SHARE
TWEET

Untitled

a guest Jan 22nd, 2020 116 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. :global USERVPN "inettelecom01"
  2. /export file=BACKUP_ANTES_DO_SGP
  3. :global PASSVPNUSER "LKJOPIFDUH4RB3TFYD2237"
  4. :global AUC "4812"
  5. :global ACC "4813"
  6. :global RADIUS "172.16.116.1"
  7. :global TOKENAQUI "f9e19483-a923-4518-90e9-47245eda096d"
  8. :global LINKDOSGP "https://inettelecom.sgp.net.br"
  9. :global IP "167.71.252.234"
  10. :global AVS "6408"
  11. :global BLQ "6409"
  12. /ip firewall address-list
  13. add address=$IP list=SITES-LIBERADOS
  14. add address=208.67.222.222 list=SITES-LIBERADOS
  15. add address=208.67.222.220 list=SITES-LIBERADOS
  16. add address=8.8.8.8 list=SITES-LIBERADOS
  17. add address=8.8.4.4 list=SITES-LIBERADOS
  18. add address=1.1.1.1 list=SITES-LIBERADOS
  19. add address=45.227.76.22 list=SITES-LIBERADOS
  20. add address=45.227.79.1 list=SITES-LIBERADOS
  21. add address=10.24.0.0/22 list=BLOQUEADOS
  22. /ip firewall filter
  23. add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
  24. /ip firewall filter
  25. add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
  26. address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
  27. /ip firewall nat
  28. add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
  29.     dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
  30. add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
  31.     BLOQUEADOS
  32. add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
  33.     !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
  34.     src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
  35. add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
  36.     BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
  37. # Aviso bloqueio
  38. /ip firewall mangle
  39. add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
  40. action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
  41. add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
  42. action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
  43. /system scheduler
  44. add interval=1h name=sgp-aviso on-event=sgp-aviso policy=\
  45.     ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  46.     may/29/2017 start-time=01:00:00
  47. /system script
  48. add name=sgp-aviso policy=\
  49.     ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log info\
  50.     \_\"sgp aviso\";\r\
  51.     \n/file remove [find where name=sgp_aviso.rsc]\r\
  52.     \n/tool fetch url=\"$LINKDOSGP/ws/mikrotik/aviso/pendencia/\?token=$TOKENAQUI&app=mikrotik\" dst-path=sgp_aviso.rsc;\r\
  53.     \n:delay 30s\r\
  54.     \nimport file-name=sgp_aviso.rsc;"
  55. /ip accounting set account-local-traffic=yes enabled=yes
  56. /system ntp client set enabled=yes primary-ntp=200.160.0.8
  57. /system clock set time-zone-name=America/Recife
  58. /radius incoming set accept=yes
  59. /ip service
  60. set api disabled=no port=3540
  61. set www disabled=no port=8008
  62. /user aaa set use-radius=yes
  63. /ppp aaa set interim-update=5m use-radius=yes
  64. /interface pppoe-server server set authentication=pap [ find where .id!=999]
  65. /interface pppoe-server server set one-session-per-host=no [find .id!=999]
  66. /tool graphing set page-refresh=300 store-every=5min
  67. /tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
  68. /tool graphing queue add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
  69. /tool graphing resource add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
  70. /snmp community add addresses=$RADIUS name=SGP-GRAPHICs
  71. /snmp set enabled=yes trap-community=SGP-GRAPHICs trap-version=2
  72. /system logging set 0 action=memory disabled=no prefix="" topics=info,!account
  73. /radius
  74. add comment="RADIUS SGP" secret=sgp@radius service=ppp,dhcp,login address=$RADIUS accounting-port=$ACC authentication-port=$AUC \
  75.     timeout=00:00:03
  76. /user add name=SGP comment="USUARIO QUE O SERVIDOR SGP ACESSA A RB" group=full password=$PASSVPNUSER
  77.  
  78.  
  79. /interface pptp-client
  80. add connect-to=$IP user=$USERVPN password=$PASSVPNUSER profile=default-encryption name="VPN-SGP"\
  81.     disabled=no
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top