API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 27th, 2018
187
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.67 KB | None | 0 0
raw download clone embed print report
  1. # sep/27/2018 20:30:35 by RouterOS 6.43.2
  2. # software id = 5JRT-44ZR
  3. #
  4. # model = RouterBOARD 941-2nD
  5. # serial number = 66160655EA0C
  6. /interface bridge
  7. add admin-mac=6C:3B:6B:X0:X0:X0 auto-mac=no fast-forward=no name=LAN
  8. add arp=proxy-arp fast-forward=no name=steam
  9. /interface wireless
  10. set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" disabled=no distance=indoors frequency=auto frequency-mode=superchannel mode=ap-bridge ssid=NET \
  11. wireless-protocol=802.11 wps-mode=disabled
  12. /interface ethernet
  13. set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  14. set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether2-master
  15. set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  16. set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  17. /interface pppoe-client
  18. add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 keepalive-timeout=60 name=pppoe-out1 password=AR7L6xUChm use-peer-dns=yes user=KH357549
  19. /interface l2tp-client
  20. add add-default-route=yes allow=mschap1,mschap2 connect-to=XXX disabled=no ipsec-secret=12345690 name=l2tp-out1 password=12345 use-ipsec=yes user=L2TP
  21. /interface eoip
  22. add allow-fast-path=no local-address=10.10.10.2 mac-address=02:2A:CE:FF:9F:F7 name=eoip-tunnel1 remote-address=10.10.10.1 tunnel-id=0
  23. /interface list
  24. add exclude=dynamic name=discover
  25. add name=mactel
  26. add name=mac-winbox
  27. add name=WAN
  28. /interface wireless security-profiles
  29. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=1L wpa2-pre-shared-key=\
  30. /ip pool
  31. add name=dhcp ranges=192.168.55.230-192.168.55.250
  32. /ip dhcp-server
  33. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=LAN name=defconf
  34. /interface bridge port
  35. add bridge=LAN interface=ether2-master
  36. add bridge=LAN interface=wlan1
  37. add bridge=LAN interface=ether3
  38. add bridge=LAN interface=ether4
  39. add bridge=steam interface=eoip-tunnel1
  40. /ip neighbor discovery-settings
  41. set discover-interface-list=all
  42. /interface list member
  43. add interface=ether2-master list=discover
  44. add interface=ether3 list=discover
  45. add interface=ether4 list=discover
  46. add interface=wlan1 list=discover
  47. add interface=LAN list=discover
  48. add interface=pppoe-out1 list=discover
  49. add interface=LAN list=mac-winbox
  50. add interface=pppoe-out1 list=WAN
  51. /ip address
  52. add address=192.168.55.1/24 interface=LAN network=192.168.55.0
  53. /ip dhcp-server network
  54. add address=192.168.55.0/24 comment=defconf gateway=192.168.55.1 netmask=24
  55. /ip dns
  56. set allow-remote-requests=yes servers=8.8.8.8
  57. /ip dns static
  58. add address=192.168.88.1 name=router
  59. /ip firewall filter
  60. add action=accept chain=input connection-state=established,related
  61. add action=accept chain=forward connection-state=established,related
  62. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  63. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  64. add action=accept chain=input protocol=icmp
  65. add action=add-src-to-address-list address-list=blacklist_final address-list-timeout=2w1d chain=input comment="fail2ban: stage3 to final" connection-state=new dst-port=\
  66. 22,8291 protocol=tcp src-address-list=blacklist_stage_3
  67. add action=add-src-to-address-list address-list=blacklist_stage_3 address-list-timeout=1m chain=input comment="fail2ban: stage2 to stage3" connection-state=new dst-port=\
  68. 22,8291 protocol=tcp src-address-list=blacklist_stage_2
  69. add action=add-src-to-address-list address-list=blacklist_stage_2 address-list-timeout=6h chain=input comment="fail2ban: stage1 to stage2" connection-state=new dst-port=\
  70. 22,8291 protocol=tcp src-address-list=blacklist_stage_1
  71. add action=add-src-to-address-list address-list=blacklist_stage_1 address-list-timeout=12h chain=input comment="fail2ban: stage1" connection-state=new dst-port=22,8291 \
  72. protocol=tcp
  73. add action=drop chain=input comment="fail2ban: drop brute forcers" dst-port=22,8291 protocol=tcp src-address-list=blacklist_final
  74. add action=drop chain=input in-interface-list=WAN
  75. /ip firewall nat
  76. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
  77. # no interface
  78. add action=masquerade chain=srcnat out-interface=*8
  79. /ip firewall service-port
  80. set ftp disabled=yes
  81. set tftp disabled=yes
  82. set irc disabled=yes
  83. /ip route
  84. add distance=1 dst-address=192.168.20.0/24 gateway=steam
  85. /ip service
  86. set telnet disabled=yes
  87. set ftp disabled=yes
  88. set www disabled=yes
  89. set ssh port=44211
  90. set api disabled=yes
  91. set api-ssl disabled=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!