API tools faq
paste
Advertisement
Guest User

Router Config

a guest
Mar 24th, 2019
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.82 KB | None | 0 0
raw download clone embed print report
  1. # mar/24/2019 13:48:11 by RouterOS 6.44
  2. # software id = IPVE-L3KJ
  3. #
  4. # model = RouterBOARD 750G r3
  5. # serial number = XXXXXXXXX
  6. /interface bridge
  7. add admin-mac=64:D1:54:BF:23:2D auto-mac=no comment=\
  8. "created from master port" name=bridge1
  9. /interface ethernet
  10. set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
  11. set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
  12. set [ find default-name=ether3 ] speed=100Mbps
  13. set [ find default-name=ether4 ] speed=100Mbps
  14. set [ find default-name=ether5 ] speed=100Mbps
  15. /interface vlan
  16. add interface=bridge1 name=vlan10 vlan-id=10
  17. add interface=bridge1 name=vlan20 vlan-id=20
  18. /interface list
  19. add exclude=dynamic name=discover
  20. add name=mactel
  21. add name=mac-winbox
  22. add name=WAN
  23. add name=LAN
  24. /ip firewall layer7-protocol
  25. add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
  26. \?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
  27. \05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
  28. .\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
  29. \?\t|\
  30. \n.\?.\?.\?.\?.\?.\?.\?.\?\
  31. \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
  32. \?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
  33. \?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
  34. .\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
  35. .\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
  36. \16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
  37. \?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
  38. \?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
  39. \1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
  40. \?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
  41. \?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
  42. .\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
  43. .\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
  44. .\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
  45. \?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
  46. \?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
  47. .\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
  48. \?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
  49. 7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
  50. \?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
  51. .\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
  52. \?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
  53. \?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
  54. .\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
  55. \?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
  56. .\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
  57. \?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
  58. .\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
  59. S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
  60. \?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
  61. .\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
  62. .\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
  63. .\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
  64. \?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
  65. .\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
  66. \?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
  67. .\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
  68. k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
  69. \?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
  70. .\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
  71. \?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
  72. u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
  73. \?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
  74. \?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
  75. \?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
  76. \?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
  77. \?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
  78. \85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
  79. .\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
  80. .\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
  81. \?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
  82. \?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
  83. \90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
  84. \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
  85. \?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
  86. \98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
  87. .\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
  88. .\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
  89. \?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
  90. \?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
  91. \A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
  92. \?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
  93. \?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
  94. \AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
  95. .\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
  96. .\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
  97. \?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
  98. \?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
  99. \B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
  100. \?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
  101. \?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
  102. \BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
  103. .\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
  104. .\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
  105. \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
  106. \?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
  107. \C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
  108. \?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
  109. \?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
  110. \D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
  111. .\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
  112. .\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
  113. \?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
  114. \?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
  115. \DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
  116. \?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
  117. \?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
  118. \E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
  119. .\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
  120. .\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
  121. \?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
  122. \?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
  123. \EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
  124. \?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
  125. \?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
  126. \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
  127. .\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
  128. .\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
  129. \?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
  130. add name=skypetoskype regexp="^..\02............."
  131. add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
  132. add name=CSGO regexp=TSource
  133. /ip hotspot profile
  134. set [ find default=yes ] html-directory=flash/hotspot
  135. /ip ipsec policy group
  136. add name=VPNout
  137. add name=azure
  138. /ip ipsec proposal
  139. set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc \
  140. lifetime=1d pfs-group=none
  141. /ip pool
  142. add name=dhcp ranges=172.16.1.50-172.16.1.254
  143. add name=vlan2 ranges=192.168.154.50-192.168.154.254
  144. add name=vlan1 ranges=192.168.89.50-192.168.89.254
  145. /ip dhcp-server
  146. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
  147. bridge1 lease-time=8h name=XerxesHome
  148. add address-pool=vlan2 disabled=no interface=vlan20 name=vlan2-vhosts
  149. add address-pool=vlan1 disabled=no interface=vlan10 name=vlan1
  150. /queue type
  151. set 0 pfifo-limit=75
  152. set 1 pfifo-limit=75
  153. set 8 mq-pfifo-limit=100
  154. /queue interface
  155. set ether2-master queue=ethernet-default
  156. set ether3 queue=ethernet-default
  157. set ether4 queue=ethernet-default
  158. set ether5 queue=ethernet-default
  159.  
  160. /interface bridge port
  161. add bridge=bridge1 interface=ether3
  162. add bridge=bridge1 interface=ether4
  163. add bridge=bridge1 interface=ether5
  164. add bridge=bridge1 interface=ether2-master learn=yes
  165. /interface detect-internet
  166. set detect-interface-list=all
  167. /interface list member
  168. add interface=bridge1 list=discover
  169. add interface=ether3 list=discover
  170. add interface=ether4 list=discover
  171. add interface=ether5 list=discover
  172. add interface=bridge1 list=mactel
  173. add interface=bridge1 list=mac-winbox
  174. add interface=ether1-gateway list=WAN
  175. add interface=bridge1 list=LAN
  176. /ip address
  177. add address=172.16.1.1/24 comment=defconf interface=bridge1 network=\
  178. 172.16.1.0
  179. add address=192.168.154.1/24 interface=vlan20 network=192.168.154.0
  180. add address=192.168.89.1/24 interface=vlan10 network=192.168.89.0
  181. /ip cloud
  182. set update-time=no
  183. /ip dhcp-client
  184. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
  185. ether1-gateway use-peer-dns=no use-peer-ntp=no
  186. /ip dhcp-server lease
  187. add address=172.16.1.3 client-id=1:78:8a:20:5c:75:31 comment="Unifi AP" \
  188. mac-address=78:8A:20:5C:75:31 server=XerxesHome
  189. add address=172.16.1.10 client-id=1:0:c:29:fb:23:c7 comment="Xerxes PI" \
  190. mac-address=00:0C:29:FB:23:C7 server=XerxesHome
  191. add address=172.16.1.25 client-id=1:0:c:29:dc:12:70 comment=\
  192. "Domain Controller" mac-address=00:0C:29:DC:12:70 server=XerxesHome
  193. add address=172.16.1.20 client-id=1:44:8a:5b:9d:87:ad comment=\
  194. "Xerxes Desktop" mac-address=44:8A:5B:9D:87:AD server=XerxesHome
  195. add address=172.16.1.19 client-id=1:74:d4:35:1d:61:ee comment="Dirty Server" \
  196. mac-address=74:D4:35:1D:61:EE server=XerxesHome
  197. add address=172.16.1.2 client-id=1:64:d1:54:26:22:22 comment="Xerxes Switch" \
  198. mac-address=64:D1:54:26:22:22 server=XerxesHome use-src-mac=yes
  199. add address=172.16.1.5 client-id=1:0:50:56:66:85:89 comment="ESXi Host" \
  200. mac-address=00:50:56:66:85:89 server=XerxesHome
  201. /ip dhcp-server network
  202. add address=172.16.1.0/24 comment=defconf dns-server=172.16.1.25 domain=\
  203. xerxessec.com gateway=172.16.1.1 netmask=24 ntp-server=129.6.15.28
  204. add address=192.168.89.0/24 dns-server=172.16.1.25 gateway=192.168.89.1 \
  205. netmask=24
  206. add address=192.168.154.0/24 dns-server=172.16.1.25 gateway=192.168.154.1 \
  207. netmask=24
  208. /ip dns
  209. set servers=1.1.1.1
  210. /ip dns static
  211. add address=192.168.88.1 name=router
  212. add address=45.63.19.10 name=vpn.xerxessec.com
  213. add address=81.198.87.240 name=cloud.mikrotik.com
  214. /ip firewall address-list
  215. REALLY BIG LIST LOL
  216. /ip firewall filter
  217. add action=accept chain=input connection-state=established,related,new \
  218. disabled=yes in-interface=ether1-gateway protocol=ipsec-esp
  219. add action=accept chain=input disabled=yes dst-port=500,4500,1701 \
  220. in-interface=ether1-gateway protocol=udp
  221. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  222. invalid
  223. add action=drop chain=input comment="TARPIT BLACKLIST" in-interface=\
  224. ether1-gateway log-prefix="Drop TCP Blacklist" protocol=tcp \
  225. src-address-list=blacklist
  226. add action=drop chain=input comment="Blacklist Drop" connection-state=new \
  227. in-interface=ether1-gateway log-prefix="Drop From Blacklist" \
  228. src-address-list=blacklist
  229. add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
  230. in-interface=ether1-gateway ipv4-options=timestamp log-prefix="Drop ICMP" \
  231. protocol=icmp src-address-type=""
  232. add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
  233. in-interface=ether1-gateway ipv4-options=strict-source-routing \
  234. log-prefix="Drop ICMP" protocol=icmp src-address-type=""
  235. add action=drop chain=input comment="DROP ICMP" dst-address-type="" \
  236. in-interface=ether1-gateway ipv4-options=router-alert log-prefix=\
  237. "Drop ICMP" protocol=icmp src-address-type=""
  238. add action=accept chain=input comment="RATE 1PPS ICMP" in-interface=\
  239. ether1-gateway limit=1,2:packet protocol=icmp
  240. add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
  241. in-interface=ether1-gateway log=yes log-prefix="Drop SYN,FIN TCP" \
  242. protocol=tcp src-address-type="" tcp-flags=fin,syn
  243. add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
  244. in-interface=ether1-gateway log=yes log-prefix="Drop SYN,RST TCP" \
  245. protocol=tcp src-address-type="" tcp-flags=syn,rst
  246. add action=drop chain=input comment="DROP BOGUS TCP" dst-address-type="" \
  247. in-interface=ether1-gateway log=yes log-prefix="Drop ALL FLAGS TCP" \
  248. protocol=tcp src-address-type="" tcp-flags=fin,syn,rst,ack,urg
  249. add action=accept chain=input comment="RATE 2PPS TCP RST RST" in-interface=\
  250. ether1-gateway limit=2,2:packet protocol=tcp tcp-flags=rst
  251. add action=drop chain=input comment="TARPIT DNS REQUESTS" dst-address-type="" \
  252. dst-port=53 in-interface=ether1-gateway log=yes log-prefix=DropDNS \
  253. protocol=tcp src-address-type=!local
  254. add action=drop chain=input comment="DROP DNS REQUESTS" dst-address-type="" \
  255. dst-port=53 in-interface=ether1-gateway log=yes log-prefix=DropDNS \
  256. protocol=udp src-address-type=!local
  257. add action=drop chain=input comment="DROP WINBOX FROM WAN" dst-port=8291 \
  258. in-interface=ether1-gateway log=yes log-prefix="DROP WINBOX" protocol=tcp
  259. add action=drop chain=input comment="DROP WINBOX FROM WAN" dst-port=8291 \
  260. in-interface=ether1-gateway log=yes log-prefix="DROP WINBOX" protocol=udp
  261. add action=accept chain=input comment="defconf: accept established,related" \
  262. connection-state=established,related
  263. add action=drop chain=input comment="defconf: drop all from WAN" \
  264. in-interface=ether1-gateway
  265. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  266. connection-mark=!VPN connection-state=established,related,untracked
  267. add action=accept chain=forward comment="defconf: accept established,related" \
  268. connection-mark=no-mark connection-state=established,related
  269. add action=drop chain=forward comment="defconf: drop invalid" \
  270. connection-state=invalid
  271. add action=drop chain=forward comment=\
  272. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  273. connection-state=new in-interface=ether1-gateway
  274. /ip firewall mangle
  275. add action=mark-routing chain=prerouting comment="Mark DNS" dst-port=53 \
  276. new-routing-mark=VPN passthrough=yes protocol=udp
  277. add action=mark-routing chain=prerouting comment="Mark DNS" dst-port=53 \
  278. new-routing-mark=VPN passthrough=yes protocol=tcp
  279. add action=mark-connection chain=postrouting comment=VPN connection-state="" \
  280. disabled=yes dst-port=1701,4500 new-connection-mark=IPSEC out-interface=\
  281. ether1-gateway passthrough=yes protocol=udp
  282. add action=mark-connection chain=postrouting comment=DNS connection-state="" \
  283. dst-port=53 new-connection-mark=VPN passthrough=yes protocol=udp
  284. add action=mark-connection chain=postrouting comment=DNS connection-state="" \
  285. dst-port=53 new-connection-mark=VPN passthrough=yes protocol=tcp
  286. add action=mark-connection chain=postrouting comment=Streaming \
  287. connection-state=new disabled=yes dst-port=1935 new-connection-mark=\
  288. streaming out-interface=ether1-gateway passthrough=yes protocol=tcp
  289. add action=mark-connection chain=postrouting comment=League disabled=yes \
  290. dst-port=5000-5500 new-connection-mark=gaming out-interface=\
  291. ether1-gateway passthrough=yes protocol=udp
  292. add action=mark-connection chain=postrouting comment=SC2 disabled=yes \
  293. dst-port=1119 new-connection-mark=gaming out-interface=ether1-gateway \
  294. passthrough=yes protocol=udp
  295. add action=mark-connection chain=postrouting comment=HotS disabled=yes \
  296. dst-port=1120,3724 new-connection-mark=gaming out-interface=\
  297. ether1-gateway passthrough=yes protocol=udp
  298. add action=mark-connection chain=postrouting comment="BW + HotS" disabled=yes \
  299. dst-port=6112-6113 new-connection-mark=gaming out-interface=\
  300. ether1-gateway passthrough=yes protocol=udp
  301. add action=mark-connection chain=postrouting comment="Valve Games" disabled=\
  302. yes dst-port=27000-27060 new-connection-mark=gaming out-interface=\
  303. ether1-gateway passthrough=yes protocol=udp
  304. add action=mark-connection chain=postrouting comment="Web Browsing" \
  305. connection-state=new disabled=yes dst-port=80,443 new-connection-mark=\
  306. http out-interface=ether1-gateway passthrough=yes protocol=tcp
  307. add action=mark-connection chain=postrouting comment="Web Browsing" \
  308. connection-state=new disabled=yes dst-port=80,443 new-connection-mark=\
  309. http out-interface=ether1-gateway passthrough=yes protocol=udp
  310. add action=mark-connection chain=postrouting comment=Misc-Fast \
  311. connection-state=new disabled=yes new-connection-mark=misc-fast \
  312. out-interface=ether1-gateway packet-size=40 passthrough=yes protocol=tcp \
  313. tcp-flags=ack
  314. add action=mark-packet chain=postrouting comment="QoS DNS" disabled=yes \
  315. dst-port=53 new-packet-mark=misc-fast passthrough=no protocol=tcp
  316. add action=mark-packet chain=postrouting comment="QoS DNS" disabled=yes \
  317. dst-port=53 new-packet-mark=misc-fast passthrough=no protocol=udp
  318. add action=mark-packet chain=postrouting comment=VPN connection-mark=VPN \
  319. disabled=yes new-packet-mark=VPN out-interface=ether1-gateway \
  320. passthrough=no
  321. add action=mark-packet chain=postrouting comment=Misc-Fast connection-mark=\
  322. misc-fast disabled=yes new-packet-mark=misc-fast out-interface=\
  323. ether1-gateway packet-size=40 passthrough=no protocol=tcp tcp-flags=ack
  324. add action=mark-packet chain=postrouting comment="Twitch Streaming" \
  325. connection-mark=streaming disabled=yes new-packet-mark=streaming \
  326. out-interface=ether1-gateway passthrough=no
  327. add action=mark-packet chain=postrouting comment="Web Browsing" \
  328. connection-mark=http disabled=yes new-packet-mark=http out-interface=\
  329. ether1-gateway passthrough=no
  330. add action=mark-packet chain=postrouting comment=CS disabled=yes \
  331. layer7-protocol=CSGO new-packet-mark=gaming out-interface=ether1-gateway \
  332. passthrough=no protocol=udp
  333. add action=mark-packet chain=postrouting comment=CS disabled=yes \
  334. layer7-protocol=CSGO new-packet-mark=gaming out-interface=ether1-gateway \
  335. passthrough=no protocol=udp
  336. add action=mark-packet chain=postrouting comment=CS disabled=yes \
  337. layer7-protocol=counterstrike-source new-packet-mark=gaming \
  338. out-interface=ether1-gateway passthrough=no protocol=udp
  339. add action=mark-packet chain=postrouting comment=Gaming connection-mark=\
  340. gaming disabled=yes new-packet-mark=gaming out-interface=ether1-gateway \
  341. passthrough=no
  342. add action=mark-packet chain=prerouting comment=\
  343. "Skype to Skype - UDP voice call " disabled=yes in-interface=\
  344. ether1-gateway layer7-protocol=skypetoskype new-packet-mark=\
  345. skype2skype_in passthrough=no protocol=udp
  346. add action=mark-packet chain=postrouting comment="Skype to Skype" disabled=\
  347. yes layer7-protocol=skypetoskype new-packet-mark=skype2skype_out \
  348. out-interface=ether1-gateway passthrough=no protocol=udp
  349. add action=mark-packet chain=prerouting comment=\
  350. "Skype to phone - UDP voice call " disabled=yes in-interface=\
  351. ether1-gateway layer7-protocol=skypeout new-packet-mark=skypeout_in \
  352. passthrough=no protocol=udp
  353. add action=mark-packet chain=postrouting comment="Skype Out" disabled=yes \
  354. layer7-protocol=skypeout new-packet-mark=skypeout_out out-interface=\
  355. ether1-gateway passthrough=no protocol=udp
  356. /ip firewall nat
  357. add action=masquerade chain=srcnat comment="defconf: masquerade" \
  358. out-interface=ether1-gateway
  359. add action=masquerade chain=srcnat comment="MASQ VPN" out-interface=all-ppp
  360. /ip ipsec policy
  361. set 0 group=VPNout
  362. /ip route
  363. add distance=1 gateway=l2tp-out1 routing-mark=VPN
  364. add distance=1 dst-address=45.63.19.10/32 gateway=ether1-gateway
  365. add distance=1 dst-address=172.16.0.0/24 gateway=l2tp-out1
  366. /ip route rule
  367. add action=lookup-only-in-table routing-mark=VPN src-address=0.0.0.0/0 table=\
  368. VPN
  369. /ip service
  370. set telnet disabled=yes
  371. set ftp disabled=yes
  372. set www disabled=yes
  373. set ssh disabled=yes
  374. set api disabled=yes
  375. set winbox address=192.168.0.0/16,10.0.0.0/8,172.16.0.0/16
  376. set api-ssl disabled=yes
  377. /ip smb
  378. set allow-guests=no
  379. /ip ssh
  380. set allow-none-crypto=yes
  381. /routing rip
  382. set distribute-default=if-installed redistribute-connected=yes
  383. /system clock
  384. set time-zone-autodetect=no time-zone-name=America/New_York
  385. /system identity
  386. set name=XerxesRouter
  387. /system ntp client
  388. set enabled=yes primary-ntp=129.6.15.28 server-dns-names=time.nist.gov
  389. /system resource irq rps
  390. set ether1-gateway disabled=no
  391. set ether3 disabled=no
  392. set ether4 disabled=no
  393. set ether5 disabled=no
  394. set ether2-master disabled=no
  395. /system scheduler
  396. add comment="Download dshield list" interval=3d name=DownloadDShieldList \
  397. on-event=Download_dshield policy=\
  398. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  399. jan/01/1970 start-time=09:21:29
  400. add comment="Apply dshield List" interval=3d name=InstallDShieldList \
  401. on-event=Replace_dshield policy=\
  402. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  403. jan/01/1970 start-time=09:26:29
  404. add comment="Download malc0de list" interval=3d name=Downloadmalc0deList \
  405. on-event=Download_malc0de policy=\
  406. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  407. jan/01/1970 start-time=09:21:29
  408. add comment="Apply malc0de List" interval=3d name=Installmalc0deList \
  409. on-event=Replace_malc0de policy=\
  410. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  411. jan/01/1970 start-time=09:26:29
  412. add comment="Download openbl list" interval=3d name=DownloadOpenBL_List \
  413. on-event=DownloadOpenBL policy=\
  414. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  415. jan/01/1970 start-time=09:01:29
  416. add comment="Apply openbl List" interval=3d name=InstallOpenBL_List on-event=\
  417. ReplaceOpenBL policy=\
  418. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  419. jan/01/1970 start-time=09:06:29
  420. add comment="Download spamnaus list" interval=3d name=DownloadSpamhausList \
  421. on-event=DownloadSpamhaus policy=\
  422. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  423. jan/01/1970 start-time=09:11:29
  424. add comment="Apply spamnaus List" interval=3d name=InstallSpamhausList \
  425. on-event=ReplaceSpamhaus policy=\
  426. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  427. jan/01/1970 start-time=09:16:29
  428. add comment="Daily Backup" interval=1d name=Daily-Backup on-event=\
  429. "system backup save name= Daily.BackupDojoRouter" policy=\
  430. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  431. dec/24/2016 start-time=08:59:00
  432. add comment="Upload Backup" disabled=yes interval=1d name="Upload Backup" \
  433. on-event="/tool fetch address=172.16.0.2 src-path=/Daily.BackupHxBx.backup\
  434. \_ user=HexBox password=rgp!40c dst-path=/ftp/DailyBackupHxBx.backup mode=\
  435. ftp upload=yes " policy=\
  436. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  437. dec/24/2016 start-time=09:00:30
  438. /system script
  439. add dont-require-permissions=no name=Download_dshield owner=admin policy=\
  440. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  441. \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
  442. \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
  443. \n"
  444. add dont-require-permissions=no name=Replace_dshield owner=admin policy=\
  445. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  446. \n/ip firewall address-list remove [find where comment=\"DShield\"]\r\
  447. \n/import file-name=dshield.rsc;\r\
  448. \n:log info \"Removed old dshield records and imported new list\";\r\
  449. \n"
  450. add dont-require-permissions=no name=Download_malc0de owner=admin policy=\
  451. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  452. \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
  453. \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
  454. \n"
  455. add dont-require-permissions=no name=Replace_malc0de owner=admin policy=\
  456. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  457. \n/ip firewall address-list remove [find where comment=\"malc0de\"]\r\
  458. \n/import file-name=malc0de.rsc;\r\
  459. \n:log info \"Removed old malc0de records and imported new list\";\r\
  460. \n"
  461. add dont-require-permissions=no name=DownloadOpenBL owner=admin policy=\
  462. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  463. \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
  464. \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
  465. \n"
  466. add dont-require-permissions=no name=ReplaceOpenBL owner=admin policy=\
  467. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  468. \n/ip firewall address-list remove [find where comment=\"OpenBL\"]\r\
  469. \n/import file-name=openbl.rsc;\r\
  470. \n:log info \"Removed old OpenBL records and imported new list\";\r\
  471. \n"
  472. add dont-require-permissions=no name=DownloadSpamhaus owner=admin policy=\
  473. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  474. \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
  475. \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
  476. \n"
  477. add dont-require-permissions=no name=ReplaceSpamhaus owner=admin policy=\
  478. ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\r\
  479. \n/ip firewall address-list remove [find where comment=\"SpamHaus\"]\r\
  480. \n/import file-name=spamhaus.rsc;\r\
  481. \n:log info \"Removed old Spamhaus records and imported new list\";\r\
  482. \n"
  483. add dont-require-permissions=no name=DailyBackup owner=admin policy=\
  484. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
  485. Daily-Backup
  486. /tool bandwidth-server
  487. set authenticate=no enabled=no
  488. /tool mac-server
  489. set allowed-interface-list=mactel
  490. /tool mac-server mac-winbox
  491. set allowed-interface-list=mac-winbox
  492. /tool sniffer
  493. set filter-ip-address=8.8.8.8/32
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!