# sep/16/2022 18:43:01 by RouterOS 7.6beta6
# software id = 5QPU-AP8A
#
# model = RB3011UiAS
# serial number = <CENSORED>
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=Tikimyki
/system package update
set channel=development
/system scheduler
add comment=p0p.ddns.net disabled=yes interval=30s name=NO-IP on-event=\
p0p.ddns.net policy=read,write,test start-date=apr/21/2021 start-time=\
09:46:44
add comment=andomor.ddns.net disabled=yes interval=35s name=NO-IP on-event=\
andomor.ddns.net policy=read,write,policy,test start-time=startup
add comment=ALLDDNS disabled=yes interval=10m name=NO-IP on-event=ALLDDNS \
policy=read,write,test start-time=startup
add name=startup-beep on-event="Startup: Super Mario Bros" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
/system script
add dont-require-permissions=no name=andomor.ddns.net owner=admin policy=\
read,write,test source="# No-IP automatic Dynamic DNS update\r\
\n\r\
\n#--------------- Change Values in this section to match your setup -----\
-------------\r\
\n\r\
\n# No-IP User account info\r\
\n:local noipuser \"<CENSORED>\"\r\
\n:local noippass \"<CENSORED>\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noiphost \"<CENSORED>.ddns.net\"\r\
\n\r\
\n# Change to the name of interface that gets the dynamic IP address\r\
\n:local inetinterface \"pppoe-out2\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
-------------\r\
\n# No more changes need\r\
\n\r\
\n:global previousIP\r\
\n\r\
\n:if ([/interface get \$inetinterface value-name=running]) do={\r\
\n# Get the current IP on the interface\r\
\n :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
\_disabled=no] address]\r\
\n\r\
\n# Strip the net mask off the IP address\r\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
\n :set currentIP [:pick \$currentIP 0 \$i]\r\
\n } \r\
\n }\r\
\n\r\
\n :if (\$currentIP != \$previousIP) do={\r\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previou\
s IP, update needed\"\r\
\n :set previousIP \$currentIP\r\
\n\r\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\r\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
entIP\"\r\
\n :local noiphostarray\r\
\n :set noiphostarray [:toarray \$noiphost]\r\
\n :foreach host in=\$noiphostarray do={\r\
\n :log info \"No-IP: Sending update for \$host\"\r\
\n /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
. \".txt\")\r\
\n :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
rentIP\"\r\
\n }\r\
\n } else={\r\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current I\
P, no update needed\"\r\
\n }\r\
\n} else={\r\
\n :log info \"No-IP: \$inetinterface is not currently running, so there\
fore will not update.\"\r\
\n}"
add dont-require-permissions=no name=owncloud owner=adminnt policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="s\
udo nano /etc/lighttpd/lighttpd.conf\r\
\n\r\
\nsudo nano /var/www/owncloud/config/config.php\r\
\n\r\
\n/system ssh 192.168.1.31 user=<CENSORED>\r\
\n<CENSORED>\r\
\nhttps://www.avoiderrors.com/install-owncloud-on-raspberry-pi-4-2/\r\
\nSetup USB HDD to owncloud\r\
\n\r\
\n\r\
\n######overclock debian#########\r\
\nsudo nano /boot/config.txt \r\
\n#napiecie\r\
\nover_voltage=-2\r\
\n#max arm\r\
\narm_freq=1500\r\
\n#minimum arm\r\
\ncore_freq=500\r\
\ngpu-freq=600\r\
\n\r\
\narm_freq=2200\r\
\ngpu_freq=750\r\
\nover_voltage=6\r\
\n\r\
\n###################\r\
\novervoltage ubuntu\r\
\n\r\
\nsudo nano /boot/firmware/config.txt\r\
\nsudo nano /boot/config.txt\r\
\n\r\
\n\r\
\n##########check linux version########\r\
\ncat /etc/*release\r\
\n#######################OMV\r\
\n/system ssh 192.168.1.10 user=<CENSORED>\r\
\n\r\
\npass <CENSORED>\r\
\n########################\r\
\n\r\
\n\r\
\n\r\
\n/var/www/lighttpd.html\r\
\nstrona glowna \r\
\n\r\
\nsudo su - strona glowna powrot"
add dont-require-permissions=no name=igor owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="H\
ello Igor\r\
\nHello Hermanto\r\
\n\r\
\nIm a tester gaming/software in Aster with many year experience\r\
\n\r\
\nBefore start typing about games. Some hardware requirements need to be a\
complish depend of pc power (what license for computer/how many workstatio\
n per PC) like USB HUB with Active power(for many workstation recomend usb\
3.0), USB music cards\r\
\nThe entire proces of configuring the Aster its simple like drag and drop\
\_device to each workstation.\r\
\nGaming.\r\
\nFor counter stike GO -\r\
\nhttps://www.youtube.com/watch\?v=KAGogEKn_pg\r\
\nIts a non steam version\r\
\nAfter correct config IP in aster which we can provide tutorial how its e\
xactly need to be done step by step\r\
\nYou can easily play this game on the maximum number of workstations we p\
rovide which is 12\r\
\nFor each workstation, I recommend 2 processor cores that can be set rigi\
dly in Aster + SSD + GTX1080ti \r\
\nWe cant provide exactly parametrs of computer becaouse each game provide\
\_diffrent requirements and its depend how many Workstation will you put t\
o each computer.\r\
\nSo the limit of \"how many games we can launch on Aster\" its only depen\
d how powerfull PC we got\r\
\n\r\
\nIn some cases we can also install game again on diffrent SSD/HDD so for \
example 4 user Run the game from C drive SSD other 4 from D SSD - if we wa\
nt to load games quickly and smoothly, with a large number of users.\r\
\nPlease keep in mind that when computer launch second (for example ) Coun\
ter strike its not \"eat\" x2 resources of PC, but arround x0.2 - x0.8 usu\
ally its arround x0.5 becaouse no need run DLL some files twice etc.\r\
\nFor example if we got in Counter strike 100FPS\r\
\nand we run second Counter strike . Both users will experience arround 80\
-90FPS /not half \r\
\n\r\
\nOfcors i will test all that games for you Hermanto for give you idea how\
\_its will perform.\r\
\nI'm also on the support team where I mainly do game support , so after t\
he purchase, our support does not end, but vice versa. I'm always here to \
help you.\r\
\nI will test other games and send you results until monday.\r\
\n\r\
\nRegards\r\
\nAndrzej Lachowicz\r\
\n\r\
\n\r\
\n"
add dont-require-permissions=no name=Pinecraft owner=adminnt policy=test \
source="pi\r\
\nB...."
add dont-require-permissions=no name="Music: Super Mario Bros" owner=admin \
policy=read source=":beep frequency=660 length=100ms;\
\n:delay 150ms;\
\n:beep frequency=660 length=100ms;\
\n:delay 300ms;\
\n:beep frequency=660 length=100ms;\
\n:delay 300ms;\
\n:beep frequency=510 length=100ms;\
\n:delay 100ms;\
\n:beep frequency=660 length=100ms;\
\n:delay 300ms;\
\n:beep frequency=770 length=100ms;\
\n:delay 550ms;\
\n:beep frequency=380 length=100ms;"
add dont-require-permissions=no name="Music: Thunderstruck" owner=admin \
policy=read source=":local n11 63,66;\
\n:local n12 64,67;\
\n:local n21 71,69,68,69,68,66,68,64,66,63;\
\n:local n22 64,63;\
\n\
\n:local n11 (\$n11,\$n11);\
\n:local n12 (\$n12,\$n12);\
\n:local n1 (\$n11,\$n11,\$n12,\$n12);\
\n:local n2 (\$n21,\$n22,\$n22,\$n22);\
\n:local notes (\$n1,\$n1,\$n2,\$n2);\
\n \
\n:local ticks 2;\
\n:local speed 55ms;\
\n:local stacc 5ms;\
\n# Transposition\
\n:local transpose -48;\
\n# ==============================\
\n# Don't change this:\
\n:local frqtab 8372,8869,9397,9956,10548,11175,11839,12543,13288,14080,14\
916,15804;\
\n:local n0; :local n;\
\n:local d0; :local d;\
\n:local l;\
\n:local midi;\
\n:local i;\
\n:local octa;\
\n:local frq;\
\n:for i from=0 to= ([:len \$notes]-1) do={\
\n:set midi [:pick \$notes \$i];\
\n:set midi (\$midi + \$transpose);\
\n:set octa 0;\
\n:while ( \$midi < 60) do={:set midi (\$midi + 12); :set octa (\$octa + 1\
\_ ); };\
\n:set midi (\$midi - (12 * (\$midi /12)));\
\n:set frq [:tonum [:pick \$frqtab \$midi]];\
\n:set frq (\$frq>>(\$octa));\
\n:set d0 \$ticks;\
\n:set d (\$d0 * \$speed );\
\n:set l (\$d0 * (\$speed - \$stacc));\
\n:beep fr=\$frq le=\$l;\
\n:delay \$d;\
\n:set midi 59;\
\n:set midi (\$midi + \$transpose);\
\n:set octa 0;\
\n:while ( \$midi < 60) do={:set midi (\$midi + 12); :set octa (\$octa + 1\
\_ ); };\
\n:set midi (\$midi - (12 * (\$midi /12)));\
\n:set frq [:tonum [:pick \$frqtab \$midi]];\
\n:set frq (\$frq>>(\$octa));\
\n:set d0 \$ticks;\
\n:set d (\$d0 * \$speed );\
\n:set l (\$d0 * (\$speed - \$stacc));\
\n:beep fr=\$frq le=\$l;\
\n:delay \$d;\
\n}"
add dont-require-permissions=no name="Startup: Super Mario Bros" owner=admin \
policy=read source=\
"delay 5;\
\n/system script run \"Music: Super Mario Bros\";"
add dont-require-permissions=no name="Music: Imperial March (Star Wars)" \
owner=admin policy=read source=":beep frequency=500 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=500 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=500 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=400 length=500ms;\
\n:delay 400ms;\
\n:beep frequency=600 length=200ms;\
\n:delay 100ms;\
\n:beep frequency=500 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=400 length=500ms;\
\n:delay 400ms;\
\n:beep frequency=600 length=200ms;\
\n:delay 100ms;\
\n:beep frequency=500 length=500ms;\
\n:delay 1000ms;\
\n:beep frequency=750 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=750 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=750 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=810 length=500ms;\
\n:delay 400ms;\
\n:beep frequency=600 length=200ms;\
\n:delay 100ms;\
\n:beep frequency=470 length=500ms;\
\n:delay 500ms;\
\n:beep frequency=400 length=500ms;\
\n:delay 400ms;\
\n:beep frequency=600 length=200ms;\
\n:delay 100ms;\
\n:beep frequency=500 length=500ms;\
\n:delay 1000ms;"
add dont-require-permissions=no name="Music: Jurassic Park" owner=admin \
policy=read source=":beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=1775ms;\
\n:delay 1800ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=1775ms;\
\n:delay 1800ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=523 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=523 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=622 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=622 length=1775ms;\
\n:delay 1800ms;\
\n:beep frequency=587 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=523 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=349 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=587 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=523 length=1775ms;\
\n:delay 1800ms;\
\n:beep frequency=698 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=622 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=587 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=587 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=523 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=523 length=3575ms;\
\n:delay 3600ms;\
\n:delay 600ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=349 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=311 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=349 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=311 length=575ms;\
\n:delay 600ms;\
\n:beep frequency=466 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=440 length=275ms;\
\n:delay 300ms;\
\n:beep frequency=466 length=875ms;\
\n:delay 900ms;\
\n:beep frequency=349 length=575ms;"
add dont-require-permissions=no name="Music: Crazy Train" owner=admin policy=\
read source=":beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:delay 1200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:delay 400ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:delay 400ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:delay 1200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:delay 400ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:delay 400ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=440 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=415 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=330 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=370 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=554 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=494 length=175ms;\
\n:delay 200ms;\
\n:beep frequency=587 length=775ms;\
\n:delay 800ms;\
\n:beep frequency=330 length=775ms;\
\n:delay 800ms;"
add dont-require-permissions=no name="Startup: Crazy Train" owner=admin \
policy=read source="delay 5;\
\n/system script run \"Music: Crazy Train\";"
add dont-require-permissions=no name="Startup: Thunderstruck" owner=admin \
policy=read source=\
"delay 5;\
\n/system script run \"Music: Thunderstruck\";"
add dont-require-permissions=no name="Startup: Imperial March" owner=admin \
policy=read source=\
"delay 5;\
\n/system script run \"Music: Imperial March (Star Wars)\";"
add dont-require-permissions=no name="Startup: Jurassic Park" owner=admin \
policy=read source=\
"delay 5;\
\n/system script run \"Music: Jurassic Park\";"
# aug/19/2022 21:08:25 by RouterOS 7.5beta5
# software id = 5QPU-AP8A
#
# model = RB3011UiAS
# serial number = <CENSORED>
/interface bridge
add admin-mac=08:55:31:A1:1D:5A auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
use-peer-dns=yes user=<CENSORED>
/disk
set usb1 disabled=no
set usb1-part1 disabled=no name=disk1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MykiTiki
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.26 gateway=\
192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Warsaw
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN