Community discussions

MikroTik App
 
skullzaflare
just joined
Topic Author
Posts: 21
Joined: Tue Apr 12, 2016 12:01 am

New configs not taking after 6.38.7

Fri Apr 20, 2018 6:27 pm

Hey guys i am having issues getting any router to take a rsc after 6.38.7. Anyone else run into this? It will take the config if i c/p into terminal, but reset/load stopped working after 38.7.

This for me is tested on 951, 951g, 962, RBD52, and 952.
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=wan-gateway
set [ find default-name=ether2 ] comment=master-localswitch name=\
    ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface pppoe-client
add add-default-route=yes default-route-distance=1 disabled=no interface=\
    ether1 name=pppoe-out1 password=wwhomerouter use-peer-dns=yes user=\
    wwhomerouter
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge \
    name=wlan2g ssid=wwhomewifi wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
    channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=\
    auto mode=ap-bridge name=wlan5g ssid=wwhomewifi wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=wwhomewifi \
    wpa2-pre-shared-key=wwhomewifi
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.100.10-192.168.100.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d name=defconf
/queue interface
set wlan2g queue=only-hardware-queue
set wlan5g queue=only-hardware-queue
/queue tree
add name=download parent=global queue=pcq-download-default
add name=upload parent=global queue=pcq-upload-default
add name=TCP-download packet-mark=TCP-down parent=download queue=default
add name=UDP-download packet-mark=UDP-down parent=download priority=6 queue=\
    default
add name=TCP-upload packet-mark=TCP-upload parent=upload queue=default
add name=UDP-upload packet-mark=UDP-upload parent=upload priority=6 queue=\
    default
add name=else-download packet-mark=else-download parent=download priority=7 \
    queue=default
add name=else-upload packet-mark=else-upload parent=upload priority=7 queue=\
    default
add name=priority-download packet-mark=priority-download parent=download \
    priority=5 queue=default
add name=priority-upload packet-mark=priority-upload parent=upload priority=5 \
    queue=default
add name=MSFT packet-mark=msft-d parent=download queue=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan2g
add bridge=bridge comment=defconf interface=wlan5g
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.100.1/24 comment=defconf interface=ether2-master network=\
    192.168.100.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.100.0/24 comment=defconf gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=\
    184.170.112.2,184.170.112.3
/ip dns static
add address=192.168.100.1 name=router
add address=184.170.114.133 name=unifi
/ip firewall address-list
add address=23.234.16.0/20 list=blacklist
add address=58.0.0.0-60.255.255.255 list=blacklist
add address=69.197.0.0/18 list=blacklist
add address=77.0.0.0-95.255.255.255 list=blacklist
add address=101.0.0.0-103.255.255.255 list=blacklist
add address=110.0.0.0-126.255.255.255 list=blacklist
add address=144.0.0.0/8 list=blacklist
add address=158.69.152.216/29 list=blacklist
add address=167.114.0.0/16 list=blacklist
add address=174.112.0.0/13 list=blacklist
add address=175.0.0.0-183.255.255.255 list=blacklist
add address=185.0.0.0-191.255.255.255 list=blacklist
add address=193.0.0.0-197.255.255.255 list=blacklist
add address=218.0.0.0-223.255.255.255 list=blacklist
add address=184.170.112.2 list=whitelist
add address=184.170.112.3 list=whitelist
add address=184.170.114.129 list=whitelist
add address=184.170.112.1 list=whitelist
add address=184.170.113.1 list=whitelist
add address=184.170.114.1 list=whitelist
add address=100.100.1.1 list=whitelist
add address=10.10.1.1 list=whitelist
add address=10.10.2.1 list=whitelist
add address=13.64.0.0/11 list=msft
add address=13.96.0.0/13 list=msft
add address=13.104.0.0/14 list=msft
add address=192.42.249.0/24 list=aapl
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward dst-address=192.168.0.0/21 log=yes
add action=drop chain=input comment="drop invalid packets" connection-state=\
    invalid
add action=accept chain=input comment=whitelist src-address-list=whitelist
add action=accept chain=output comment=whitelist dst-address-list=whitelist
add action=drop chain=output comment="drop outbound blacklist" \
    dst-address-list=blacklist src-address=192.168.100.2-192.168.100.254
add action=drop chain=input comment="detect and drop port scan connections" \
    protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=\
    3,32 protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment="detect DoS attack" \
    connection-limit=10,32 protocol=tcp
add action=accept chain=input comment="accept established connection packets" \
    connection-state=established
add action=accept chain=input comment="accept related connection packets" \
    connection-state=related
add action=add-dst-to-address-list address-list=blacklist \
    address-list-timeout=1h chain=output comment="outbound DDoS" \
    connection-limit=100,32 protocol=udp
add action=jump chain=input comment="jump to chain ICMP" jump-target=ICMP \
    protocol=icmp
add action=jump chain=input comment="jump to chain services" jump-target=\
    services
add action=accept chain=input comment="Allow Broadcast Traffic" \
    dst-address-type=broadcast
add action=drop chain=input comment="drop everything else"
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" icmp-options=\
    0:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" icmp-options=\
    3:3 limit=5,5:packet protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" icmp-options=\
    3:4 limit=5,5:packet protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" icmp-options=\
    8:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" \
    icmp-options=11:0-255 limit=5,5:packet protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" protocol=icmp
add action=return chain=ICMP
add action=accept chain=services comment="accept winbox" dst-port=8291 \
    protocol=tcp
add action=accept chain=services comment="accept http" dst-address=\
    192.168.100.0/24 dst-port=80 protocol=tcp
add action=accept chain=services comment="accept localhost" dst-address=\
    127.0.0.1 src-address=127.0.0.1
add action=accept chain=services comment="accept MACwinbox " dst-port=20561 \
    protocol=udp
add action=accept chain=services comment="Bandwidth server" dst-port=2000 \
    protocol=tcp
add action=accept chain=services comment=" MT Discovery Protocol" dst-port=\
    5678 protocol=udp
add action=accept chain=services comment="allow SNMP" disabled=yes dst-port=\
    161 protocol=tcp
add action=accept chain=services comment="Allow NTP" disabled=yes dst-port=\
    123 protocol=udp
add action=drop chain=services comment="deny external DNS request" dst-port=\
    53 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=services comment="deny external request" dst-port=53 \
    in-interface=pppoe-out1 protocol=udp
add action=accept chain=services comment="allow DNS request" dst-port=53 \
    in-interface=!pppoe-out1 protocol=tcp
add action=accept chain=services comment="allow DNS request" dst-port=53 \
    in-interface=!pppoe-out1 protocol=udp
add action=accept chain=services comment=UPnP dst-port=1900 in-interface=\
    !pppoe-out1 protocol=udp
add action=accept chain=services comment=UPnP dst-port=2828 in-interface=\
    !pppoe-out1 protocol=tcp
add action=accept chain=services comment="allow DHCP" disabled=yes dst-port=\
    67-68 protocol=udp
add action=accept chain=services comment="allow IPSec connections" disabled=\
    yes dst-port=500 protocol=udp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=\
    ipsec-esp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=\
    ipsec-ah
add action=return chain=services
/ip firewall mangle
add action=mark-packet chain=forward comment=WWup dst-address-list=whitelist \
    new-packet-mark=priority-upload passthrough=yes
add action=mark-packet chain=forward comment=WWdown new-packet-mark=\
    priority-download passthrough=yes src-address-list=whitelist
add action=mark-packet chain=forward new-packet-mark=msft-d passthrough=no \
    src-address-list=msft
add action=mark-packet chain=forward comment="Download Priority" \
    dst-address-list=priority new-packet-mark=priority-download passthrough=\
    no src-address=!192.168.100.2-192.168.100.254
add action=mark-packet chain=forward comment="Upload Priority" dst-address=\
    !192.168.100.2-192.168.100.254 new-packet-mark=priority-upload \
    passthrough=no src-address-list=priority
add action=mark-packet chain=forward comment="TCP - download" in-interface=\
    pppoe-out1 new-packet-mark=TCP-down passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="UDP - download" in-interface=\
    pppoe-out1 new-packet-mark=UDP-down passthrough=no protocol=udp
add action=mark-packet chain=forward comment=download in-interface=pppoe-out1 \
    new-packet-mark=else-download passthrough=no
add action=mark-packet chain=forward comment=TCP-upload new-packet-mark=\
    TCP-upload out-interface=pppoe-out1 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=UDP-upload new-packet-mark=\
    UDP-upload out-interface=pppoe-out1 passthrough=no protocol=udp
add action=mark-packet chain=forward comment=upload new-packet-mark=\
    else-upload out-interface=pppoe-out1 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out1 to-addresses=\
    0.0.0.0
add action=dst-nat chain=dstnat disabled=yes dst-port=\
    80,443,465,983,3074,3478-3480,3658,5223,6000-7000,9293,10070-10080 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.100.100
add action=dst-nat chain=dstnat disabled=yes dst-port=\
    80,443,465,983,3074,3478-3480,3658,5223,6000-7000,9293,10070-10080 \
    in-interface=pppoe-out1 protocol=udp to-addresses=192.168.100.100
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.100.0/24
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=pppoe-out1 type=external
add interface=ether1 type=external
add interface=wlan2g type=internal
add interface=wlan5g type=internal
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system identity
set name=pppoe.DoThisRight
/system ntp client
set enabled=yes primary-ntp=184.170.112.2 secondary-ntp=184.170.112.3
/system package update
set channel=bugfix
/system scheduler
add name=firmwarecheck-reboot on-event="#### Check for Firmware Update \r\
    \n\r\
    \n   /system routerboard\r\
    \n   :if ( [get current-firmware] != [get upgrade-firmware]) do={ \r\
    \n      ## New version of firmware available, let's upgrade\r\
    \n     \r\
    \n\r\
    \n      upgrade\r\
    \n\r\
    \n      ## Wait for upgrade, then reboot\r\
    \n      :delay 2s;\r\
    \n      /system reboot\r\
    \n   } else={\r\
    \n   :log info (\"No Router HW upgrade found\")\r\
    \n   }\r\
    \n}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
add interface=ether2-master
add interface=ether3
add interface=ether4
add interface=ether5
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
add interface=ether2-master
add interface=ether3
add interface=ether4
add interface=ether5
add interface=wlan2g
add interface=wlan5g

Who is online

Users browsing this forum: No registered users and 8 guests