Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # sep/05/2018 22:26:52 by RouterOS 6.42.6
- # software id = 5JRT-44ZR
- #
- # model = RouterBOARD 941-2nD
- # serial number = 66160655EA0C
- /interface bridge
- add admin-mac=6C:3B:6B:31:F7:E6 auto-mac=no fast-forward=no name=bridge
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" disabled=no distance=indoors frequency=auto frequency-mode=superchannel mode=ap-bridge ssid=NET \
- wireless-protocol=802.11 wps-mode=disabled
- /interface ethernet
- set [ find default-name=ether2 ] name=ether2-master
- /interface pppoe-client
- add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 keepalive-timeout=60 name=pppoe-out1 password=Chm use-peer-dns=yes user=7549
- /interface l2tp-client
- add allow=mschap1,mschap2 connect-to= disabled=no ipsec-secret=12345690 name=l2tp-out1 password=12345 use-ipsec=yes user=L2TP
- /interface eoip
- add allow-fast-path=no arp=proxy-arp keepalive=3s local-address=10.1.1.6 mac-address=02:36:8B:18:87:48 name=eoip-tunnel1 remote-address=10.1.1.7 tunnel-id=1
- /interface list
- add exclude=dynamic name=discover
- add name=mactel
- add name=mac-winbox
- add name=WAN
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=\
- /ip hotspot profile
- add hotspot-address=10.10.10.1 name=hsprof1
- /ip hotspot
- add interface=bridge name=hotspot1 profile=hsprof1
- /ip pool
- add name=dhcp ranges=192.168.55.230-192.168.55.250
- /ip dhcp-server
- add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge name=defconf
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2-master
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge interface=ether3
- add bridge=bridge interface=ether4
- /ip neighbor discovery-settings
- set discover-interface-list=all
- /interface list member
- add interface=ether2-master list=discover
- add interface=ether3 list=discover
- add interface=ether4 list=discover
- add interface=wlan1 list=discover
- add interface=bridge list=discover
- add interface=pppoe-out1 list=discover
- add interface=bridge list=mactel
- add interface=bridge list=mac-winbox
- add interface=pppoe-out1 list=WAN
- /ip address
- add address=192.168.55.1/24 interface=ether2-master network=192.168.55.0
- add address=10.14.14.2/30 interface=eoip-tunnel1 network=10.14.14.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid interface=ether1
- /ip dhcp-server network
- add address=10.10.10.0/24 comment="hotspot network" gateway=10.10.10.1
- add address=192.168.55.0/24 comment=defconf gateway=192.168.55.1 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall filter
- add action=accept chain=input connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
- add action=accept chain=input protocol=icmp
- add action=add-src-to-address-list address-list=blacklist_final address-list-timeout=2w1d chain=input comment="fail2ban: stage3 to final" connection-state=new dst-port=\
- 22,8291 protocol=tcp src-address-list=blacklist_stage_3
- add action=add-src-to-address-list address-list=blacklist_stage_3 address-list-timeout=1m chain=input comment="fail2ban: stage2 to stage3" connection-state=new dst-port=\
- 22,8291 protocol=tcp src-address-list=blacklist_stage_2
- add action=add-src-to-address-list address-list=blacklist_stage_2 address-list-timeout=6h chain=input comment="fail2ban: stage1 to stage2" connection-state=new dst-port=\
- 22,8291 protocol=tcp src-address-list=blacklist_stage_1
- add action=add-src-to-address-list address-list=blacklist_stage_1 address-list-timeout=12h chain=input comment="fail2ban: stage1" connection-state=new dst-port=22,8291 \
- protocol=tcp
- add action=drop chain=input comment="fail2ban: drop brute forcers" disabled=yes dst-port=22,8291 protocol=tcp src-address-list=blacklist_final
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
- add action=drop chain=input disabled=yes in-interface-list=!mactel
- /ip firewall nat
- add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
- add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
- add action=masquerade chain=srcnat out-interface=l2tp-out1
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- /ip hotspot user
- add name=admin password=1Lebron12345
- /ip route
- add distance=1 dst-address=192.168.15.0/24 gateway=eoip-tunnel1
- add disabled=yes distance=1 dst-address=192.168.15.0/24 gateway=l2tp-out1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set ssh port=44211
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=Asia/Vladivostok
- /system identity
- set name=HOME
Add Comment
Please, Sign In to add comment