Trash away…
# 2025-02-10 11:21:01 by RouterOS 7.17.2
# software id = ILCG-6S0L
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HGJ0
/interface bridge add admin-mac=D4:01:C3:C0:82:CF ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes forward-delay=15s igmp-snooping=no max-learned-entries=auto max-message-age=20s mtu=auto mvrp=no name=bridge port-cost-mode=short priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:C0:82:CE mtu=1500 name=ether1 orig-mac-address=D4:01:C3:C0:82:CE poe-out=off poe-priority=10 power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:C0:82:CF mtu=1500 name=ether2 orig-mac-address=D4:01:C3:C0:82:CF rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether3 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:C0:82:D0 mtu=1500 name=ether3 orig-mac-address=D4:01:C3:C0:82:D0 rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether4 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:C0:82:D1 mtu=1500 name=ether4 orig-mac-address=D4:01:C3:C0:82:D1 rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether5 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:01:C3:C0:82:D2 mtu=1500 name=ether5 orig-mac-address=D4:01:C3:C0:82:D2 rx-flow-control=off tx-flow-control=off
/interface wifi set [ find default-name=wifi1 ] arp-timeout=auto channel.band=5ghz-ax .skip-dfs-channels=disabled .width=20/40/80mhz configuration.country="United States" .mode=ap .ssid=729-5ghz disabled=no l2mtu=1560 mac-address=D4:01:C3:C0:82:D3 name=wifi1 radio-mac=D4:01:C3:C0:82:D3 security.authentication-types=wpa2-psk .disable-pmkid=yes .management-protection=disabled .passphrase=blueberry1 steering.rrm=no .wnm=no
/interface wifi set [ find default-name=wifi2 ] arp-timeout=auto channel.band=2ghz-ax .skip-dfs-channels=disabled .width=20mhz configuration.country="United States" .mode=ap .ssid=729-2ghz disabled=no l2mtu=1560 mac-address=D4:01:C3:C0:82:D4 name=wifi2 radio-mac=D4:01:C3:C0:82:D4 security.authentication-types=wpa2-psk .disable-pmkid=yes .management-protection=disabled .passphrase=blueberry1
/queue interface set bridge queue=no-queue
/interface wireguard add disabled=no listen-port=51880 mtu=1420 name=wireguard1 private-key=XXXXXUdzhtaQWe9tDnPmv94g/QtGM=
/interface wifi add arp-timeout=auto configuration.country="United States" .mode=ap .ssid=2point4 datapath.client-isolation=yes disabled=no l2mtu=1560 mac-address=D6:01:C3:C0:82:D3 master-interface=wifi2 name=2point4 security.authentication-types=wpa2-psk .disable-pmkid=yes .management-protection=disabled .passphrase=XXXXX
/interface wifi add arp-timeout=auto configuration.mode=ap .ssid=Guest disabled=yes l2mtu=1560 mac-address=D6:01:C3:C0:82:D6 master-interface=wifi1 name=Guest-wifi1 security.authentication-types=wpa2-psk .passphrase=XXXXX
/interface wifi add arp-timeout=auto configuration.mode=ap .ssid=Guest disabled=yes l2mtu=1560 mac-address=D6:01:C3:C0:82:D7 master-interface=wifi2 name=Guest-wifi2 security.authentication-types=wpa2-psk .passphrase=XXXXX
/queue interface set wireguard1 queue=no-queue
/interface ethernet switch set 0 !cpu-flow-control mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port set 0 default-vlan-id=0
/interface ethernet switch port set 1 default-vlan-id=0
/interface ethernet switch port set 2 default-vlan-id=0
/interface ethernet switch port set 3 default-vlan-id=0
/interface ethernet switch port set 4 default-vlan-id=0
/interface ethernet switch port set 5 default-vlan-id=0
/interface ethernet switch port-isolation set 0 !forwarding-override
/interface ethernet switch port-isolation set 1 !forwarding-override
/interface ethernet switch port-isolation set 2 !forwarding-override
/interface ethernet switch port-isolation set 3 !forwarding-override
/interface ethernet switch port-isolation set 4 !forwarding-override
/interface ethernet switch port-isolation set 5 !forwarding-override
/interface list set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
/interface list set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
/interface list set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
/interface list set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface list add comment=defconf exclude="" include="" name=WAN
/interface list add comment=defconf exclude="" include="" name=LAN
/interface list add exclude="" include=LAN,WAN name=ALL
/interface list add exclude="" include="" name=TRUSTED
/interface list add exclude="" include="" name=DHCPdisabled
/interface lte apn set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default use-network-apn=yes use-peer-dns=yes
/interface macsec profile set [ find default-name=default ] name=default server-priority=10
/interface wifi configuration add datapath.client-isolation=yes disabled=no name=guestcfg security.authentication-types=wpa2-psk .passphrase=blueberry ssid=GuestWifi
/interface wifi add arp-timeout=auto configuration=guestcfg configuration.mode=ap disabled=no l2mtu=1560 mac-address=D6:01:C3:C0:82:D4 master-interface=wifi2 name=Guest2g security.authentication-types=wpa2-psk
/interface wifi add arp-timeout=auto configuration=guestcfg configuration.mode=ap disabled=no l2mtu=1560 mac-address=D6:01:C3:C0:82:D5 master-interface=wifi1 name=Guest5g
/ip dhcp-client option set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
/ip dhcp-client option set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
/ip dhcp-client option set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group set [ find default=yes ] name=default
/ip ipsec profile set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des hash-algorithm=sha1 lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=modp1024
/ip kid-control add disabled=no fri=0s-1d mon=0s-1d name=Monitor rate-limit="" sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri="" tur-mon="" tur-sat="" tur-sun="" tur-thu="" tur-tue="" tur-wed="" wed=0s-1d
/ip pool add name=default-dhcp ranges=192.168.80.100-192.168.80.200
/ip pool add name=pool-guest ranges=10.0.0.10-10.0.0.252
/ip dhcp-server
# Interface not running
add address-lists="" address-pool=pool-guest disabled=no interface=Guest2g lease-script="" lease-time=6h name=dhcp-guest2g use-radius=no
/ip dhcp-server
# Interface not running
add address-lists="" address-pool=pool-guest disabled=no interface=Guest5g lease-script="" lease-time=6h name=dhcp-guest5g use-radius=no
/ip dhcp-server add address-lists="" address-pool=default-dhcp disabled=no interface=bridge lease-script="\r\
\n\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n\r\
\n:local thistime [/system clock get time]\r\
\n:local thishour [:pick \$thistime 0 2]\r\
\n:local thisminute [:pick \$thistime 3 5]\r\
\n:local thissecond [:pick \$thistime 6 8]\r\
\n:local identitydatetime \"\$[identity get name]_\$yyyy-\$MM-\$dd_\$thishour:\$thisminute:\$thissecond\"\r\
\n:local datetime \"\$yyyy-\$MM-\$dd_\$thishour:\$thisminute:\$thissecond\"\r\
\n:local systemname \"\$[identity get name]\"\r\
\n\r\
\n:if (\$leaseBound=1) do={\r\
\n\r\
\n# :log info \"testing after condition BOUND\" }\r\
\n\r\
\n}\r\
\n\r\
\n:if ([/ip dhcp-server lease find where dynamic mac-address=\$leaseActMAC]!=\"\") do={\r\
\n\r\
\n# :log info \"testing after condition DYNAMIC\"}\r\
\n\r\
\n}\r\
\n\r\
\n:local recipient \"jXXXXX@domain.com\"\r\
\n\r\
\n:if ((\$leaseBound=1) && ([/ip dhcp-server lease find where dynamic mac-address=\$leaseActMAC]!=\"\")) do={\r\
\n\r\
\n :log info \"testing after conditions BOUND and DYNAMIC\" \r\
\n\r\
\n :tool e-mail send to=\$recipient subject=\"\$systemname DHCP Lease Assigned to \$leaseActMAC\" body=\"MAC address \$leaseActMAC received IP address \$leaseActIP with a hostname of \$[/ip/dhcp-server/lease/get value-name=host-name [find where mac-address=\$leaseActMAC]] from DHCP Server \$leaseServerName on \$datetime from \$systemname\"\r\
\n\r\
\n :log info \"Sent DHCP alert for MAC \$leaseActMAC\"\r\
\n\r\
\n}\r\
\n\r\
\n" lease-time=2d name=defconf use-radius=no
/ip smb users set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ppp profile set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority !bridge-port-trusted !bridge-port-vid change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/ppp profile set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority !bridge-port-trusted !bridge-port-vid change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type set 0 kind=pfifo name=default pfifo-limit=50
/queue type set 1 kind=pfifo name=ethernet-default pfifo-limit=50
/queue type set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
/queue type set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
/queue type set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
/queue type set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
/queue type set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
/queue type set 7 kind=none name=only-hardware-queue
/queue type set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
/queue type set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface set ether1 queue=only-hardware-queue
/queue interface set ether2 queue=only-hardware-queue
/queue interface set ether3 queue=only-hardware-queue
/queue interface set ether4 queue=only-hardware-queue
/queue interface set ether5 queue=only-hardware-queue
/queue interface set "2point4" queue=wireless-default
/queue interface set Guest-wifi1 queue=wireless-default
/queue interface set Guest-wifi2 queue=wireless-default
/queue interface set Guest2g queue=wireless-default
/queue interface set Guest5g queue=wireless-default
/queue interface set wifi1 queue=wireless-default
/queue interface set wifi2 queue=wireless-default
/routing bgp template set default as=65530 name=default
/snmp community set [ find default=yes ] addresses=::/0 authentication-password="" authentication-protocol=MD5 disabled=no encryption-password="" encryption-protocol=DES name=public read-access=yes security=none write-access=no
/system logging action set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
/system logging action set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
/system logging action set 2 name=echo remember=yes target=echo
/system logging action set 3 bsd-syslog=no name=remote remote=192.168.0.13 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/system logging action add bsd-syslog=no name=logserver remote=192.168.0.112 remote-port=51400 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/user group set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=default
/user group set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=default
/user group set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=default
/certificate settings set crl-download=no crl-store=ram crl-use=no
/console settings set sanitize-names=no
/disk settings set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no auto-smb-user=guest default-mount-point-template="[slot]"
/ip smb set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether3 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether4 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether5 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=wifi1 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=*B internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=2point4 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=wifi2 internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=*C internal-path-cost=10 learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=10s
/ip neighbor discovery-settings set discover-interface-list=all discover-interval=30s lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled lldp-poe-power=yes lldp-vlan-info=no mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-errors-use-inbound-interface-address=no icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes ipv4-multipath-hash-policy=l3 max-neighbor-entries=16384 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no tcp-timestamps=random-offset
/ipv6 settings set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=yes forward=no max-neighbor-entries=14336 min-neighbor-entries=3584 multipath-hash-policy=l3 soft-max-neighbor-entries=7168 stale-neighbor-detect-interval=30 stale-neighbor-timeout=60
/interface detect-internet set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address default-profile=default-encryption enabled=no ipsec-secret="" keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 !l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface list member add comment=defconf disabled=no interface=bridge list=LAN
/interface list member add comment=defconf disabled=no interface=ether1 list=WAN
/interface list member add disabled=no interface=bridge list=TRUSTED
/interface list member add disabled=no interface=ether1 list=TRUSTED
/interface list member add disabled=no interface=wifi1 list=TRUSTED
/interface lte settings set esim-channel=auto firmware-path=firmware mode=auto
/interface ovpn-server server add auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default disabled=yes enable-tun-ipv6=no ipv6-prefix-len=64 keepalive-timeout=60 mac-address=FE:16:FA:03:F9:65 max-mtu=1500 mode=ip name=ovpn-server1 netmask=24 port=1194 protocol=tcp push-routes="" redirect-gateway=disabled reneg-sec=3600 require-client-certificate=no tls-version=any tun-server-ipv6=:: user-auth-method=pap vrf=main
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap set enabled=no
/interface wifi capsman set enabled=no
/interface wireguard peers add allowed-address=10.10.90.0/24,192.168.88.0/24 client-endpoint="" comment="WG client on BI PC" disabled=no endpoint-address="" endpoint-port=0 interface=wireguard1 name=peer9 preshared-key="" private-key=XXXXXf/RFr9FogUr5iBSC0jt9TV4="
/interface wireguard peers add allowed-address=10.10.100.8/32 client-endpoint="" comment=Laptop disabled=no endpoint-address="" endpoint-port=0 interface=wireguard1 name=peer10 preshared-key="" private-key=XXXXXh+amb7U03orKJBrljQqFSxc="
/interface wireguard peers add allowed-address=10.10.100.50/32,192.168.0.0/24,192.168.5.0/24 client-endpoint="" comment="355 hEX being UDM" disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=51833 interface=wireguard1 name=355 persistent-keepalive=40s preshared-key="" private-key=XXXXXBDFxZmbbJrycOWg5omLZq3g="
/interface wireguard peers add allowed-address=10.10.100.60/32,192.168.1.0/24 client-endpoint="" comment="255 Hex behind UDM" disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=51835 interface=wireguard1 name=255 persistent-keepalive=40s preshared-key="" private-key=XXXXXQcs1c+r9bzZ0aWPK0PMwbRc="
/interface wireguard peers add allowed-address=10.10.100.2/32,192.168.40.0/24 client-endpoint="" comment=371 disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=52820 interface=wireguard1 name=371 persistent-keepalive=40s preshared-key="" private-key=XXXXXHBEBjCn9YLAxn4pMzU5lohI="
/interface wireguard peers add allowed-address=192.168.30.0/24,10.10.100.30/32 client-endpoint="" comment=76 disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=51830 interface=wireguard1 name=76 persistent-keepalive=40s preshared-key="" private-key=XXXXXu3x2t1k0omNOLVY6scNgUic="
/interface wireguard peers add allowed-address=10.10.100.70/32,192.168.70.0/24 client-endpoint="" comment=125 disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=51870 interface=wireguard1 name=125 persistent-keepalive=40s preshared-key="" private-key=XXXXXtvG3PEr6Rk4GF8HbwayGqT8="
/interface wireguard peers add allowed-address=10.10.100.1/24,192.168.2.0/24 client-endpoint="" comment=212 disabled=no endpoint-address=XXXXX.dyndns.org endpoint-port=51820 interface=wireguard1 name=212 persistent-keepalive=40s preshared-key="" private-key=XXXXXbtR1YlEYPUo/op1OqXrW4Ds="
/ip address add address=10.10.100.80/24 disabled=no interface=wireguard1 network=10.10.100.0
/ip address add address=192.168.80.1/24 disabled=no interface=bridge network=192.168.80.0
/ip address add address=10.0.0.1/24 disabled=no interface=Guest2g network=10.0.0.0
/ip address add address=10.0.0.1/24 disabled=no interface=Guest5g network=10.0.0.0
/ip cloud set back-to-home-vpn=revoked-and-disabled ddns-enabled=yes ddns-update-interval=1h update-time=yes
/ip cloud advanced set use-local-address=no
/ip dhcp-client add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dhcp-server network add address=10.0.0.0/24 caps-manager="" dhcp-option="" dns-server=9.9.9.9,1.1.1.1,8.8.8.8 gateway=10.0.0.1 !next-server ntp-server="" wins-server=""
/ip dhcp-server network add address=192.168.80.0/24 caps-manager="" comment=defconf dhcp-option="" dns-server=192.168.80.1 gateway=192.168.80.1 !next-server ntp-server="" wins-server=""
/ip dns set address-list-extra-time=0s allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 mdns-repeat-ifaces="" query-server-timeout=2s query-total-timeout=10s servers=9.9.9.9,8.8.8.8,1.1.1.1,8.8.4.4 use-doh-server="" verify-doh-cert=no vrf=main
/ip dns static add address=10.10.100.80 comment=defconf disabled=no name=729-10.10.100.80.local ttl=1d type=A
/ip dns static add address=192.168.80.1 comment=defconf disabled=no name=729.local ttl=1d type=A
/ip dns static add address=10.0.0.1 comment=defconf disabled=no name=<THISLOCATION?.router.lan ttl=1d type=A
/ip firewall address-list add address=XXXXX.dyndns.org disabled=no dynamic=no list=XXXXX
/ip firewall address-list add address=XXXXX.dyndns.org disabled=no dynamic=no list=212
/ip firewall address-list add address=IP-local-admin-destkop disabled=no dynamic=no list=authorized
/ip firewall address-list add address=IP-local-admin-laptop disabled=no dynamic=no list=authorized
/ip firewall address-list add address=<THIS LOCATION>.dyndns.org disabled=no dynamic=no list=dynamic-WANIP
/ip firewall address-list add address=192.168.0.0/16 disabled=no dynamic=no list=admin
/ip firewall address-list add address=10.10.100.0/24 disabled=no dynamic=no list=admin
/ip firewall address-list add address=10.0.0.2-10.0.0.254 disabled=no dynamic=no list="Guest WiFi"
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" disabled=yes dst-address=127.0.0.1
/ip firewall filter add action=accept chain=input comment="Allow WG Handshake" !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp dst-address=0.0.0.0 !dst-address-list !dst-address-type !dst-limit dst-port=51880 !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority protocol=udp !psd !random !routing-mark !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
/ip firewall filter add action=accept chain=input comment="allow 67 68 to 10.0.0.1" dst-address=10.0.0.1 dst-port=67,68 log=yes log-prefix="allow 67 68 to 10.0.0.1" protocol=udp
/ip firewall filter add action=drop chain=input comment="drop all to 10.0.0.1" dst-address=10.0.0.1 in-interface=!lo log=yes log-prefix="drop all to 10.0.0.1"
/ip firewall filter add action=accept chain=input comment="Allow GRE for EoIP" protocol=gre
/ip firewall filter add action=accept chain=input comment="Alow wireguard to router" in-interface=wireguard1
/ip firewall filter add action=accept chain=input comment="Allow all from LAN ifaces (bridge)" !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=LAN !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
/ip firewall filter add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !src-address src-address-list=admin !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
/ip firewall filter add action=accept chain=input src-address-list=212
/ip firewall filter add action=accept chain=input src-address-list=XXXXX
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface in-interface-list=!LAN !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host !ttl
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=accept chain=forward comment="Allow WG to subnet" disabled=yes dst-address=192.168.1.0/24 in-interface=wireguard1
/ip firewall filter add action=drop chain=forward comment="drop all 10.0.0.0/24 to not-WAN" log-prefix=drop-all-10-0-0-0-24-to-not-WAN out-interface-list=!WAN src-address=10.0.0.0/24
/ip firewall filter add action=drop chain=forward comment="drop guest to 192.168.0.0/16" dst-address=192.168.0.0/16 dst-port=!53,68,68 log=yes log-prefix=drop-guest-to-192-168-0-0-16 protocol=udp src-address-list="Guest WiFi"
/ip firewall filter add action=accept chain=forward disabled=yes in-interface=wireguard1 protocol=udp
/ip firewall filter add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
/ip firewall filter add action=accept chain=forward comment="Allow wireguard to subnet" disabled=yes dst-address=192.168.80.0/24 in-interface=wireguard1
/ip firewall filter add action=accept chain=forward comment="Allow wireguard to subnet" in-interface=wireguard1
/ip firewall filter add action=accept chain=forward comment="Allow subnet to enter WG" out-interface=wireguard1
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN !to-addresses !to-ports
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=80 log=yes protocol=tcp to-addresses=192.168.4.1 to-ports=80
/ip firewall nat add action=src-nat chain=srcnat disabled=yes dst-address=192.168.4.0/24 log=yes to-addresses=192.168.4.2 !to-ports
/ip firewall service-port set ftp disabled=no ports=21
/ip firewall service-port set tftp disabled=no ports=69
/ip firewall service-port set irc disabled=yes ports=6667
/ip firewall service-port set h323 disabled=no
/ip firewall service-port set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
/ip firewall service-port set pptp disabled=no
/ip firewall service-port set rtsp disabled=yes ports=554
/ip firewall service-port set udplite disabled=no
/ip firewall service-port set dccp disabled=no
/ip firewall service-port set sctp disabled=no
/ip hotspot service-port set ftp disabled=no ports=21
/ip hotspot user set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings set thumbnails=""
/ip nat-pmp set enabled=no
/ip proxy set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip route add disabled=no dst-address=192.168.88.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.2.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.0.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.40.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.70.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.1.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.20.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no dst-address=192.168.30.0/24 gateway=wireguard1 routing-table=main suppress-hw-offload=no
/ip service set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
/ip service set ftp address="" disabled=no max-sessions=20 port=21 vrf=main
/ip service set www address="" disabled=no max-sessions=20 port=80 vrf=main
/ip service set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
/ip service set www-ssl address="" certificate=none disabled=no max-sessions=20 port=443 tls-version=any vrf=main
/ip service set api address="" disabled=no max-sessions=20 port=8728 vrf=main
/ip service set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
/ip service set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 tls-version=any vrf=main
/ip smb shares set [ find default=yes ] directory=/pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh set always-allow-password-login=no ciphers=auto forwarding-enabled=both host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings set max-block-size=4096
/ip traffic-flow set active-flow-timeout=30m cache-entries=256k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 sampling-space=0
/ip traffic-flow ipfix set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming set accept=no port=3799 vrf=main
/routing igmp-proxy set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings set single-process=no
/snmp set contact="" enabled=yes engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" trap-version=2 vrf=main
/system clock set time-zone-autodetect=yes time-zone-name=America/New_York
/system clock manual set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system health settings set cpu-overtemp-check=no cpu-overtemp-startup-delay=1m cpu-overtemp-threshold=105C
/system identity set name=729hAPax3
/system leds set 0 disabled=no leds=poe-led type=poe-out
/system leds set 1 disabled=no interface=ether1 leds=led1 type=interface-activity
/system leds set 2 disabled=no interface=ether2 leds=led2 type=interface-activity
/system leds set 3 disabled=no interface=ether3 leds=led3 type=interface-activity
/system leds set 4 disabled=no interface=ether4 leds=led4 type=interface-activity
/system leds set 5 disabled=no interface=ether5 leds=led5 type=interface-activity
/system leds settings set all-leds-off=never
/system logging set 0 action=memory disabled=no prefix="" regex="" topics=info
/system logging set 1 action=memory disabled=no prefix="" regex="" topics=error
/system logging set 2 action=memory disabled=no prefix="" regex="" topics=warning
/system logging set 3 action=echo disabled=no prefix="" regex="" topics=critical
/system note set note="" show-at-cli-login=no show-at-login=no
/system ntp client set enabled=yes mode=unicast servers=0.north-america.pool.ntp.org,1.north-america.pool.ntp.org,3.pool.ntp.org vrf=main
/system ntp server set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system ntp client servers add address=0.north-america.pool.ntp.org auth-key=none disabled=no iburst=yes max-poll=10 min-poll=6
/system ntp client servers add address=1.north-america.pool.ntp.org auth-key=none disabled=no iburst=yes max-poll=10 min-poll=6
/system ntp client servers add address=3.pool.ntp.org auth-key=none disabled=no iburst=yes max-poll=10 min-poll=6
/system package local-update mirror set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system resource irq set 0 cpu=auto
/system resource irq set 1 cpu=auto
/system resource irq set 2 cpu=auto
/system resource irq set 3 cpu=auto
/system resource irq set 4 cpu=auto
/system resource irq set 5 cpu=auto
/system resource irq set 6 cpu=auto
/system resource irq set 7 cpu=auto
/system resource irq set 8 cpu=auto
/system resource irq set 9 cpu=auto
/system resource irq set 10 cpu=auto
/system resource irq set 11 cpu=auto
/system resource irq set 12 cpu=auto
/system resource irq set 13 cpu=auto
/system resource irq set 14 cpu=auto
/system resource irq set 15 cpu=auto
/system resource irq set 16 cpu=auto
/system resource irq set 17 cpu=auto
/system resource irq set 18 cpu=auto
/system resource irq set 19 cpu=auto
/system resource irq set 20 cpu=auto
/system resource irq set 21 cpu=auto
/system resource irq set 22 cpu=auto
/system resource irq set 23 cpu=auto
/system resource irq set 24 cpu=auto
/system resource irq set 25 cpu=auto
/system resource irq set 26 cpu=auto
/system resource irq set 27 cpu=auto
/system resource irq set 28 cpu=auto
/system resource irq set 29 cpu=auto
/system resource irq set 30 cpu=auto
/system resource irq set 31 cpu=auto
/system resource irq set 32 cpu=auto
/system resource irq set 33 cpu=auto
/system resource irq set 34 cpu=auto
/system resource irq set 35 cpu=auto
/system resource irq set 36 cpu=auto
/system resource irq set 37 cpu=auto
/system resource irq set 38 cpu=auto
/system resource irq set 39 cpu=auto
/system resource irq set 40 cpu=auto
/system resource irq set 41 cpu=auto
/system resource irq set 42 cpu=auto
/system resource irq set 43 cpu=auto
/system resource irq set 44 cpu=auto
/system resource irq set 45 cpu=auto
/system resource irq set 46 cpu=auto
/system resource irq set 47 cpu=auto
/system resource irq set 48 cpu=auto
/system resource irq rps set ether1 disabled=yes
/system resource irq rps set ether2 disabled=yes
/system resource irq rps set ether3 disabled=yes
/system resource irq rps set ether4 disabled=yes
/system resource irq rps set ether5 disabled=yes
/system resource usb settings set authorization=no
/system routerboard mode-button set enabled=no hold-time=0s..1m on-event=""
/system routerboard reset-button set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings set auto-upgrade=no boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system routerboard wps-button set enabled=no hold-time=0s..1m on-event=""
/system scheduler add disabled=yes interval=1d name=dyndns on-event=dyndns policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-10-18 start-time=21:25:36
/system scheduler add disabled=yes interval=10m name=WG-iface-restart on-event=WG-iface-restart policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-03-11 start-time=13:29:33
/system scheduler add disabled=no interval=3d name=export-download on-event=export-download policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-06-22 start-time=01:59:47
/system scheduler add disabled=yes interval=5d name=iplist on-event=IPlist policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-04-10 start-time=06:49:31
/system scheduler add disabled=no interval=2w name=dynamic-data-rextended on-event=dynamic-data-rextended policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-09-30 start-time=02:58:29
/system scheduler add disabled=no interval=2w name=dhcpleasesftp on-event=dhcpleasesftp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-01-09 start-time=18:27:20
/system scheduler add disabled=no interval=1d name=DynDNS on-event=DynDNS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-10-18 start-time=02:00:00
/system scheduler add disabled=yes interval=5m name=Data_to_Splunk on-event=Data_to_Splunk_using_Syslog policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-09-06 start-time=18:28:30
/system scheduler add disabled=no interval=0s name=SystemInfoJRS on-event=":delay 60s\
\n/system script run SystemInfoJRS" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
/system scheduler add disabled=no interval=12h name=UPSonBattery on-event=UPSonBattery policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-10-28 start-time=18:07:34
/system scheduler add disabled=yes interval=10s name=Linevoltageunder120 on-event=Linevoltageunder120 policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-10-29 start-time=11:08:15
/system script add dont-require-permissions=no name=export-download owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\
\n/export show-sensitive file=\"\$identitydate\"\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no src-path=\"/\$[\$identitydate].rsc\" dst-path=\"/mikrotik-backups/\$[\$identitydate].rsc\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n/file remove \"\$[\$identitydate].rsc\"\r\
\n\r\
\n:log info (\"Uploaded rsc backup to 192.168.2.22 as \".\$identitydate)"
/system script add dont-require-permissions=no name=WG-iface-restart owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":foreach i in=[/interface/wireguard/peers/find where disabled=no endpoint-address~\"[a-z]\\\$\"] do={\r\
\n :local LastHandshake [/interface/wireguard/peers/get \$i last-handshake]\r\
\n :if (([:tostr \$LastHandshake] = \"\") or (\$LastHandshake > [:totime \"5m\"])) do={\r\
\n \r\
\n :log info \"WG-iface-restart script found WG peers with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint\"\r\
\n\r\
\n /interface/wireguard/peers/set \$i endpoint-address=[/interface/wireguard/peers/get \$i endpoint-address]\r\
\n\r\
\n :local endpoint [/interface/wireguard/peers/get \$i endpoint-address]\r\
\n :log info \"WG-iface-restart script found WG peer with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint: \$endpoint\"\r\
\n\r\
\n }\r\
\n}\r\
\n"
/system script add dont-require-permissions=no name=IPlist owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Export public IP and mail it\r\
\n\r\
\n/ip/address print file=\"729-IP-\$[\$nowdate]\"\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no src-path=\"729-IP-\$[\$nowdate].txt\" dst-path=\"/mikrotik-backups/729-IP-\$[\$nowdate].txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n/file remove \"729-IP-\$[\$nowdate].txt\""
/system script add dont-require-permissions=no name=Get_Date-Time owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local isodateonly do={\r\
\n /system clock\r\
\n :local vdate [get date]\r\
\n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\
\n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\
\n :local M [:tonum \$MM]\r\
\n :if (\$vdate ~ \".../../....\") do={\r\
\n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\
\n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\
\n :if (\$M>12) do={:set M (\$M - 12)}\r\
\n :set MM [:pick (100 + \$M) 1 3]\r\
\n }\r\
\n :local yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\
\n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\
\n :return \"\$yyyy-\$MM-\$dd\"\r\
\n}\r\
\n\r\
\n:put \$[\$yyyy-\$MM-\$dd]"
/system script add dont-require-permissions=yes name=Get_Date-Time_2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global simplercurrdatetimestr do={\r\
\n /system clock\r\
\n :local vdate [get date]\r\
\n :local vtime [get time]\r\
\n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\
\n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\
\n :local M [:tonum \$MM]\r\
\n :if (\$vdate ~ \".../../....\") do={\r\
\n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\
\n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\
\n :if (\$M>12) do={:set M (\$M - 12)}\r\
\n :set MM [:pick (100 + \$M) 1 3]\r\
\n }\r\
\n :local yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\
\n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\
\n :local HH [:pick \$vtime 0 2]\r\
\n :local mm [:pick \$vtime 3 5]\r\
\n :local ss [:pick \$vtime 6 8]\r\
\n\r\
\n :return \"\$yyyy-\$MM-\$dd \$HH:\$mm:\$ss\"\r\
\n}\r\
\n\r\
\n:put [\$simplercurrdatetimestr]\r\
\n\r\
\n:put [\$yyyy]\r\
\n\r\
\n"
/system script add comment=test dont-require-permissions=yes name=test owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\
\n:local identity \"\$[identity get name]\"\r\
\n:local Host \$host\r\
\n:local Status [get [find where host=\"\$Host\"] status]\r\
\n:local Interval [get [find where host=\"\$Host\"] interval]\r\
\n\r\
\n:log info \"script=netwatch watch_host=\$Host comment=\\\"\$Comment\\\" status=\$Status interval=\$Interval\"\r\
\n\r\
\n:tool e-mail send to=jXXXXX@domain.com subject=\"\$identity \$Status\" body=( \"\$Host\" )"
/system script add dont-require-permissions=no name=script1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local arrMonths {jan=\"01\";feb=\"02\";mar=\"03\";apr=\"04\";may=\"05\";jun=\"06\";jul=\"07\";aug=\"08\";sep=\"09\";oct=\"10\";nov=\"11\";dec=\"12\"}\r\
\n:local today [/system clock get date]\r\
\n:local dateinside \"\$[:pick \$today 7 11]-\$(\$arrMonths->[:pick \$today 1 3])-\$[:pick \$today 4 6]\"\r\
\n:local backupfile \"\$[/system identity get name]_\$dateinside_\$[/system clock get time]_\$[/system resource get uptime].backup\""
/system script add dont-require-permissions=no name=script2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local thisBox [/system identity get name];\r\
\n\r\
\n:global simplercurrdatetimestr do={\r\
\n /system clock\r\
\n :local vdate [get date]\r\
\n :local vtime [get time]\r\
\n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\
\n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\
\n :local M [:tonum \$MM]\r\
\n :if (\$vdate ~ \".../../....\") do={\r\
\n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\
\n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\
\n :if (\$M>12) do={:set M (\$M - 12)}\r\
\n :set MM [:pick (100 + \$M) 1 3]\r\
\n }\r\
\n :global yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\
\n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\
\n :local HH [:pick \$vtime 0 2]\r\
\n :local mm [:pick \$vtime 3 5]\r\
\n :local ss [:pick \$vtime 6 8]\r\
\n\r\
\n :return \"\$yyyy-\$MM-\$dd-\$HH:\$mm:\$ss\"\r\
\n}\r\
\n\r\
\n#:put [\$simplercurrdatetimestr]\r\
\n\r\
\n\r\
\n#:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox UP\" body=( \$simplercurrdatetimestr \$thisBox UP to 24.168.72.1\" )\r\
\n\r\
\n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox UP\" body=(\$simplercurrdatetimestr)"
/system script add dont-require-permissions=no name=dynamic-data-rextended owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system\r\
\n:local identitydate \"\$[identity get name]_\$[clock get date]\"\r\
\n:local stringexec \"/system iden print; :put \\\"\\\\r\\\\n\\\"; /ip cloud pri; :put \\\"\\\\r\\\\n\\\"; /ip dhcp-server lease pri det; :put \\\"\\\\r\\\\n\\\"; /int bridge host pri det\"\r\
\n\r\
\n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\
\n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wifiwave2 reg pri det\"\r\
\n} \r\
\n\r\
\n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\
\n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wireless reg pri det\"\r\
\n}\r\
\n\r\
\n\r\
\n/file remove [find where name=tmpresults.txt]\r\
\n:delay 1s\r\
\n:execute \$stringexec file=tmpresults.txt\r\
\n:delay 2s\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no address=192.168.2.22 port=21 user=mikrotik password=XXXXX \\\r\
\n src-path=tmpresults.txt dst-path=\"/mikrotik-backups/\$identitydate-dynamicdata.txt\"\r\
\n\r\
\n/file remove [find where name=tmpresults.txt]"
/system script add dont-require-permissions=no name=DHCP_to_DNS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# SPDX-License-Identifier: CC0-1.0\
\n\r\
\n\r\r\r\r\
\n\r\
\n\r\r:local domains [:toarray \"729.local\"]\
\n\r\
\n\r\r:local dnsttl \"15m\"\
\n\r\
\n\r\r\
\n\r\
\n\r\r:local magiccomment \"automatic-from-dhcp (magic comment)\"\
\n\r\
\n\r\r:local activehosts [:toarray \"\"]\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach lease in [/ip dhcp-server lease find] do={\
\n\r\
\n\r\r :local hostname [/ip dhcp-server lease get value-name=host-name \$lease]\
\n\r\
\n\r\r :local hostaddr [/ip dhcp-server lease get value-name=address \$lease]\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len \$hostname] > 0) do={\
\n\r\
\n\r\r :foreach domain in \$domains do={\
\n\r\
\n\r\r :local regdomain \"\$hostname.\$domain\"\
\n\r\
\n\r\r :set activehosts (\$activehosts, \$regdomain)\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain]] = 0) do={\
\n\r\
\n\r\r /ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\
\n\r\
\n\r\r } else={\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain comment=\$magiccomment]] = 1) do={\
\n\r\
\n\r\r /ip dns static set address=\$hostaddr [/ip dns static find name=\$regdomain comment=\$magiccomment]\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach dnsentry in [/ip dns static find where comment=\$magiccomment] do={\
\n\r\
\n\r\r :local hostname [/ip dns static get value-name=name \$dnsentry]\
\n\r\
\n\r\r :if ([:type [:find \$activehosts \$hostname]] = \"nil\") do={\
\n\r\
\n\r\r /ip dns static remove \$dnsentry\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r"
/system script add dont-require-permissions=no name=dhcpleasesftp owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n/file remove [find where name=temp3.txt]\r\
\n\r\
\n/system\r\
\n\r\
\n:local identitydate \"\$[identity get name]\"\r\
\n\r\
\n:local stringexec \"/ip dhcp-server lease; :foreach i in=[find] do={ :put ([get \\\$i address].\\\",\\\".[get \\\$i comment].\\\",\\\",[get \\\$i mac-address].\\\",\\\".[get \\\$i host-name] ) }\"\r\
\n\r\
\n\r\
\n:execute \$stringexec file=temp3\r\
\n\r\
\n:delay 60\r\
\n\r\
\n/tool fetch address=192.168.2.22 port=21 user=mikrotik password=XXXXX src-path=temp3.txt mode=ftp dst-path=\"/mikrotik-backups/\$identitydate-leases.txt\" upload=yes ascii=no\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=DynDNS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\n/system\
\n:local cdate [clock get date] \
\n:local yyyy [:pick \$cdate 0 4]\
\n:local MM [:pick \$cdate 5 7]\
\n:local dd [:pick \$cdate 8 10]\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\
\n#/export show-sensitive file=\"\$identitydate\"\
\n\
\n# Export public IP and mail it\
\n\
\n#/ip/address print file=\"\$identitydate-IP\"\
\n\
\n#/tool fetch upload=yes mode=ftp ascii=no src-path=\"\$[\$identitydate]-IP.txt\" dst-path=\"/mikrotik-backups/\$[\$identitydate]-IP.txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\
\n\
\n#/file remove \"\$identitydate-IP.txt\"\
\n\
\n# Set needed variables\
\n\t:local username \"josephXXXXX\"\
\n\t:local clientkey XXXXX788e206873aa78bc3\"\
\n\t:local hostname \"<THISLOCATION>.dyndns.org\"\
\n\
\n\t:global dyndnsForce\
\n\t:global previousIP\
\n\
\n# get the current IP address from the internet (in case of double-nat)\
\n\t/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-path=\"/dyndns.checkip.html\"\
\n\t:delay 1\
\n\t:local result [/file get dyndns.checkip.html contents]\
\n\
\n# parse the current IP result\
\n\t:local resultLen [:len \$result]\
\n\t:local startLoc [:find \$result \": \" -1]\
\n\t:set startLoc (\$startLoc + 2)\
\n\t:local endLoc [:find \$result \"</body>\" -1]\
\n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\
\n\t:log info \"UpdateDynDNS: currentIP = \$currentIP\"\
\n\
\n# Remove the # on next line to force an update every single time - useful for debugging,\
\n# but you could end up getting blacklisted by DynDNS!\
\n\
\n#:set dyndnsForce true\
\n\
\n# Determine if dyndns update is needed\
\n# more dyndns updater request details https://help.dyn.com/remote-access-api/perform-update/\
\n\t:log info \"UpdateDynDNS: previousIP = \$previousIP\"\
\n\t:if (\$dyndnsForce = true) do={ :log warning \"UpdateDynDNS: Forced update on\" }\
\n\
\n\t:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\
\n\t\t:set dyndnsForce false\
\n\t\t:set previousIP \$currentIP\
\n\
\n\t\t/tool fetch mode=https \\\
\n\t\turl=\"https://\$username:\$clientkey XXXXXg/v3/update\?hostname=\$hostname&myip=\$currentIP\" \\ \
\n\t\tdst-path=\"/dyndns.txt\"\
\n\
\n\t\t:delay 1\
\n\t\t:local result [/file get dyndns.txt contents]\
\n\t\t:log info (\"UpdateDynDNS: Dyndns update needed\")\
\n\t\t:log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\
\n\t\t:put (\"Dyndns Update Result: \".\$result)\
\n\
\n /ip/address print file=\"\$identitydate-IP\"\
\n\
\n /tool fetch upload=yes mode=ftp ascii=no src-path=\"\$[\$identitydate]-IP.txt\" dst-path=\"/mikrotik-backups/\$[\$identitydate]-IP.txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\
\n\
\n /file remove \"\$identitydate-IP.txt\"\
\n\
\n\
\n\t} else={\
\n\t\t:log info (\"UpdateDynDNS: No dyndns update needed\")\
\n\t}\
\n\
\n"
/system script add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Collect information from Mikrotik RouterOS\r\
\n# Jotne 2024\r\
\n# Script name=Data_to_Splunk_using_Syslog\r\
\n:log info message=\"script=version ver=5.6\"\r\
\n# ----------------------------------\r\
\n\r\
\n# Auto update syslog server. 5.3-5.4.\r\
\n# Change <your syslog dns name> to the dns of your syslog server.\r\
\n# The update is disabled by default. Remove the # from the two next line to use it.\r\
\n\r\
\n#:local mySyslog [resolve <your syslog dns name>]\r\
\n#/system/logging/action/set [find where name=\"logserver\"] remote=\$mySyslog\r\
\n\r\
\n\r\
\n# What data to collect. Set to false to skip the section \r\
\n# ----------------------------------\r\
\n:local SystemResource true\r\
\n:local SystemInformation true\r\
\n:local SystemHealth true\r\
\n:local TrafficData true\r\
\n:local AccountData true\r\
\n:local uPnP true\r\
\n:local Wireless true\r\
\n:local AddressLists true\r\
\n:local DHCP true\r\
\n:local Neighbor true\r\
\n:local InterfaceData true\r\
\n:local CmdHistory true\r\
\n:local CAPsMANN false\r\
\n\r\
\n:local Routing true\r\
\n:local OSPF false\r\
\n:local BGP false\r\
\n\r\
\n:local PPP true\r\
\n:local IPSEC true\r\
\n\r\
\n# Get RouterOS main version (used to run different script on different version)\r\
\n:local train [:tonum [:pick [/system resource get version] 0 1]] \r\
\n\r\
\n# Collect system resource\r\
\n# ----------------------------------\r\
\n:if (\$SystemResource) do={\r\
\n\t/system resource\r\
\n\t:local cpuload [get cpu-load]\r\
\n\t:local freemem ([get free-memory]/1048576)\r\
\n\t:local totmem ([get total-memory]/1048576)\r\
\n\t:local freehddspace ([get free-hdd-space]/1048576)\r\
\n\t:local totalhddspace ([get total-hdd-space]/1048576)\r\
\n\t:local up [get uptime]\r\
\n\t:local sector [get write-sect-total]\r\
\n\t:log info message=\"script=resource free_memory=\$freemem MB total_memory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhddspace MB cpu_load=\$cpuload uptime=\$up write-sect-total=\$sector\"\r\
\n}\r\
\n\r\
\n\r\
\n# Make some part only run every hours\r\
\n# ----------------------------------\r\
\n:global Hour\r\
\n:local run false\r\
\n:local hour [:pick [/system clock get time] 0 2]\r\
\n:if (\$Hour != \$hour) do={\r\
\n\t:global Hour \$hour\r\
\n\t:set run true\r\
\n}\r\
\n\r\
\n\r\
\n# Get NTP status\r\
\n# ----------------------------------\r\
\n:local ntpstatus \"\"\r\
\n:if ([:len [/system package find where !disabled and name=ntp]] > 0 or [:tonum [:pick [/system resource get version] 0 1]] > 6) do={\r\
\n :set ntpstatus [/system ntp client get status]\r\
\n} else={\r\
\n :if ([:typeof [/system ntp client get last-update-from]] = \"nil\") do={\r\
\n :set ntpstatus \"using-local-clock\"\r\
\n } else={\r\
\n :set ntpstatus \"synchronized\"\r\
\n }\r\
\n}\r\
\n:log info message=\"script=ntp status=\$ntpstatus\" \r\
\n\r\
\n\r\
\n# Get interface traffic data for all interface\r\
\n# ----------------------------------\r\
\n:if (\$TrafficData) do={\r\
\n\t:foreach id in=[/interface find] do={\r\
\n\t\t:local output \"\$[/interface print stats as-value where .id=\$id]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"if_traffic\"\r\
\n\t\t:log info message=\"\$output\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Get traffic data v2 (Kid Control)\r\
\n# ----------------------------------\r\
\n:if (\$AccountData) do={\r\
\n\t:foreach logline in=[/ip kid-control device find] do={\r\
\n\t\t:local output \"\$[/ip kid-control device get \$logline]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"kids\"\r\
\n\t\t:log info message=\"\$output\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Finding dynmaic lines used in uPnP\r\
\n# ----------------------------------\r\
\n:if (\$uPnP) do={\r\
\n\t:foreach logline in=[/ip firewall nat find where dynamic=yes and comment~\"^upnp \"] do={\r\
\n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\
\n\t\t:log info message=\"\$output\" \r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system information 5.5 added ID for non routerBoard 5.6 Remvoed serial\r\
\n# ----------------------------------\r\
\n:local model na\r\
\n:local ffirmware na\r\
\n:local cfirmware na\r\
\n:local ufirmware na\r\
\n:if (\$SystemInformation and \$run) do={\r\
\n\t:local version ([/system resource get version])\r\
\n\t:local board ([/system resource get board-name])\r\
\n\t:local identity ([/system identity get name])\r\
\n\t:do {\r\
\n\t\t:if (\$board!=\"CHR\" OR \$board!=\"x86\") do={\r\
\n\t\t\t/system routerboard\r\
\n\t\t\t:set model ([get model])\r\
\n\t\t\t:set ffirmware ([get factory-firmware])\r\
\n\t\t\t:set cfirmware ([get current-firmware])\r\
\n\t\t\t:set ufirmware ([get upgrade-firmware])\r\
\n\t\t}\r\
\n\t} on-error={}\r\
\n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-name=\\\"\$board\\\" model=\\\"\$model\\\" identity=\\\"\$identity\\\" factory-firmware=\\\"\$ffirmware\\\" current-firmware=\\\"\$cfirmware\\\" upgrade-firmware=\\\"\$ufirmware\\\"\"\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system health\r\
\n# ----------------------------------\r\
\n:if (\$train > 6 and \$SystemHealth) do={\r\
\n\t# New version (RouterOS >6)\r\
\n\t:foreach id in=[/system health find] do={\r\
\n\t\t:local health \"\$[/system health get \$id]\"\r\
\n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\
\n\t\t:log info message=\"\$health\"\r\
\n\t}\r\
\n} else={\r\
\n\t# Old version (RouterOS 6 or older)\r\
\n\t:if (!([/system health get]~\"(state=disabled|^\\\$)\")) do={\r\
\n\t\t:local health \"\$[/system health get]\"\r\
\n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\
\n\t\t:log info message=\"\$health\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n# Sends wireless client data to log server \r\
\n# ----------------------------------\r\
\n:if (\$Wireless && [:len [/int find where type=wlan]]>0) do={\r\
\n\t/interface wireless registration-table\r\
\n\t:foreach i in=[find] do={\r\
\n\t\t:log info message=\".id=\$i;ap=\$([get \$i ap]);interface=\$([get \$i interface]);mac-address=\$([get \$i mac-address]);signal-strength=\$([get \$i signal-strength]);tx-rate=\$([get \$i tx-rate]);uptime=\$([get \$i uptime]);script=wifi\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Count IP in address-lists\r\
\n#----------------------------------\r\
\n:if (\$AddressLists) do={\r\
\n\t:local array [ :toarray \"\" ]\r\
\n\t:local addrcntdyn [:toarray \"\"] \r\
\n\t:local addrcntstat [:toarray \"\"] \r\
\n\t:local test\r\
\n\t:foreach id in=[/ip firewall address-list find] do={\r\
\n\t\t:local rec [/ip firewall address-list get \$id]\r\
\n\t\t:local listname (\$rec->\"list\")\r\
\n\t\t:local listdynamic (\$rec->\"dynamic\")\r\
\n\t\t:if (!(\$array ~ \$listname)) do={ :set array (\$array , \$listname) }\r\
\n\t\t:if (\$listdynamic = true) do={\r\
\n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\
\n\t\t} else={\r\
\n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\
\n\t}\r\
\n\t:foreach k in=\$array do={\r\
\n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$addrcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\
\n}\r\
\n\r\
\n\r\
\n# Get MNDP (CDP) Neighbors\r\
\n# ----------------------------------\r\
\n:if (\$Neighbor and \$run) do={\r\
\n\t:foreach neighborID in=[/ip neighbor find] do={\r\
\n\t\t:local nb [/ip neighbor get \$neighborID]\r\
\n\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\r\
\n\t\t:foreach key,value in=\$nb do={\r\
\n\t\t\t:local newline [:find \$value \"\\n\"]\r\
\n\t\t\t:if ([\$newline]>0) do={\r\
\n\t\t\t\t:set value [:pick \$value 0 \$newline]\r\
\n\t\t\t}\r\
\n\t\t\t:log info message=\"script=neighbor nid=\$id \$key=\\\"\$value\\\"\"\r\
\n\t\t}\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect DHCP Pool information\r\
\n# ----------------------------------\r\
\n:if (\$DHCP and \$run) do={\r\
\n\t/ip pool {\r\
\n\t\t:local poolname\r\
\n\t\t:local pooladdresses\r\
\n\t\t:local poolused\r\
\n\t\t:local minaddress\r\
\n\t\t:local maxaddress\r\
\n\t\t:local findindex\r\
\n\r\
\n# Iterate through IP Pools\r\
\n\t\t:foreach pool in=[find] do={\r\
\n\t\t\t:set poolname [get \$pool name]\r\
\n\t\t\t:set pooladdresses 0\r\
\n\t\t\t:set poolused 0\r\
\n\r\
\n# Iterate through current pool's IP ranges\r\
\n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\
\n\r\
\n# Get min and max addresses\r\
\n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\
\n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\
\n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\
\n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:len [:tostr \$range]]]\r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:set minaddress [:tostr \$range]\r\
\n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\
\n\t\t\t\t}\r\
\n\r\
\n# Calculate number of ip in one range\r\
\n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\
\n\r\
\n# /foreach range\r\
\n\t\t\t}\r\
\n\r\
\n# Test if pools is used in DHCP or VPN and show leases used\r\
\n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\r\
\n\t\t\t:if ([:len \$dname] = 0) do={\r\
\n# No DHCP server found, assume VPN\r\
\n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\
\n\t\t\t} else={\r\
\n# DHCP server found, count leases\r\
\n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poolname] name]\r\
\n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$dname]]}\r\
\n\r\
\n# Send data\r\
\n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused total=\$pooladdresses\")\r\
\n\r\
\n# /foreach pool\r\
\n\t\t}\r\
\n# /ip pool\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Get detailed command history RouterOS >= v7\r\
\n# ----------------------------------\r\
\n:if (\$train > 6 and \$CmdHistory) do={\r\
\n\t:global cmd\r\
\n\t:local f 0\r\
\n\t:foreach i in=[/system history find] do={\r\
\n\t\t:if (\$i = \$cmd) do={ :set f 1 }\r\
\n\t\t:if (\$f != 1) do={\r\
\n\t\t\t:log info message=\"StartCMD\"\r\
\n\t\t\t:log info message=[/system history get \$i]\r\
\n\t\t\t:log info message=\"EndCMD\"\r\
\n\t\t}\r\
\n\t}\r\
\n\t:global cmd [:pick [/system history find] 0]\r\
\n}\r\
\n\r\
\n\r\
\n# Test if CAPsMANN is installed and run script 5.5\r\
\n# ----------------------------------\r\
\n:if ( ([:len [/interface find where type=\"cap\"]] > 0) and \$CAPsMANN) do={ \r\
\n\t/system script run CAPsMANN\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n# Collect routing information\r\
\n# ----------------------------------\r\
\n:if (\$Routing) do={\r\
\n\t/ip route\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local route \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$route\"->\"script\" ) \"route\"\r\
\n\t\t:log info message=\"\$route\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$OSPF) do={\r\
\n\t/routing ospf neighbor\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ospf \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ospf\"->\"script\" ) \"ospf\"\r\
\n\t\t:log info message=\"\$ospf\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$BGP) do={\r\
\n\t/routing bgp session\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local bgp \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$bgp\"->\"script\" ) \"bgp\"\r\
\n\t\t:log info message=\"\$bgp\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect PPP/IPSEC\r\
\n# ----------------------------------\r\
\n:if (\$PPP) do={\r\
\n\t/ppp active\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ppp \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ppp\"->\"script\" ) \"ppp\"\r\
\n\t\t:log info message=\"\$ppp\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$IPSEC) do={\r\
\n\t/ip ipsec active-peers\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ipsec \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ipsec\"->\"script\" ) \"ipsec\"\r\
\n\t\t:log info message=\"\$ipsec\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n# End Script\r\
\n\r\
\n"
/system script add dont-require-permissions=yes name=Netwatch owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="####################################\
\n# Netwatch script\
\n#\
\n# Used as both up and down script\
\n# Created Jotne 2021 v1.5\
\n#\
\n####################################\
\n:local Host \$host\
\n/tool netwatch\
\n:local Status [get [find where host=\"\$Host\"] status]\
\n:local Comment [get [find where host=\"\$Host\"] comment]\
\n:local Interval [get [find where host=\"\$Host\"] interval]\
\n:local Since [get [find where host=\"\$Host\"] since]\
\n:log info \"script=netwatch watch_host=\$Host comment=\\\"\$Comment\\\" status=\$Status interval=\$Interval since=\\\"\$Since\\\"\""
/system script add dont-require-permissions=yes name=Netwatch-JRS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local Host \$host\
\n/tool netwatch\
\n:local Status [get [find where host=\"\$Host\"] status]\
\n:local Comment [get [find where host=\"\$Host\"] comment]\
\n:local Interval [get [find where host=\"\$Host\"] interval]\
\n:local Since [get [find where host=\"\$Host\"] since]\
\n:local thisBox [/system identity get name];\
\n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox DOWN to \$Host\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \"\$thisBox DOWN to \$Host\" )\
\n"
/system script add dont-require-permissions=yes name=Netwatch-JRS-small owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local Host \$host\
\n/tool netwatch\
\n:local Status [get [find where host=\"\$Host\"] status]\
\n:local Comment [get [find where host=\"\$Host\"] comment]\
\n:local Interval [get [find where host=\"\$Host\"] interval]\
\n:local Since [get [find where host=\"\$Host\"] since]\
\n:local thisBox [/system identity get name];\
\n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox DOWN to \$Host\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \"\$thisBox DOWN to \$Host\" )\
\n:log info \"script=Netwatch-JRS-small watch_host=\$Host comment=\\\"\$Comment\\\" status=\$Status interval=\$Interval since=\\\"\$Since\\\"\"\
\n"
/system script add dont-require-permissions=no name=SystemInfoJRS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\n# Collect system resource\
\n\t/system resource\
\n\t:local cpuload [get cpu-load]\
\n\t:local freemem ([get free-memory]/1048576)\
\n\t:local totmem ([get total-memory]/1048576)\
\n\t:local freehddspace ([get free-hdd-space]/1048576)\
\n\t:local totalhddspace ([get total-hdd-space]/1048576)\
\n\t:local up [get uptime]\
\n\t:local sector [get write-sect-total]\
\n\t:log info message=\"free_memory=\$freemem MB total_memory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhddspace MB cpu_load=\$cpuload uptime=\$up write-sect-total=\$sector\"\
\n\
\n\
\n\
\n# Collect system information 5.5 added ID for non routerBoard 5.6 Remvoed serial\
\n:local model na\
\n:local ffirmware na\
\n:local cfirmware na\
\n:local ufirmware na\
\n\
\n\t:local version ([/system resource get version])\
\n\t:local board ([/system resource get board-name])\
\n\t:local identity ([/system identity get name])\
\n\t:do {\
\n\t\t:if (\$board!=\"CHR\" OR \$board!=\"x86\") do={\
\n\t\t\t/system routerboard\
\n\t\t\t:set model ([get model])\
\n\t\t\t:set ffirmware ([get factory-firmware])\
\n\t\t\t:set cfirmware ([get current-firmware])\
\n\t\t\t:set ufirmware ([get upgrade-firmware])\
\n\t\t}\
\n\t} on-error={}\
\n\t:log info message=\"version=\\\"\$version\\\" board-name=\\\"\$board\\\" model=\\\"\$model\\\" identity=\\\"\$identity\\\"\"\
\n\
\n\
\n# Collect IP addresses\
\n:foreach neighborID in=[/ip address find] do={\
\n\t\t:local nb [/ip address get \$neighborID]\
\n\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\
\n\t\t:foreach key,value in=\$nb do={\
\n\t\t\t:local newline [:find \$value \"\\n\"]\
\n\t\t\t:if ([\$newline]>0) do={\
\n\t\t\t\t:set value [:pick \$value 0 \$newline]\
\n\t\t\t}\
\n\t\t\t:if (\$key~\"add\") do={\
\n#\t\t\t:log info message=\"script=IP-ADDRESSES nid=\$id value=\$key=\\\"\$value\\\"\"\
\n\
\n\t\t\t:log info message=\"System IP Address \$value\"\
\n\t\t }\
\n\t }\
\n}\
\n\
\n\
\n# Collect system health\
\n#\t:foreach id in=[/system health find] do={\
\n#\t\t:local health \"\$[/system health get \$id]\"\
\n#\t\t:set ( \"\$health\"->\"script\" ) \"health\"\
\n#\t\t:log info message=\"\$health\"\
\n#\t}\
\n\
\n\
\n\
\n\
\n# Get MNDP (CDP) Neighbors\
\n#\t:foreach neighborID in=[/ip neighbor find] do={\
\n#\t\t:local nb [/ip neighbor get \$neighborID]\
\n#\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\
\n#\t\t:foreach key,value in=\$nb do={\
\n#\t\t\t:local newline [:find \$value \"\\n\"]\
\n#\t\t\t:if ([\$newline]>0) do={\
\n#\t\t\t\t:set value [:pick \$value 0 \$newline]\
\n#\t\t\t}\
\n#\t\t\t:log info message=\"script=neighbor nid=\$id \$key=\\\"\$value\\\"\"\
\n#\t\t}\
\n#\t}\
\n\
\n\
\n\
\n\
\n\
\n"
/system script add dont-require-permissions=no name=UPSonBattery owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\n:local voltage (([/system ups monitor 0 once as-value]->\"line-voltage\")/100)\
\n:local online ([/system ups monitor 0 once as-value]->\"on-line\")\
\n\
\n#:log info \$online\
\n\
\n:if (([/system/ups/monitor 0 once as-value]->\"on-line\") = false) do={\
\n :log info \"UPS on-line is false; input voltage is \$voltage\"\
\n}\
\n\
\n:if (([/system/ups/monitor 0 once as-value]->\"line-voltage\") < 11500) do={\
\n :log info \"UPS input voltage is \$voltage\"\
\n}\
\n\
\n#:log info \"UPS input voltage is \$voltage\"\
\n\
\n"
/system script add dont-require-permissions=no name=Linevoltageunder120 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\n:local voltage (([/system ups monitor 0 once as-value]->\"line-voltage\")/100)\
\n\
\n\
\n:if (([/system/ups/monitor 0 once as-value]->\"on-line\") = \"false\") do={\
\n :log info \"UPS on-line is false; input voltage is \$voltage\"\
\n}\
\n\
\n:if (([/system/ups/monitor 0 once as-value]->\"line-voltage\") < 11700) do={\
\n :log info \"UPS input voltage is \$voltage\"\
\n}\
\n\
\n#:log info \"UPS input voltage is \$voltage\"\
\n\
\n"
/system watchdog set auto-send-supout=yes automatic-supout=yes ping-start-after-boot=10m ping-timeout=10m send-email-from=jXXXXX@domain.com send-email-to=jXXXXX@domain.com watch-address=1.1.1.1 watchdog-timer=yes
/tool bandwidth-server set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail set from=jXXXXX@domain.com password=XXXXX port=587 server=smtp.gmail.com tls=starttls user=jXXXXX@domain.com vrf=main
/tool graphing set page-refresh=300 store-every=5min
/tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=wireguard1 store-on-disk=yes
/tool graphing interface add allow-address=0.0.0.0/0 disabled=no interface=bridge store-on-disk=yes
/tool graphing queue add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all store-on-disk=yes
/tool graphing resource add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
/tool mac-server set allowed-interface-list=ALL
/tool mac-server mac-winbox set allowed-interface-list=ALL
/tool mac-server ping set enabled=yes
/tool netwatch add comment=Netwatch-1.1.1.1 disabled=no down-script=Netwatch host=1.1.1.1 http-codes="" interval=2m name=Netwatch-1.1.1.1 test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-9.9.9.9 disabled=no down-script=Netwatch-JRS-small host=9.9.9.9 http-codes="" interval=2m name=9.9.9.9 test-script="" type=simple up-script=Netwatch-JRS-small
/tool romon set enabled=yes id=00:00:00:00:00:00 secrets=""
/tool romon port set [ find default=yes ] cost=100 disabled=no forbid=no interface=all secrets=""
/tool sms set allowed-number="" channel=0 polling=no port=none receive-enabled=no secret="" sim-pin="" sms-storage=sim
/tool sniffer set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=yes only-headers=no quick-rows=20 quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings set minimum-categories=0 minimum-password-length=0
