API tools faq
paste
Advertisement
smithy1208

Untitled

smithy1208
Mar 14th, 2021
351
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.11 KB | None | 0 0
raw download clone embed print report
  1. #| Welcome to RouterOS!
  2. #| 1) Set a strong router password in the System > Users menu
  3. #| 2) Upgrade the software in the System > Packages menu
  4. #| 3) Enable firewall on untrusted networks
  5. #| 4) Set your country name to observe wireless regulations
  6. #| -----------------------------------------------------------------------------
  7. #| RouterMode:
  8. #| * WAN port is protected by firewall and enabled DHCP client
  9. #| * Wireless and Ethernet interfaces (except WAN port/s)
  10. #| are part of LAN bridge
  11. #| LAN Configuration:
  12. #| IP address 192.168.88.1/24 is set on bridge (LAN port)
  13. #| DHCP Server: enabled;
  14. #| DNS: enabled;
  15. #| wlan1 Configuration:
  16. #| mode: ap-bridge;
  17. #| band: 2ghz-b/g/n;
  18. #| tx-chains: 0;1;
  19. #| rx-chains: 0;1;
  20. #| installation: indoor;
  21. #| wpa2: no;
  22. #| ht-extension: 20/40mhz-XX;
  23. #| wlan2 Configuration:
  24. #| mode: ap-bridge;
  25. #| band: 5ghz-a/n/ac;
  26. #| tx-chains: 0;1;
  27. #| rx-chains: 0;1;
  28. #| installation: indoor;
  29. #| wpa2: no;
  30. #| ht-extension: 20/40/80mhz-XXXX;
  31. #| WAN (gateway) Configuration:
  32. #| gateway: ether1 ;
  33. #| ip4 firewall: enabled;
  34. #| NAT: enabled;
  35. #| DHCP Client: enabled;
  36.  
  37. :global ssid;
  38. :global defconfMode;
  39. :log info "Starting defconf script";
  40. #-------------------------------------------------------------------------------
  41. # Apply configuration.
  42. # these commands are executed after installation or configuration reset
  43. #-------------------------------------------------------------------------------
  44. :if ($action = "apply") do={
  45. # wait for interfaces
  46. :local count 0;
  47. :while ([/interface ethernet find] = "") do={
  48. :if ($count = 30) do={
  49. :log warning "DefConf: Unable to find ethernet interfaces";
  50. /quit;
  51. }
  52. :delay 1s; :set count ($count +1);
  53. };
  54. :local count 0;
  55. :while ([/interface wireless print count-only] < 2) do={
  56. :set count ($count +1);
  57. :if ($count = 40) do={
  58. :log warning "DefConf: Unable to find wireless interface(s)";
  59. /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
  60. /quit
  61. }
  62. :delay 1s;
  63. };
  64. /interface list add name=WAN comment="defconf"
  65. /interface list add name=LAN comment="defconf"
  66. /interface bridge
  67. add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
  68. :local bMACIsSet 0;
  69. :foreach k in=[/interface find where !(slave=yes || name="ether1" || name~"bridge")] do={
  70. :local tmpPortName [/interface get $k name];
  71. :if ($bMACIsSet = 0) do={
  72. :if ([/interface get $k type] = "ether") do={
  73. /interface bridge set "bridge" auto-mac=no admin-mac=[/interface get $tmpPortName mac-address];
  74. :set bMACIsSet 1;
  75. }
  76. }
  77. :if (([/interface get $k type] != "ppp-out") && ([/interface get $k type] != "lte")) do={
  78. /interface bridge port
  79. add bridge=bridge interface=$tmpPortName comment=defconf;
  80. }
  81. }
  82. /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
  83. /ip dhcp-server
  84. add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
  85. /ip dhcp-server network
  86. add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
  87. /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
  88. /ip dns {
  89. set allow-remote-requests=yes
  90. static add name=router.lan address=192.168.88.1 comment=defconf
  91. }
  92.  
  93. /interface wireless {
  94. :local ifcId [/interface wireless find where default-name=wlan1]
  95. :local currentName [/interface wireless get $ifcId name]
  96. set $ifcId mode=ap-bridge band=2ghz-b/g/n disabled=no wireless-protocol=802.11 \
  97. distance=indoors installation=indoor
  98. set $ifcId channel-width=20/40mhz-XX;
  99. set $ifcId frequency=auto
  100. :local wlanMac [/interface wireless get $ifcId mac-address];
  101. :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
  102. set $ifcId ssid=$ssid
  103. }
  104. /interface wireless {
  105. :local ifcId [/interface wireless find where default-name=wlan2]
  106. :local currentName [/interface wireless get $ifcId name]
  107. set $ifcId mode=ap-bridge band=5ghz-a/n/ac disabled=no wireless-protocol=802.11 \
  108. distance=indoors installation=indoor
  109. set $ifcId channel-width=20/40/80mhz-XXXX;
  110. set $ifcId frequency=auto
  111. :local wlanMac [/interface wireless get $ifcId mac-address];
  112. :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
  113. set $ifcId ssid=$ssid
  114. }
  115. /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
  116. /interface list member add list=LAN interface=bridge comment="defconf"
  117. /interface list member add list=WAN interface=ether1 comment="defconf"
  118. /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
  119. /ip firewall {
  120. filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
  121. filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
  122. filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
  123. filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
  124. filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
  125. filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
  126. filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
  127. filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
  128. filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
  129. filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
  130. filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
  131. }
  132. /ip neighbor discovery-settings set discover-interface-list=LAN
  133. /tool mac-server set allowed-interface-list=LAN
  134. /tool mac-server mac-winbox set allowed-interface-list=LAN
  135. }
  136. #-------------------------------------------------------------------------------
  137. # Revert configuration.
  138. # these commands are executed if user requests to remove default configuration
  139. #-------------------------------------------------------------------------------
  140. :if ($action = "revert") do={
  141. /user set admin password=""
  142. /system routerboard mode-button set enabled=no
  143. /system routerboard mode-button set on-event=""
  144. /system script remove [find comment~"defconf"]
  145. /ip firewall filter remove [find comment~"defconf"]
  146. /ip firewall nat remove [find comment~"defconf"]
  147. /interface list member remove [find comment~"defconf"]
  148. /interface detect-internet set detect-interface-list=none
  149. /interface detect-internet set lan-interface-list=none
  150. /interface detect-internet set wan-interface-list=none
  151. /interface detect-internet set internet-interface-list=none
  152. /interface list remove [find comment~"defconf"]
  153. /tool mac-server set allowed-interface-list=all
  154. /tool mac-server mac-winbox set allowed-interface-list=all
  155. /ip neighbor discovery-settings set discover-interface-list=!dynamic
  156. :local o [/ip dhcp-server network find comment="defconf"]
  157. :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
  158. :local o [/ip dhcp-server find name="defconf" !disabled]
  159. :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
  160. /ip pool {
  161. :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
  162. :if ([:len $o] != 0) do={ remove $o }
  163. }
  164. :local o [/ip dhcp-client find comment="defconf"]
  165. :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
  166. /ip dns {
  167. set allow-remote-requests=no
  168. :local o [static find comment="defconf"]
  169. :if ([:len $o] != 0) do={ static remove $o }
  170. }
  171. /ip address {
  172. :local o [find comment="defconf"]
  173. :if ([:len $o] != 0) do={ remove $o }
  174. }
  175. :foreach iface in=[/interface ethernet find] do={
  176. /interface ethernet set $iface name=[get $iface default-name]
  177. }
  178. /interface bridge port remove [find comment="defconf"]
  179. /interface bridge remove [find comment="defconf"]
  180. /interface bonding remove [find comment="defconf"]
  181. /interface wireless cap set enabled=no interfaces="" caps-man-addresses=""
  182. /interface wireless reset-configuration wlan1
  183. /interface wireless reset-configuration wlan2
  184. /interface wireless security-profile set default mode=none\
  185. authentication-types="" disable-pmkid=no wpa2-pre-shared-key="" comment=""
  186. /caps-man manager set enabled=no
  187. /caps-man manager interface remove [find comment="defconf"]
  188. /caps-man manager interface set [ find default=yes ] forbid=no
  189. /caps-man provisioning remove [find comment="defconf"]
  190. /caps-man configuration remove [find comment="defconf"]
  191. }
  192. :log info Defconf_script_finished;
  193. :set defconfMode;
  194. :set ssid;
  195.  
  196. #-------------------------------------------------------------------------------
  197. # Note: script will not execute at all (will throw a syntax error) if
  198. # dhcp or wireless-fp packages are not installed
  199. #-------------------------------------------------------------------------------
  200.  
  201. #| CAP configuration
  202. #|
  203. #| Wireless interfaces are set to be managed by CAPsMAN.
  204. #| All ethernet interfaces and CAPsMAN managed interfaces are bridged.
  205. #| DHCP client is set on bridge interface.
  206.  
  207. # bridge port name
  208. :global brName "bridgeLocal";
  209. :global logPref "defconf:";
  210.  
  211.  
  212. :global action;
  213.  
  214. :log info $action
  215.  
  216. :if ($action = "apply") do={
  217.  
  218. # wait for ethernet interfaces
  219. :local count 0;
  220. :while ([/interface ethernet find] = "") do={
  221. :if ($count = 30) do={
  222. :log warning "DefConf: Unable to find ethernet interfaces";
  223. /quit;
  224. }
  225. :delay 1s; :set count ($count + 1);
  226. }
  227.  
  228. :local macSet 0;
  229. :local tmpMac "";
  230.  
  231. :foreach k in=[/interface ethernet find] do={
  232. # first ethernet is found; add bridge and set mac address of the ethernet port
  233. :if ($macSet = 0) do={
  234. :set tmpMac [/interface ethernet get $k mac-address];
  235. /interface bridge add name=$brName auto-mac=no admin-mac=$tmpMac comment="defconf";
  236. :set macSet 1;
  237. }
  238. # add bridge ports
  239. /interface bridge port add bridge=$brName interface=$k comment="defconf"
  240. }
  241.  
  242. # try to add dhcp client on bridge interface (may fail if already exist)
  243. :do {
  244. /ip dhcp-client add interface=$brName disabled=no comment="defconf"
  245. } on-error={ :log warning "$logPref unable to add dhcp client";}
  246.  
  247.  
  248. # try to configure caps (may fail if for example specified interfaces are missing)
  249. :local interfacesList "";
  250. :local bFirst 1;
  251.  
  252. # wait for wireless interfaces
  253. :while ([/interface wireless find] = "") do={
  254. :if ($count = 30) do={
  255. :log warning "DefConf: Unable to find wireless interfaces";
  256. /quit;
  257. }
  258. :delay 1s; :set count ($count + 1);
  259. }
  260.  
  261. # delay just to make sure that all wireless interfaces are loaded
  262. :delay 5s;
  263. :foreach i in=[/interface wireless find] do={
  264. if ($bFirst = 1) do={
  265. :set interfacesList [/interface wireless get $i name];
  266. :set bFirst 0;
  267. } else={
  268. :set interfacesList "$interfacesList,$[/interface wireless get $i name]";
  269. }
  270. }
  271. :do {
  272. /interface wireless cap
  273. set enabled=yes interfaces=$interfacesList discovery-interfaces=$brName bridge=$brName
  274. } on-error={ :log warning "$logPref unable to configure caps";}
  275.  
  276. }
  277.  
  278. :if ($action = "revert") do={
  279. :do {
  280. /interface wireless cap
  281. set enabled=no interfaces="" discovery-interfaces="" bridge=none
  282. } on-error={ :log warning "$logPref unable to unset caps";}
  283.  
  284. :local o [/ip dhcp-client find comment="defconf"]
  285. :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
  286.  
  287. /interface bridge port remove [find comment="defconf"]
  288. /interface bridge remove [find comment="defconf"]
  289.  
  290. }
  291.  
  292.  
  293.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!