Scribd
Upload
70 views3 pages

Scrip Export 750gl

This document contains configuration settings for network interfaces, firewall rules, routing, and other network services on a router. Ethernet interfaces are configured with MAC addresses and names. Firewall rules are set for NAT, filtering traffic by port, protocol and address lists. IP addresses are assigned to interfaces and DHCP/DNS services are configured. Queue types and logging actions are also defined.

Uploaded by

Frk Vargas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
70 views3 pages

Scrip Export 750gl

This document contains configuration settings for network interfaces, firewall rules, routing, and other network services on a router. Ethernet interfaces are configured with MAC addresses and names. Firewall rules are set for NAT, filtering traffic by port, protocol and address lists. IP addresses are assigned to interfaces and DHCP/DNS services are configured. Queue types and logging actions are also defined.

Uploaded by

Frk Vargas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

/interface ethernet

set [ find default-name=ether1 ] mac-address=D4:CA:6D:0A:CA:A0 name=01WAN


set [ find default-name=ether2 ] arp=reply-only mac-address=D4:CA:6D:0A:CA:A1 \
name=02LAN
set [ find default-name=ether3 ] mac-address=D4:CA:6D:0A:CA:A2 name=\
03TUHNDERCACHE
set [ find default-name=ether4 ] mac-address=D4:CA:6D:0A:CA:A3
set [ find default-name=ether5 ] mac-address=D4:CA:6D:0A:CA:A4
/interface ethernet switch port
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.37.2-192.168.37.254
add name=thunder ranges=10.0.0.2-10.0.0.4
/ip dhcp-server
add address-pool=dhcp_pool1 name=dhcp1
/port
set 0 baud-rate=9600 name=serial0
set 1 baud-rate=9600 name=serial1
/queue type
add kind=pcq name=SUBIDA pcq-classifier=src-address
add kind=pcq name=BAJADA pcq-classifier=dst-address
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.37.1/24 comment=LAN interface=02LAN network=192.168.37.0
add address=192.168.10.102/24 comment=WAN interface=01WAN network=\
192.168.10.0
add address=10.0.0.1/24 comment=Thunder interface=03TUHNDERCACHE network=\
10.0.0.0
/ip arp
add address=192.168.37.2 interface=02LAN mac-address=00:1E:EC:D1:96:13
add address=192.168.37.252 interface=02LAN mac-address=00:0B:DB:C3:89:46
/ip cloud
set enabled=yes
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid interface=01WAN
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
192.168.10.125,8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.37.2-192.168.37.253 disabled=yes list=Grupo1
add address=192.168.37.0/24 list=Clientes_thunder
/ip firewall filter
add chain=forward comment=thunder disabled=yes in-interface=TUHNDERCACHE4
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=forward comment=ANTI-ARES disabled=yes p2p=all-p2p

add action=drop chain=input comment=ANTI-PING disabled=yes protocol=icmp


add action=drop chain=forward comment="DROPEO SPAM" dst-port=25 protocol=tcp \
src-address-list=NOSPAMSN
add action=add-src-to-address-list address-list=NOSPAMSN \
address-list-timeout=3h chain=forward comment="FILTRO SPAMMERS" \
connection-limit=5,32 dst-port=25 protocol=tcp
add action=drop chain=forward comment="ANTI -TELNET " dst-port=23 protocol=\
tcp
add action=drop chain=forward comment="EVITAR SE VEAN ENTRE SI LOS CLIENTES" \
dst-port=135-139 protocol=udp
add action=drop chain=forward comment=\
"LIMITA A 100 CONEXIONES TCP POR USUARIO" connection-limit=100,32 \
disabled=yes protocol=tcp tcp-flags=syn
add action=drop chain=forward comment=\
"LIMITA A 30 CONEXIONES UDP POR USUARIO" connection-state=new disabled=\
yes dst-port=4665,4672,10000-65535 limit=30,150 protocol=udp
add action=drop chain=input comment="PREVENIR ATAQUES DE LOGIN POR FTP" \
dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="PREVENIR ATAQUES DE LOGIN POR SSH Y WINBO\
X - EN TERMINAL: /ip firewall address-list print" dst-port=22 protocol=\
tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=input comment="BLOQUEA SCAN POR WINBOX" disabled=yes \
dst-port=5678 protocol=udp
add action=drop chain=output comment="BLOQUEA SCAN POR WINBOX" disabled=yes \
dst-port=5678 protocol=udp
add chain=forward comment="CONEXIONES ACEPTADAS" connection-state=established
add chain=input dst-port=80 protocol=tcp
add chain=input dst-port=25 protocol=tcp
add action=drop chain=forward comment="CERRAR CONEXIONES INVALIDAS" \
connection-state=invalid
add action=drop chain=forward comment="BLOQUEAR MAC" disabled=yes \
src-mac-address=3C:74:37:FD:A6:22
/ip firewall mangle
add action=mark-routing chain=prerouting comment=Thunder dst-port=80 \
in-interface=!THUNDERCACHE4 new-routing-mark=thunder_route protocol=tcp \
src-address-list=CLIENTES_THUNDER
/ip firewall nat
add action=masquerade chain=srcnat comment="MASQUERADE WAN NETWORK" \
out-interface=01WAN
/ip proxy

set parent-proxy=0.0.0.0
/ip route
add check-gateway=ping distance=1 gateway=10.0.0.222 routing-mark=\
thunder_route
add distance=1 gateway=192.168.10.125
/ip service
set telnet disabled=yes
set www-ssl disabled=no
/ip upnp
set allow-disable-external-interface=no
/queue interface
set "01WAN" queue=default-small
/system identity
set name=AdministradorOK

You might also like