Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/16/2020 07:56:39 by RouterOS 6.47.7
- # software id = JTDL-XA8A
- #
- # model = RouterBOARD 941-2nD
- # serial number = 661606CxxxC4
- /interface bridge
- add admin-mac=6C:3B:6B:4F:F3:54 auto-mac=no fast-forward=no name=bridge
- /interface ethernet
- set [ find default-name=ether1 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
- 6C:3B:6B:4F:F3:51
- set [ find default-name=ether2 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
- 6C:3B:6B:4F:F3:53
- set [ find default-name=ether3 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether4 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- /interface l2tp-client
- add connect-to=3.5.7.4 disabled=no name=l2tp-Brat password=\
- G&IrY user=Brat
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
- management-protection=allowed mode=dynamic-keys name=profile1 \
- supplicant-identity="" wpa-pre-shared-key=1a2b3c4d5e wpa2-pre-shared-key=\
- 1a2b3c4d5e
- add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
- tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=ipad \
- supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
- 88888888 wpa2-pre-shared-key=88888888
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-eC \
- country=germany disabled=no distance=indoors frequency=2437 mode=\
- ap-bridge multicast-helper=full security-profile=profile1 ssid=Test_16 \
- station-roaming=enabled wireless-protocol=802.11
- add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:4F:F3:57 \
- master-interface=wlan1 multicast-buffering=disabled name=wlan2 \
- security-profile=ipad ssid=IPadOne station-roaming=enabled \
- wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
- /ip pool
- add name=dhcp_pool1 ranges=192.168.8.2-192.168.8.254
- add name=dhcp_pool2 ranges=192.168.16.20-192.168.16.150
- /ip dhcp-server
- add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
- interface=wlan2 lease-time=10m name=dhcp2
- add address-pool=dhcp_pool2 disabled=no interface=bridge lease-time=1d10m \
- name=dhcp1
- /user group
- set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
- sword,web,sniff,sensitive,api,romon,dude,tikapp"
- /interface bridge port
- add bridge=bridge interface=wlan1
- add bridge=bridge hw=no interface=ether3
- add bridge=bridge hw=no interface=ether4
- /ip firewall connection tracking
- set tcp-established-timeout=10m
- /ip neighbor discovery-settings
- set discover-interface-list=discover
- /interface list member
- add interface=ether2 list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=wlan1 list=discover
- add interface=bridge list=discover
- add interface=wlan2 list=discover
- add interface=l2tp-Brat list=discover
- add interface=bridge list=mactel
- add interface=bridge list=mac-winbox
- /ip address
- add address=192.168.16.1/24 interface=bridge network=192.168.16.0
- add address=192.168.8.1/24 interface=wlan2 network=192.168.8.0
- /ip dhcp-client
- add comment=defconf disabled=no interface=ether1
- add interface=ether2
- /ip dhcp-server network
- add address=192.168.8.0/24 gateway=192.168.8.1
- add address=192.168.16.0/24 dns-server=1.1.1.1,193.41.60.2 gateway=\
- 192.168.16.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.8.1 name=router
- /ip firewall filter
- add action=drop chain=forward comment="No Internet" disabled=yes \
- out-interface=ether1 src-address-list=!Internet
- add action=add-src-to-address-list address-list=allow-ip \
- address-list-timeout=1h chain=input comment="Port Knocking 357 --> 385" \
- packet-size=385 protocol=icmp
- add action=drop chain=input icmp-options=8:0 in-interface=ether1 packet-size=\
- !385 protocol=icmp
- add action=drop chain=input icmp-options=8:0 in-interface=ether2 packet-size=\
- !385 protocol=icmp
- add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
- protocol=tcp src-address-list=ssh_blacklist
- add action=add-src-to-address-list address-list=ssh_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage3
- add action=add-src-to-address-list address-list=ssh_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage2
- add action=add-src-to-address-list address-list=ssh_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp src-address-list=ssh_stage1
- add action=add-src-to-address-list address-list=ssh_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=22 \
- protocol=tcp
- add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 \
- protocol=tcp src-address-list=winbox_blacklist
- add action=add-src-to-address-list address-list=winbox_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage3
- add action=add-src-to-address-list address-list=winbox_stage3 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage2
- add action=add-src-to-address-list address-list=winbox_stage2 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp src-address-list=winbox_stage1
- add action=add-src-to-address-list address-list=winbox_stage1 \
- address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
- protocol=tcp
- add action=accept chain=input comment=SSH dst-port=22 protocol=tcp \
- src-address-list=allow-ip
- add chain=input comment=PPTP dst-port=1723 protocol=tcp
- add action=accept chain=input protocol=ipsec-esp
- add action=accept chain=input comment=L2TP dst-port=1701,4500,500 protocol=\
- udp
- add action=accept chain=input comment=WinBox dst-port=8291 protocol=tcp \
- src-address-list=allow-ip
- add chain=input comment=IPTV protocol=igmp
- add chain=input comment=IPTV dst-port=1234 protocol=udp
- add chain=input comment="default configuration" protocol=icmp
- add chain=input comment="default configuration" connection-state=established
- add chain=input comment="default configuration" connection-state=related
- add action=drop chain=input comment="default configuration" in-interface=\
- ether1
- add action=drop chain=input comment="default configuration" in-interface=\
- ether2
- add chain=forward comment="default configuration" connection-state=\
- established
- add chain=forward comment="default configuration" connection-state=related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade"
- /ip route
- add distance=1 dst-address=192.168.11.0/24 gateway=172.16.10.98
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ip ssh
- set allow-none-crypto=yes forwarding-enabled=remote
- /system clock
- set time-zone-name=Europe/Kiev
- /system identity
- set name=MikroBR
- /system ntp client
- set enabled=yes primary-ntp=91.198.10.1 secondary-ntp=178.136.117.33
- /tool mac-server
- set allowed-interface-list=mactel
- /tool mac-server mac-winbox
- set allowed-interface-list=mac-winbox
Advertisement
Add Comment
Please, Sign In to add comment
