Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nov/23/2016 14:23:28 by RouterOS 6.36
- # software id = UPA0-2NBC
- #
- /interface ethernet
- set [ find default-name=ether1 ] comment="Wan ISP1" name=ether1_wan_1
- set [ find default-name=ether3 ] advertise=\
- 100M-half,100M-full,1000M-half,1000M-full comment=Local name=ether2_lan
- set [ find default-name=ether2 ] comment="Wan ISP2" mtu=1492 name=ether3_wan_2
- /interface pppoe-client
- add add-default-route=yes default-route-distance=5 disabled=no interface=\
- ether3_wan_2 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out_wan_2 \
- password=2xaw692b user=v848446
- /ip neighbor discovery
- set pppoe-out_wan_2 discover=no
- /interface vlan
- add comment="Management device network" interface=ether2_lan name=\
- ManagementVlan2 vlan-id=2
- add comment="Restoran Dublin" interface=ether2_lan name=RestoranDublinVlan5 \
- vlan-id=5
- add comment="Restoran London" interface=ether2_lan name=RestoranLondonVlan6 \
- vlan-id=6
- add comment="Network of Servers" interface=ether2_lan name=ServersVlan3 \
- vlan-id=3
- add comment="Stage 1" interface=ether2_lan name=Stage1Vlan10 vlan-id=10
- add comment="Stage 2" interface=ether2_lan name=Stage2Vlan20 vlan-id=20
- add comment="Stage 3" interface=ether2_lan name=Stage3Vlan30 vlan-id=30
- add comment="Stage 4 " interface=ether2_lan name=Stage4Vlan40 vlan-id=40
- add comment="Personal " interface=ether2_lan name=Teh.PersonalVlan9 vlan-id=9
- add comment="Network VIP" interface=ether2_lan name=UnlimitedSpeedVlan7 \
- vlan-id=7
- add comment="Network Video" interface=ether2_lan name=VideoVlan4 vlan-id=4
- /ip neighbor discovery
- set ManagementVlan2 comment="Management device network"
- set RestoranDublinVlan5 comment="Restoran Dublin" discover=no
- set RestoranLondonVlan6 comment="Restoran London" discover=no
- set ServersVlan3 comment="Network of Servers"
- set Stage1Vlan10 comment="Stage 1" discover=no
- set Stage2Vlan20 comment="Stage 2" discover=no
- set Stage3Vlan30 comment="Stage 3" discover=no
- set Stage4Vlan40 comment="Stage 4 " discover=no
- set Teh.PersonalVlan9 comment="Personal "
- set UnlimitedSpeedVlan7 comment="Network VIP" discover=no
- set VideoVlan4 comment="Network Video" discover=no
- /interface list
- add name=Local
- add name=WAN
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=\
- aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
- /ip pool
- add name=poolVlan3 ranges=172.16.3.30-172.16.3.254
- add name=poolVlan9 ranges=172.16.9.30-172.16.9.254
- add name=poolVlan10 ranges=172.16.10.30-172.16.10.254
- add name=poolVan20 ranges=172.16.20.30-172.16.20.254
- add name=poolVlan30 ranges=172.16.30.30-172.16.30.254
- add name=poolVlan40 ranges=172.16.40.30-172.16.40.254
- add name=poolVlan2 ranges=172.16.1.30-172.16.1.254
- add name=poolVlan4 ranges=172.16.4.30-172.16.4.254
- add name=poolVlan5 ranges=172.16.5.30-172.16.5.254
- add name=poolVlan6 ranges=172.16.6.30-172.16.6.254
- add name=poolVlan7 ranges=172.16.7.30-172.16.7.254
- /ip dhcp-server
- add add-arp=yes address-pool=poolVlan2 authoritative=yes disabled=no interface=\
- ManagementVlan2 lease-time=1d name=ServerdhcpVlan2
- add add-arp=yes address-pool=poolVlan3 authoritative=yes disabled=no interface=\
- ServersVlan3 lease-time=1d name=ServerdhcpVlan3
- add add-arp=yes address-pool=poolVlan9 authoritative=yes disabled=no interface=\
- Teh.PersonalVlan9 lease-time=1d name=ServerdhcpVlan9
- add add-arp=yes address-pool=poolVlan10 authoritative=yes disabled=no \
- interface=Stage1Vlan10 lease-time=1d name=ServerdhcpVlan10
- add add-arp=yes address-pool=poolVlan40 authoritative=yes disabled=no \
- interface=Stage4Vlan40 lease-time=1d name=ServerdhcpVlan40
- add add-arp=yes address-pool=poolVlan30 authoritative=yes disabled=no \
- interface=Stage3Vlan30 lease-time=1d name=ServerdhcpVlan30
- add add-arp=yes address-pool=poolVan20 authoritative=yes disabled=no interface=\
- Stage2Vlan20 lease-time=1d name=ServerdhcpVlan20
- add add-arp=yes address-pool=poolVlan4 authoritative=yes disabled=no interface=\
- VideoVlan4 lease-time=1d name=ServerdhcpVlan4
- add add-arp=yes address-pool=poolVlan5 authoritative=yes disabled=no interface=\
- RestoranDublinVlan5 lease-time=1d name=ServerdhcpVlan5
- add add-arp=yes address-pool=poolVlan6 authoritative=yes disabled=no interface=\
- RestoranLondonVlan6 lease-time=1d name=ServerdhcpVlan6
- add add-arp=yes address-pool=poolVlan7 authoritative=yes disabled=no interface=\
- UnlimitedSpeedVlan7 lease-time=1d name=ServerdhcpVlan7
- /queue simple
- add comment="Unlimited speed personal" name="UpLoad\\downloadVlan9" target=\
- Teh.PersonalVlan9
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s stage 1" max-limit=20M/20M name=\
- "UpLoad\\downloadVlan10" target=Stage1Vlan10
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s stage 2" max-limit=20M/20M name=\
- "UpLoad\\downloadVlan20" target=Stage2Vlan20
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s stage 3" max-limit=20M/20M name=\
- "UpLoad\\downloadVlan30" target=Stage3Vlan30
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s stage 4" max-limit=20M/20M name=\
- "UpLoad\\downloadVlan40" target=Stage4Vlan40
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s restaraunt Dublin" max-limit=20M/20M name=\
- "Upload\\downloadVlan5" target=RestoranDublinVlan5
- add burst-threshold=20M/20M burst-time=30s/30s comment=\
- "Speed limit 20 Mbit/s restaraunt London" max-limit=20M/20M name=\
- "UpLoad\\downloadVlan6" target=RestoranLondonVlan6
- add burst-time=30s/30s comment="Unlimited VIP netwok" name=\
- "Upload\\download vlan7" target=UnlimitedSpeedVlan7
- add comment="Unlimited VideoNetwork " name=VideoNetwork target=VideoVlan4
- /queue interface
- set ether1_wan_1 queue=ethernet-default
- set ether2_lan queue=ethernet-default
- set ether3_wan_2 queue=ethernet-default
- /ip neighbor discovery
- set ether1_wan_1 comment="Wan ISP1" discover=no
- set ether2_lan comment=Local discover=no
- set ether3_wan_2 comment="Wan ISP2" discover=no
- /system logging action
- set 0 memory-lines=65000
- /interface list member
- add interface=ether2_lan list=Local
- add interface=ManagementVlan2 list=Local
- add interface=RestoranDublinVlan5 list=Local
- add interface=RestoranLondonVlan6 list=Local
- add interface=ServersVlan3 list=Local
- add interface=Stage1Vlan10 list=Local
- add interface=Stage2Vlan20 list=Local
- add interface=Stage3Vlan30 list=Local
- add interface=Stage4Vlan40 list=Local
- add interface=Teh.PersonalVlan9 list=Local
- add interface=UnlimitedSpeedVlan7 list=Local
- add interface=VideoVlan4 list=Local
- add interface=pppoe-out_wan_2 list=WAN
- add interface=ether3_wan_2 list=WAN
- add interface=ether1_wan_1 list=WAN
- /interface pptp-server server
- set enabled=yes
- /ip address
- add address=172.16.1.1/24 comment="Network Device Management" interface=\
- ManagementVlan2 network=172.16.1.0
- add address=172.16.9.1/24 comment=Personal interface=Teh.PersonalVlan9 network=\
- 172.16.9.0
- add address=172.16.10.1/24 comment="Stage 1" interface=Stage1Vlan10 network=\
- 172.16.10.0
- add address=172.16.20.1/24 comment="Stage 2" interface=Stage2Vlan20 network=\
- 172.16.20.0
- add address=172.16.30.1/24 comment="Stage 3" interface=Stage3Vlan30 network=\
- 172.16.30.0
- add address=172.16.40.1/24 comment="Stage 4" interface=Stage4Vlan40 network=\
- 172.16.40.0
- add address=172.16.3.1/24 comment="Server Network" interface=ServersVlan3 \
- network=172.16.3.0
- add address=172.16.4.1/24 comment="CCTV network" interface=VideoVlan4 network=\
- 172.16.4.0
- add address=172.16.5.1/24 comment="Restaurant Dublin" interface=\
- RestoranDublinVlan5 network=172.16.5.0
- add address=172.16.6.1/24 comment="Restaurant London" interface=\
- RestoranLondonVlan6 network=172.16.6.0
- add address=172.16.7.1/24 comment="Unlimited speed" interface=\
- UnlimitedSpeedVlan7 network=172.16.7.0
- add address=85.172.120.102/24 interface=ether1_wan_1 network=85.172.120.0
- /ip dhcp-server network
- add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1
- add address=172.16.3.0/24 dns-server=172.16.3.1,172.16.3.6 gateway=172.16.3.1
- add address=172.16.4.0/24 dns-server=172.16.4.1 gateway=172.16.4.1
- add address=172.16.5.0/24 dns-server=172.16.5.1 gateway=172.16.5.1
- add address=172.16.6.0/24 dns-server=172.16.6.1 gateway=172.16.6.1
- add address=172.16.7.0/24 dns-server=172.16.7.1 gateway=172.16.7.1
- add address=172.16.9.0/24 dns-server=172.16.9.1,172.16.3.6 gateway=172.16.9.1
- add address=172.16.10.0/24 dns-server=172.16.10.1 gateway=172.16.10.1
- add address=172.16.20.0/24 dns-server=172.16.20.1 gateway=172.16.20.1
- add address=172.16.30.0/24 dns-server=172.16.30.1 gateway=172.16.30.1
- add address=172.16.40.0/24 dns-server=172.16.40.1 gateway=172.16.40.1
- /ip dns
- set allow-remote-requests=yes servers=\
- 83.239.129.4,178.35.148.196,88.87.64.6,88.87.65.3,8.8.8.8
- /ip firewall address-list
- add address=83.239.129.4 list=dns
- add address=178.35.148.196 list=dns
- add address=88.87.64.6 list=dns
- add address=88.87.65.3 list=dns
- add address=8.8.8.8 list=dns
- /ip firewall filter
- add action=accept chain=forward comment=FTP dst-port=21 log-prefix="" protocol=\
- tcp
- add action=accept chain=input dst-port=53 log-prefix="" protocol=udp \
- src-address-list=dns
- add action=accept chain=forward connection-limit=40,32 log-prefix="" protocol=\
- udp src-address-list=torrent_limit
- add action=drop chain=input dst-port=53 in-interface=pppoe-out_wan_2 \
- log-prefix="" protocol=udp
- add action=drop chain=input comment="Dns " dst-port=53 in-interface=\
- ether1_wan_1 log-prefix="" protocol=udp
- add action=accept chain=input comment="Allow IKE" dst-port=500 log-prefix="" \
- protocol=udp
- add action=accept chain=input comment="Allow IPSec-esp" log-prefix="" protocol=\
- ipsec-esp
- add action=accept chain=input comment="Allow IPSec-ah" log-prefix="" protocol=\
- ipsec-ah
- add action=accept chain=input comment="Allow UDP" log-prefix="" protocol=udp
- add action=accept chain=input comment="Allow ping" log-prefix="" protocol=icmp
- add action=accept chain=forward comment=SSH dst-port=22 log-prefix="" protocol=\
- tcp
- add action=accept chain=input comment="PPTP VPN " dst-port=1723 log-prefix="" \
- protocol=tcp
- add action=accept chain=input comment=Winbox connection-state=new dst-port=8291 \
- log-prefix="" protocol=tcp
- add action=accept chain=input dst-port=7777 log-prefix="" protocol=tcp
- add action=accept chain=input comment=GRE log-prefix="" protocol=gre
- add action=accept chain=input comment="Filter rules firewall" connection-state=\
- established log-prefix=""
- add action=accept chain=input connection-state=related log-prefix=""
- add action=accept chain=forward comment="Forward rule" dst-port=3389 \
- log-prefix="" protocol=tcp
- add action=accept chain=forward comment=Video dst-port=88 log-prefix="" \
- protocol=tcp
- add action=accept chain=forward comment="IIS Server" dst-port=80 log-prefix="" \
- protocol=tcp
- add action=accept chain=forward dst-port=90 log-prefix="" protocol=tcp
- add action=accept chain=forward comment=Ping log-prefix="" protocol=icmp
- add action=accept chain=input comment="Allow from Local list" \
- in-interface-list=Local log-prefix=""
- add action=drop chain=input in-interface-list=WAN log-prefix=""
- add action=accept chain=forward comment="Allow ALL from Local LIST" \
- in-interface-list=Local log-prefix=""
- add action=accept chain=forward comment="Filter rules firewall" \
- connection-state=established log-prefix=""
- add action=accept chain=forward connection-state=related log-prefix=""
- add action=drop chain=forward log-prefix=""
- add action=drop chain=forward comment=invalid connection-state=invalid \
- log-prefix=""
- add action=drop chain=input connection-state=invalid log-prefix=""
- /ip firewall mangle
- add action=mark-connection chain=input connection-mark=no-mark in-interface=\
- ether1_wan_1 log-prefix="" new-connection-mark=input_wan_1 passthrough=no
- add action=mark-routing chain=output connection-mark=input_wan_1 log-prefix="" \
- new-routing-mark=WAN_1 passthrough=no
- add action=mark-connection chain=input connection-mark=no-mark in-interface=\
- pppoe-out_wan_2 log-prefix="" new-connection-mark=input_wan_2 passthrough=\
- no
- add action=mark-routing chain=output connection-mark=input_wan_2 log-prefix="" \
- new-routing-mark=WAN_2 passthrough=no
- /ip firewall nat
- add action=accept chain=srcnat comment="IpSec tunnel" dst-address=10.8.0.0/24 \
- log-prefix="" src-address=172.16.9.0/24
- add action=dst-nat chain=dstnat comment=Videonabl dst-port=88 in-interface=\
- pppoe-out_wan_2 log-prefix="" protocol=tcp to-addresses=172.16.4.2 \
- to-ports=34567
- add action=dst-nat chain=dstnat comment=Terminal dst-port=6984 in-interface=\
- ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=\
- 3389
- add action=dst-nat chain=dstnat dst-port=88 in-interface=ether1_wan_1 \
- log-prefix="" protocol=tcp to-addresses=172.16.4.2 to-ports=34567
- add action=masquerade chain=srcnat comment="Nat Rostekekom " log-prefix="" \
- out-interface=ether1_wan_1
- add action=dst-nat chain=dstnat dst-port=6984 in-interface=pppoe-out_wan_2 \
- log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=3389
- add action=masquerade chain=srcnat comment="Nat Dom.ru" log-prefix="" \
- out-interface=pppoe-out_wan_2
- add action=dst-nat chain=dstnat comment=Ftp dst-port=21 in-interface=\
- ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=21
- add action=dst-nat chain=dstnat comment=Apache dst-port=80 in-interface=\
- ether1_wan_1 log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=80
- add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out_wan_2 \
- log-prefix="" protocol=tcp to-addresses=172.16.3.6 to-ports=80
- add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out_wan_2 \
- log-prefix="" protocol=tcp to-addresses=172.16.3.7 to-ports=22
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes
- /ip ipsec peer
- add address=213.234.25.92/32 dh-group=modp1536 exchange-mode=main-l2tp \
- generate-policy=port-override passive=yes secret=HXXB4-XR9QR
- /ip route
- add check-gateway=ping distance=5 gateway=85.172.120.101 routing-mark=WAN_1
- add check-gateway=ping distance=5 gateway=pppoe-out_wan_2 routing-mark=WAN_2
- add check-gateway=ping distance=1 gateway=\
- "pppoe-out_wan_2,85.172.120.101@(unknown)"
- add check-gateway=arp distance=2 gateway=pppoe-out_wan_2
- add check-gateway=ping distance=10 gateway=85.172.120.101
- /ip route rule
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.1.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.4.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.9.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.9.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.4.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.1.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.9.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.4.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.1.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.1.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.4.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.9.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.40.0/24
- add action=unreachable dst-address=172.16.40.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.30.0/24
- add action=unreachable dst-address=172.16.30.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.9.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.5.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.4.0/24
- add action=unreachable dst-address=172.16.4.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.20.0/24 src-address=172.16.1.0/24
- add action=unreachable disabled=yes dst-address=172.16.10.0/24 src-address=\
- 172.16.9.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.20.0/24
- add action=unreachable dst-address=172.16.9.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.7.0/24
- add action=unreachable dst-address=172.16.7.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.10.0/24
- add action=unreachable dst-address=172.16.10.0/24 src-address=172.16.5.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.1.0/24
- add action=unreachable dst-address=172.16.1.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.3.0/24
- add action=unreachable dst-address=172.16.3.0/24 src-address=172.16.6.0/24
- add action=unreachable dst-address=172.16.6.0/24 src-address=172.16.4.0/24
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www address="178.236.242.166/32,172.16.9.0/24,172.16.3.0/24,213.234.25.92/32\
- ,85.172.120.102/32,93.94.221.180/32,213.234.25.174/32" port=89
- set ssh disabled=yes port=24
- set api disabled=yes
- set winbox address="172.16.9.0/24,172.16.3.0/24,93.94.221.180/32,213.234.25.92/3\
- 2,178.236.242.166/32,213.234.25.174/32" port=7777
- set api-ssl disabled=yes
- /ppp secret
- add comment="Admin network" local-address=172.16.9.1 name=Wizart password=\
- HXXB4-XR9QR remote-address=172.16.9.3 service=pptp
- add comment=Buhgalter local-address=172.16.9.1 name=Sayadyan password=\
- Gfhjkm1978 remote-address=172.16.9.9 service=pptp
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Moscow
- /system clock manual
- set time-zone=+03:00
- /system ntp client
- set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=88.147.254.235
- /system scheduler
- add interval=1w3d name="Reboot routers" on-event=" /system reboot" policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- aug/06/2016 start-time=05:00:00
- add interval=1w3d name="Backup settings" on-event=Backup_to_mail policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- aug/07/2016 start-time=06:00:10
- /system script
- add comment="Backup settings" name=Backup_to_mail owner=Wizart policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
- \n:log info \"Starting Backup Script...\";\r\
- \n:local sysname [/system identity get name];\r\
- \n:local sysver [/system package get system version];\r\
- \n:log info \"Flushing DNS cache...\";\r\
- \n/ip dns cache flush;\r\
- \n:delay 2;\r\
- \n:log info \"Deleting last Backups...\";\r\
- \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name] \
- \\\r\
- \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
- \n:delay 2;\r\
- \n:local smtpserv [:resolve \"smtp.gmail.com\"];\r\
- \n:local Eaccount \"igor.krivintsov@gmail.com\";\r\
- \n:local pass \"Gfhjkm1978\";\r\
- \n:local backupfile (\"\$sysname-backup-\" . \\\r\
- \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
- \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\")\
- ;\r\
- \n:log info \"Creating new Full Backup file...\";\r\
- \n/system backup save name=\$backupfile;\r\
- \n:delay 2;\r\
- \n:log info \"Sending Full Backup file via E-mail...\";\r\
- \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\
- \r\
- \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile \
- \\\r\
- \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\") \
- \\\r\
- \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version: \
- \\\r\
- \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \\\
- \r\
- \n[/system clock get date]);\r\
- \n:delay 5;\r\
- \n:local exportfile (\"\$sysname-backup-\" . \\\r\
- \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
- \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\r\
- \n:log info \"Creating new Setup Script file...\";\r\
- \n/export verbose file=\$exportfile;\r\
- \n:delay 2;\r\
- \n:log info \"Sending Setup Script file via E-mail...\";\r\
- \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \\\
- \r\
- \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile \
- \\\r\
- \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] . \
- \\\r\
- \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS \
- \\\r\
- \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] . \
- \" \\\r\
- \n\" . [/system clock get date]);\r\
- \n:delay 5;\r\
- \n:log info \"All System Backups emailed successfully.\\nBackuping completed\
- .\";\r\
- \n}"
- /tool graphing interface
- add
- /tool graphing queue
- add
- /tool graphing resource
- add
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=ServersVlan3
- add interface=Teh.PersonalVlan9
- /tool mac-server mac-winbox
- add interface=Teh.PersonalVlan9
- add interface=ServersVlan3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement