In the spirit of this, having to downgrade, export, upgrade, etc…
We should really export all default configs here, for general review and comparison… https://wiki.mikrotik.com/wiki/Manual:Default_Configurations
So executing “/system default-configuration print” on a “RBSXTR&R11e-LTE” (ie international SXT LTE kit) running v6.41.3 (factory default) which is lost when upgrading to v6.42.9 (long-term, bugfix)
script: #| CPE RouterMode:
#| * wireless interface connected to providers network (WAN port);
#| * WAN port is protected by firewall and enabled DHCP client
#| LAN Configuration:
#| IP address 192.168.88.1/24 is set on bridge (LAN port)
#| DHCP Server: enabled;
#| DNS: enabled;
#| WAN (gateway) Configuration:
#| gateway: lte1 ;
#| ip4 firewall: enabled;
#| NAT: enabled;
:log info Starting_defconf_script_;
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count +1);
};
:local count 0;
:while ([/interface lte find] = "") do={
:set count ($count +1);
:if ($count = 40) do={
:log warning "DefConf: Unable to find LTE interface(s)";
/ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
/quit
}
:delay 1s;
};
/interface list add name=WAN comment="defconf"
/interface list add name=LAN comment="defconf"
/interface bridge
add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
:local bMACIsSet 0;
:foreach k in=[/interface find where !(slave=yes || name~"lte1" || name~"bridge")] do={
:local tmpPortName [/interface get $k name];
:log info "port: $tmpPortName"
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
:set bMACIsSet 1;
}
}
/interface bridge port
add bridge=bridge interface=$tmpPortName comment=defconf;
}
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server
add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
/ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
/ip dns {
set allow-remote-requests=yes
static add name=router.lan address=192.168.88.1
}
/interface list member add list=LAN interface=bridge comment="defconf"
/interface list member add list=WAN interface=lte1 comment="defconf"
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
/ip firewall {
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
}
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
/user set admin password=""
/system routerboard mode-button set enabled=no
/system routerboard mode-button set on-event=""
/system script remove [find comment~"defconf"]
/ip firewall filter remove [find comment~"defconf"]
/ip firewall nat remove [find comment~"defconf"]
/interface list member remove [find comment~"defconf"]
/interface detect-internet set detect-interface-list=none
/interface detect-internet set lan-interface-list=none
/interface detect-internet set wan-interface-list=none
/interface detect-internet set internet-interface-list=none
/interface list remove [find comment~"defconf"]
/tool mac-server set allowed-interface-list=all
/tool mac-server mac-winbox set allowed-interface-list=all
/ip neighbor discovery-settings set discover-interface-list=!dynamic
:local o [/ip dhcp-server network find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
:local o [/ip dhcp-server find name="defconf" !disabled]
:if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
/ip pool {
:local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
:if ([:len $o] != 0) do={ remove $o }
}
:local o [/ip dhcp-client find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
/ip dns {
set allow-remote-requests=no
:local o [static find name=router.lan address=192.168.88.1]
:if ([:len $o] != 0) do={ static remove $o }
}
/ip address {
:local o [find comment="defconf"]
:if ([:len $o] != 0) do={ remove $o }
}
:foreach iface in=[/interface ethernet find] do={
/interface ethernet set $iface name=[get $iface default-name]
}
/interface bridge port remove [find comment="defconf"]
/interface bridge remove [find comment="defconf"]
}
:log info Defconf_script_finished;
and
caps-mode-script: #-------------------------------------------------------------------------------
# Note: script will not execute at all (will throw a syntax error) if
# dhcp or wireless-fp packages are not installed
#-------------------------------------------------------------------------------
#| CAP configuration
#|
#| Wireless interfaces are set to be managed by CAPsMAN.
#| All ethernet interfaces and CAPsMAN managed interfaces are bridged.
#| DHCP client is set on bridge interface.
# bridge port name
:global brName "bridgeLocal";
:global logPref "defconf:";
:global action;
:log info $action
:if ($action = "apply") do={
# wait for ethernet interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count + 1);
}
:local macSet 0;
:local tmpMac "";
:foreach k in=[/interface ethernet find] do={
# first ethernet is found; add bridge and set mac address of the ethernet port
:if ($macSet = 0) do={
:set tmpMac [/interface ethernet get $k mac-address];
/interface bridge add name=$brName auto-mac=no admin-mac=$tmpMac comment="defconf";
:set macSet 1;
}
# add bridge ports
/interface bridge port add bridge=$brName interface=$k comment="defconf"
}
# try to add dhcp client on bridge interface (may fail if already exist)
:do {
/ip dhcp-client add interface=$brName disabled=no comment="defconf"
} on-error={ :log warning "$logPref unable to add dhcp client";}
# try to configure caps (may fail if for example specified interfaces are missing)
:local interfacesList "";
:local bFirst 1;
# wait for wireless interfaces
:while ([/interface wireless find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find wireless interfaces";
/quit;
}
:delay 1s; :set count ($count + 1);
}
# delay just to make sure that all wireless interfaces are loaded
:delay 5s;
:foreach i in=[/interface wireless find] do={
if ($bFirst = 1) do={
:set interfacesList [/interface wireless get $i name];
:set bFirst 0;
} else={
:set interfacesList "$interfacesList,$[/interface wireless get $i name]";
}
}
:do {
/interface wireless cap
set enabled=yes interfaces=$interfacesList discovery-interfaces=$brName bridge=$brName
} on-error={ :log warning "$logPref unable to configure caps";}
}
:if ($action = "revert") do={
:do {
/interface wireless cap
set enabled=no interfaces="" discovery-interfaces="" bridge=none
} on-error={ :log warning "$logPref unable to unset caps";}
:local o [/ip dhcp-client find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
/interface bridge port remove [find comment="defconf"]
/interface bridge remove [find comment="defconf"]
}
just a thought… as the difference, among other things is 53 rows of firewall rules vs 0