API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 22nd, 2020
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.13 KB | None | 0 0
raw download clone embed print report
  1. :global USERVPN "inettelecom01"
  2. /export file=BACKUP_ANTES_DO_SGP
  3. :global PASSVPNUSER "LKJOPIFDUH4RB3TFYD2237"
  4. :global AUC "4812"
  5. :global ACC "4813"
  6. :global RADIUS "172.16.116.1"
  7. :global TOKENAQUI "f9e19483-a923-4518-90e9-47245eda096d"
  8. :global LINKDOSGP "https://inettelecom.sgp.net.br"
  9. :global IP "167.71.252.234"
  10. :global AVS "6408"
  11. :global BLQ "6409"
  12. /ip firewall address-list
  13. add address=$IP list=SITES-LIBERADOS
  14. add address=208.67.222.222 list=SITES-LIBERADOS
  15. add address=208.67.222.220 list=SITES-LIBERADOS
  16. add address=8.8.8.8 list=SITES-LIBERADOS
  17. add address=8.8.4.4 list=SITES-LIBERADOS
  18. add address=1.1.1.1 list=SITES-LIBERADOS
  19. add address=45.227.76.22 list=SITES-LIBERADOS
  20. add address=45.227.79.1 list=SITES-LIBERADOS
  21. add address=10.24.0.0/22 list=BLOQUEADOS
  22. /ip firewall filter
  23. add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
  24. /ip firewall filter
  25. add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
  26. address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
  27. /ip firewall nat
  28. add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
  29. dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
  30. add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
  31. BLOQUEADOS
  32. add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
  33. !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
  34. src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
  35. add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
  36. BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
  37. # Aviso bloqueio
  38. /ip firewall mangle
  39. add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
  40. action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
  41. add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
  42. action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
  43. /system scheduler
  44. add interval=1h name=sgp-aviso on-event=sgp-aviso policy=\
  45. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  46. may/29/2017 start-time=01:00:00
  47. /system script
  48. add name=sgp-aviso policy=\
  49. ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log info\
  50. \_\"sgp aviso\";\r\
  51. \n/file remove [find where name=sgp_aviso.rsc]\r\
  52. \n/tool fetch url=\"$LINKDOSGP/ws/mikrotik/aviso/pendencia/\?token=$TOKENAQUI&app=mikrotik\" dst-path=sgp_aviso.rsc;\r\
  53. \n:delay 30s\r\
  54. \nimport file-name=sgp_aviso.rsc;"
  55. /ip accounting set account-local-traffic=yes enabled=yes
  56. /system ntp client set enabled=yes primary-ntp=200.160.0.8
  57. /system clock set time-zone-name=America/Recife
  58. /radius incoming set accept=yes
  59. /ip service
  60. set api disabled=no port=3540
  61. set www disabled=no port=8008
  62. /user aaa set use-radius=yes
  63. /ppp aaa set interim-update=5m use-radius=yes
  64. /interface pppoe-server server set authentication=pap [ find where .id!=999]
  65. /interface pppoe-server server set one-session-per-host=no [find .id!=999]
  66. /tool graphing set page-refresh=300 store-every=5min
  67. /tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
  68. /tool graphing queue add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
  69. /tool graphing resource add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
  70. /snmp community add addresses=$RADIUS name=SGP-GRAPHICs
  71. /snmp set enabled=yes trap-community=SGP-GRAPHICs trap-version=2
  72. /system logging set 0 action=memory disabled=no prefix="" topics=info,!account
  73. /radius
  74. add comment="RADIUS SGP" secret=sgp@radius service=ppp,dhcp,login address=$RADIUS accounting-port=$ACC authentication-port=$AUC \
  75. timeout=00:00:03
  76. /user add name=SGP comment="USUARIO QUE O SERVIDOR SGP ACESSA A RB" group=full password=$PASSVPNUSER
  77.  
  78.  
  79. /interface pptp-client
  80. add connect-to=$IP user=$USERVPN password=$PASSVPNUSER profile=default-encryption name="VPN-SGP"\
  81. disabled=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!