Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # 2024-04-24 15:43:27 by RouterOS 7.12.1
- # software id = B10P-R5ZW
- #
- # model = RB4011iGS+
- # serial number = XXXXXX
- /interface bridge add name=bridge1 vlan-filtering=yes
- /interface vlan add interface=bridge1 name=vlan99 vlan-id=99
- /interface list add name=wan
- /interface list add name=lan
- /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
- /port set 0 name=serial0
- /port set 1 name=serial1
- /zerotier set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" disabled=yes disabled=yes name=zt1 port=9993
- /interface bridge port add bridge=bridge1 interface=sfp-sfpplus1
- /interface bridge port add bridge=bridge1 interface=ether1
- /interface bridge port add bridge=bridge1 interface=ether2
- /interface bridge port add bridge=bridge1 interface=ether3
- /interface bridge port add bridge=bridge1 interface=ether4
- /interface bridge port add bridge=bridge1 interface=ether5
- /interface bridge port add bridge=bridge1 interface=ether6
- /interface bridge port add bridge=bridge1 interface=ether7
- /interface bridge port add bridge=bridge1 interface=ether8
- /interface bridge port add bridge=bridge1 interface=ether9
- /ip neighbor discovery-settings set discover-interface-list=!dynamic
- /ip settings set max-neighbor-entries=6144
- /ipv6 settings set disable-ipv6=yes forward=no max-neighbor-entries=3072
- /interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=99
- /interface list member add interface=vlan99 list=wan
- /interface list member add interface=bridge1 list=lan
- /ip address add address=192.168.0.81/16 interface=bridge1 network=192.168.0.0
- /ip cloud set ddns-enabled=yes ddns-update-interval=5m
- /ip dns set servers=192.168.0.51
- /ip firewall filter add action=fasttrack-connection chain=input comment="accept established or related" connection-state=established,related hw-offload=yes
- /ip firewall filter add action=accept chain=input comment="accept established or related" connection-state=established,related
- /ip firewall filter add action=drop chain=input comment="drop invalid" connection-state=invalid
- /ip firewall filter add action=drop chain=input comment="drop input from outside the lan" in-interface-list=!lan
- /ip firewall filter add action=fasttrack-connection chain=forward comment="accept established or related" connection-state=established,related hw-offload=yes
- /ip firewall filter add action=accept chain=forward comment="accept established or related" connection-state=established,related
- /ip firewall filter add action=drop chain=forward comment="drop invalid" connection-state=invalid
- /ip firewall filter add action=drop chain=forward comment="drop forwards from outside the wan no dstnat" connection-nat-state=!dstnat connection-state=new in-interface-list=!lan
- /ip firewall nat add action=masquerade chain=srcnat out-interface-list=wan
- /ip service set telnet disabled=yes
- /ip service set ftp disabled=yes
- /ip service set www disabled=yes
- /ip service set ssh address=192.168.0.0/16
- /ip service set api address=192.168.0.0/16
- /ip service set winbox address=192.168.0.0/16
- /ip service set api-ssl disabled=yes
- /ip smb set allow-guests=no
- /ip smb shares set [ find default=yes ] disabled=yes
- /system identity set name=rb4011
- /system note set show-at-login=no
- /system ntp client set enabled=yes
- /system ntp server set enabled=yes
- /system ntp client servers add address=216.239.35.0
- /system ntp client servers add address=216.239.35.4
- /system ntp client servers add address=216.239.35.8
- /system ntp client servers add address=216.239.35.12
- /system routerboard settings set auto-upgrade=yes
- /tool mac-server set allowed-interface-list=none
- /tool mac-server mac-winbox set allowed-interface-list=lan
- /tool mac-server ping set enabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement