# jul/11/2021 07:36:37 by RouterOS 7.1beta6
# software id = 8DD5-P647
#
# model = RBD53G-5HacD2HnD
# serial number = C8CA0CB0B626
/interface bridge
add admin-mac=48:8F:5A:11:24:D8 auto-mac=no comment=defconf name=bridge \
protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
australia disabled=no distance=indoors installation=indoor \
keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled \
multicast-helper=full ssid=LIBERTY station-roaming=enabled \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-onlyac \
channel-width=20/40/80mhz-Ceee country=australia disabled=no distance=\
indoors frequency=auto installation=indoor keepalive-frames=disabled \
mode=ap-bridge multicast-buffering=disabled multicast-helper=full ssid=\
LIBERTY_AC station-roaming=enabled wireless-protocol=802.11 wmm-support=\
enabled
add disabled=no mac-address=4A:8F:5A:11:24:DE master-interface=wlan1 \
multicast-helper=full name=wlan3 ssid=ESPHOME wds-default-bridge=bridge \
wps-mode=disabled
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ether1 name=\
pppoe-out1 password=xxxxxxxxxx use-peer-dns=yes user=\
xxxxxxxxxx@wba.nbnonline.com.au
/interface lte
set [ find ] allow-roaming=no band="" disabled=yes name=lte1 network-mode=lte
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1 private-key=\
"xxxxxxxxxx"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=ltebroadband ip-type=ipv4 name=optus \
use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik \
wpa-pre-shared-key=xxxxxxxxxx wpa2-pre-shared-key=\
xxxxxxxxxx
add authentication-types=wpa2-psk group-key-update=1h management-protection=\
allowed mode=dynamic-keys name=guest supplicant-identity=MikroTik \
wpa2-pre-shared-key=xxxxxxxxxx
/interface wireless
add disabled=no mac-address=4A:8F:5A:11:24:DD master-interface=wlan1 name=\
wlan4 security-profile=guest ssid=LIBERTY_GUEST wds-default-bridge=bridge \
wps-mode=disabled
/ip pool
add name=home-pool ranges=192.168.10.11-192.168.10.254
/ip dhcp-server
add address-pool=home-pool disabled=no interface=bridge lease-script=":local s\
criptName \"dhcp2dns\"\
\n:do {\
\n :log info \"DHCP CLIENT: \$\"lease-hostname\"\";\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC;\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };" lease-time=5m name=home-dhcp
/port
set 0 name=serial0
/ppp profile
set *0 use-ipv6=no
/system logging action
set 1 disk-file-count=10 disk-file-name=disk1/log disk-lines-per-file=4096
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=wlan3
add bridge=bridge interface=wlan4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=lte1 list=WAN
add interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface wireguard peers
add allowed-address=10.20.0.100/32 comment=xxxxxxxxxx interface=wireguard1 \
persistent-keepalive=25s preshared-key=\
"xxxxxxxxxx" public-key=\
"xxxxxxxxxx"
add allowed-address=10.20.0.101/32 comment=xxxxxxxxxx interface=wireguard1 \
persistent-keepalive=25s preshared-key=\
"xxxxxxxxxx" public-key=\
"xxxxxxxxxx"
/ip address
add address=192.168.10.1/24 interface=bridge network=192.168.10.0
add address=10.20.0.1/24 interface=wireguard1 network=10.20.0.0
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
/ip dhcp-server lease
add address=192.168.10.100 client-id=1:ac:bc:32:d6:60:af mac-address=\
AC:BC:32:D6:60:AF server=home-dhcp
add address=192.168.10.20 client-id=1:28:cf:e9:f:e0:43 mac-address=\
28:CF:E9:0F:E0:43 server=home-dhcp
add address=192.168.10.10 mac-address=00:15:17:72:6A:C8 server=home-dhcp
add address=192.168.10.3 mac-address=DC:A6:32:51:0A:F9 server=home-dhcp
add address=192.168.10.12 client-id=\
ff:27:20:b5:28:0:1:0:1:28:3b:c4:68:8:0:27:3b:bc:71 mac-address=\
08:00:27:20:B5:28 server=home-dhcp
add address=192.168.10.24 mac-address=D8:F1:5B:B6:4B:D3 server=home-dhcp
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 domain=home gateway=\
192.168.10.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip firewall address-list
add address=192.168.10.11-192.168.10.255 list=lan_clients
add address=192.168.10.100 list=support
add address=192.168.200.10 list=support
add address=192.168.200.11 list=support
add address=10.20.0.100 list=support
add address=10.20.0.101 list=support
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="wireguard accept" dst-port=13231 \
in-interface=pppoe-out1 protocol=udp
add action=accept chain=input comment="wireguard accept http/https" dst-port=\
80,443 in-interface=wireguard1 protocol=tcp
add action=accept chain=input comment="wireguard accept dns" dst-port=53 \
in-interface=wireguard1 protocol=udp
add action=accept chain=input comment="wireguard accept ssh" dst-port=22 \
in-interface=wireguard1 protocol=tcp
add action=accept chain=input comment="wireguard accept winbox" dst-port=8291 \
in-interface=wireguard1 protocol=tcp
add action=accept chain=forward comment="wireguard accept to lan" disabled=\
yes in-interface=wireguard1 in-interface-list=LAN
add action=accept chain=forward in-interface=wireguard1 out-interface-list=\
WAN
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=!support
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
src-address-list="port scanners"
add action=accept chain=forward comment="HA SSL" disabled=yes dst-port=443 \
in-interface=pppoe-out1 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN log=yes log-prefix=FW-DROP
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-ttl chain=postrouting new-ttl=set:65 out-interface=lte1 \
passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=";;; force DNS" disabled=yes \
dst-address=!192.168.10.2 dst-port=53 in-interface=bridge protocol=udp \
src-address=!192.168.10.2 src-address-list=!support to-addresses=\
192.168.10.2
add action=masquerade chain=srcnat comment=";;; force DNS" disabled=yes \
dst-address=192.168.10.2 dst-port=53 protocol=udp src-address=\
192.168.10.0/24 src-address-list=!support
add action=masquerade chain=srcnat disabled=yes dst-address=10.0.0.0/24 \
out-interface=ether1
add action=dst-nat chain=dstnat dst-port=443 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.10.12 to-ports=443
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/routing rule
add action=lookup disabled=no interface=lte1 table=main
/system clock
set time-zone-name=Australia/Sydney
/system identity
set name=router01
/system logging
set 0 disabled=yes
add action=disk topics=critical
add action=disk topics=error
add action=disk disabled=yes topics=info
add action=disk topics=warning
add action=disk disabled=yes topics=dhcp
add disabled=yes topics=dhcp
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=27.124.125.251
add address=13.55.50.68
/system package update
set channel=development
/system routerboard settings
set cpu-frequency=auto
/system routerboard mode-button
set enabled=yes on-event=dark_mode
/system scheduler
add interval=5m name=update_ddns on-event=update_ddns policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=update_ntp on-event=update_ntp policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/01/1970 start-time=00:02:00
add name=router_reboot_report on-event=\
":delay 30\
\n/system script run router_reboot_report" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=26w3d name=update_certs on-event=update_certs policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/01/1970 start-time=00:00:00
add interval=1d name=email_backup on-event=email_backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/01/1970 start-time=00:03:00
add name="Lock LTE cell" on-event=":delay 30\
\n/interface/lte/at-chat lte1 input=\"at+qnwlock=\\\"common/4g\\\",2,1725,\
74,38770,74\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add dont-require-permissions=no name=dark_mode owner=*sys policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\
\n /system leds settings set all-leds-off=immediate \
\n } else={\
\n /system leds settings set all-leds-off=never \
\n }\
\n "
add dont-require-permissions=no name=update_ntp owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local ntpServer \"au.pool.ntp.org\"\
\n:local primary [resolve \$ntpServer]\
\n:local secondary [resolve \$ntpServer]\
\n\
\n/system ntp client set primary-ntp \$primary\
\n/system ntp client set secondary-ntp \$secondary\
\n\
\n:local ntpenabled [/system ntp client get enabled]\
\n\
\n/system ntp client\
\n:if (!\$ntpenabled) do={\
\n set enabled=\"yes\"\
\n}"
add dont-require-permissions=no name=router_reboot_report owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
delay 1\
\n\
\n:local reportBody \"\"\
\n\
\n:local deviceName [/system identity get name]\
\n:local deviceDate [/system clock get date]\
\n:local deviceTime [/system clock get time]\
\n:local hwModel [/system routerboard get model]\
\n:local currentFirmware [/system routerboard get current-firmware]\
\n:local upgradeFirmware [/system routerboard get upgrade-firmware]\
\n\
\n:set reportBody (\$reportBody . \"Router Reboot Report for \$deviceName\
\\n\")\
\n:set reportBody (\$reportBody . \"Report generated on \$deviceDate at \$\
deviceTime\\n\\n\")\
\n:set reportBody (\$reportBody . \"Hardware Model: \$hwModel\\n\")\
\n:set reportBody (\$reportBody . \"Current Firmware: \$currentFirmware\\n\
\")\
\n:set reportBody (\$reportBody . \"Upgrade Firmware: \$upgradeFirmware\")\
\n\
\n:set reportBody (\$reportBody . \"\\n\\n=== Critical Log Events ===\\n\\\
n\" )\
\n\
\n:local x\
\n:local ts\
\n:local msg\
\nforeach i in=([/log find where topics~\"critical\"]) do={\
\n:set \$ts [/log get \$i time]\
\n:set \$msg [/log get \$i message]\
\n:set \$reportBody (\$reportBody . \$ts . \" \" . \$msg . \"\\n\" )\
\n}\
\n\
\n:set reportBody (\$reportBody . \"\\n=== End of report ===\\n\")\
\n\
\n/tool e-mail send subject=\"[\$deviceName] Router Reboot Report\" to=\"xxxxxxxxxx@gmail.com\" body=\$reportBody\
\n"
add dont-require-permissions=no name=update_certs owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
\n :do {\
\n /tool fetch url=https://mkcert.org/generate/ check-certificate=yes\
\_dst-path=cacert.pem;\
\n /certificate remove [ find where authority expired ];\
\n /certificate import file-name=cacert.pem passphrase=\"\";\
\n /file remove cacert.pem;\
\n } on-error={\
\n :log error (\"Failed to update certificate trust store\");\
\n };\
\n}"
add dont-require-permissions=no name=email_backup owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local emailSubject\
\n:local emailBody\
\n:local deviceName [/system identity get name]\
\n:local hwModel [/system routerboard get model]\
\n:local currentFirmware [/system routerboard get current-firmware]\
\n\
\n:set emailSubject (\"Mikrotik Backup - \" . \$deviceName)\
\n:set emailBody (\$emailBody . \"Model: \" . \$hwModel . \"\\n\")\
\n:set emailBody (\$emailBody . \"Current Firmware: \" . \$currentFirmware\
\_. \"\\n\")\
\n\
\n\
\n/system backup save name=router01 dont-encrypt=yes password=xxxxxxxxxx\
\n\
\n/tool e-mail send to=\"xxxxxxxxxx@gmail.com\" subject=\$emailSubject bo\
dy=\$emailBody file=\"router01.backup\"\
\n\
\n:log info \"Backup e-mail sent\""
add dont-require-permissions=no name=reboot owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
/system/reboot
add dont-require-permissions=no name=dhcp2dns owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_DNS TTL to set for DNS entries\
\n:local dnsttl \"00:15:00\";\
\n\
\n###\
\n# Script entry point\
\n#\
\n# Expected environment variables:\
\n# leaseBound 1 = lease bound, 0 = lease removed\
\n# leaseServerName Name of DHCP server\
\n# leaseActIP IP address of DHCP client\
\n# leaseActMAC MAC address of DHCP client\
\n# leaseHostname Client hostname\
\n###\
\n\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\
\n:local ip2Host do=\\\
\n{\
\n :local outStr\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\
\n {\
\n :local tmp [:pick \$inStr \$i];\
\n :if (\$tmp =\".\") do=\\\
\n {\
\n :set tmp \"-\"\
\n }\
\n :set outStr (\$outStr . \$tmp)\
\n }\
\n :return \$outStr\
\n}\
\n\
\n:local mapHostName do={\
\n# param: name\
\n# max length = 63\
\n# allowed chars a-z,0-9,-,_\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-_\";\
\n :local numChars [:len \$name];\
\n :if (\$numChars > 63) do={:set numChars 63};\
\n :local result \"\";\
\n\
\n :for i from=0 to=(\$numChars - 1) do={\
\n :local char [:pick \$name \$i];\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\
\n :set result (\$result . \$char);\
\n }\
\n :return \$result;\
\n}\
\n\
\n:local lowerCase do={\
\n# param: entry\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\
\n :local result \"\";\
\n :for i from=0 to=([:len \$entry] - 1) do={\
\n :local char [:pick \$entry \$i];\
\n :local pos [:find \$upper \$char];\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\
\n :set result (\$result . \$char);\
\n }\
\n :return \$result;\
\n}\
\n\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\
\n\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\
\n{\
\n :log error \"\$LogPrefix: empty lease address\"\
\n :error \"empty lease address\"\
\n}\
\n\
\n:if ( \$leaseBound = 1 ) do=\\\
\n{\
\n # new DHCP lease added\
\n /ip dhcp-server\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\
\n network\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\
\n\
\n :local hostname [/ip dhcp-server lease get value-name=host-name [find \
mac-address=\$leaseActMAC and server=\$leaseServerName]]\
\n #:local hostname=\$leaseHostname\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\";\
\n\
\n #Hostname cleanup\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\
\n {\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\
\n }\
\n :set hostname [\$lowerCase entry=\$hostname]\
\n :set hostname [\$mapHostName name=\$hostname]\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\
\n\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\
\n {\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\
\n :error \"Empty domainname for '\$leaseActIP'\"\
\n }\
\n\
\n :local fqdn (\$hostname . \".\" . \$domain)\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\
\n\
\n :if ([/ip dhcp-server lease get [find mac-address=\$leaseActMAC and \
server=\$leaseServerName]]) do={\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\
\n :do {\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\
\n }\
\n\
\n} else={\
\n# DHCP lease removed\
\n /ip dns static remove [find comment=\$token];\
\n}"
/system watchdog
set watchdog-timer=no
/tool e-mail
set address=smtp.gmail.com from=router@homenet password=xxxxxxxxxx \
port=587 tls=starttls user=xxxxxxxxxx@gmail.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sms
set allowed-number=+xxxxxxxxxx auto-erase=yes port=lte1 receive-enabled=yes \
secret=12345
/tool sniffer
set filter-interface=wireguard1 memory-limit=1024KiB streaming-enabled=yes \
streaming-server=192.168.10.100