API tools faq
paste
Guest User

Untitled

a guest
Sep 5th, 2018
65
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.93 KB | None | 0 0
raw download clone embed print report
  1. # sep/05/2018 22:26:52 by RouterOS 6.42.6
  2. # software id = 5JRT-44ZR
  3. #
  4. # model = RouterBOARD 941-2nD
  5. # serial number = 66160655EA0C
  6. /interface bridge
  7. add admin-mac=6C:3B:6B:31:F7:E6 auto-mac=no fast-forward=no name=bridge
  8. /interface wireless
  9. set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" disabled=no distance=indoors frequency=auto frequency-mode=superchannel mode=ap-bridge ssid=NET \
  10. wireless-protocol=802.11 wps-mode=disabled
  11. /interface ethernet
  12. set [ find default-name=ether2 ] name=ether2-master
  13. /interface pppoe-client
  14. add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 keepalive-timeout=60 name=pppoe-out1 password=Chm use-peer-dns=yes user=7549
  15. /interface l2tp-client
  16. add allow=mschap1,mschap2 connect-to= disabled=no ipsec-secret=12345690 name=l2tp-out1 password=12345 use-ipsec=yes user=L2TP
  17. /interface eoip
  18. add allow-fast-path=no arp=proxy-arp keepalive=3s local-address=10.1.1.6 mac-address=02:36:8B:18:87:48 name=eoip-tunnel1 remote-address=10.1.1.7 tunnel-id=1
  19. /interface list
  20. add exclude=dynamic name=discover
  21. add name=mactel
  22. add name=mac-winbox
  23. add name=WAN
  24. /interface wireless security-profiles
  25. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=\
  26.  
  27. /ip hotspot profile
  28. add hotspot-address=10.10.10.1 name=hsprof1
  29. /ip hotspot
  30. add interface=bridge name=hotspot1 profile=hsprof1
  31. /ip pool
  32. add name=dhcp ranges=192.168.55.230-192.168.55.250
  33. /ip dhcp-server
  34. add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge name=defconf
  35. /interface bridge port
  36. add bridge=bridge comment=defconf interface=ether2-master
  37. add bridge=bridge comment=defconf interface=wlan1
  38. add bridge=bridge interface=ether3
  39. add bridge=bridge interface=ether4
  40. /ip neighbor discovery-settings
  41. set discover-interface-list=all
  42. /interface list member
  43. add interface=ether2-master list=discover
  44. add interface=ether3 list=discover
  45. add interface=ether4 list=discover
  46. add interface=wlan1 list=discover
  47. add interface=bridge list=discover
  48. add interface=pppoe-out1 list=discover
  49. add interface=bridge list=mactel
  50. add interface=bridge list=mac-winbox
  51. add interface=pppoe-out1 list=WAN
  52. /ip address
  53. add address=192.168.55.1/24 interface=ether2-master network=192.168.55.0
  54. add address=10.14.14.2/30 interface=eoip-tunnel1 network=10.14.14.0
  55. /ip dhcp-client
  56. add comment=defconf dhcp-options=hostname,clientid interface=ether1
  57. /ip dhcp-server network
  58. add address=10.10.10.0/24 comment="hotspot network" gateway=10.10.10.1
  59. add address=192.168.55.0/24 comment=defconf gateway=192.168.55.1 netmask=24
  60. /ip dns
  61. set allow-remote-requests=yes servers=8.8.8.8
  62. /ip dns static
  63. add address=192.168.88.1 name=router
  64. /ip firewall filter
  65. add action=accept chain=input connection-state=established,related
  66. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
  67. add action=accept chain=input protocol=icmp
  68. add action=add-src-to-address-list address-list=blacklist_final address-list-timeout=2w1d chain=input comment="fail2ban: stage3 to final" connection-state=new dst-port=\
  69. 22,8291 protocol=tcp src-address-list=blacklist_stage_3
  70. add action=add-src-to-address-list address-list=blacklist_stage_3 address-list-timeout=1m chain=input comment="fail2ban: stage2 to stage3" connection-state=new dst-port=\
  71. 22,8291 protocol=tcp src-address-list=blacklist_stage_2
  72. add action=add-src-to-address-list address-list=blacklist_stage_2 address-list-timeout=6h chain=input comment="fail2ban: stage1 to stage2" connection-state=new dst-port=\
  73. 22,8291 protocol=tcp src-address-list=blacklist_stage_1
  74. add action=add-src-to-address-list address-list=blacklist_stage_1 address-list-timeout=12h chain=input comment="fail2ban: stage1" connection-state=new dst-port=22,8291 \
  75. protocol=tcp
  76. add action=drop chain=input comment="fail2ban: drop brute forcers" disabled=yes dst-port=22,8291 protocol=tcp src-address-list=blacklist_final
  77. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
  78. add action=drop chain=input disabled=yes in-interface-list=!mactel
  79. /ip firewall nat
  80. add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
  81. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
  82. add action=masquerade chain=srcnat out-interface=l2tp-out1
  83. /ip firewall service-port
  84. set ftp disabled=yes
  85. set tftp disabled=yes
  86. set irc disabled=yes
  87. /ip hotspot user
  88. add name=admin password=1Lebron12345
  89. /ip route
  90. add distance=1 dst-address=192.168.15.0/24 gateway=eoip-tunnel1
  91. add disabled=yes distance=1 dst-address=192.168.15.0/24 gateway=l2tp-out1
  92. /ip service
  93. set telnet disabled=yes
  94. set ftp disabled=yes
  95. set ssh port=44211
  96. set api disabled=yes
  97. set api-ssl disabled=yes
  98. /system clock
  99. set time-zone-name=Asia/Vladivostok
  100. /system identity
  101. set name=HOME
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!