Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # dec/30/2021 01:34:04 by RouterOS 7.1.1
- # software id = WLS8-IV2L
- #
- # model = RBD53iG-5HacD2HnD
- # serial number = xxxxxxx
- /interface bridge
- add admin-mac=xx:55:31:xx:5C:xx auto-mac=no comment=defconf name=bridge
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
- country=germany distance=indoors frequency=auto mode=ap-bridge ssid=\
- revenge_of_the_cats wireless-protocol=802.11
- set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
- 20/40/80mhz-XXXX country=germany distance=indoors installation=indoor \
- mode=ap-bridge ssid=revenge_of_the_cats_5g wireless-protocol=802.11
- /interface wireguard
- add disabled=yes listen-port=13231 mtu=1420 name=wireguard1
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- /interface lte apn
- set [ find default=yes ] ip-type=ipv4
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
- dynamic-keys supplicant-identity=MikroTik
- /ip pool
- add name=dhcp ranges=10.0.0.2-10.0.255.254
- /ip dhcp-server
- add address-pool=dhcp interface=bridge name=defconf
- /routing table
- add fib name=""
- /zerotier
- set zt1 identity="xxxxxxxxxxxx" name=zt1 \
- port=9993
- /zerotier interface
- add disable-running-check=yes instance=zt1 mac-address=xx:75:89:95:B6:46 \
- name=zerotier1 network=xxxxxx
- /interface bridge port
- add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
- add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
- add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
- add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
- add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
- add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2
- /ip neighbor discovery-settings
- set discover-interface-list=LAN
- /ipv6 settings
- set disable-ipv6=yes max-neighbor-entries=8192
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- /interface wireguard peers
- add allowed-address=10.1.0.2/24 interface=wireguard1 public-key=\
- "xxxxxxxxxxxxxxxxxxxxxx"
- add allowed-address=10.1.0.3/24 interface=wireguard1 public-key=\
- "xxxxxxxxxxxxxxx"
- /ip address
- add address=10.0.0.1/16 comment=defconf interface=bridge network=10.0.0.0
- add address=10.1.0.1/24 interface=wireguard1 network=10.1.0.0
- /ip dhcp-client
- add comment=defconf interface=ether1 use-peer-dns=no
- /ip dhcp-server network
- add address=10.0.0.0/16 comment=defconf gateway=10.0.0.1
- /ip dns
- set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
- /ip dns static
- add address=10.0.0.1 comment=defconf name=router.lan
- /ip firewall filter
- add action=accept chain=forward in-interface=zerotier1
- add action=accept chain=input in-interface=zerotier1
- add action=accept chain=input comment=\
- "defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment=\
- "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
- add action=accept chain=input comment="Allow Wireguard" dst-port=13231 \
- protocol=udp
- add action=drop chain=input comment="defconf: drop all not coming from LAN" \
- in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related hw-offload=yes
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- add action=drop chain=input src-address=18.195.122.69
- add action=drop chain=input src-address=154.180.32.45
- add action=drop chain=input src-address=193.242.145.101
- add action=drop chain=input src-address=45.134.26.34
- add action=drop chain=input src-address=199.195.253.174
- add action=drop chain=input src-address=183.82.146.80
- add action=drop chain=input src-address=193.242.145.101
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface-list=WAN
- add action=dst-nat chain=dstnat disabled=yes dst-port=5001 in-interface=\
- ether1 protocol=tcp to-addresses=10.0.0.112 to-ports=5001
- /system clock
- set time-zone-name=Europe/Berlin
- /system leds settings
- set all-leds-off=immediate
- /system routerboard settings
- set cpu-frequency=auto
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement