API tools faq
paste
Advertisement
Alex2k16

Mikrotik config

Alex2k16
Mar 15th, 2019
350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.44 KB | None | 0 0
raw download clone embed print report
  1. # mar/15/2019 10:01:33 by RouterOS 6.44.1
  2. # software id =
  3. #
  4. # model = RB4011iGS+5HacQ2HnD
  5. # serial number =
  6. /interface bridge
  7. add name=br1-lan
  8. add arp=reply-only name=br2-guest
  9. /interface ethernet
  10. set [ find default-name=ether1 ] comment=Wan name=eth1-wan
  11. set [ find default-name=ether2 ] comment="Main PC" name=eth2
  12. set [ find default-name=ether3 ] comment=Server name=eth3
  13. set [ find default-name=ether4 ] name=eth4
  14. set [ find default-name=ether5 ] name=eth5
  15. set [ find default-name=ether6 ] name=eth6
  16. set [ find default-name=ether7 ] comment=\
  17. "\C3\EE\F1\F2\E8\ED\ED\E0\FF \F2\E5\EB\E5\E2\E8\E7\EE\F0" name=eth7
  18. set [ find default-name=ether8 ] name=eth8
  19. set [ find default-name=ether9 ] comment="Raspberry PI" name=eth9
  20. set [ find default-name=ether10 ] comment=Vera name=eth10
  21. set [ find default-name=sfp-sfpplus1 ] disabled=yes
  22. /interface pppoe-client
  23. add add-default-route=yes disabled=no interface=eth1-wan keepalive-timeout=60 \
  24. name=Rostelekom password=*** use-peer-dns=yes user=***
  25. /interface 6to4
  26. add comment="Hurricane Electric IPv6 Tunnel Broker" !keepalive local-address=\
  27. xx.xx.xx.xx mtu=1280 name=sit1 remote-address=216.66.86.122
  28. /interface ovpn-client
  29. add add-default-route=yes certificate=MikrotikOpenVPNClientCert connect-to=\
  30. xx.xx.xx.xx mac-address=XX:XX:XX:XX:XX:XX name=External_OVPN port=xxxx \
  31. user=xxxxx
  32. /interface wireless security-profiles
  33. set [ find default=yes ] supplicant-identity=MikroTik
  34. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  35. allowed mode=dynamic-keys name=wpa_wifi supplicant-identity="" \
  36. wpa2-pre-shared-key=xxx
  37. add authentication-types=wpa2-psk eap-methods="" management-protection=\
  38. allowed mode=dynamic-keys name=wpa_guest supplicant-identity="" \
  39. wpa2-pre-shared-key=xxx
  40. /interface wireless
  41. set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
  42. default-authentication=no disabled=no frequency=2437 hide-ssid=yes mode=\
  43. ap-bridge name=wlan1 security-profile=wpa_wifi ssid="xxx" \
  44. tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
  45. set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
  46. 20/40/80/160mhz-eeeeeCee country=russia default-authentication=no \
  47. disabled=no frequency=5745 frequency-mode=superchannel hide-ssid=yes \
  48. mode=ap-bridge name=wlan2 security-profile=wpa_wifi ssid="xxx" \
  49. tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
  50. add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=\
  51. XX:XX:XX:XX:XX:XX master-interface=wlan1 multicast-buffering=disabled \
  52. name=guest_wlan24 security-profile=wpa_guest ssid="xxx" \
  53. wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
  54. add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=\
  55. XX:XX:XX:XX:XX:XX master-interface=wlan2 multicast-buffering=disabled \
  56. name=guest_wlan50 security-profile=wpa_guest ssid="xxx" \
  57. wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
  58. /ip kid-control
  59. add disabled=yes fri=0s-9h,19h-1d mon=0s-9h,19h-1d name="Yandex Station" sat=\
  60. 0s-1d sun=0s-1d thu=0s-9h,19h-1d tue=0s-9h,19h-1d wed=0s-9h,19h-1d
  61. /ip pool
  62. add name=dhcp ranges=192.168.1.2-192.168.1.254
  63. add name=pool_guest ranges=192.168.254.2-192.168.254.254
  64. add name=vpn_pool ranges=10.0.8.2-10.0.8.254
  65. /ip dhcp-server
  66. add address-pool=dhcp disabled=no interface=br1-lan lease-time=3h name=\
  67. dhcp_lan
  68. add add-arp=yes address-pool=pool_guest disabled=no interface=br2-guest name=\
  69. dhcp_guest
  70. /ppp profile
  71. add local-address=10.0.8.1 name=openvpn remote-address=vpn_pool
  72. /queue simple
  73. add burst-limit=50M/50M burst-threshold=8M/8M burst-time=10s/10s max-limit=\
  74. 10M/10M name=guest_shaper target=br2-guest
  75. /system logging action
  76. set 3 remote=192.168.1.xxx
  77. /interface bridge port
  78. add bridge=br1-lan interface=eth2
  79. add bridge=br1-lan interface=eth3
  80. add bridge=br1-lan interface=eth4
  81. add bridge=br1-lan interface=eth5
  82. add bridge=br1-lan interface=eth6
  83. add bridge=br1-lan interface=eth7
  84. add bridge=br1-lan interface=eth8
  85. add bridge=br1-lan interface=eth9
  86. add bridge=br1-lan interface=eth10
  87. add bridge=br1-lan interface=wlan1
  88. add bridge=br1-lan interface=wlan2
  89. add bridge=br2-guest interface=guest_wlan24
  90. add bridge=br2-guest interface=guest_wlan50
  91. /interface ovpn-server server
  92. set certificate=MikrotikOpenVPNServer cipher=blowfish128,aes128,aes192,aes256 \
  93. default-profile=openvpn enabled=yes mode=ethernet port=xxxx
  94. /interface wireless access-list
  95. add comment="\CD\EE\F3\F2\E1\F3\EA \CC\E0\F0\E8\ED\FB" mac-address=\
  96. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  97. add comment="Galaxy Note 3" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  98. add comment="Galaxy S III" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  99. add comment="Samsung Tab S" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  100. add comment="Megafon \F2\E5\EB\E5\F4\EE\ED" disabled=yes mac-address=\
  101. XX:XX:XX:XX:XX:XX time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
  102. add comment="\CC\EE\E9 \F1\F2\E0\F0\FB\E9 Notebook" mac-address=\
  103. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  104. add comment="\CC\E0\EC\E8\ED \F2\E5\EB\E5\F4\EE\ED" mac-address=\
  105. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  106. add comment="\C1\E0\E1\F3\F8\EA\E8\ED \F2\E5\EB\E5\E2\E8\E7\EE\F0" \
  107. mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  108. add comment="Samsung XCover" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  109. add comment="Galaxy S8+" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  110. add comment="Gear S2" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  111. add authentication=no comment="\C1\EB\EE\EA" forwarding=no mac-address=\
  112. XX:XX:XX:XX:XX:XX
  113. add comment="Digma 7543" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  114. add comment="Galaxy A5" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  115. add comment="Huawei M5" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  116. add comment="Yandex Station" mac-address=XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  117. add authentication=no comment="\C1\EB\EE\EA" forwarding=no mac-address=\
  118. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  119. add authentication=no comment="\C1\EB\EE\EA" forwarding=no mac-address=\
  120. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  121. add authentication=no comment="\C1\EB\EE\EA" forwarding=no mac-address=\
  122. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  123. add authentication=no comment="\C1\EB\EE\EA" forwarding=no mac-address=\
  124. XX:XX:XX:XX:XX:XX vlan-mode=no-tag
  125. /ip address
  126. add address=192.168.1.1/24 interface=br1-lan network=192.168.1.0
  127. add address=192.168.254.1/24 interface=br2-guest network=192.168.254.0
  128. /ip dhcp-server lease
  129. add address=192.168.1.xxx comment="Main PC" mac-address=XX:XX:XX:XX:XX:XX
  130. add address=192.168.1.xxx comment=Server mac-address=XX:XX:XX:XX:XX:XX
  131. add address=192.168.1.xxx comment="Vera Light" mac-address=XX:XX:XX:XX:XX:XX
  132. add address=192.168.1.xxx comment="LG Plasma" mac-address=XX:XX:XX:XX:XX:XX
  133. add address=192.168.1.xxx comment=HTPC mac-address=XX:XX:XX:XX:XX:XX
  134. add address=192.168.1.xxx comment=Iconbit mac-address=XX:XX:XX:XX:XX:XX
  135. add address=192.168.1.xxx always-broadcast=yes client-id=1:XX:XX:XX:XX:XX:XX \
  136. comment="Galaxy Note 3" mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  137. add address=192.168.1.xxx always-broadcast=yes client-id=1:XX:XX:XX:XX:XX:XX \
  138. comment="\CD\EE\F3\F2\E1\F3\EA \CC\E0\F0\E8\ED\FB" mac-address=\
  139. XX:XX:XX:XX:XX:XX server=dhcp_lan
  140. add address=192.168.1.xxx client-id=1:XX:XX:XX:XX:XX:XX comment="Galaxy Tab S" \
  141. disabled=yes mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  142. add address=192.168.1.xxx comment="Galaxy S8+" mac-address=XX:XX:XX:XX:XX:XX \
  143. server=dhcp_lan
  144. add address=192.168.1.xxx client-id=1:XX:XX:XX:XX:XX:XX comment="Gear S2" \
  145. mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  146. add address=192.168.1.xxx client-id=1:XX:XX:XX:XX:XX:XX comment=\
  147. "Galaxy SCover" mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  148. add address=192.168.1.xxx comment="Huawei M5" mac-address=XX:XX:XX:XX:XX:XX
  149. add address=192.168.1.xxx client-id=1:XX:XX:XX:XX:XX:XX comment=\
  150. "Yandex Station" mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  151. add address=192.168.1.xxx client-id=1:XX:XX:XX:XX:XX:XX comment="Raspbery PI" \
  152. disabled=yes mac-address=XX:XX:XX:XX:XX:XX server=dhcp_lan
  153. add address=192.168.1.xxx comment="Raspbery PI" mac-address=XX:XX:XX:XX:XX:XX \
  154. server=dhcp_lan
  155. /ip dhcp-server network
  156. add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
  157. netmask=24 ntp-server=192.168.1.1
  158. add address=192.168.254.0/24 dns-server=8.8.8.8 gateway=192.168.254.1 \
  159. netmask=24
  160. /ip dns
  161. set allow-remote-requests=yes servers=192.168.1.xxx
  162. /ip dns static
  163. /ip firewall address-list
  164. add address=ident.me list=Route_To_OVPN -- подобных записей, штук 60
  165. add address=101.198.186.223 list=External_Black_List -- таких записей, штук 300
  166. /ip firewall filter
  167. add action=accept chain=input comment="Open VPN Server Mikrotik" dst-port=\
  168. xxxx in-interface=Rostelekom protocol=tcp src-address-list=\
  169. !External_Black_List
  170. add action=accept chain=forward comment="Web Server" dst-port=80,443 \
  171. in-interface=Rostelekom protocol=tcp src-port=""
  172. add action=accept chain=forward comment=Torrents dst-port=xxxx-xxxx \
  173. in-interface=Rostelekom protocol=tcp
  174. add action=accept chain=forward dst-port=xxxx-xxxx in-interface=Rostelekom \
  175. protocol=udp
  176. add action=accept chain=forward comment=FTP dst-port=990,xxxx-xxxx \
  177. in-interface=Rostelekom protocol=tcp src-address-list=\
  178. !External_Black_List
  179. add action=accept chain=forward comment="SVN Server" dst-port=xxxx \
  180. in-interface=Rostelekom protocol=tcp src-address-list=\
  181. !External_Black_List
  182. add action=accept chain=forward comment="SSH To Raspberry With Pork Knock" \
  183. dst-port=xxxx in-interface=Rostelekom protocol=tcp src-address-list=\
  184. Services_White_List
  185. add action=accept chain=input comment=\
  186. "\C4\EE\F1\F2\F3\EF \EA \F0\EE\F3\F2\E5\F0\F3 With Pork Knock" dst-port=\
  187. 8728,8291,22 in-interface=Rostelekom protocol=tcp src-address-list=\
  188. Services_White_List src-port=""
  189. add action=accept chain=forward comment="RDP With Port Knock" dst-port=3389 \
  190. in-interface=Rostelekom protocol=tcp src-address-list=Services_White_List
  191. add action=add-src-to-address-list address-list=ICMP_stage1 \
  192. address-list-timeout=5s chain=input comment="Port Knock for Services #1" \
  193. in-interface=Rostelekom packet-size=xxxx protocol=icmp
  194. add action=add-src-to-address-list address-list=ICMP_stage2 \
  195. address-list-timeout=5s chain=input comment="Port Knock for Services #2" \
  196. in-interface=Rostelekom packet-size=xxxx protocol=icmp src-address-list=\
  197. ICMP_stage1
  198. add action=add-src-to-address-list address-list=ICMP_stage3 \
  199. address-list-timeout=5s chain=input comment="Port Knock for Services #3" \
  200. in-interface=Rostelekom packet-size=xxxx protocol=icmp src-address-list=\
  201. ICMP_stage2
  202. add action=add-src-to-address-list address-list=Services_White_List \
  203. address-list-timeout=1m chain=input comment="Port Knock for Services #4" \
  204. in-interface=Rostelekom packet-size=xxxx protocol=icmp src-address-list=\
  205. ICMP_stage3
  206. add action=accept chain=input comment="6to4 Tonnel" protocol=ipv6-encap
  207. add action=accept chain=output protocol=ipv6-encap
  208. add action=accept chain=input comment=\
  209. "\D0\E0\E7\F0\E5\F8\E0\E5\EC \EF\E8\ED\E3\E8" protocol=icmp
  210. add action=accept chain=forward protocol=icmp
  211. add action=accept chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F3\F1\F2\
  212. \E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF" \
  213. connection-state=established
  214. add action=accept chain=forward connection-state=established
  215. add action=accept chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F1\E2\FF\
  216. \E7\E0\ED\ED\FB\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\E8\FF" connection-state=\
  217. related
  218. add action=accept chain=forward connection-state=related
  219. add action=accept chain=forward comment="\CF\F0\EE\F5\EE\E6\E4\E5\ED\E8\E5 \F2\
  220. \F0\E0\F4\E8\EA\E0 \E8\E7 \EB\EE\EA\E0\EB\EA\E8 \E2 \E8\ED\F2\E5\F0\ED\E5\
  221. \F2" in-interface=!Rostelekom out-interface=Rostelekom
  222. add action=reject chain=output comment="Disable All DNS" dst-port=53 \
  223. out-interface=Rostelekom protocol=udp reject-with=\
  224. icmp-network-unreachable
  225. add action=reject chain=output dst-port=53 out-interface=Rostelekom protocol=\
  226. tcp reject-with=icmp-network-unreachable
  227. add action=drop chain=input comment=\
  228. "\CF\EE\EB\ED\FB\E9 \E7\E0\EF\F0\E5\F2 \EE\F1\F2\E0\EB\FC\ED\EE\E3\EE" \
  229. in-interface=Rostelekom
  230. add action=drop chain=forward in-interface=Rostelekom
  231. /ip firewall mangle
  232. add action=mark-routing chain=prerouting comment="Mark Route To VPN" \
  233. dst-address-list=Route_To_OVPN new-routing-mark=To_OVPN passthrough=yes
  234. /ip firewall nat
  235. add action=masquerade chain=srcnat comment="https://it4it.club/topic/30-markir\
  236. uem-paketyi-i-zavorachivaet-trafik-do-konkretnyih-serverov-v-vpn/" \
  237. dst-address-list=Route_To_OVPN out-interface=External_OVPN
  238. add action=masquerade chain=srcnat out-interface=Rostelekom
  239. add action=netmap chain=dstnat comment="FTP Server" dst-port=990 \
  240. in-interface=Rostelekom protocol=tcp src-address-list=\
  241. !External_Black_List to-addresses=192.168.1.xxx to-ports=990
  242. add action=netmap chain=dstnat comment="FTP Server" dst-port=xxxx-xxxx \
  243. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  244. xxxx-xxxx
  245. add action=netmap chain=dstnat comment="SVN Server" dst-port=xxxx \
  246. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  247. xxxx
  248. add action=netmap chain=dstnat comment="Web Server (HTTP)" dst-port=80 \
  249. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  250. 80
  251. add action=netmap chain=dstnat comment="Web Server (HTTPS)" dst-port=443 \
  252. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  253. 443
  254. add action=netmap chain=dstnat comment="Server RDP" dst-port=3389 \
  255. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  256. 3389
  257. add action=dst-nat chain=dstnat comment=uTorrent dst-port=xxxx in-interface=\
  258. Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=xxxx
  259. add action=dst-nat chain=dstnat comment=uTorrent dst-port=xxxx in-interface=\
  260. Rostelekom protocol=udp to-addresses=192.168.1.xxx to-ports=xxxx
  261. add action=dst-nat chain=dstnat comment=qBitTorrent dst-port=xxxx \
  262. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  263. xxxx
  264. add action=dst-nat chain=dstnat comment=qBitTorrent dst-port=xxxx \
  265. in-interface=Rostelekom protocol=udp to-addresses=192.168.1.xxx to-ports=\
  266. xxxx
  267. add action=dst-nat chain=dstnat comment="SSH To Raspberry" dst-port=xxxx \
  268. in-interface=Rostelekom protocol=tcp to-addresses=192.168.1.xxx to-ports=\
  269. xxxx
  270. /ip kid-control device
  271. add mac-address=XX:XX:XX:XX:XX:XX name="Yandex Station" user="Yandex Station"
  272. /ip route
  273. add distance=1 gateway=External_OVPN routing-mark=To_OVPN
  274. /ip service
  275. set telnet disabled=yes
  276. set ftp disabled=yes
  277. set www disabled=yes
  278. set api-ssl disabled=yes
  279. /ip ssh
  280. set allow-none-crypto=yes
  281. /ipv6 address
  282. add address=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx advertise=no interface=sit1
  283. add address=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx interface=br1-lan
  284. /ipv6 firewall filter
  285. add action=drop chain=input connection-state=invalid in-interface=Rostelekom
  286. add action=accept chain=input connection-state=established,related \
  287. in-interface=Rostelekom
  288. add action=accept chain=forward connection-state=established,related \
  289. in-interface=Rostelekom
  290. add action=accept chain=input dst-port=546 in-interface=Rostelekom protocol=\
  291. udp
  292. add action=accept chain=input in-interface=Rostelekom protocol=icmpv6
  293. add action=accept chain=forward in-interface=Rostelekom protocol=icmpv6
  294. add action=drop chain=input in-interface=Rostelekom log=yes
  295. add action=drop chain=forward in-interface=Rostelekom
  296. /ipv6 route
  297. add distance=1 dst-address=2000::/3 gateway=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
  298. /ppp secret
  299. add name=xxxxxx password=xxxxxxxx profile=openvpn service=ovpn
  300. /system clock
  301. set time-zone-autodetect=no time-zone-name=Europe/Moscow
  302. /system leds
  303. add interface=wlan1 leds="wlan1_signal1-led,wlan1_signal2-led,wlan1_signal3-le\
  304. d,wlan1_signal4-led,wlan1_signal5-led" type=wireless-signal-strength
  305. add interface=wlan1 leds=wlan1_tx-led type=interface-transmit
  306. add interface=wlan1 leds=wlan1_rx-led type=interface-receive
  307. /system logging
  308. set 0 action=remote
  309. set 1 action=remote
  310. set 2 action=remote
  311. set 3 action=remote
  312. /system ntp client
  313. set enabled=yes primary-ntp=89.109.251.21 secondary-ntp=89.109.251.22
  314. /system ntp server
  315. set enabled=yes multicast=yes
  316. /system scheduler
  317. add disabled=yes interval=1m name=RenewProviderDNS on-event=GetProviderDNS \
  318. policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  319. start-date=sep/12/2018 start-time=10:17:08
  320. add interval=5m name=PingAndReboot on-event=\
  321. "/system script run PingAndReboot" policy=\
  322. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  323. start-time=startup
  324. add name=PingAndRebootStartup on-event=":delay 100;\r\
  325. \n/system scheduler disable PingAndReboot\r\
  326. \n:delay 1700;\r\
  327. \n/system scheduler enable PingAndReboot" policy=\
  328. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  329. start-time=startup
  330. /system script
  331. add dont-require-permissions=no name="Remove Mikrotik Static DNS" owner=alex \
  332. policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  333. source="ip dns static remove [/ip dns static find comment=\"From Mikrotik \
  334. AdAway\"]"
  335. add dont-require-permissions=no name=GetProviderDNS owner=alex policy=\
  336. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
  337. local ListName \"ProviderDNS\"\r\
  338. \n\r\
  339. \n/ip firewall address-list remove [find where list~\$ListName]\r\
  340. \n\r\
  341. \n#:local DNSServers ( [ip dns get dynamic-servers], [ip dns get servers])\
  342. \r\
  343. \n:local DNSServers ( [ip dns get dynamic-servers])\r\
  344. \n:foreach DNSServer in \$DNSServers do={\r\
  345. \n#\t:put (\"Server: \$DNSServer\")\r\
  346. \n#\t:if (\$DNSServer=\"8.8.8.8\" || \$DNSServer=\"8.8.4.4\") do={:put (\"\
  347. Good DNS \$DNSServer\")} else={:put (\"Bad DNS \$DNSServer\")}\r\
  348. \n\t:if (\$DNSServer!=\"8.8.8.8\" && \$DNSServer!=\"8.8.4.4\") do={/ip fir\
  349. ewall address-list add address=\$DNSServer list=\$ListName}\r\
  350. \n}\r\
  351. \n"
  352. add dont-require-permissions=no name=PingAndReboot owner=alex policy=\
  353. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
  354. local PingCount 3\r\
  355. \n:local Google 8.8.8.8\r\
  356. \n:local Yandex 77.88.8.8\r\
  357. \n:local Mail 94.100.180.201\r\
  358. \n:local ResultGoogle [/ping count=\$PingCount \$Google interface=Rostelek\
  359. om]\r\
  360. \n:local Resultyandex [/ping count=\$PingCount \$Yandex interface=Rostelek\
  361. om]\r\
  362. \n:local ResultMail [/ping count=\$PingCount \$Mail interface=Rostelekom]\
  363. \r\
  364. \n:local MainIfInetOk false;\r\
  365. \n:set MainIfInetOk ((\$ResultGoogle + \$Resultyandex + \$ResultMail) >= (\
  366. 2 * \$PingCount))\r\
  367. \n:put \"MainIfInetOk=\$MainIfInetOk\"\r\
  368. \nif (!\$MainIfInetOk) do={\r\
  369. \n/log error \"Bad connect\"\r\
  370. \n/system reboot\r\
  371. \n}\r\
  372. \nif (\$MainIfInetOk) do={\r\
  373. \n# /log info \"Connect OK\"\r\
  374. \n}"
  375. /system watchdog
  376. set auto-send-supout=yes send-email-to=mikrotik@mikrotik watch-address=\
  377. 192.168.1.1
  378. /tool e-mail
  379. set address=smtp.yandex.ru from=mikrotik@mikrotik password=xxxxxx port=465 \
  380. start-tls=tls-only user=mikrotik@mikrotik
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!