Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Admin_Pro@Continent-Office] > export
- # sep/05/2018 22:21:10 by RouterOS 6.42.6
- # software id = 89XS-2N1H
- #
- # model = 2011iL
- # serial number = 8E7A08085F86
- /interface bridge
- add name=LAN
- /interface ethernet
- set [ find default-name=ether1 ] comment=WAN
- /interface pppoe-client
- add add-default-route=yes allow=mschap1,mschap2 default-route-distance=0 \
- disabled=no interface=ether1 name=RedCom password=XyF use-peer-dns=\
- yes user=
- /interface eoip
- add allow-fast-path=no arp=proxy-arp keepalive=3s local-address=10.1.1.7 \
- mac-address=02:3A:5F:C1:BA:38 name=eoip-tunnel1 remote-address=10.1.1.6 \
- tunnel-id=1
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip ipsec policy group
- add name=policy_group
- /ip pool
- add name=dhcp_pool1 ranges=192.168.15.200-192.168.15.254
- add name=L2TP ranges=10.1.1.1-10.1.1.10
- /ip dhcp-server
- add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
- /ppp profile
- add local-address=L2TP name=L2TP remote-address=L2TP
- /snmp community
- set [ find default=yes ] addresses=0.0.0.0/0
- /interface bridge port
- add bridge=LAN hw=no interface=ether2
- add bridge=LAN hw=no interface=ether3
- add bridge=LAN hw=no interface=ether4
- add bridge=LAN hw=no interface=ether5
- /interface l2tp-server server
- set authentication=mschap2 default-profile=L2TP enabled=yes ipsec-secret=\
- 12345690 use-ipsec=yes
- /ip address
- add address=192.168.15.1/24 interface=ether2 network=192.168.15.0
- add address=172.16.5.1/30 interface=GRE_TO_SKLAD network=172.16.5.0
- add address=172.16.6.1/30 interface=GRE_TO_OFFICE2 network=172.16.6.0
- add address=10.14.14.1/30 interface=eoip-tunnel1 network=10.14.14.0
- /ip dhcp-server network
- add address=192.168.15.0/24 gateway=192.168.15.1
- /ip dns
- set servers=8.8.8.8
- /ip dns static
- add address=192.168.88.1 name=router.lan
- /ip firewall filter
- add action=accept chain=input comment=DUDE port=161 protocol=udp
- add action=accept chain=input comment="accept establieshed,related" \
- connection-state=established,related
- add action=accept chain=forward comment="Forward accept established,related" \
- connection-state=established,related
- add action=drop chain=input comment="input invalid drop" connection-state=\
- invalid
- add action=drop chain=forward comment="drop invalid" connection-state=invalid
- add action=accept chain=input protocol=gre
- add action=accept chain=input dst-port=8291 protocol=tcp
- add action=accept chain=input dst-port=1723 protocol=tcp
- add action=accept chain=forward dst-port=5060,5061 protocol=udp
- add action=accept chain=input comment=PING protocol=icmp
- add action=accept chain=input comment=L2TP port=1701,500,4500 protocol=udp
- add action=accept chain=input protocol=ipsec-esp
- add action=accept chain=input connection-state=new dst-port=62123,8291 \
- protocol=tcp
- add action=add-src-to-address-list address-list=blacklist_final \
- address-list-timeout=2w1d chain=input comment="fail2ban: stage3 to final" \
- connection-state=new dst-port=6123,8291 protocol=tcp src-address-list=\
- blacklist_stage_3
- add action=add-src-to-address-list address-list=blacklist_stage_3 \
- address-list-timeout=1m chain=input comment="fail2ban: stage2 to stage3" \
- connection-state=new dst-port=6123,8291 protocol=tcp src-address-list=\
- blacklist_stage_2
- add action=add-src-to-address-list address-list=blacklist_stage_2 \
- address-list-timeout=6h chain=input comment="fail2ban: stage1 to stage2" \
- connection-state=new dst-port=6123,8291 protocol=tcp src-address-list=\
- blacklist_stage_1
- add action=add-src-to-address-list address-list=blacklist_stage_1 \
- address-list-timeout=12h chain=input comment="fail2ban: stage1" \
- connection-state=new dst-port=6123,8291 protocol=tcp
- add action=drop chain=input comment="fail2ban: drop brute forcers" dst-port=\
- 62123,8291 protocol=tcp src-address-list=blacklist_final
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=drop chain=input comment="drop all from WAN" in-interface=ether1
- add action=drop chain=input in-interface=RedCom
- /ip route
- add distance=1 dst-address=192.168.55.0/24 gateway=eoip-tunnel1
- add distance=1 dst-address=192.168.88.1/32 gateway=LAN
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set api-ssl disabled=yes
- /ip socks
- set enabled=yes port=4145
- /routing ospf network
- add area=backbone network=172.16.5.0/30
- add area=backbone network=192.168.15.0/24
- add area=backbone network=172.16.6.0/30
- /system clock
- set time-zone-name=Asia/Vladivostok
- /system identity
- set name=Continent-Office
- /system routerboard settings
- set silent-boot=no
Add Comment
Please, Sign In to add comment