Lan ports 10Mbps only, and cannot access the router when tagged port1 switch

Hi. I’d like to get some advices about some issues with my network setup.

I have RB750gr3 as follows:
ether1-WAN1 (to isp1)
ether2-WAN2 (to isp2)
ether3-LAN (to port1 at DLink smart 8 port switch)
ether4-LAN (empty)
ether5-LAN (empty)

ether3, ether4 and ether5 are bridged into (bridge-LAN-SW)
bridge-LAN-SW has the main dhcp server (192.168.5.0/24)
bridge-LAN-SW also have 3 vlans, each vlan with its own dhcp server (172.16.69.0/24, 10.55.5.0/24, 10.13.37.0/24)

Dlink smart switch:
vid=1, untagged ports=eth1,eth2,eth3,eth4,eth5 / tagged ports=none
vid=69, untagged ports=eth6 / tagged ports=eth1
vid=555, untagged ports=eth7 / tagged ports=eth1
vid=1337, untagged ports=eth8 / tagged ports=eth1
pvid=1(eth1,eth2,eth3,eth4,eth5), pvid=69(eth6), pvid=555(eth7), pvid=1337(eth8)

I have 2 issues.

1)When I transfer data between devices connected to the switch at default vlan ports (2 to 5, because port1 go to the router), they got 192.168.5.0/24 addresses and also got almost 1Gbps rate, ok, no problem so far.

But if I connect some device to the router at ether4 or ether5 port, it gets 192.168.5.0/24 address, and transfer data to any device connected to the switch at defeault vlan port, then only got 10Mbps rate instead of 1Gbps. Besides, when connected 2 devices to the router at ports ether4 and ether5, they got 192.168.5.0/24 addresses but also got 10Mbps. What I did wrong?

2)If I change at the switch, port1 to tagged, every device connected to default vlan ports still get 192.168.5.0/24 address but cannot connect to the router. How can I solved it?

port eth1 at switch “should be a trunk port”, but I understand that trunk port must be tagged on all vlans.

Thanks a lot for your comments

Post configuration export of your RB (execute /export hide-sensitive file=anynameyouwish in terminal window, fetch resulting file, open it with text editor and copy-paste conrents inside [__code] [/code] environment).

As to trunk config: usage of VLAN ID 1 is highly discouraged. That VID is implicit default value everywhere and it’s very hard to change dedaulrs so that use of VID 1 is trouble free. OTOH when talking about untagged "V"LAN between RB and Dlink, it doesn’t have to be the same VID used on both devices, packets are exchanged tagless between them (in case you want to stick to VID 1 on Dlink for some reason). I’d suggest to use all-tagged conection between both LAN gadgets anyway.

Thanks for your answer.
Ok here it is.

# may/26/2021 15:58:03 by RouterOS 6.48.2
# software id = ZPNF-NZKB
#
# model = RB750Gr3
# serial number = D5030D0C346F
/interface bridge
add admin-mac=08:55:31:6A:59:63 auto-mac=no name=bridge-LAN-SW
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1-Cantv
set [ find default-name=ether2 ] name=ether2-WAN2-NetUno
set [ find default-name=ether3 ] loop-protect=on name=ether3-LAN
set [ find default-name=ether4 ] loop-protect=on name=ether4-LAN
set [ find default-name=ether5 ] loop-protect=on name=ether5-LAN
/interface vlan
add interface=bridge-LAN-SW name=VLAN69-IoT vlan-id=69
add interface=bridge-LAN-SW name=VLAN555-CCTV vlan-id=555
add interface=bridge-LAN-SW name=VLAN1337-Guest vlan-id=1337
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Steam regexp="^..+\\.(steam|valve|steampowered|steamcommunity|steamga\
    mes|steamusercontent|steamcontent|steamstatic).*\$"
add name=facebook regexp="^.+(facebook).*\$"
/ip pool
add name=default-dhcp ranges=192.168.5.11-192.168.5.254
add name=dhcp_pool1-69-IOT ranges=172.16.69.2-172.16.69.254
add name=dhcp_pool2-555-CCTV ranges=10.55.5.2-10.55.5.254
add name=dhcp_pool3-1337-GUEST ranges=10.13.37.2-10.13.37.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-LAN-SW name=\
    defconf
add address-pool=dhcp_pool1-69-IOT disabled=no interface=VLAN69-IoT name=\
    dhcp1
add address-pool=dhcp_pool2-555-CCTV disabled=no interface=VLAN555-CCTV name=\
    dhcp2
add address-pool=dhcp_pool3-1337-GUEST disabled=no interface=VLAN1337-Guest \
    name=dhcp3
/queue simple
add max-limit=1536k/10M name=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.0/24
add name=970Extreme4 parent=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.101/32
add name=A515-43-R19L_Wi-Fi parent=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.107/32
add name=A515-43-R19L_Eth parent=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.108/32
add name=UN32EH5300_Eth parent=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.109/32
add name=UN32EH5300_Wi-Fi parent=LAN-SW queue=\
    pcq-upload-default/pcq-download-default target=192.168.5.110/32
add name=Redmi-7A parent=LAN-SW queue=pcq-upload-default/pcq-download-default \
    target=192.168.5.112/32
add max-limit=512k/2M name=Guest queue=\
    pcq-upload-default/pcq-download-default target=10.13.37.0/24
add max-limit=384k/1M name=IoT queue=pcq-upload-default/pcq-upload-default \
    target=172.16.69.0/24
add max-limit=256k/1M name=CCTV queue=pcq-upload-default/pcq-download-default \
    target=10.55.5.0/24
add name=Kali parent=LAN-SW target=192.168.5.100/32
add max-limit=128k/512k name=queue1 parent=IoT target=172.16.69.69/32
add max-limit=128k/512k name=queue2 parent=IoT target=172.16.69.70/32
add max-limit=128k/512k name=queue3 parent=IoT target=172.16.69.71/32
/queue tree
add max-limit=3M name=WAN1-Down parent=bridge-LAN-SW queue=\
    pcq-download-default
add limit-at=64k max-limit=128k name=WAN1-Down-ICMP packet-mark=\
    paq-ICMP-WAN1-Down parent=WAN1-Down priority=1 queue=pcq-download-default
add limit-at=64k max-limit=128k name=WAN1-Down-DNS packet-mark=\
    paq-DNS-WAN1-Down parent=WAN1-Down priority=2 queue=pcq-download-default
add limit-at=512k max-limit=3M name=WAN1-Down-Gaming packet-mark=\
    paq-Gaming-WAN1-Down parent=WAN1-Down priority=3 queue=\
    pcq-download-default
add limit-at=512k max-limit=3M name=WAN1-Down-Web+Correo packet-mark=\
    paq-Web+Correo-WAN1-Down parent=WAN1-Down priority=4 queue=\
    pcq-download-default
add limit-at=256k max-limit=3M name=WAN1-Down-Videos packet-mark=\
    paq-Videos-WAN1-Down parent=WAN1-Down priority=5 queue=\
    pcq-download-default
add limit-at=256k max-limit=3M name=WAN1-Down-RRSS packet-mark=\
    paq-RRSS-WAN1-Down parent=WAN1-Down priority=6 queue=pcq-download-default
add limit-at=256k max-limit=3M name=WAN1-Down-Resto packet-mark=\
    paq-Resto-WAN1-Down parent=WAN1-Down queue=pcq-download-default
add max-limit=384k name=WAN1-Up parent=ether1-WAN1-Cantv queue=\
    pcq-upload-default
add limit-at=45k max-limit=128k name=WAN1-Up-ICMP packet-mark=\
    paq-ICMP-WAN1-Up parent=WAN1-Up priority=1 queue=pcq-upload-default
add limit-at=45k max-limit=128k name=WAN1-Up-DNS packet-mark=paq-DNS-WAN1-Up \
    parent=WAN1-Up priority=2 queue=pcq-upload-default
add limit-at=45k max-limit=384k name=WAN1-Up-Gaming packet-mark=\
    paq-Gaming-WAN1-Up parent=WAN1-Up priority=3 queue=pcq-upload-default
add limit-at=45k max-limit=384k name=WAN1-Up-Web+Correo packet-mark=\
    paq-Web+Correo-WAN1-Up parent=WAN1-Up priority=4 queue=pcq-upload-default
add limit-at=45k max-limit=320k name=WAN1-Up-Videos packet-mark=\
    paq-Videos-WAN1-Up parent=WAN1-Up priority=5 queue=pcq-upload-default
add limit-at=45k max-limit=320k name=WAN1-Up-RRSS packet-mark=\
    paq-RRSS-WAN1-Up parent=WAN1-Up priority=6 queue=pcq-upload-default
add limit-at=45k max-limit=256k name=WAN1-Up-Resto packet-mark=\
    paq-Resto-WAN1-Up parent=WAN1-Up queue=pcq-upload-default
add max-limit=8M name=WAN2-Down parent=bridge-LAN-SW queue=\
    pcq-download-default
add limit-at=64k max-limit=128k name=WAN2-Down-ICMP packet-mark=\
    paq-ICMP-WAN2-Down parent=WAN2-Down priority=1 queue=pcq-download-default
add limit-at=64k max-limit=128k name=WAN2-Down-DNS packet-mark=\
    paq-DNS-WAN2-Down parent=WAN2-Down priority=2 queue=pcq-download-default
add limit-at=1M max-limit=8M name=WAN2-Down-Gaming packet-mark=\
    paq-Gaming-WAN2-Down parent=WAN2-Down priority=3 queue=\
    pcq-download-default
add limit-at=1M max-limit=8M name=WAN2-Down-Web+Correo packet-mark=\
    paq-Web+Correo-WAN2-Down parent=WAN2-Down priority=4 queue=\
    pcq-download-default
add limit-at=768k max-limit=8M name=WAN2-Down-Videos packet-mark=\
    paq-Videos-WAN2-Down parent=WAN2-Down priority=5 queue=\
    pcq-download-default
add limit-at=768k max-limit=8M name=WAN2-Down-RRSS packet-mark=\
    paq-RRSS-WAN2-Down parent=WAN2-Down priority=6 queue=pcq-download-default
add limit-at=384k max-limit=8M name=WAN2-Down-Resto packet-mark=\
    paq-Resto-WAN2-Down parent=WAN2-Down queue=pcq-download-default
add max-limit=950k name=WAN2-Up parent=ether2-WAN2-NetUno queue=\
    pcq-upload-default
add limit-at=64k max-limit=128k name=WAN2-Up-ICMP packet-mark=\
    paq-ICMP-WAN2-Up parent=WAN2-Up priority=1 queue=pcq-upload-default
add limit-at=64k max-limit=128k name=WAN2-Up-DNS packet-mark=paq-DNS-WAN2-Up \
    parent=WAN2-Up priority=2 queue=pcq-upload-default
add limit-at=128k max-limit=768k name=WAN2-Up-Gaming packet-mark=\
    paq-Gaming-WAN2-Up parent=WAN2-Up priority=4 queue=pcq-upload-default
add limit-at=128k max-limit=950k name=WAN2-Up-Web+Correo packet-mark=\
    paq-Web+Correo-WAN2-Up parent=WAN2-Up priority=4 queue=pcq-upload-default
add limit-at=128k max-limit=768k name=WAN2-Up-Videos packet-mark=\
    paq-Videos-WAN2-Up parent=WAN2-Up priority=5 queue=pcq-upload-default
add limit-at=128k max-limit=768k name=WAN2-Up-RRSS packet-mark=\
    paq-RRSS-WAN2-Up parent=WAN2-Up priority=6 queue=pcq-upload-default
add limit-at=128k max-limit=640k name=WAN2-Up-Resto packet-mark=\
    paq-Resto-WAN2-Up parent=WAN2-Up queue=pcq-upload-default
/dude
set data-directory=disk1/dude-data enabled=yes
/interface bridge port
add auto-isolate=yes bridge=bridge-LAN-SW comment=defconf horizon=1 \
    interface=ether3-LAN
add auto-isolate=yes bridge=bridge-LAN-SW comment=defconf horizon=1 \
    interface=ether4-LAN
add bridge=bridge-LAN-SW interface=ether5-LAN
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge-LAN-SW list=LAN
add comment=defconf interface=ether1-WAN1-Cantv list=WAN
add interface=ether2-WAN2-NetUno list=WAN
/ip address
add address=192.168.5.10/24 interface=bridge-LAN-SW network=192.168.5.0
add address=172.16.69.1/24 interface=VLAN69-IoT network=172.16.69.0
add address=10.55.5.1/24 interface=VLAN555-CCTV network=10.55.5.0
add address=10.13.37.1/24 interface=VLAN1337-Guest network=10.13.37.0
add address=192.168.1.2/30 interface=ether1-WAN1-Cantv network=192.168.1.0
add address=192.168.15.2/24 interface=ether2-WAN2-NetUno network=192.168.15.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-client
add disabled=no interface=ether1-WAN1-Cantv script="{\r\
    \n  :local count [/ip route print count-only where comment=\"Check1-WAN1\"\
    ]\r\
    \n  :if (\$bound=1) do={\r\
    \n    :if (\$count = 0) do={\r\
    \n      /ip route add distance=1 check-gateway=ping dst-address=1.1.1.1/32\
    \_gateway=\$\"gateway-address\" scope=10 comment=\"Check1-WAN1\"\r\
    \n    } else={\r\
    \n      :if (\$count = 1) do={\r\
    \n        :local test [/ip route find where comment=\"Check1-WAN1\"]\r\
    \n        :if ([/ip route get \$test gateway] != \$\"gateway-address\") do\
    ={\r\
    \n          /ip route set \$test gateway=\$\"gateway-address\"\r\
    \n        }\r\
    \n      } else={\r\
    \n        :error \"Multiple routes found\"\r\
    \n      }\r\
    \n    }\r\
    \n  } else={\r\
    \n    /ip route remove [find comment=\"Check1-WAN1\"]\r\
    \n  }\r\
    \n}\r\
    \n{\r\
    \n  :local count [/ip route print count-only where comment=\"Check2-WAN1\"\
    ]\r\
    \n  :if (\$bound=1) do={\r\
    \n    :if (\$count = 0) do={\r\
    \n      /ip route add distance=1 check-gateway=ping dst-address=8.8.8.8/32\
    \_gateway=\$\"gateway-address\" scope=10 comment=\"Check2-WAN1\"\r\
    \n    } else={\r\
    \n      :if (\$count = 1) do={\r\
    \n        :local test [/ip route find where comment=\"Check2-WAN1\"]\r\
    \n        :if ([/ip route get \$test gateway] != \$\"gateway-address\") do\
    ={\r\
    \n          /ip route set \$test gateway=\$\"gateway-address\"\r\
    \n        }\r\
    \n      } else={\r\
    \n        :error \"Multiple routes found\"\r\
    \n      }\r\
    \n    }\r\
    \n  } else={\r\
    \n    /ip route remove [find comment=\"Check2-WAN\"]\r\
    \n  }\r\
    \n}" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.5.6 mac-address=08:00:27:87:DA:10
add address=192.168.5.14 mac-address=EC:AD:E0:53:4E:3F
add address=192.168.5.101 lease-time=10m mac-address=00:25:22:CE:AE:F3
add address=192.168.5.102 mac-address=00:1F:D0:A4:19:5A
add address=192.168.5.103 mac-address=00:1F:D0:A4:19:6A
add address=192.168.5.107 mac-address=E8:D0:FC:9B:5A:7F
add address=192.168.5.110 mac-address=BC:8C:CD:9D:DF:9B
add address=192.168.5.111 mac-address=14:30:C6:E6:29:83
add address=192.168.5.112 mac-address=A4:45:19:94:2D:BA
add address=192.168.5.20 mac-address=00:26:55:E7:96:E9
add address=192.168.5.21 mac-address=7E:C8:F7:F8:E6:A3
add address=192.168.5.109 mac-address=50:56:BF:C5:37:64
add address=192.168.5.100 client-id=1:8:0:27:65:58:cd mac-address=\
    08:00:27:65:58:CD server=defconf
add address=10.13.37.2 client-id=1:8:97:98:73:1e:68 mac-address=\
    08:97:98:73:1E:68 server=dhcp3
add address=192.168.5.108 client-id=1:8:97:98:73:1e:68 mac-address=\
    08:97:98:73:1E:68 server=defconf
add address=172.16.69.2 client-id=1:8:97:98:73:1e:68 mac-address=\
    08:97:98:73:1E:68 server=dhcp1
add address=10.55.5.2 client-id=1:8:97:98:73:1e:68 mac-address=\
    08:97:98:73:1E:68 server=dhcp2
/ip dhcp-server network
add address=10.13.37.0/24 dns-server=8.8.4.4,208.67.222.222 gateway=\
    10.13.37.1
add address=10.55.5.0/24 dns-server=8.8.4.4,208.67.222.222 gateway=10.55.5.1
add address=172.16.69.0/24 dns-server=8.8.4.4,208.67.222.222 gateway=\
    172.16.69.1
add address=192.168.5.0/24 comment=defconf dns-server=192.168.5.10 gateway=\
    192.168.5.10 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=www.youtube.com list=Videos
add address=m.youtube.com list=Videos
add address=www.vimeo.com list=Videos
add address=www.facebook.com list=RRSS
add address=m.facebook.com list=RRSS
add address=www.twitter.com list=RRSS
add address=mobile.twitter.com list=RRSS
add address=www.instagram.com list=RRSS
add address=web.whatsapp.com list=RRSS
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
add address=192.168.5.0/24 list=allowed_to_router
add address=192.168.5.0/24 list=LAN
add address=192.168.15.11 list=DD-WRT
add address=192.168.15.13 list=DD-WRT
add address=10.13.37.2-10.13.37.127 list=Sale_por_ISP1
add address=10.55.5.2-10.55.5.127 list=Sale_por_ISP1
add address=172.16.69.2-172.16.69.127 list=Sale_por_ISP1
add address=10.13.37.128-10.13.37.254 list=Sale_por_ISP2
add address=10.55.5.128-10.55.5.254 list=Sale_por_ISP2
add address=172.16.69.128-172.16.69.254 list=Sale_por_ISP2
add address=10.55.5.2-10.55.5.254 list=VLAN555-CCTV
add address=10.13.37.2-10.13.37.254 list=VLAN1337-Guest
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=\
    not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=www.whatsapp.com list=RRSS
add address=1.10.16.0/20 comment=SpamHaus list=blacklist
add address=1.19.0.0/16 comment=SpamHaus list=blacklist
add address=1.32.128.0/18 comment=SpamHaus list=blacklist
add address=2.56.192.0/22 comment=SpamHaus list=blacklist
add address=2.58.176.0/23 comment=SpamHaus list=blacklist
add address=2.58.178.0/23 comment=SpamHaus list=blacklist
add address=2.59.200.0/22 comment=SpamHaus list=blacklist
add address=5.134.128.0/19 comment=SpamHaus list=blacklist
add address=5.180.4.0/22 comment=SpamHaus list=blacklist
add address=5.183.60.0/22 comment=SpamHaus list=blacklist
add address=5.188.10.0/23 comment=SpamHaus list=blacklist
add address=24.137.16.0/20 comment=SpamHaus list=blacklist
add address=24.170.208.0/20 comment=SpamHaus list=blacklist
add address=24.233.0.0/19 comment=SpamHaus list=blacklist
add address=24.236.0.0/19 comment=SpamHaus list=blacklist
add address=27.126.160.0/20 comment=SpamHaus list=blacklist
add address=27.146.0.0/16 comment=SpamHaus list=blacklist
add address=31.14.65.0/24 comment=SpamHaus list=blacklist
add address=31.14.66.0/23 comment=SpamHaus list=blacklist
add address=31.40.156.0/22 comment=SpamHaus list=blacklist
add address=36.0.8.0/21 comment=SpamHaus list=blacklist
add address=36.37.48.0/20 comment=SpamHaus list=blacklist
add address=36.116.0.0/16 comment=SpamHaus list=blacklist
add address=36.119.0.0/16 comment=SpamHaus list=blacklist
add address=37.156.64.0/23 comment=SpamHaus list=blacklist
add address=37.156.173.0/24 comment=SpamHaus list=blacklist
add address=37.252.220.0/22 comment=SpamHaus list=blacklist
add address=41.72.0.0/18 comment=SpamHaus list=blacklist
add address=41.77.240.0/21 comment=SpamHaus list=blacklist
add address=41.93.128.0/17 comment=SpamHaus list=blacklist
add address=42.0.32.0/19 comment=SpamHaus list=blacklist
add address=42.1.128.0/17 comment=SpamHaus list=blacklist
add address=42.96.0.0/18 comment=SpamHaus list=blacklist
add address=42.128.0.0/12 comment=SpamHaus list=blacklist
add address=42.160.0.0/12 comment=SpamHaus list=blacklist
add address=42.208.0.0/12 comment=SpamHaus list=blacklist
add address=43.229.52.0/22 comment=SpamHaus list=blacklist
add address=43.236.0.0/16 comment=SpamHaus list=blacklist
add address=43.250.116.0/22 comment=SpamHaus list=blacklist
add address=43.252.80.0/22 comment=SpamHaus list=blacklist
add address=45.4.128.0/22 comment=SpamHaus list=blacklist
add address=45.4.136.0/22 comment=SpamHaus list=blacklist
add address=45.6.48.0/22 comment=SpamHaus list=blacklist
add address=45.9.148.0/22 comment=SpamHaus list=blacklist
add address=45.11.184.0/22 comment=SpamHaus list=blacklist
add address=45.11.188.0/22 comment=SpamHaus list=blacklist
add address=45.41.0.0/18 comment=SpamHaus list=blacklist
add address=45.41.192.0/18 comment=SpamHaus list=blacklist
add address=45.59.128.0/18 comment=SpamHaus list=blacklist
add address=45.65.32.0/22 comment=SpamHaus list=blacklist
add address=45.65.112.0/22 comment=SpamHaus list=blacklist
add address=45.65.120.0/22 comment=SpamHaus list=blacklist
add address=45.65.188.0/22 comment=SpamHaus list=blacklist
add address=45.80.28.0/22 comment=SpamHaus list=blacklist
add address=45.80.248.0/23 comment=SpamHaus list=blacklist
add address=45.80.250.0/23 comment=SpamHaus list=blacklist
add address=45.86.20.0/22 comment=SpamHaus list=blacklist
add address=45.95.40.0/22 comment=SpamHaus list=blacklist
add address=45.114.240.0/22 comment=SpamHaus list=blacklist
add address=45.117.232.0/22 comment=SpamHaus list=blacklist
add address=45.119.40.0/22 comment=SpamHaus list=blacklist
add address=45.121.204.0/22 comment=SpamHaus list=blacklist
add address=45.130.100.0/22 comment=SpamHaus list=blacklist
add address=45.159.56.0/22 comment=SpamHaus list=blacklist
add address=45.220.64.0/18 comment=SpamHaus list=blacklist
add address=46.102.177.0/24 comment=SpamHaus list=blacklist
add address=46.102.178.0/23 comment=SpamHaus list=blacklist
add address=46.102.180.0/24 comment=SpamHaus list=blacklist
add address=46.102.182.0/23 comment=SpamHaus list=blacklist
add address=46.102.190.0/24 comment=SpamHaus list=blacklist
add address=46.174.204.0/22 comment=SpamHaus list=blacklist
add address=46.232.192.0/21 comment=SpamHaus list=blacklist
add address=49.156.160.0/19 comment=SpamHaus list=blacklist
add address=49.238.64.0/18 comment=SpamHaus list=blacklist
add address=58.14.0.0/15 comment=SpamHaus list=blacklist
add address=58.145.176.0/21 comment=SpamHaus list=blacklist
add address=59.153.60.0/22 comment=SpamHaus list=blacklist
add address=60.233.0.0/16 comment=SpamHaus list=blacklist
add address=61.11.224.0/19 comment=SpamHaus list=blacklist
add address=61.45.251.0/24 comment=SpamHaus list=blacklist
add address=64.92.224.0/20 comment=SpamHaus list=blacklist
add address=64.250.144.0/20 comment=SpamHaus list=blacklist
add address=65.97.48.0/20 comment=SpamHaus list=blacklist
add address=67.213.112.0/20 comment=SpamHaus list=blacklist
add address=68.66.48.0/20 comment=SpamHaus list=blacklist
add address=69.8.64.0/20 comment=SpamHaus list=blacklist
add address=69.8.96.0/20 comment=SpamHaus list=blacklist
add address=72.1.224.0/20 comment=SpamHaus list=blacklist
add address=74.114.148.0/22 comment=SpamHaus list=blacklist
add address=76.191.0.0/20 comment=SpamHaus list=blacklist
add address=77.36.62.0/24 comment=SpamHaus list=blacklist
add address=77.81.84.0/23 comment=SpamHaus list=blacklist
add address=77.81.86.0/24 comment=SpamHaus list=blacklist
add address=77.81.89.0/24 comment=SpamHaus list=blacklist
add address=77.81.90.0/23 comment=SpamHaus list=blacklist
add address=83.175.0.0/18 comment=SpamHaus list=blacklist
add address=84.238.160.0/22 comment=SpamHaus list=blacklist
add address=85.121.39.0/24 comment=SpamHaus list=blacklist
add address=85.153.44.0/22 comment=SpamHaus list=blacklist
add address=85.209.4.0/22 comment=SpamHaus list=blacklist
add address=86.55.40.0/23 comment=SpamHaus list=blacklist
add address=86.55.42.0/23 comment=SpamHaus list=blacklist
add address=86.62.28.0/22 comment=SpamHaus list=blacklist
add address=86.104.0.0/23 comment=SpamHaus list=blacklist
add address=86.104.2.0/24 comment=SpamHaus list=blacklist
add address=86.104.212.0/23 comment=SpamHaus list=blacklist
add address=86.104.222.0/23 comment=SpamHaus list=blacklist
add address=86.104.224.0/23 comment=SpamHaus list=blacklist
add address=86.105.2.0/24 comment=SpamHaus list=blacklist
add address=86.105.6.0/24 comment=SpamHaus list=blacklist
add address=86.105.176.0/24 comment=SpamHaus list=blacklist
add address=86.105.178.0/24 comment=SpamHaus list=blacklist
add address=86.105.184.0/23 comment=SpamHaus list=blacklist
add address=86.105.186.0/24 comment=SpamHaus list=blacklist
add address=86.105.229.0/24 comment=SpamHaus list=blacklist
add address=86.105.230.0/24 comment=SpamHaus list=blacklist
add address=86.105.242.0/23 comment=SpamHaus list=blacklist
add address=86.106.10.0/24 comment=SpamHaus list=blacklist
add address=86.106.13.0/24 comment=SpamHaus list=blacklist
add address=86.106.14.0/23 comment=SpamHaus list=blacklist
add address=86.106.94.0/23 comment=SpamHaus list=blacklist
add address=86.106.105.0/24 comment=SpamHaus list=blacklist
add address=86.106.106.0/23 comment=SpamHaus list=blacklist
add address=86.106.109.0/24 comment=SpamHaus list=blacklist
add address=86.106.110.0/23 comment=SpamHaus list=blacklist
add address=86.106.114.0/23 comment=SpamHaus list=blacklist
add address=86.106.116.0/23 comment=SpamHaus list=blacklist
add address=86.106.118.0/24 comment=SpamHaus list=blacklist
add address=86.106.138.0/23 comment=SpamHaus list=blacklist
add address=86.106.140.0/23 comment=SpamHaus list=blacklist
add address=86.106.174.0/23 comment=SpamHaus list=blacklist
add address=86.107.72.0/24 comment=SpamHaus list=blacklist
add address=86.107.193.0/24 comment=SpamHaus list=blacklist
add address=86.107.194.0/23 comment=SpamHaus list=blacklist
add address=88.218.40.0/22 comment=SpamHaus list=blacklist
add address=88.218.148.0/22 comment=SpamHaus list=blacklist
add address=89.32.43.0/24 comment=SpamHaus list=blacklist
add address=89.32.170.0/24 comment=SpamHaus list=blacklist
add address=89.32.202.0/24 comment=SpamHaus list=blacklist
add address=89.33.46.0/23 comment=SpamHaus list=blacklist
add address=89.33.116.0/24 comment=SpamHaus list=blacklist
add address=89.33.134.0/24 comment=SpamHaus list=blacklist
add address=89.33.198.0/23 comment=SpamHaus list=blacklist
add address=89.33.200.0/23 comment=SpamHaus list=blacklist
add address=89.33.206.0/24 comment=SpamHaus list=blacklist
add address=89.33.250.0/23 comment=SpamHaus list=blacklist
add address=89.33.254.0/23 comment=SpamHaus list=blacklist
add address=89.34.0.0/24 comment=SpamHaus list=blacklist
add address=89.34.4.0/24 comment=SpamHaus list=blacklist
add address=89.34.74.0/24 comment=SpamHaus list=blacklist
add address=89.34.102.0/24 comment=SpamHaus list=blacklist
add address=89.34.104.0/23 comment=SpamHaus list=blacklist
add address=89.35.54.0/24 comment=SpamHaus list=blacklist
add address=89.35.89.0/24 comment=SpamHaus list=blacklist
add address=89.35.90.0/24 comment=SpamHaus list=blacklist
add address=89.36.38.0/23 comment=SpamHaus list=blacklist
add address=89.36.136.0/24 comment=SpamHaus list=blacklist
add address=89.36.138.0/23 comment=SpamHaus list=blacklist
add address=89.36.141.0/24 comment=SpamHaus list=blacklist
add address=89.37.92.0/23 comment=SpamHaus list=blacklist
add address=89.37.94.0/24 comment=SpamHaus list=blacklist
add address=89.37.96.0/24 comment=SpamHaus list=blacklist
add address=89.37.129.0/24 comment=SpamHaus list=blacklist
add address=89.37.130.0/23 comment=SpamHaus list=blacklist
add address=89.37.132.0/23 comment=SpamHaus list=blacklist
add address=89.37.134.0/24 comment=SpamHaus list=blacklist
add address=89.38.240.0/24 comment=SpamHaus list=blacklist
add address=89.39.69.0/24 comment=SpamHaus list=blacklist
add address=89.39.212.0/24 comment=SpamHaus list=blacklist
add address=89.39.215.0/24 comment=SpamHaus list=blacklist
add address=89.39.241.0/24 comment=SpamHaus list=blacklist
add address=89.40.138.0/24 comment=SpamHaus list=blacklist
add address=89.40.140.0/23 comment=SpamHaus list=blacklist
add address=89.40.207.0/24 comment=SpamHaus list=blacklist
add address=89.40.209.0/24 comment=SpamHaus list=blacklist
add address=89.41.27.0/24 comment=SpamHaus list=blacklist
add address=89.41.28.0/23 comment=SpamHaus list=blacklist
add address=89.41.49.0/24 comment=SpamHaus list=blacklist
add address=89.41.50.0/23 comment=SpamHaus list=blacklist
add address=89.41.189.0/24 comment=SpamHaus list=blacklist
add address=89.41.190.0/23 comment=SpamHaus list=blacklist
add address=89.42.10.0/24 comment=SpamHaus list=blacklist
add address=89.42.152.0/23 comment=SpamHaus list=blacklist
add address=89.42.154.0/24 comment=SpamHaus list=blacklist
add address=89.45.82.0/24 comment=SpamHaus list=blacklist
add address=89.46.47.0/24 comment=SpamHaus list=blacklist
add address=91.132.164.0/22 comment=SpamHaus list=blacklist
add address=91.197.196.0/22 comment=SpamHaus list=blacklist
add address=91.200.12.0/22 comment=SpamHaus list=blacklist
add address=91.200.133.0/24 comment=SpamHaus list=blacklist
add address=91.200.248.0/22 comment=SpamHaus list=blacklist
add address=91.218.236.0/22 comment=SpamHaus list=blacklist
add address=91.220.163.0/24 comment=SpamHaus list=blacklist
add address=91.229.52.0/22 comment=SpamHaus list=blacklist
add address=91.232.18.0/24 comment=SpamHaus list=blacklist
add address=91.234.99.0/24 comment=SpamHaus list=blacklist
add address=91.235.130.0/23 comment=SpamHaus list=blacklist
add address=91.241.19.0/24 comment=SpamHaus list=blacklist
add address=91.246.176.0/21 comment=SpamHaus list=blacklist
add address=91.246.200.0/24 comment=SpamHaus list=blacklist
add address=93.114.51.0/24 comment=SpamHaus list=blacklist
add address=93.114.52.0/23 comment=SpamHaus list=blacklist
add address=93.114.54.0/24 comment=SpamHaus list=blacklist
add address=93.114.58.0/23 comment=SpamHaus list=blacklist
add address=93.115.59.0/24 comment=SpamHaus list=blacklist
add address=93.119.118.0/23 comment=SpamHaus list=blacklist
add address=93.119.120.0/23 comment=SpamHaus list=blacklist
add address=93.119.124.0/23 comment=SpamHaus list=blacklist
add address=93.120.34.0/24 comment=SpamHaus list=blacklist
add address=93.120.46.0/24 comment=SpamHaus list=blacklist
add address=94.131.228.0/22 comment=SpamHaus list=blacklist
add address=96.45.144.0/20 comment=SpamHaus list=blacklist
add address=101.42.0.0/16 comment=SpamHaus list=blacklist
add address=101.134.0.0/15 comment=SpamHaus list=blacklist
add address=101.192.0.0/14 comment=SpamHaus list=blacklist
add address=101.203.128.0/19 comment=SpamHaus list=blacklist
add address=101.248.0.0/15 comment=SpamHaus list=blacklist
add address=102.196.96.0/19 comment=SpamHaus list=blacklist
add address=102.211.224.0/19 comment=SpamHaus list=blacklist
add address=102.212.224.0/19 comment=SpamHaus list=blacklist
add address=102.228.0.0/16 comment=SpamHaus list=blacklist
add address=102.232.0.0/16 comment=SpamHaus list=blacklist
add address=102.240.0.0/16 comment=SpamHaus list=blacklist
add address=103.14.208.0/22 comment=SpamHaus list=blacklist
add address=103.16.76.0/24 comment=SpamHaus list=blacklist
add address=103.23.8.0/22 comment=SpamHaus list=blacklist
add address=103.23.124.0/22 comment=SpamHaus list=blacklist
add address=103.30.12.0/22 comment=SpamHaus list=blacklist
add address=103.32.0.0/16 comment=SpamHaus list=blacklist
add address=103.32.132.0/22 comment=SpamHaus list=blacklist
add address=103.34.0.0/16 comment=SpamHaus list=blacklist
add address=103.36.64.0/22 comment=SpamHaus list=blacklist
add address=103.59.92.0/22 comment=SpamHaus list=blacklist
add address=103.73.172.0/22 comment=SpamHaus list=blacklist
add address=103.75.36.0/22 comment=SpamHaus list=blacklist
add address=103.76.96.0/22 comment=SpamHaus list=blacklist
add address=103.76.128.0/22 comment=SpamHaus list=blacklist
add address=103.77.32.0/22 comment=SpamHaus list=blacklist
add address=103.99.0.0/22 comment=SpamHaus list=blacklist
add address=103.100.168.0/22 comment=SpamHaus list=blacklist
add address=103.134.144.0/23 comment=SpamHaus list=blacklist
add address=103.135.144.0/24 comment=SpamHaus list=blacklist
add address=103.167.224.0/19 comment=SpamHaus list=blacklist
add address=103.171.224.0/19 comment=SpamHaus list=blacklist
add address=103.174.224.0/19 comment=SpamHaus list=blacklist
add address=103.180.224.0/19 comment=SpamHaus list=blacklist
add address=103.189.224.0/19 comment=SpamHaus list=blacklist
add address=103.197.240.0/22 comment=SpamHaus list=blacklist
add address=103.199.88.0/22 comment=SpamHaus list=blacklist
add address=103.210.244.0/22 comment=SpamHaus list=blacklist
add address=103.215.80.0/22 comment=SpamHaus list=blacklist
add address=103.225.72.0/22 comment=SpamHaus list=blacklist
add address=103.225.128.0/22 comment=SpamHaus list=blacklist
add address=103.226.192.0/22 comment=SpamHaus list=blacklist
add address=103.228.60.0/22 comment=SpamHaus list=blacklist
add address=103.229.36.0/22 comment=SpamHaus list=blacklist
add address=103.230.144.0/22 comment=SpamHaus list=blacklist
add address=103.232.136.0/22 comment=SpamHaus list=blacklist
add address=103.232.172.0/22 comment=SpamHaus list=blacklist
add address=103.236.32.0/22 comment=SpamHaus list=blacklist
add address=103.239.28.0/22 comment=SpamHaus list=blacklist
add address=103.239.56.0/22 comment=SpamHaus list=blacklist
add address=103.243.8.0/22 comment=SpamHaus list=blacklist
add address=104.143.16.0/20 comment=SpamHaus list=blacklist
add address=104.153.244.0/22 comment=SpamHaus list=blacklist
add address=104.166.96.0/19 comment=SpamHaus list=blacklist
add address=104.207.64.0/19 comment=SpamHaus list=blacklist
add address=104.233.0.0/18 comment=SpamHaus list=blacklist
add address=104.243.192.0/20 comment=SpamHaus list=blacklist
add address=104.247.96.0/19 comment=SpamHaus list=blacklist
add address=104.250.192.0/19 comment=SpamHaus list=blacklist
add address=104.250.224.0/19 comment=SpamHaus list=blacklist
add address=106.95.0.0/16 comment=SpamHaus list=blacklist
add address=107.182.112.0/20 comment=SpamHaus list=blacklist
add address=107.182.240.0/20 comment=SpamHaus list=blacklist
add address=107.190.160.0/20 comment=SpamHaus list=blacklist
add address=110.41.0.0/16 comment=SpamHaus list=blacklist
add address=111.223.192.0/19 comment=SpamHaus list=blacklist
add address=113.212.128.0/19 comment=SpamHaus list=blacklist
add address=116.144.0.0/15 comment=SpamHaus list=blacklist
add address=116.146.0.0/15 comment=SpamHaus list=blacklist
add address=117.58.0.0/17 comment=SpamHaus list=blacklist
add address=119.58.0.0/16 comment=SpamHaus list=blacklist
add address=119.232.0.0/16 comment=SpamHaus list=blacklist
add address=120.48.0.0/15 comment=SpamHaus list=blacklist
add address=122.8.0.0/16 comment=SpamHaus list=blacklist
add address=122.129.0.0/18 comment=SpamHaus list=blacklist
add address=123.136.80.0/20 comment=SpamHaus list=blacklist
add address=124.20.0.0/16 comment=SpamHaus list=blacklist
add address=124.68.0.0/15 comment=SpamHaus list=blacklist
add address=124.157.0.0/18 comment=SpamHaus list=blacklist
add address=124.242.0.0/16 comment=SpamHaus list=blacklist
add address=125.31.192.0/18 comment=SpamHaus list=blacklist
add address=125.58.0.0/18 comment=SpamHaus list=blacklist
add address=125.169.0.0/16 comment=SpamHaus list=blacklist
add address=128.24.0.0/16 comment=SpamHaus list=blacklist
add address=128.85.0.0/16 comment=SpamHaus list=blacklist
add address=130.21.0.0/16 comment=SpamHaus list=blacklist
add address=130.148.0.0/16 comment=SpamHaus list=blacklist
add address=130.196.0.0/16 comment=SpamHaus list=blacklist
add address=130.222.0.0/16 comment=SpamHaus list=blacklist
add address=131.108.16.0/22 comment=SpamHaus list=blacklist
add address=131.143.0.0/16 comment=SpamHaus list=blacklist
add address=131.200.0.0/16 comment=SpamHaus list=blacklist
add address=132.255.132.0/22 comment=SpamHaus list=blacklist
add address=134.18.0.0/16 comment=SpamHaus list=blacklist
add address=134.22.0.0/16 comment=SpamHaus list=blacklist
add address=134.23.0.0/16 comment=SpamHaus list=blacklist
add address=134.33.0.0/16 comment=SpamHaus list=blacklist
add address=134.127.0.0/16 comment=SpamHaus list=blacklist
add address=134.172.0.0/16 comment=SpamHaus list=blacklist
add address=137.19.0.0/16 comment=SpamHaus list=blacklist
add address=137.31.0.0/16 comment=SpamHaus list=blacklist
add address=137.33.0.0/16 comment=SpamHaus list=blacklist
add address=137.55.0.0/16 comment=SpamHaus list=blacklist
add address=137.72.0.0/16 comment=SpamHaus list=blacklist
add address=137.76.0.0/16 comment=SpamHaus list=blacklist
add address=137.105.0.0/16 comment=SpamHaus list=blacklist
add address=137.114.0.0/16 comment=SpamHaus list=blacklist
add address=137.218.0.0/16 comment=SpamHaus list=blacklist
add address=138.31.0.0/16 comment=SpamHaus list=blacklist
add address=138.36.92.0/22 comment=SpamHaus list=blacklist
add address=138.36.136.0/22 comment=SpamHaus list=blacklist
add address=138.52.0.0/16 comment=SpamHaus list=blacklist
add address=138.59.4.0/22 comment=SpamHaus list=blacklist
add address=138.59.204.0/22 comment=SpamHaus list=blacklist
add address=138.94.144.0/22 comment=SpamHaus list=blacklist
add address=138.94.216.0/22 comment=SpamHaus list=blacklist
add address=138.97.156.0/22 comment=SpamHaus list=blacklist
add address=138.122.192.0/22 comment=SpamHaus list=blacklist
add address=138.125.0.0/16 comment=SpamHaus list=blacklist
add address=138.185.116.0/22 comment=SpamHaus list=blacklist
add address=138.186.208.0/22 comment=SpamHaus list=blacklist
add address=138.216.0.0/16 comment=SpamHaus list=blacklist
add address=138.219.172.0/22 comment=SpamHaus list=blacklist
add address=138.249.0.0/16 comment=SpamHaus list=blacklist
add address=139.44.0.0/16 comment=SpamHaus list=blacklist
add address=139.81.0.0/16 comment=SpamHaus list=blacklist
add address=139.188.0.0/16 comment=SpamHaus list=blacklist
add address=140.82.64.0/19 comment=SpamHaus list=blacklist
add address=140.82.96.0/20 comment=SpamHaus list=blacklist
add address=140.167.0.0/16 comment=SpamHaus list=blacklist
add address=141.98.68.0/23 comment=SpamHaus list=blacklist
add address=141.98.70.0/23 comment=SpamHaus list=blacklist
add address=141.178.0.0/16 comment=SpamHaus list=blacklist
add address=141.206.128.0/20 comment=SpamHaus list=blacklist
add address=141.253.0.0/16 comment=SpamHaus list=blacklist
add address=142.102.0.0/16 comment=SpamHaus list=blacklist
add address=143.0.236.0/22 comment=SpamHaus list=blacklist
add address=143.49.0.0/16 comment=SpamHaus list=blacklist
add address=143.135.0.0/16 comment=SpamHaus list=blacklist
add address=143.136.0.0/16 comment=SpamHaus list=blacklist
add address=143.253.0.0/16 comment=SpamHaus list=blacklist
add address=145.231.0.0/16 comment=SpamHaus list=blacklist
add address=146.3.0.0/16 comment=SpamHaus list=blacklist
add address=146.51.0.0/16 comment=SpamHaus list=blacklist
add address=146.106.0.0/16 comment=SpamHaus list=blacklist
add address=146.183.0.0/16 comment=SpamHaus list=blacklist
add address=146.202.0.0/16 comment=SpamHaus list=blacklist
add address=146.252.0.0/16 comment=SpamHaus list=blacklist
add address=147.7.0.0/16 comment=SpamHaus list=blacklist
add address=147.16.0.0/14 comment=SpamHaus list=blacklist
add address=147.78.224.0/22 comment=SpamHaus list=blacklist
add address=147.119.0.0/16 comment=SpamHaus list=blacklist
add address=148.148.0.0/16 comment=SpamHaus list=blacklist
add address=148.154.0.0/16 comment=SpamHaus list=blacklist
add address=148.178.0.0/16 comment=SpamHaus list=blacklist
add address=148.185.0.0/16 comment=SpamHaus list=blacklist
add address=148.248.0.0/16 comment=SpamHaus list=blacklist
add address=149.118.0.0/16 comment=SpamHaus list=blacklist
add address=149.207.0.0/16 comment=SpamHaus list=blacklist
add address=150.10.0.0/16 comment=SpamHaus list=blacklist
add address=150.22.128.0/17 comment=SpamHaus list=blacklist
add address=150.25.0.0/16 comment=SpamHaus list=blacklist
add address=150.40.0.0/16 comment=SpamHaus list=blacklist
add address=150.121.0.0/16 comment=SpamHaus list=blacklist
add address=150.129.212.0/22 comment=SpamHaus list=blacklist
add address=150.129.228.0/22 comment=SpamHaus list=blacklist
add address=150.141.0.0/16 comment=SpamHaus list=blacklist
add address=150.242.120.0/22 comment=SpamHaus list=blacklist
add address=150.242.144.0/22 comment=SpamHaus list=blacklist
add address=151.212.0.0/16 comment=SpamHaus list=blacklist
add address=152.89.228.0/23 comment=SpamHaus list=blacklist
add address=152.89.230.0/23 comment=SpamHaus list=blacklist
add address=152.109.0.0/16 comment=SpamHaus list=blacklist
add address=152.147.0.0/16 comment=SpamHaus list=blacklist
add address=153.14.0.0/16 comment=SpamHaus list=blacklist
add address=153.52.0.0/14 comment=SpamHaus list=blacklist
add address=153.93.0.0/16 comment=SpamHaus list=blacklist
add address=155.11.0.0/16 comment=SpamHaus list=blacklist
add address=155.40.0.0/16 comment=SpamHaus list=blacklist
add address=155.66.0.0/16 comment=SpamHaus list=blacklist
add address=155.71.0.0/16 comment=SpamHaus list=blacklist
add address=155.73.0.0/16 comment=SpamHaus list=blacklist
add address=155.108.0.0/16 comment=SpamHaus list=blacklist
add address=155.159.0.0/16 comment=SpamHaus list=blacklist
add address=155.235.0.0/16 comment=SpamHaus list=blacklist
add address=155.249.0.0/16 comment=SpamHaus list=blacklist
add address=156.96.0.0/16 comment=SpamHaus list=blacklist
add address=156.229.128.0/22 comment=SpamHaus list=blacklist
add address=156.229.132.0/22 comment=SpamHaus list=blacklist
add address=156.229.160.0/19 comment=SpamHaus list=blacklist
add address=156.229.192.0/18 comment=SpamHaus list=blacklist
add address=156.233.128.0/21 comment=SpamHaus list=blacklist
add address=156.233.160.0/19 comment=SpamHaus list=blacklist
add address=157.115.0.0/16 comment=SpamHaus list=blacklist
add address=157.162.0.0/16 comment=SpamHaus list=blacklist
add address=157.186.0.0/16 comment=SpamHaus list=blacklist
add address=157.195.0.0/16 comment=SpamHaus list=blacklist
add address=158.54.0.0/16 comment=SpamHaus list=blacklist
add address=158.249.0.0/16 comment=SpamHaus list=blacklist
add address=159.80.0.0/16 comment=SpamHaus list=blacklist
add address=159.85.0.0/16 comment=SpamHaus list=blacklist
add address=159.174.0.0/16 comment=SpamHaus list=blacklist
add address=159.219.0.0/16 comment=SpamHaus list=blacklist
add address=159.229.0.0/16 comment=SpamHaus list=blacklist
add address=160.14.0.0/16 comment=SpamHaus list=blacklist
add address=160.21.0.0/16 comment=SpamHaus list=blacklist
add address=160.115.0.0/16 comment=SpamHaus list=blacklist
add address=160.116.0.0/16 comment=SpamHaus list=blacklist
add address=160.117.0.0/16 comment=SpamHaus list=blacklist
add address=160.121.0.0/16 comment=SpamHaus list=blacklist
add address=160.122.0.0/16 comment=SpamHaus list=blacklist
add address=160.180.0.0/16 comment=SpamHaus list=blacklist
add address=160.181.0.0/16 comment=SpamHaus list=blacklist
add address=160.184.0.0/16 comment=SpamHaus list=blacklist
add address=160.188.0.0/16 comment=SpamHaus list=blacklist
add address=160.200.0.0/16 comment=SpamHaus list=blacklist
add address=160.235.0.0/16 comment=SpamHaus list=blacklist
add address=160.240.0.0/16 comment=SpamHaus list=blacklist
add address=160.255.0.0/16 comment=SpamHaus list=blacklist
add address=161.0.0.0/19 comment=SpamHaus list=blacklist
add address=161.0.68.0/22 comment=SpamHaus list=blacklist
add address=161.1.0.0/16 comment=SpamHaus list=blacklist
add address=162.208.124.0/22 comment=SpamHaus list=blacklist
add address=162.212.188.0/22 comment=SpamHaus list=blacklist
add address=162.222.128.0/21 comment=SpamHaus list=blacklist
add address=162.249.20.0/22 comment=SpamHaus list=blacklist
add address=162.251.92.0/22 comment=SpamHaus list=blacklist
add address=163.47.19.0/24 comment=SpamHaus list=blacklist
add address=163.50.0.0/16 comment=SpamHaus list=blacklist
add address=163.53.247.0/24 comment=SpamHaus list=blacklist
add address=163.59.0.0/16 comment=SpamHaus list=blacklist
add address=163.127.224.0/19 comment=SpamHaus list=blacklist
add address=163.128.224.0/19 comment=SpamHaus list=blacklist
add address=163.197.0.0/16 comment=SpamHaus list=blacklist
add address=163.198.0.0/16 comment=SpamHaus list=blacklist
add address=163.216.0.0/19 comment=SpamHaus list=blacklist
add address=163.250.0.0/16 comment=SpamHaus list=blacklist
add address=163.254.0.0/16 comment=SpamHaus list=blacklist
add address=164.6.0.0/16 comment=SpamHaus list=blacklist
add address=164.79.0.0/16 comment=SpamHaus list=blacklist
add address=164.88.0.0/16 comment=SpamHaus list=blacklist
add address=164.137.0.0/16 comment=SpamHaus list=blacklist
add address=164.155.0.0/16 comment=SpamHaus list=blacklist
add address=165.3.0.0/16 comment=SpamHaus list=blacklist
add address=165.25.0.0/16 comment=SpamHaus list=blacklist
add address=165.52.0.0/14 comment=SpamHaus list=blacklist
add address=165.102.0.0/16 comment=SpamHaus list=blacklist
add address=165.205.0.0/16 comment=SpamHaus list=blacklist
add address=165.209.0.0/16 comment=SpamHaus list=blacklist
add address=165.231.0.0/16 comment=SpamHaus list=blacklist
add address=166.93.0.0/16 comment=SpamHaus list=blacklist
add address=166.117.0.0/16 comment=SpamHaus list=blacklist
add address=167.74.0.0/18 comment=SpamHaus list=blacklist
add address=167.82.144.0/20 comment=SpamHaus list=blacklist
add address=167.103.0.0/16 comment=SpamHaus list=blacklist
add address=167.158.0.0/16 comment=SpamHaus list=blacklist
add address=167.160.96.0/19 comment=SpamHaus list=blacklist
add address=167.162.0.0/16 comment=SpamHaus list=blacklist
add address=167.175.0.0/16 comment=SpamHaus list=blacklist
add address=167.224.0.0/19 comment=SpamHaus list=blacklist
add address=167.224.32.0/20 comment=SpamHaus list=blacklist
add address=167.224.48.0/21 comment=SpamHaus list=blacklist
add address=167.249.200.0/22 comment=SpamHaus list=blacklist
add address=168.0.212.0/22 comment=SpamHaus list=blacklist
add address=168.64.0.0/16 comment=SpamHaus list=blacklist
add address=168.76.0.0/16 comment=SpamHaus list=blacklist
add address=168.80.0.0/15 comment=SpamHaus list=blacklist
add address=168.90.96.0/22 comment=SpamHaus list=blacklist
add address=168.129.0.0/16 comment=SpamHaus list=blacklist
add address=168.151.0.0/22 comment=SpamHaus list=blacklist
add address=168.151.4.0/23 comment=SpamHaus list=blacklist
add address=168.151.6.0/24 comment=SpamHaus list=blacklist
add address=168.151.32.0/21 comment=SpamHaus list=blacklist
add address=168.151.43.0/24 comment=SpamHaus list=blacklist
add address=168.151.44.0/22 comment=SpamHaus list=blacklist
add address=168.151.48.0/22 comment=SpamHaus list=blacklist
add address=168.151.52.0/23 comment=SpamHaus list=blacklist
add address=168.151.54.0/24 comment=SpamHaus list=blacklist
add address=168.151.56.0/21 comment=SpamHaus list=blacklist
add address=168.151.64.0/22 comment=SpamHaus list=blacklist
add address=168.151.68.0/23 comment=SpamHaus list=blacklist
add address=168.151.72.0/21 comment=SpamHaus list=blacklist
add address=168.151.80.0/20 comment=SpamHaus list=blacklist
add address=168.151.96.0/19 comment=SpamHaus list=blacklist
add address=168.151.128.0/20 comment=SpamHaus list=blacklist
add address=168.151.145.0/24 comment=SpamHaus list=blacklist
add address=168.151.146.0/23 comment=SpamHaus list=blacklist
add address=168.151.148.0/22 comment=SpamHaus list=blacklist
add address=168.151.152.0/22 comment=SpamHaus list=blacklist
add address=168.151.157.0/24 comment=SpamHaus list=blacklist
add address=168.151.158.0/23 comment=SpamHaus list=blacklist
add address=168.151.160.0/20 comment=SpamHaus list=blacklist
add address=168.151.176.0/21 comment=SpamHaus list=blacklist
add address=168.151.184.0/22 comment=SpamHaus list=blacklist
add address=168.151.192.0/20 comment=SpamHaus list=blacklist
add address=168.151.208.0/21 comment=SpamHaus list=blacklist
add address=168.151.216.0/22 comment=SpamHaus list=blacklist
add address=168.151.220.0/23 comment=SpamHaus list=blacklist
add address=168.151.232.0/21 comment=SpamHaus list=blacklist
add address=168.151.240.0/21 comment=SpamHaus list=blacklist
add address=168.151.248.0/22 comment=SpamHaus list=blacklist
add address=168.151.254.0/24 comment=SpamHaus list=blacklist
add address=168.181.52.0/22 comment=SpamHaus list=blacklist
add address=168.195.76.0/22 comment=SpamHaus list=blacklist
add address=168.196.236.0/22 comment=SpamHaus list=blacklist
add address=168.196.240.0/22 comment=SpamHaus list=blacklist
add address=168.198.0.0/16 comment=SpamHaus list=blacklist
add address=168.205.72.0/22 comment=SpamHaus list=blacklist
add address=168.206.0.0/16 comment=SpamHaus list=blacklist
add address=168.211.0.0/16 comment=SpamHaus list=blacklist
add address=168.227.128.0/22 comment=SpamHaus list=blacklist
add address=168.227.140.0/22 comment=SpamHaus list=blacklist
add address=169.239.152.0/22 comment=SpamHaus list=blacklist
add address=170.67.0.0/16 comment=SpamHaus list=blacklist
add address=170.83.232.0/22 comment=SpamHaus list=blacklist
add address=170.113.0.0/16 comment=SpamHaus list=blacklist
add address=170.120.0.0/16 comment=SpamHaus list=blacklist
add address=170.179.0.0/16 comment=SpamHaus list=blacklist
add address=170.244.40.0/22 comment=SpamHaus list=blacklist
add address=170.244.240.0/22 comment=SpamHaus list=blacklist
add address=170.247.220.0/22 comment=SpamHaus list=blacklist
add address=171.26.0.0/16 comment=SpamHaus list=blacklist
add address=172.98.0.0/18 comment=SpamHaus list=blacklist
add address=174.136.192.0/18 comment=SpamHaus list=blacklist
add address=175.103.64.0/18 comment=SpamHaus list=blacklist
add address=176.56.192.0/19 comment=SpamHaus list=blacklist
add address=176.96.88.0/21 comment=SpamHaus list=blacklist
add address=176.102.120.0/21 comment=SpamHaus list=blacklist
add address=176.103.240.0/21 comment=SpamHaus list=blacklist
add address=176.111.174.0/24 comment=SpamHaus list=blacklist
add address=176.116.232.0/22 comment=SpamHaus list=blacklist
add address=176.121.14.0/24 comment=SpamHaus list=blacklist
add address=176.126.192.0/23 comment=SpamHaus list=blacklist
add address=176.126.194.0/24 comment=SpamHaus list=blacklist
add address=176.223.116.0/23 comment=SpamHaus list=blacklist
add address=176.223.118.0/24 comment=SpamHaus list=blacklist
add address=176.223.160.0/23 comment=SpamHaus list=blacklist
add address=177.234.136.0/21 comment=SpamHaus list=blacklist
add address=178.212.184.0/21 comment=SpamHaus list=blacklist
add address=178.213.176.0/22 comment=SpamHaus list=blacklist
add address=179.63.0.0/17 comment=SpamHaus list=blacklist
add address=180.178.192.0/18 comment=SpamHaus list=blacklist
add address=180.236.0.0/14 comment=SpamHaus list=blacklist
add address=181.177.64.0/18 comment=SpamHaus list=blacklist
add address=185.0.96.0/19 comment=SpamHaus list=blacklist
add address=185.21.8.0/22 comment=SpamHaus list=blacklist
add address=185.30.168.0/22 comment=SpamHaus list=blacklist
add address=185.39.8.0/22 comment=SpamHaus list=blacklist
add address=185.55.4.0/22 comment=SpamHaus list=blacklist
add address=185.55.140.0/22 comment=SpamHaus list=blacklist
add address=185.60.201.0/24 comment=SpamHaus list=blacklist
add address=185.60.202.0/23 comment=SpamHaus list=blacklist
add address=185.63.35.0/24 comment=SpamHaus list=blacklist
add address=185.64.23.0/24 comment=SpamHaus list=blacklist
add address=185.77.248.0/24 comment=SpamHaus list=blacklist
add address=185.80.112.0/22 comment=SpamHaus list=blacklist
add address=185.102.48.0/22 comment=SpamHaus list=blacklist
add address=185.105.56.0/22 comment=SpamHaus list=blacklist
add address=185.110.0.0/22 comment=SpamHaus list=blacklist
add address=185.116.172.0/23 comment=SpamHaus list=blacklist
add address=185.116.175.0/24 comment=SpamHaus list=blacklist
add address=185.120.8.0/22 comment=SpamHaus list=blacklist
add address=185.122.128.0/22 comment=SpamHaus list=blacklist
add address=185.123.248.0/21 comment=SpamHaus list=blacklist
add address=185.124.0.0/22 comment=SpamHaus list=blacklist
add address=185.124.56.0/21 comment=SpamHaus list=blacklist
add address=185.126.160.0/21 comment=SpamHaus list=blacklist
add address=185.126.248.0/22 comment=SpamHaus list=blacklist
add address=185.127.44.0/22 comment=SpamHaus list=blacklist
add address=185.127.56.0/22 comment=SpamHaus list=blacklist
add address=185.127.68.0/22 comment=SpamHaus list=blacklist
add address=185.127.76.0/22 comment=SpamHaus list=blacklist
add address=185.127.92.0/22 comment=SpamHaus list=blacklist
add address=185.129.8.0/22 comment=SpamHaus list=blacklist
add address=185.129.208.0/22 comment=SpamHaus list=blacklist
add address=185.130.36.0/22 comment=SpamHaus list=blacklist
add address=185.132.8.0/22 comment=SpamHaus list=blacklist
add address=185.134.48.0/22 comment=SpamHaus list=blacklist
add address=185.143.220.0/22 comment=SpamHaus list=blacklist
add address=185.144.180.0/22 comment=SpamHaus list=blacklist
add address=185.147.140.0/22 comment=SpamHaus list=blacklist
add address=185.156.88.0/21 comment=SpamHaus list=blacklist
add address=185.156.92.0/22 comment=SpamHaus list=blacklist
add address=185.161.148.0/22 comment=SpamHaus list=blacklist
add address=185.165.24.0/22 comment=SpamHaus list=blacklist
add address=185.180.192.0/22 comment=SpamHaus list=blacklist
add address=185.184.192.0/22 comment=SpamHaus list=blacklist
add address=185.185.48.0/22 comment=SpamHaus list=blacklist
add address=185.193.90.0/24 comment=SpamHaus list=blacklist
add address=185.194.100.0/22 comment=SpamHaus list=blacklist
add address=185.203.64.0/22 comment=SpamHaus list=blacklist
add address=185.215.113.0/24 comment=SpamHaus list=blacklist
add address=185.215.132.0/22 comment=SpamHaus list=blacklist
add address=185.227.200.0/22 comment=SpamHaus list=blacklist
add address=185.230.44.0/22 comment=SpamHaus list=blacklist
add address=185.234.64.0/22 comment=SpamHaus list=blacklist
add address=185.236.232.0/22 comment=SpamHaus list=blacklist
add address=185.237.104.0/22 comment=SpamHaus list=blacklist
add address=185.237.220.0/22 comment=SpamHaus list=blacklist
add address=185.237.226.0/23 comment=SpamHaus list=blacklist
add address=185.238.176.0/22 comment=SpamHaus list=blacklist
add address=185.248.132.0/22 comment=SpamHaus list=blacklist
add address=185.254.196.0/22 comment=SpamHaus list=blacklist
add address=186.65.112.0/20 comment=SpamHaus list=blacklist
add address=186.179.0.0/18 comment=SpamHaus list=blacklist
add address=188.172.160.0/19 comment=SpamHaus list=blacklist
add address=188.208.48.0/22 comment=SpamHaus list=blacklist
add address=188.208.52.0/22 comment=SpamHaus list=blacklist
add address=188.208.109.0/24 comment=SpamHaus list=blacklist
add address=188.208.220.0/22 comment=SpamHaus list=blacklist
add address=188.209.120.0/21 comment=SpamHaus list=blacklist
add address=188.212.254.0/24 comment=SpamHaus list=blacklist
add address=188.213.23.0/24 comment=SpamHaus list=blacklist
add address=188.213.206.0/23 comment=SpamHaus list=blacklist
add address=188.213.214.0/23 comment=SpamHaus list=blacklist
add address=188.213.248.0/22 comment=SpamHaus list=blacklist
add address=188.213.252.0/22 comment=SpamHaus list=blacklist
add address=188.214.94.0/24 comment=SpamHaus list=blacklist
add address=188.214.95.0/24 comment=SpamHaus list=blacklist
add address=188.214.140.0/24 comment=SpamHaus list=blacklist
add address=188.214.155.0/24 comment=SpamHaus list=blacklist
add address=188.214.193.0/24 comment=SpamHaus list=blacklist
add address=188.241.211.0/24 comment=SpamHaus list=blacklist
add address=188.247.230.0/24 comment=SpamHaus list=blacklist
add address=190.123.208.0/20 comment=SpamHaus list=blacklist
add address=190.185.108.0/22 comment=SpamHaus list=blacklist
add address=192.5.103.0/24 comment=SpamHaus list=blacklist
add address=192.12.131.0/24 comment=SpamHaus list=blacklist
add address=192.22.0.0/16 comment=SpamHaus list=blacklist
add address=192.26.25.0/24 comment=SpamHaus list=blacklist
add address=192.31.212.0/23 comment=SpamHaus list=blacklist
add address=192.40.29.0/24 comment=SpamHaus list=blacklist
add address=192.43.160.0/24 comment=SpamHaus list=blacklist
add address=192.43.175.0/24 comment=SpamHaus list=blacklist
add address=192.43.176.0/21 comment=SpamHaus list=blacklist
add address=192.43.184.0/24 comment=SpamHaus list=blacklist
add address=192.54.110.0/24 comment=SpamHaus list=blacklist
add address=192.67.16.0/24 comment=SpamHaus list=blacklist
add address=192.96.146.0/24 comment=SpamHaus list=blacklist
add address=192.101.44.0/24 comment=SpamHaus list=blacklist
add address=192.101.181.0/24 comment=SpamHaus list=blacklist
add address=192.101.200.0/21 comment=SpamHaus list=blacklist
add address=192.101.208.0/20 comment=SpamHaus list=blacklist
add address=192.101.224.0/20 comment=SpamHaus list=blacklist
add address=192.101.240.0/21 comment=SpamHaus list=blacklist
add address=192.101.248.0/23 comment=SpamHaus list=blacklist
add address=192.133.3.0/24 comment=SpamHaus list=blacklist
add address=192.152.194.0/24 comment=SpamHaus list=blacklist
add address=192.154.11.0/24 comment=SpamHaus list=blacklist
add address=192.160.44.0/24 comment=SpamHaus list=blacklist
add address=192.161.80.0/20 comment=SpamHaus list=blacklist
add address=192.190.49.0/24 comment=SpamHaus list=blacklist
add address=192.190.97.0/24 comment=SpamHaus list=blacklist
add address=192.195.150.0/24 comment=SpamHaus list=blacklist
add address=192.197.87.0/24 comment=SpamHaus list=blacklist
add address=192.203.252.0/24 comment=SpamHaus list=blacklist
add address=192.206.114.0/24 comment=SpamHaus list=blacklist
add address=192.219.120.0/21 comment=SpamHaus list=blacklist
add address=192.219.128.0/18 comment=SpamHaus list=blacklist
add address=192.219.192.0/20 comment=SpamHaus list=blacklist
add address=192.219.208.0/21 comment=SpamHaus list=blacklist
add address=192.226.16.0/20 comment=SpamHaus list=blacklist
add address=192.229.32.0/19 comment=SpamHaus list=blacklist
add address=192.231.66.0/24 comment=SpamHaus list=blacklist
add address=192.234.156.0/24 comment=SpamHaus list=blacklist
add address=192.234.189.0/24 comment=SpamHaus list=blacklist
add address=192.245.101.0/24 comment=SpamHaus list=blacklist
add address=192.245.188.0/24 comment=SpamHaus list=blacklist
add address=192.245.248.0/24 comment=SpamHaus list=blacklist
add address=192.251.231.0/24 comment=SpamHaus list=blacklist
add address=192.252.16.0/20 comment=SpamHaus list=blacklist
add address=193.25.48.0/20 comment=SpamHaus list=blacklist
add address=193.30.254.0/23 comment=SpamHaus list=blacklist
add address=193.32.66.0/23 comment=SpamHaus list=blacklist
add address=193.46.172.0/22 comment=SpamHaus list=blacklist
add address=193.139.0.0/16 comment=SpamHaus list=blacklist
add address=193.151.160.0/22 comment=SpamHaus list=blacklist
add address=193.201.232.0/22 comment=SpamHaus list=blacklist
add address=193.228.91.0/24 comment=SpamHaus list=blacklist
add address=193.243.0.0/17 comment=SpamHaus list=blacklist
add address=193.254.48.0/20 comment=SpamHaus list=blacklist
add address=194.5.94.0/23 comment=SpamHaus list=blacklist
add address=194.41.60.0/23 comment=SpamHaus list=blacklist
add address=194.147.140.0/24 comment=SpamHaus list=blacklist
add address=195.182.57.0/24 comment=SpamHaus list=blacklist
add address=195.210.96.0/19 comment=SpamHaus list=blacklist
add address=196.1.109.0/24 comment=SpamHaus list=blacklist
add address=196.10.64.0/19 comment=SpamHaus list=blacklist
add address=196.15.64.0/18 comment=SpamHaus list=blacklist
add address=196.16.0.0/14 comment=SpamHaus list=blacklist
add address=196.42.128.0/17 comment=SpamHaus list=blacklist
add address=196.52.0.0/14 comment=SpamHaus list=blacklist
add address=196.54.1.0/24 comment=SpamHaus list=blacklist
add address=196.55.3.0/24 comment=SpamHaus list=blacklist
add address=196.55.228.0/24 comment=SpamHaus list=blacklist
add address=196.61.192.0/20 comment=SpamHaus list=blacklist
add address=196.62.0.0/16 comment=SpamHaus list=blacklist
add address=196.192.192.0/18 comment=SpamHaus list=blacklist
add address=196.193.0.0/16 comment=SpamHaus list=blacklist
add address=196.194.0.0/15 comment=SpamHaus list=blacklist
add address=196.199.0.0/16 comment=SpamHaus list=blacklist
add address=196.207.64.0/18 comment=SpamHaus list=blacklist
add address=196.246.0.0/16 comment=SpamHaus list=blacklist
add address=197.154.0.0/16 comment=SpamHaus list=blacklist
add address=197.231.208.0/22 comment=SpamHaus list=blacklist
add address=198.13.0.0/20 comment=SpamHaus list=blacklist
add address=198.14.0.0/20 comment=SpamHaus list=blacklist
add address=198.20.16.0/20 comment=SpamHaus list=blacklist
add address=198.45.32.0/20 comment=SpamHaus list=blacklist
add address=198.45.64.0/19 comment=SpamHaus list=blacklist
add address=198.54.232.0/24 comment=SpamHaus list=blacklist
add address=198.56.64.0/18 comment=SpamHaus list=blacklist
add address=198.57.64.0/20 comment=SpamHaus list=blacklist
add address=198.62.70.0/24 comment=SpamHaus list=blacklist
add address=198.62.76.0/24 comment=SpamHaus list=blacklist
add address=198.96.224.0/20 comment=SpamHaus list=blacklist
add address=198.99.117.0/24 comment=SpamHaus list=blacklist
add address=198.102.222.0/24 comment=SpamHaus list=blacklist
add address=198.148.212.0/24 comment=SpamHaus list=blacklist
add address=198.151.16.0/20 comment=SpamHaus list=blacklist
add address=198.151.64.0/18 comment=SpamHaus list=blacklist
add address=198.151.152.0/22 comment=SpamHaus list=blacklist
add address=198.160.205.0/24 comment=SpamHaus list=blacklist
add address=198.169.201.0/24 comment=SpamHaus list=blacklist
add address=198.177.175.0/24 comment=SpamHaus list=blacklist
add address=198.177.176.0/22 comment=SpamHaus list=blacklist
add address=198.177.180.0/24 comment=SpamHaus list=blacklist
add address=198.177.214.0/24 comment=SpamHaus list=blacklist
add address=198.178.64.0/19 comment=SpamHaus list=blacklist
add address=198.179.22.0/24 comment=SpamHaus list=blacklist
add address=198.181.96.0/20 comment=SpamHaus list=blacklist
add address=198.183.32.0/19 comment=SpamHaus list=blacklist
add address=198.184.193.0/24 comment=SpamHaus list=blacklist
add address=198.184.208.0/24 comment=SpamHaus list=blacklist
add address=198.186.25.0/24 comment=SpamHaus list=blacklist
add address=198.187.64.0/18 comment=SpamHaus list=blacklist
add address=198.187.192.0/24 comment=SpamHaus list=blacklist
add address=198.190.173.0/24 comment=SpamHaus list=blacklist
add address=198.199.212.0/24 comment=SpamHaus list=blacklist
add address=198.200.0.0/21 comment=SpamHaus list=blacklist
add address=198.200.8.0/23 comment=SpamHaus list=blacklist
add address=198.202.237.0/24 comment=SpamHaus list=blacklist
add address=198.204.0.0/21 comment=SpamHaus list=blacklist
add address=198.206.140.0/24 comment=SpamHaus list=blacklist
add address=198.212.132.0/24 comment=SpamHaus list=blacklist
add address=199.4.151.0/24 comment=SpamHaus list=blacklist
add address=199.4.226.0/23 comment=SpamHaus list=blacklist
add address=199.4.228.0/23 comment=SpamHaus list=blacklist
add address=199.5.152.0/23 comment=SpamHaus list=blacklist
add address=199.5.194.0/24 comment=SpamHaus list=blacklist
add address=199.5.229.0/24 comment=SpamHaus list=blacklist
add address=199.26.137.0/24 comment=SpamHaus list=blacklist
add address=199.26.181.0/24 comment=SpamHaus list=blacklist
add address=199.26.205.0/24 comment=SpamHaus list=blacklist
add address=199.26.207.0/24 comment=SpamHaus list=blacklist
add address=199.26.251.0/24 comment=SpamHaus list=blacklist
add address=199.27.32.0/19 comment=SpamHaus list=blacklist
add address=199.33.222.0/24 comment=SpamHaus list=blacklist
add address=199.34.128.0/18 comment=SpamHaus list=blacklist
add address=199.60.102.0/24 comment=SpamHaus list=blacklist
add address=199.71.139.0/24 comment=SpamHaus list=blacklist
add address=199.71.192.0/20 comment=SpamHaus list=blacklist
add address=199.73.64.0/20 comment=SpamHaus list=blacklist
add address=199.84.16.0/20 comment=SpamHaus list=blacklist
add address=199.84.55.0/24 comment=SpamHaus list=blacklist
add address=199.84.56.0/22 comment=SpamHaus list=blacklist
add address=199.84.60.0/24 comment=SpamHaus list=blacklist
add address=199.84.64.0/19 comment=SpamHaus list=blacklist
add address=199.89.16.0/20 comment=SpamHaus list=blacklist
add address=199.89.198.0/24 comment=SpamHaus list=blacklist
add address=199.120.163.0/24 comment=SpamHaus list=blacklist
add address=199.164.136.0/24 comment=SpamHaus list=blacklist
add address=199.165.32.0/19 comment=SpamHaus list=blacklist
add address=199.166.200.0/22 comment=SpamHaus list=blacklist
add address=199.166.209.0/24 comment=SpamHaus list=blacklist
add address=199.166.214.0/23 comment=SpamHaus list=blacklist
add address=199.184.82.0/24 comment=SpamHaus list=blacklist
add address=199.185.144.0/20 comment=SpamHaus list=blacklist
add address=199.196.192.0/19 comment=SpamHaus list=blacklist
add address=199.198.160.0/20 comment=SpamHaus list=blacklist
add address=199.198.176.0/21 comment=SpamHaus list=blacklist
add address=199.198.184.0/23 comment=SpamHaus list=blacklist
add address=199.198.188.0/22 comment=SpamHaus list=blacklist
add address=199.200.64.0/19 comment=SpamHaus list=blacklist
add address=199.201.212.0/24 comment=SpamHaus list=blacklist
add address=199.212.96.0/20 comment=SpamHaus list=blacklist
add address=199.223.0.0/20 comment=SpamHaus list=blacklist
add address=199.230.64.0/19 comment=SpamHaus list=blacklist
add address=199.230.96.0/21 comment=SpamHaus list=blacklist
add address=199.233.78.0/24 comment=SpamHaus list=blacklist
add address=199.233.85.0/24 comment=SpamHaus list=blacklist
add address=199.233.96.0/24 comment=SpamHaus list=blacklist
add address=199.233.101.0/24 comment=SpamHaus list=blacklist
add address=199.241.0.0/21 comment=SpamHaus list=blacklist
add address=199.241.64.0/19 comment=SpamHaus list=blacklist
add address=199.244.56.0/21 comment=SpamHaus list=blacklist
add address=199.245.123.0/24 comment=SpamHaus list=blacklist
add address=199.245.138.0/24 comment=SpamHaus list=blacklist
add address=199.246.35.0/24 comment=SpamHaus list=blacklist
add address=199.246.137.0/24 comment=SpamHaus list=blacklist
add address=199.246.213.0/24 comment=SpamHaus list=blacklist
add address=199.246.215.0/24 comment=SpamHaus list=blacklist
add address=199.246.226.0/24 comment=SpamHaus list=blacklist
add address=199.248.254.0/24 comment=SpamHaus list=blacklist
add address=199.249.64.0/19 comment=SpamHaus list=blacklist
add address=199.253.32.0/20 comment=SpamHaus list=blacklist
add address=199.253.48.0/21 comment=SpamHaus list=blacklist
add address=199.253.224.0/20 comment=SpamHaus list=blacklist
add address=199.254.32.0/20 comment=SpamHaus list=blacklist
add address=200.0.60.0/23 comment=SpamHaus list=blacklist
add address=200.22.0.0/16 comment=SpamHaus list=blacklist
add address=200.71.124.0/22 comment=SpamHaus list=blacklist
add address=200.189.44.0/22 comment=SpamHaus list=blacklist
add address=201.148.168.0/22 comment=SpamHaus list=blacklist
add address=201.169.0.0/16 comment=SpamHaus list=blacklist
add address=202.0.192.0/18 comment=SpamHaus list=blacklist
add address=202.20.32.0/19 comment=SpamHaus list=blacklist
add address=202.21.64.0/19 comment=SpamHaus list=blacklist
add address=202.27.96.0/23 comment=SpamHaus list=blacklist
add address=202.27.98.0/24 comment=SpamHaus list=blacklist
add address=202.27.99.0/24 comment=SpamHaus list=blacklist
add address=202.27.100.0/22 comment=SpamHaus list=blacklist
add address=202.27.120.0/22 comment=SpamHaus list=blacklist
add address=202.27.161.0/24 comment=SpamHaus list=blacklist
add address=202.27.162.0/23 comment=SpamHaus list=blacklist
add address=202.27.164.0/22 comment=SpamHaus list=blacklist
add address=202.27.168.0/24 comment=SpamHaus list=blacklist
add address=202.40.32.0/19 comment=SpamHaus list=blacklist
add address=202.40.64.0/18 comment=SpamHaus list=blacklist
add address=202.68.0.0/18 comment=SpamHaus list=blacklist
add address=202.86.0.0/22 comment=SpamHaus list=blacklist
add address=202.148.32.0/20 comment=SpamHaus list=blacklist
add address=202.148.176.0/20 comment=SpamHaus list=blacklist
add address=202.183.0.0/19 comment=SpamHaus list=blacklist
add address=202.189.80.0/20 comment=SpamHaus list=blacklist
add address=203.2.200.0/22 comment=SpamHaus list=blacklist
add address=203.9.0.0/19 comment=SpamHaus list=blacklist
add address=203.31.88.0/23 comment=SpamHaus list=blacklist
add address=203.34.70.0/23 comment=SpamHaus list=blacklist
add address=203.86.252.0/22 comment=SpamHaus list=blacklist
add address=203.169.0.0/22 comment=SpamHaus list=blacklist
add address=203.191.64.0/18 comment=SpamHaus list=blacklist
add address=203.195.0.0/18 comment=SpamHaus list=blacklist
add address=204.14.80.0/22 comment=SpamHaus list=blacklist
add address=204.19.38.0/23 comment=SpamHaus list=blacklist
add address=204.27.155.0/24 comment=SpamHaus list=blacklist
add address=204.44.32.0/20 comment=SpamHaus list=blacklist
add address=204.44.208.0/20 comment=SpamHaus list=blacklist
add address=204.44.224.0/20 comment=SpamHaus list=blacklist
add address=204.52.96.0/19 comment=SpamHaus list=blacklist
add address=204.52.184.0/24 comment=SpamHaus list=blacklist
add address=204.52.255.0/24 comment=SpamHaus list=blacklist
add address=204.57.16.0/20 comment=SpamHaus list=blacklist
add address=204.62.177.0/24 comment=SpamHaus list=blacklist
add address=204.75.147.0/24 comment=SpamHaus list=blacklist
add address=204.75.228.0/24 comment=SpamHaus list=blacklist
add address=204.80.164.0/24 comment=SpamHaus list=blacklist
add address=204.80.180.0/24 comment=SpamHaus list=blacklist
add address=204.80.198.0/24 comment=SpamHaus list=blacklist
add address=204.86.16.0/20 comment=SpamHaus list=blacklist
add address=204.87.136.0/24 comment=SpamHaus list=blacklist
add address=204.87.175.0/24 comment=SpamHaus list=blacklist
add address=204.87.199.0/24 comment=SpamHaus list=blacklist
add address=204.87.233.0/24 comment=SpamHaus list=blacklist
add address=204.89.224.0/24 comment=SpamHaus list=blacklist
add address=204.106.128.0/18 comment=SpamHaus list=blacklist
add address=204.106.192.0/19 comment=SpamHaus list=blacklist
add address=204.107.132.0/24 comment=SpamHaus list=blacklist
add address=204.107.208.0/24 comment=SpamHaus list=blacklist
add address=204.107.237.0/24 comment=SpamHaus list=blacklist
add address=204.115.128.0/21 comment=SpamHaus list=blacklist
add address=204.126.244.0/23 comment=SpamHaus list=blacklist
add address=204.128.32.0/20 comment=SpamHaus list=blacklist
add address=204.128.151.0/24 comment=SpamHaus list=blacklist
add address=204.128.180.0/24 comment=SpamHaus list=blacklist
add address=204.130.16.0/20 comment=SpamHaus list=blacklist
add address=204.130.167.0/24 comment=SpamHaus list=blacklist
add address=204.130.195.0/24 comment=SpamHaus list=blacklist
add address=204.147.64.0/21 comment=SpamHaus list=blacklist
add address=204.147.96.0/20 comment=SpamHaus list=blacklist
add address=204.147.240.0/20 comment=SpamHaus list=blacklist
add address=204.156.192.0/20 comment=SpamHaus list=blacklist
add address=204.194.64.0/21 comment=SpamHaus list=blacklist
add address=204.225.159.0/24 comment=SpamHaus list=blacklist
add address=204.225.210.0/24 comment=SpamHaus list=blacklist
add address=204.232.0.0/18 comment=SpamHaus list=blacklist
add address=204.238.35.0/24 comment=SpamHaus list=blacklist
add address=204.238.40.0/24 comment=SpamHaus list=blacklist
add address=204.238.137.0/24 comment=SpamHaus list=blacklist
add address=204.238.170.0/24 comment=SpamHaus list=blacklist
add address=204.238.183.0/24 comment=SpamHaus list=blacklist
add address=205.137.0.0/20 comment=SpamHaus list=blacklist
add address=205.142.104.0/22 comment=SpamHaus list=blacklist
add address=205.143.8.0/21 comment=SpamHaus list=blacklist
add address=205.144.0.0/20 comment=SpamHaus list=blacklist
add address=205.144.176.0/20 comment=SpamHaus list=blacklist
add address=205.148.128.0/18 comment=SpamHaus list=blacklist
add address=205.148.192.0/18 comment=SpamHaus list=blacklist
add address=205.151.58.0/24 comment=SpamHaus list=blacklist
add address=205.151.128.0/19 comment=SpamHaus list=blacklist
add address=205.151.216.0/24 comment=SpamHaus list=blacklist
add address=205.159.45.0/24 comment=SpamHaus list=blacklist
add address=205.159.174.0/24 comment=SpamHaus list=blacklist
add address=205.159.180.0/24 comment=SpamHaus list=blacklist
add address=205.159.201.0/24 comment=SpamHaus list=blacklist
add address=205.159.241.0/24 comment=SpamHaus list=blacklist
add address=205.166.45.0/24 comment=SpamHaus list=blacklist
add address=205.166.77.0/24 comment=SpamHaus list=blacklist
add address=205.166.84.0/24 comment=SpamHaus list=blacklist
add address=205.166.130.0/24 comment=SpamHaus list=blacklist
add address=205.166.168.0/24 comment=SpamHaus list=blacklist
add address=205.166.183.0/24 comment=SpamHaus list=blacklist
add address=205.166.211.0/24 comment=SpamHaus list=blacklist
add address=205.172.244.0/22 comment=SpamHaus list=blacklist
add address=205.175.160.0/19 comment=SpamHaus list=blacklist
add address=205.189.71.0/24 comment=SpamHaus list=blacklist
add address=205.189.72.0/23 comment=SpamHaus list=blacklist
add address=205.189.207.0/24 comment=SpamHaus list=blacklist
add address=205.203.0.0/19 comment=SpamHaus list=blacklist
add address=205.203.224.0/19 comment=SpamHaus list=blacklist
add address=205.207.134.0/24 comment=SpamHaus list=blacklist
add address=205.210.29.0/24 comment=SpamHaus list=blacklist
add address=205.210.107.0/24 comment=SpamHaus list=blacklist
add address=205.210.139.0/24 comment=SpamHaus list=blacklist
add address=205.210.171.0/24 comment=SpamHaus list=blacklist
add address=205.210.172.0/22 comment=SpamHaus list=blacklist
add address=205.210.249.0/24 comment=SpamHaus list=blacklist
add address=205.211.172.0/24 comment=SpamHaus list=blacklist
add address=205.211.179.0/24 comment=SpamHaus list=blacklist
add address=205.214.96.0/19 comment=SpamHaus list=blacklist
add address=205.214.128.0/19 comment=SpamHaus list=blacklist
add address=205.233.19.0/24 comment=SpamHaus list=blacklist
add address=205.233.156.0/24 comment=SpamHaus list=blacklist
add address=205.233.220.0/24 comment=SpamHaus list=blacklist
add address=205.233.224.0/20 comment=SpamHaus list=blacklist
add address=205.236.18.0/24 comment=SpamHaus list=blacklist
add address=205.236.23.0/24 comment=SpamHaus list=blacklist
add address=205.236.185.0/24 comment=SpamHaus list=blacklist
add address=205.236.189.0/24 comment=SpamHaus list=blacklist
add address=205.237.88.0/21 comment=SpamHaus list=blacklist
add address=206.41.128.0/20 comment=SpamHaus list=blacklist
add address=206.41.160.0/19 comment=SpamHaus list=blacklist
add address=206.51.29.0/24 comment=SpamHaus list=blacklist
add address=206.124.104.0/21 comment=SpamHaus list=blacklist
add address=206.125.16.0/20 comment=SpamHaus list=blacklist
add address=206.130.188.0/24 comment=SpamHaus list=blacklist
add address=206.143.128.0/17 comment=SpamHaus list=blacklist
add address=206.183.128.0/19 comment=SpamHaus list=blacklist
add address=206.195.224.0/19 comment=SpamHaus list=blacklist
add address=206.197.28.0/24 comment=SpamHaus list=blacklist
add address=206.197.29.0/24 comment=SpamHaus list=blacklist
add address=206.197.77.0/24 comment=SpamHaus list=blacklist
add address=206.197.146.0/24 comment=SpamHaus list=blacklist
add address=206.197.165.0/24 comment=SpamHaus list=blacklist
add address=206.209.48.0/20 comment=SpamHaus list=blacklist
add address=206.209.80.0/20 comment=SpamHaus list=blacklist
add address=206.223.17.0/24 comment=SpamHaus list=blacklist
add address=206.223.33.0/24 comment=SpamHaus list=blacklist
add address=206.223.48.0/24 comment=SpamHaus list=blacklist
add address=206.224.160.0/19 comment=SpamHaus list=blacklist
add address=206.226.0.0/19 comment=SpamHaus list=blacklist
add address=206.226.32.0/19 comment=SpamHaus list=blacklist
add address=207.22.192.0/18 comment=SpamHaus list=blacklist
add address=207.45.224.0/20 comment=SpamHaus list=blacklist
add address=207.70.224.0/20 comment=SpamHaus list=blacklist
add address=207.90.0.0/18 comment=SpamHaus list=blacklist
add address=207.110.64.0/18 comment=SpamHaus list=blacklist
add address=207.110.96.0/19 comment=SpamHaus list=blacklist
add address=207.110.128.0/18 comment=SpamHaus list=blacklist
add address=207.183.64.0/19 comment=SpamHaus list=blacklist
add address=207.183.96.0/20 comment=SpamHaus list=blacklist
add address=207.183.128.0/19 comment=SpamHaus list=blacklist
add address=207.183.192.0/19 comment=SpamHaus list=blacklist
add address=207.201.64.0/18 comment=SpamHaus list=blacklist
add address=207.228.192.0/20 comment=SpamHaus list=blacklist
add address=207.244.0.0/18 comment=SpamHaus list=blacklist
add address=208.73.208.0/22 comment=SpamHaus list=blacklist
add address=208.90.32.0/21 comment=SpamHaus list=blacklist
add address=208.93.4.0/22 comment=SpamHaus list=blacklist
add address=209.17.192.0/19 comment=SpamHaus list=blacklist
add address=209.66.0.0/18 comment=SpamHaus list=blacklist
add address=209.66.128.0/19 comment=SpamHaus list=blacklist
add address=209.95.64.0/19 comment=SpamHaus list=blacklist
add address=209.95.192.0/19 comment=SpamHaus list=blacklist
add address=209.99.128.0/18 comment=SpamHaus list=blacklist
add address=209.145.0.0/19 comment=SpamHaus list=blacklist
add address=209.148.16.0/20 comment=SpamHaus list=blacklist
add address=209.161.64.0/19 comment=SpamHaus list=blacklist
add address=209.161.96.0/20 comment=SpamHaus list=blacklist
add address=209.182.64.0/19 comment=SpamHaus list=blacklist
add address=209.242.192.0/19 comment=SpamHaus list=blacklist
add address=212.162.152.0/22 comment=SpamHaus list=blacklist
add address=213.173.36.0/22 comment=SpamHaus list=blacklist
add address=213.247.0.0/19 comment=SpamHaus list=blacklist
add address=216.179.128.0/17 comment=SpamHaus list=blacklist
add address=220.154.0.0/16 comment=SpamHaus list=blacklist
add address=221.132.192.0/18 comment=SpamHaus list=blacklist
add address=223.0.0.0/15 comment=SpamHaus list=blacklist
add address=223.169.0.0/16 comment=SpamHaus list=blacklist
add address=223.173.0.0/16 comment=SpamHaus list=blacklist
add address=223.254.0.0/16 comment=SpamHaus list=blacklist
add address=192.168.15.1 list=DD-WRT
add address=192.168.100.1 list=DD-WRT
add address=186.89.64.0/19 list=Posibles-IP-Cantv
add address=186.94.128.0/19 list=Posibles-IP-Cantv
add address=186.95.224.0/19 list=Posibles-IP-Cantv
add address=190.37.224.0/19 list=Posibles-IP-Cantv
add address=190.75.160.0/19 list=Posibles-IP-Cantv
add address=190.168.96.0/19 list=Posibles-IP-Cantv
add address=190.206.128.0/19 list=Posibles-IP-Cantv
add address=201.211.0.0/19 list=Posibles-IP-Cantv
add address=192.168.1.0/30 list=ZTE-ADSL-Modem
add address=89.248.165.0/24 comment=DShield list=blacklist
add address=103.129.98.17 comment=malc0de list=blacklist
add address=45.143.203.0/24 comment=DShield list=blacklist
add address=103.253.73.77 comment=malc0de list=blacklist
add address=45.146.164.0/24 comment=DShield list=blacklist
add address=103.83.81.144 comment=malc0de list=blacklist
add address=45.134.26.0/24 comment=DShield list=blacklist
add address=104.18.36.98 comment=malc0de list=blacklist
add address=92.63.197.0/24 comment=DShield list=blacklist
add address=107.175.64.210 comment=malc0de list=blacklist
add address=193.27.228.0/24 comment=DShield list=blacklist
add address=108.171.216.194 comment=malc0de list=blacklist
add address=45.143.200.0/24 comment=DShield list=blacklist
add address=110.4.45.119 comment=malc0de list=blacklist
add address=185.191.34.0/24 comment=DShield list=blacklist
add address=184.168.221.43 comment=malc0de list=blacklist
add address=45.155.205.0/24 comment=DShield list=blacklist
add address=185.104.45.20 comment=malc0de list=blacklist
add address=45.146.165.0/24 comment=DShield list=blacklist
add address=185.174.100.116 comment=malc0de list=blacklist
add address=45.135.232.0/24 comment=DShield list=blacklist
add address=185.193.38.74 comment=malc0de list=blacklist
add address=79.124.62.0/24 comment=DShield list=blacklist
add address=192.138.20.112 comment=malc0de list=blacklist
add address=5.188.206.0/24 comment=DShield list=blacklist
add address=217.174.152.68 comment=malc0de list=blacklist
add address=125.64.94.0/24 comment=DShield list=blacklist
add address=50.63.202.57 comment=malc0de list=blacklist
add address=89.248.168.0/24 comment=DShield list=blacklist
add address=62.173.145.104 comment=malc0de list=blacklist
add address=193.242.145.0/24 comment=DShield list=blacklist
add address=69.167.178.28 comment=malc0de list=blacklist
add address=193.27.229.0/24 comment=DShield list=blacklist
add address=79.96.191.147 comment=malc0de list=blacklist
add address=146.88.240.0/24 comment=DShield list=blacklist
add address=79.98.28.30 comment=malc0de list=blacklist
add address=103.145.13.0/24 comment=DShield list=blacklist
add address=85.93.145.251 comment=malc0de list=blacklist
add address=183.136.225.0/24 comment=DShield list=blacklist
add address=91.189.114.7 comment=malc0de list=blacklist
add address=94.23.64.40 comment=malc0de list=blacklist
add address=172.69.16.2-172.16.69.254 list=VLAN69-IoT
add address=192.168.5.0/24 list=Mis-Redes-Locales
add address=10.55.5.0/24 list=Mis-Redes-Locales
add address=10.13.37.0/24 list=Mis-Redes-Locales
add address=172.16.69.0/24 list=Mis-Redes-Locales
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=jump chain=forward comment="Detect DDOS Attack" connection-state=\
    new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=return chain=detect-ddos src-address=192.168.5.10
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
    10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
    10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed \
    src-address-list=ddoser
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
    new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new limit=400,5 \
    protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment=\
    "***Drop new connections from blacklisted IP's to this router***" \
    connection-state=new in-interface-list=WAN src-address-list=blacklist
add action=accept chain=input comment=\
    "***Limitar peticiones DNS desde LAN***" connection-limit=100,32 \
    dst-port=53 in-interface-list=!WAN limit=100,5:packet protocol=tcp
add action=accept chain=input comment=\
    "***Limitar peticiones DNS desde LAN***" connection-limit=100,32 \
    dst-port=53 in-interface-list=!WAN limit=100,5:packet protocol=udp
add action=drop chain=forward comment=\
    "***Bloquear Paquetes Marcados Facebook***" disabled=yes packet-mark=\
    paq-facebook
add action=drop chain=input comment=\
    "***Bloquear Paquetes Marcados Facebook***" disabled=yes packet-mark=\
    paq-facebook
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established, related, untracked" connection-state=\
    established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN log=yes log-prefix=!NAT
add action=accept chain=forward comment=\
    "***Conexion Remota - Puerto WAN Router Cliente" disabled=yes \
    dst-address=192.168.111.0/24 in-interface=bridge-LAN-SW out-interface=\
    ether5-LAN
add action=accept chain=forward comment=\
    "***Permitir Entrar Modem CANTV en WAN1***" dst-address-list=\
    ZTE-ADSL-Modem in-interface=bridge-LAN-SW out-interface=ether1-WAN1-Cantv
add action=accept chain=forward comment=\
    "***Permitir Entrar DD-WRT en WAN2***" dst-address-list=DD-WRT \
    in-interface=bridge-LAN-SW out-interface=ether2-WAN2-NetUno
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from LAN" dst-address-list=\
    not_in_internet in-interface=bridge-LAN-SW log=yes log-prefix=\
    !public_from_LAN out-interface=!bridge-LAN-SW
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface-list=\
    WAN log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment="Drop packets from Mis-Redes-Locales tha\
    t do not have Mis-Redes-Locales IP" in-interface=bridge-LAN-SW log=yes \
    log-prefix=LAN_!LAN src-address-list=!Mis-Redes-Locales
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=fasttrack-connection chain=forward comment="***FastTrack STEAM***" \
    connection-mark=con-Gaming disabled=yes packet-mark=""
add action=accept chain=forward comment=\
    "***Permitir Tr\E1fico IoT -> Internet***" out-interface-list=WAN \
    src-address-list=VLAN69-IoT
add action=drop chain=forward comment="***Bloquear Tr\E1fico IoT -> LAN***" \
    dst-address-list=LAN src-address-list=VLAN69-IoT
add action=drop chain=forward comment="***Bloquear Tr\E1fico IoT -> CCTV***" \
    dst-address-list=VLAN555-CCTV src-address-list=VLAN69-IoT
add action=drop chain=forward comment="***Bloquear Tr\E1fico IoT -> Guest***" \
    dst-address-list=VLAN1337-Guest src-address-list=VLAN69-IoT
add action=accept chain=forward comment=\
    "***Permitir Tr\E1fico CCTV -> Internet***" out-interface-list=WAN \
    src-address-list=VLAN555-CCTV
add action=drop chain=forward comment="***Bloquear Tr\E1fico CCTV -> LAN***" \
    dst-address-list=LAN src-address-list=VLAN555-CCTV
add action=drop chain=forward comment="***Bloquear Tr\E1fico CCTV -> IoT***" \
    dst-address-list=VLAN69-IoT src-address-list=VLAN555-CCTV
add action=drop chain=forward comment=\
    "***Bloquear Tr\E1fico CCTV -> Guest***" dst-address-list=VLAN1337-Guest \
    src-address-list=VLAN555-CCTV
add action=accept chain=forward comment=\
    "***Permitir Tr\E1fico Guest -> Internet***" out-interface-list=WAN \
    src-address-list=VLAN1337-Guest
add action=drop chain=forward comment="***Bloquear Tr\E1fico Guest -> LAN***" \
    dst-address-list=LAN src-address-list=VLAN1337-Guest
add action=drop chain=forward comment="***Bloquear Tr\E1fico Guest -> IoT***" \
    dst-address-list=VLAN69-IoT src-address-list=VLAN1337-Guest
add action=drop chain=forward comment=\
    "***Bloquear Tr\E1fico Guest -> CCTV***" dst-address-list=VLAN555-CCTV \
    src-address-list=VLAN1337-Guest
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
    "Tr\E1fico que sale por ISP fijo" in-interface=bridge-LAN-SW \
    new-routing-mark=to_ISP1 passthrough=no src-address-list=Sale_por_ISP1
add action=mark-routing chain=prerouting in-interface=bridge-LAN-SW \
    new-routing-mark=to_ISP2 passthrough=no src-address-list=Sale_por_ISP2
add action=mark-connection chain=prerouting comment="***Marca de Conexion y Pa\
    quetes - Facebook (Para Bloquear en Firewall)***" connection-mark=no-mark \
    disabled=yes dst-port=53 layer7-protocol=facebook new-connection-mark=\
    con-facebook passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=con-facebook \
    disabled=yes new-packet-mark=paq-facebook passthrough=yes
add action=accept chain=prerouting comment="PCC Load Balance: 1)Aceptar conexi\
    on para cada WAN. Trafico dirigido a cada red se envia a la tabla de ruteo\
    \_prinipal." connection-state="" dst-address-list=Posibles-IP-Cantv
add action=accept chain=prerouting connection-state="" dst-address-list=\
    ZTE-ADSL-Modem
add action=accept chain=prerouting connection-state="" dst-address=\
    192.168.15.0/24
add action=mark-connection chain=prerouting comment=\
    "PCC Load Balance: 2)LAN->WAN (segun WANs disponibles)" connection-mark=\
    no-mark dst-address-type=!local in-interface=bridge-LAN-SW \
    new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    both-addresses:5/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN-SW new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:5/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN-SW new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:5/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN-SW new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:5/3
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN-SW new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:5/4
add action=mark-routing chain=prerouting comment="PCC Load Balance: 3)Conexion\
    \_que entra por WANx saldr\E1 por la misma WANx" connection-mark=\
    WAN1_conn in-interface=bridge-LAN-SW new-routing-mark=to_ISP1 \
    passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=bridge-LAN-SW new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output comment=\
    "PCC Load Balance: 4)Marcar trafico Output (genreado en el router)" \
    connection-mark=WAN1_conn new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "PCC Load Balance: 5)Marcar Rutas segun marcas de conexion" \
    connection-mark=no-mark in-interface=ether1-WAN1-Cantv \
    new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether2-WAN2-NetUno new-connection-mark=WAN2_conn \
    passthrough=yes
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 ICMP" connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv new-packet-mark=\
    paq-ICMP-WAN1-Down passthrough=no protocol=icmp
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    new-packet-mark=paq-ICMP-WAN1-Up out-interface=ether1-WAN1-Cantv \
    passthrough=no protocol=icmp src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 DNS" connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv new-packet-mark=\
    paq-DNS-WAN1-Down passthrough=no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=WAN1_conn dst-port=53 \
    new-packet-mark=paq-DNS-WAN1-Up out-interface=ether1-WAN1-Cantv \
    passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 Gaming" connection-mark=\
    WAN1_conn dst-address-list=LAN in-interface=ether1-WAN1-Cantv \
    new-packet-mark=paq-Gaming-WAN1-Down passthrough=no protocol=udp \
    src-port=3478,3659,4379,4380,7787
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv new-packet-mark=\
    paq-Gaming-WAN1-Down passthrough=no protocol=udp src-port=27000-27100
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv new-packet-mark=\
    paq-Gaming-WAN1-Down passthrough=no protocol=tcp src-port=27015-27030
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv layer7-protocol=Steam \
    new-packet-mark=paq-Gaming-WAN1-Down passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=LAN dst-port=443 in-interface=ether1-WAN1-Cantv \
    new-packet-mark=paq-Gaming-WAN1-Down passthrough=no protocol=tcp \
    tls-host=*steam*
add action=mark-packet chain=forward connection-mark=WAN1_conn dst-port=\
    27000-27100 new-packet-mark=paq-Gaming-WAN1-Up out-interface=\
    ether1-WAN1-Cantv passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN1_conn dst-port=\
    27015-27030 new-packet-mark=paq-Gaming-WAN1-Up out-interface=\
    ether1-WAN1-Cantv passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    layer7-protocol=Steam new-packet-mark=paq-Gaming-WAN1-Up out-interface=\
    ether1-WAN1-Cantv passthrough=no protocol=tcp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN1_conn dst-port=443 \
    new-packet-mark=paq-Gaming-WAN1-Up out-interface=ether1-WAN1-Cantv \
    passthrough=no protocol=tcp src-address-list=LAN tls-host=*steam*
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 Web+Correo" connection-mark=\
    WAN1_conn dst-address-list=LAN in-interface=ether1-WAN1-Cantv \
    new-packet-mark=paq-Web+Correo-WAN1-Down passthrough=no protocol=tcp \
    src-port=80,8080,443,25,465,143,993,110,995
add action=mark-packet chain=forward connection-mark=WAN1_conn dst-port=\
    80,8080,443,25,465,143,993,110,995 new-packet-mark=paq-Web+Correo-WAN1-Up \
    out-interface=ether1-WAN1-Cantv passthrough=no protocol=tcp \
    src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 Videos" connection-mark=\
    WAN1_conn dst-address-list=LAN in-interface=ether1-WAN1-Cantv \
    new-packet-mark=paq-Videos-WAN1-Down passthrough=no src-address-list=\
    Videos
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=Videos new-packet-mark=paq-Videos-WAN1-Up out-interface=\
    ether1-WAN1-Cantv passthrough=no src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 RRSS" connection-mark=WAN1_conn \
    dst-address-list=LAN in-interface=ether1-WAN1-Cantv new-packet-mark=\
    paq-RRSS-WAN1-Down passthrough=no src-address-list=RRSS
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    dst-address-list=RRSS new-packet-mark=paq-RRSS-WAN1-Up out-interface=\
    ether1-WAN1-Cantv passthrough=no src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN1 Resto" connection-mark=\
    WAN1_conn dst-address-list=LAN in-interface=ether1-WAN1-Cantv \
    new-packet-mark=paq-Resto-WAN1-Down packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=WAN1_conn \
    new-packet-mark=paq-Resto-WAN1-Up out-interface=ether1-WAN1-Cantv \
    packet-mark=no-mark passthrough=no src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 ICMP" connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno new-packet-mark=\
    paq-ICMP-WAN2-Down passthrough=no protocol=icmp
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    new-packet-mark=paq-ICMP-WAN2-Up out-interface=ether2-WAN2-NetUno \
    passthrough=no protocol=icmp src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 DNS" connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno new-packet-mark=\
    paq-DNS-WAN2-Down passthrough=no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=WAN2_conn dst-port=53 \
    new-packet-mark=paq-DNS-WAN2-Up out-interface=ether2-WAN2-NetUno \
    passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 Gaming" connection-mark=\
    WAN2_conn dst-address-list=LAN in-interface=ether2-WAN2-NetUno \
    new-packet-mark=paq-Gaming-WAN2-Down passthrough=no protocol=udp \
    src-port=3478,3659,4379,4380,7787
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno new-packet-mark=\
    paq-Gaming-WAN2-Down passthrough=no protocol=udp src-port=27000-27100
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno new-packet-mark=\
    paq-Gaming-WAN2-Down passthrough=no protocol=tcp src-port=27015-27030
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno layer7-protocol=\
    Steam new-packet-mark=paq-Gaming-WAN2-Down passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=LAN dst-port=443 in-interface=ether2-WAN2-NetUno \
    new-packet-mark=paq-Gaming-WAN2-Down passthrough=no protocol=tcp \
    tls-host=*steam*
add action=mark-packet chain=forward connection-mark=WAN2_conn dst-port=\
    27000-27100 new-packet-mark=paq-Gaming-WAN2-Up out-interface=\
    ether2-WAN2-NetUno passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN2_conn dst-port=\
    27015-27030 new-packet-mark=paq-Gaming-WAN2-Up out-interface=\
    ether2-WAN2-NetUno passthrough=no protocol=udp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    layer7-protocol=Steam new-packet-mark=paq-Gaming-WAN2-Up out-interface=\
    ether2-WAN2-NetUno passthrough=no protocol=tcp src-address-list=LAN
add action=mark-packet chain=forward connection-mark=WAN2_conn dst-port=443 \
    new-packet-mark=paq-Gaming-WAN2-Up out-interface=ether2-WAN2-NetUno \
    passthrough=no protocol=tcp src-address-list=LAN tls-host=*steam*
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 Web+Correo" connection-mark=\
    WAN2_conn dst-address-list=LAN in-interface=ether2-WAN2-NetUno \
    new-packet-mark=paq-Web+Correo-WAN2-Down passthrough=no protocol=tcp \
    src-port=80,8080,443,25,465,143,993,110,995
add action=mark-packet chain=forward connection-mark=WAN2_conn dst-port=\
    80,8080,443,25,465,143,993,110,995 new-packet-mark=paq-Web+Correo-WAN2-Up \
    out-interface=ether2-WAN2-NetUno passthrough=no protocol=tcp \
    src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 Videos" connection-mark=\
    WAN2_conn dst-address-list=LAN in-interface=ether2-WAN2-NetUno \
    new-packet-mark=paq-Videos-WAN2-Down passthrough=no src-address-list=\
    Videos
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=Videos new-packet-mark=paq-Videos-WAN2-Up out-interface=\
    ether2-WAN2-NetUno passthrough=no src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 RRSS" connection-mark=WAN2_conn \
    dst-address-list=LAN in-interface=ether2-WAN2-NetUno new-packet-mark=\
    paq-RRSS-WAN2-Down passthrough=no src-address-list=RRSS
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    dst-address-list=RRSS new-packet-mark=paq-RRSS-WAN2-Up out-interface=\
    ether2-WAN2-NetUno passthrough=no src-address-list=LAN
add action=mark-packet chain=forward comment=\
    "Qos + Queue Tree | Marca Paquetes - WAN2 Resto" connection-mark=\
    WAN2_conn dst-address-list=LAN in-interface=ether2-WAN2-NetUno \
    new-packet-mark=paq-Resto-WAN2-Down packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=WAN2_conn \
    new-packet-mark=paq-Resto-WAN2-Up out-interface=ether2-WAN2-NetUno \
    packet-mark=no-mark passthrough=no src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=P2P disabled=yes dst-port=10001 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.5.101 to-ports=\
    10001
add action=dst-nat chain=dstnat disabled=yes dst-port=10001 \
    in-interface-list=WAN protocol=udp to-addresses=192.168.5.101 to-ports=\
    10001
add action=dst-nat chain=dstnat comment=\
    "***Acceso Remoto -> WAN Router Cliente***" dst-port=60075 protocol=tcp \
    to-addresses=192.168.5.99 to-ports=60080
/ip firewall raw
add action=drop chain=prerouting comment=\
    "***Descarta peticiones DNS externas TCP***" dst-port=53 \
    in-interface-list=WAN protocol=tcp
add action=drop chain=prerouting comment=\
    "***Descarta peticiones DNS externas UDP***" dst-port=53 \
    in-interface-list=WAN protocol=udp
add action=accept chain=prerouting comment=\
    "***Cambiar Modulacion CANTV en WAN1***" in-interface=ether1-WAN1-Cantv \
    src-address-list=ZTE-ADSL-Modem
add action=accept chain=prerouting comment="***Permitir DD-WRT en WAN2***" \
    in-interface=ether2-WAN2-NetUno src-address-list=DD-WRT
add action=accept chain=prerouting comment=\
    "defconf: enable for transparent firewall ***SIEMPRE DISABLE***" \
    disabled=yes
add action=accept chain=prerouting comment="defconf: accept DHCP discover" \
    dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=\
    udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment=\
    "defconf: drop forward to local lan from WAN" dst-address-list=\
    Mis-Redes-Locales in-interface-list=WAN
add action=drop chain=prerouting comment=\
    "defconf: drop local if not from default IP range" in-interface-list=LAN \
    src-address-list=!Mis-Redes-Locales
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 \
    protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" \
    jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" \
    jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 \
    protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 \
    limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" \
    icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" \
    icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=\
    5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=\
    11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
/ip route
add check-gateway=ping distance=1 gateway=1.1.1.1 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.8.8 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=8.26.56.26 routing-mark=to_ISP2
add check-gateway=ping distance=2 gateway=9.9.9.9 routing-mark=to_ISP2
add check-gateway=ping distance=2 gateway=192.168.15.1
add check-gateway=ping comment=Check1-WAN1 distance=1 dst-address=1.1.1.1/32 \
    gateway=190.75.160.1 scope=10
add check-gateway=ping comment=Check2-WAN1 distance=1 dst-address=8.8.8.8/32 \
    gateway=190.75.160.1 scope=10
add check-gateway=ping comment=Check1-WAN2 distance=1 dst-address=\
    8.26.56.26/32 gateway=192.168.15.1 scope=10
add check-gateway=ping comment=Check2-WAN2 distance=1 dst-address=9.9.9.9/32 \
    gateway=192.168.15.1 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.5.101/32,192.168.5.107/32,192.168.5.108/32
set ssh address=\
    192.168.5.101/32,192.168.5.107/32,192.168.5.108/32,192.168.5.100/32 port=\
    60022
set www-ssl address=192.168.5.0/24
set api disabled=yes
set winbox address=\
    192.168.5.101/32,192.168.5.107/32,192.168.5.108/32,192.168.5.100/32
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/snmp
set enabled=yes location=192.168.5.6:10050
/system clock
set time-zone-name=America/Caracas
/system identity
set name=RB750gr3
/system ntp client
set enabled=yes primary-ntp=216.239.35.8 server-dns-names=\
    8.8.4.4,208.67.222.222
/system scheduler
add interval=3d name=DownloadSpamhausList on-event=DownloadSpamhausList \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=apr/28/2021 start-time=15:47:00
add comment="Download dshield list" interval=3d name=DownloadDShieldList \
    on-event=Download_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=20:10:08
add comment="Apply dshield List" interval=3d name=InstallDShieldList \
    on-event=Replace_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=20:15:08
add comment="Download malc0de list" interval=3d name=Downloadmalc0deList \
    on-event=Download_malc0de policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=20:10:08
add comment="Apply malc0de List" interval=3d name=Installmalc0deList \
    on-event=Replace_malc0de policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=20:15:08
add comment="Update No-IP DDNS" interval=5m name=no-ip_ddns_update on-event=\
    no-ip_ddns_update policy=read,write,test start-date=may/24/2021 \
    start-time=11:34:06
/system script
add dont-require-permissions=no name=DownloadSpamhausList owner=Qu4k3r \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="# Script which will download the drop list as a text file\r\
    \n/system script add name=\"DownloadSpamhaus\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n}\r\
    \n\r\
    \n# Script which will Remove old Spamhaus list and add new one\r\
    \n/system script add name=\"ReplaceSpamhaus\" source={\r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"]\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n}\r\
    \n\r\
    \n# Schedule the download and application of the spamhaus list\r\
    \n/system scheduler add comment=\"Download spamnaus list\" interval=3d \\\
    \r\
    \n  name=\"DownloadSpamhausList\" on-event=DownloadSpamhaus \\\r\
    \n  start-date=jan/01/1970 start-time=20:00:08\r\
    \n/system scheduler add comment=\"Apply spamnaus List\" interval=3d \\\r\
    \n  name=\"InstallSpamhausList\" on-event=ReplaceSpamhaus \\\r\
    \n  start-date=jan/01/1970 start-time=20:05:08\r\
    \n"
add dont-require-permissions=no name=DownloadSpamhaus owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
    \n"
add dont-require-permissions=no name=ReplaceSpamhaus owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/ip firewall address-list remove [find where comment=\"SpamHaus\"]\r\
    \n/import file-name=spamhaus.rsc;\r\
    \n:log info \"Removed old Spamhaus records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=dshield owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the drop list as a text file\r\
    \n/system script add name=\"Download_dshield\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n}\r\
    \n\r\
    \n# Script which will Remove old dshield list and add new one\r\
    \n/system script add name=\"Replace_dshield\" source={\r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"]\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n}\r\
    \n\r\
    \n# Schedule the download and application of the dshield list\r\
    \n/system scheduler add comment=\"Download dshield list\" interval=3d \\\r\
    \n  name=\"DownloadDShieldList\" on-event=Download_dshield \\\r\
    \n  start-date=jan/01/1970 start-time=20:10:08\r\
    \n/system scheduler add comment=\"Apply dshield List\" interval=3d \\\r\
    \n  name=\"InstallDShieldList\" on-event=Replace_dshield \\\r\
    \n  start-date=jan/01/1970 start-time=20:15:08\r\
    \n"
add dont-require-permissions=no name=Download_dshield owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
    \n"
add dont-require-permissions=no name=Replace_dshield owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/ip firewall address-list remove [find where comment=\"DShield\"]\r\
    \n/import file-name=dshield.rsc;\r\
    \n:log info \"Removed old dshield records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=malc0de owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script which will download the malc0de list as a text file\r\
    \n/system script add name=\"Download_malc0de\" source={\r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n}\r\
    \n\r\
    \n# Script which will Remove old malc0de list and add new one\r\
    \n/system script add name=\"Replace_malc0de\" source={\r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"]\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n}\r\
    \n\r\
    \n# Schedule the download and application of the malc0de list\r\
    \n/system scheduler add comment=\"Download malc0de list\" interval=3d \\\r\
    \n  name=\"Downloadmalc0deList\" on-event=Download_malc0de \\\r\
    \n  start-date=jan/01/1970 start-time=20:10:08\r\
    \n/system scheduler add comment=\"Apply malc0de List\" interval=3d \\\r\
    \n  name=\"Installmalc0deList\" on-event=Replace_malc0de \\\r\
    \n  start-date=jan/01/1970 start-time=20:15:08\r\
    \n"
add dont-require-permissions=no name=Download_malc0de owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
    \n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
    \n"
add dont-require-permissions=no name=Replace_malc0de owner=Qu4k3r policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n/ip firewall address-list remove [find where comment=\"malc0de\"]\r\
    \n/import file-name=malc0de.rsc;\r\
    \n:log info \"Removed old malc0de records and imported new list\";\r\
    \n"
add dont-require-permissions=no name=no-ip_ddns_update owner=Qu4k3r policy=\
    read,write,test source="# No-IP automatic Dynamic DNS update\r\
    \n\r\
    \n#--------------- Change Values in this section to match your setup -----\
    -------------\r\
    \n\r\
    \n# No-IP User account info\r\
    \n:local noipuser \"01010101@gmail.com\"\r\
    \n:local noippass \"wwyyzzxxxx\"\r\
    \n\r\
    \n# Set the hostname or label of network to be updated.\r\
    \n# Hostnames with spaces are unsupported. Replace the value in the quotat\
    ions below with your host names.\r\
    \n# To specify multiple hosts, separate them with commas.\r\
    \n:local noiphost \"hostname.no-ip.net\"\r\
    \n\r\
    \n# Change to the name of interface that gets the dynamic IP address\r\
    \n:local inetinterface \"ether1-WAN1-Cantv\"\r\
    \n\r\
    \n#-----------------------------------------------------------------------\
    -------------\r\
    \n# No more changes need\r\
    \n\r\
    \n:global previousIP\r\
    \n\r\
    \n:if ([/interface get \$inetinterface value-name=running]) do={\r\
    \n# Get the current IP on the interface\r\
    \n   :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
    \_disabled=no] address]\r\
    \n\r\
    \n# Strip the net mask off the IP address\r\
    \n   :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
    \n       :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
    \n           :set currentIP [:pick \$currentIP 0 \$i]\r\
    \n       } \r\
    \n   }\r\
    \n\r\
    \n   :if (\$currentIP != \$previousIP) do={\r\
    \n       :log info \"No-IP: Current IP \$currentIP is not equal to previou\
    s IP, update needed\"\r\
    \n       :set previousIP \$currentIP\r\
    \n\r\
    \n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
    red since \? is a special character in commands.\r\
    \n       :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
    entIP\"\r\
    \n       :local noiphostarray\r\
    \n       :set noiphostarray [:toarray \$noiphost]\r\
    \n       :foreach host in=\$noiphostarray do={\r\
    \n           :log info \"No-IP: Sending update for \$host\"\r\
    \n           /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
    r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
    . \".txt\")\r\
    \n           :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
    rentIP\"\r\
    \n       }\r\
    \n   }  else={\r\
    \n       :log info \"No-IP: Previous IP \$previousIP is equal to current I\
    P, no update needed\"\r\
    \n   }\r\
    \n} else={\r\
    \n   :log info \"No-IP: \$inetinterface is not currently running, so there\
    fore will not update.\"\r\
    \n}"
/tool graphing interface
add allow-address=192.168.5.0/24 interface=ether1-WAN1-Cantv store-on-disk=no
add allow-address=192.168.5.0/24 interface=ether2-WAN2-NetUno store-on-disk=\
    no
add allow-address=192.168.5.0/24 interface=bridge-LAN-SW store-on-disk=no
/tool graphing queue
add allow-address=192.168.5.101/32 simple-queue=970Extreme4
add allow-address=192.168.5.101/32 simple-queue=A515-43-R19L_Wi-Fi
add allow-address=192.168.5.101/32 simple-queue=A515-43-R19L_Eth
add allow-address=192.168.5.101/32 simple-queue=UN32EH5300_Eth
add allow-address=192.168.5.101/32 simple-queue=UN32EH5300_Wi-Fi
add allow-address=192.168.5.101/32 simple-queue=Redmi-7A
/tool graphing resource
add allow-address=192.168.5.101/32 store-on-disk=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no

I know you must tag vlans between two switches (or two routers) in order to create a trunk connection. But here I think I didn’t tag vlans at router. In fact I thought would be automatically tagged when created. How / where can I do it?

Also take a picture of your smart switch setups.
I have used multiple managed switches with other vendors and vlans without issue.,
My questions is diid you read this, if not you shoud.
(plus put all the ports not wan ports on the same bridge).
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

If there is a reason to keep one port off the bridge its the last port 5, in case the bridge config blows up on you due to admin error and is no longer accessible.
keeping port 5 and off the bridge and assigned an IP address of 192.168.8.1 for example should allow you to attach a laptop and gain access without having to reset the whole router.

Read the link, then redo your config, at least give it an honest attempt and then will gladly step in and help!!!

You mean a screenshot of the switch config?
Or a picture of how are cables are phisically connected ?

No, I didn’t read that link but I certainly will.

Yes, I put all not wan ports on the same bridge.
Yes, I understand that leave port5 out the bridge as mgmt port in case of emergency is good idea.

I’m on it.

Here are the pics…

Interesting your DLINK is different from mine but I think I see where.
IN the VLAN menu I have a separate selection and the order is put in all the necessary VLAN-IDS in the 802.1q menu entry.
This seems the same for both switches.
When one enters a new VLANID here, it automatically enters in that VLANID in every trunk port that is already assigned, so one has to then remove that vlanID from all trunk ports where that vlan is ntor required. The actual assignments of ports etc, is not done in 802.1q the meat of the work, but is done in my menu selection of VLAN INTERFACE.
I will post my config in pics next. Before I do that I believe that the settings for something similar are ON YOUR 802.1Q page, in the upper RIGHT where it said VID and PVID.
I dont have those. So I will ask you to post a picture of each one of those selections.

So here are my pics which show my 802.1q selection, my VLAN Interface page, and then I will show a TRUNK Port assignment (ether4) and an access port assignment ether3.
..
Pay close attention to ether4, the trunk port and ether3 an access port.

In your case eth4 is a trunk port which means will be tagged on all vlans, however eth3 is an access port which means untagged.

In my case… I dont have trunk nor access port… just tagged, untagged and not member.
Tagged port is used to communicate vlan capable devices each other. (routers, switches, APs, VoIP phones, etc.)
Untagged port is used to allow access to not vlan capable devices, that’s the reason they call it access port

Add VID

PVID Settings

Yup pretty much as expected.
For the second pic…
All trunk ports should be left with the default pVID of 1, all access ports require the pVID of the vlan that port tags traffic coming in and untags traffic going out.

On the top pic, that is where one assigns the tagged or untagged ports.
So pick a vlan, there are two possibilities and you apply that vlan across the available port…
if its an access port for that vlan then assign it as untagged to that port.
if its a trunk port that is supposed to hold that vlan then assign it as a tagged port.

Note

• only only one vlan can be assigned to an access port (untagged)
• multiple vlans can be assigned to a trunk port (tagged)
• a hybrid port if required is possible but only one vlan (untagged) as per the first rule can be assigned to a hybrid port the rest half to be one or more tagged vlans.

Now on the MT router you have decided what is your management vlan.
It can be the home (trusted) vlan or a separate vlan. Whatever is decided that is the subnet that all managed devices such as switches should get an IP from.
So ensure you setup the Ip address of the switch appropriately, I normally static assign it outside the IP pool.
I suppose you can then find the management vlan entry for the DLINK and put in the appropriate vlan ID.
I noted I have done that on my TPLINK switch but for some reason didnt do it on my DLINK.
Unable to change it now as other users are on, but will endeavour to activate that setting as curious to see if it makes any difference, havent needed it thus far LOL.

I finished my reading of Using RouterOS to VLAN your network.
That was a very informative post.
I liked it brings several config files which can be used a templates which teach you a basic example and then you can modify it to suit your needs.
I choosed “switch with a separated router”, in that case all ports of the router are trunk ports, which works fine for me so far.
However I’d like to convert one of the trunk ports into an access port, so I will continue reading another examples to figure out how to do that.

Btw, at DLink switch all vlans were succesfully tagged on port1, removed all ports from vlan1 and created a new base vlan

What your saying makes no sense to me.
I use the words trunk port to state the purpose of the port, to carry vlans that are tagged and heading towards or from other smart devices that can read tags
I use the word access port to state the purpose of the port which is to carry data to devices that cannot read tags, and therefore on that port the switch tags data coming from the dumb device and then untags the data before sending back to the dumb device.

There is no difference from what you are doing than anybody else. Since MT tends to talk in the vernacular of trunk and access port its simply time to learn what that means…