Community discussions

MikroTik App
 
souravmaiti
just joined
Topic Author
Posts: 3
Joined: Wed Apr 22, 2020 9:06 am

Tile CCR BGP Crash after 7.1 upgrade

Mon Dec 13, 2021 9:56 am

Our Tile CCR1036 encountering kernel failure boot loop when BGP peers get connected after 7.1 upgrade.
The full config given below (6.49.2 before upgrading config). Are anybody experiencing the same issue ?

# dec/13/2021 13:16:10 by RouterOS 6.49.2
# software id = XXXXXXX
#
# model = CCR1036-12G-4S
# serial number = YYYYYYYYYY
/interface bridge
add fast-forward=no mtu=1500 name=Datacenter-Bridge
add fast-forward=no mtu=1500 name=lan-bridge
/interface ethernet
set [ find default-name=ether1 ] comment="ISP2 ILL Fiber" l2mtu=1590 speed=\
    100Mbps
set [ find default-name=ether2 ] comment="Direct Net" l2mtu=1590 speed=\
    100Mbps
set [ find default-name=ether3 ] advertise="10M-half,10M-full,100M-half,100M-f\
    ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" l2mtu=1590 \
    loop-protect=on loop-protect-disable-time=10s speed=100Mbps
set [ find default-name=ether4 ] comment="LAN Bridge" l2mtu=1590 speed=\
    100Mbps
set [ find default-name=ether5 ] comment="LAN Bridge" l2mtu=1590 speed=\
    100Mbps
set [ find default-name=ether6 ] l2mtu=1590 name=ether6-lan speed=100Mbps
set [ find default-name=ether7 ] comment="Direct Net" l2mtu=1590 speed=\
    100Mbps
set [ find default-name=ether8 ] advertise="10M-half,10M-full,100M-half,100M-f\
    ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" disabled=yes \
    l2mtu=1590 loop-protect=on loop-protect-disable-time=10s speed=100Mbps
set [ find default-name=ether9 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether10 ] advertise="10M-half,10M-full,100M-half,100M-\
    full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
    laptop disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether11 ] advertise="10M-half,10M-full,100M-half,100M-\
    full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" disabled=\
    yes l2mtu=1590 rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether12 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=sfp1 ] advertise="10M-half,10M-full,100M-half,100M-ful\
    l,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
    "ISP1 ILL Fiber"
/interface vlan
add interface=ether6-lan loop-protect-disable-time=10s name=vlan15-noc \
    vlan-id=15
add comment="HO, ATM, D35 WebServer" interface=ether6-lan name=vlan17-ho \
    vlan-id=17
add interface=ether6-lan loop-protect=on loop-protect-disable-time=10s name=\
    vlan18-main vlan-id=18
/interface wireless security-profiles
set [ find default=yes ] group-ciphers="" supplicant-identity=MikroTik \
    unicast-ciphers=""
/ip firewall layer7-protocol
add name=facebook regexp="^.+(www.facebook.com|facebook.com|login.facebook.com\
    |www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com|www.fbcdn.com|st\
    atic.ak.fbcdn.net|static.ak.connect.facebook.com|connect.facebook.net|www.\
    connect.facebook.net|apps.facebook.com|m.facebook.com|fbsbx.com).*\$"
add name=youtube regexp="^.+(ytstatic.l.google.com|youtube-ui.l.google.com|you\
    tubei.googleapis.com|youtube.googleapis.com|youtube.com|www.youtube.com|m.\
    youtube.com|ytimg.com|s.ytimg.com|ytimg.l.google.com|youtube.l.google.com|\
    i.google.com|googlevideo.com|youtu.be|youtube-nocookie.com).*\$"
/ip hotspot user profile
set [ find default=yes ] transparent-proxy=yes
/ip ipsec policy group
set [ find default=yes ] name=group
/ip ipsec profile
add dh-group=modp1536 enc-algorithm=aes-256 name=profile_1
/ip ipsec peer
add address=RRR.NNN.164.1/32 name=peer1 profile=profile_1
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
    aes-256-cbc pfs-group=modp1536
/ip pool
add name=dhcp ranges=172.16.63.11-172.16.63.240
add name=L8 ranges=10.0.0.10-10.0.1.220
add name=L1-PUBLIC ranges=LLL.71.158.6
add name=L6 ranges=10.0.2.10-10.0.3.220
add name=L4 ranges=10.0.4.10-10.0.5.220
add name=L3 ranges=10.0.6.10-10.0.7.220
add name=L2 ranges=10.0.8.10-10.0.9.220
add name=L1 ranges=10.0.10.10-10.0.11.220
add name=S2 ranges=10.0.9.222
add name=P2 ranges=10.0.9.221
add name=vpn ranges=192.168.254.20-192.168.254.50
add name=is1 ranges=192.168.254.8/29
add name=vpn1 ranges=192.168.254.60-192.168.254.100
add name="DC Bridge" ranges=10.255.255.20-10.255.255.250
add name=dhcp_main ranges=172.16.62.11-172.16.62.240
add name=dhcp_pool_noc ranges=172.16.61.20-172.16.61.245
add name=dhcp_pool-ho ranges=172.16.60.20-172.16.60.200
/ip dhcp-server
add address-pool="DC Bridge" authoritative=after-2sec-delay disabled=no \
    interface=Datacenter-Bridge lease-time=3d name="direct net pool"
add address-pool=dhcp_main authoritative=after-2sec-delay disabled=no \
    interface=vlan18-main name=dhcp-main
add address-pool=dhcp_pool_noc authoritative=after-2sec-delay disabled=no \
    interface=vlan15-noc name=dhcp-noc
add address-pool=dhcp_pool-ho disabled=no interface=vlan17-ho name=dhcp_ho
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
    up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
    up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
    up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
    up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
    up-port=1700
/port
set 0 flow-control=hardware name=serial0
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
    stop-bits=1
/ppp profile
set *0 address-list=L8 dns-server=172.16.6.65 local-address=10.0.0.1 \
    only-one=yes remote-address=L8 use-compression=no
add address-list=L6 dns-server=10.0.0.1 local-address=10.0.0.1 name=L6 \
    only-one=yes remote-address=L6 use-compression=yes
add address-list=L4 dns-server=10.0.0.1 local-address=10.0.0.1 name=L4 \
    only-one=yes remote-address=L4 use-compression=yes
add address-list=L3 dns-server=10.0.0.1 local-address=10.0.0.1 name=L3 \
    only-one=yes remote-address=L3 use-compression=yes
add address-list=L1-PUBLIC dns-server=10.0.0.1 local-address=10.0.0.1 name=\
    L1-PUBLIC only-one=yes remote-address=L1-PUBLIC use-compression=yes
add address-list=L2 dns-server=10.0.0.1 local-address=10.0.0.1 name=L2 \
    only-one=yes remote-address=L2 use-compression=yes
add address-list=L1 dns-server=10.0.0.1 local-address=10.0.0.1 name=L1 \
    only-one=yes remote-address=L1 use-compression=yes
add address-list=P2 dns-server=10.0.0.1 local-address=10.0.0.1 name=P2 \
    only-one=yes remote-address=P2 use-compression=yes
add address-list=S2 dns-server=10.0.0.1 local-address=10.0.0.1 name=S2 \
    only-one=yes remote-address=S2 use-compression=no use-encryption=no
add address-list=vpn dns-server=192.168.254.1 local-address=192.168.254.1 \
    name=vpn only-one=yes remote-address=vpn use-compression=yes \
    use-encryption=yes
add address-list=is1 dns-server=192.168.254.1 local-address=192.168.254.1 \
    name=is1 only-one=yes remote-address=is1 use-compression=yes \
    use-encryption=yes
add address-list=vpn1 dns-server=192.168.254.1 local-address=192.168.254.1 \
    name=vpn1 only-one=yes remote-address=vpn1 use-compression=yes \
    use-encryption=yes
set *FFFFFFFE only-one=yes use-compression=no use-encryption=no
/queue tree
add max-limit=1024M name=P-DL parent=global priority=1 queue=default
add disabled=yes limit-at=100k max-limit=2M name=L1 packet-mark=L1 parent=\
    P-DL priority=2 queue=default
add disabled=yes limit-at=256k max-limit=4M name=L3 packet-mark=L3 parent=\
    P-DL priority=3 queue=default
add disabled=yes limit-at=100k max-limit=4M name=L4 packet-mark=L4 parent=\
    P-DL priority=1 queue=default
add disabled=yes limit-at=256k max-limit=4500k name=L2 packet-mark=L2 parent=\
    P-DL priority=2 queue=default
add disabled=yes limit-at=100k max-limit=4M name=L8 packet-mark=L8 parent=\
    P-DL queue=default
add disabled=yes limit-at=1M max-limit=10M name=L6 packet-mark=L6 parent=P-DL \
    priority=6 queue=default
add disabled=yes limit-at=768k max-limit=4500k name=vpn-dl packet-mark=vpn \
    parent=P-DL priority=1 queue=default
add disabled=yes limit-at=256k max-limit=1700k name=S2 packet-mark=S2 parent=\
    P-DL priority=2 queue=default
add disabled=yes limit-at=256k max-limit=2M name=P2 packet-mark=P2 parent=\
    P-DL priority=3 queue=default
add disabled=yes limit-at=256k max-limit=2M name=DN packet-mark=DN parent=\
    P-DL queue=default
add burst-limit=15M burst-time=10s limit-at=1M max-limit=10M name=mbdn \
    packet-mark=mbdn parent=P-DL queue=default
add burst-limit=10k burst-time=10s disabled=yes limit-at=10k max-limit=10k \
    name=c packet-mark=mbdnc parent=P-DL queue=default
add burst-limit=20k burst-time=10s disabled=yes limit-at=1k max-limit=10k \
    name=temp packet-mark=temp parent=P-DL queue=default
/routing bgp instance
set default as=4200000001 router-id=172.16.6.65
/routing ospf instance
set [ find default=yes ] redistribute-bgp=as-type-1 redistribute-other-ospf=\
    as-type-1 redistribute-static=as-type-1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=ccbldc2357 write-access=yes
/system logging action
set 0 memory-lines=100
set 1 disk-file-count=9999 disk-lines-per-file=10000
set 3 bsd-syslog=yes remote=172.16.6.13 syslog-facility=syslog \
    syslog-severity=info
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=lan-bridge hw=no interface=ether4
add bridge=lan-bridge hw=no interface=ether5
add bridge=Datacenter-Bridge hw=no interface=ether7
add bridge=Datacenter-Bridge hw=no interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=1024
/interface l2tp-server server
set default-profile=default enabled=yes max-mru=1300 max-mtu=1300
/interface ovpn-server server
set auth=sha1 certificate=server.crt_0 cipher=aes256 enabled=yes \
    require-client-certificate=yes
/interface pppoe-server server
add disabled=no interface=vlan17-ho keepalive-timeout=11 max-mru=1480 \
    max-mtu=1480 service-name=PPPoE
add disabled=no interface=Datacenter-Bridge max-mru=1480 max-mtu=1480 \
    service-name="PPPoE DC"
add disabled=no interface=vlan18-main keepalive-timeout=11 max-mru=1480 \
    max-mtu=1480 service-name=PPPoE
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default \
    keepalive-timeout=11 max-mru=1460 max-mtu=1460
/interface sstp-server server
set default-profile=vpn
/ip address
add address=172.16.6.65/28 interface=lan-bridge network=172.16.6.64
add address=10.10.10.225/30 interface=vlan18-main network=10.10.10.224
add address=10.5.5.9/30 comment="ATM Main Br." interface=vlan17-ho network=\
    10.5.5.8
add address=10.255.255.1/24 interface=Datacenter-Bridge network=10.255.255.0
add address=192.168.88.6/24 disabled=yes interface=ether1 network=\
    192.168.88.0
add address=10.6.6.1/30 comment="web server" interface=vlan17-ho network=\
    10.6.6.0
add address=MMM.NNN.126.242/28 comment="ISP2 ILL" disabled=yes interface=\
    ether1 network=MMM.NNN.126.240
add address=172.16.62.1/24 interface=vlan18-main network=172.16.62.0
add address=172.16.61.1/24 interface=vlan15-noc network=172.16.61.0
add address=172.16.60.1/24 interface=vlan17-ho network=172.16.60.0
add address=10.9.9.1/30 interface=vlan18-main network=10.9.9.0
add address=10.50.50.1/24 comment="Main Br and Cash DVR" interface=vlan17-ho \
    network=10.50.50.0
add address=10.52.52.1/24 comment="HO DVR" interface=vlan17-ho network=\
    10.52.52.0
add address=10.8.8.1/24 disabled=yes network=10.8.8.0
add address=10.11.11.1/30 interface=ether1 network=10.11.11.0
add address=192.168.1.65/24 disabled=yes interface=ether3 network=192.168.1.0
add address=10.53.53.1/24 comment="ATM DVR" interface=vlan17-ho network=\
    10.53.53.0
add address=LLL.HHH82.250/30 comment="ISP1 ILL" interface=sfp1 network=\
    LLL.HHH82.248
add address=10.5.5.45/30 comment="Recycler Main Br." interface=vlan17-ho \
    network=10.5.5.44
/ip dhcp-server lease
add address=10.255.255.29 always-broadcast=yes client-id=1:b4:b5:2f:81:3f:70 \
    comment="sourav lappy" mac-address=B4:B5:2F:81:3F:70 server=\
    "direct net pool"
add address=172.16.61.20 client-id=1:e8:40:f2:ac:5c:55 comment=NOC \
    mac-address=E8:40:F2:AC:5C:55 server=dhcp-noc
add address=172.16.62.23 comment="shm m" mac-address=74:23:44:34:F0:93 \
    server=dhcp-main
add address=172.16.62.25 always-broadcast=yes comment="sm mb" mac-address=\
    18:59:36:08:BA:71 server=dhcp-main
add address=10.255.255.36 always-broadcast=yes client-id=1:a4:17:31:5d:eb:6b \
    comment="srv laptop" mac-address=A4:17:31:5D:EB:6B server=\
    "direct net pool"
add address=172.16.60.47 always-broadcast=yes comment="pr mb" mac-address=\
    0C:1D:AF:77:4C:05
add address=172.16.60.58 always-broadcast=yes client-id=1:78:2:f8:9e:d3:69 \
    comment="ap nt4" mac-address=78:02:F8:9E:D3:69
add address=10.255.255.72 client-id=1:38:a4:ed:e0:78:fd comment="smk mb" \
    mac-address=38:A4:ED:E0:78:FD server="direct net pool"
add address=172.16.62.15 client-id=1:40:a8:f0:68:a0:62 comment="cts pc" \
    mac-address=40:A8:F0:68:A0:62 server=dhcp-main
add address=172.16.60.51 always-broadcast=yes client-id=1:a4:17:31:5d:eb:6b \
    comment="srv lap" mac-address=A4:17:31:5D:EB:6B
add address=172.16.60.53 client-id=1:3c:77:e6:9f:fe:bf comment=diwedi \
    mac-address=3C:77:E6:9F:FE:BF
add address=10.255.255.25 always-broadcast=yes client-id=1:c4:b:cb:ce:d7:a3 \
    comment="smk mb" mac-address=C4:0B:CB:CE:D7:A3 server="direct net pool"
add address=10.255.255.68 always-broadcast=yes client-id=1:e4:46:da:a9:4e:4b \
    comment="SRV MB" mac-address=E4:46:DA:A9:4E:4B server="direct net pool"
add address=172.16.62.57 always-broadcast=yes client-id=1:0:f:5:40:38:a0 \
    comment="dilip majee pc" mac-address=00:0F:05:40:38:A0 server=dhcp-main
add address=172.16.62.28 client-id=1:20:a6:c:dd:11:ec comment="dip mb" \
    mac-address=20:A6:0C:DD:11:EC server=dhcp-main
add address=172.16.62.48 client-id=1:28:3b:82:30:a7:da comment=\
    "director router" mac-address=28:3B:82:30:A7:DA server=dhcp-main
add address=172.16.60.87 client-id=1:60:23:a4:e9:c6:32 comment="Boardroom TV" \
    mac-address=60:23:A4:E9:C6:32
add address=172.16.62.13 client-id=1:e0:d5:5e:44:4e:c4 comment="amit pc" \
    mac-address=E0:D5:5E:44:4E:C4 server=dhcp-main
add address=172.16.60.20 client-id=1:0:ec:a:94:7c:f1 comment="piku mb" \
    mac-address=00:EC:0A:94:7C:F1
add address=172.16.62.17 client-id=1:f0:67:28:3e:97:b9 comment="al mb" \
    mac-address=F0:67:28:3E:97:B9 server=dhcp-main
add address=172.16.60.23 client-id=1:e0:d5:5e:1:b2:55 mac-address=\
    E0:D5:5E:01:B2:55
add address=10.255.255.21 client-id=1:40:a8:f0:5c:52:fc comment=helpdesk \
    mac-address=40:A8:F0:5C:52:FC server="direct net pool"
add address=172.16.60.45 client-id=1:b4:c4:fc:7a:fb:e3 comment="m kar mob" \
    mac-address=B4:C4:FC:7A:FB:E3
add address=172.16.60.56 client-id=1:70:c9:4e:f7:c2:29 comment="rohitas lap" \
    mac-address=70:C9:4E:F7:C2:29
add address=172.16.60.27 client-id=1:e0:1f:88:27:7e:d5 comment="sourav mob" \
    mac-address=E0:1F:88:27:7E:D5 server=dhcp_ho
add address=172.16.60.59 client-id=1:4:95:e6:82:5d:20 comment=NOVA \
    mac-address=04:95:E6:82:5D:20 server=dhcp_ho
add address=172.16.60.30 client-id=1:20:47:47:53:ed:45 comment="Bijoy Lap" \
    mac-address=20:47:47:53:ED:45 server=dhcp_ho
add address=172.16.60.74 client-id=1:70:18:8b:b9:60:d7 comment="sec lap" \
    mac-address=70:18:8B:B9:60:D7 server=dhcp_ho
add address=172.16.60.86 client-id=1:40:a8:f0:5b:a8:58 comment="apollo pc" \
    mac-address=40:A8:F0:5B:A8:58 server=dhcp_ho
add address=172.16.60.111 client-id=1:4:95:e6:82:6b:70 comment=NOVA \
    mac-address=04:95:E6:82:6B:70 server=dhcp_ho
add address=172.16.60.40 client-id=1:4:95:e6:82:6b:78 comment=NOVA \
    mac-address=04:95:E6:82:6B:78 server=dhcp_ho
add address=172.16.60.112 client-id=1:4:95:e6:82:5d:28 comment=NOVA \
    mac-address=04:95:E6:82:5D:28 server=dhcp_ho
add address=172.16.60.109 client-id=1:dc:b7:2e:20:ca:fd comment="pallab mob" \
    mac-address=DC:B7:2E:20:CA:FD server=dhcp_ho
add address=172.16.60.83 client-id=1:e8:18:8f:41:6c:63 comment="santu pc" \
    mac-address=E8:18:8F:41:6C:63 server=dhcp_ho
add address=172.16.60.67 client-id=1:70:bb:e9:31:81:4a comment="Sec Mob" \
    mac-address=70:BB:E9:31:81:4A server=dhcp_ho
add address=172.16.60.119 client-id=1:a4:4b:d5:5e:47:23 comment="prasun mob" \
    mac-address=A4:4B:D5:5E:47:23 server=dhcp_ho
add address=172.16.60.55 client-id=1:0:ec:a:94:7c:f1 comment="soumen mob" \
    mac-address=00:EC:0A:94:7C:F1 server=dhcp_ho
add address=172.16.60.123 client-id=1:50:c8:e5:c3:2e:b9 comment="sekhar mob" \
    mac-address=50:C8:E5:C3:2E:B9 server=dhcp_ho
add address=172.16.60.52 client-id=1:8c:aa:ce:5c:2:d3 comment="anirban mob" \
    mac-address=8C:AA:CE:5C:02:D3 server=dhcp_ho
add address=172.16.60.100 client-id=1:4c:6f:9c:52:90:ef comment="Apollo Mob" \
    mac-address=4C:6F:9C:52:90:EF server=dhcp_ho
add address=172.16.60.75 client-id=1:20:34:fb:7d:5c:ef comment="santu mob" \
    mac-address=20:34:FB:7D:5C:EF server=dhcp_ho
add address=172.16.60.127 client-id=1:c:f3:46:e2:cd:67 comment="sambo mob" \
    mac-address=0C:F3:46:E2:CD:67 server=dhcp_ho
add address=172.16.60.70 client-id=1:9c:28:f7:5:f4:a8 comment="Raju Mob" \
    mac-address=9C:28:F7:05:F4:A8 server=dhcp_ho
add address=172.16.60.64 client-id=1:50:2b:73:22:3c:28 comment=NOVA \
    mac-address=50:2B:73:22:3C:28 server=dhcp_ho
add address=172.16.60.136 client-id=1:38:e6:a:f2:1e:6c comment="debashis mob" \
    mac-address=38:E6:0A:F2:1E:6C server=dhcp_ho
add address=172.16.60.135 client-id=1:1c:1b:d:2b:ed:f3 comment="Suman PC" \
    mac-address=1C:1B:0D:2B:ED:F3 server=dhcp_ho
add address=172.16.60.143 client-id=1:18:87:40:69:3c:17 comment="Suman Mob" \
    mac-address=18:87:40:69:3C:17 server=dhcp_ho
add address=172.16.60.151 client-id=1:10:3f:44:8:b4:f9 comment="Pinaki Mob" \
    mac-address=10:3F:44:08:B4:F9 server=dhcp_ho
add address=172.16.60.85 client-id=1:a4:17:31:5d:eb:6b mac-address=\
    A4:17:31:5D:EB:6B server=dhcp_ho
add address=172.16.60.93 client-id=1:54:8c:a0:bc:c6:31 comment=temp \
    mac-address=54:8C:A0:BC:C6:31 server=dhcp_ho
add address=172.16.60.120 client-id=1:14:ab:c5:27:c4:55 comment="koushik lap" \
    mac-address=14:AB:C5:27:C4:55 server=dhcp_ho
add address=172.16.60.130 client-id=1:10:3f:44:5:7d:9d comment="manu ph" \
    mac-address=10:3F:44:05:7D:9D server=dhcp_ho
add address=172.16.60.44 client-id=1:1c:bf:c0:e4:3e:a9 comment="amit da" \
    mac-address=1C:BF:C0:E4:3E:A9 server=dhcp_ho
add address=172.16.60.35 client-id=1:b2:ab:c1:1e:70:dd comment="arghya mob" \
    mac-address=B2:AB:C1:1E:70:DD server=dhcp_ho
add address=172.16.60.98 client-id=1:b4:b5:2f:81:53:fe comment="prasun lap" \
    mac-address=B4:B5:2F:81:53:FE server=dhcp_ho
add address=172.16.60.49 client-id=1:50:2b:73:22:3c:30 comment=\
    "BoardRoom Nova" mac-address=50:2B:73:22:3C:30 server=dhcp_ho
add address=172.16.60.65 client-id=1:6a:d0:e4:85:9:6a comment=\
    "Prasun karar mob" mac-address=6A:D0:E4:85:09:6A server=dhcp_ho
add address=172.16.60.95 client-id=1:1c:1b:d:be:c3:7a comment=sambo \
    mac-address=1C:1B:0D:BE:C3:7A server=dhcp_ho
add address=172.16.62.12 client-id=1:c2:c2:4a:d5:89:a3 comment="hasibul mob" \
    mac-address=C2:C2:4A:D5:89:A3 server=dhcp-main
add address=172.16.62.16 client-id=1:74:d4:35:6e:97:83 comment="printer pc" \
    mac-address=74:D4:35:6E:97:83 server=dhcp-main
add address=172.16.60.60 client-id=1:0:1a:4b:4f:bb:62 comment="bbzr server" \
    mac-address=00:1A:4B:4F:BB:62 server=dhcp_ho
add address=172.16.60.28 client-id=1:12:b3:70:23:ff:d3 comment="ram mob" \
    mac-address=12:B3:70:23:FF:D3 server=dhcp_ho
add address=172.16.60.36 client-id=1:1e:ca:76:ab:4:35 comment="koushik ph" \
    mac-address=1E:CA:76:AB:04:35 server=dhcp_ho
add address=172.16.60.69 client-id=1:34:a:33:2e:80:28 comment="share printer" \
    mac-address=34:0A:33:2E:80:28 server=dhcp_ho
add address=172.16.60.39 client-id=1:dc:b7:2e:26:8d:56 comment="samik mob" \
    mac-address=DC:B7:2E:26:8D:56 server=dhcp_ho
add address=172.16.60.61 client-id=1:e0:d5:5e:1:b2:55 comment=\
    "recovery printer" mac-address=E0:D5:5E:01:B2:55 server=dhcp_ho
add address=172.16.60.63 client-id=1:34:6f:24:d:ea:83 comment=temp \
    mac-address=34:6F:24:0D:EA:83 server=dhcp_ho
/ip dhcp-server network
add address=10.255.255.0/24 dns-server=172.16.6.65 gateway=10.255.255.1 \
    netmask=24 ntp-server=10.255.255.1
add address=172.16.60.0/24 dns-server=172.16.6.65 gateway=172.16.60.1
add address=172.16.61.0/24 dns-server=172.16.6.65 gateway=172.16.61.1
add address=172.16.62.0/24 dns-server=172.16.6.65 gateway=172.16.62.1 \
    ntp-server=172.16.62.1
add address=172.16.63.0/24 dns-server=172.16.6.65 gateway=172.16.63.1 \
    netmask=24 ntp-server=172.16.63.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=10240KiB \
    max-concurrent-queries=999999999 max-concurrent-tcp-sessions=999999999 \
    query-server-timeout=10s query-total-timeout=20s servers=\
    2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,8.8.4.4
/ip dns static
add address=172.16.6.20 name=ccbldcav01
add address=172.16.1.12 name=cbs3.ccbltd.net
add address=172.16.1.11 name=cbs2.ccbltd.net
add address=172.16.1.11 name=ac1.ccbltd.net
add address=172.16.1.11 name=dw.ccbltd.net
add address=172.16.1.11 name=mis2.ccbltd.net
add address=172.16.1.111 name=cbs1.ccbltd.net
add address=172.16.1.152 name=cm.ccbltd.net
add address=172.16.1.176 name=ccbldcad01.ccbltd.net
add address=172.16.1.186 name=ccbldcadc01.ccbltd.net
add address=172.16.1.181 name=test1.ccbltd.net
add address=172.16.1.152 name=crm.ccbltd.net
add address=172.16.1.152 name=los.ccbltd.net
add address=172.16.1.151 name=ac.ccbltd.net
add address=172.16.1.151 name=mis.ccbltd.net
add address=172.16.1.151 name=ho.ccbltd.net
add address=172.16.1.150 name=eip.ccbltd.net
add address=172.16.6.20 name=ccblbackup01
add address=172.16.1.173 name=dpis
add address=172.16.6.14 name=DESKTOP-HFDE6U3
/ip firewall filter
add action=accept chain=input comment=\
    "allow established, related, untracked connections" connection-state=\
    established,related,untracked
add action=drop chain=input comment="drop invalid connections" \
    connection-state=invalid log-prefix=Invalid-Connection-Drop
add action=accept chain=forward comment=\
    "allow established, related, untracked connections" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid log-prefix=Invalid-Connection-Drop
add action=add-src-to-address-list address-list="DNS Attack" \
    address-list-timeout=5m chain=input comment="DNS Attack" disabled=yes \
    dst-port=53 in-interface=sfp1 protocol=udp
add action=add-src-to-address-list address-list="DNS Attack" \
    address-list-timeout=5m chain=input comment="DNS Attack" disabled=yes \
    dst-port=53 in-interface=sfp1 protocol=tcp
add action=reject chain=input comment="DNS Attack" disabled=yes in-interface=\
    sfp1 log=yes log-prefix=DNS-Attack reject-with=icmp-host-unreachable \
    src-address-list="DNS Attack"
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=1194 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=1194 \
    in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=1195 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=1195 \
    in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=21 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 dst-port=2828 in-interface=ether1 \
    protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=123 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=123 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=1723 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 dst-port=47 in-interface=ether1 protocol=\
    tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=8291 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=8291 \
    in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1 protocol=icmp
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
    protocol=icmp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=39
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=gre
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 dst-port=1723 in-interface=ether1 \
    protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=encap
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ipip
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ospf
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=vmtp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=rspf
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ddp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=xtp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=iso-tp4
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=rdp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=xns-idp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=hmp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=pup
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=egp
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=st
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ipencap
add action=accept chain=input disabled=yes dst-address=\
    MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=igmp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=500 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=500 \
    in-interface=sfp1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    dst-port=4500 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=4500 \
    in-interface=sfp1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
    protocol=ipsec-esp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1 protocol=ipsec-ah
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
    protocol=ipsec-ah
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=443 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=25 \
    in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=25 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.242 \
    dst-port=445 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=22 \
    in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.242 \
    in-interface=ether1 protocol=ipv6-encap
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1 protocol=ipsec-ah
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
    dst-port=4443 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
    dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
    dst-port=443 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
    dst-port=21 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.248 \
    dst-port=8080 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
    dst-port=9002 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
    dst-port=4443 in-interface=ether1 protocol=udp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
    dst-port=9002 in-interface=ether1 protocol=udp
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
    log-prefix=Piku-Youtube src-address=10.255.255.9
add action=drop chain=input comment="L8 Youtube" layer7-protocol=youtube log=\
    yes log-prefix=L8-Youtube src-address=10.0.0.10-10.0.1.220
add action=drop chain=input comment="anirban Youtube" disabled=yes \
    layer7-protocol=youtube log=yes log-prefix=anirban-Youtube src-address=\
    172.16.60.31
add action=drop chain=input comment="L6 Youtube" layer7-protocol=youtube log=\
    yes log-prefix=L6-Youtube src-address=10.0.2.10-10.0.3.220
add action=drop chain=input comment="NOC Youtube" layer7-protocol=youtube \
    log=yes log-prefix=NOC-Youtube src-address=10.255.255.134
add action=drop chain=input comment="sunny Youtube" layer7-protocol=youtube \
    log=yes log-prefix=sunny-Youtube src-address=172.16.60.41
add action=drop chain=input comment="L8 Facebook" layer7-protocol=facebook \
    log=yes log-prefix=L8-Facebook src-address=10.0.0.10-10.0.1.220
add action=drop chain=input comment="anirban Facebook" disabled=yes \
    layer7-protocol=facebook log=yes log-prefix=anirban-Facebook src-address=\
    172.16.60.31
add action=drop chain=input comment="L6 Facebook" layer7-protocol=facebook \
    log=yes log-prefix=L6-Facebook src-address=10.0.2.10-10.0.3.220
add action=drop chain=input comment="NOC Facebook" layer7-protocol=facebook \
    log=yes log-prefix=NOC-Facebook src-address=10.255.255.134
add action=drop chain=input comment="sunny Facebook" layer7-protocol=facebook \
    log=yes log-prefix=sunny-Facebook src-address=172.16.60.41
add action=drop chain=input disabled=yes layer7-protocol=youtube log=yes \
    log-prefix=Samba-Youtube src-address=10.0.1.237
add action=drop chain=input disabled=yes layer7-protocol=youtube log=yes \
    log-prefix=Samba-Youtube src-address=10.0.1.238
add action=drop chain=input disabled=yes layer7-protocol=facebook log=yes \
    log-prefix=Samba-Facebook src-address=10.0.1.237
add action=drop chain=input disabled=yes layer7-protocol=facebook log=yes \
    log-prefix=Samba-Facebook src-address=10.0.1.238
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
    log-prefix=Biswajit-Youtube src-address=10.0.0.24
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
    log-prefix=Sec-Youtube src-address=172.16.60.93
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
    log-prefix=MKar-Youtube src-address=172.16.60.62
add action=log chain=input disabled=yes layer7-protocol=*3 log=yes \
    log-prefix=Piku-Facebook src-address=10.255.255.9
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="Port scanners to list " \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1h chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=reject chain=input comment="Port Scanner Attack" log=yes \
    log-prefix=Port-Scanner-Attack reject-with=icmp-host-unreachable \
    src-address-list="port scanners"
add action=drop chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1
add action=drop chain=forward dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
    in-interface=ether1 log=yes
add action=drop chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 log=\
    yes log-prefix=Router-Attack
add action=drop chain=forward dst-address=139.167.64.3 in-interface=sfp1 log=\
    yes log-prefix=Mail-Server-Attack
add action=drop chain=forward dst-address=139.167.64.2 in-interface=sfp1 log=\
    yes log-prefix=Web-Server-Attack
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=L1 \
    passthrough=yes src-address-list=L1
add action=mark-connection chain=prerouting comment=DN disabled=yes \
    new-connection-mark=DN passthrough=yes src-address=10.255.255.0/24
add action=mark-connection chain=prerouting comment="ap h mob" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.24
add action=mark-connection chain=prerouting comment=tm disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.52
add action=mark-connection chain=prerouting comment=tm disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.61
add action=mark-connection chain=prerouting comment=tm disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.56
add action=mark-connection chain=prerouting comment="mk mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.54
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.26
add action=mark-routing chain=prerouting comment="vc ph" disabled=yes \
    new-routing-mark=L4 passthrough=yes src-address=172.16.60.45
add action=mark-routing chain=prerouting comment=sms disabled=yes \
    new-routing-mark=sms passthrough=yes src-address=172.16.1.152
add action=mark-routing chain=prerouting comment="smn mb" disabled=yes \
    new-routing-mark=L4 passthrough=yes src-address=172.16.60.46
add action=mark-routing chain=prerouting comment="ap h" disabled=yes \
    new-routing-mark=L4 passthrough=yes src-address=10.255.255.40
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.81
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.86
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.15
add action=mark-connection chain=prerouting comment="shm mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.41
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.47
add action=mark-connection chain=prerouting comment="v mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.32
add action=mark-connection chain=prerouting comment="ap mb l" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.63
add action=mark-connection chain=prerouting comment="ap mb l" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.37
add action=mark-connection chain=prerouting comment="ap mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.22
add action=mark-connection chain=prerouting comment="AV Server" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.6.20
add action=mark-connection chain=prerouting comment="sec mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.105
add action=mark-connection chain=prerouting comment="sec j5" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.68
add action=mark-connection chain=prerouting comment="sec m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.33
add action=mark-connection chain=prerouting comment="prd m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.87
add action=mark-connection chain=prerouting comment=temp disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.29
add action=mark-connection chain=prerouting comment="ab m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.143
add action=mark-connection chain=prerouting comment="ahasan m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.39
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.38
add action=mark-connection chain=prerouting comment=c disabled=yes \
    new-connection-mark=mbdnc passthrough=yes src-address=172.16.62.15
add action=mark-connection chain=prerouting comment="sb m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.58
add action=mark-connection chain=prerouting comment="smn mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.247
add action=mark-connection chain=prerouting comment=lap disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.42
add action=mark-connection chain=prerouting comment="smn mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.31
add action=mark-connection chain=prerouting comment="ani mob" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.52
add action=mark-connection chain=prerouting comment="sec lap" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.74
add action=mark-connection chain=prerouting comment="bijoy lap" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.30
add action=mark-connection chain=prerouting comment="koushik ph" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.144
add action=mark-connection chain=prerouting comment="piku comp" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.15
add action=mark-connection chain=prerouting comment=temp disabled=yes \
    dst-address=172.16.1.152 dst-port=8445 new-connection-mark=temp \
    passthrough=yes protocol=tcp src-address=172.16.0.0/21
add action=mark-connection chain=prerouting comment="suman comp" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.135
add action=mark-connection chain=prerouting comment="debashis mob" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.136
add action=mark-connection chain=prerouting comment="sekhar mb" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.123
add action=mark-connection chain=prerouting comment="Raju Mob" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.70
add action=mark-connection chain=prerouting comment="manu mb" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.130
add action=mark-connection chain=prerouting comment="santu mb" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.75
add action=mark-connection chain=prerouting comment=test disabled=yes \
    dst-port=1194 new-connection-mark=mbdn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ap comp" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.86
add action=mark-connection chain=prerouting comment="smk mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.25
add action=mark-connection chain=prerouting comment="am mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.84
add action=mark-connection chain=prerouting comment="sd mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.44
add action=mark-connection chain=prerouting comment="vc mb" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.66
add action=mark-connection chain=prerouting comment="hs mb" \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.41
add action=mark-connection chain=prerouting comment="cm m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.62.12
add action=mark-connection chain=prerouting comment="sn m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.113
add action=mark-connection chain=prerouting comment="ar m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.159
add action=mark-connection chain=prerouting comment=test disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=10.255.255.21
add action=mark-connection chain=prerouting comment="ppp m" disabled=yes \
    new-connection-mark=mbdn passthrough=yes src-address=172.16.60.68
add action=mark-connection chain=prerouting new-connection-mark=L8-S \
    passthrough=yes src-address-list=L8-S
add action=mark-routing chain=prerouting new-routing-mark=L1 passthrough=yes \
    src-address-list=L1
add action=mark-connection chain=prerouting new-connection-mark=L8 \
    passthrough=yes src-address-list=L8
add action=mark-routing chain=prerouting new-routing-mark=L8 passthrough=yes \
    src-address-list=L8
add action=mark-connection chain=prerouting new-connection-mark=L6 \
    passthrough=yes src-address-list=L6
add action=mark-routing chain=prerouting new-routing-mark=L6 passthrough=yes \
    src-address-list=L6
add action=mark-connection chain=prerouting new-connection-mark=L4 \
    passthrough=yes src-address-list=L4
add action=mark-routing chain=prerouting new-routing-mark=L4 passthrough=yes \
    src-address-list=L4
add action=mark-routing chain=prerouting new-routing-mark=L4 passthrough=yes \
    src-address=10.10.10.226
add action=mark-connection chain=prerouting new-connection-mark=L3 \
    passthrough=yes src-address-list=L3
add action=mark-routing chain=prerouting new-routing-mark=L3 passthrough=yes \
    src-address-list=L3
add action=mark-connection chain=prerouting new-connection-mark=L2 \
    passthrough=yes src-address-list=L2
add action=mark-routing chain=prerouting new-routing-mark=L2 passthrough=yes \
    src-address-list=L2
add action=mark-connection chain=prerouting new-connection-mark=vpn \
    passthrough=yes src-address-list=vpn
add action=mark-routing chain=prerouting new-routing-mark=is1 passthrough=yes \
    src-address-list=is1
add action=mark-connection chain=prerouting new-connection-mark=is1 \
    passthrough=yes src-address-list=is1
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes \
    src-address-list=vpn
add action=mark-routing chain=prerouting comment=mail disabled=yes \
    new-routing-mark=mail passthrough=yes src-address=172.16.6.21
add action=mark-routing chain=prerouting comment=mail disabled=yes \
    dst-address=172.16.6.21 new-routing-mark=mail passthrough=yes
add action=mark-connection chain=prerouting new-connection-mark=S2 \
    passthrough=yes src-address-list=S2
add action=mark-routing chain=prerouting comment=S2 new-routing-mark=S2 \
    passthrough=yes src-address-list=S2
add action=mark-routing chain=prerouting comment=web disabled=yes \
    dst-address-type=!local new-routing-mark=web passthrough=yes src-address=\
    10.6.6.2
add action=mark-connection chain=prerouting comment=cts disabled=yes \
    dst-address-type=!local new-connection-mark=mbdnc passthrough=yes \
    src-address=172.16.62.15
add action=mark-connection chain=prerouting new-connection-mark=P2 \
    passthrough=yes src-address-list=P2
add action=mark-routing chain=prerouting new-routing-mark=P2 passthrough=yes \
    src-address-list=P2
add action=mark-packet chain=forward connection-mark=L1 new-packet-mark=L1 \
    passthrough=yes
add action=mark-packet chain=forward comment=DN connection-mark=DN \
    new-packet-mark=DN passthrough=yes
add action=mark-packet chain=forward comment=mbdn connection-mark=mbdn \
    new-packet-mark=mbdn passthrough=yes
add action=mark-packet chain=forward comment=temp connection-mark=temp \
    disabled=yes new-packet-mark=temp passthrough=yes
add action=mark-packet chain=forward comment=c connection-mark=mbdnc \
    new-packet-mark=mbdnc passthrough=yes
add action=mark-packet chain=forward connection-mark=L8-S new-packet-mark=\
    L8-S passthrough=yes
add action=mark-packet chain=forward connection-mark=L8 new-packet-mark=L8 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=L6 new-packet-mark=L6 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=L4 new-packet-mark=L4 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=L3 new-packet-mark=L3 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=L2 new-packet-mark=L2 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=vpn new-packet-mark=vpn \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=is1 new-packet-mark=is1 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=S2 new-packet-mark=S2 \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=P2 new-packet-mark=P2 \
    passthrough=yes
add action=mark-routing chain=prerouting comment=mbdn connection-mark=mbdn \
    disabled=yes new-routing-mark=mbdn passthrough=yes
/ip firewall nat
add action=accept chain=dstnat comment="sakti UDP DNS Intercept" disabled=yes \
    dst-port=53 protocol=udp src-address=10.0.1.230 to-ports=53
add action=accept chain=dstnat comment="sourav maiti UDP DNS Intercept" \
    dst-port=53 protocol=udp src-address=10.255.255.29 to-ports=53
add action=accept chain=dstnat comment="sekhar UDP DNS Intercept" disabled=\
    yes dst-port=53 protocol=udp src-address=10.0.1.233 to-ports=53
add action=accept chain=dstnat comment="s chak UDP DNS Intercept" disabled=\
    yes dst-port=53 protocol=udp src-address=10.0.1.231 to-ports=53
add action=accept chain=dstnat comment="ani jana UDP DNS Intercept" disabled=\
    yes dst-port=53 protocol=udp src-address=10.0.1.232 to-ports=53
add action=accept chain=dstnat comment="main br UDP DNS Intercept" disabled=\
    yes dst-port=53 protocol=udp src-address=10.0.1.234 to-ports=53
add action=accept chain=dstnat comment="pmaji UDP DNS Intercept" disabled=yes \
    dst-port=53 protocol=udp src-address=10.0.1.235 to-ports=53
add action=accept chain=dstnat comment="amit maiti UDP DNS Intercept" \
    disabled=yes dst-port=53 protocol=udp src-address=10.0.1.236 to-ports=53
add action=accept chain=dstnat comment="helpdesk UDP DNS Intercept" disabled=\
    yes dst-port=53 protocol=udp src-address=10.255.255.9 to-ports=53
add action=accept chain=dstnat comment="sourav maiti UDP DNS Intercept" \
    disabled=yes dst-port=53 protocol=udp src-address=10.255.255.36 to-ports=\
    53
add action=accept chain=dstnat comment="samba UDP DNS Intercept" disabled=yes \
    dst-port=53 protocol=udp src-address=10.0.1.237 to-ports=53
add action=accept chain=dstnat comment="samikUDP DNS Intercept" disabled=yes \
    dst-port=53 protocol=udp src-address=10.255.255.33 to-ports=53
add action=accept chain=dstnat comment="webserver UDP DNS Intercept" \
    disabled=yes dst-port=53 log=yes protocol=udp src-address=10.6.6.2 \
    to-ports=53
add action=accept chain=dstnat comment="sakti TCP DNS Intercept" disabled=yes \
    dst-port=53 protocol=tcp src-address=10.0.1.230 to-ports=53
add action=accept chain=dstnat comment="sekhar TCP DNS Intercept" disabled=\
    yes dst-port=53 protocol=tcp src-address=10.0.1.233 to-ports=53
add action=accept chain=dstnat comment="s chak TCP DNS Intercept" disabled=\
    yes dst-port=53 protocol=tcp src-address=10.0.1.231 to-ports=53
add action=accept chain=dstnat comment="ani jana TCP DNS Intercept" disabled=\
    yes dst-port=53 protocol=tcp src-address=10.0.1.232 to-ports=53
add action=accept chain=dstnat comment="main br TCP DNS Intercept" disabled=\
    yes dst-port=53 protocol=tcp src-address=10.0.1.234 to-ports=53
add action=accept chain=dstnat comment="pmaji TCP DNS Intercept" disabled=yes \
    dst-port=53 protocol=tcp src-address=10.0.1.235 to-ports=53
add action=accept chain=dstnat comment="amit maiti TCP DNS Intercept" \
    disabled=yes dst-port=53 protocol=tcp src-address=10.0.1.236 to-ports=53
add action=accept chain=dstnat comment="sourav maiti TCP DNS Intercept" \
    dst-port=53 protocol=tcp src-address=10.255.255.29 to-ports=53
add action=accept chain=dstnat comment="helpdesk TCP DNS Intercept" disabled=\
    yes dst-port=53 protocol=tcp src-address=10.255.255.9 to-ports=53
add action=accept chain=dstnat comment="sourav maiti TCP DNS Intercept" \
    disabled=yes dst-port=53 protocol=tcp src-address=10.255.255.36 to-ports=\
    53
add action=accept chain=dstnat comment="samba TCP DNS Intercept" disabled=yes \
    dst-port=53 protocol=tcp src-address=10.0.1.237 to-ports=53
add action=accept chain=dstnat comment="samikTCP DNS Intercept" disabled=yes \
    dst-port=53 protocol=tcp src-address=10.255.255.33 to-ports=53
add action=accept chain=dstnat comment="webserver TCP DNS Intercept" \
    disabled=yes dst-port=53 protocol=tcp src-address=10.6.6.2 to-ports=53
add action=redirect chain=dstnat comment="UDP DNS Intercept" dst-port=53 \
    protocol=udp to-ports=53
add action=redirect chain=dstnat comment="TCP DNS Intercept" dst-port=53 \
    protocol=tcp to-ports=53
add action=netmap chain=dstnat comment="Test ATM Interface" disabled=yes \
    dst-address=10.7.59.250 log=yes src-address=10.0.249.200 to-addresses=\
    172.16.1.203
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
    172.16.1.150
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
    172.16.1.203
add action=accept chain=srcnat dst-address=172.16.1.150 src-address=\
    172.16.62.15
add action=accept chain=srcnat disabled=yes dst-address=172.16.1.203 \
    src-address=172.16.62.15
add action=netmap chain=dstnat comment="Production ATM Interface" \
    dst-address=10.7.59.251 dst-port=9933 log=yes protocol=tcp src-address=\
    10.0.249.251 to-addresses=172.16.1.152
add action=netmap chain=dstnat comment="IMPS Test Interface" dst-address=\
    10.7.59.101 dst-port=9932 log=yes protocol=tcp src-address=10.0.249.200 \
    src-port="" to-addresses=172.16.1.203
add action=accept chain=srcnat disabled=yes dst-address=172.16.62.15 \
    src-address=10.255.255.29
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
    192.168.254.10
add action=netmap chain=srcnat comment="Production ATM Interface" \
    dst-address=10.0.249.251 src-address=172.16.1.152 to-addresses=\
    10.7.59.251
add action=netmap chain=srcnat comment="ATM Machine 1 Main br" dst-address=\
    10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=10.5.5.10 \
    to-addresses=10.7.59.1
add action=netmap chain=srcnat comment="ATM Machine 4 Rng Br " dst-address=\
    10.0.249.4 dst-port=2004 log=yes protocol=tcp src-address=10.5.5.22 \
    to-addresses=10.7.59.4
add action=netmap chain=srcnat comment="ATM Machine 5 DGK Br " dst-address=\
    10.0.249.4 dst-port=2005 log=yes protocol=tcp src-address=10.5.5.26 \
    to-addresses=10.7.59.5
add action=netmap chain=srcnat comment="ATM Machine 6 BBZR Br " dst-address=\
    10.0.249.4 dst-port=2003 log=yes protocol=tcp src-address=10.5.5.30 \
    to-addresses=10.7.59.6
add action=netmap chain=srcnat comment="ATM Machine 8 Barb Br " dst-address=\
    10.0.249.4 dst-port=2006 log=yes protocol=tcp src-address=10.5.5.38 \
    to-addresses=10.7.59.8
add action=netmap chain=srcnat comment="ATM Machine 9 CK Road Br " \
    dst-address=10.0.249.4 dst-port=2007 log=yes protocol=tcp src-address=\
    10.5.5.42 to-addresses=10.7.59.9
add action=netmap chain=srcnat comment="Recycler Machine 10 Main Br  TLS" \
    dst-address=10.0.249.4 dst-port=2001 log=yes protocol=tcp src-address=\
    10.5.5.46 to-addresses=10.7.59.10
add action=netmap chain=srcnat comment="ATM Machine 7 Egra Br " dst-address=\
    10.0.249.4 dst-port=2002 log=yes protocol=tcp src-address=10.5.5.33 \
    to-addresses=10.7.59.7
add action=netmap chain=srcnat comment="ATM Machine 2 dankuni br" \
    dst-address=10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=\
    10.5.5.18 to-addresses=10.7.59.2
add action=netmap chain=srcnat comment="ATM Machine 3 belda br" dst-address=\
    10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=10.5.5.14 \
    to-addresses=10.7.59.3
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=10.255.255.29 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=172.16.62.15 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=172.16.62.53 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=172.16.60.51 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.27 \
    log=yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.26 \
    log=yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.26 \
    log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.27 \
    log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=10.6.6.2 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=192.168.254.66 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
    yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=10.255.255.29 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=10.6.6.2 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=172.16.62.15 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=172.16.62.53 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=172.16.60.51 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
    log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=accept chain=srcnat comment=Biometric dst-address=172.16.69.128/26 \
    log=yes src-address=10.255.255.0/24
add action=accept chain=srcnat comment=Biometric dst-address=192.168.2.6 log=\
    yes src-address=10.255.255.0/24
add action=accept chain=srcnat comment=web disabled=yes dst-address=\
    10.255.255.0/24 log=yes out-interface=Datacenter-Bridge src-address=\
    10.6.6.2
add action=masquerade chain=srcnat comment=web disabled=yes dst-address=\
    10.6.6.2 log=yes src-address=10.255.255.0/24
add action=masquerade chain=srcnat comment=L8 dst-address=0.0.0.0/0 \
    src-address-list=L8 to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L6 \
    to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L4 \
    to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L3 \
    to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=\
    vpn1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L2 \
    to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L1
add action=masquerade chain=srcnat comment=S2 dst-address=0.0.0.0/0 \
    src-address-list=S2 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=P2 dst-address=0.0.0.0/0 \
    src-address-list=P2 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.11 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.110
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.111
add action=masquerade chain=srcnat comment=test disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.63.7 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
    src-address=10.255.255.29
add action=masquerade chain=srcnat comment=Helpdesk dst-address=0.0.0.0/0 \
    src-address=10.255.255.21
add action=masquerade chain=srcnat comment="noc comp1" dst-address=0.0.0.0/0 \
    src-address=10.255.255.134
add action=masquerade chain=srcnat comment="noc 2" dst-address=0.0.0.0/0 \
    src-address=10.255.255.121
add action=masquerade chain=srcnat comment="SRV MB" dst-address=0.0.0.0/0 \
    src-address=172.16.62.152 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="cts pc" dst-address=0.0.0.0/0 \
    src-address=172.16.62.15 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="is audit 1" dst-address=0.0.0.0/0 \
    src-address=172.16.62.102
add action=masquerade chain=srcnat comment="amit pc" dst-address=0.0.0.0/0 \
    src-address=172.16.62.13
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=10.10.10.226 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="temp mail server" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.171 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=ADC disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.186 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="cm mb" disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.62.12 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Main Br NVR" dst-address=\
    0.0.0.0/0 src-address=10.50.50.2
add action=masquerade chain=srcnat comment="ATM Main Br NVR" dst-address=\
    0.0.0.0/0 src-address=10.53.53.2
add action=masquerade chain=srcnat comment="Main Br NVR" dst-address=\
    0.0.0.0/0 src-address=10.50.50.4
add action=masquerade chain=srcnat comment="Main Br NVR" disabled=yes \
    dst-address=0.0.0.0/0 src-address=10.5.5.46
add action=masquerade chain=srcnat comment="NVR PC" dst-address=0.0.0.0/0 \
    src-address=10.50.50.3
add action=masquerade chain=srcnat comment=test disabled=yes dst-address=\
    0.0.0.0/0 src-address=10.255.255.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv laptop" dst-address=0.0.0.0/0 \
    src-address=10.8.8.2
add action=masquerade chain=srcnat comment="smn mb" disabled=yes dst-address=\
    0.0.0.0/0 src-address=10.255.255.31 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.12 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="meeting room" dst-address=\
    0.0.0.0/0 src-address=10.9.9.2 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sc rm" dst-address=0.0.0.0/0 \
    src-address=10.10.10.226
add action=masquerade chain=srcnat comment="sekhar mob" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.60.123
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.76 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
    src-address=172.16.62.53 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Raju Lap" dst-address=0.0.0.0/0 \
    src-address=172.16.60.70
add action=masquerade chain=srcnat comment="Apollo Mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.100
add action=masquerade chain=srcnat comment="Mukti Ph" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.60.110
add action=masquerade chain=srcnat comment="sambo Mob" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.60.127
add action=masquerade chain=srcnat comment="manu mb" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.60.130
add action=masquerade chain=srcnat comment="Pinaki Mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.151
add action=masquerade chain=srcnat comment="prasun lap" dst-address=0.0.0.0/0 \
    src-address=172.16.60.98
add action=masquerade chain=srcnat comment="debashis mob" dst-address=\
    0.0.0.0/0 src-address=172.16.60.136
add action=masquerade chain=srcnat comment="pallab Mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.109
add action=masquerade chain=srcnat comment="sec m" dst-address=0.0.0.0/0 \
    src-address=172.16.60.67
add action=masquerade chain=srcnat comment="core firewall" dst-address=\
    0.0.0.0/0 src-address=172.16.6.81
add action=masquerade chain=srcnat comment="internet firewall" dst-address=\
    0.0.0.0/0 src-address=172.16.6.70
add action=masquerade chain=srcnat comment=NACH dst-address=0.0.0.0/0 \
    src-address=172.16.60.15
add action=masquerade chain=srcnat comment="sourav mb" dst-address=0.0.0.0/0 \
    src-address=172.16.62.11
add action=masquerade chain=srcnat comment="soumen mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.55
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.102 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.101 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sec lap" dst-address=0.0.0.0/0 \
    src-address=172.16.60.74
add action=masquerade chain=srcnat comment="santu pc" dst-address=0.0.0.0/0 \
    src-address=172.16.60.83
add action=masquerade chain=srcnat comment="Suman Mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.143
add action=masquerade chain=srcnat comment="apollo pc" dst-address=0.0.0.0/0 \
    src-address=172.16.60.86
add action=masquerade chain=srcnat comment="srv mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.27
add action=masquerade chain=srcnat comment="ram mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.28
add action=masquerade chain=srcnat comment="smk mb" dst-address=0.0.0.0/0 \
    src-address=172.16.60.122
add action=masquerade chain=srcnat comment="anirban mob" dst-address=\
    0.0.0.0/0 src-address=172.16.60.52
add action=masquerade chain=srcnat comment="samik mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.39
add action=masquerade chain=srcnat comment="santu mob" dst-address=0.0.0.0/0 \
    src-address=172.16.60.75
add action=masquerade chain=srcnat comment="Operation Manager Server" \
    disabled=yes dst-address=0.0.0.0/0 src-address=172.16.1.182 to-addresses=\
    UUU.239.24.97
add action=masquerade chain=srcnat comment="app 04" disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.181
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 \
    src-address=172.16.1.115 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="DNS Server" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.186 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address=\
    10.11.11.2
add action=masquerade chain=srcnat comment="DNS AD Server" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.176 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="deep security server" disabled=\
    yes dst-address=0.0.0.0/0 src-address=172.16.1.174
add action=masquerade chain=srcnat comment="samik pc" disabled=yes \
    dst-address=0.0.0.0/0 src-address=10.255.255.33
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
    src-address=10.255.255.36 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="External Firewall 1 palo alto" \
    dst-address=0.0.0.0/0 src-address=172.16.6.61
add action=masquerade chain=srcnat comment="External Firewall 2 palo alto" \
    dst-address=0.0.0.0/0 src-address=172.16.6.62
add action=masquerade chain=srcnat comment="DC ALL Internet" disabled=yes \
    dst-address=0.0.0.0/0 src-address=10.255.255.0/24
add action=masquerade chain=srcnat comment="pr mb" dst-address=0.0.0.0/0 \
    src-address=172.16.62.76 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Bijoy Lappy" dst-address=\
    0.0.0.0/0 src-address=172.16.60.30
add action=masquerade chain=srcnat comment="arghya mob" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.60.35
add action=masquerade chain=srcnat comment="pint mob" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.62.31
add action=masquerade chain=srcnat comment="dlp mjee " disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.62.57
add action=masquerade chain=srcnat comment="Infra 2" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.180 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Infra 1" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.170 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=NMMI disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.184 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=Server dst-address=0.0.0.0/0 \
    src-address=172.16.10.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="atn mb" dst-address=0.0.0.0/0 \
    src-address=172.16.62.28
add action=masquerade chain=srcnat comment="alv mb" dst-address=0.0.0.0/0 \
    log=yes src-address=172.16.62.17
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
    src-address=172.16.60.112
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
    src-address=172.16.60.111
add action=masquerade chain=srcnat comment="Boardroom Nova" dst-address=\
    0.0.0.0/0 log=yes src-address=172.16.60.49
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
    src-address=172.16.60.59
add action=masquerade chain=srcnat comment="sourav lap" dst-address=0.0.0.0/0 \
    log=yes src-address=172.16.60.85
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
    src-address=172.16.60.64
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
    src-address=172.16.60.40
add action=masquerade chain=srcnat comment="amit da" dst-address=0.0.0.0/0 \
    log=yes src-address=172.16.60.44
add action=masquerade chain=srcnat comment=Server dst-address=0.0.0.0/0 \
    src-address=172.16.2.100 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="NOC PCs" dst-address=0.0.0.0/0 \
    src-address=172.16.61.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="HELPDESK PCs" dst-address=\
    0.0.0.0/0 src-address=172.16.6.160/27 to-addresses=UUU.239.24.97
add action=src-nat chain=srcnat comment="IRS Server" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.171 to-addresses=\
    MMM.NNN.126.245
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 \
    src-address=172.16.1.5 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=servers dst-address=0.0.0.0/0 \
    src-address=172.16.1.0/24
add action=masquerade chain=srcnat comment=\
    "Fortinet Firewall External Interface" dst-address=0.0.0.0/0 src-address=\
    172.16.6.70 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="AV Server" dst-address=0.0.0.0/0 \
    src-address=172.16.6.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Suman PC" dst-address=0.0.0.0/0 \
    src-address=172.16.60.135
add action=masquerade chain=srcnat comment="Koushik Lap" dst-address=\
    0.0.0.0/0 src-address=172.16.60.120
add action=masquerade chain=srcnat comment="Forti Authenticator" dst-address=\
    0.0.0.0/0 src-address=172.16.2.70 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Forti Analyzer" dst-address=\
    0.0.0.0/0 src-address=172.16.2.74 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="TnD DB1" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.177 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="TnD DB2" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.187 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sunny pc" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.62.34
add action=src-nat chain=srcnat comment="Web Server" dst-address=0.0.0.0/0 \
    src-address=10.6.6.2 to-addresses=139.167.64.3
add action=masquerade chain=srcnat comment="3PAR Out" dst-address=0.0.0.0/0 \
    src-address=172.16.2.49
add action=masquerade chain=srcnat comment="StorServ Out" dst-address=\
    0.0.0.0/0 src-address=172.16.2.50
add action=masquerade chain=srcnat comment="RTGS/NEFT Server" dst-address=\
    0.0.0.0/0 log=yes src-address=172.16.6.13
add action=netmap chain=dstnat comment="SMS Inbound" dst-address=\
    LLL.HHH82.250 dst-port=5566 log=yes protocol=tcp src-address=0.0.0.0/0 \
    src-port="" to-addresses=172.16.6.13 to-ports=5566
add action=masquerade chain=srcnat comment="MIS Server" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.151 to-addresses=LLL.71.158.2
add action=masquerade chain=srcnat comment=SMS disabled=yes dst-address=\
    0.0.0.0/0 log=yes src-address=172.16.1.152
add action=masquerade chain=srcnat comment="3 PAR Storage" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.2.49
add action=masquerade chain=srcnat comment=ILO dst-address=0.0.0.0/0 \
    src-address=172.16.2.48
add action=netmap chain=srcnat comment=IMSS dst-address=0.0.0.0/0 \
    src-address=172.16.6.21 to-addresses=139.167.64.2
add action=netmap chain=srcnat comment="test mail" disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.171 to-addresses=MMM.NNN.126.245
add action=netmap chain=srcnat comment=EXCHANGE disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.171 to-addresses=43.252.248.253
add action=netmap chain=srcnat comment=FTP disabled=yes dst-address=0.0.0.0/0 \
    src-address=10.255.255.29 to-addresses=43.252.248.254
add action=netmap chain=dstnat comment="WEB Server" disabled=yes dst-address=\
    MMM.NNN.126.244 dst-port=80 protocol=tcp src-address=0.0.0.0/0 src-port=\
    "" to-addresses=10.6.6.2 to-ports=80
add action=netmap chain=dstnat comment="WEB Server" dst-address=139.167.64.3 \
    dst-port=443 log=yes protocol=tcp src-address=0.0.0.0/0 src-port="" \
    to-addresses=10.6.6.2 to-ports=443
add action=netmap chain=dstnat comment="WEB Server" dst-address=139.167.64.3 \
    dst-port=21 protocol=tcp src-address=0.0.0.0/0 src-port="" to-addresses=\
    10.6.6.2 to-ports=21
add action=netmap chain=dstnat comment="3PAR inbound 1" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    16.249.3.18 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 8" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    15.240.0.74 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 9" dst-address=\
    136.233.107.66 dst-port=22 protocol=tcp src-address=0.0.0.0/0 src-port="" \
    to-addresses=172.16.2.49 to-ports=22
add action=netmap chain=dstnat comment="3PAR inbound 11" dst-address=\
    136.233.107.66 dst-port=5781 protocol=tcp src-address=0.0.0.0/0 src-port=\
    "" to-addresses=172.16.2.49 to-ports=5781
add action=netmap chain=dstnat comment="3PAR inbound 10" dst-address=\
    136.233.107.66 dst-port=5783 protocol=tcp src-address=0.0.0.0/0 src-port=\
    "" to-addresses=172.16.2.49 to-ports=5783
add action=netmap chain=dstnat comment="3PAR inbound 7" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    15.240.0.73 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 6" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    15.201.200.206 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 5" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    15.201.200.205 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 4" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    16.251.4.224 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 3" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    16.251.3.82 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 2" disabled=yes \
    dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
    16.249.3.14 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="webmail mail" dst-address=\
    139.167.64.2 dst-port=443 protocol=tcp src-port="" to-addresses=\
    172.16.6.21 to-ports=443
add action=netmap chain=dstnat comment="smtp tls" dst-address=139.167.64.2 \
    dst-port=587 protocol=tcp src-port="" to-addresses=172.16.6.21 to-ports=\
    587
add action=netmap chain=dstnat comment="WEB Server" disabled=yes dst-address=\
    MMM.NNN.126.244 dst-port=21 protocol=tcp src-address=0.0.0.0/0 src-port=\
    "" to-addresses=10.6.6.2 to-ports=80
add action=netmap chain=dstnat comment=SFTP dst-address=LLL.HHH82.250 \
    dst-port=22 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
    172.16.6.13 to-ports=22
add action=netmap chain=dstnat comment=SFTP dst-address=LLL.HHH82.250 \
    dst-port=443 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
    172.16.6.13 to-ports=22
add action=netmap chain=dstnat comment="temp ftp" dst-address=LLL.HHH82.250 \
    dst-port=990 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
    172.16.6.13 to-ports=990
add action=netmap chain=dstnat comment=\
    "RTGS/NEFT Server LLL.71.158.3 43.252.248.251" disabled=yes dst-address=\
    MMM.NNN.126.243 src-address=0.0.0.0/0 to-addresses=172.16.6.13
add action=netmap chain=dstnat comment=smtp dst-address=139.167.64.2 \
    dst-port=25 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
    to-ports=25
add action=netmap chain=dstnat comment="smtp ssl" dst-address=139.167.64.2 \
    dst-port=465 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
    to-ports=465
add action=netmap chain=dstnat comment=pop dst-address=139.167.64.2 dst-port=\
    110 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 to-ports=\
    110
add action=netmap chain=dstnat comment=imap dst-address=139.167.64.2 \
    dst-port=143 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
    to-ports=143
add action=netmap chain=dstnat comment="imap ssl/tls" dst-address=\
    139.167.64.2 dst-port=993 protocol=tcp src-address=0.0.0.0/0 \
    to-addresses=172.16.6.21 to-ports=993
add action=netmap chain=dstnat comment="pop ssl" dst-address=139.167.64.2 \
    dst-port=995 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
    to-ports=995
add action=accept chain=srcnat dst-address-list=172.16.62.15 \
    src-address-list=192.168.254.10
add action=masquerade chain=srcnat comment="koushik ph" dst-address=0.0.0.0/0 \
    src-address=172.16.60.36
add action=masquerade chain=srcnat comment="prasun karar mob" dst-address=\
    0.0.0.0/0 src-address=172.16.60.65
add action=masquerade chain=srcnat comment="director router" dst-address=\
    0.0.0.0/0 src-address=172.16.62.48
add action=masquerade chain=srcnat comment="hasibul mob" dst-address=\
    0.0.0.0/0 src-address=172.16.62.12
add action=masquerade chain=srcnat comment=al src-address=172.16.62.22
add action=masquerade chain=srcnat comment="prasun phoco ph" dst-address=\
    0.0.0.0/0 src-address=172.16.60.119
add action=masquerade chain=srcnat comment="HO Biometric" dst-address=\
    0.0.0.0/0 src-address=172.16.60.11
add action=masquerade chain=srcnat comment="PAN Verification" dst-address=\
    0.0.0.0/0 log=yes src-address=172.16.6.12
add action=masquerade chain=srcnat comment="NACH H2H" dst-address=0.0.0.0/0 \
    log=yes src-address=172.16.6.14
add action=masquerade chain=srcnat comment="T N D" disabled=yes dst-address=\
    0.0.0.0/0 src-address=172.16.1.203
add action=masquerade chain=srcnat comment="Test VM" disabled=yes \
    dst-address=0.0.0.0/0 src-address=172.16.1.132
add action=masquerade chain=srcnat comment="EIP SERVER" disabled=yes \
    dst-address=0.0.0.0/0 log=yes src-address=172.16.1.150
add action=dst-nat chain=dstnat comment="MAIN BR CASH NVR" dst-address=\
    LLL.HHH82.250 dst-port=1091 protocol=tcp to-addresses=10.50.50.2 \
    to-ports=37777
add action=dst-nat chain=dstnat comment="MAIN BR ATM" dst-address=\
    LLL.HHH82.250 dst-port=1090 protocol=tcp to-addresses=10.53.53.2 \
    to-ports=37777
add action=dst-nat chain=dstnat comment="MAIN BR NVR" dst-address=\
    LLL.HHH82.250 dst-port=1092 protocol=tcp to-addresses=10.50.50.4 \
    to-ports=37777
add action=dst-nat chain=dstnat comment="HO NVR" dst-address=LLL.HHH82.250 \
    dst-port=1093 protocol=tcp to-addresses=10.52.52.2 to-ports=37777
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    173.245.48.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    103.21.244.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    103.22.200.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    103.31.4.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    141.101.64.0/18
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    108.162.192.0/18
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    190.93.240.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    188.114.96.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    197.234.240.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    198.41.128.0/17
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    162.158.0.0/15
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    104.16.0.0/12
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    172.64.0.0/13
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
    131.0.72.0/22
/ip firewall raw
add action=accept chain=prerouting dst-address=172.16.1.152 src-address=\
    172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.150 src-address=\
    172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.151 src-address=\
    172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.111 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.12 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.150 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=22 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8445 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8444 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8444 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.12 dst-port=8443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=8443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=9443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=4848 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.111 dst-port=8443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8483 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8443 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=9933 \
    protocol=tcp
add action=accept chain=prerouting dst-address=172.16.6.14 dst-port=\
    135-139,445 protocol=tcp src-address=10.255.255.29
add action=accept chain=prerouting dst-address=172.16.6.14 dst-port=\
    135-139,445 protocol=tcp src-address=172.16.60.98
add action=drop chain=prerouting dst-address=172.16.6.14 dst-port=135-139,445 \
    protocol=tcp
add action=drop chain=prerouting dst-address=172.16.1.111
add action=drop chain=prerouting dst-address=172.16.1.12
add action=drop chain=prerouting dst-address=172.16.1.11
add action=drop chain=prerouting disabled=yes dst-address=172.16.1.152
add action=drop chain=prerouting dst-address=172.16.1.151
add action=drop chain=prerouting dst-address=10.50.50.0/24 dst-port=37777 \
    log=yes log-prefix=piku-cctv protocol=tcp src-address=172.16.60.15
add action=drop chain=prerouting dst-address=10.52.52.0/24 dst-port=37777 \
    log=yes log-prefix=piku-cctv protocol=tcp src-address=172.16.60.15
add action=log chain=prerouting disabled=yes dst-port=37777 log=yes \
    log-prefix=Piku-Watching-CCTV protocol=tcp src-address=172.16.60.15
add action=drop chain=prerouting dst-address=MMM.NNN.126.242-MMM.NNN.126.254
add action=drop chain=prerouting disabled=yes protocol=tcp src-port=9932
/ip ipsec identity
add peer=peer1
/ip ipsec policy
set 0 disabled=yes dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add comment="ATM Full Policy" dst-address=10.0.249.0/24 level=unique peer=\
    peer1 src-address=10.7.59.0/24 tunnel=yes
add comment="ATM Full Policy" disabled=yes dst-address=192.168.4.0/24 level=\
    unique sa-dst-address=122.176.66.44 sa-src-address=MMM.NNN.126.242 \
    src-address=172.16.1.0/24 tunnel=yes
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip route
add disabled=yes distance=20 gateway=LLL.73.53.193 routing-mark=L4
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L4
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=L1
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L1
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=L8
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L8
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L3
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=S2
add distance=3 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=cts
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=P2
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=P2
add disabled=yes distance=3 gateway=LLL.73.53.193 routing-mark=mbdn
add distance=3 gateway=LLL.HHH82.249
add comment=main disabled=yes distance=4 gateway=MMM.NNN.126.241
add distance=1 dst-address=4.2.2.5/32 gateway=MMM.NNN.126.241
add distance=1 dst-address=4.2.2.6/32 gateway=LLL.HHH82.249
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70
/ip route rule
add action=drop disabled=yes dst-address=172.16.1.12/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.11/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.102/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.151/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.152/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.203/32 routing-mark=is1
add action=drop disabled=yes dst-address=0.0.0.0/0 src-address=10.50.50.3/32
add action=drop disabled=yes dst-address=0.0.0.0/0 src-address=\
    172.16.62.15/32
add action=drop disabled=yes dst-address=103.231.78.237/32 src-address=\
    172.16.62.15/32
add action=drop disabled=yes dst-address=115.112.84.30/32 src-address=\
    172.16.62.15/32
add action=drop disabled=yes dst-address=172.16.1.11/32 src-address=\
    172.16.62.0/24
add action=drop disabled=yes dst-address=172.16.1.12/32 src-address=0.0.0.0/0
add action=drop disabled=yes dst-address=172.16.1.203/32 src-address=\
    192.168.254.0/24
add action=drop disabled=yes dst-address=172.16.1.177/32 src-address=\
    192.168.254.0/24
add action=drop disabled=yes dst-address=172.16.1.178/32 src-address=\
    192.168.254.0/24
add action=drop dst-address=0.0.0.0/0 src-address=10.13.13.2/32
/ip service
set telnet disabled=yes port=26
set ftp disabled=yes port=6800
set www disabled=yes
set ssh disabled=yes port=25
set www-ssl port=1195
set api disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=ether7 type=internal
/ipv6 address
add address=BBBB:CCC:891::166/126 advertise=no comment="ISP1 WAN" interface=\
    sfp1
add address=BBBB:CCC:c00::1/119 advertise=no comment="LAN Bridge" interface=\
    lan-bridge
add address=BBBB:CCC:c00::401/119 advertise=no comment="DC Bridge" interface=\
    Datacenter-Bridge
add address=BBBB:CCC:c00::601/119 advertise=no comment="HO Interface" \
    interface=vlan17-ho
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=25 protocol=tcp
add action=accept chain=forward comment="web mail" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=443 log=yes protocol=tcp
add action=accept chain=forward comment="web server" dst-address=\
    BBBB:CCC:c00::602/128 dst-port=443 log=yes protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=587 log=yes protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=465 log=yes protocol=tcp
add action=accept chain=forward comment=imap dst-address=\
    BBBB:CCC:c00::202/128 dst-port=143 protocol=tcp
add action=accept chain=forward comment=SFTP dst-address=\
    BBBB:CCC:c00::203/128 dst-port=22 protocol=tcp
add action=accept chain=forward comment=SFTP dst-address=\
    BBBB:CCC:c00::203/128 dst-port=443 protocol=tcp
add action=accept chain=forward comment=imap dst-address=\
    BBBB:CCC:c00::202/128 dst-port=995 log=yes protocol=tcp
add action=accept chain=forward comment=pop3 dst-address=\
    BBBB:CCC:c00::202/128 dst-port=110 log=yes protocol=tcp
add action=accept chain=forward comment=pop3 dst-address=\
    BBBB:CCC:c00::202/128 dst-port=993 protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=25 protocol=udp
add action=accept chain=forward comment="web mail" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=443 protocol=udp
add action=accept chain=forward comment="web server" dst-address=\
    BBBB:CCC:c00::602/128 dst-port=443 protocol=udp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=587 protocol=udp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
    BBBB:CCC:c00::202/128 dst-port=465 protocol=udp
add action=accept chain=forward comment=imap dst-address=\
    BBBB:CCC:c00::202/128 dst-port=143 protocol=udp
add action=accept chain=forward comment=imap dst-address=\
    BBBB:CCC:c00::202/128 dst-port=995 protocol=udp
add action=accept chain=forward comment=pop3 dst-address=\
    BBBB:CCC:c00::202/128 dst-port=110 protocol=udp
add action=accept chain=forward comment=pop3 dst-address=\
    BBBB:CCC:c00::202/128 dst-port=993 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" in-interface=sfp1 \
    src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 \
    in-interface=sfp1
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 in-interface=sfp1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else coming from WAN" in-interface=sfp1 log=yes \
    log-prefix="IPv6 Internal Attack"
add action=drop chain=input comment=\
    "defconf: drop everything else coming from WAN" in-interface=sfp1 log=yes \
    log-prefix="IPv6 Router Attack"
/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=Datacenter-Bridge \
    ra-interval=30s-1m40s
/ipv6 route
add comment="Internet Routing" distance=1 gateway=BBBB:CCC:891::165
add distance=1 dst-address=BBBB:CCC:c00::200/119 gateway=BBBB:CCC:c00::2
/lcd
set backlight-timeout=never default-screen=stats touch-screen=disabled
/ppp secret
add name=apolloali service=pppoe
add name=audit service=pppoe
add name=bijoy profile=L1 service=pppoe
add name=debu service=pppoe
add name=ppp profile=L1 service=pppoe
add name=prasun profile=L1 service=pppoe
add name=rf001 profile=L1 service=pppoe
add name=sourav profile=L1 service=pppoe
add name=recovery service=pppoe
add name=sourav1 profile=L1 service=pppoe
add local-address=10.0.0.1 name=prasunkarar remote-address=10.0.0.3
add local-address=192.168.254.1 name=issac1 profile=is1 remote-address=\
    192.168.254.9 service=ovpn
add local-address=10.4.4.5 name=panskura profile=vpn remote-address=10.4.4.6 \
    service=ovpn
add local-address=10.4.4.41 name=bbzr profile=vpn remote-address=10.4.4.42 \
    service=ovpn
add local-address=10.4.4.53 name=ckroad profile=vpn remote-address=10.4.4.54 \
    service=ovpn
add local-address=10.4.4.33 name=egra profile=vpn remote-address=10.4.4.34 \
    service=ovpn
add local-address=10.4.4.29 name=ndk profile=vpn remote-address=10.4.4.30 \
    service=ovpn
add disabled=yes local-address=10.4.4.61 name=aroymid profile=vpn \
    remote-address=10.4.4.62 service=ovpn
add local-address=192.168.254.1 name=issac2 profile=is1 remote-address=\
    192.168.254.10 service=ovpn
add local-address=10.4.4.45 name=ndg profile=vpn remote-address=10.4.4.46 \
    service=ovpn
add local-address=10.4.4.37 name=heria profile=vpn remote-address=10.4.4.38 \
    service=ovpn
add local-address=10.4.4.9 name=dgk profile=vpn remote-address=10.4.4.10 \
    service=ovpn
add local-address=10.4.4.49 name=mahi profile=vpn remote-address=10.4.4.50 \
    service=ovpn
add local-address=10.4.4.17 name=bld profile=vpn remote-address=10.4.4.18 \
    service=ovpn
add local-address=10.4.4.25 name=mgmro profile=vpn remote-address=10.4.4.26 \
    service=ovpn
add local-address=192.168.254.1 name=admin profile=vpn1 remote-address=\
    192.168.254.66
add local-address=10.4.4.1 name=rng profile=vpn remote-address=10.4.4.2 \
    service=ovpn
add disabled=yes local-address=10.0.0.1 name=pmajee service=pppoe
add name=soumen service=pppoe
add local-address=10.4.4.21 name=dankuni profile=vpn remote-address=10.4.4.22 \
    service=ovpn
add name=sourav3 profile=L1
add local-address=10.4.4.13 name=midnapur profile=vpn remote-address=\
    10.4.4.14 service=ovpn
add local-address=10.0.0.1 name=anirban service=pppoe
add name=sourav4 profile=L1 service=pppoe
add name=mrinal service=pppoe
add local-address=192.168.254.1 name=prasunvpn profile=vpn1 remote-address=\
    192.168.254.69
add name=amit service=pppoe
add local-address=192.168.254.1 name=issac3 profile=is1 remote-address=\
    192.168.254.11 service=ovpn
add name=manab service=pppoe
add disabled=yes name=auditcell service=pppoe
add name=accounts service=pppoe
add disabled=yes local-address=10.0.0.1 name=mainbr service=pppoe
add name=samik service=pppoe
add name=sujit service=pppoe
add name=suryendu service=pppoe
add name=nitya service=pppoe
add name=mrchaudhuri service=pppoe
add local-address=10.4.4.57 name=barb profile=vpn remote-address=10.4.4.58 \
    service=ovpn
add name=sambo service=pppoe
add disabled=yes local-address=10.0.0.1 name=sakti remote-address=10.0.1.230 \
    service=pppoe
add local-address=10.0.0.1 name=sekhar service=pppoe
add disabled=yes name=biswajit service=pppoe
add name=hasibul service=pppoe
add name=rupak service=pppoe
add name=adcell service=pppoe
add name=moni service=pppoe
add disabled=yes name=asahoo service=pppoe
add name=nova service=pppoe
add name=nova1 service=pppoe
add local-address=10.0.0.1 name=kousik remote-address=10.0.0.4
add disabled=yes name=dipu service=pppoe
add disabled=yes name=adcell1 service=pppoe
add disabled=yes local-address=192.168.254.1 name=pijush profile=is1 \
    remote-address=192.168.254.12 service=ovpn
add disabled=yes local-address=192.168.254.1 name=bijoyvpn profile=is1 \
    remote-address=192.168.254.13 service=ovpn
add name=pallab service=pppoe
add name=santu service=pppoe
add name=arindam service=pppoe
add name=nmandal service=pppoe
add name=souradeep service=pppoe
add name=atanu
add local-address=192.168.254.1 name=issac4 profile=is1 remote-address=\
    192.168.254.12 service=ovpn
add local-address=192.168.254.1 name=jayanta profile=is1 remote-address=\
    192.168.254.14 service=ovpn
add name=arghya service=pppoe
add name=soumitra
/routing bgp aggregate
add include-igp=yes instance=default prefix=10.4.4.0/24
/routing bgp network
add network=10.255.255.0/24 synchronize=no
add network=172.16.0.0/21 synchronize=no
add network=10.0.249.4/32 synchronize=no
add network=172.16.62.0/24 synchronize=no
add network=10.50.50.0/24 synchronize=no
add network=10.0.249.101/32 synchronize=no
/routing bgp peer
add name=peer2 out-filter=to_R1 remote-address=10.4.4.2 remote-as=4200000002 \
    ttl=default
add name=peer8 out-filter=to_R1 remote-address=10.4.4.6 remote-as=4200000008 \
    ttl=default
add name=peer16 out-filter=to_R1 remote-address=10.4.4.22 remote-as=\
    4200000016 ttl=default
add name=peer7 out-filter=to_R1 remote-address=10.4.4.10 remote-as=4200000007 \
    ttl=default
add name=peer17 out-filter=to_R1 remote-address=10.4.4.14 remote-as=\
    4200000017 ttl=default
add name=peer6 out-filter=to_R1 remote-address=10.4.4.18 remote-as=4200000006 \
    ttl=default
add name=peer5 out-filter=to_R1 remote-address=10.4.4.26 remote-as=4200000005 \
    ttl=default
add name=peer10 out-filter=to_R1 remote-address=10.4.4.30 remote-as=\
    4200000010 ttl=default
add name=peer3 out-filter=to_R1 remote-address=10.4.4.34 remote-as=4200000003 \
    ttl=default
add name=peer4 out-filter=to_R1 remote-address=10.4.4.38 remote-as=4200000004 \
    ttl=default
add name=peer13 out-filter=to_R1 remote-address=10.4.4.42 remote-as=\
    4200000013 ttl=default
add name=peer12 out-filter=to_R1 remote-address=10.4.4.46 remote-as=\
    4200000012 ttl=default
add name=peer9 out-filter=to_R1 remote-address=10.4.4.50 remote-as=4200000009 \
    ttl=default
add name=peer14 out-filter=to_R1 remote-address=10.4.4.54 remote-as=\
    4200000014 ttl=default
add name=peer11 out-filter=to_R1 remote-address=10.4.4.58 remote-as=\
    4200000011 ttl=default
/routing filter
add action=discard chain=to_R1 prefix=172.16.66.0/26
add action=discard chain=to_R1 prefix=172.16.66.64/26
add action=discard chain=to_R1 prefix=172.16.66.128/26
add action=discard chain=to_R1 prefix=172.16.66.192/26
add action=discard chain=to_R1 prefix=172.16.67.0/26
add action=discard chain=to_R1 prefix=172.16.67.64/26
add action=discard chain=to_R1 prefix=172.16.67.128/26
add action=discard chain=to_R1 prefix=172.16.67.192/26
add action=discard chain=to_R1 prefix=172.16.68.0/26
add action=discard chain=to_R1 prefix=172.16.68.64/26
add action=discard chain=to_R1 prefix=172.16.68.128/26
add action=discard chain=to_R1 prefix=172.16.68.192/26
add action=discard chain=to_R1 prefix=172.16.69.0/26
add action=discard chain=to_R1 prefix=172.16.69.64/26
add action=discard chain=to_R1 prefix=172.16.69.128/26
add action=discard chain=to_R1 prefix=172.16.69.192/26
/snmp
set enabled=yes trap-version=3
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name=SrvRouter
/system leds
set 0 interface=sfp1 leds=sfp1-led type=interface-activity
set 1 interface=sfp2 leds=sfp2-led
set 2 interface=sfp3 leds=sfp3-led
set 3 interface=sfp4 leds=sfp4-led
set 4 disabled=yes interface=sfp1 leds=user-led type=interface-speed
/system logging
set 3 action=memory
add topics=system
add topics=ntp
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=ntp
add action=remote topics=system
add action=remote topics=warning
/system ntp client
set enabled=yes primary-ntp=162.159.200.1 secondary-ntp=2606:4700:f1::123
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/tool bandwidth-server
set max-sessions=10
/tool e-mail
set address=smtp.ccbltd.net from=admin@ccbltd.net start-tls=yes user=\
    admin@ccbltd.net
/tool graphing interface
add
/tool romon port
add
/tool user-manager database
set db-path=user-manager1


 
User avatar
maznu
Member Candidate
Member Candidate
Posts: 207
Joined: Tue May 05, 2015 11:12 am
Location: 74, FR / SA48, UK
Contact:

Re: Tile CCR BGP Crash after 7.1 upgrade

Thu Dec 22, 2022 10:19 am

I saw a similar issue on 7.6, opened a ticket with MikroTik support, and was advised this is fixed in 7.7rc. CCR1036-12G-4S no longer crashing with 7.7rc2.

Who is online

Users browsing this forum: adrianmartin16, hatred, pedroush, Qanon, Valerio5000 and 61 guests