Statistics: Posted by mtkvvv — Wed Mar 27, 2024 6:25 am
Statistics: Posted by joshuapl — Wed Mar 27, 2024 6:18 am
Statistics: Posted by loloski — Wed Mar 27, 2024 5:34 am
Statistics: Posted by DeDMorozzzz — Wed Mar 27, 2024 5:22 am
Statistics: Posted by djferdinad — Wed Mar 27, 2024 5:12 am
Statistics: Posted by anav — Wed Mar 27, 2024 4:43 am
Statistics: Posted by anav — Wed Mar 27, 2024 4:39 am
Statistics: Posted by anav — Wed Mar 27, 2024 4:32 am
Statistics: Posted by anav — Wed Mar 27, 2024 4:30 am
Anyhow, and this is what's important: port 5 and 7 stopped working when device restarted with version v7.14.1What's new in 7.12.2 (2023-Dec-20 10:41):
(factory only release)
(...)
1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.
(...)
[admin@MikroTik] > /interface ethernet monitor sfp-sfpplus5 once name: sfp-sfpplus5 status: link-ok auto-negotiation: disabled rate: 1Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR sfp-supported: 1G-baseX sfp-module-present: yes sfp-rx-loss: no sfp-tx-fault: no sfp-type: SFP/SFP+/SFP28/SFP56 sfp-connector-type: LC sfp-link-length-om1: 150m sfp-link-length-om2: 300m sfp-vendor-name: FINISAR CORP. sfp-vendor-part-number: FTRJ8519P1BNL-PT sfp-vendor-revision: A sfp-vendor-serial: 07J0PWF sfp-manufacturing-date: 05-05-02 sfp-wavelength: 850nm eeprom-checksum: good eeprom: 0000: 03 04 07 00 00 00 01 20 40 0c 05 01 0d 00 00 00 ....... @....... 0010: 1e 0f 00 00 46 49 4e 49 53 41 52 20 43 4f 52 50 ....FINI SAR CORP 0020: 2e 20 20 20 00 00 90 65 46 54 52 4a 38 35 31 39 . ...e FTRJ8519 0030: 50 31 42 4e 4c 2d 50 54 41 20 20 20 03 52 00 cf P1BNL-PT A .R.. 0040: 00 12 00 00 30 37 4a 30 50 57 46 20 20 20 20 20 ....07J0 PWF 0050: 20 20 20 20 30 35 30 35 30 32 20 20 00 90 01 fd 0505 02 .... 0060: 00 00 00 00 00 00 00 00 4a 34 38 35 38 44 20 31 ........ J4858D 1 0070: 39 39 30 2d 34 34 31 35 df 67 d8 da 53 be 35 6d 990-4415 .g..S.5m 0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ *
[admin@MikroTik] > /interface ethernet monitor sfp-sfpplus6 once name: sfp-sfpplus6 status: no-link auto-negotiation: done supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR sfp-supported: 1G-baseX advertising: 1G-baseX link-partner-advertising: sfp-module-present: yes sfp-rx-loss: yes sfp-tx-fault: no sfp-type: SFP/SFP+/SFP28/SFP56 sfp-connector-type: LC sfp-link-length-om1: 150m sfp-link-length-om2: 300m sfp-vendor-name: FINISAR CORP. sfp-vendor-part-number: FTRJ8519P1BNL-PT sfp-vendor-revision: A sfp-vendor-serial: 07J0PWG sfp-manufacturing-date: 05-05-02 sfp-wavelength: 850nm eeprom-checksum: good eeprom: 0000: 03 04 07 00 00 00 01 20 40 0c 05 01 0d 00 00 00 ....... @....... 0010: 1e 0f 00 00 46 49 4e 49 53 41 52 20 43 4f 52 50 ....FINI SAR CORP 0020: 2e 20 20 20 00 00 90 65 46 54 52 4a 38 35 31 39 . ...e FTRJ8519 0030: 50 31 42 4e 4c 2d 50 54 41 20 20 20 03 52 00 cf P1BNL-PT A .R.. 0040: 00 12 00 00 30 37 4a 30 50 57 47 20 20 20 20 20 ....07J0 PWG 0050: 20 20 20 20 30 35 30 35 30 32 20 20 00 90 01 fe 0505 02 .... 0060: 00 00 00 00 00 00 00 00 4a 34 38 35 38 44 20 31 ........ J4858D 1 0070: 39 39 30 2d 34 34 31 35 df 67 d8 da 53 be 35 6d 990-4415 .g..S.5m 0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ *
Statistics: Posted by melomac — Wed Mar 27, 2024 4:20 am
Statistics: Posted by diasdm — Wed Mar 27, 2024 3:57 am
Statistics: Posted by UkRainUa — Wed Mar 27, 2024 3:54 am
Columns: NAME, VERSION, BUILD-TIME, SIZE# NAME VERSION BUILD-TIME SIZE 0 routeros 7.14.1 2024-03-08 12:50:23 11.6MiB
Columns: NAME, VERSION, BUILD-TIME, SIZE# NAME VERSION BUILD-TIME SIZE 0 wifi-qcom-ac 7.14.1 2024-03-08 12:50:23 2916.1KiB1 routeros 7.14.1 2024-03-08 12:50:23 11.2MiB
[admin@MikroTik] > /export # 2024-03-27 01:43:13 by RouterOS 7.14.1# software id = GI7S-LL99## model = RB5009UPr+S+# serial number = HFF.../interface bridgeadd comment="LAN Local" ingress-filtering=no name=bridge_lan port-cost-mode=short vlan-filtering=yesadd comment="WLAN Bridge" name=wlan_bridge/interface ethernetset [ find default-name=ether1 ] poe-out=offset [ find default-name=ether4 ] poe-out=offset [ find default-name=ether7 ] disabled=yes poe-out=offset [ find default-name=ether8 ] disabled=yes poe-out=offset [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=sfp speed=2.5G-baseX/interface vlanadd interface=sfp name=vlan6 vlan-id=6add comment="IoT VLAN 10" interface=bridge_lan name=vlan10 vlan-id=10/interface pppoe-clientadd add-default-route=yes disabled=no interface=vlan6 name=pppoe-O2 user=pppoe_username/interface listadd name=WANadd name=LAN/interface wifi securityadd authentication-types=wpa3-psk disabled=no encryption=ccmp name="Default 2GHz"add authentication-types=wpa3-psk disabled=no encryption=ccmp name="Default 5GHz"/interface wifi configurationadd channel.band=5ghz-ac .width=20/40mhz country=Spain datapath.bridge=bridge_lan disabled=no mode=ap name="5 GHz+" security=\ "Default 5GHz" security.ft=yes ssid="5+"add channel.band=2ghz-n .width=20mhz country=Spain datapath.bridge=bridge_lan disabled=no mode=ap name="2.4 GHz" security=\ "Default 2GHz" ssid="2.4"add channel.band=2ghz-n .width=20mhz country=Spain datapath.bridge=bridge_lan disabled=no mode=ap name="2.4 GHz Copy" security=\ "Default 2GHz" ssid="2.4 Uplink"/interface wifiadd configuration="2.4 GHz" configuration.mode=ap .ssid="2.4" disabled=no name=WiFI_24_Bedroom radio-mac=<MAC_ADDRESS>:CC:66 \ security="Default 2GHz"add configuration="2.4 GHz" configuration.mode=ap disabled=no name=WiFI_24_Living_Room radio-mac=<MAC_ADDRESS>:C7:94 security=\ "Default 2GHz" security.encryption=""add configuration="5 GHz+" configuration.mode=ap disabled=no name=WiFi_5+_Bedroom radio-mac=<MAC_ADDRESS>:CC:68add configuration="5 GHz+" configuration.mode=ap disabled=no name=WiFi_5+_Living_Room radio-mac=<MAC_ADDRESS>:C7:96/interface wifi steeringadd disabled=no name="Steering 5GHz" neighbor-group="dynamic-5-bc32efd1" rrm=yes wnm=yes/interface wifi configurationadd channel.band=5ghz-ac .skip-dfs-channels=all .width=20/40mhz country=Spain datapath.bridge=bridge_lan disabled=no mode=ap name="5 GHz" \ security="Default 5GHz" security.ft=yes ssid="5"/interface wifiadd configuration="5 GHz" configuration.mode=ap disabled=no name=WiFi_5_Bedroom radio-mac=<MAC_ADDRESS>:CC:67add configuration="5 GHz" configuration.mode=ap disabled=no name=WiFi_5_Living_Room radio-mac=<MAC_ADDRESS>:C7:95 \ security.authentication-types="" .encryption=""/ip pooladd comment="Local Services - 10.0.0.2 to 10.0.0.19" name="Local services" ranges=10.0.0.2-10.0.0.19add comment="Local Devices - 10.0.0.20 to 10.0.10.254" name="Local devices" ranges=10.0.0.20-10.0.0.254add comment="VLAN10 - [10.0.10.20 to 10.0.10.254]" name="VLAN10 Devices" ranges=10.0.10.20-10.0.10.254/ip dhcp-serveradd address-pool="Local devices" comment="LAN local" interface=bridge_lan lease-time=1d name=dhcp1add address-pool="VLAN10 Devices" comment="IoT LAN" interface=vlan10 lease-time=1d name=dhcp2/user groupadd comment="mktxp prometheus export" name=mktxp policy=\ read,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api/interface bridge portadd bridge=bridge_lan interface=WiFI_24_Living_Roomadd bridge=bridge_lan interface=WiFi_5_Living_Roomadd bridge=bridge_lan interface=WiFi_5+_Living_Roomadd bridge=bridge_lan interface=WiFI_24_Bedroomadd bridge=bridge_lan interface=WiFi_5+_Bedroomadd bridge=bridge_lan interface=WiFi_5_Bedroomadd bridge=bridge_lan interface=LAN/ip firewall connection trackingset udp-timeout=10s/interface bridge vlanadd bridge=bridge_lan comment="IoT LAN" tagged=ether2,ether3,bridge_lan vlan-ids=10/interface detect-internetset detect-interface-list=all/interface list memberadd interface=pppoe-O2 list=WANadd interface=ether1 list=LANadd interface=ether2 list=LANadd interface=ether3 list=LANadd interface=ether4 list=LANadd interface=ether5 list=LANadd interface=ether6 list=LANadd interface=ether7 list=LANadd interface=ether8 list=LAN/interface wifi capset certificate=none discovery-interfaces=bridge_lan/interface wifi capsmanset ca-certificate=auto certificate=auto enabled=yes interfaces=bridge_lan package-path="" require-peer-certificate=no upgrade-policy=\ require-same-version/ip addressadd address=10.0.0.1/24 comment="Private subnet" interface=bridge_lan network=10.0.0.0add address=10.0.10.1/24 comment="IoT VLAN subnet" interface=vlan10 network=10.0.10.0/ip cloudset ddns-enabled=yes ddns-update-interval=10m/ip dhcp-server networkadd address=10.0.0.0/24 comment=LAN dns-server=10.0.0.1,10.0.0.3 gateway=10.0.0.1add address=10.0.10.0/24 comment=VLAN dns-server=10.0.10.1 gateway=10.0.10.1/ip firewall address-listadd address=10.0.0.2-10.0.0.254 list=allowed_to_router/ip firewall filteradd action=accept chain=input comment="Allow VLAN 10 access to router DoH UDP" dst-port=53 in-interface=vlan10 protocol=udpadd action=drop chain=input comment="Drop all input traffic from VLAN 10" src-address=10.0.10.0/24add action=drop chain=forward comment="Drop all traffic from VLAN 10 to LAN local" dst-address=10.0.0.0/24 src-address=10.0.10.0/24add action=accept chain=input comment="default configuration" connection-state=established,relatedadd action=accept chain=input src-address-list=allowed_to_routeradd action=accept chain=input protocol=icmpadd action=drop chain=input/ip firewall natadd action=redirect chain=dstnat dst-port=53 protocol=udpadd action=redirect chain=dstnat dst-port=53 protocol=tcpadd action=masquerade chain=srcnat out-interface=pppoe-O2/ip serviceset telnet disabled=yesset ftp address=10.0.0.0/24set www disabled=yesset ssh address=192.168.1.0/24 disabled=yesset www-ssl address=10.0.0.0/24,192.168.216.0/24 certificate=Webfig disabled=noset api disabled=yesset winbox address=10.0.0.0/24set api-ssl address=10.0.0.0/24/system clockset time-zone-name=Europe/Madrid/system noteset show-at-login=no
[admin@MikroTik] > /export# 2024-03-27 01:55:24 by RouterOS 7.14.1# software id = BVUP-2TEH## model = RBD25G-5HPacQD2HPnD# serial number = HCZ.../interface bridgeadd admin-mac=<MAC_ADDRESS>:C7:92 auto-mac=no comment=defconf name=wlan_bridge/interface wifi datapathadd bridge=wlan_bridge comment=defconf disabled=no name=capdp/interface wifi# managed by CAPsMAN# mode: AP, SSID: 2.4, channel: 2467/nset [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp disabled=no# managed by CAPsMAN# mode: AP, SSID: 5, channel: 5180/ac/Ceset [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp disabled=no# managed by CAPsMAN# mode: AP, SSID: 5+, channel: 5660/ac/Ceset [ find default-name=wifi3 ] configuration.manager=capsman datapath=capdp disabled=no/interface bridge portadd bridge=wlan_bridge comment=defconf interface=ether1add bridge=wlan_bridge comment=defconf interface=ether2/interface wifi capset discovery-interfaces=wlan_bridge enabled=yes slaves-datapath=capdp/ip dhcp-clientadd comment=defconf interface=wlan_bridge#error exporting "/ip/ssh" (timeout)/system clockset time-zone-name=Europe/Madrid/system noteset show-at-login=no
Statistics: Posted by synchro — Wed Mar 27, 2024 2:59 am
Statistics: Posted by mtkvvv — Wed Mar 27, 2024 2:58 am
Statistics: Posted by loloski — Wed Mar 27, 2024 2:58 am
Statistics: Posted by gunther01 — Wed Mar 27, 2024 2:48 am
Statistics: Posted by f008600 — Wed Mar 27, 2024 2:45 am
/caps-man channeladd extension-channel=Ce frequency=5180 name=5g-lowadd extension-channel=Ce frequency=5220 name=5g-medadd extension-channel=Ce frequency=5260 name=5g-highadd extension-channel=disabled frequency=2412 name=2g-low tx-power=10add extension-channel=disabled frequency=2437 name=2g-med tx-power=10add extension-channel=disabled frequency=2462 name=2g-high tx-power=10/caps-man configurationadd channel=2g-low datapath.bridge=bridge1 name=conf-2g-low security=security1 ssid=WiFiadd channel=2g-med datapath.bridge=bridge1 name=conf-2g-med security=security1 ssid=WiFiadd channel=2g-high datapath.bridge=bridge1 name=conf-2g-high security=security1 ssid=WiFiadd channel=5g-low datapath.bridge=bridge1 name=conf-5g-low security=security1 ssid=WiFi_5Gadd channel=5g-med datapath.bridge=bridge1 name=conf-5g-med security=security1 ssid=WiFi_5Gadd channel=5g-high datapath.bridge=bridge1 name=conf-5g-high security=security1 ssid=WiFi_5G/caps-man provisioningadd action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=".*-low\$" master-configuration=conf-2g-low name-format=prefix-identity name-prefix=2Gadd action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=".*-med\$" master-configuration=conf-2g-med name-format=prefix-identity name-prefix=2Gadd action=create-dynamic-enabled hw-supported-modes=gn identity-regexp=".*-high\$" master-configuration=conf-2g-high name-format=prefix-identity name-prefix=2Gadd action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=".*-low\$" master-configuration=conf-5g-low name-format=prefix-identity name-prefix=5Gadd action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=".*-med\$" master-configuration=conf-5g-med name-format=prefix-identity name-prefix=5Gadd action=create-dynamic-enabled hw-supported-modes=ac identity-regexp=".*-high\$" master-configuration=conf-5g-high name-format=prefix-identity name-prefix=5G
Statistics: Posted by Neolo — Wed Mar 27, 2024 2:35 am
Statistics: Posted by Amm0 — Wed Mar 27, 2024 2:22 am
Statistics: Posted by Amm0 — Wed Mar 27, 2024 2:09 am
Statistics: Posted by Josephny — Wed Mar 27, 2024 2:06 am
Statistics: Posted by Amm0 — Wed Mar 27, 2024 1:58 am
Statistics: Posted by mikrochad — Wed Mar 27, 2024 1:57 am
Statistics: Posted by Amm0 — Wed Mar 27, 2024 1:50 am
Statistics: Posted by jaclaz — Wed Mar 27, 2024 1:40 am
Statistics: Posted by hansfranz — Wed Mar 27, 2024 1:31 am
Statistics: Posted by jaclaz — Wed Mar 27, 2024 1:27 am
Statistics: Posted by SanchoHa — Wed Mar 27, 2024 1:26 am
Statistics: Posted by infabo — Wed Mar 27, 2024 1:21 am
Statistics: Posted by MakroTok — Wed Mar 27, 2024 12:56 am
Statistics: Posted by MakroTok — Wed Mar 27, 2024 12:30 am
Statistics: Posted by DyadyaGenya — Wed Mar 27, 2024 12:19 am
Statistics: Posted by anav — Wed Mar 27, 2024 12:14 am
Statistics: Posted by LeoNaXe — Wed Mar 27, 2024 12:12 am
Statistics: Posted by anav — Wed Mar 27, 2024 12:00 am
Statistics: Posted by anav — Tue Mar 26, 2024 11:57 pm
Statistics: Posted by chandre — Tue Mar 26, 2024 11:50 pm
Statistics: Posted by anav — Tue Mar 26, 2024 11:41 pm
Statistics: Posted by mtkvvv — Tue Mar 26, 2024 11:31 pm
Statistics: Posted by holvoetn — Tue Mar 26, 2024 11:26 pm
Statistics: Posted by holvoetn — Tue Mar 26, 2024 11:23 pm
Statistics: Posted by mtkvvv — Tue Mar 26, 2024 11:11 pm
Statistics: Posted by holvoetn — Tue Mar 26, 2024 11:03 pm
Statistics: Posted by mtkvvv — Tue Mar 26, 2024 10:58 pm
Statistics: Posted by SanchoHa — Tue Mar 26, 2024 10:49 pm
Statistics: Posted by Rakieta — Tue Mar 26, 2024 10:48 pm
Statistics: Posted by LeoNaXe — Tue Mar 26, 2024 10:46 pm
Statistics: Posted by holvoetn — Tue Mar 26, 2024 10:46 pm
Hopefully it has not been forgotten about.One of the future features is the ability to add prefixes to the address lists with routing filters.
Statistics: Posted by lanrat — Tue Mar 26, 2024 10:35 pm
Statistics: Posted by dwnldr — Tue Mar 26, 2024 10:35 pm
[admin@RB1200] > ip route printFlags: D - DYNAMIC; A - ACTIVE; c, s, y - COPYColumns: DST-ADDRESS, GATEWAY, DISTANCE# DST-ADDRESS GATEWAY DISTANCE0 As 0.0.0.0/0 192.168.77.1 1 DAc 192.168.77.0/24 ether8 0 DAc 192.168.88.0/24 local 0
* from that very same document example:/ip dhcp-client add disabled=no interface=ether8* at upstream router:/ip dhcp-server lease print20 D 192.168.77.252 00:0C:42:CF:67:F8 MikroTik default offered 1s* later at upstream log:default offering lease 192.168.77.252 for 00:0C:42:CF:67:F8 without success
Statistics: Posted by mtkvvv — Tue Mar 26, 2024 10:11 pm
# 2024-03-26 21:25:34 by RouterOS 7.13# software id = RGSG-4CC8## model = L009UiGS-2HaxD# serial number = HF309AC6E4Y/interface bridgeadd admin-mac=x:x:x:x:x:x auto-mac=no comment=defconf name=bridge \ port-cost-mode=short/interface wifiset [ find default-name=wifi1 ] configuration.mode=ap .ssid=XPAINX-IOT \ disabled=no/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=dhcp ranges=192.168.50.10-192.168.50.250/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/portset 0 name=serial0/interface bridge portadd bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 \ path-cost=10add bridge=bridge interface=wifi1add bridge=bridge comment=defconf disabled=yes interface=WAN \ internal-path-cost=10 path-cost=10/ip neighbor discovery-settingsset discover-interface-list=LAN/ipv6 settingsset disable-ipv6=yes/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/ip dhcp-server networkadd address=192.168.50.0/24 comment=defconf dns-server=192.168.50.253 \ gateway=192.168.50.254 netmask=24/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.50.254 comment=defconf name=router.lan/ip firewall address-listadd address=192.168.50.2-192.168.50.254 list=allowed_to_routeradd address=0.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=172.16.0.0/12 comment=RFC6890 list=not_in_internetadd address=192.168.0.0/16 comment=RFC6890 list=not_in_internetadd address=10.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=169.254.0.0/16 comment=RFC6890 list=not_in_internetadd address=127.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=224.0.0.0/4 comment=Multicast list=not_in_internetadd address=198.18.0.0/15 comment=RFC6890 list=not_in_internetadd address=192.0.0.0/24 comment=RFC6890 list=not_in_internetadd address=192.0.2.0/24 comment=RFC6890 list=not_in_internetadd address=198.51.100.0/24 comment=RFC6890 list=not_in_internetadd address=203.0.113.0/24 comment=RFC6890 list=not_in_internetadd address=100.64.0.0/10 comment=RFC6890 list=not_in_internetadd address=240.0.0.0/4 comment=RFC6890 list=not_in_internetadd address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\ not_in_internet/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WANadd action=accept chain=input comment="default configuration" \ connection-state=established,relatedadd action=accept chain=input src-address-list=allowed_to_routeradd action=accept chain=input protocol=icmpadd action=drop chain=inputadd action=accept chain=forward comment="Established, Related" \ connection-state=established,relatedadd action=drop chain=forward comment="Drop invalid" connection-state=invalid \ log=yes log-prefix=invalidadd action=drop chain=forward comment=\ "Drop tries to reach not public addresses from LAN" dst-address-list=\ not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN \ out-interface=!bridgeadd action=drop chain=forward comment=\ "Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \ connection-state=new in-interface=ether1 log=yes log-prefix=!NATadd action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \ protocol=icmpadd action=drop chain=forward comment=\ "Drop incoming from internet which is not public IP" in-interface=ether1 \ log=yes log-prefix=!public src-address-list=not_in_internetadd action=drop chain=forward comment=\ "Drop packets from LAN that do not have LAN IP" in-interface=bridge log=\ yes log-prefix=LAN_!LAN src-address=!192.168.50.0/24add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\ icmpadd action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \ protocol=icmpadd action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \ protocol=icmpadd action=accept chain=icmp comment=\ "host unreachable fragmentation required" icmp-options=3:4 protocol=icmpadd action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \ protocol=icmpadd action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \ protocol=icmpadd action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \ protocol=icmpadd action=drop chain=icmp comment="deny all other types"/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat comment="HAIRPIN NAT" dst-address=\ 192.168.50.0/24 log-prefix=NAT src-address=192.168.50.0/24add action=dst-nat chain=dstnat dst-port=6668 protocol=tcp src-address=\ 192.168.50.0/24 src-port=6668 to-addresses=192.168.50.211 to-ports=6668add action=dst-nat chain=dstnat comment="HOME ASSITANT " dst-address=\ x.x.x.x dst-port=8123 protocol=tcp to-addresses=192.168.50.211 \ to-ports=8123add action=dst-nat chain=dstnat comment="HOME ASSITANT HTTPS" dst-address=\ x.x.x.x dst-port=443 protocol=tcp to-addresses=192.168.50.211 \ to-ports=8123add action=dst-nat chain=dstnat comment="INVOICE NINJA" dst-address=\ x.x.x.x dst-port=8003 protocol=tcp to-addresses=192.168.50.14 \ to-ports=8003add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \ dst-port=7770-7900 protocol=tcp to-addresses=192.168.50.61 to-ports=\ 7770-7900add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \ dst-port=7770-7900 protocol=udp to-addresses=192.168.50.61 to-ports=\ 7770-7900add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \ dst-port=27000-27090 protocol=udp to-addresses=192.168.50.61 to-ports=\ 27000-27090add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \ dst-port=27000-27090 protocol=tcp to-addresses=192.168.50.61 to-ports=\ 27000-27090add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \ dst-port=8200-8300 protocol=udp to-addresses=192.168.50.61 to-ports=\ 8200-8300add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \ dst-port=8200-8300 protocol=tcp to-addresses=192.168.50.61 to-ports=\ 8200-8300add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \ dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \ dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \ dst-port=60910 protocol=udp to-addresses=192.168.50.66 to-ports=60910add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8899 \ protocol=tcp to-addresses=192.168.50.52 to-ports=443add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8080 \ protocol=tcp to-addresses=192.168.50.72 to-ports=80add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8081 \ protocol=tcp src-port="" to-addresses=192.168.50.71 to-ports=80/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=Africa/Johannesburg/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-key/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
Statistics: Posted by xstrid3rx — Tue Mar 26, 2024 9:48 pm
Statistics: Posted by DyadyaGenya — Tue Mar 26, 2024 9:46 pm
Statistics: Posted by sebus46 — Tue Mar 26, 2024 9:45 pm
Statistics: Posted by tiz47 — Tue Mar 26, 2024 9:43 pm
Statistics: Posted by Michiganbroadband — Tue Mar 26, 2024 9:43 pm
Statistics: Posted by tiz47 — Tue Mar 26, 2024 9:40 pm
Statistics: Posted by nabsltd — Tue Mar 26, 2024 9:28 pm
- name: Confirm License if needed ansible.netcommon.cli_command: command: "sshpass -p {{ ansible_ssh_pass }} ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }}" prompt: Do you want to see the software license\? answer: n
Statistics: Posted by eifLZ9D8zSwW — Tue Mar 26, 2024 9:16 pm
reformat-hold-button-max: 10m
Statistics: Posted by patrikg — Tue Mar 26, 2024 9:13 pm
/ip routeadd gateway=192.168.77.1
/ip routeadd dst-address=0.0.0.0/0 gateway=192.168.77.1
Statistics: Posted by holvoetn — Tue Mar 26, 2024 9:10 pm
Statistics: Posted by mblfone — Tue Mar 26, 2024 9:08 pm
Signal strength of 50 is quiet impossible as far as I know.
Statistics: Posted by kovacspro — Tue Mar 26, 2024 9:07 pm
Statistics: Posted by CGGXANNX — Tue Mar 26, 2024 9:05 pm
Statistics: Posted by anav — Tue Mar 26, 2024 9:01 pm
Statistics: Posted by anav — Tue Mar 26, 2024 8:57 pm
Statistics: Posted by holvoetn — Tue Mar 26, 2024 8:56 pm
Statistics: Posted by TheCat12 — Tue Mar 26, 2024 8:55 pm
As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time, but less than reformat-hold-button-max (new in RouterBOOT 3.38.3).
When you use the button for a complete reset, the following actions are taken:
EXTREMELY DANGEROUS. Use this only if you have lost all access to the device.
1. RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
2. All RouterBOOT settings are reset to defaults;
3. Board is rebooted;
4. As boot from NAND fails, it goes to etherboot automatically;
5. Netinstall is required to reinstall RouterOS.
Please note! Reformat on some RouterBOARDS can take more than 5 minutes. After formatting the board will be ready for Netinstall.
Statistics: Posted by pajapatak — Tue Mar 26, 2024 8:51 pm
Statistics: Posted by miku — Tue Mar 26, 2024 8:51 pm
Statistics: Posted by mtkvvv — Tue Mar 26, 2024 8:50 pm
Statistics: Posted by SanchoHa — Tue Mar 26, 2024 8:45 pm
Statistics: Posted by cmmike — Tue Mar 26, 2024 8:32 pm
Statistics: Posted by OKNET — Tue Mar 26, 2024 8:30 pm
/interface bridgeadd admin-mac=CC:2D:E0:1B:53:00 auto-mac=no comment=defconf name=bridgeLocal port-cost-mode=short vlan-filtering=yes/interface wifi channeladd band=2ghz-ax disabled=no frequency=2412,2437,2462 name=2.4AX skip-dfs-channels=10min-cac width=20/40mhzadd band=5ghz-ax disabled=no name=5AX skip-dfs-channels=10min-cac width=20/40/80mhzadd band=2ghz-n disabled=no frequency=2412,2437,2462 name=2.4N skip-dfs-channels=10min-cac width=20/40mhzadd band=5ghz-ac disabled=no name=5AC skip-dfs-channels=10min-cac width=20/40/80mhz/interface wifi datapathadd disabled=no name="D&C VLAN 200 (Untagged)"add disabled=no name="D&C VLAN 200 (Tagged)" vlan-id=200/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disabled=no encryption="" name="WPA2/3 PSK" wps=disable/interface wifi configurationadd channel=2.4AX country=Romania datapath="D&C VLAN 200 (Tagged)" disabled=no mode=ap name="D&C 2.4 AX" security="WPA2/3 PSK" \ security.encryption="" .ft=yes .ft-over-ds=yes ssid="D&C"add channel=5AX country=Romania datapath="D&C VLAN 200 (Tagged)" disabled=no mode=ap name="D&C 5 AX" security="WPA2/3 PSK" security.ft=yes \ .ft-over-ds=yes ssid="D&C"add channel=2.4N country=Romania datapath="D&C VLAN 200 (Untagged)" disabled=no mode=ap name="D&C 2.4 N" security="WPA2/3 PSK" security.ft=yes \ .ft-over-ds=yes ssid="D&C"add channel=5AC country=Romania datapath="D&C VLAN 200 (Untagged)" disabled=no mode=ap name="D&C 5 AC" security="WPA2/3 PSK" security.ft=yes \ .ft-over-ds=yes ssid="D&C"/interface wifiset [ find default-name=wifi1 ] configuration="D&C 2.4 N" disabled=noset [ find default-name=wifi2 ] configuration="D&C 5 AC" disabled=no/interface wifi steeringadd disabled=no name=BandSteering-D&C neighbor-group="dynamic-D&C-1f57e1d6" rrm=yes wnm=yes/interface bridge portadd bridge=bridgeLocal comment=defconf interface=ether1 internal-path-cost=10 path-cost=10add bridge=bridgeLocal comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridgeLocal interface=wifi1 pvid=200add bridge=bridgeLocal interface=wifi2 pvid=200/interface bridge vlanadd bridge=bridgeLocal tagged=ether1 untagged=wifi1,wifi2 vlan-ids=200/interface wifi capset discovery-interfaces=all enabled=yes/interface wifi capsmanset ca-certificate=WiFi-CAPsMAN-CA-CC2DE01B5300 certificate=WiFi-CAPsMAN-CC2DE01B5300 enabled=yes package-path="" require-peer-certificate=no \ upgrade-policy=none/interface wifi provisioningadd action=create-dynamic-enabled disabled=no master-configuration="D&C 2.4 AX" name-format=%I-2G supported-bands=2ghz-axadd action=create-enabled disabled=no master-configuration="D&C 2.4 N" name-format=%I-2G supported-bands=2ghz-nadd action=create-dynamic-enabled disabled=no master-configuration="D&C 5 AX" name-format=%I-5G supported-bands=5ghz-axadd action=create-enabled disabled=no master-configuration="D&C 5 AC" name-format=%I-5G supported-bands=5ghz-ac
add action=create-enabled disabled=no master-configuration="D&C 5 AC" name-format=%I-5G supported-bands=5ghz-ac
Statistics: Posted by stefanelul2000 — Tue Mar 26, 2024 8:18 pm
Statistics: Posted by gigabyte091 — Tue Mar 26, 2024 7:58 pm
Statistics: Posted by stmx38 — Tue Mar 26, 2024 7:47 pm
[ ID] Interval Transfer Bitrate Retr Cwnd[ 5] 0.00-1.00 sec 95.1 MBytes 797 Mbits/sec 0 3.94 MBytes[ 5] 1.00-2.00 sec 98.2 MBytes 824 Mbits/sec 0 3.94 MBytes[ 5] 2.00-3.00 sec 102 MBytes 852 Mbits/sec 0 3.94 MBytes[ 5] 3.00-4.00 sec 98.6 MBytes 827 Mbits/sec 0 4.14 MBytes[ 5] 4.00-5.00 sec 111 MBytes 929 Mbits/sec 0 4.14 MBytes[ 5] 5.00-6.00 sec 109 MBytes 918 Mbits/sec 0 4.14 MBytes[ 5] 6.00-7.00 sec 110 MBytes 927 Mbits/sec 0 4.14 MBytes[ 5] 7.00-8.00 sec 105 MBytes 883 Mbits/sec 0 4.14 MBytes[ 5] 8.00-9.00 sec 112 MBytes 935 Mbits/sec 0 4.14 MBytes[ 5] 9.00-10.00 sec 112 MBytes 934 Mbits/sec 0 4.14 MBytes- - - - - - - - - - - - - - - - - - - - - - - - -[ ID] Interval Transfer Bitrate Retr[ 5] 0.00-10.00 sec 1.03 GBytes 883 Mbits/sec 0 sender[ 5] 0.00-10.01 sec 1.03 GBytes 880 Mbits/sec receiver
[ ID] Interval Transfer Bitrate[ 5] 0.00-1.00 sec 19.4 MBytes 162 Mbits/sec[ 5] 1.00-2.00 sec 25.5 MBytes 214 Mbits/sec[ 5] 2.00-3.00 sec 18.2 MBytes 153 Mbits/sec[ 5] 3.00-4.00 sec 15.4 MBytes 129 Mbits/sec[ 5] 4.00-5.00 sec 23.6 MBytes 198 Mbits/sec[ 5] 5.00-6.00 sec 24.9 MBytes 209 Mbits/sec[ 5] 6.00-7.00 sec 24.6 MBytes 207 Mbits/sec[ 5] 7.00-8.00 sec 21.8 MBytes 182 Mbits/sec[ 5] 8.00-9.00 sec 24.0 MBytes 201 Mbits/sec[ 5] 9.00-10.00 sec 25.1 MBytes 211 Mbits/sec- - - - - - - - - - - - - - - - - - - - - - - - -[ ID] Interval Transfer Bitrate Retr[ 5] 0.00-10.01 sec 226 MBytes 189 Mbits/sec 465 sender[ 5] 0.00-10.00 sec 222 MBytes 187 Mbits/sec receiver
scp host:tmp/2g_random .2g_random 22% 455MB 37.2MB/s 00:42 ETA
$ scp 2cg_random host:tmp/2cg_random 41% 859MB 100.5MB/s 00:11 ETA
wget https://host/2g_random2g_random 11%[====> ] 220M 108MB/s
# 2024-03-26 21:08:12 by RouterOS 7.15beta8# software id = S3S2-FI0P## model = C53UiG+5HPaxD2HPaxD/interface bridgeadd admin-mac=48:A9:8A:B8:BC:9A auto-mac=no comment=defconf name=bridge port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] mac-address=64:D1:54:6D:6E:40/interface wifiset [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180-5480 .skip-dfs-channels=disabled .width=20/40/80mhz configuration.antenna-gain=5 .country=Netherlands .mode=ap .ssid="5ghz" .tx-power=20 disabled=no \ security.authentication-types=wpa2-psk,wpa3-pskset [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2412-2472 .skip-dfs-channels=disabled .width=20/40mhz configuration.antenna-gain=3 .country=Netherlands .mode=ap .ssid="2.4ghz" .tx-power=13 disabled=no \ security.authentication-types=wpa2-psk,wpa3-psk/interface wireguardadd listen-port=13231 mtu=1420 name=wg0/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/ip smb usersset [ find default=yes ] disabled=yes/interface bridge portadd bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset detect-interface-list=all/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface wireguard peersadd allowed-address=10.0.0.4/32 comment=peer1 interface=wg0 name=peer2 public-key="1"add allowed-address=10.0.0.3/32 comment=peer2 interface=wg0 name=peer3 public-key="2"add allowed-address=10.0.0.2/32 comment=peer3 interface=wg0 name=peer4 public-key="3"add allowed-address=10.0.0.5/32 comment=peer4 interface=wg0 name=peer5 public-key="4"/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0add address=10.0.0.1/24 comment=wireguard interface=wg0 network=10.0.0.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward disabled=yes nth=4,1 protocol=udpadd action=drop chain=forward disabled=yes nth=4,3 protocol=udpadd action=drop chain=forward disabled=yes nth=4,2 protocol=udpadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input comment="accept WireGuard connections" dst-port=13231 protocol=udpadd action=accept chain=input comment="allow access to RouterOS's DNS server via WireGuard" dst-port=53 in-interface=wg0 protocol=udpadd action=accept chain=input comment="allow access to RouterOS mobile app via WireGuard" dst-port=8291 in-interface=wg0 protocol=tcpadd action=accept chain=input comment="allow access to RouterOS webinterface via WireGuard" dst-port=80 in-interface=wg0 protocol=tcpadd action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat comment=https://help.mikrotik.com/docs/display/ROS/NAT#NAT-HairpinNAT dst-address=192.168.88.0/24 dst-port=22 out-interface-list=LAN protocol=tcp src-address=192.168.88.0/24add action=dst-nat chain=dstnat comment="This rule changes the IP of all packets which are from the external network and directed to tcp:<external_ip>:22 to tcp:192.168.88.124:22" dst-port=22 in-interface-list=WAN protocol=tcp \ to-addresses=192.168.88.124 to-ports=22add action=dst-nat chain=dstnat comment="This rule changes the IP of all packets which are from the internal network and directed to tcp:<external_ip>:22 to tcp:192.168.88.124:22" dst-address=<external_ip> dst-port=22 \ in-interface-list=LAN protocol=tcp to-addresses=192.168.88.124 to-ports=22add action=dst-nat chain=dstnat comment="This rule changes the IP of all packets which are from the internal network and directed to tcp:<external_ip>:2222 to tcp:192.168.88.60:22" dst-address=<external_ip> dst-port=2222 \ in-interface-list=LAN protocol=tcp to-addresses=192.168.88.23 to-ports=22add action=dst-nat chain=dstnat comment="This rule changes the IP of all packets which are from the external network and directed to tcp:<external_ip>:2222 to tcp:192.168.88.60:22" dst-port=2222 in-interface-list=WAN protocol=tcp \ to-addresses=192.168.88.23 to-ports=22add action=dst-nat chain=dstnat disabled=yes dst-port=5201 in-interface-list=WAN protocol=tcp to-addresses=192.168.88.124 to-ports=5201/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/ip sshset host-key-size=4096 host-key-type=ed25519 strong-crypto=yes/ipv6 addressadd from-pool=v6-pool interface=bridge/ipv6 dhcp-clientadd add-default-route=yes interface=ether1 pool-name=v6-pool pool-prefix-length=56 rapid-commit=no request=address,prefix use-peer-dns=no/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
Statistics: Posted by trmns — Tue Mar 26, 2024 7:46 pm
Statistics: Posted by elipticnet — Tue Mar 26, 2024 7:38 pm
Statistics: Posted by sdsylva — Tue Mar 26, 2024 7:36 pm
Statistics: Posted by tjr — Tue Mar 26, 2024 7:34 pm
Statistics: Posted by Hellothere — Tue Mar 26, 2024 7:28 pm
Statistics: Posted by loloski — Tue Mar 26, 2024 7:01 pm
Statistics: Posted by sirbryan — Tue Mar 26, 2024 6:57 pm
Statistics: Posted by sirbryan — Tue Mar 26, 2024 6:48 pm
Statistics: Posted by ccz117 — Tue Mar 26, 2024 6:43 pm
Statistics: Posted by gigabyte091 — Tue Mar 26, 2024 6:41 pm
Statistics: Posted by loloski — Tue Mar 26, 2024 6:18 pm