Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # 2024-04-24 15:38:45 by RouterOS 7.14.3
- # software id = B10P-R5ZW
- #
- # model = RB4011iGS+
- # serial number = XXXXXXXX
- /interface bridge
- add name=bridge1 vlan-filtering=yes
- /interface ethernet
- set [ find default-name=ether1 ] disabled=yes
- set [ find default-name=ether2 ] disabled=yes
- set [ find default-name=ether3 ] disabled=yes
- set [ find default-name=ether4 ] disabled=yes
- set [ find default-name=ether5 ] disabled=yes
- set [ find default-name=ether6 ] disabled=yes
- set [ find default-name=ether7 ] disabled=yes
- set [ find default-name=ether8 ] disabled=yes
- set [ find default-name=ether10 ] disabled=yes poe-out=off
- /interface vlan
- add interface=bridge1 name=vlan99 vlan-id=99
- /interface list
- add name=wan
- add name=lan
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /port
- set 0 name=serial0
- set 1 name=serial1
- /zerotier
- set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" disabled=yes disabled=yes name=zt1 port=9993
- /ip smb
- set enabled=no
- /interface bridge port
- add bridge=bridge1 interface=sfp-sfpplus1
- /ip neighbor discovery-settings
- set discover-interface-list=!dynamic
- /ipv6 settings
- set disable-ipv6=yes forward=no max-neighbor-entries=3072
- /interface bridge vlan
- add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=99
- /interface list member
- add interface=ether9 list=lan
- add interface=bridge1 list=lan
- add interface=vlan99 list=wan
- /ip address
- add address=192.168.0.81/16 comment=backdoor interface=ether9 network=192.168.0.0
- add address=192.168.0.1/16 interface=bridge1 network=192.168.0.0
- /ip cloud
- set ddns-enabled=yes ddns-update-interval=5m
- /ip dhcp-client
- add interface=vlan99 use-peer-dns=no use-peer-ntp=no
- /ip dns
- set servers=192.168.0.51
- /ip firewall filter
- add action=fasttrack-connection chain=input comment="accept established or related" connection-state=established,related hw-offload=yes
- add action=accept chain=input comment="accept established or related" connection-state=established,related
- add action=drop chain=input comment="drop invalid" connection-state=invalid
- add action=drop chain=input comment="drop input from outside the lan" in-interface-list=!lan
- add action=fasttrack-connection chain=forward comment="accept established or related" connection-state=established,related hw-offload=yes
- add action=accept chain=forward comment="accept established or related" connection-state=established,related
- add action=drop chain=forward comment="drop invalid" connection-state=invalid
- add action=drop chain=forward comment="drop forwards from outside the wan no dstnat" connection-nat-state=!dstnat connection-state=new in-interface-list=!lan
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface-list=wan
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh address=192.168.0.0/16
- set api address=192.168.0.0/16
- set winbox address=192.168.0.0/16
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=America/Chicago
- /system identity
- set name=rb4011
- /system note
- set show-at-login=no
- /system ntp client
- set enabled=yes
- /system ntp server
- set enabled=yes
- /system ntp client servers
- add address=216.239.35.0
- add address=216.239.35.4
- add address=216.239.35.8
- add address=216.239.35.12
- /system routerboard settings
- set auto-upgrade=yes
- /tool mac-server
- set allowed-interface-list=none
- /tool mac-server mac-winbox
- set allowed-interface-list=lan
- /tool mac-server ping
- set enabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement