Untitled

:global AUC "4822"
:global ACC "4823"
:global RADIUS "172.16.116.1"
:global TOKENAQUI "dfb73cb7-bee5-4319-aae0-7364d0c7d1c3"
:global LINKDOSGP "https://mnet.sgp.net.br"
:global IP "167.71.109.194"
:global AVS "6404"
:global BLQ "6405"
/ip firewall address-list
add address=$IP list=SITES-LIBERADOS
add address=208.67.222.222 list=SITES-LIBERADOS
add address=208.67.222.220 list=SITES-LIBERADOS
add address=8.8.8.8 list=SITES-LIBERADOS
add address=8.8.4.4 list=SITES-LIBERADOS
add address=1.1.1.1 list=SITES-LIBERADOS
add address=45.227.76.22 list=SITES-LIBERADOS
add address=45.227.79.1 list=SITES-LIBERADOS
add address=10.24.0.0/22 list=BLOQUEADOS
/ip firewall filter
add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
/ip firewall filter
add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
/ip firewall nat
add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
    dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
    BLOQUEADOS
add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
    !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
    src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
    BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
# Aviso bloqueio
/ip firewall mangle
add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"