
- REALLY BIG LIST LOL
- /ip firewall filter
- add action=accept chain=input connection-state=established,related,new \
- disabled=yes in-interface=ether1-gateway protocol=ipsec-esp
- add action=accept chain=input disabled=yes dst-port=500,4500,1701 \
- in-interface=ether1-gateway protocol=udp
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=input comment="TARPIT BLACKLIST" in-interface=\
- ether1-gateway log-prefix="Drop TCP Blacklist" protocol=tcp \
- src-address-list=blacklist
- add action=drop chain=input comment="Blacklist Drop" connection-state=new \
- in-interface=ether1-gateway log-prefix="Drop From Blacklist" \
- src-address-list=blacklist
- add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
- in-interface=ether1-gateway ipv4-options=timestamp log-prefix="Drop ICMP" \
- protocol=icmp src-address-type=""
- add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
- in-interface=ether1-gateway ipv4-options=strict-source-routing \
- log-prefix="Drop ICMP" protocol=icmp src-address-type=""
- add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
- in-interface=ether1-gateway ipv4-options=router-alert log-prefix=\
- "Drop ICMP" protocol=icmp src-address-type=""
- add action=accept chain=input comment="RATE 1PPS ICMP" in-interface=\
- ether1-gateway limit=1,2:packet protocol=icmp
- add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
- in-interface=ether1-gateway log=yes log-prefix="Drop SYN,FIN TCP" \
- protocol=tcp src-address-type="" tcp-flags=fin,syn
- add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
- in-interface=ether1-gateway log=yes log-prefix="Drop SYN,RST TCP" \
- protocol=tcp src-address-type="" tcp-flags=syn,rst
- add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
- in-interface=ether1-gateway log=yes log-prefix="Drop ALL FLAGS TCP" \
- protocol=tcp src-address-type="" tcp-flags=fin,syn,rst,ack,urg
- add action=accept chain=input comment="RATE 2PPS TCP RST RST" in-interface=\
- ether1-gateway limit=2,2:packet protocol=tcp tcp-flags=rst
- add action=drop chain=input comment="TARPIT DNS REQUESTS" dst-address-type="" \
- dst-port=53 in-interface=ether1-gateway log=yes log-prefix=DropDNS \
- protocol=tcp src-address-type=!local
- add action=drop chain=input comment="DROP DNS REQUESTS" dst-address-type="" \
- dst-port=53 in-interface=ether1-gateway log=yes log-prefix=DropDNS \
- protocol=udp src-address-type=!local
- add action=drop chain=input comment="DROP WINBOX FROM WAN" dst-port=8291 \
- in-interface=ether1-gateway log=yes log-prefix="DROP WINBOX" protocol=tcp
- add action=drop chain=input comment="DROP WINBOX FROM WAN" dst-port=8291 \
- in-interface=ether1-gateway log=yes log-prefix="DROP WINBOX" protocol=udp
- add action=accept chain=input comment="defconf: accept established,related" \
- connection-state=established,related
- add action=drop chain=input comment="defconf: drop all from WAN" \
- in-interface=ether1-gateway
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-mark=!VPN connection-state=established,related,untracked
- add action=accept chain=forward comment="defconf: accept established,related" \
- connection-mark=no-mark connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=ether1-gateway
- /ip firewall mangle
- add action=mark-routing chain=prerouting comment="Mark DNS" dst-port=53 \
- new-routing-mark=VPN passthrough=yes protocol=udp
- add action=mark-routing chain=prerouting comment="Mark DNS" dst-port=53 \
- new-routing-mark=VPN passthrough=yes protocol=tcp
- add action=mark-connection chain=postrouting comment=VPN connection-state="" \
- disabled=yes dst-port=1701,4500 new-connection-mark=IPSEC out-interface=\
- ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment=DNS connection-state="" \
- dst-port=53 new-connection-mark=VPN passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment=DNS connection-state="" \
- dst-port=53 new-connection-mark=VPN passthrough=yes protocol=tcp
- add action=mark-connection chain=postrouting comment=Streaming \
- connection-state=new disabled=yes dst-port=1935 new-connection-mark=\
- streaming out-interface=ether1-gateway passthrough=yes protocol=tcp
- add action=mark-connection chain=postrouting comment=League disabled=yes \
- dst-port=5000-5500 new-connection-mark=gaming out-interface=\
- ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment=SC2 disabled=yes \
- dst-port=1119 new-connection-mark=gaming out-interface=ether1-gateway \
- passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment=HotS disabled=yes \
- dst-port=1120,3724 new-connection-mark=gaming out-interface=\
- ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment="BW + HotS" disabled=yes \
- dst-port=6112-6113 new-connection-mark=gaming out-interface=\
- ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment="Valve Games" disabled=\
- yes dst-port=27000-27060 new-connection-mark=gaming out-interface=\
- ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment="Web Browsing" \
- connection-state=new disabled=yes dst-port=80,443 new-connection-mark=\
- http out-interface=ether1-gateway passthrough=yes protocol=tcp
- add action=mark-connection chain=postrouting comment="Web Browsing" \
- connection-state=new disabled=yes dst-port=80,443 new-connection-mark=\
- http out-interface=ether1-gateway passthrough=yes protocol=udp
- add action=mark-connection chain=postrouting comment=Misc-Fast \
- connection-state=new disabled=yes new-connection-mark=misc-fast \
- out-interface=ether1-gateway packet-size=40 passthrough=yes protocol=tcp \
- tcp-flags=ack
- add action=mark-packet chain=postrouting comment="QoS DNS" disabled=yes \
- dst-port=53 new-packet-mark=misc-fast passthrough=no protocol=tcp
- add action=mark-packet chain=postrouting comment="QoS DNS" disabled=yes \
- dst-port=53 new-packet-mark=misc-fast passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment=VPN connection-mark=VPN \
- disabled=yes new-packet-mark=VPN out-interface=ether1-gateway \
- passthrough=no
- add action=mark-packet chain=postrouting comment=Misc-Fast connection-mark=\
- misc-fast disabled=yes new-packet-mark=misc-fast out-interface=\
- ether1-gateway packet-size=40 passthrough=no protocol=tcp tcp-flags=ack
- add action=mark-packet chain=postrouting comment="Twitch Streaming" \
- connection-mark=streaming disabled=yes new-packet-mark=streaming \
- out-interface=ether1-gateway passthrough=no
- add action=mark-packet chain=postrouting comment="Web Browsing" \
- connection-mark=http disabled=yes new-packet-mark=http out-interface=\
- ether1-gateway passthrough=no
- add action=mark-packet chain=postrouting comment=CS disabled=yes \
- layer7-protocol=CSGO new-packet-mark=gaming out-interface=ether1-gateway \
- passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment=CS disabled=yes \
- layer7-protocol=CSGO new-packet-mark=gaming out-interface=ether1-gateway \
- passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment=CS disabled=yes \
- layer7-protocol=counterstrike-source new-packet-mark=gaming \
- out-interface=ether1-gateway passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment=Gaming connection-mark=\
- gaming disabled=yes new-packet-mark=gaming out-interface=ether1-gateway \
- passthrough=no
- add action=mark-packet chain=prerouting comment=\
- "Skype to Skype - UDP voice call " disabled=yes in-interface=\
- ether1-gateway layer7-protocol=skypetoskype new-packet-mark=\
- skype2skype_in passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment="Skype to Skype" disabled=\
- yes layer7-protocol=skypetoskype new-packet-mark=skype2skype_out \
- out-interface=ether1-gateway passthrough=no protocol=udp
- add action=mark-packet chain=prerouting comment=\
- "Skype to phone - UDP voice call " disabled=yes in-interface=\
- ether1-gateway layer7-protocol=skypeout new-packet-mark=skypeout_in \
- passthrough=no protocol=udp
- add action=mark-packet chain=postrouting comment="Skype Out" disabled=yes \
- layer7-protocol=skypeout new-packet-mark=skypeout_out out-interface=\
- ether1-gateway passthrough=no protocol=udp
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- out-interface=ether1-gateway
- add action=masquerade chain=srcnat comment="MASQ VPN" out-interface=all-ppp
- /ip ipsec policy
- set 0 group=VPNout
- /ip route
- add distance=1 gateway=l2tp-out1 routing-mark=VPN
- add distance=1 dst-address=45.63.19.10/32 gateway=ether1-gateway
- add distance=1 dst-address=172.16.0.0/24 gateway=l2tp-out1
- /ip route rule
- add action=lookup-only-in-table routing-mark=VPN src-address=0.0.0.0/0 table=\
- VPN
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set winbox address=192.168.0.0/16,10.0.0.0/8,172.16.0.0/16
- set api-ssl disabled=yes
- /ip smb
- set allow-guests=no
- /ip ssh
- set allow-none-crypto=yes
- /routing rip
- set distribute-default=if-installed redistribute-connected=yes
- /system clock
- set time-zone-autodetect=no time-zone-name=America/New_York
- /system identity
- set name=XerxesRouter
- /system ntp client
- set enabled=yes primary-ntp=129.6.15.28 server-dns-names=time.nist.gov
- /system resource irq rps
- set ether1-gateway disabled=no
- set ether3 disabled=no
- set ether4 disabled=no
- set ether5 disabled=no
- set ether2-master disabled=no
- /system scheduler
- add comment="Download dshield list" interval=3d name=DownloadDShieldList \
- on-event=Download_dshield policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:21:29
- add comment="Apply dshield List" interval=3d name=InstallDShieldList \
- on-event=Replace_dshield policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:26:29
- add comment="Download malc0de list" interval=3d name=Downloadmalc0deList \
- on-event=Download_malc0de policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:21:29
- add comment="Apply malc0de List" interval=3d name=Installmalc0deList \
- on-event=Replace_malc0de policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:26:29
- add comment="Download openbl list" interval=3d name=DownloadOpenBL_List \
- on-event=DownloadOpenBL policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:01:29
- add comment="Apply openbl List" interval=3d name=InstallOpenBL_List on-event=\
- ReplaceOpenBL policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:06:29
- add comment="Download spamnaus list" interval=3d name=DownloadSpamhausList \
- on-event=DownloadSpamhaus policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:11:29
- add comment="Apply spamnaus List" interval=3d name=InstallSpamhausList \
- on-event=ReplaceSpamhaus policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- jan/01/1970 start-time=09:16:29
- add comment="Daily Backup" interval=1d name=Daily-Backup on-event=\
- "system backup save name= Daily.BackupDojoRouter" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- dec/24/2016 start-time=08:59:00
- add comment="Upload Backup" disabled=yes interval=1d name="Upload Backup" \
- on-event="/tool fetch address=172.16.0.2 src-path=/Daily.BackupHxBx.backup\
- \_ user=HexBox password=rgp!40c dst-path=/ftp/DailyBackupHxBx.backup mode=\
- ftp upload=yes " policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- dec/24/2016 start-time=09:00:30
- /system script
- add dont-require-permissions=no name=Download_dshield owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
- \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
- \n"
- add dont-require-permissions=no name=Replace_dshield owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/ip firewall address-list remove [find where comment=\"DShield\"]\r\
- \n/import file-name=dshield.rsc;\r\
- \n:log info \"Removed old dshield records and imported new list\";\r\
- \n"
- add dont-require-permissions=no name=Download_malc0de owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
- \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
- \n"
- add dont-require-permissions=no name=Replace_malc0de owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/ip firewall address-list remove [find where comment=\"malc0de\"]\r\
- \n/import file-name=malc0de.rsc;\r\
- \n:log info \"Removed old malc0de records and imported new list\";\r\
- \n"
- add dont-require-permissions=no name=DownloadOpenBL owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
- \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
- \n"
- add dont-require-permissions=no name=ReplaceOpenBL owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/ip firewall address-list remove [find where comment=\"OpenBL\"]\r\
- \n/import file-name=openbl.rsc;\r\
- \n:log info \"Removed old OpenBL records and imported new list\";\r\
- \n"
- add dont-require-permissions=no name=DownloadSpamhaus owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
- \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
- \n"
- add dont-require-permissions=no name=ReplaceSpamhaus owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
- \n/ip firewall address-list remove [find where comment=\"SpamHaus\"]\r\
- \n/import file-name=spamhaus.rsc;\r\
- \n:log info \"Removed old Spamhaus records and imported new list\";\r\
- \n"
- add dont-require-permissions=no name=DailyBackup owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
- Daily-Backup
- /tool bandwidth-server
- set authenticate=no enabled=no
- /tool mac-server
- set allowed-interface-list=mactel
- /tool mac-server mac-winbox
- set allowed-interface-list=mac-winbox
- /tool sniffer
- set filter-ip-address=8.8.8.8/32
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement