Statistics: Posted by Soleous75 — Tue Mar 19, 2024 1:05 pm
Statistics: Posted by ips — Tue Mar 19, 2024 1:05 pm
Statistics: Posted by mtest001 — Tue Mar 19, 2024 1:05 pm
Statistics: Posted by sakke42 — Tue Mar 19, 2024 1:04 pm
:put "Uptime: $([:tonum [/system resource get uptime]] / 86400) days"
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 12:58 pm
Statistics: Posted by Soleous75 — Tue Mar 19, 2024 12:42 pm
Statistics: Posted by netmas — Tue Mar 19, 2024 12:32 pm
[admin@MikroTik-MainRouter] > /interface/wifi/monitor 1 state: running channel: 5500/ac/Ceeeeeee registered-peers: 3 authorized-peers: 3 tx-power: 30 available-channels: 5500/ac/Ceeeeeee,5520/ac/eCeeeeee,5540/ac/eeCeeeee,5560/ac/eeeCeeee,5580/ac/eeeeCeee,5600/ac/eeeeeCee,5620/ac/eeeeeeCe,5640/ac/eeeeeeeC,5500/ac/Ceee,5520/ac/eCee,5540/ac/eeCe, 5560/ac/eeeC,5580/ac/Ceee,5600/ac/eCee,5620/ac/eeCe,5640/ac/eeeC,5500/ac/Ce,5520/ac/eC,5540/ac/Ce,5560/ac/eC,5580/ac/Ce,5600/ac/eC,5620/ac/Ce,5640/ac/eC,5660/ac/Ce,5680/ac/eC, 5500/n/Ce,5520/n/eC,5540/n/Ce,5560/n/eC,5580/n/Ce,5600/n/eC,5620/n/Ce,5640/n/eC,5660/n/Ce,5680/n/eC,5500/ac,5520/ac,5540/ac,5560/ac,5580/ac,5600/ac,5620/ac,5640/ac,5660/ac,5680/ac, 5700/ac,5500/n,5520/n,5540/n,5560/n,5580/n,5600/n,5620/n,5640/n,5660/n,5680/n,5700/n,5500/a,5520/a,5540/a,5560/a,5580/a,5600/a,5620/a,5640/a,5660/a,5680/a,5700/a[admin@MikroTik-MainRouter] > /interface/wifi/monitor 3 state: running channel: 5500/ac/Ceeeeeee registered-peers: 8 authorized-peers: 8 tx-power: 25 available-channels: 5500/ac/Ceeeeeee,5520/ac/eCeeeeee,5540/ac/eeCeeeee,5560/ac/eeeCeeee,5580/ac/eeeeCeee,5600/ac/eeeeeCee,5620/ac/eeeeeeCe,5640/ac/eeeeeeeC,5500/ac/Ceee,5520/ac/eCee,5540/ac/eeCe, 5560/ac/eeeC,5580/ac/Ceee,5600/ac/eCee,5620/ac/eeCe,5640/ac/eeeC,5500/ac/Ce,5520/ac/eC,5540/ac/Ce,5560/ac/eC,5580/ac/Ce,5600/ac/eC,5620/ac/Ce,5640/ac/eC,5660/ac/Ce,5680/ac/eC, 5500/n/Ce,5520/n/eC,5540/n/Ce,5560/n/eC,5580/n/Ce,5600/n/eC,5620/n/Ce,5640/n/eC,5660/n/Ce,5680/n/eC,5500/ac,5520/ac,5540/ac,5560/ac,5580/ac,5600/ac,5620/ac,5640/ac,5660/ac,5680/ac, 5700/ac,5500/n,5520/n,5540/n,5560/n,5580/n,5600/n,5620/n,5640/n,5660/n,5680/n,5700/n,5500/a,5520/a,5540/a,5560/a,5580/a,5600/a,5620/a,5640/a,5660/a,5680/a,5700/a[admin@MikroTik-MainRouter] > /interface/wifi/monitor 5 state: running channel: 5680/ac/eC registered-peers: 1 authorized-peers: 1 tx-power: 25 available-channels: 5500/ac/Ceeeeeee,5520/ac/eCeeeeee,5540/ac/eeCeeeee,5560/ac/eeeCeeee,5580/ac/eeeeCeee,5600/ac/eeeeeCee,5620/ac/eeeeeeCe,5640/ac/eeeeeeeC,5500/ac/Ceee,5520/ac/eCee,5540/ac/eeCe, 5560/ac/eeeC,5580/ac/Ceee,5600/ac/eCee,5620/ac/eeCe,5640/ac/eeeC,5500/ac/Ce,5520/ac/eC,5540/ac/Ce,5560/ac/eC,5580/ac/Ce,5600/ac/eC,5620/ac/Ce,5640/ac/eC,5660/ac/Ce,5680/ac/eC, 5500/n/Ce,5520/n/eC,5540/n/Ce,5560/n/eC,5580/n/Ce,5600/n/eC,5620/n/Ce,5640/n/eC,5660/n/Ce,5680/n/eC,5500/ac,5520/ac,5540/ac,5560/ac,5580/ac,5600/ac,5620/ac,5640/ac,5660/ac,5680/ac, 5700/ac,5500/n,5520/n,5540/n,5560/n,5580/n,5600/n,5620/n,5640/n,5660/n,5680/n,5700/n,5500/a,5520/a,5540/a,5560/a,5580/a,5600/a,5620/a,5640/a,5660/a,5680/a,5700/a
Statistics: Posted by tinodj — Tue Mar 19, 2024 12:27 pm
Statistics: Posted by robmaltsystems — Tue Mar 19, 2024 12:23 pm
:put "Uptime: $([:tonum [/system resource get uptime]] / 86400) days"
Statistics: Posted by rextended — Tue Mar 19, 2024 12:20 pm
/interface bridge add name=bridge pvid=3 vlan-filtering=yes
/interface bridge vlan add bridge=bridge tagged=ether1,bridge vlan-ids=3
ingress-filtering=yes
/interface bridgeadd frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes/interface vlanadd interface=bridge name=vlan3 vlan-id=3/interface bridge portadd bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether2 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether3 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether4 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether5 pvid=3/interface bridge vlanadd bridge=bridge tagged=ether1,bridge vlan-ids=3/ip addressadd address=192.168.3.11/24 interface=vlan3 network=192.168.3.0
Statistics: Posted by DeltaCreek — Tue Mar 19, 2024 12:16 pm
Statistics: Posted by korg — Tue Mar 19, 2024 12:15 pm
Statistics: Posted by diamuxin — Tue Mar 19, 2024 12:13 pm
Statistics: Posted by patrikg — Tue Mar 19, 2024 12:05 pm
Statistics: Posted by mkx — Tue Mar 19, 2024 11:58 am
Statistics: Posted by Omerik — Tue Mar 19, 2024 11:54 am
Statistics: Posted by DarkNate — Tue Mar 19, 2024 11:54 am
Statistics: Posted by Maggiore81 — Tue Mar 19, 2024 11:46 am
Statistics: Posted by pe1chl — Tue Mar 19, 2024 11:40 am
Statistics: Posted by TheCondor — Tue Mar 19, 2024 11:40 am
Statistics: Posted by karlisi — Tue Mar 19, 2024 11:38 am
Statistics: Posted by DarkNate — Tue Mar 19, 2024 11:37 am
Statistics: Posted by totpbi — Tue Mar 19, 2024 11:37 am
# rextended's function (thanks Master)# Convert uptime to seconds:global timetoseconds do={ :local inTime $1 :local wPos [:find $inTime "w" -1] :local dPos [:find $inTime "d" -1] :local itLen [:find $inTime "." -1] ; :if ([:typeof $itLen] = "nil") do={:set itLen [:len $inTime]} :local itSec [:pick $inTime ($itLen - 2) $itLen] :local itMin [:pick $inTime ($itLen - 5) ($itLen - 3)] :local itHou [:pick $inTime ($itLen - 8) ($itLen - 6)] :local itDay 0 :local itWee 0 :if (([:typeof $wPos] = "nil") and ([:typeof $dPos] = "num")) do={:set itDay [:pick $inTime 0 $dPos] } :if (([:typeof $wPos] = "num") and ([:typeof $dPos] = "num")) do={:set itDay [:pick $inTime ($wPos + 1) $dPos] } :if ([:typeof $wPos] = "num") do={:set itWee [:pick $inTime 0 $wPos] } :local totitSec ($itSec + (60 * $itMin) + (3600 * $itHou) + (86400 * $itDay) + (604800 * $itWee)) :return $totitSec}:local upd ([$timetoseconds [/system resource get uptime]] / 86400):put "Uptime: $upd days"
Statistics: Posted by diamuxin — Tue Mar 19, 2024 11:35 am
Statistics: Posted by robmaltsystems — Tue Mar 19, 2024 11:29 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 11:26 am
Statistics: Posted by jaclaz — Tue Mar 19, 2024 11:23 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 11:02 am
I have one running in a warehouse environment mounted on the ceiling because I needed one of the antennae to go through a wall for outside purpose covering an outside storage as close as possible.One must then ask, though, what happens if you use the wall mount included with the hAP ax³ to stick it up near ceiling level?
Statistics: Posted by Scoox — Tue Mar 19, 2024 10:49 am
nope, I want just the existing feature in wifi-qcom driver
do you mean via RADIUS?
Statistics: Posted by pe1chl — Tue Mar 19, 2024 10:48 am
Statistics: Posted by Scoox — Tue Mar 19, 2024 10:47 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 10:39 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 10:25 am
#notfixed - it's getting ridiculous..
Statistics: Posted by Archous — Tue Mar 19, 2024 10:15 am
Statistics: Posted by jookraw — Tue Mar 19, 2024 10:07 am
Statistics: Posted by rplant — Tue Mar 19, 2024 10:00 am
Statistics: Posted by tangent — Tue Mar 19, 2024 9:46 am
Statistics: Posted by sokalsondha — Tue Mar 19, 2024 9:42 am
Statistics: Posted by infabo — Tue Mar 19, 2024 9:29 am
:put [/system/resource/get uptime]11w2d15:59:17
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 9:26 am
Statistics: Posted by Thasaidon — Tue Mar 19, 2024 9:21 am
Statistics: Posted by tangent — Tue Mar 19, 2024 9:16 am
/ip firewall address-listadd address=cloud.mikrotik.com list=mikrotik-cloudadd address=cloud2.mikrotik.com list=mikrotik-cloud/ip firewall mangleadd action=mark-routing chain=prerouting comment="mark routing gia ddns" \ dst-port=15252 new-routing-mark=dsl passthrough=no protocol=udpadd action=mark-routing chain=output comment="mark routing gia ddns" \ dst-address-list=mikrotik-cloud log=yes new-routing-mark=dsl passthrough=\ no /routing tableadd disabled=no fib name=lteadd disabled=no fib name=dsl/routing ruleadd action=lookup disabled=no routing-mark=dsl table=dsl/ip routeadd disabled=no distance=20 dst-address=0.0.0.0/0 gateway=pppoe-out1 \ pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.188.1 \ pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.188.1 \ pref-src=0.0.0.0 routing-table=lte scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=dsl \ suppress-hw-offload=no
Statistics: Posted by sted — Tue Mar 19, 2024 9:14 am
Statistics: Posted by johnson73 — Tue Mar 19, 2024 9:13 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 9:09 am
Statistics: Posted by AndiiiHD — Tue Mar 19, 2024 9:01 am
Statistics: Posted by tangent — Tue Mar 19, 2024 8:53 am
#notfixed - it's getting ridiculous..*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
Statistics: Posted by konstantinas — Tue Mar 19, 2024 8:44 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:42 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:39 am
Statistics: Posted by teleport — Tue Mar 19, 2024 8:31 am
Statistics: Posted by Hassan512 — Tue Mar 19, 2024 8:30 am
7.15beta6
In Proxmox VE VNC shows Starting services...
Unable to access the system.
Statistics: Posted by stmx38 — Tue Mar 19, 2024 8:30 am
:put [/system/resource/get uptime11w2d15:59:17]
Statistics: Posted by loloski — Tue Mar 19, 2024 8:19 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:03 am
Statistics: Posted by tangent — Tue Mar 19, 2024 7:22 am
put "Uptime: $[:if ([:len [:find [/system resource get uptime] "w"]] != 0) do={([:pick [/system resource get uptime] 0 ([:find [/system resource get uptime] "w"])] *7 + [:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"] -1) ([:find [/system resource get uptime] "d"])])} else={[:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"]-1) ([:find [/system resource get uptime] "d"])]}] days"
Uptime: days;Uptime: 18 days
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 7:15 am
[admin@MikroTik] /ip/upnp> print enabled: yes allow-disable-external-interface: no show-dummy-rule: yes[admin@MikroTik] /ip/upnp/interfaces> printColumns: INTERFACE, TYPE# INTERFACE TYPE 0 ether1 external1 bridge internal[admin@MikroTik] /ip/firewall> filter printFlags: X - disabled, I - invalid; D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 2 ;;; defconf: drop invalid chain=input action=drop connection-state=invalid log=no log-prefix="" 3 ;;; defconf: accept ICMP chain=input action=accept protocol=icmp log=no log-prefix="" 4 ;;; defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 5 ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN log=no log-prefix="" 6 ;;; UPnP Devices (1900) chain=input action=drop protocol=udp src-address-list=!UPnPdevices dst-port=1900 log=no log-prefix="" 7 ;;; UPnP Devices (2828) chain=input action=drop protocol=tcp src-address-list=!UPnPdevices dst-port=2828 log=no log-prefix="" 8 ;;; defconf: accept in ipsec policy chain=forward action=accept ipsec-policy=in,ipsec 9 ;;; defconf: accept out ipsec policy chain=forward action=accept ipsec-policy=out,ipsec 10 ;;; defconf: fasttrack chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix="" 11 ;;; defconf: accept established,related, untracked chain=forward action=accept connection-state=established,related,untracked 12 ;;; defconf: drop invalid chain=forward action=drop connection-state=invalid log=no log-prefix="" 13 ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix="" [admin@MikroTik] /ip/firewall> nat printFlags: X - disabled, I - invalid; D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none 1 ;;; Hairpin NAT chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface-list=LAN log=no log-prefix="" 2 ;;; Caddy chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=50443 protocol=tcp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 3 ;;; Plex chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=32400 protocol=tcp in-interface-list=WAN dst-port=42300 log=no log-prefix="" 4 ;;; Wireguard UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=51820 protocol=udp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 5 ;;; Mumble TCP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=tcp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 6 ;;; Mumble UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=udp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 7 ;;; Syncthing TCP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 8 ;;; Syncthing UDP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=udp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 9 ;;; SFTP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=60222 log=no log-prefix=""
Statistics: Posted by BinaryTB — Tue Mar 19, 2024 7:05 am
/ip firewall natadd action=masquerade chain=srcnat comment="wireguard: masquerade" \ out-interface=bridge src-address=192.168.100.0/24
Statistics: Posted by rplant — Tue Mar 19, 2024 6:24 am
:put ([:deserialize from=json value=$jsonData]->"result"->"content")
# https://github.com/Winand/mikrotik-json-parser:global JSONLoads:put ([$JSONLoads $jsonData]->"result"->"content")
Statistics: Posted by trkk — Tue Mar 19, 2024 6:14 am
Statistics: Posted by teleport — Tue Mar 19, 2024 5:07 am
Statistics: Posted by KingRichard — Tue Mar 19, 2024 4:56 am
[@MikroTik] > ping [:resolve checkipv6.dedyn.io] SEQ HOST SIZE TTL TIME STATUS 0 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 1 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 2 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 3 2804::pub:ipv6 104 64 89ms653us address unreachable
[@MikroTik] > ipv6/firewall/filter/print 2 ;;; defconf: accept ICMPv6 chain=input action=accept protocol=icmpv6 log=no log-prefix=""
PS > ping checkipv6.dedyn.ioAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=239ms
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:34 am
Statistics: Posted by hjf — Tue Mar 19, 2024 4:32 am
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:27 am
Statistics: Posted by sirca — Tue Mar 19, 2024 4:26 am
cake-diffserv=diffserv4 cake-flowmode=dual-[src/dst]host cake-nat=yes
cake-diffserv=besteffort cake-flowmode=triple-isolate cake-nat=no
Statistics: Posted by mke — Tue Mar 19, 2024 4:14 am
Statistics: Posted by inteq — Tue Mar 19, 2024 4:08 am
Statistics: Posted by jlpedrosa — Tue Mar 19, 2024 4:06 am
[admin@MikroTik_CRS317] /system/health> printColumns: NAME, VALUE, TYPE# NAME VALUE TYPE0 cpu-temperature 35 C 1 fan1-speed 3765 RPM 2 fan2-speed 3720 RPM 3 psu1-state ok 4 psu2-state ok [admin@MikroTik_CRS317] /system/health>
Statistics: Posted by sirca — Tue Mar 19, 2024 4:03 am
Statistics: Posted by kevinds — Tue Mar 19, 2024 3:42 am
Statistics: Posted by tovi — Tue Mar 19, 2024 3:02 am
Statistics: Posted by anav — Tue Mar 19, 2024 2:43 am
Statistics: Posted by robkampen — Tue Mar 19, 2024 2:40 am
# 2024-03-18 19:38:06 by RouterOS 7.12.2# model = C52iG-5HaxD2HaxD/interface bridgeadd admin-mac=XXXXXXXX auto-mac=no comment=defconf name=bridge/interface wifiwave2set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40/80mhz configuration.mode=ap .ssid="Mikro5g" \ disabled=no security.authentication-types=wpa2-psk,wpa3-pskset [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-E74BB0 \ disabled=no security.authentication-types=wpa2-psk,wpa3-psk/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=default-dhcp ranges=10.0.1.10-10.0.1.254/ip dhcp-serveradd address-pool=default-dhcp disabled=yes interface=bridge lease-time=8h \ name=defconf/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wifi1add bridge=bridge comment=defconf interface=wifi2add bridge=bridge comment=defconf interface=ether1/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=\ LAN wan-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=LANadd interface=wireguard1 list=LAN/interface wireguard peersadd allowed-address=192.168.100.2/32 interface=wireguard1 public-key=\ "XXXXXXXXXXXXXXXXXXXXX"/ip addressadd address=10.0.1.0/24 comment=defconf interface=bridge network=10.0.1.0add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0/ip dhcp-client# DHCP client can not run on slave or passthrough interface!add comment=defconf interface=ether1/ip dhcp-server networkadd address=10.0.1.0/24 comment=defconf dns-server=10.0.1.1 gateway=10.0.1.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=10.0.1.1 comment=defconf disabled=yes name=router.lan/ip firewall filteradd action=accept chain=input comment="Allow wireguard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment="Allow wiregurad traffic" src-address=\ 192.168.100.0/24add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-ethernet protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-wireless protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ bridge protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=America/New_York/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
[Interface]PrivateKey = xxxxxxxxxxxxxxxxxxAddress = 192.168.100.2/32DNS = 192.168.100.1[Peer]PublicKey = xxxxxxxxxxxxxxxxxxxxAllowedIPs = 0.0.0.0/0Endpoint = xxxxxxxxxxxxxxxxxx
Statistics: Posted by badger — Tue Mar 19, 2024 1:59 am
ip firewall address-list:local update do={:do {:local data ([:tool fetch url=$url output=user as-value]->"data"):local array [find dynamic list=blacklist]:foreach value in=$array do={:set array (array,[get $value address])}:while ([:len $data]!=0) do={:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={:local ip ([:pick $data 0 [:find $data $delimiter]].$cidr):do {add list=blacklist address=$ip comment=$description timeout=1d} on-error={:do {set ($array->([:find $array $ip]-[:len $array]/2)) timeout=1d} on-error={}}}:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]}} on-error={:log warning "Address list <$description> update failed"}}$update url=https://www.spamhaus.org/drop/drop.txt description="Spamhaus DROP" delimiter=("\_")$update url=https://www.spamhaus.org/drop/edrop.txt description="Spamhaus EDROP" delimiter=("\_")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset description="firehol_level1" delimiter=("\n")
Statistics: Posted by UkRainUa — Tue Mar 19, 2024 1:56 am
Statistics: Posted by Cha0s — Tue Mar 19, 2024 1:49 am
Statistics: Posted by neki — Tue Mar 19, 2024 1:33 am
Statistics: Posted by jacobbailey — Tue Mar 19, 2024 1:28 am
Statistics: Posted by Scoox — Tue Mar 19, 2024 1:25 am