API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 18th, 2020
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.87 KB | None | 0 0
raw download clone embed print report
  1. /export file=BACKUP_ANTES_DO_SGP
  2. :global PASSVPNUSER "T8Q2H0M61MXQ80"
  3. :global AUC "6812"
  4. :global ACC "6813"
  5. :global RADIUS "10.254.100.1"
  6. :global TOKENAQUI "fd202bdc-da26-44e7-a535-8d7d968ebdbe"
  7. :global LINKDOSGP "45.161.36.2:8000"
  8. :global IP "45.161.36.2"
  9. :global AVS "6402"
  10. :global BLQ "6403"
  11.  
  12. /ip firewall address-list
  13. add address=$IP list=SITES-LIBERADOS
  14. add address=208.67.222.222 list=SITES-LIBERADOS
  15. add address=208.67.222.220 list=SITES-LIBERADOS
  16. add address=8.8.8.8 list=SITES-LIBERADOS
  17. add address=8.8.4.4 list=SITES-LIBERADOS
  18. add address=1.1.1.1 list=SITES-LIBERADOS
  19. add address=45.227.76.22 list=SITES-LIBERADOS
  20. add address=45.227.79.1 list=SITES-LIBERADOS
  21. add address=10.24.0.0/22 list=BLOQUEADOS
  22. /ip firewall filter
  23. add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
  24. /ip firewall filter
  25. add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
  26. address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
  27. /ip firewall nat
  28. add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
  29. dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
  30. add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
  31. BLOQUEADOS
  32. add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
  33. !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
  34. src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
  35. add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
  36. BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
  37. # Aviso bloqueio
  38. /ip firewall mangle
  39. add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
  40. action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
  41. add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
  42. action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
  43. /system scheduler
  44. add interval=1h name=sgp-aviso on-event=sgp-aviso policy=\
  45. ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
  46. may/29/2017 start-time=01:00:00
  47. /system script
  48. add name=sgp-aviso policy=\
  49. ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log info\
  50. \_\"sgp aviso\";\r\
  51. \n/file remove [find where name=sgp_aviso.rsc]\r\
  52. \n/tool fetch url=\"$LINKDOSGP/ws/mikrotik/aviso/pendencia/\?token=$TOKENAQUI&app=mikrotik\" dst-path=sgp_aviso.rsc;\r\
  53. \n:delay 30s\r\
  54. \nimport file-name=sgp_aviso.rsc;"
  55. /ip accounting set account-local-traffic=yes enabled=yes
  56. /system ntp client set enabled=yes primary-ntp=200.160.0.8
  57. /system clock set time-zone-name=America/Recife
  58. /radius incoming
  59. set accept=yes
  60. /ip service
  61. set api disabled=no port=3540
  62. set www disabled=no port=8008
  63. /user aaa
  64. set use-radius=yes
  65. /ppp aaa
  66. set interim-update=5m use-radius=yes
  67. /interface pppoe-server server
  68. set authentication=pap [ find where .id!=999]
  69. /tool graphing
  70. set page-refresh=300 store-every=5min
  71. /tool graphing interface
  72. add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
  73. /tool graphing queue
  74. add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
  75. /tool graphing resource
  76. add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
  77. /snmp community
  78. add addresses=$RADIUS name=SGP-GRAPHICs
  79. /snmp
  80. set enabled=yes trap-community=SGP-GRAPHICs trap-version=2
  81. /system logging
  82. set 0 action=memory disabled=no prefix="" topics=info,!account
  83. /radius
  84. add comment="RADIUS SGP" secret=sgp@radius service=ppp,dhcp,login address=$RADIUS accounting-port=$ACC authentication-port=$AUC \
  85. timeout=00:00:03
  86. /user add name=SGP comment="USUARIO QUE O SERVIDOR SGP ACESSA A RB" group=full password=$PASSVPNUSER
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!