API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 5th, 2018
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.07 KB | None | 0 0
raw download clone embed print report
  1. # sep/05/2018 21:08:14 by RouterOS 6.42.6
  2. # software id = 5JRT-44ZR
  3. #
  4. # model = RouterBOARD 941-2nD
  5. # serial number = 66160655EA0C
  6. /interface bridge
  7. add admin-mac=6C:3B:6B:31:F7:E6 auto-mac=no fast-forward=no name=bridge
  8. /interface wireless
  9. set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" disabled=no distance=indoors frequency=auto frequency-mode=superchannel mode=ap-bridge ssid=NET \
  10. wireless-protocol=802.11 wps-mode=disabled
  11. /interface ethernet
  12. set [ find default-name=ether2 ] name=ether2-master
  13. /interface pppoe-client
  14. add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 keepalive-timeout=60 name=pppoe-out1 password= use-peer-dns=yes user=
  15. /interface l2tp-client
  16. add allow=mschap1,mschap2 connect-to=XXX.XXX.XXX.XXX disabled=no ipsec-secret=12345690 name=l2tp-out1 password= use-ipsec=yes user=L2TP
  17. /interface eoip
  18. add allow-fast-path=no keepalive=3s local-address=10.1.1.6 mac-address=02:FE:02:E1:49:2B name=eoip-tunnel1 remote-address=10.1.1.7 tunnel-id=1
  19. /interface list
  20. add exclude=dynamic name=discover
  21. add name=mactel
  22. add name=mac-winbox
  23. add name=WAN
  24. /interface wireless security-profiles
  25. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=\
  26.  
  27. /ip pool
  28. add name=dhcp ranges=192.168.55.230-192.168.55.250
  29. /ip dhcp-server
  30. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge name=defconf
  31. /interface bridge port
  32. add bridge=bridge comment=defconf interface=ether2-master
  33. add bridge=bridge comment=defconf interface=wlan1
  34. add bridge=bridge interface=ether3
  35. add bridge=bridge interface=ether4
  36. /ip address
  37. add address=192.168.55.1/24 comment=defconf interface=ether2-master network=192.168.55.0
  38. add address=10.14.14.2/30 interface=eoip-tunnel1 network=10.14.14.0
  39. /ip dhcp-client
  40. add comment=defconf dhcp-options=hostname,clientid interface=ether1
  41. /ip dhcp-server network
  42. add address=192.168.55.0/24 comment=defconf gateway=192.168.55.1 netmask=24
  43. /ip dns
  44. set allow-remote-requests=yes servers=8.8.8.8
  45. /ip dns static
  46. add address=192.168.88.1 name=router
  47. /ip firewall filter
  48. add action=accept chain=input connection-state=established,related
  49. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
  50. add action=accept chain=input protocol=icmp
  51. add action=add-src-to-address-list address-list=blacklist_final address-list-timeout=2w1d chain=input comment="fail2ban: stage3 to final" connection-state=new dst-port=\
  52. 22,8291 protocol=tcp src-address-list=blacklist_stage_3
  53. add action=add-src-to-address-list address-list=blacklist_stage_3 address-list-timeout=1m chain=input comment="fail2ban: stage2 to stage3" connection-state=new dst-port=\
  54. 22,8291 protocol=tcp src-address-list=blacklist_stage_2
  55. add action=add-src-to-address-list address-list=blacklist_stage_2 address-list-timeout=6h chain=input comment="fail2ban: stage1 to stage2" connection-state=new dst-port=\
  56. 22,8291 protocol=tcp src-address-list=blacklist_stage_1
  57. add action=add-src-to-address-list address-list=blacklist_stage_1 address-list-timeout=12h chain=input comment="fail2ban: stage1" connection-state=new dst-port=22,8291 \
  58. protocol=tcp
  59. add action=drop chain=input comment="fail2ban: drop brute forcers" dst-port=22,8291 protocol=tcp src-address-list=blacklist_final
  60. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  61. add action=drop chain=input in-interface-list=!mactel
  62. /ip firewall nat
  63. add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
  64. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
  65. add action=masquerade chain=srcnat out-interface=l2tp-out1
  66. /ip firewall service-port
  67. set ftp disabled=yes
  68. set tftp disabled=yes
  69. set irc disabled=yes
  70. /ip route
  71. add distance=1 dst-address=192.168.15.0/24 gateway=eoip-tunnel1
  72. add disabled=yes distance=1 dst-address=192.168.15.0/24 gateway=l2tp-out1
  73. /system clock
  74. set time-zone-name=Asia/Vladivostok
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!