Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /export file=BACKUP_ANTES_DO_SGP
- :global PASSVPNUSER "T8Q2H0M61MXQ80"
- :global AUC "6812"
- :global ACC "6813"
- :global RADIUS "10.254.100.1"
- :global TOKENAQUI "fd202bdc-da26-44e7-a535-8d7d968ebdbe"
- :global LINKDOSGP "45.161.36.2:8000"
- :global IP "45.161.36.2"
- :global AVS "6402"
- :global BLQ "6403"
- /ip firewall address-list
- add address=$IP list=SITES-LIBERADOS
- add address=208.67.222.222 list=SITES-LIBERADOS
- add address=208.67.222.220 list=SITES-LIBERADOS
- add address=8.8.8.8 list=SITES-LIBERADOS
- add address=8.8.4.4 list=SITES-LIBERADOS
- add address=1.1.1.1 list=SITES-LIBERADOS
- add address=45.227.76.22 list=SITES-LIBERADOS
- add address=45.227.79.1 list=SITES-LIBERADOS
- add address=10.24.0.0/22 list=BLOQUEADOS
- /ip firewall filter
- add action=drop chain=forward dst-address-list=!SITES-LIBERADOS src-address-list=BLOQUEADOS comment="SGP REGRAS"
- /ip firewall filter
- add chain=forward connection-mark=BLOQUEIO-AVISAR action=add-src-to-address-list \
- address-list=BLOQUEIO-AVISADOS address-list-timeout=2h comment="SGP REGRAS" dst-address=$IP dst-port=$AVS protocol=tcp
- /ip firewall nat
- add action=accept chain=srcnat comment="NAO FAZER NAT PARA O IP DO RADIUS" \
- dst-address=$RADIUS dst-port="$AUC-$ACC,3799" protocol=udp
- add action=masquerade chain=srcnat comment="SGP REGRAS" src-address-list=\
- BLOQUEADOS
- add action=dst-nat chain=dstnat comment="SGP REGRAS" dst-address-list=\
- !SITES-LIBERADOS dst-port=80,443 log-prefix="" protocol=tcp \
- src-address-list=BLOQUEADOS to-addresses=$IP to-ports=$BLQ
- add action=dst-nat chain=dstnat comment="SGP REGRAS" connection-mark=\
- BLOQUEIO-AVISAR log-prefix="" protocol=tcp to-addresses=$IP to-ports=$AVS
- # Aviso bloqueio
- /ip firewall mangle
- add chain=prerouting connection-state=new src-address-list=BLOQUEIO-AVISAR protocol=tcp dst-port=80 \
- action=mark-connection new-connection-mark=BLOQUEIO-VERIFICAR passthrough=yes comment="SGP REGRAS"
- add chain=prerouting connection-mark=BLOQUEIO-VERIFICAR src-address-list=!BLOQUEIO-AVISADOS \
- action=mark-connection new-connection-mark=BLOQUEIO-AVISAR comment="SGP REGRAS"
- /system scheduler
- add interval=1h name=sgp-aviso on-event=sgp-aviso policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
- may/29/2017 start-time=01:00:00
- /system script
- add name=sgp-aviso policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log info\
- \_\"sgp aviso\";\r\
- \n/file remove [find where name=sgp_aviso.rsc]\r\
- \n/tool fetch url=\"$LINKDOSGP/ws/mikrotik/aviso/pendencia/\?token=$TOKENAQUI&app=mikrotik\" dst-path=sgp_aviso.rsc;\r\
- \n:delay 30s\r\
- \nimport file-name=sgp_aviso.rsc;"
- /ip accounting set account-local-traffic=yes enabled=yes
- /system ntp client set enabled=yes primary-ntp=200.160.0.8
- /system clock set time-zone-name=America/Recife
- /radius incoming
- set accept=yes
- /ip service
- set api disabled=no port=3540
- set www disabled=no port=8008
- /user aaa
- set use-radius=yes
- /ppp aaa
- set interim-update=5m use-radius=yes
- /interface pppoe-server server
- set authentication=pap [ find where .id!=999]
- /tool graphing
- set page-refresh=300 store-every=5min
- /tool graphing interface
- add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
- /tool graphing queue
- add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
- /tool graphing resource
- add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
- /snmp community
- add addresses=$RADIUS name=SGP-GRAPHICs
- /snmp
- set enabled=yes trap-community=SGP-GRAPHICs trap-version=2
- /system logging
- set 0 action=memory disabled=no prefix="" topics=info,!account
- /radius
- add comment="RADIUS SGP" secret=sgp@radius service=ppp,dhcp,login address=$RADIUS accounting-port=$ACC authentication-port=$AUC \
- timeout=00:00:03
- /user add name=SGP comment="USUARIO QUE O SERVIDOR SGP ACESSA A RB" group=full password=$PASSVPNUSER
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement