sattva
Junior Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору # oct/31/2016 10:43:51 by RouterOS 6.37.1 # software id = D8PB-S5NB # /caps-man channel add band=2ghz-onlyn extension-channel=disabled frequency=2412 name=channel1 \ tx-power=17 width=20 add band=2ghz-onlyn extension-channel=disabled frequency=2437 name=channel6 \ tx-power=17 width=20 add band=2ghz-b/g/n extension-channel=disabled frequency=2452 name=channel11 \ tx-power=17 width=20 /caps-man datapath add client-to-client-forwarding=yes comment=Office local-forwarding=yes name=\ Office add client-to-client-forwarding=no comment=Guest local-forwarding=yes name=\ Guest vlan-id=47 vlan-mode=use-tag add client-to-client-forwarding=no comment=Guest local-forwarding=yes name=\ Guest_for_router /interface l2tp-server add disabled=yes name=l2tp-lesya2 user=lesya2 add disabled=yes name=l2tp-polisyanka user=policyanka2 /interface bridge add name=GuestNet add name=OfficeNet add mtu=1500 name=bridge-local protocol-mode=none add name=bridge_VLAN /interface ethernet set [ find default-name=ether1 ] comment=ether1 name=WAN set [ find default-name=ether2 ] name=ether2-master-local set [ find default-name=ether3 ] master-port=ether2-master-local name=\ ether3-slave-local set [ find default-name=ether4 ] master-port=ether2-master-local name=\ ether4-servers-local set [ find default-name=ether5 ] master-port=ether2-master-local name=\ ether5-slave-local /interface pptp-server add disabled=yes name=<pptp-ternopil_Taras> user=ternopil add disabled=yes name=pptp-Rovno user=rivne /interface gre add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \ name=gre-tunnelBoguniya remote-address=64.219.77.31 add keepalive=3s local-address=195.112.204.22 mtu=1400 name=gre-tunnelKiev \ remote-address=19.332.111.43 add keepalive=3s local-address=195.112.204.22 mtu=1400 name=\ gre-tunnelLUkrainki remote-address=195.112.137.164 add allow-fast-path=no ipsec-secret="Pa$$w0Rd" keepalive=3s local-address=\ 195.112.204.22 mtu=1400 name=gre-tunnelOffice-DKS remote-address=\ 195.112.157.134 add allow-fast-path=no ipsec-secret="Pa$$w0Rd" keepalive=3s local-address=\ 195.112.204.22 mtu=1400 name=gre-tunnelOffice-VEGA remote-address=\ 19.243.112.71 add keepalive=3s local-address=195.112.204.22 mtu=1400 name=gre-tunnelRovno \ remote-address=149.44.89.120 add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \ name=gre-tunnelShev_ISP1 remote-address=64.220.30.12 add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \ name=gre-tunnelShev_ISP2 remote-address=134.247.164.155 add allow-fast-path=no keepalive=3s mtu=1400 name=gre-tunnelStanishevka \ remote-address=46.233.75.31 add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \ name=gre-tunnelVokzalnaya-Kievstar remote-address=134.249.146.61 add allow-fast-path=no keepalive=3s local-address=195.112.204.22 mtu=1400 \ name=gre-tunnelVokzalnaya-O3 remote-address=109.250.109.105 /interface ipip add allow-fast-path=no clamp-tcp-mss=no comment=DKS disabled=yes dscp=0 \ !keepalive local-address=195.112.204.22 mtu=1480 name=ipip-Polisyanka \ remote-address=195.112.157.134 add allow-fast-path=no clamp-tcp-mss=no disabled=yes dscp=0 !keepalive \ local-address=195.112.204.22 mtu=1480 name=ipip-Ternopil_work \ remote-address=212.113.44.13 add allow-fast-path=no clamp-tcp-mss=no comment=MyLan disabled=yes dscp=0 \ !keepalive local-address=195.112.204.22 mtu=1480 name=ipip1-Polisyanka \ remote-address=19.243.112.71 /interface eoip add allow-fast-path=no disabled=yes !keepalive mac-address=02:6C:4A:23:C2:5D \ mtu=1500 name=eoip-Bogunia remote-address=172.16.1.12 tunnel-id=6112 add allow-fast-path=no disabled=yes !keepalive mac-address=02:D1:A6:39:20:81 \ name=eoip-Kiev remote-address=172.16.1.19 tunnel-id=11134 add allow-fast-path=no clamp-tcp-mss=no disabled=yes !keepalive mac-address=\ 02:AF:FF:A5:FE:65 name=eoip-L.Ukrainki remote-address=172.16.1.27 \ tunnel-id=6127 add allow-fast-path=no clamp-tcp-mss=no disabled=yes !keepalive mac-address=\ 02:D9:72:EE:6A:5B mtu=1500 name=eoip-Polisyanka remote-address=\ 172.16.1.17 tunnel-id=117 add allow-fast-path=no disabled=yes !keepalive mac-address=02:68:89:AF:11:A7 \ name=eoip-Rovno remote-address=172.16.1.16 tunnel-id=6116 add allow-fast-path=no disabled=yes !keepalive mac-address=02:6C:4A:23:C2:5D \ mtu=1500 name=eoip-Shevchenko remote-address=172.16.1.15 tunnel-id=6115 add allow-fast-path=no disabled=yes !keepalive mac-address=02:90:B3:98:BA:35 \ name=eoip-Stanishevka remote-address=172.16.1.13 tunnel-id=6113 add allow-fast-path=no disabled=yes !keepalive mac-address=02:B3:33:E2:66:51 \ name=eoip-Vokzalnaya remote-address=172.16.1.11 tunnel-id=6111 /ip neighbor discovery set WAN comment=ether1 set <pptp-ternopil_Taras> discover=no set eoip-Polisyanka discover=no set eoip-Shevchenko discover=no set ipip-Polisyanka comment=DKS discover=no set ipip-Ternopil_work discover=no set ipip1-Polisyanka comment=MyLan discover=no /caps-man security add authentication-types="" encryption="" name=open add authentication-types=wpa2-eap eap-methods=passthrough \ eap-radius-accounting=yes encryption=aes-ccm name=office /caps-man configuration add channel=channel6 country=ukraine datapath=Office mode=ap name=Office \ rates.basic="" rates.ht-basic-mcs="" rates.ht-supported-mcs="" \ rates.supported="" rates.vht-basic-mcs="none,(unknown)" \ rates.vht-supported-mcs="none,(unknown)" rx-chains=0,1,2 security=office \ security.eap-methods=passthrough security.eap-radius-accounting=yes ssid=\ AsklepiyOffice tx-chains=0,1,2 add channel=channel6 country=ukraine datapath=Guest mode=ap name=Guest \ rx-chains=0,1,2 security=open ssid=Asklepiy tx-chains=0,1,2 add channel=channel6 country=ukraine datapath=Guest_for_router mode=ap name=\ "Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)" rx-chains=0,1,2 security=\ open ssid=Asklepiy tx-chains=0,1,2 /caps-man interface add arp=enabled configuration=Office disabled=no l2mtu=1600 mac-address=\ D4:CA:6D:C6:79:F6 master-interface=none mtu=1500 name=\ AsklepiyAP-L.Ukrainki-1 radio-mac=D4:CA:6D:C6:79:F6 security.eap-methods=\ passthrough add configuration="Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)" disabled=no \ l2mtu=1600 mac-address=D6:CA:6D:C6:79:F6 master-interface=\ AsklepiyAP-L.Ukrainki-1 name=AsklepiyAP-L.Ukrainki-1-1 radio-mac=\ 00:00:00:00:00:00 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=Chernovtsi /ip dhcp-server option add code=67 name=Bootfile_name value="'myfiles'" add code=66 name=tftp value="'192.168.88.208'" add code=2 name=TimeZone value=0x1C20 /ip ipsec policy group set add name=default /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc,3des /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.99 add name=pptp-pool ranges=172.16.1.100-172.16.1.200 add name=openvpn ranges=172.21.108.2-172.21.108.99 add name=dhcp_pool1 ranges=10.10.10.10-10.10.10.99 add name=l2tp ranges=172.17.1.100-172.17.1.200 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=\ 1w10m name=server1 add address-pool=dhcp_pool1 disabled=no interface=OfficeNet lease-time=3h \ name=dhcp1 /ppp profile add change-tcp-mss=yes local-address=172.16.1.1 name=dynVPN-encryption \ remote-address=pptp-pool use-encryption=yes add local-address=172.21.108.1 name=ovpn remote-address=openvpn add change-tcp-mss=yes local-address=172.17.1.1 name=L2TP-Server \ use-compression=yes use-encryption=yes /routing ospf area add area-id=0.0.0.1 disabled=yes name=GRE /system logging action set 0 memory-lines=100 set 1 disk-lines-per-file=100 /caps-man manager set enabled=yes upgrade-policy=require-same-version /caps-man provisioning add action=create-enabled master-configuration=Office name-format=\ prefix-identity name-prefix=AsklepiyAP radio-mac=D4:CA:6D:C6:79:F6 \ slave-configurations="Guest_for_router (\F2.\E5. \E1\E5\E7 VLAN)" add action=create-dynamic-enabled master-configuration=Office name-format=\ prefix-identity name-prefix=AsklepiyAP slave-configurations=Guest /interface bridge filter # in/out-bridge-port matcher not possible when interface (WAN) is not slave add action=drop chain=input dst-port=67-69 in-interface=WAN ip-protocol=udp \ mac-protocol=ip add action=drop chain=input dst-port=67-69 in-interface=eoip-Kiev \ ip-protocol=udp mac-protocol=ip add action=drop chain=forward dst-port=67-69 in-interface=eoip-Kiev \ ip-protocol=udp mac-protocol=ip add action=drop chain=input dst-port=67-69 in-interface=eoip-Vokzalnaya \ ip-protocol=udp mac-protocol=ip add action=drop chain=forward dst-port=67-69 in-interface=eoip-Vokzalnaya \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Shevchenko) is not slave add action=drop chain=input dst-port=67-69 in-interface=eoip-Shevchenko \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Shevchenko) is not slave add action=drop chain=forward dst-port=67-69 in-interface=eoip-Shevchenko \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Stanishevka) is not slave add action=drop chain=input dst-port=67-69 in-interface=eoip-Stanishevka \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Stanishevka) is not slave add action=drop chain=forward dst-port=67-69 in-interface=eoip-Stanishevka \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Polisyanka) is not slave add action=drop chain=input dst-port=67-69 in-interface=eoip-Polisyanka \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Polisyanka) is not slave add action=drop chain=forward dst-port=67-69 in-interface=eoip-Polisyanka \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-L.Ukrainki) is not slave add action=drop chain=input dst-port=67-69 in-interface=eoip-L.Ukrainki \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-L.Ukrainki) is not slave add action=drop chain=forward dst-port=67-69 in-interface=eoip-L.Ukrainki \ ip-protocol=udp mac-protocol=ip # no interface add action=drop chain=input dst-port=67-69 in-interface=*325 ip-protocol=udp \ mac-protocol=ip # no interface add action=drop chain=forward dst-port=67-69 in-interface=*325 ip-protocol=\ udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Bogunia) is not slave add action=drop chain=input dst-port=67-69 in-interface=eoip-Bogunia \ ip-protocol=udp mac-protocol=ip # in/out-bridge-port matcher not possible when interface (eoip-Bogunia) is not slave add action=drop chain=forward dst-port=67-69 in-interface=eoip-Bogunia \ ip-protocol=udp mac-protocol=ip /interface bridge port add bridge=bridge-local interface=ether2-master-local add bridge=bridge-local disabled=yes interface=eoip-Shevchenko add bridge=bridge-local interface=eoip-Kiev add bridge=bridge-local interface=eoip-Vokzalnaya /interface l2tp-server server set default-profile=L2TP-Server enabled=yes ipsec-secret=Pa$$w0Rd /interface ovpn-server server set certificate=cert_2 cipher=blowfish128,aes128,aes192,aes256 enabled=yes \ mode=ethernet require-client-certificate=yes /interface pptp-server server set enabled=yes max-mru=1460 max-mtu=1460 /ip address add address=192.168.88.1/24 comment="local network" interface=\ ether2-master-local network=192.168.88.0 add address=195.112.204.22/30 comment=chernivtsi interface=WAN network=\ 195.211.240.64 add address=10.10.10.1/24 interface=OfficeNet network=10.10.10.0 add address=172.16.255.1/30 interface=gre-tunnelOffice-DKS network=\ 172.16.255.0 add address=172.16.253.1/30 comment="\CB\E5\F1\E8 \D3\EA\F0\E0\E8\ED\EA\E8" \ interface=gre-tunnelLUkrainki network=172.16.253.0 add address=172.16.254.1/30 interface=gre-tunnelBoguniya network=172.16.254.0 add address=172.16.252.1/30 interface=gre-tunnelStanishevka network=\ 172.16.252.0 add address=172.16.50.1/30 interface=gre-tunnelRovno network=172.16.50.0 add address=172.16.251.1/30 interface=gre-tunnelKiev network=172.16.251.0 add address=172.16.249.1/30 interface=gre-tunnelShev_ISP1 network=\ 172.16.249.0 add address=172.16.248.1/30 interface=gre-tunnelShev_ISP2 network=\ 172.16.248.0 add address=172.16.247.1/30 interface=gre-tunnelVokzalnaya-O3 network=\ 172.16.247.0 add address=172.16.246.1/30 interface=gre-tunnelVokzalnaya-Kievstar network=\ 172.16.246.0 add address=172.16.245.1/30 interface=gre-tunnelOffice-VEGA network=\ 172.16.245.0 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid interface=WAN /ip dhcp-server lease add address=192.168.88.209 client-id=1:54:4:a6:ed:a0:1f comment=TERMINAL.OLD \ mac-address=54:04:A6:ED:A0:1F server=server1 add address=192.168.88.222 client-id=1:0:25:90:e6:e2:7f mac-address=\ 00:25:90:E6:E2:7F server=server1 add address=192.168.88.223 client-id=1:0:25:90:e6:e2:7e mac-address=\ 00:25:90:E6:E2:7E server=server1 add address=192.168.88.221 client-id=1:0:25:90:ed:f4:95 comment=\ "IPMI (SRVASR)" mac-address=00:25:90:ED:F4:95 server=server1 add address=192.168.88.212 comment="CentOS 6.7" mac-address=00:15:5D:58:DF:09 \ server=server1 add address=192.168.88.91 comment=Elastix-2.5.0-Stable-x86_64-bin-21oct2014 \ mac-address=00:15:5D:58:DF:0A server=server1 add address=192.168.88.90 client-id=1:0:15:5d:58:df:c comment=Zabbix \ mac-address=00:15:5D:58:DF:0C server=server1 add address=192.168.88.99 comment=CWP mac-address=00:15:5D:58:DF:16 server=\ server1 add address=192.168.88.250 mac-address=00:15:5D:58:DF:17 server=server1 add address=192.168.88.248 comment=PearlPBX mac-address=00:15:5D:58:DF:19 \ server=server1 add address=192.168.88.208 client-id=1:0:15:5d:58:de:2 mac-address=\ 00:15:5D:58:DE:02 server=server1 add address=192.168.88.249 comment=CWP mac-address=00:15:5D:58:DE:01 server=\ server1 add address=192.168.88.210 client-id=1:0:15:5d:58:de:6 mac-address=\ 00:15:5D:58:DE:06 server=server1 /ip dhcp-server network add address=10.10.10.0/24 gateway=10.10.10.1 add address=192.168.88.0/24 boot-file-name=pxelinux.0 comment=\ "default configuration" dhcp-option=tftp,TimeZone dns-server=\ 192.168.88.208,192.168.88.230 gateway=192.168.88.1 netmask=24 \ next-server=192.168.88.208 ntp-server=192.168.88.1 /ip dns set allow-remote-requests=yes max-udp-packet-size=512 servers=\ 8.8.8.8,172.16.0.10,172.16.0.11 /ip dns static add address=8.8.8.8 name=google /ip firewall address-list add address=192.0.0.0/24 list=Kiev add address=192.168.77.0/24 list=Polisyanka add address=213.108.46.227 list=FTP add address=192.168.77.244 list=FTP add address=195.69.221.154 list=Kronberg add address=195.222.333.6 list=Access_to_Asterisk add address=195.222.333.6 list=Deny_access_to_Asterisk add address=192.168.77.244 list=admin add address=192.168.88.208 list=SITEASKLEPIY add address=192.168.88.230 list=SITEASKLEPIY add address=192.168.77.0/24 list=OFFICE /ip firewall filter add action=accept chain=input comment="default configuration" protocol=icmp add action=accept chain=forward out-interface=WAN add action=accept chain=forward out-interface=bridge-local add action=accept chain=forward connection-state=established,related \ dst-address=192.168.77.0/24 src-address=192.168.88.0/24 add action=accept chain=forward comment="default configuration" \ connection-state=established,related add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=established,related disabled=yes log=yes log-prefix=11 add action=accept chain=input protocol=icmp add action=accept chain=input comment=WinBOX dst-port=8291 in-interface=WAN \ protocol=tcp add action=accept chain=input comment=L2TP dst-port=1701,500,4500 protocol=\ udp add action=accept chain=input protocol=gre add action=accept chain=input protocol=ipsec-esp add action=accept chain=input protocol=ipsec-ah add action=accept chain=forward dst-port=443 log-prefix=rdp_ protocol=tcp add action=accept chain=input comment=SIP dst-port=5060 in-interface=all-ppp \ protocol=udp add action=accept chain=input comment=SIP disabled=yes dst-port=5060 \ in-interface=all-ethernet protocol=udp add action=accept chain=input comment=OpenVPN dst-port=1194 in-interface=WAN \ protocol=tcp add action=drop chain=input connection-state=invalid disabled=yes add action=drop chain=input disabled=yes add action=accept chain=forward disabled=yes dst-port=21 in-interface=WAN \ protocol=tcp add action=accept chain=forward disabled=yes dst-port=110 in-interface=WAN \ protocol=tcp add action=accept chain=forward disabled=yes dst-port=25 in-interface=WAN \ protocol=tcp add action=log chain=forward disabled=yes dst-address=192.168.88.220 \ protocol=udp src-address=192.168.77.8 add action=accept chain=forward disabled=yes dst-address=192.168.88.220 \ protocol=udp add action=accept chain=forward disabled=yes dst-address=192.168.88.220 \ protocol=tcp add action=accept chain=forward disabled=yes protocol=udp src-address=\ 192.168.88.220 add action=accept chain=forward disabled=yes protocol=tcp src-address=\ 192.168.88.220 add action=accept chain=input connection-state=established disabled=yes add action=accept chain=forward connection-state=established disabled=yes add action=accept chain=forward comment=CWP dst-port=2030,2031 in-interface=\ WAN protocol=tcp add action=accept chain=forward comment=SIP disabled=yes dst-port=5060 \ in-interface=WAN protocol=udp add action=accept chain=forward comment=NTP dst-port=123 in-interface=\ all-ethernet protocol=udp add action=accept chain=input comment=SIP disabled=yes dst-port=5060 \ in-interface=WAN protocol=udp add action=accept chain=forward comment=SIP disabled=yes dst-port=5060 \ in-interface=all-ethernet protocol=udp add action=accept chain=forward comment=SIP dst-port=5060 in-interface=\ all-ppp protocol=udp add action=accept chain=forward comment=SIP dst-port=5060 in-interface=\ bridge-local protocol=udp add action=accept chain=forward comment=RDP disabled=yes dst-port=3389 \ in-interface=WAN protocol=tcp add action=accept chain=forward comment="Web Asterisk" disabled=yes dst-port=\ 8888 protocol=tcp add action=accept chain=forward connection-state=established add action=accept chain=forward connection-state=related add action=drop chain=forward connection-state=invalid disabled=yes add action=accept chain=forward src-address=192.168.88.0/24 add action=accept chain=input comment="default configuration" \ connection-state="" add action=accept chain=input comment="default configuration" \ connection-state="" add action=accept chain=input comment="default configuration" in-interface=\ WAN add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \ protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=input connection-state=new disabled=yes \ dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=input connection-state=new disabled=yes \ dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=input connection-state=new disabled=yes \ dst-port=22 protocol=tcp add action=accept chain=input comment=WinBox dst-port=8291 in-interface=WAN \ protocol=tcp add action=accept chain=input protocol=icmp add action=accept chain=input comment=VPN dst-port=1194 in-interface=WAN \ protocol=tcp add action=drop chain=forward comment="default configuration" \ connection-state=invalid disabled=yes add action=drop chain=forward comment="default configuration" \ connection-nat-state=!dstnat connection-state=new disabled=yes \ in-interface=WAN add action=accept chain=input connection-state=related disabled=yes add action=drop chain=input disabled=yes in-interface=WAN add action=drop chain=forward disabled=yes /ip firewall mangle add action=mark-connection chain=output new-connection-mark=ISP1_conn \ out-interface=WAN passthrough=no /ip firewall nat add action=accept chain=srcnat dst-address=192.168.77.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.0.0.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.192.192.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.168.11.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=10.194.128.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.168.10.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.168.1.0/24 src-address=\ 192.168.88.0/24 add action=accept chain=srcnat dst-address=192.168.50.0/24 src-address=\ 192.168.88.0/24 add action=masquerade chain=srcnat out-interface=WAN to-addresses=0.0.0.0 add action=masquerade chain=srcnat disabled=yes out-interface=all-ppp \ to-addresses=0.0.0.0 add action=add-src-to-address-list address-list=Deny_access_to_Asterisk \ address-list-timeout=0s chain=dstnat comment=Deny_access_to_Asterisk \ connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\ 1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \ log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \ src-address-type="" time=7h30m-23h,mon,tue,wed,thu,fri to-addresses=\ 192.168.88.220 to-ports=5060 add action=add-src-to-address-list address-list=Deny_access_to_Asterisk \ address-list-timeout=0s chain=dstnat comment=Deny_access_to_Asterisk \ connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\ 1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \ log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \ src-address-type="" time=7h50m-12h,sun to-addresses=192.168.88.220 \ to-ports=5060 add action=dst-nat chain=dstnat comment=\ "SIP-\E2\ED\E5\F8\ED\E8\E9 \E7\E0\EF\F0\EE\F1" disabled=yes dst-port=\ 54506 in-interface=WAN log=yes log-prefix=_SIP_EXTERNAL_ protocol=udp \ to-addresses=192.168.88.220 to-ports=5060 add action=dst-nat chain=dstnat comment=\ "SIP-\E2\ED\E5\F8\ED\E8\E9 \E7\E0\EF\F0\EE\F1 \EF\EE ACL" \ connection-limit=100,32 disabled=yes dst-address-type=unicast dst-limit=\ 1,5,dst-address/1m40s dst-port=5060 in-interface=WAN limit=1,5:packet \ log=yes log-prefix=_SIP_EXTERNAL_ nth=2,1 protocol=udp psd=21,3s,3,1 \ src-address-list=Access_to_Asterisk src-address-type="" time=\ 0s-1d,sun,mon,tue,wed,thu,fri,sat to-addresses=192.168.88.220 to-ports=\ 5060 add action=dst-nat chain=dstnat dst-port=21 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.249 to-ports=21 add action=dst-nat chain=dstnat dst-port=2222 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.220 to-ports=22 add action=dst-nat chain=dstnat dst-port=2223 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.249 to-ports=22 add action=dst-nat chain=dstnat dst-port=2030 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.249 to-ports=2030 add action=dst-nat chain=dstnat dst-address=80.91.179.158 dst-port=3306 \ protocol=tcp src-port="" to-addresses=192.168.88.210 to-ports=3306 add action=dst-nat chain=dstnat dst-address=19.243.112.71 dst-port=3306 \ protocol=tcp to-addresses=192.168.88.210 to-ports=3306 add action=dst-nat chain=dstnat dst-port=3389 in-interface=WAN protocol=tcp \ src-address-list=Kronberg to-addresses=192.168.88.210 to-ports=3389 add action=dst-nat chain=dstnat dst-port=4444 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.210 to-ports=3389 add action=dst-nat chain=dstnat comment=SRVASK dst-port=4567 in-interface=WAN \ protocol=tcp to-addresses=192.168.88.223 to-ports=3389 add action=dst-nat chain=dstnat comment=RDGateway dst-port=443 in-interface=\ WAN log-prefix=RDP_ protocol=tcp to-addresses=192.168.88.222 to-ports=443 add action=dst-nat chain=dstnat comment=WWW dst-address=192.168.88.230 \ dst-port=80 protocol=tcp src-address=192.168.77.244 to-addresses=\ 192.168.88.249 to-ports=80 add action=dst-nat chain=dstnat comment=WWW dst-address=192.168.88.208 \ dst-port=80 protocol=tcp src-address=192.168.77.244 to-addresses=\ 192.168.88.249 to-ports=80 add action=dst-nat chain=dstnat comment=WWW dst-port=80 in-interface=WAN \ protocol=tcp to-addresses=192.168.88.249 to-ports=80 add action=dst-nat chain=dstnat comment=WWW dst-port=110 in-interface=WAN \ protocol=tcp to-addresses=192.168.88.249 to-ports=110 add action=dst-nat chain=dstnat comment=WWW dst-port=25 in-interface=WAN \ protocol=tcp to-addresses=192.168.88.249 to-ports=25 add action=dst-nat chain=dstnat comment=WWW dst-port=80 protocol=tcp \ src-address=192.0.0.0/24 to-addresses=192.168.88.249 to-ports=80 add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=WAN \ protocol=tcp src-address=37.53.85.107 to-addresses=192.168.88.210 \ to-ports=3389 add action=dst-nat chain=dstnat dst-port=8080 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.220 to-ports=80 add action=dst-nat chain=dstnat comment="Asteriks SSH" dst-port=44 \ in-interface=WAN protocol=tcp to-addresses=192.168.88.220 to-ports=22 add action=dst-nat chain=dstnat dst-port=5555 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.230 to-ports=3389 add action=dst-nat chain=dstnat comment="UVNC 192.168.88.210" dst-port=5900 \ in-interface=WAN protocol=tcp to-addresses=192.168.88.210 to-ports=5900 add action=dst-nat chain=dstnat dst-address=80.91.179.158 dst-port=5901 \ protocol=tcp to-addresses=192.168.88.105 to-ports=5900 add action=dst-nat chain=dstnat dst-address=195.112.204.22 dst-port=5900 \ protocol=tcp to-addresses=192.168.88.220 to-ports=22 add action=dst-nat chain=dstnat dst-address=195.112.204.22 dst-port=5901 \ protocol=tcp to-addresses=192.168.88.210 to-ports=5900 add action=dst-nat chain=dstnat dst-port=8888 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.220 to-ports=80 add action=dst-nat chain=dstnat dst-port=2030 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.99 to-ports=2030 add action=dst-nat chain=dstnat dst-port=2031 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.99 to-ports=2031 add action=dst-nat chain=dstnat dst-port=2222 in-interface=WAN protocol=tcp \ to-addresses=192.168.88.220 to-ports=22 /ip firewall raw add action=notrack chain=prerouting dst-address=192.168.77.0/24 src-address=\ 192.168.88.0/24 add action=notrack chain=prerouting dst-address=192.168.88.0/24 src-address=\ 192.168.77.0/24 /ip firewall service-port set sip disabled=yes /ip ipsec peer add address=195.112.157.134/32 comment="\CE\F4\E8\F1-DKS" disabled=yes \ enc-algorithm=aes-128 generate-policy=port-override local-address=0.0.0.0 \ nat-traversal=no passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD\ 4Gyy5#NVcaPbJtRNnhHVHcfqbc9vxzN@TX2v&6sJ25!" add address=19.243.112.71/32 comment="\CE\F4\E8\F1-VEGA" disabled=yes \ enc-algorithm=aes-128 generate-policy=port-override nat-traversal=no \ passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNn\ hHVHcfqbc9vxzN@TX2v&6sJ25!" add address=172.16.50.2/32 comment="\D0\EE\E2\ED\EE" disabled=yes \ enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=yes \ secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqbc9vx\ zN@TX2v&6sJ25!" add address=172.16.248.2/32 comment="\D8\E5\E2\F7\E5\ED\EA\EE-ISP2" disabled=\ yes enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=\ yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqb\ c9vxzN@TX2v&6sJ25!" add address=172.16.247.2/32 comment="\C2\EE\EA\E7\E0\EB\FC\ED\E0\FF-\CE3" \ disabled=yes enc-algorithm=aes-256,aes-192,aes-128 nat-traversal=no \ passive=yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNn\ hHVHcfqbc9vxzN@TX2v&6sJ25!" add address=172.16.249.2/32 comment="\D8\E5\E2\F7\E5\ED\EA\EE-ISP1" disabled=\ yes enc-algorithm=aes-256,aes-192,aes-128,3des nat-traversal=no passive=\ yes secret="QYn&%WsffTAf32gbn5XHqXz3m6dcHeWNzw4jD4Gyy5#NVcaPbJtRNnhHVHcfqb\ c9vxzN@TX2v&6sJ25!" add address=46.233.75.31/32 auth-method=rsa-signature certificate=server \ comment="\D1\F2\E0\ED\E8\F8\E5\E2\EA\E0" enc-algorithm=aes-128 \ generate-policy=port-override nat-traversal=no passive=yes \ remote-certificate=none add address=195.112.137.164/32 auth-method=rsa-signature certificate=server \ comment=gre-tunnelLUkrainki dh-group=modp1024,modp768 enc-algorithm=\ aes-128 generate-policy=port-override local-address=195.112.204.22 \ nat-traversal=no passive=yes remote-certificate=none add address=64.219.77.31/32 auth-method=rsa-signature certificate=server \ comment="\C1\EE\E3\F3\ED\E8\FF" enc-algorithm=aes-128 generate-policy=\ port-override nat-traversal=no passive=yes remote-certificate=none add address=149.44.89.120/32 auth-method=rsa-signature certificate=server \ comment="\D0\EE\E2\ED\EE" enc-algorithm=aes-128 local-address=\ 195.112.204.22 nat-traversal=no remote-certificate=none add address=19.332.111.43/32 auth-method=rsa-signature certificate=server \ comment="\CA\E8\E5\E2" enc-algorithm=aes-128 local-address=195.112.204.22 \ nat-traversal=no passive=yes remote-certificate=none /ip ipsec policy add comment=gre-tunnelLUkrainki dst-address=195.112.137.164/32 \ ipsec-protocols=ah-esp protocol=gre sa-dst-address=195.112.137.164 \ sa-src-address=195.112.204.22 src-address=195.112.204.22/32 add comment=gre-tunnelOffice-DKS disabled=yes dst-address=195.112.157.134/32 \ ipsec-protocols=ah-esp protocol=gre sa-dst-address=195.112.157.134 \ sa-src-address=195.112.204.22 src-address=195.112.204.22/32 add comment="\D1\F2\E0\ED\E8\F8\E5\E2\EA\E0" dst-address=46.233.75.31/32 \ ipsec-protocols=ah-esp protocol=gre sa-dst-address=46.233.75.31 \ sa-src-address=195.112.204.22 src-address=195.112.204.22/32 add comment=gre-tunnelOffice-VEGA disabled=yes dst-address=19.243.112.71/32 \ ipsec-protocols=ah-esp protocol=gre sa-dst-address=19.243.112.71 \ sa-src-address=195.112.204.22 src-address=195.112.204.22/32 add comment="\C1\EE\E3\F3\ED\E8\FF" dst-address=64.219.77.31/32 \ ipsec-protocols=ah-esp protocol=gre sa-dst-address=64.219.77.31 \ sa-src-address=195.112.204.22 src-address=195.112.204.22/32 add comment="\D0\EE\E2\ED\EE" dst-address=149.44.89.120/32 ipsec-protocols=\ ah-esp protocol=gre sa-dst-address=149.44.89.120 sa-src-address=\ 195.112.204.22 src-address=195.112.204.22/32 add comment="\CA\E8\E5\E2" dst-address=19.332.111.43/32 ipsec-protocols=\ ah-esp protocol=gre sa-dst-address=19.332.111.43 sa-src-address=\ 195.112.204.22 src-address=195.112.204.22/32 /ip proxy set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0 /ip route add distance=1 gateway=195.211.240.65 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes /ppp secret add local-address=172.16.1.1 name=vokzal password=Pa$$w0Rd remote-address=\ 172.16.1.11 routes="192.168.1.0/24 172.16.1.11 1" service=pptp add disabled=yes local-address=172.16.1.1 name=admin password=Pa$$w0Rd \ profile=default-encryption remote-address=172.16.1.10 service=pptp add local-address=172.16.1.1 name=stanishovka password=Pa$$w0Rd \ remote-address=172.16.1.13 routes="192.192.192.0/24 172.16.1.13 1" \ service=pptp add local-address=172.16.1.1 name=boguniya password=Pa$$w0Rd \ remote-address=172.16.1.12 routes="10.194.128.0/24 172.16.1.12 1" \ service=pptp add comment=medadmin disabled=yes name=manager password=Pa$$w0Rd profile=\ dynVPN-encryption service=pptp add comment=Doc_skoropad disabled=yes name=doc_skoropad password=Skoropad \ profile=dynVPN-encryption service=pptp add comment=moroz disabled=yes local-address=172.16.1.1 name=moroz password=\ Pa$$w0Rd profile=default-encryption remote-address=172.16.1.22 service=\ pptp add comment="Pavel ONE" disabled=yes local-address=172.16.1.1 name=one \ password=Pa$$w0Rd profile=default-encryption remote-address=172.16.1.23 \ service=pptp add local-address=172.16.1.1 name=korosten password=Pa$$w0Rd \ remote-address=172.16.1.14 routes="10.20.30.0/24 172.16.1.14 1" service=\ pptp add comment=doctor disabled=yes local-address=176.16.1.1 name=Doc_Kovalchyk \ password=Pa$$w0Rd profile=default-encryption remote-address=\ 176.16.1.31 service=pptp add comment=economist disabled=yes local-address=172.16.1.1 name=economist \ password=Pa$$w0Rd profile=default-encryption remote-address=172.16.1.24 \ service=pptp add comment=standart disabled=yes local-address=176.16.1.1 name=standart \ password=Pa$$w0Rd profile=default-encryption remote-address=\ 176.16.1.25 service=pptp add disabled=yes local-address`=172.16.1.1 name=economist2 password=\ Pa$$w0Rd profile=default-encryption remote-address=172.16.1.26 \ service=pptp add local-address=172.16.1.1 name=shevchenko password=Pa$$w0Rd \ remote-address=172.16.1.15 routes="192.168.10.0/24 172.16.1.15 1" \ service=pptp add comment="Tetyana Vasilevna" disabled=yes local-address=172.16.1.1 name=\ admin_tv password=admin2014 profile=default-encryption remote-address=\ 172.16.1.28 service=pptp add local-address=172.16.1.1 name=lesya password="Pa$$w0Rd" profile=\ default-encryption remote-address=172.16.1.27 routes=\ "192.168.11.0/24 172.16.1.27 1" service=pptp add local-address=172.16.1.1 name=rivne password=Pa$$w0Rd remote-address=\ 172.16.1.16 routes="192.168.50.0/24 172.16.1.16 1" service=pptp add local-address=172.16.1.1 name=policyanka password=policyanka \ remote-address=172.16.1.17 routes="192.168.77.0/24 172.16.1.17 1" \ service=pptp add disabled=yes local-address=172.16.1.1 name=call-center password=\ Pa$$w0Rd remote-address=172.16.1.18 routes=\ "192.168.78.0/24 172.16.1.18 1" service=pptp add local-address=172.16.1.1 name=kyiv password=Pa$$w0Rd remote-address=\ 172.16.1.19 routes="192.0.0.0/24 172.16.1.19 1" service=pptp add comment="Doc Shamova" disabled=yes local-address=172.16.1.1 name=shamova \ password=Sha2014 remote-address=172.16.1.32 service=pptp add local-address=172.16.1.1 name=vlasyuk password=Pa$$w0Rd \ remote-address=172.16.1.33 service=pptp add disabled=yes local-address=172.16.1.1 name=dks-polisyanka password=\ Pa$$w0Rd remote-address=172.16.1.33 service=pptp add name=griban password=Pa$$w0Rd profile=ovpn add disabled=yes local-address=172.16.1.1 name=ternopil password=ternopil \ remote-address=172.16.1.99 service=pptp add disabled=yes name=kovalchuk password=Pa$$w0Rd profile=ovpn service=\ ovpn add local-address=172.16.1.1 name=q-trade password=Pa$$w0Rd \ remote-address=172.16.1.34 service=pptp add local-address=172.17.1.1 name=lesya2 password=Pa$$w0Rd profile=\ L2TP-Server remote-address=172.17.1.27 routes=\ "192.168.11.0/24 172.17.1.27 1" service=l2tp add local-address=172.17.1.1 name=home password=Pa$$w0Rd profile=\ L2TP-Server remote-address=172.17.1.17 routes=\ "192.168.15.0/24 172.17.1.17 1" service=l2tp /radius add address=192.168.88.13 secret=Pa$$w0Rd service=wireless /radius incoming set accept=yes /routing ospf interface add disabled=yes interface=gre-tunnelOffice-DKS network-type=broadcast \ use-bfd=yes add disabled=yes interface=gre-tunnelOffice-VEGA network-type=broadcast \ use-bfd=yes add interface=WAN network-type=broadcast add disabled=yes interface=gre-tunnelRovno network-type=broadcast use-bfd=yes add disabled=yes interface=gre-tunnelLUkrainki network-type=point-to-point \ use-bfd=yes /routing ospf network add area=GRE network=192.168.88.0/24 add area=GRE network=172.16.255.0/24 add area=GRE network=172.16.254.0/24 /routing rip interface add interface=gre-tunnelOffice-DKS receive=v2 add interface=gre-tunnelLUkrainki receive=v2 add interface=gre-tunnelBoguniya receive=v2 add interface=gre-tunnelRovno receive=v2 add interface=gre-tunnelStanishevka receive=v2 add interface=gre-tunnelShev_ISP1 receive=v2 add interface=gre-tunnelVokzalnaya-O3 receive=v2 add interface=gre-tunnelVokzalnaya-Kievstar receive=v2 add interface=gre-tunnelOffice-VEGA receive=v2 add disabled=yes receive=v2 /routing rip neighbor add address=172.16.255.2 add address=172.16.253.2 add address=172.16.254.2 add address=172.16.50.2 add address=172.16.251.2 add address=172.16.249.2 add address=172.16.248.2 add address=172.16.247.2 add address=172.16.246.2 add address=172.16.245.2 add address=172.16.252.2 /routing rip network add network=192.168.88.0/24 /snmp set contact="Griban Ruslan" enabled=yes location=Chernovtsi trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=Europe/Kiev /system identity set name=datacenter /system logging add topics=dhcp /system ntp client set enabled=yes primary-ntp=62.117.76.142 secondary-ntp=133.243.238.163 \ server-dns-names=\ 0.ua.pool.ntp.org,1.ua.pool.ntp.org,2.ua.pool.ntp.org,3.ua.pool.ntp.org /system scheduler add comment=BackUpMikrotikChernivtsi interval=1w name=send_beckup_to_email \ on-event=backup_to_email policy=\ reboot,read,write,policy,test,password,sniff,sensitive start-date=\ sep/16/2014 start-time=00:00:00 add interval=5m name=WOL_Asterisk on-event=WOL_Asterisk policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=oct/10/2016 start-time=08:33:17 add interval=5m name=WOL_ONE policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=oct/10/2016 start-time=08:33:40 add interval=5m name=WOL_SRVASK policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=oct/10/2016 start-time=08:33:57 add interval=5m name=WOL_TERMINAL policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=oct/10/2016 start-time=08:34:10 /system script add name=backup_to_email owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\ \n:log info \"Starting Backup Script...\";\r\ \n:local sysname [/system identity get name];\r\ \n:local sysver [/system package get system version];\r\ \n:log info \"Flushing DNS cache...\";\r\ \n/ip dns cache flush;\r\ \n:delay 2;\r\ \n:log info \"Deleting last Backups...\";\r\ \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\ \_\\\r\ \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\ \n:delay 2;\r\ \n:local smtpserv [:resolve \"smtp.yandex.ru\"];\r\ \n:local Eaccount \"asklepiy.zt@yandex.ru\";\r\ \n:local pass \"Pa$$w0Rd\";\r\ \n:local backupfile (\"\$sysname-backup-\" . \\\r\ \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\ \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\ \");\r\ \n:log info \"Creating new Full Backup file...\";\r\ \n/system backup save name=\$backupfile;\r\ \n:delay 2;\r\ \n:log info \"Sending Full Backup file via E-mail...\";\r\ \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \ \\\r\ \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile\ \_\\\r\ \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\")\ \_\\\r\ \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version\ : \\\r\ \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \ \\\r\ \n[/system clock get date]);\r\ \n:delay 5;\r\ \n:local exportfile (\"\$sysname-backup-\" . \\\r\ \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\ \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\ \r\ \n:log info \"Creating new Setup Script file...\";\r\ \n/export verbose file=\$exportfile;\r\ \n:delay 2;\r\ \n:log info \"Sending Setup Script file via E-mail...\";\r\ \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \ \\\r\ \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile\ \_\\\r\ \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] \ . \\\r\ \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS\ \_\\\r\ \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] .\ \_\" \\\r\ \n\" . [/system clock get date]);\r\ \n:delay 5;\r\ \n:log info \"All System Backups emailed successfully.\\nBackuping complet\ ed.\";\r\ \n}" add name="Traffic Monitor" owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Watch\ \_interface\r\ \n:local interface \"WAN\"\r\ \n/interface monitor [/interface find name=\$interface] once do={\r\ \n :global txbps1 \$(\"tx-bits-per-second\");\r\ \n :global rxbps1 \$(\"rx-bits-per-second\");\r\ \n}\r\ \n:delay 60\r\ \n/interface monitor [/interface find name=\$interface] once do={\r\ \n :global txbps2 \$(\"tx-bits-per-second\");\r\ \n :global rxbps2 \$(\"rx-bits-per-second\");\r\ \n}\r\ \n:global rxbps1\r\ \n:global rxbps2\r\ \nif (((\$rxbps1) >= 10000000) and ((\$rxbps2) >= (10000000))) do={/system\ \_script run Traffic_Monitor_to_email_send} else={:log info \"vse ok\"}" add name=Traffic_Monitor_to_email_send owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\ \_cpu1 [/system resource get cpu-load];\r\ \n:delay 120;\r\ \n:global cpu2 [/system resource get cpu-load];\r\ \n:local time1 [/system clock get time];\r\ \n:local body1 \"\$time1 Mikrotik over 91% CPU\";\r\ \nif (((\$cpu1) >= 91) and ((\$cpu2) >= (91))) do={/tool e-mail send serve\ r=[:resolve \"smtp.yandex.ru\"] port=587 user=x@ya.ru password=xxxxx start\ -tls=yes to=\"x@ya.ru\" from=x@ya.ru subject=\"Mikrotik Office\" body=\"\$\ body1\"; /system scheduler disable schedule_cpu} else={}" add name="Shirina canala test" owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# \D1\ \EA\F0\E8\EF\F2 \EF\F0\EE\E2\E5\F0\FF\E5\F2 \F8\E8\F0\E8\ED\F3 \EA\E0\ED\ \E0\EB\E0 \EC\E5\E6\E4\F3 \F2\E5\EA\F3\F9\E8\EC \E8 \E7\E0\E4\E0\ED\ED\FB\ \EC\E8 \F5\EE\F1\F2\E0\EC\E8 \E8 \EE\F2\EF\F0\E0\E2\EB\FF\E5\F2 \F0\E5\E7\ \F3\EB\FC\F2\E0\F2 \ED\E0 \EF\EE\F7\F2\F3\r\ \n# \D1\EA\EE\F0\EE\F1\F2\FC \EF\F0\E8\E5\EC\E0 \E8 \EF\E5\F0\E5\E4\E0\F7\ \E8, \F1\EE\EE\F2\E2\E5\F2\F1\F2\E2\E5\ED\ED\EE\r\ \n:local RxSpeed 0\r\ \n:local TxSpeed 0\r\ \n# \D2\E5\EB\EE \EF\E8\F1\FC\EC\E0 \EE\F2\F7\E5\F2\E0\r\ \n:local Msg \"\"\r\ \n# \D2\E5\EC\E0 \EF\E8\F1\FC\EC\E0\r\ \n:local Subject \"\"\r\ \n# \D2\E5\EA\F3\F9\E5\E5 \E2\F0\E5\EC\FF \E8 \E4\E0\F2\E0\r\ \n:local CurDate ([/system clock get date].\" \".[/system clock get time])\ \r\ \n# \D2\F3\F2 \F1\EF\E8\F1\EE\EA ip \F5\EE\F1\F2\EE\E2 \EA\EE\F2\EE\F0\FB\ \E5 \F2\E5\F1\F2\E8\F0\F3\E5\EC (\FD\F2\EE \EC\EE\E6\ED\EE \F3\E1\F0\E0\F2\ \FC, \E5\F1\EB\E8 \E1\F3\E4\E5\F2 \F2\E5\F1\F2\E8\F0\EE\E2\E0\F2\FC\F1\FF \ \F2\EE\EB\FC\EA\EE \EE\E4\E8\ED ip)\r\ \n:local IpList [:toarray 19.332.111.43,149.44.89.120,82.207.126.111,46.21\ 9.57.13,64.220.30.12,64.219.77.31,109.250.109.105,195.211.174.198,195.211.1\ 75.143]\r\ \n# \CE\EF\E8\F1\E0\ED\E8\E5 \F5\EE\F1\F2\EE\E2 (\F7\F2\EE-\E1\FB \EE\F2\ \F7\E5\F2 \E2\FB\E3\EB\FF\E4\E5\EB \E1\EE\EB\E5\E5 \EF\EE\ED\FF\F2\ED\FB\ \EC)\r\ \n:local IpDescriptions [:toarray \"host1, host2\"]\r\ \n\r\ \n:set Subject (\"Band Width report \".\$CurDate)\r\ \n:local i 0\r\ \n# \CF\E5\F0\E5\E1\E8\F0\E0\E5\EC \E0\E4\F0\E5\F1\E0 \E2 \EC\E0\F1\F1\E8\ \E2\E5 IpList\r\ \n:foreach TestIP in=\$IpList do={\r\ \n# \D1\EE\E1\F1\F2\E2\E5\ED\ED\EE \F1\E0\EC \F2\E5\F1\F2\r\ \n# \D2\F3\F2, user \E8 password - \F3\F7\E5\F2\ED\FB\E5 \E4\E0\ED\ED\FB\ \E5 \EF\EE\EB\FC\E7\EE\E2\E0\F2\E5\EB\FF \ED\E0 \F3\E4\E0\EB\E5\ED\ED\EE\ \EC \F3\F1\F2\F0\EE\E9\F1\F2\E2\E5, \E8\EC\E5\FE\F9\E5\E3\EE \EF\F0\E0\E2\ \E0 \ED\E0 \E4\E0\ED\ED\F3\FE \EE\EF\E5\F0\E0\F6\E8\FE.\r\ \n/tool bandwidth-test address=\$TestIP duration=60s protocol=tcp user=adm\ in password=Zaq!@wsx direction=both do={:set RxSpeed [\$\"rx-total-average\ \"];:set TxSpeed [\$\"tx-total-average\"]}\r\ \n\r\ \n:set RxSpeed (\$RxSpeed/1024)\r\ \n:set TxSpeed (\$TxSpeed/1024)\r\ \n# \D4\EE\F0\EC\E8\F0\F3\E5\EC \EE\F2\F7\E5\F2\r\ \n:set Msg (\$Msg.(\"Speed test to \".[:pick \$IpDescriptions \$i].\"\\r\\\ nDestination ip:\".\$TestIP.\"\\r\\nRxSpeed= \".\$RxSpeed.\" Kb/s\\r\\n\".\ \"TxSpeed= \".\$TxSpeed.\" Kb/s\\r\\n\\r\\n\"))\r\ \n\r\ \n:set i (\$i+1)\r\ \n}\r\ \n# \CE\F2\EF\F0\E0\E2\EB\FF\E5\EC \EF\E8\F1\FC\EC\EE.\r\ \n# server - ip \EF\EE\F7\F2\EE\E2\EE\E3\EE \F1\E5\F0\E2\E5\F0\E0\r\ \n# from - \EF\EE\F7\F2\EE\E2\FB\E9 \FF\F9\E8\EA \F1 \EA\EE\F2\EE\F0\EE\E3\ \EE \E1\F3\E4\E5\F2 \EE\EF\F0\E0\E2\EB\FF\F2\FC\F1\FF \EE\F2\F7\E5\F2\r\ \n# user, password - \E4\E0\ED\ED\FB\E5 \E0\E2\F2\EE\F0\E8\E7\E0\F6\E8\E8 \ \ED\E0 \EF\EE\F7\F2\EE\E2\EE\EC \F1\E5\F0\E2\E5\F0\E5.\r\ \n# to - \EA\F3\E4\E0 \EE\F2\EF\F0\E0\E2\EB\FF\E5\EC \EE\F2\F7\E5\F2\r\ \n/tool e-mail send server=smtp.gmail.com port=567 from=router@chernovtsi.\ uu body=\$Msg user=ruslan.griban@gmail.com password=Pa$$w0Rd to=ruslan.g\ riban@gmail.com subject=\$Subject" add name=WOL_SRVASK owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\ "/tool wol interface=bridge-local mac=00:25:90:ED:F4:95" add name=WOL_TERMINAL owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\ "/tool wol interface=bridge-local mac=54:04:A6:ED:A0:1F" add name=WOL_ONE owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\ "/tool wol interface=bridge-local mac=08-60-6E-F1-46-DA\r\ \n" add name=WOL_Asterisk owner=griban policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\ "/tool wol interface=bridge-local mac=C8:60:00:57:0A:09\r\ \n\r\ \n" /tool graphing interface add /tool mac-server add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-servers-local add interface=ether5-slave-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-servers-local add interface=ether5-slave-local /tool romon port add |