discoveros
Junior Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору /interface bridge add admin-mac=74:4D:28:EF:9B:C6 auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=sfp1 ] disabled=yes /interface pppoe-client add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=30 name=pppoe-out1 use-peer-dns=yes user=username /interface list add comment=defconf name=WAN /interface list add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.0.10-192.168.0.99 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge lease-time=23h59m name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 /interface bridge port add bridge=bridge comment=defconf interface=ether3 /interface bridge port add bridge=bridge comment=defconf interface=ether4 /interface bridge port add bridge=bridge comment=defconf interface=ether5 /interface bridge port add bridge=bridge comment=defconf interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN /interface list member add comment=defconf interface=ether1 list=WAN /interface list member add interface=pppoe-out1 list=WAN /ip address add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0 /ip dhcp-client add comment=defconf interface=ether1 /ip dhcp-server network add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,77.88.8.8 /ip dns static add address=192.168.1.11 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked /ip firewall filter # no interface add action=accept chain=forward connection-state=new dst-address=192.168.0.110 dst-port=3389 in-interface=pppoe-out1 protocol=tcp /ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp /ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN /ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec /ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec /ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked /ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid /ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-int erface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN /ip firewall nat # no interface add action=dst-nat chain=dstnat comment=RDP dst-port=55577 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.110 to-ports=3389 /ip firewall service-port set ftp disabled=yes /ip firewall service-port set tftp disabled=yes /ip firewall service-port set irc disabled=yes /ip firewall service-port set sip disabled=yes /ip service set telnet disabled=yes /ip service set ftp disabled=yes /ip service set www disabled=yes /ip service set ssh disabled=yes /ip service set api disabled=yes /ip service set api-ssl disabled=yes /ip upnp set enabled=yes /ip upnp interfaces add interface=pppoe-out1 type=external /ip upnp interfaces add interface=bridge type=internal /system identity set name="MikroTik" /tool bandwidth-server set enabled=no /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN | Всего записей: 77 | Зарегистр. 09-09-2008 | Отправлено: 22:13 08-01-2020 | Исправлено: discoveros, 22:22 08-01-2020 |
|