Statistics: Posted by Merrick — Fri Mar 15, 2024 7:16 am
/container env set key=NETINSTALL_NPK name=netinstall value="routeros-7.15beta6-arm.npk /app/images/zerotier-arm-7.15beta6.npk /app/images/wifi-qcom-ac-7.15beta6-arm.npk"
Statistics: Posted by Amm0 — Fri Mar 15, 2024 7:11 am
Statistics: Posted by miankamran7100 — Fri Mar 15, 2024 7:01 am
#!/bin/bash
set -e
NETINSTALL_ADDR="${NETINSTALL_ADDR:="192.168.88.1"}"
ROSARCH="${NETINSTALL_ARCH:="arm"}"
PKGS="${NETINSTALL_NPK:="routeros"}"
ROSVER="${NETINSTALL_VER:="7.12.1"}"
NPKLIST=$(for i in $(ls `for p in $PKGS; do echo "/app/images/$p-$ROSVER-$ROSARCH.npk"; done`); do echo $i; done)
NPKARG="${NPKLIST//$'\n'/ }"
echo $PKGS
echo $NPKLIST
echo $NPKARG
exec /app/qemu-i386-static /app/netinstall-cli -b -r -a $NETINSTALL_ADDR $NPKARG
Statistics: Posted by Amm0 — Fri Mar 15, 2024 7:00 am
Statistics: Posted by BatsirayiM — Fri Mar 15, 2024 6:41 am
Statistics: Posted by Sabbir404 — Fri Mar 15, 2024 6:38 am
/interface bridge filteradd action=drop chain=input in-interface-list=!MGMT
Statistics: Posted by tangent — Fri Mar 15, 2024 6:37 am
Statistics: Posted by Sabbir404 — Fri Mar 15, 2024 6:33 am
and not on the WAN interface?
Would be wise/safe to add another G address on the WAN interface (say <my_prefix>::/2)?
Statistics: Posted by tangent — Fri Mar 15, 2024 6:26 am
Statistics: Posted by ahnow — Fri Mar 15, 2024 6:10 am
/interface bridgeadd igmp-snooping=yes name=bridge vlan-filtering=yes/interface bondingadd comment="proxmox link aggregate eth 2+3" mode=802.3ad name=bonding1 slaves=ether2,ether3 transmit-hash-policy=layer-2-and-3/dude set enabled=yes/interface bridge portadd bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether1add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=ether8add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether9 pvid=200add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether10 pvid=200add bridge=bridge interface=sfp-sfpplus1 trusted=yesadd bridge=bridge interface=bonding1add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether6add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=50/interface bridge vlanadd bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99/ip dhcp-client add interface=bridge/ip dns set servers=192.168.1.1/system clock set time-zone-name=Europe/Amsterdam/system note set show-at-login=no/system routerboard settings set enter-setup-on=delete-key
Statistics: Posted by tangent — Fri Mar 15, 2024 6:07 am
Statistics: Posted by wsantos — Fri Mar 15, 2024 5:38 am
if [[ $(uname -m) =~ (i[1-6]86|amd64) ]]; then exec /app/netinstall-cli $NETINSTALL_ARGS "-a" $NETINSTALL_ADDR /app/images/$NETINSTALL_NPKelse exec /app/qemu-i386-static /app/netinstall-cli $NETINSTALL_ARGS "-a" $NETINSTALL_ADDR /app/images/$NETINSTALL_NPKfi
Statistics: Posted by Amm0 — Fri Mar 15, 2024 5:36 am
Statistics: Posted by tangent — Fri Mar 15, 2024 5:29 am
Statistics: Posted by DeathRat — Fri Mar 15, 2024 5:07 am
Statistics: Posted by Turbovix — Fri Mar 15, 2024 4:56 am
[@MikroTik] > interface/bridge/export/interface bridgeadd comment=defconf name=bridge_LAN port-cost-mode=shortadd comment=defconf name=bridge_WiFi port-cost-mode=short/interface bridge portadd bridge=bridge_LAN comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether5 internal-path-cost=10 path-cost=10add bridge=bridge_WiFi comment=defconf interface=wifi_5GHz internal-path-cost=10 path-cost=10add bridge=bridge_WiFi comment=defconf interface=wifi_2GHz internal-path-cost=10 path-cost=10add bridge=bridge_LAN interface=veth1
[@MikroTik] > ip address/export/ip addressadd address=192.168.8.1/24 comment="defconf - LAN Bridge" interface=bridge_LAN network=192.168.8.0add address=192.168.9.1/24 comment="WiFi Bridge" interface=bridge_WiFi network=192.168.9.0
[@MikroTik] > interface/list/export/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment="Interface list for WiFi bridge" name=LAN_WiFi/interface list memberadd comment="defconf - LAN interface list for LAN bridge" interface=bridge_LAN list=LANadd comment=defconf interface=ether1_WAN list=WANadd comment="WiFi interface list for WiFi bridge" interface=bridge_WiFi list=LAN_WiFi
[@MikroTik] > ip dhcp-server/export/ip dhcp-serveradd address-pool=dhcp_LAN interface=bridge_LAN lease-time=1d name=defconf_LANadd address-pool=dhcp_WiFi interface=bridge_WiFi lease-time=1d name=WiFi_DHCP/ip dhcp-server networkadd address=192.168.8.0/24 comment="defconf - LAN DHCP Configuration" dns-server=192.168.8.1 gateway=192.168.8.1 netmask=24add address=192.168.9.0/24 comment="WiFi DHCP configuration" dns-server=192.168.8.1 gateway=192.168.9.1 netmask=24
[@MikroTik] > ip firewall/filter/export/ip firewall filteradd action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
Statistics: Posted by diasdm — Fri Mar 15, 2024 4:53 am
Statistics: Posted by llity — Fri Mar 15, 2024 4:39 am
Statistics: Posted by Amm0 — Fri Mar 15, 2024 4:32 am
Statistics: Posted by volga629 — Fri Mar 15, 2024 4:31 am
Statistics: Posted by Amm0 — Fri Mar 15, 2024 4:23 am
Statistics: Posted by koja2k7 — Fri Mar 15, 2024 3:54 am
Statistics: Posted by AusTikuser — Fri Mar 15, 2024 2:53 am
[admin@MikroTikLTE] > /interface lte firmware-upgrade lte1 installed: R11e-LTE6_V036 latest: R11e-LTE6_V038
Statistics: Posted by miku — Fri Mar 15, 2024 2:33 am
# 2024-03-08 10:04:35 by RouterOS 7.14# software id = **ELIDED**## model = C53UiG+5HPaxD2HPaxD# serial number = **ELIDED**/interface bridgeadd admin-mac=**ELIDED** auto-mac=no comment=defconf name=bridge \ port-cost-mode=short vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="LINK 1" name=ether1-LINK-1-VIAset [ find default-name=ether2 ] comment="LINK 2" name=ether2-LINK-2-TIM-4Gset [ find default-name=ether5 ] name=ether5-SWITCH-TPLINK/interface wireguardadd listen-port=13232 mtu=1420 name=wireguard2/interface vlanadd interface=bridge name=vlan1-starlink-10 vlan-id=10add interface=bridge name=vlan2-cft-20 vlan-id=20add interface=bridge name=vlan3-iot-30 vlan-id=30add interface=bridge name=vlan4-gerencia-50 vlan-id=50add interface=bridge name=vlan5-servers-80 vlan-id=80add interface=bridge name=vlan6-wifi-visitantes-100 vlan-id=100/interface pppoe-clientadd allow=chap,mschap1,mschap2 dial-on-demand=yes disabled=no interface=\ ether1-LINK-1-VIA name=pppoe-VIA user=**ELIDED**/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment="LINKS INTERNET" name=WAN-LINKSadd name=Interfaces-Segurasadd name=VLAN-30/interface wifi channeladd band=5ghz-ax disabled=no name=ch-5-ax skip-dfs-channels=all width=\ 20/40/80mhzadd band=5ghz-ac disabled=no name=ch-5-ac skip-dfs-channels=all width=\ 20/40mhzadd band=2ghz-n disabled=no name=ch-2-n width=20mhzadd band=2ghz-ax disabled=no name=ch-2-ax width=20mhz/interface wifi datapathadd bridge=bridge disabled=no name=data-starlinkadd client-isolation=yes disabled=no name=data-visitantes vlan-id=100/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \ name=starlinkadd authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \ name=starlink-visitantes/interface wifi configurationadd channel=ch-2-ax comment=CONF-STARLINK country=Brazil datapath=\ data-starlink disabled=no mode=ap name=cfg-2-starlink-ax security=\ starlink ssid=STARLINKadd channel=ch-2-ax comment=CONF-VISITANTES country=Brazil datapath=\ data-visitantes disabled=no mode=ap name=cfg-2-visitantes-ax security=\ starlink-visitantes ssid=STARLINK_VISITANTESadd channel=ch-5-ax comment=CONF-STARLINK country=Brazil datapath=\ data-starlink disabled=no mode=ap name=cfg-5-starlink-ax security=\ starlink ssid=STARLINKadd channel=ch-5-ax comment=CONF-VISITANTES country=Brazil datapath=\ data-visitantes disabled=no mode=ap name=cfg-5-visitantes-ax security=\ starlink-visitantes ssid=STARLINK_VISITANTESadd channel=ch-5-ac comment=CONF-VISITANTES country=Brazil datapath=\ data-visitantes disabled=no mode=ap name=cfg-5-visitantes-ac security=\ starlink-visitantes ssid=STARLINK_VISITANTESadd channel=ch-5-ac comment=CONF-STARLINK country=Brazil datapath=\ data-starlink disabled=no mode=ap name=cfg-5-starlink-ac security=\ starlink ssid=STARLINKadd channel=ch-2-n comment=CONF-VISITANTES country=Brazil datapath=\ data-visitantes disabled=no mode=ap name=cfg-2-visitantes-n security=\ starlink-visitantes ssid=STARLINK_VISITANTESadd channel=ch-2-n comment=CONF-STARLINK country=Brazil datapath=\ data-starlink disabled=no mode=ap name=cfg-2-starlink-n security=starlink \ ssid=STARLINK/interface wifiset [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \ configuration=cfg-5-starlink-ax configuration.manager=local .mode=ap \ disabled=noset [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \ configuration=cfg-2-starlink-ax configuration.manager=local .mode=ap \ disabled=no/ip firewall layer7-protocoladd name=YouTube regexp="^.+(youtube.com).*\$"add comment=Facebook name=Facebook regexp="^.+(facebook.com).*\$"/ip kid-controladd disabled=yes fri=0s-1d mon=5h-22h name=Pedro rate-limit=100M sat=0s-1d \ sun=5h-22h thu=5h-22h tue=5h-22h wed=5h-22hadd disabled=yes fri=7h-12h5m name=Marcio rate-limit=100M thu=7h-9h27madd disabled=yes fri=0s-1d mon=5h-22h name="TV - Pedro" rate-limit=100M sat=\ 0s-1d sun=5h-22h thu=5h-22h tue=5h-22h wed=5h-22hadd disabled=yes fri=0s-1d mon=4h-22h name=DELL rate-limit=100m sat=0s-1d \ sun=4h-22h thu=4h-22h tue=4h-22h wed=4h-22hadd disabled=yes fri=0s-1d mon=5h-22h name="Notebook - Pedro" rate-limit=100M \ sat=0s-1d sun=5h-22h thu=5h-22h tue=5h-22h wed=5h-22h/ip pooladd name=dhcp-bridge-local ranges=192.168.88.2-192.168.88.254add name=WireGuard-VPN ranges=10.50.0.0/24add name=dhcp_pool-vlan-gerencia ranges=50.50.50.2-50.50.50.6add name=dhcp_pool13 ranges=20.20.20.2-20.20.20.14add name=dhcp_pool14 ranges=30.30.30.2-30.30.30.14add name=dhcp_pool15 ranges=80.80.80.2-80.80.80.14add name=dhcp_pool16 ranges=100.100.100.2-100.100.100.14add name=dhcp_pool17 ranges=10.10.10.2-10.10.10.254/ip dhcp-serveradd add-arp=yes address-pool=dhcp-bridge-local interface=bridge lease-time=\ 10m name=defconfadd address-pool=dhcp_pool-vlan-gerencia interface=vlan4-gerencia-50 name=\ dhcp-vlan-gerencia-50add address-pool=dhcp_pool13 interface=vlan2-cft-20 name=dhcp1add address-pool=dhcp_pool14 interface=vlan3-iot-30 name=dhcp2add address-pool=dhcp_pool15 interface=vlan5-servers-80 name=dhcp3add address-pool=dhcp_pool16 interface=vlan6-wifi-visitantes-100 name=dhcp4add address-pool=dhcp_pool17 interface=vlan1-starlink-10 name=dhcp5/queue simpleadd max-limit=20M/20M name=Controle-Banda-Wifi-Visitante target=10.10.10.0/26add disabled=yes max-limit=1M/1M name=Controle-Banda-VPN target=""add dst=ether2-LINK-2-TIM-4G max-limit=1k/1k name=\ "Limita o tr\E1fego do YOUTUBE" packet-marks=mc_youtube target=""add comment="CONTROLE DE BANDA" disabled=yes max-limit=100M/200M name=\ Controle-Banda-VIA-100M queue=pcq-upload-default/pcq-download-default \ target=""/interface bridge portadd bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether5-SWITCH-TPLINK \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \ path-cost=10add bridge=bridge disabled=yes interface=*10 pvid=100add bridge=bridge disabled=yes interface=*11 pvid=100/interface bridge settingsset use-ip-firewall=yes use-ip-firewall-for-vlan=yes/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=!WAN-LINKS/ipv6 settingsset max-neighbor-entries=8192/interface bridge vlanadd bridge=bridge comment="-------------- VLAN WIFI HOME --------------" \ tagged=bridge,ether5-SWITCH-TPLINK vlan-ids=10add bridge=bridge comment="-------------- VLAN GERENCIA -------------" \ tagged=bridge,ether5-SWITCH-TPLINK vlan-ids=50add bridge=bridge comment="-------------- VLAN VISITANTES -------------" \ tagged=bridge,ether5-SWITCH-TPLINK vlan-ids=100add bridge=bridge comment="-------------- VLAN IOT -------------" tagged=\ bridge,ether5-SWITCH-TPLINK vlan-ids=30add bridge=bridge comment="-------------- VLAN SERVERS -------------" tagged=\ bridge,ether5-SWITCH-TPLINK vlan-ids=80add bridge=bridge comment="-------------- VLAN CFTV -------------" tagged=\ bridge,ether5-SWITCH-TPLINK vlan-ids=20/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1-LINK-1-VIA list=WANadd comment=defconf interface=ether1-LINK-1-VIA list=WAN-LINKSadd interface=pppoe-VIA list=WAN-LINKSadd interface=ether2-LINK-2-TIM-4G list=WAN-LINKSadd interface=pppoe-VIA list=WANadd interface=bridge list=Interfaces-Segurasadd interface=*A list=LANadd interface=wireguard2 list=LANadd interface=*10 list=VLAN-30add interface=*11 list=VLAN-30add interface=vlan3-iot-30 list=VLAN-30/interface wifi capsmanset package-path="" require-peer-certificate=no upgrade-policy=none/interface wifi provisioningadd action=create-dynamic-enabled disabled=yes master-configuration=\ cfg-5-visitantes-ac slave-configurations=cfg-2-starlink-n \ supported-bands=5ghz-ac/interface wireguard peersadd allowed-address=0.0.0.0/0 comment="Mikrotik-CHR-V7-Oracle -" \ endpoint-address=XX.XX.XX.XX endpoint-port=13232 interface=wireguard2 \ persistent-keepalive=20s public-key=\ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=192.168.100.2/24 interface=wireguard2 network=192.168.100.0add address=100.100.100.1/28 interface=vlan6-wifi-visitantes-100 network=\ 100.100.100.0add address=192.168.0.2 interface=ether2-LINK-2-TIM-4G network=192.168.0.1add address=50.50.50.1/29 interface=vlan4-gerencia-50 network=50.50.50.0add address=10.10.10.1/24 interface=vlan1-starlink-10 network=10.10.10.0add address=30.30.30.1/28 interface=vlan3-iot-30 network=30.30.30.0add address=20.20.20.1/28 interface=vlan2-cft-20 network=20.20.20.0add address=80.80.80.1/28 interface=vlan5-servers-80 network=80.80.80.0/ip arpadd address=192.168.88.6 comment="//// Poco - Marcio ////" interface=bridge \ mac-address=88:52:EB:77:5D:C8add address=192.168.88.12 comment="//// Poco - Pedro ////" interface=bridge \ mac-address=A4:55:90:DA:1F:26add address=192.168.88.66 interface=bridge mac-address=5A:00:XX:BC:FE:C7add address=192.168.88.11 comment="//// Notebook - Pedro ////" interface=\ bridge mac-address=0A:D1:6F:9B:DD:62add address=192.168.88.91 comment="//// OPI-02(HA - Node-red) ////" \ interface=bridge mac-address=6E:6E:F6:D3:58:0Badd address=192.168.88.90 comment="//// OPI-01- (Esp-Home - Frigate ) ////" \ interface=bridge mac-address=2E:2B:1A:EC:47:AFadd address=192.168.88.92 comment="//// OPI-03 - (Traccar) ////" interface=\ bridge mac-address=86:2C:1A:E7:F8:63add address=192.168.88.51 comment="//// TV - Casal ////" disabled=yes \ interface=bridge mac-address=E8:F2:E2:3B:B6:3Eadd address=192.168.88.47 comment=XBOX interface=bridge mac-address=\ 28:18:78:82:F6:99add address=192.168.88.15 comment="//// Redmi - Christiane ////" interface=\ bridge mac-address=1C:CC:D6:0A:13:3Aadd address=192.168.88.93 interface=bridge mac-address=02:03:92:53:F7:8Fadd address=192.168.88.68 comment=ESP-Garagem interface=bridge mac-address=\ C4:5B:BE:65:6E:37add address=192.168.88.13 comment=Amazon interface=bridge mac-address=\ 44:D5:CC:ED:9B:49add address=192.168.88.33 comment="//// Alexa Quarto do Pedro ////" \ interface=bridge mac-address=2C:71:FF:F9:1B:C9add address=192.168.88.249 comment="//// Camera Xiaov ////" interface=bridge \ mac-address=B4:FB:E3:28:77:CAadd address=192.168.88.247 comment="//// Camera Xiaov ////" interface=bridge \ mac-address=B4:FB:E3:28:65:B4add address=192.168.88.3 comment=ESP32-C3-Bat interface=bridge mac-address=\ 7C:DF:A1:B6:4B:E0add address=192.168.88.199 comment=T-Relay interface=bridge mac-address=\ 44:17:93:4B:27:74add address=192.168.88.67 comment=KC868-A4-Garagem interface=bridge \ mac-address=C4:DD:57:C7:78:F4add address=192.168.88.188 interface=bridge mac-address=2E:2B:1A:EC:47:AFadd address=192.168.88.88 comment=OpenSuse-HA interface=bridge mac-address=\ 64:1C:67:A0:43:8Badd address=192.168.88.50 comment="//// Fire Stik ////" interface=bridge \ mac-address=90:39:5F:A3:A3:E7add address=192.168.88.45 comment="//// Hub Tuya ////" interface=bridge \ mac-address=50:8A:06:3C:12:DFadd address=192.168.88.186 comment="//// Adaptador Wifi Epson ////" \ interface=bridge mac-address=2A:1F:E4:2C:25:EFadd address=192.168.88.161 comment=\ "//// notebook - starlink 2.4 - epson ////" interface=bridge mac-address=\ 58:00:E3:BC:71:C7add address=192.168.88.164 comment="//// Dell - Ethernet ////" interface=\ bridge mac-address=84:7B:EB:FD:CF:CDadd address=192.168.88.177 comment="//// EspHome - Mini - APC220 ////" \ interface=bridge mac-address=98:CD:AC:30:47:04add address=192.168.88.179 comment=ESP32-C3 interface=bridge mac-address=\ D2:BF:75:94:3A:8Badd address=192.168.88.34 comment="//// Alexa 4 - Sala ////" interface=bridge \ mac-address=90:39:5F:EF:91:D3add address=192.168.88.78 interface=bridge mac-address=00:80:92:D0:F2:24add address=192.168.88.180 comment=ESP32-Lora-Lilygo interface=bridge \ mac-address=E8:6B:EA:25:20:88add address=192.168.88.7 comment="//// E1 Pro - Garagem - WIFI - 5Ghz ////" \ interface=bridge mac-address=38:C8:04:46:AD:E0add address=192.168.88.74 comment="//// Reolink -Lado Direito ////" \ interface=bridge mac-address=EC:71:DB:A3:51:74add address=192.168.88.89 comment=RPI3-01 interface=bridge mac-address=\ B8:27:EB:DB:37:B1add address=192.168.88.233 interface=bridge mac-address=28:C2:DD:3B:DD:85add address=192.168.88.100 comment="//// Router INTELBRAS ////" interface=\ bridge mac-address=80:8F:E8:9E:44:E2add address=192.168.88.75 comment="//// Reolink - Lado Esquerdo ////" \ interface=bridge mac-address=EC:71:DB:8E:AC:86add address=192.168.88.8 interface=bridge mac-address=EC:71:DB:95:FF:5Aadd address=50.50.50.3 interface=vlan4-gerencia-50 mac-address=\ 48:8F:5A:0A:74:60/ip dhcp-clientadd comment=defconf interface=ether1-LINK-1-VIA/ip dhcp-server leaseadd address=192.168.88.67 comment="//// kc868-a4 - EPS32 ////" mac-address=\ 58:00:E3:BC:71:C7 server=defconf use-src-mac=yesadd address=192.168.88.247 client-id=1:b4:fb:e3:28:65:b4 mac-address=\ B4:FB:E3:28:65:B4 server=defconfadd address=192.168.88.249 client-id=1:b4:fb:e3:28:77:ca mac-address=\ B4:FB:E3:28:77:CA server=defconfadd address=192.168.88.51 client-id=1:e8:f2:e2:3b:b6:3e comment=\ "//// TV - Casal ////" mac-address=E8:F2:E2:3B:B6:3E server=defconf \ use-src-mac=yesadd address=192.168.88.52 client-id=1:40:2f:86:31:30:e0 comment=\ "//// TV LG - Pedro ////" mac-address=40:2F:86:31:30:E0 server=defconf \ use-src-mac=yesadd address=192.168.88.47 client-id=1:28:18:78:82:f6:99 comment=XBOX \ mac-address=28:18:78:82:F6:99 server=defconfadd address=192.168.88.10 client-id=1:b8:27:eb:97:aa:21 mac-address=\ B8:27:EB:97:AA:21 server=defconfadd address=192.168.88.69 client-id=1:14:de:39:81:b9:9e comment=\ "//// Huawei - Router ////" mac-address=14:DE:39:81:B9:9E server=defconfadd address=192.168.88.12 client-id=1:56:d3:de:79:f4:63 comment=\ "//// Poco PHST ////" mac-address=56:D3:DE:79:F4:63 server=defconf \ use-src-mac=yesadd address=192.168.88.15 client-id=1:1c:cc:d6:a:13:3a comment=\ "//// Redmi - Christiane ////" mac-address=1C:CC:D6:0A:13:3A server=\ defconfadd address=192.168.88.65 comment="//// Tuya Smart Inc. ////" mac-address=\ 50:8A:06:3C:12:DF server=defconfadd address=192.168.88.222 comment="//// Alexa - Sala ////" mac-address=\ 90:A8:22:0D:76:EE server=defconfadd address=192.168.88.30 comment="//// Tuya Smart Inc. ////" mac-address=\ 84:E3:42:B8:13:4C server=defconfadd address=192.168.88.31 comment="//// Tuya Smart Inc. ////" mac-address=\ 84:E3:42:B8:B9:72 server=defconfadd address=192.168.88.28 comment=" ////Tuya Smart Inc. ////" mac-address=\ 84:E3:42:BE:17:D7 server=defconfadd address=192.168.88.5 comment="////Alexa - Casal ////" mac-address=\ 34:AF:B3:16:53:97 server=defconfadd address=192.168.88.3 client-id=1:7c:df:a1:b6:4b:e0 comment=ESP32-C3-Bat \ mac-address=7C:DF:A1:B6:4B:E0 server=defconfadd address=192.168.88.13 comment="//// Alexa Cozinha ////" mac-address=\ 44:D5:CC:ED:9B:49 server=defconfadd address=192.168.88.78 client-id=1:0:80:92:d0:f2:24 comment=\ "//// Silex Technology, Inc. ////" mac-address=00:80:92:D0:F2:24 server=\ defconfadd address=192.168.88.6 comment="//// Poco - Marcio ////" mac-address=\ 88:52:EB:77:5D:C8 server=defconf use-src-mac=yesadd address=192.168.88.11 comment="//// Notebook - Pedro ////" mac-address=\ 00:D7:6D:9B:F7:62 server=defconf use-src-mac=yesadd address=192.168.88.90 comment=OPI-01 mac-address=2E:2B:1A:EC:47:AF \ server=defconf use-src-mac=yesadd address=192.168.88.92 mac-address=86:2C:1A:E7:F8:63 server=defconf \ use-src-mac=yesadd address=192.168.88.93 comment=TANIX-TX6 mac-address=02:03:92:53:F7:8F \ server=defconf use-src-mac=yesadd address=192.168.88.68 comment=ESP-Garagem mac-address=C4:5B:BE:65:6E:37 \ server=defconf use-src-mac=yesadd address=192.168.88.188 mac-address=2E:2B:1A:EC:47:AF server=defconfadd address=192.168.88.91 comment="//// OPI-02 (HA - Node-red) ////" \ mac-address=6E:6E:F6:D3:58:0B server=defconfadd address=192.168.88.88 comment=TKC-01 mac-address=64:1C:67:A0:43:8B \ server=defconfadd address=192.168.88.50 comment="//// Fire Stick ////" mac-address=\ 90:39:5F:A3:A3:E7 server=defconfadd address=192.168.88.168 comment="//// Adaptador wifi Epson ////" \ mac-address=2A:1F:E4:2C:25:EF server=defconfadd address=192.168.88.161 comment="//// Notebook- starlink 2.4 - epson ////" \ mac-address=58:00:E3:BC:71:C7 server=defconfadd address=192.168.88.164 comment="//// Dell - Ehernet ////" mac-address=\ 84:7B:EB:FD:CF:CD server=defconfadd address=192.168.88.177 comment="//// EspHome - Mini - APC220 ////" \ mac-address=98:CD:AC:30:47:04 server=defconfadd address=192.168.88.179 comment=ESP32-C3 mac-address=D2:BF:75:94:3A:8B \ server=defconfadd address=192.168.88.34 comment="//// Alexa 4 - Sala ////" mac-address=\ 90:39:5F:EF:91:D3 server=defconfadd address=192.168.88.180 comment=ESP32-Lora-Lilygo mac-address=\ E8:6B:EA:25:20:88 server=defconfadd address=192.168.88.74 client-id=1:ec:71:db:a3:51:74 comment=\ "//// Reolink - Lado Direito ////" mac-address=EC:71:DB:A3:51:74 server=\ defconfadd address=192.168.88.89 comment=RPI3-01 mac-address=B8:27:EB:DB:37:B1 \ server=defconfadd address=192.168.88.233 mac-address=28:C2:DD:3B:DD:85 server=defconfadd address=192.168.88.100 comment="//// Router INTELBRAS ////" mac-address=\ 80:8F:E8:9E:44:E2 server=defconf use-src-mac=yesadd address=192.168.88.75 comment="//// Reolink - Lado Esquerdo ////" \ mac-address=EC:71:DB:8E:AC:86 server=defconfadd address=192.168.88.33 comment="//// Alexa Quarto Pedro ////" mac-address=\ 2C:71:FF:F9:1B:C9 server=defconfadd address=192.168.88.8 client-id=1:ec:71:db:95:ff:5a mac-address=\ EC:71:DB:95:FF:5A server=defconfadd address=192.168.88.16 client-id=1:50:91:e3:d9:48:6c mac-address=\ 50:91:E3:D9:48:6C server=defconfadd address=192.168.88.14 client-id=1:38:c8:4:29:f2:a9 mac-address=\ 38:C8:04:29:F2:A9 server=defconfadd address=192.168.88.7 client-id=1:38:c8:4:46:ad:e0 comment=\ "E1-PRO - GARAGEM" mac-address=38:C8:04:46:AD:E0 server=defconfadd address=50.50.50.3 client-id=1:48:8f:5a:a:74:60 comment=\ "----------------------------- CAP-ac-01 -----------------------------" \ mac-address=48:8F:5A:0A:74:60 server=dhcp-vlan-gerencia-50/ip dhcp-server networkadd address=10.1.0.0/29 gateway=10.1.0.0add address=10.10.10.0/26 gateway=10.10.10.1add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1add address=10.20.20.0/28 gateway=10.20.20.0add address=10.30.30.0/26 gateway=10.30.30.0add address=10.50.50.0/28 gateway=10.50.50.0add address=10.90.90.0/29 dns-server=8.8.4.4 gateway=10.90.90.0add address=10.90.90.0/28 dns-server=192.168.88.91 gateway=10.90.90.1add address=20.20.20.0/28 dns-server=20.20.20.1 gateway=20.20.20.1add address=30.30.30.0/28 dns-server=30.30.30.1 gateway=30.30.30.1add address=50.50.50.0/29 dns-server=50.50.50.1 gateway=50.50.50.1add address=80.80.80.0/28 dns-server=80.80.80.1 gateway=80.80.80.1add address=100.100.100.0/28 dns-server=100.100.100.1 gateway=100.100.100.1add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1add address=192.168.90.0/28 dns-server=192.168.88.91 gateway=192.168.90.1/ip dnsset allow-remote-requests=yes cache-max-ttl=1d servers=192.168.88.91,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lanadd address=192.168.88.91 comment=defconf name=router.lan/ip firewall address-listadd address=192.168.88.161 list=" (SUPORTE-WINBOX)"add address=50.50.50.4 list=" (SUPORTE-WINBOX)"add list=PORTSCANadd address=50.50.50.3 list=" (SUPORTE-WINBOX)"/ip firewall filteradd action=jump chain=forward comment="jump to kid-control rules" \ jump-target=kid-controladd action=add-dst-to-address-list address-list=SITES-BLOQUEADOS-LINK2-TIM \ address-list-timeout=5m chain=forward comment=\ "Adiciona ips do facebook no link 2 em uma blacklist " disabled=yes log=\ yes protocol=tcp tls-host=*facebook*add action=drop chain=forward comment="Drop no youtube pelo link 2 (TIM)" \ dst-address-list=SITES-BLOQUEADOS-LINK2-TIMadd action=drop chain=forward comment="DROP YOUTUBE LINK-2" disabled=yes \ layer7-protocol=YouTube log=yes log-prefix="TOUTUBE BLOQUEADO NO LINK 2"add action=accept chain=forward comment="LIBERA YOUTUBE LINK-1" \ layer7-protocol=YouTube out-interface=pppoe-VIAadd action=fasttrack-connection chain=forward comment="***********************\ ***** HABILITA O FASTTRACKER ****************************" disabled=yes \ hw-offload=yes in-interface=pppoe-VIA out-interface=bridgeadd action=add-src-to-address-list address-list=PORTSCAN \ address-list-timeout=1w chain=input comment="PEGA MALANDRO - PORTSCAN" \ dst-port=23,25,80,110,1723,53,44,1883 in-interface-list=WAN-LINKS \ protocol=tcpadd action=add-src-to-address-list address-list=PORTSCAN \ address-list-timeout=1w chain=input comment="DETECTA - PORTSCAN" \ in-interface-list=WAN-LINKS protocol=tcp psd=21,3s,3,1add action=drop chain=input comment="-------------------------- CONEXOES INVAL\ IDAS - DROP --------------------------" connection-state=invalid \ log-prefix="Conexoes Invalidas"add action=accept chain=input comment=\ "ACEITA CONEXOES: estabelecidas,relacionadas" connection-state=\ established,relatedadd action=jump chain=input comment="ICMP - Passe pelo Controle - Chain ICMP" \ in-interface-list=WAN-LINKS jump-target=ICMP protocol=icmpadd action=accept chain=ICMP comment="ACEITA: ICMP - Echo Reply " \ icmp-options=0:0-255 limit=10,5:packet protocol=icmpadd action=accept chain=ICMP comment="ICMP - Destination Unreachable" \ icmp-options=3:0-255 limit=10,5:packet protocol=icmpadd action=accept chain=ICMP comment="ICMP - Time Exceeded" icmp-options=\ 11:0-255 limit=10,5:packet protocol=icmpadd action=accept chain=ICMP comment="ACEITA: ICMP - Echo Request" \ icmp-options=8:0-255 limit=10,5:packet protocol=icmpadd action=drop chain=ICMP comment="ICMP - ALL - DROP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=tarpit chain=input in-interface-list=WAN-LINKS log=yes protocol=\ tcp psd=21,3s,3,1add action=accept chain=input comment="(LIBERA ACESSO AO WINBOX)" log=yes \ src-address-list=" (SUPORTE-WINBOX)"add action=accept chain=input comment=\ "(LIBERA ACESSO AO WINBOX - IPS LIBERADOS)" dst-port=25476 \ in-interface-list=WAN-LINKS protocol=tcp src-address-list=IPs-liberadosadd action=accept chain=input comment="-----------------------LIBERA PORTA DO \ WIREGUARD-------------------------" dst-port=13231 protocol=udpadd action=accept chain=input comment="-----------------------LIBERA PORTA DO \ WIREGUARD2-------------------------" dst-port=13232 protocol=udpadd action=accept chain=input comment=\ "-------------- LIBERA COM. WIREGUARD ----------------" dst-address=\ 192.168.88.0/24 src-address=192.168.100.0/24add action=accept chain=input comment=\ "-------------- LIBERA COM. WIREGUARD ----------------" dst-address=\ 192.168.100.0/24 src-address=192.168.88.0/24add action=add-src-to-address-list address-list=PORTA-1 address-list-timeout=\ 5s chain=input comment="PORTKNOCKING - PORTA-1" dst-port=35621 \ in-interface-list=WAN-LINKS log=yes protocol=tcpadd action=add-src-to-address-list address-list=PORTA-2 address-list-timeout=\ 5s chain=input comment="PORTKNOCKING - PORTA-2" dst-port=24987 \ in-interface-list=WAN-LINKS log=yes protocol=tcp src-address-list=PORTA-1add action=add-src-to-address-list address-list=IPs-liberados \ address-list-timeout=10m chain=input comment="PORTKNOCKING - IP-LIBERADO" \ dst-port=41687 in-interface-list=WAN-LINKS log=yes protocol=tcp \ src-address-list=PORTA-2add action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - 1 ########" address-list-timeout=1m chain=\ input comment="TENTATIVA LOGIN -1" connection-state=new dst-port=\ 1701,8728 in-interface-list=WAN-LINKS log=yes protocol=udpadd action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - 1 ########" address-list-timeout=1m chain=\ input comment="TENTATIVA LOGIN - 1 - TCP" connection-state=new dst-port=\ 25476 in-interface-list=WAN-LINKS log=yes protocol=tcpadd action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - 2 ########" address-list-timeout=1m chain=\ input comment="TEMTATIVA LOGIN - 2" connection-state=new dst-port=\ 1701,8728 in-interface-list=WAN-LINKS log=yes protocol=udp \ src-address-list="TENTATIVA LOGIN - 1"add action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - 2 ########" address-list-timeout=1m chain=\ input comment="TEMTATIVA LOGIN - 2 - TCP" connection-state=new dst-port=\ 25476 in-interface-list=WAN-LINKS log=yes protocol=tcp src-address-list=\ "TENTATIVA LOGIN - 1"add action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - BLOQUEADO ########" address-list-timeout=1h \ chain=input comment="TENTATIVA LOGIN - BLOQUEADA" connection-state=new \ dst-port=1701,8728 in-interface-list=WAN-LINKS log=yes log-prefix=\ "TENTATIVA DE LOGIN - BLOQUEADA" protocol=udp src-address-list=\ "TENTATIVA LOGIN - 2"add action=add-src-to-address-list address-list=\ "######## TENTATIVA LOGIN - BLOQUEADO ########" address-list-timeout=1h \ chain=input comment="TENTATIVA LOGIN - BLOQUEADA - TCP" connection-state=\ new dst-port=25476 in-interface-list=WAN-LINKS log=yes log-prefix=\ "TENTATIVA DE LOGIN - BLOQUEADA - TCP" protocol=tcp src-address-list=\ "TENTATIVA LOGIN - 2"add action=drop chain=input comment=\ "######## TENTATIVA DE LOGIN - DROP ########" log=yes log-prefix=\ "DROP - TENTATIVA DE LOGIN" src-address-list=\ "TENTATIVA LOGIN - BLOQUEADO"add action=drop chain=input comment=\ "######## TUDO QUE N\C3O VENHA DA LAN: DROP ########" in-interface-list=\ !LAN log-prefix="Nao vem da LAN"add action=drop chain=forward comment=\ "######## ISOLA REDE VIVISITANTE/LAN ########" connection-state="" \ disabled=yes dst-address=192.168.88.0/24 log=yes log-prefix=\ "Isola rede visitantes" out-interface-list=!LAN src-address=10.10.10.0/26add action=fasttrack-connection chain=forward comment=\ "######## defconf: fasttrack ########" connection-state=\ established,related hw-offload=yesadd action=accept chain=forward comment=\ "######## defconf: accept established,related, untracked ########" \ connection-state=established,relatedadd action=reject chain=forward comment="TESTE LAN" disabled=yes dst-address=\ 100.100.100.12 reject-with=icmp-network-unreachable src-address=\ 30.30.30.2add action=drop chain=forward comment=\ "######## defconf: drop all from WAN not DSTNATed ########" \ connection-nat-state=!dstnat connection-state=new in-interface-list=\ WAN-LINKSadd action=drop chain=input comment=\ "######## DROP - GERAL - LIKS 1, 2 ########" in-interface-list=WAN-LINKS \ log=yes log-prefix="drop geral links 1, 2"/ip firewall mangleadd action=mark-packet chain=forward comment=\ "########Marcar paquetes de YouTube ########" connection-mark=mc_youtube \ new-packet-mark=mc_youtube passthrough=noadd action=mark-connection chain=forward comment=\ "######## Marcar conexiones de YouTube ########" connection-mark=no-mark \ layer7-protocol=YouTube new-connection-mark=mc_youtube passthrough=yes/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat comment=\ "######## MASQ. - TRAFEGO - LINKS - WAN ########" ipsec-policy=out,none \ out-interface-list=WAN-LINKSadd action=masquerade chain=srcnat comment=\ "######## MASQ. - TRAFEGO WIREGUARD ########" ipsec-policy=out,none \ out-interface=wireguard2add action=dst-nat chain=dstnat comment="######## PORT KNOCKING ########" \ dst-port=59272 in-interface-list=WAN-LINKS protocol=tcp src-address-list=\ IPs-liberados to-addresses=192.168.88.1 to-ports=25476add action=dst-nat chain=dstnat comment=\ "######## Porta - 1883 - MQTT ########" dst-port=1883 in-interface-list=\ WAN-LINKS protocol=tcp src-address=204.216.162.246 to-addresses=\ 192.168.88.88 to-ports=1883add action=dst-nat chain=dstnat comment=\ "######## Porta - 5055 - SATVIX ########" disabled=yes dst-port=5055 \ in-interface-list=WAN-LINKS log=yes log-prefix="NAT - Porta 5055" \ protocol=tcp to-addresses=192.168.88.92add action=dst-nat chain=dstnat comment=\ "######## Porta - 5013 - SATVIX ########" disabled=yes dst-port=5013 \ in-interface-list=WAN-LINKS log=yes log-prefix="NAT - Porta 5013 - Xing" \ protocol=tcp to-addresses=192.168.88.92add action=dst-nat chain=dstnat comment=\ "######## Porta - 5027 - SATVIX - Teltonika ########" disabled=yes \ dst-port=5027 in-interface-list=WAN-LINKS log=yes log-prefix=\ "NAT - Porta 5027 - Teltonika" protocol=tcp to-addresses=192.168.88.92add action=dst-nat chain=dstnat comment=\ "######## Direciona para o OPI-01 ########" disabled=yes dst-port=80 \ in-interface=pppoe-VIA log=yes log-prefix="NAT - Direciona para o OPI-01" \ protocol=tcp to-addresses=192.168.88.90add action=dst-nat chain=dstnat comment=\ "######## Direciona para o Winbox ########" disabled=yes dst-port=9272 \ in-interface=pppoe-VIA log=yes log-prefix="NAT - Porta Winbox2" protocol=\ tcp src-address-list=IPs-liberados to-addresses=192.168.88.1 to-ports=\ 25476add action=masquerade chain=srcnat comment=\ "######## Masquerade LTE ########" disabled=yes out-interface=wireguard2add action=masquerade chain=srcnat disabled=yes out-interface-list=VLAN-30/ip kid-control deviceadd mac-address=58:00:E3:BC:71:C7 name=DELL user=DELLadd mac-address=40:2F:86:31:30:E0 name="LG - PHST" user=Pedroadd mac-address=88:52:EB:77:5D:C8 name="MAC - real - Poco Marcio " user=\ Marcioadd mac-address=A4:55:90:DA:1F:26 name="MAC - real - Poco PHST" user=Pedro/ip routeadd comment="monitora 8.8.8.8 via link 1 - VIA" disabled=no distance=1 \ dst-address=8.8.8.8/32 gateway=pppoe-VIA pref-src="" routing-table=main \ scope=10 suppress-hw-offload=noadd comment="monitora 1.1.1.1 via link 2 - TIM" disabled=no distance=1 \ dst-address=1.1.1.1/32 gateway=192.168.0.1 pref-src="" routing-table=main \ scope=10 suppress-hw-offload=no target-scope=10add check-gateway=ping comment="Rota principal - VIA" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=main \ scope=30 suppress-hw-offload=no target-scope=11add check-gateway=ping comment="Rota Secund\E1ria" disabled=no distance=2 \ dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=main \ scope=30 suppress-hw-offload=no target-scope=11/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api port=25576set winbox port=25476set api-ssl disabled=yes/ipv6 addressadd address=::cafe from-pool=pda-ipv6 interface=bridge/ipv6 dhcp-clientadd add-default-route=yes interface=pppoe-VIA pool-name=pda-ipv6 request=\ prefix use-peer-dns=no/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=jump chain=forward comment="jump to kid-control rules" \ jump-target=kid-controladd action=add-dst-to-address-list address-list=\ SITES-BLOQUEADOS-LINK2-TIM-IPV6 address-list-timeout=4w2d chain=forward \ comment="Bloqueia o youtube no link 2 TIM" disabled=yes protocol=tcp \ tls-host=*youtube*add action=drop chain=forward comment="Drop no youtube pelo link 2 (TIM)" \ disabled=yes dst-address-list="SITES-BLOQUEADOS-LINK-2-TIM-(IPV6)"add action=accept chain=input comment="Libera porta Wireguard" disabled=yes \ dst-port=13231 protocol=udpadd action=drop chain=forward connection-state=new in-interface-list=\ WAN-LINKS log=yes log-prefix=IPV6-Dropadd action=drop chain=input connection-state=new in-interface-list=WAN-LINKS \ log=yes log-prefix=drop-ipv6-input/ipv6 firewall natadd action=masquerade chain=srcnat disabled=yes out-interface-list=WAN-LINKS/routing bfd configurationadd disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5/system clockset time-zone-autodetect=no time-zone-name=America/Sao_Paulo/system identityset name=hAP-AX3/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=a.ntp.bradd address=b.ntp.br/system scriptadd dont-require-permissions=no name=backup-email owner=Turbovix-Mk policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ global nome [/system identity get name]\r\ \n:global data [/system clock get date]\r\ \n:global hora [/system clock get time]\r\ \n/system backup save name=HapX3;\r\ \n/tool e-mail send to=\"mkmt.es@gmail.com\" subject=\"Backup Mikrotik - H\ apX3\" file=HapX3.backup body=\"Segue em anexo o arquivo de backup da \$no\ me realizado em \$data as \$hora\";\r\ \n:log info \"Backup e-mail sent.\94;"add dont-require-permissions=no name=envia-backup-gmail owner=Turbovix-Mk \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source=":global nome [/system identity get name]\r\ \n:global data [/system clock get date]\r\ \n:global hora [/system clock get time]\r\ \n/export file=HapX3.rsc;\r\ \n/tool e-mail send to=\"mkmt.es@gmail.com\" subject=\"Backup HapX3\" file\ =HapX3.rsc body=\"Segue anexo o backup da \$nome realizado em \$data as \$\ hora\";\r\ \n:log info \"Backup e-mail sent.\";"/tool e-mailset from="<**** MIKROTIK-HapX3 ****>" port=587 server=smtp.gmail.com tls=\ starttls user=mkmt.es@gmail.com/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool netwatch **ELIDED**/tool romonset id=XXXXXXXXXXXXXXXX/tool romon portset [ find default=yes ] forbid=yesadd disabled=no interface=ether5-SWITCH-TPLINK
Statistics: Posted by Turbovix — Fri Mar 15, 2024 2:19 am
Statistics: Posted by rutman286 — Fri Mar 15, 2024 2:16 am
Statistics: Posted by enricosm60 — Fri Mar 15, 2024 2:14 am
Statistics: Posted by ThomasG — Fri Mar 15, 2024 2:03 am
If you have public address directly on router, you can skip DDNS and use this as DHCP lease script:For dynamic WANIPs the dst nat rule usually has something like in-interface-list=WAN, which we replace with dst-address-list=external_wan
where externel_wan is a firewall address list entry with an address=DDNSname
:if ($bound=1) do={ /ip firewall address-list set [/ip firewall address-list find where comment="wan1ip"] address=$"lease-address" disabled=no} else={ /ip firewall address-list set [/ip firewall address-list find where comment="wan1ip"] disabled=yes}
/ip firewall address-listadd comment=wan1ip disabled=yes list=external_wan
Statistics: Posted by MakroTok — Fri Mar 15, 2024 2:02 am
Statistics: Posted by irrwitzer — Fri Mar 15, 2024 2:00 am
# 2024-03-15 00:39:13 by RouterOS 7.14.1# software id = XXXXXX## model = RB4011iGS+# serial number = XXXXXX/interface bridgeadd igmp-snooping=yes name=bridge vlan-filtering=yes/interface bondingadd comment="proxmox link aggregate eth 2+3" mode=802.3ad name=bonding1 slaves=\ ether2,ether3 transmit-hash-policy=layer-2-and-3/interface listadd name=WANadd name=LAN/portset 0 name=serial0set 1 name=serial1/dudeset enabled=yes/interface bridge portadd bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether1add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=ether8add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether9 pvid=200add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether10 pvid=200add bridge=bridge interface=sfp-sfpplus1 trusted=yesadd bridge=bridge interface=bonding1add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether6add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether7 pvid=50/interface bridge vlanadd bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99/interface list memberadd interface=ether1 list=LANadd interface=ether2 list=LANadd interface=ether3 list=LANadd interface=ether4 list=LANadd interface=ether5 list=LANadd interface=ether6 list=LANadd interface=ether7 list=LANadd interface=ether8 list=LANadd interface=ether9 list=LANadd interface=ether10 list=LANadd interface=sfp-sfpplus1 list=LAN/ip dhcp-clientadd interface=bridge/ip dnsset servers=192.168.1.1/system clockset time-zone-name=Europe/Amsterdam/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-key
It's best to post your new configuration whole rather than simply report that it's "fixed" by some standard, so we don't have to mentally integrate my partially-mistargeted advice with your prior configuration. It lets us start from the same basis point again.
Statistics: Posted by Howard7 — Fri Mar 15, 2024 1:46 am
Statistics: Posted by Railander — Fri Mar 15, 2024 1:40 am
Statistics: Posted by diasdm — Fri Mar 15, 2024 1:00 am
Statistics: Posted by jt2530 — Fri Mar 15, 2024 12:49 am
Statistics: Posted by devnull0 — Fri Mar 15, 2024 12:39 am
Statistics: Posted by Railander — Fri Mar 15, 2024 12:30 am
Statistics: Posted by Railander — Fri Mar 15, 2024 12:16 am
Statistics: Posted by Larsa — Thu Mar 14, 2024 11:59 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 11:57 pm
Statistics: Posted by reza388 — Thu Mar 14, 2024 11:53 pm
please don't muddy the water.
Problem is: where do you define the bounds. Characters like / : \ can also cause trouble. People have used date/time as part of a filename and ran into "inexplicable problems". At least that does not happen anymore.
Statistics: Posted by ormandj — Thu Mar 14, 2024 11:36 pm
Statistics: Posted by gilljr — Thu Mar 14, 2024 11:23 pm
i found the answer somewhere (on reddit i think, but can't find the link) the CRS310-1G-5S-4S+IN fan is only able to handle two different fan states. These are OFF and ON (with max speed). Its not controllable in any other way. So you should set the "fan min speed percent" value to 0 again i.e. set the value back to 0% from 12%. This fixed it for me now. Fan only spins on startup then gets off. Sadly SwitchOS does not have this feature so its max noise there and i am forced to use RouterOS.Same here, 7.14.1, the CRS310-5S-4S+ is running full speed. No tweaking of the values seem to fix this, it's 13K RPM continuously. Mikrotik, please fix this!
Statistics: Posted by iustin — Thu Mar 14, 2024 11:22 pm
Statistics: Posted by pfturner — Thu Mar 14, 2024 11:18 pm
Statistics: Posted by compayquinto — Thu Mar 14, 2024 11:13 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 10:48 pm
Statistics: Posted by tdw — Thu Mar 14, 2024 10:47 pm
I have the same issue. After some tinkering pihole started to work again, but one other container had to be reinstalled, something got corrupted. Be careful with this update if you run containers.Help, this update broke my containers. I just get "execve: No such file or directory" in the log on both of my containers when I try to start them.
Here are the relevant settings:
The containers are on a USB drive that seems to be working fine. What's the error, how can I get them working again?
Statistics: Posted by dzievamarcos — Thu Mar 14, 2024 10:45 pm
Statistics: Posted by ringrring — Thu Mar 14, 2024 10:43 pm
Statistics: Posted by valnik — Thu Mar 14, 2024 10:40 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 10:35 pm
[admin@BL-RT-1] /routing/isis/interface-template> ../lsp/printFlags: I - inactive 0 instance=isis-ins-1 level=l1 lsp-id="30ce.cdef.0001.00-00" age=978 checksum=0x3A24 sequence=0x4 body= areas: 49310 nlpid: IP is-reach: 30ce.cdef.0001.01 20 ip-reach: 172.30.100.0/28 20 ip-reach: 172.30.100.0/28 1 is-reach-ext: 30ce.cdef.0001.01 20 ip-reach-ext: 172.30.100.0/28 20 172.30.100.0/28 1 1 instance=isis-ins-1 level=l1 lsp-id="30ce.cdef.0001.01-00" age=978 checksum=0xAD2 sequence=0x2 body= is-reach: 30ce.cdef.0001.00 0 30de.cdef.0002.00 0 is-reach-ext: 30ce.cdef.0001.00 0 30de.cdef.0002.00 0 2 instance=isis-ins-1 level=l1 lsp-id="30de.cdef.0002.00-00" age=1005 checksum=0x73DA sequence=0x3 body= areas: 49310 nlpid: IP is-reach: 30ce.cdef.0001.01 20 ip-reach: 172.30.100.0/28 20 ip-reach: 172.30.100.0/28 1 is-reach-ext: 30ce.cdef.0001.01 20 ip-reach-ext: 172.30.100.0/28 20 172.30.100.0/28 1 3 instance=isis-ins-1 level=l2 lsp-id="30ce.cdef.0001.00-00" age=1122 checksum=0xAF81 sequence=0x3 body= areas: 49310 nlpid: IP is-reach: 30ce.cdef.0001.01 20 ip-reach: 172.30.100.0/28 20 172.30.100.0/28 21 ip-reach: 172.30.100.0/28 1 is-reach-ext: 30ce.cdef.0001.01 20 ip-reach-ext: 172.30.100.0/28 20 172.30.100.0/28 21 172.30.100.0/28 1 4 instance=isis-ins-1 level=l2 lsp-id="30ce.cdef.0001.01-00" age=1122 checksum=0xECD sequence=0x1 body= is-reach: 30ce.cdef.0001.00 0 30de.cdef.0002.00 0 is-reach-ext: 30ce.cdef.0001.00 0 30de.cdef.0002.00 0 5 instance=isis-ins-1 level=l2 lsp-id="30de.cdef.0002.00-00" age=1149 checksum=0xE838 sequence=0x2 body= areas: 49310 nlpid: IP is-reach: 30ce.cdef.0001.01 20 ip-reach: 172.30.100.0/28 20 172.30.100.0/28 21 ip-reach: 172.30.100.0/28 1 is-reach-ext: 30ce.cdef.0001.01 20 ip-reach-ext: 172.30.100.0/28 20 172.30.100.0/28 21 172.30.100.0/28 1/ip/route/printFlags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, i - IS-IS, d - DHCP; H - HW-OFFLOADEDColumns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCEDAd 0.0.0.0/0 10.41.100.1 1DAc 10.41.100.0/24 MGMT-V313-eth4 0DAc 172.25.100.5/32 lo 0DIiH 172.30.100.0/28 172.30.100.4%D-L2-br0 115DAc 172.30.100.0/28 D-L2-br0@C-L2-DCI 0[admin@BL-RT-1] /routing/isis/interface-template> ../instance/printFlags: X - disabled, I - inactive 0 name="isis-ins-1" vrf=C-L2-DCI afi=ip system-id="30ce.cdef.0001" areas=49.3100 l1.redistribute=connected l2.redistribute=connected
[admin@BL-RT-1] /routing/isis/interface-template> /ip/route/print detailFlags: D - dynamic; X - disabled, I - inactive, A - active;c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn;H - hw-offloaded; + - ecmp DAd dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.41.100.1 immediate-gw=10.41.100.1%MGMT-V313-eth4 distance=1 scope=30 target-scope=10 vrf-interface=MGMT-V313-eth4 suppress-hw-offload=no DAc dst-address=10.41.100.0/24 routing-table=main gateway=MGMT-V313-eth4 immediate-gw=MGMT-V313-eth4 distance=0 scope=10 suppress-hw-offload=no local-address=10.41.100.144%MGMT-V313-eth4 DAc dst-address=172.25.100.5/32 routing-table=main gateway=lo immediate-gw=lo distance=0 scope=10 suppress-hw-offload=no local-address=172.25.100.5%lo[b] DIiH dst-address=172.30.100.0/28 routing-table=main gateway=172.30.100.4%D-L2-br0 distance=115 scope=20 target-scope=10 suppress-hw-offload=no[/b] DAc dst-address=172.30.100.0/28 routing-table=C-L2-DCI gateway=D-L2-br0@C-L2-DCI immediate-gw=D-L2-br0 distance=0 scope=10 suppress-hw-offload=no local-address=172.30.100.5%D-L2-br0@C-L2-DCI
Statistics: Posted by volga629 — Thu Mar 14, 2024 10:33 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 10:29 pm
:if ($routewan1 = "true") do ={
with:if ($routewan1 = "true") do={
Statistics: Posted by optio — Thu Mar 14, 2024 10:22 pm
/interface bridgeadd admin-mac=48:A9:8A:86:FA:B5 auto-mac=no comment=defconf ingress-filtering=no name=bridge pvid=10 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] l2mtu=1560set [ find default-name=ether2 ] l2mtu=1560set [ find default-name=ether3 ] l2mtu=1560set [ find default-name=ether4 ] l2mtu=1560/interface wifiwave2set [ find default-name=wifi1 ] channel.band=2ghz-n .frequency=2437 .skip-dfs-channels=10min-cac .width=20/40mhz-Ce configuration.country=Taiwan .mode=ap .ssid="xxx" \ datapath.bridge=bridge .vlan-id=10 disabled=no security.authentication-types=wpa2-psk .disable-pmkid=yes .encryption=ccmp,gcmp .group-key-update=1d .wps=disableadd configuration.mode=ap .ssid="yyy" datapath.bridge=bridge .vlan-id=40 disabled=no mac-address=4A:A9:8A:86:FA:B8 master-interface=wifi1 name=wifi2 security.authentication-types=wpa2-psk \.disable-pmkid=yes .encryption=ccmp .group-key-update=1d .wps=disable/interface vlanadd interface=bridge name=vlan10-main vlan-id=10add interface=bridge name=vlan40-guest vlan-id=40/interface bridge portadd bridge=bridge comment=defconf interface=ether2 pvid=10add bridge=bridge comment=defconf interface=ether3 pvid=40add bridge=bridge comment=defconf interface=wifi1 pvid=10add bridge=bridge interface=ether1 pvid=10add bridge=bridge interface=wifi2 pvid=40/ip neighbor discovery-settingsset discover-interface-list=all/interface bridge vlanadd bridge=bridge tagged=bridge,ether1,ether2,wifi1 vlan-ids=10add bridge=bridge tagged=bridge,ether1,ether2,ether3,wifi2 vlan-ids=40/ip addressadd address=192.168.10.4/24 interface=vlan10-main network=192.168.10.0/ip dnsset servers=192.168.10.1/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-table=main suppress-hw-offload=no/system ntp client serversadd address=194.146.251.100add address=194.146.251.101
Statistics: Posted by JL2000 — Thu Mar 14, 2024 10:19 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 10:16 pm
Statistics: Posted by Larsa — Thu Mar 14, 2024 10:01 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 10:01 pm
Statistics: Posted by optio — Thu Mar 14, 2024 9:59 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 9:53 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 9:49 pm
Statistics: Posted by optio — Thu Mar 14, 2024 9:43 pm
Statistics: Posted by scottvd — Thu Mar 14, 2024 9:39 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 9:35 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 9:35 pm
Statistics: Posted by tangent — Thu Mar 14, 2024 9:34 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 9:33 pm
/interface ethernet switch portset 0 default-vlan-id=1 vlan-mode=fallbackset 1 default-vlan-id=1 vlan-mode=fallbackset 2 vlan-mode=secure/interface ethernet switch vlanadd independent-learning=yes ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=20
/interface bridge portprintFlags: X - DISABLED, I - INACTIVE; H - HW-OFFLOADColumns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON;;; defconf0 H ether1 bridge yes 1 0x80 10 10 none;;; defconf1 IH ether2 bridge yes 1 0x80 10 10 none;;; defconf2 X wlan1 (uplink 2.4GHz) bridge 1 0x80 10 10 none;;; defconf3 I wlan2 (5GHz) bridge 20 0x80 10 10 none4 I wlan3 (2.4GHz) bridge 1 0x80 10 10 none5 eoip-tunnel1 bridge 1 0x80 10 10 none6 wlan4 (emoji 5GHz) bridge 20 0x80 none
/interface bridge portset 6 pvid=20
/interface bridgeset 0 vlan-filtering=yes/interface bridge vlanadd bridge=bridge tagged=bridge,ether1,ether2 untagged="wlan2 (5GHz),wlan4 (emoji 5GHz)" vlan-ids=20
Statistics: Posted by xrlls — Thu Mar 14, 2024 9:26 pm
$ echo 'C:\WINDOWS' | iconv -f utf-8 -t shift-jis | iconv -f shift-jis -t utf-8iconv: iconv(): Illegal byte sequenceC:%
But that is still beside the point. Prohibiting spaces in file names breaks compatibility
Statistics: Posted by tangent — Thu Mar 14, 2024 9:24 pm
Statistics: Posted by mada3k — Thu Mar 14, 2024 9:23 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 9:22 pm
Statistics: Posted by anav — Thu Mar 14, 2024 9:15 pm
--server SERVER Specify a server ID to test against. Can be supplied multiple times --exclude EXCLUDE Exclude a server from selection. Can be supplied multiple times --json Suppress verbose output, only show basic information in JSON format. Speeds listed in bit/s and not affected by --bytes
Statistics: Posted by toffifee — Thu Mar 14, 2024 9:13 pm
Statistics: Posted by jonah1810 — Thu Mar 14, 2024 9:08 pm
Statistics: Posted by Amm0 — Thu Mar 14, 2024 9:05 pm
Statistics: Posted by ringrring — Thu Mar 14, 2024 9:02 pm
Statistics: Posted by robmaltsystems — Thu Mar 14, 2024 8:46 pm
Statistics: Posted by holvoetn — Thu Mar 14, 2024 8:37 pm