/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mtu=1500 name=Services speed=1Gbps
set 1 arp=proxy-arp auto-negotiation=no cable-settings=default comment="" disable-running-check=yes disabled=no full-duplex=yes \
mtu=1500 name=Net1 speed=100Mbps
set 2 arp=proxy-arp auto-negotiation=no cable-settings=default comment="" disable-running-check=yes disabled=no full-duplex=yes \
mtu=1500 name=Net2 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" disable-running-check=yes disabled=no full-duplex=yes mac-address=\
mtu=1500 name=Local speed=1Gbps
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/port
set 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default use-compression=default use-encryption=default use-vj-compression=\
default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=100000
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=100000
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 \
red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pfifo name=p2p pfifo-limit=50
set default-small kind=pfifo name=default-small pfifo-limit=100000
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=0/0 max-limit=1M/1M name=rubi parent=none priority=8 queue=default-small/default-small target-addresses=X.X.X.X/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=0/0 max-limit=1M/1M name="Sta Casa Server" parent=none priority=8 queue=default-small/default-small target-addresses=\
X.X.X.X/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=256k/256k max-limit=256k/256k name=p2p p2p=all-p2p parent=none priority=8 queue=p2p/p2p time=\
11h-23h,sun,mon,tue,wed,thu,fri,sat total-queue=p2p
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=upload disabled=no dst-address=0.0.0.0/0 interface=Services \
limit-at=0/0 max-limit=60M/0 name=Mail parent=none priority=8 queue=default-small/default-small target-addresses=X.X.X.X/32 \
total-queue=default-small
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name=default out-filter="" \
redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf instance
set default comment="" disabled=no distribute-default=if-installed-as-type-1 in-filter=ospf-in metric-bgp=0 metric-connected=0 \
metric-default=1 metric-other-ospf=auto metric-rip=0 metric-static=0 name=default out-filter=ospf-out redistribute-bgp=no \
redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no router-id=X.X.X.X
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=backbone type=default
/snmp
set contact="" enabled=yes engine-boots=18 engine-id="" location="" time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set GBsnmp address=X.X.X.X/29 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name=GBsnmp read-access=yes security=none write-access=no
add address=X.X.X.X/25 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES name=\
prtg read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=X.X.X.X:514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=\
remote
/user group
add comment="" name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,!ftp,!write,!policy
add comment="" name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,!ftp,!policy
add comment="" name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=\
FE:C1:FF:75:A5:75 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=\
disabled
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=X.X.126.1/25 comment="" disabled=no interface=Local
add address=X.X.0.1/16 comment="" disabled=no interface=Local
add address=X.X.237.30/30 comment="" disabled=no interface=Net1
add address=X.X.190.249/29 comment="" disabled=no interface=Services
add address=X.X.209.249/29 comment="" disabled=no interface=Services
add address=X.X.145.6/30 comment="" disabled=no interface=Net2
add address=X.X.0.4/16 comment="old slave" disabled=no interface=Local
add address=X.X.126.4/25 comment="old slave" disabled=no interface=Local
add address=X.X.126.5/25 comment="old master" disabled=no interface=Local
add address=X.X.0.183/16 comment="old master" disabled=no interface=Local
add address=X.X.0.23/16 comment="old dude server" disabled=no interface=Local
add address=X.X.0.19/29 comment="old dude server" disabled=no interface=Local
add address=X.X.126.23/25 comment="old dude server" disabled=no interface=Local
add address=X.X.92.129/29 comment="" disabled=no interface=Services
add address=X.X.0.185/29 comment="" disabled=no interface=Local
/ip arp
add address=X.X.237.29 comment="" disabled=no interface=Net1
add address=X.X.145.5 comment="" disabled=no interface=Net2
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=30m cache-size=10000KiB max-udp-packet-size=512 primary-dns=X.X.X.251 secondary-dns=\
X.X.X.250
/ip firewall address-list
add address=X.X.126.0/25 comment="" disabled=no list=net1
add address=X.X.254.0/24 comment="" disabled=no list=net2
add address=X.X.209.0/24 comment="" disabled=no list=net2
add address=X.X.61.72/29 comment="" disabled=no list=net2
add address=X.X.61.88/29 comment="" disabled=no list=net2
add address=X.X.61.128/29 comment="" disabled=no list=net2
add address=X.X.61.176/29 comment="" disabled=no list=net2
add address=X.X.190.0/24 comment="" disabled=no list=net1
add address=X.X.206.0/26 comment="" disabled=no list=net1
add address=X.X.224.168/29 comment="" disabled=no list=net1
add address=X.X.250.192/26 comment="" disabled=no list=net1
add address=X.X.84.128/26 comment="" disabled=no list=net1
add address=X.X.36.176/29 comment="" disabled=no list=net1
add address=X.X.102.112/29 comment="" disabled=no list=net1
add address=X.X.107.128/25 comment="" disabled=no list=net1
add address=X.X.119.144/29 comment="" disabled=no list=net1
add address=X.X.95.0/24 comment="" disabled=no list=net2
add address=X.X.227.0/24 comment="" disabled=no list=net1
add address=X.X.228.0/24 comment="" disabled=no list=net2
add address=X.X.237.28/30 comment="" disabled=no list=net1
add address=X.X.145.4/30 comment="" disabled=no list=net2
add address=X.X.125.0/24 comment="" disabled=no list=net1
add address=X.X.182.0/24 comment="" disabled=no list=net2
add address=X.X.191.0/24 comment="" disabled=no list=net2
add address=X.X.17.0/24 comment="" disabled=no list=net1
add address=X.X.42.0/24 comment="" disabled=no list=net2
add address=X.X.248.0/24 comment="" disabled=no list=net1
add address=X.X.94.0/24 comment="" disabled=no list=net1
add address=X.X.15.0/24 comment="" disabled=no list=net2
add address=X.X.21.0/24 comment="" disabled=no list=net1
add address=X.X.23.0/24 comment="" disabled=no list=net1
add address=X.X.22.0/24 comment="" disabled=no list=net1
add address=X.X.20.0/24 comment="" disabled=no list=net1
add address=X.X.197.0/24 comment="" disabled=no list=net2
add address=X.X.110.0/24 comment="" disabled=no list=net1
add address=X.X.111.0/24 comment="" disabled=no list=net1
add address=X.X.170.0/24 comment="" disabled=no list=net2
add address=X.X.237.28/30 comment="" disabled=no list=lp1
add address=X.X.145.4/30 comment="" disabled=no list=lp2
add address=X.X.104.0/24 comment="" disabled=no list=net1
add address=X.X.105.0/24 comment="" disabled=no list=net1
add address=X.X.153.0/24 comment="" disabled=no list=net2
add address=X.X.88.0/24 comment="" disabled=no list=net2
add address=X.X.90.0/24 comment="" disabled=no list=net2
add address=X.X.91.0/24 comment="" disabled=no list=net2
add address=X.X.89.0/24 comment="" disabled=no list=net2
add address=X.X.92.0/24 comment="" disabled=no list=net1
add address=X.X.93.0/24 comment="" disabled=no list=net1
add address=X.X.94.0/24 comment="" disabled=no list=net1
add address=X.X.95.0/24 comment="" disabled=no list=net1
add address=X.X.21.0/24 comment="" disabled=no list=net1
add address=X.X.152.0/24 comment="" disabled=no list=net2
add address=X.X.209.2 comment="" disabled=no list=allow_ssh
add address=X.X.126.11 comment="" disabled=no list=allow_ssh
add address=X.X.171.182 comment="" disabled=no list=allow_ssh
add address=X.X.227.8/29 comment="" disabled=no list=allow_ssh
add address=X.X.119.144/29 comment="" disabled=no list=allow_ssh
add address=X.X.61.94 comment="" disabled=no list=allow_ssh
add address=X.X.209.34 comment="" disabled=no list=allow_ssh
add address=X.X.209.38 comment="" disabled=no list=allow_ssh
add address=X.X.209.214 comment="" disabled=no list=allow_ssh
add address=X.X.209.162 comment="" disabled=no list=allow_ssh
add address=X.X.190.72 comment="" disabled=no list=allow_ssh
add address=X.X.171.236/30 comment="" disabled=no list=allow_ssh
add address=X.X.171.240/30 comment="" disabled=no list=allow_ssh
add address=X.X.171.178 comment="" disabled=no list=allow_ssh
add address=X.X.190.242 comment="" disabled=no list=allow_ssh
add address=X.X.92.88/29 comment="" disabled=no list=allow_ssh
add address=X.X.90.0/24 comment="" disabled=no list=net2
add address=X.X.91.0/24 comment="" disabled=no list=net2
add address=X.X.92.170 comment="" disabled=no list=allow_ssh
add address=X.X.171.0/24 comment="" disabled=no list=net2
add address=X.X.209.253 comment="" disabled=yes list=allow_ssh
add address=X.X.190.162 comment="" disabled=no list=allow_ssh
add address=X.X.172.0/24 comment="" disabled=no list=net2
add address=X.X.173.0/24 comment="" disabled=no list=net2
add address=X.X.92.72/30 comment="" disabled=no list=allow_ssh
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=dummy_rule comment="SANITY CHECK FOR INPUT AND FORWARD" disabled=no
add action=jump chain=input comment="" disabled=no jump-target=sanity
add action=jump chain=forward comment="" disabled=no jump-target=sanity
add action=drop chain=sanity comment="drop connection state invalid" connection-state=invalid disabled=no
add action=drop chain=sanity comment="drop nocive ports and protocols" disabled=no protocol=tcp src-port=135-139
add action=drop chain=sanity comment="" disabled=no protocol=udp src-port=135-139
add action=drop chain=sanity comment="" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=sanity comment="" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=sanity comment="" disabled=no protocol=tcp src-port=445
add action=drop chain=sanity comment="" disabled=no protocol=udp src-port=445
add action=drop chain=sanity comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=sanity comment="" disabled=no dst-port=445 protocol=udp
add action=drop chain=sanity comment="drop rfc1918 and illegal addresses" disabled=no src-address=0.0.0.0/8
add action=drop chain=sanity comment="" disabled=no dst-address=0.0.0.0/8
add action=drop chain=sanity comment="" disabled=no src-address=10.0.0.0/8
add action=drop chain=sanity comment="" disabled=no dst-address=10.0.0.0/8
add action=drop chain=sanity comment="" disabled=no src-address=127.0.0.0/8
add action=drop chain=sanity comment="" disabled=no dst-address=127.0.0.0/8
add action=return chain=sanity comment="" disabled=no src-address=172.17.0.0/24
add action=return chain=sanity comment="" disabled=no dst-address=172.17.0.0/24
add action=return chain=sanity comment="" disabled=no src-address=172.22.0.0/16
add action=return chain=sanity comment="" disabled=no dst-address=172.22.0.0/16
add action=return chain=sanity comment="" disabled=no src-address=172.25.0.0/24
add action=return chain=sanity comment="" disabled=no dst-address=172.25.0.0/24
add action=drop chain=sanity comment="" disabled=no src-address=172.16.0.0/12
add action=drop chain=sanity comment="" disabled=no dst-address=172.16.0.0/12
add action=drop chain=sanity comment="" disabled=no src-address=192.168.0.0/16
add action=drop chain=sanity comment="" disabled=no dst-address=192.168.0.0/16
add action=drop chain=sanity comment="" disabled=no src-address=169.254.0.0/16
add action=drop chain=sanity comment="" disabled=no dst-address=169.254.0.0/16
add action=drop chain=sanity comment="" disabled=no src-address=255.255.255.255
add action=drop chain=sanity comment="" disabled=no dst-address=255.255.255.255
add action=accept chain=sanity comment="allow ssh for some customers" disabled=no dst-address-list=allow_ssh dst-port=22 protocol=tcp
add action=accept chain=sanity comment="" disabled=no dst-port=22 protocol=tcp src-address-list=allow_ssh
add action=drop chain=sanity comment="drop extern access for ssh" disabled=no dst-port=22 in-interface=Net1 protocol=tcp
add action=drop chain=sanity comment="" disabled=no dst-port=22 in-interface=Net2 protocol=tcp
add action=accept chain=sanity comment="" disabled=no dst-address=X.X.209.253 dst-port=10025 protocol=tcp src-address=X.X.190.248/29
add action=drop chain=sanity comment="" disabled=no dst-address=X.X.209.253 dst-port=10025 protocol=tcp
add action=return chain=sanity comment="" disabled=no
add action=passthrough chain=dummy_rule comment="NET1 NET2 ROUTING AND FORWARD CONTROL" disabled=no
add action=jump chain=forward comment="" disabled=no in-interface=Net1 jump-target=toknown
add action=jump chain=forward comment="" disabled=no in-interface=Net2 jump-target=toknown
add action=jump chain=forward comment="" disabled=no jump-target=fromknown out-interface=Net1
add action=jump chain=forward comment="" disabled=no jump-target=fromknown out-interface=Net2
add action=return chain=toknown comment="" disabled=no dst-address-list=net1
add action=return chain=toknown comment="" disabled=no dst-address-list=net2
add action=drop chain=toknown comment="" disabled=no
add action=return chain=fromknown comment="" disabled=no dst-address-list=lp1 src-address-list=net1
add action=return chain=fromknown comment="" disabled=no dst-address-list=lp1 src-address-list=net2
add action=return chain=fromknown comment="" disabled=no dst-address-list=lp2 src-address-list=net1
add action=return chain=fromknown comment="" disabled=no dst-address-list=lp2 src-address-list=net2
add action=drop chain=fromknown comment="" disabled=no dst-address-list=net1 src-address-list=net1
add action=drop chain=fromknown comment="" disabled=no dst-address-list=net2 src-address-list=net1
add action=drop chain=fromknown comment="" disabled=no dst-address-list=net1 src-address-list=net2
add action=drop chain=fromknown comment="" disabled=no dst-address-list=net2 src-address-list=net2
add action=return chain=fromknown comment="" disabled=no src-address-list=net1
add action=return chain=fromknown comment="" disabled=no src-address-list=net2
add action=drop chain=fromknown comment="" disabled=no
/ip firewall mangle
add action=jump chain=prerouting comment="" disabled=no jump-target=routes src-address-list=net1
add action=jump chain=prerouting comment="" disabled=no jump-target=routes src-address-list=net2
add action=return chain=routes comment="" disabled=no dst-address=172.22.0.0/16 in-interface=Services
add action=return chain=routes comment="" disabled=no dst-address=172.25.0.0/24 in-interface=Services
add action=return chain=routes comment="" disabled=no dst-address=172.17.0.0/24 in-interface=Services
add action=return chain=routes comment="" disabled=no dst-address-list=net1 src-address-list=net2
add action=return chain=routes comment="" disabled=no dst-address-list=net2 src-address-list=net1
add action=return chain=routes comment="" disabled=no dst-address-list=net1 src-address-list=net1
add action=return chain=routes comment="" disabled=no dst-address-list=net2 src-address-list=net2
add action=mark-routing chain=routes comment="" disabled=no new-routing-mark=to_net1 passthrough=yes src-address-list=net1
add action=mark-routing chain=routes comment="" disabled=no new-routing-mark=to_net2 passthrough=yes src-address-list=net2
add action=return chain=routes comment="" disabled=no
add action=mark-routing chain=output comment="regras para responder corretamente trace externo" disabled=no new-routing-mark=to_net1 \
out-interface=Net1 passthrough=no src-address=X.X.237.30
add action=mark-routing chain=output comment="" disabled=no new-routing-mark=to_net2 out-interface=Net2 passthrough=no src-address=\
X.X.145.6
/ip firewall nat
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.190.251 dst-port=1812 log-prefix="" protocol=udp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.190.251 dst-port=1812 protocol=udp to-addresses=X.X.209.254 \
to-ports=1812
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.190.251 dst-port=1813 log-prefix="" protocol=udp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.190.251 dst-port=1813 protocol=udp to-addresses=X.X.209.254 \
to-ports=1813
add action=log chain=srcnat comment="GBsnmp do master (cacti\?)" disabled=yes dst-address=172.22.0.0/16 log-prefix="" src-address=\
X.X.190.251
add action=src-nat chain=srcnat comment="GBsnmp do master (cacti\?)" disabled=no dst-address=172.22.0.0/16 src-address=X.X.190.251 \
to-addresses=172.22.0.183
add action=log chain=srcnat comment="" disabled=yes dst-address-list=net1 dst-port=161 log-prefix="" protocol=udp src-address=\
X.X.190.251
add action=src-nat chain=srcnat comment="" disabled=no dst-address-list=net1 dst-port=161 protocol=udp src-address=X.X.190.251 \
to-addresses=X.X.126.5
add action=log chain=srcnat comment="" disabled=yes dst-address-list=net2 dst-port=161 log-prefix="" protocol=udp src-address=\
X.X.190.251
add action=src-nat chain=srcnat comment="" disabled=no dst-address-list=net2 dst-port=161 protocol=udp src-address=X.X.190.251 \
to-addresses=X.X.126.5
add action=log chain=srcnat comment="" disabled=yes dst-address=172.22.0.0/16 log-prefix="" src-address=X.X.190.252
add action=src-nat chain=srcnat comment="" disabled=no dst-address=172.22.0.0/16 src-address=X.X.190.252 to-addresses=172.22.0.23
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.126.23 log-prefix=""
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.126.23 to-addresses=X.X.190.252
add action=log chain=dstnat comment="" disabled=yes dst-address=172.22.0.23 log-prefix=""
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=172.22.0.23 to-addresses=X.X.190.252
add action=log chain=srcnat comment="GBsnmp NET1" disabled=yes dst-address-list=net1 dst-port=161 log-prefix="" protocol=udp src-address=\
X.X.190.252
add action=src-nat chain=srcnat comment="GBsnmp NET1" disabled=no dst-address-list=net1 dst-port=161 protocol=udp src-address=\
X.X.190.252 to-addresses=X.X.126.23
add action=log chain=srcnat comment="GBsnmp NET2" disabled=yes dst-address-list=net2 dst-port=161 log-prefix="" protocol=udp src-address=\
X.X.190.252
add action=src-nat chain=srcnat comment="GBsnmp NET2" disabled=no dst-address-list=net2 dst-port=161 protocol=udp src-address=\
X.X.190.252 to-addresses=X.X.126.23
add action=log chain=srcnat comment="" disabled=yes dst-address=172.25.0.32/30 log-prefix="" src-address=X.X.190.252
add action=src-nat chain=srcnat comment="" disabled=no dst-address=172.25.0.32/30 src-address=X.X.190.252 to-addresses=172.22.0.23
add action=log chain=srcnat comment="" disabled=yes dst-address=172.25.0.184/29 log-prefix="" src-address=X.X.190.252
add action=src-nat chain=srcnat comment="" disabled=no dst-address=172.25.0.184/29 src-address=X.X.190.252 to-addresses=172.25.0.185
add action=log chain=srcnat comment="" disabled=yes dst-address=172.25.0.0/24 log-prefix="" src-address=X.X.190.252
add action=src-nat chain=srcnat comment="" disabled=no dst-address=172.25.0.0/24 src-address=X.X.190.252 to-addresses=X.X.126.23
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.190.251 dst-port=25 log-prefix="" protocol=tcp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.190.251 dst-port=25 protocol=tcp to-addresses=X.X.209.253 \
to-ports=25
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.190.250 dst-port=25 log-prefix="" protocol=tcp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.190.250 dst-port=25 protocol=tcp to-addresses=X.X.209.253 \
to-ports=25
add action=log chain=dstnat comment="" disabled=yes dst-address=172.22.0.4 dst-port=25 log-prefix="" protocol=tcp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=172.22.0.4 dst-port=25 protocol=tcp to-addresses=X.X.209.253 \
to-ports=25
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.126.4 dst-port=25 log-prefix="" protocol=tcp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.126.4 dst-port=25 protocol=tcp to-addresses=X.X.209.253 \
to-ports=25
add action=log chain=dstnat comment="" disabled=yes dst-address=X.X.126.5 dst-port=25 log-prefix="" protocol=tcp
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.126.5 dst-port=25 protocol=tcp to-addresses=X.X.209.253 \
to-ports=25
add action=add-src-to-address-list address-list=remanejar address-list-timeout=0s chain=dstnat comment="" disabled=yes dst-address=\
X.X.126.4
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.126.4 to-addresses=X.X.190.250
add action=add-src-to-address-list address-list=remanejar address-list-timeout=0s chain=dstnat comment="" disabled=yes dst-address=\
X.X.126.5
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=X.X.126.5 to-addresses=X.X.190.251
add action=log chain=dstnat comment="" disabled=yes dst-address=172.22.0.4 log-prefix=""
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=172.22.0.4 to-addresses=X.X.190.250
add action=log chain=dstnat comment="nat TecSys COPS" disabled=yes dst-address=X.X.126.105 log-prefix=""
add action=dst-nat chain=dstnat comment="nat TecSys COPS" disabled=no dst-address=X.X.126.105 to-addresses=X.X.171.74
add action=dst-nat chain=dstnat comment="Contingencia DNS" disabled=yes dst-port=53 in-interface=Local protocol=udp to-addresses=\
X.X.209.254 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=53 in-interface=Local protocol=tcp to-addresses=X.X.209.254 to-ports=53
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set Services discover=yes
set Net1 discover=no
set Net2 discover=no
set Local discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 \
serialize-connections=no src-address=0.0.0.0
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=X.X.237.29 routing-mark=to_net1 scope=30 \
target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=X.X.145.5 routing-mark=to_net2 scope=30 \
target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=X.X.237.29,X.X.145.5 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=X.X.126.3/32 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=yes port=2200
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set Services queue=ethernet-default
set Net1 queue=ethernet-default
set Net2 queue=ethernet-default
set Local queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf interface
add authentication=none authentication-key="" authentication-key-id=1 comment="" cost=10 dead-interval=40s disabled=no hello-interval=10s \
instance-id=0 interface=Local network-type=broadcast passive=no priority=2 retransmit-interval=5s transmit-delay=1s
/routing ospf network
add area=backbone comment="" disabled=no network=X.X.126.0/25
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 \
redistribute-bgp=no redistribute-connected=no redistribute-ospf=no redistribute-static=no routing-table=main timeout-timer=3m \
update-timer=30s
/store
add comment="" disabled=no disk=sata1 name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=America/Sao_Paulo
/system clock manual
set dst-delta=+01:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/2025 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
set [ find vcno=1 ] disabled=no term=linux
set [ find vcno=2 ] disabled=no term=linux
set [ find vcno=3 ] disabled=no term=linux
set [ find vcno=4 ] disabled=no term=linux
set [ find vcno=5 ] disabled=no term=linux
set [ find vcno=6 ] disabled=no term=linux
set [ find vcno=7 ] disabled=no term=linux
set [ find vcno=8 ] disabled=no term=linux
/system console screen
set line-count=25
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=GBROUTER
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=remote disabled=no prefix=GBROUTER topics=info
add action=remote disabled=no prefix=GBROUTER topics=error
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=200.189.40.8 secondary-ntp=200.160.0.8
/system ntp server
set broadcast=yes enabled=yes manycast=yes multicast=yes
/system scheduler
add comment="" disabled=no interval=1d name=backup on-event=backup policy=read,write,test start-date=jan/01/1970 start-time=00:00:00
/system script
add name=backup policy=ftp,reboot,read,write,policy,test,winbox,password,sniff source=":log info \"Iniciando procedimento de backup por e-ma\
il...\"\r\
\n/export file=everything\r\
\n/tool e-mail send from=
backup@gbm.srv.br to=
backup@gbm.srv.br server=X.X.209.253 subject=([/system identity get name] . \" \" . [/s\
ystem clock get date] . \" \" . [/system clock get time] . \" SYS_BKP\") body=(\"Backup geral deste sistema...\") file=everything.rsc\r\
\n:log info \"Backup por e-mail realizado com sucesso...\"\r\
\n"
add name=daily-conficker-list policy=ftp,reboot,read,write,policy,test,winbox,password,sniff source=":local date [/system clock get date]\r\
\n:local month [:pick \$date 0 3]\r\
\n:local day [:pick \$date 4 6]\r\
\n:local year [:pick \$date 7 11]\r\
\n\r\
\n#set month to numerical value\r\
\n:if ([\$month] = \"jan\") do={ :set month \"01\" }\r\
\n:if ([\$month] = \"feb\") do={ :set month \"02\" }\r\
\n:if ([\$month] = \"mar\") do={ :set month \"03\" }\r\
\n:if ([\$month] = \"apr\") do={ :set month \"04\" }\r\
\n:if ([\$month] = \"may\") do={ :set month \"05\" }\r\
\n:if ([\$month] = \"jun\") do={ :set month \"06\" }\r\
\n:if ([\$month] = \"jul\") do={ :set month \"07\" }\r\
\n:if ([\$month] = \"aug\") do={ :set month \"08\" }\r\
\n:if ([\$month] = \"sep\") do={ :set month \"09\" }\r\
\n:if ([\$month] = \"oct\") do={ :set month \"10\" }\r\
\n:if ([\$month] = \"nov\") do={ :set month \"11\" }\r\
\n:if ([\$month] = \"dec\") do={ :set month \"12\" }\r\
\n\r\
\n#download current days domain list\r\
\n/tool fetch address=
www.epicwinrar.com host=
www.epicwinrar.com mode=http src-path=\"conficker/\$month-\$day-\$year.txt\"\r\
\n:log info \"Download Complete\"\r\
\n:delay 2\r\
\n\r\
\n#check to ensure todays file exists before deleting yesterdays list\r\
\n:log info \"Begining Address List Modification\"\r\
\n:if ( [/file get [/file find name=\"\$month-\$day-\$year.txt\"] size] > 0 ) do={\r\
\n\r\
\n /ip firewall address-list remove [/ip firewall address-list find list=daily-conficker]\r\
\n\r\
\n :local content [/file get [/file find name=\"\$month-\$day-\$year.txt\"] contents] ;\r\
\n :local contentLen [ :len \$content ] ;\r\
\n\r\
\n :local lineEnd 0;\r\
\n :local line \"\";\r\
\n :local lastEnd 0;\r\
\n\r\
\n :do {\r\
\n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
\n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
\n :set lastEnd ( \$lineEnd + 1 ) ;\r\
\n\r\
\n#resolve each new line and add to the address list daily-conficker. updated to list domain as comment\r\
\n :if ( [:pick \$line 0 1] != \"\\n\" ) do={\r\
\n :local entry [:pick \$line 0 (\$lineEnd ) ]\r\
\n :if ( [:len \$entry ] > 0 ) do={\r\
\n\t :local listip [:resolve \"\$entry\"]\r\
\n :if (\$listip != \"failure\" ) do={\r\
\n /ip firewall address-list add list=daily-conficker address=\$listip comment=\$entry\r\
\n :log info \"\$listip\"\r\
\n }\r\
\n } \r\
\n }\r\
\n } while (\$lineEnd < \$contentLen)\r\
\n}\r\
\n:log info \"Address List Modification Complete\"\r\
\n#cleaning up\r\
\n/file remove \"\$month-\$day-\$year.txt\"\r\
\n"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=no enabled=yes max-sessions=10
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=X.X.126.3/32 disabled=no interface=all store-on-disk=no
/tool graphing queue
add allow-address=X.X.126.3/32 allow-target=no disabled=no simple-queue=all store-on-disk=no
/tool graphing resource
add allow-address=X.X.126.3/32 disabled=no store-on-disk=no
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535 filter-protocol=all-frames \
filter-stream=yes interface=Net2 memory-limit=10 memory-scroll=no only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no