SHARE
TWEET

Untitled

a guest Jan 23rd, 2020 76 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /export file=BACKUP_ANTES_DO_SGP
  2. :global PASSVPNUSER "92t7YcpLo8ggK436oFwB"
  3. :global AUC "1812"
  4. :global ACC "1813"
  5. :global RADIUS "168.228.212.198"
  6. :global TOKENAQUI "6671e81d-98d2-4757-9642-6c62cd610767"
  7. :global LINKDOSGP "http://168.228.212.198:8000"
  8. :global IP "168.228.212.198"
  9. :global AVS "6402"
  10. :global BLQ "6403"
  11. /ip firewall address-list
  12. add address=$IP list=SITES-LIBERADOS
  13. add address=208.67.222.222 list=SITES-LIBERADOS
  14. add address=208.67.222.220 list=SITES-LIBERADOS
  15. add address=8.8.8.8 list=SITES-LIBERADOS
  16. add address=8.8.4.4 list=SITES-LIBERADOS
  17. add address=1.1.1.1 list=SITES-LIBERADOS
  18. add address=45.227.76.22 list=SITES-LIBERADOS
  19. add address=45.227.79.1 list=SITES-LIBERADOS
  20. add address=10.24.0.0/22 list=BLOQUEADOS
  21. /ip firewall filter
  22. add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
  23. /ip firewall filter
  24. add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
  25. address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
  26. /ip firewall nat
  27. add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
  28.     dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
  29. add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
  30.     BLOQUEADOS
  31. add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
  32.     !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
  33.     src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
  34. add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
  35.     BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
  36. # Aviso bloqueio
  37. /ip firewall mangle
  38. add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
  39. action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
  40. add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
  41. action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
  42. /system scheduler
  43. add interval=1h name=sgp-aviso on-event=sgp-aviso policy=\
  44.     ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  45.     may/29/2017 start-time=01:00:00
  46. /system script
  47. add name=sgp-aviso policy=\
  48.     ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log info\
  49.     \_\"sgp aviso\";\r\
  50.     \n/file remove [find where name=sgp_aviso.rsc]\r\
  51.     \n/tool fetch url=\"$LINKDOSGP/ws/mikrotik/aviso/pendencia/\?token=$TOKENAQUI&app=mikrotik\" dst-path=sgp_aviso.rsc;\r\
  52.     \n:delay 30s\r\
  53.     \nimport file-name=sgp_aviso.rsc;"
  54. /ip accounting set account-local-traffic=yes enabled=yes
  55. /system ntp client set enabled=yes primary-ntp=200.160.0.8
  56. /system clock set time-zone-name=America/Recife
  57. /radius incoming set accept=yes
  58. /ip service
  59. set api disabled=no port=3540
  60. set www disabled=no port=8008
  61. /user aaa set use-radius=yes
  62. /ppp aaa set interim-update=5m use-radius=yes
  63. /interface pppoe-server server set authentication=pap [ find where .id!=999]
  64. /interface pppoe-server server set one-session-per-host=no [find .id!=999]
  65. /tool graphing set page-refresh=300 store-every=5min
  66. /tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
  67. /tool graphing queue add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
  68. /tool graphing resource add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
  69. /snmp community add addresses=$RADIUS name=SGP-GRAPHICs
  70. /snmp set enabled=yes trap-community=SGP-GRAPHICs trap-version=2
  71. /system logging set 0 action=memory disabled=no prefix="" topics=info,!account
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top