Scribd
Upload
17 views66 pages

Router OS

This document provides a script for dividing a LAN network into multiple subnets. The key steps in the script are: 1. Establish a new IP range on a specific router interface. 2. Clone existing queue and address list entries, modifying attributes as needed. 3. Remove identifying markers like "#1" from cloned entries. 4. Modify client configuration files accordingly. The script uses a variety of functions to generate subnet identifiers, modify attributes, and output configuration details to text files to help automate the division process across multiple subnets.

Uploaded by

Alexander Hernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
17 views66 pages

Router OS

This document provides a script for dividing a LAN network into multiple subnets. The key steps in the script are: 1. Establish a new IP range on a specific router interface. 2. Clone existing queue and address list entries, modifying attributes as needed. 3. Remove identifying markers like "#1" from cloned entries. 4. Modify client configuration files accordingly. The script uses a variety of functions to generate subnet identifiers, modify attributes, and output configuration details to text files to help automate the division process across multiple subnets.

Uploaded by

Alexander Hernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 66

RouterOS.

Script (Accesorios 01-01)


-------------------------------------------------------------------------------
[ INI ]
-----------------------------------------------------------------------------------
-----
--------------------------- Scripts (accesorios):
-----------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----

QueueSimple.LANDivision: ------------------------------------------------ [ INI ]


# Esquema general para (QueueSimple.LANDivision): ---------------------------------
# Establecer (IP.NewLAN) en especifica (RB.Interface).
# Run: QueueSimple.Add255 y AddressList.Add255.
# Modificar QueueSimple-Admin(36-40).Name, QueueSimple-DNS1.Name.
# Remove C-CLIENTDROP.List(DNS1).
# Marcar QueueSimple.OldLAN a clonar: (dos opciones)
# 1- Run: GuardaTXT (QueueSimple.LANDivision).
# Marcar cada línea de (LANDivision.txt) con (M{x}M), según corresponda.
# Run: RestauraTXT (QuequeSimple.LANDivision).
# 2- Marcar cada (QueueSimple.Name) con (#1), según corresponda.
# Run: Clona.Marcados (QueueSimple.LANDivision) (identifico clones con (#2)).
# Run: AddressList-ClientIP.ComentEmpty (limpio comentario de C-xx.List).
# Run: AddressList.IdentificaClient (Identifica.IPs limpias en Address-List).
# Run: AddressList.LANDivision (Remove.#2) (remove (#2) y !“S: ”).
# Modificar manualmente (Client-Router.Config), según corresponda (#1).
# Run: QueueSimple.LANDivision (Rename.#1) (Name (#1)=“_Libre…”).
# Run: AddressList.LANDivision (Add.#1) (Add.#1 y comment “( Libre )”).

# GuardaTXT (QueueSimple.LANDivision): ------------------------------------------


# ------------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local SubNet1 2; # Establecer redes a
dividir (1-2)
:local SubNet2 3; # Establecer redes a
dividir (2-2)
:local Plant (“M{}M - N{}N - I{}I”); # Patron de líneas
(LANDivision)
:local Body “”; # Opcional: copy-
paste en (TXT)
:local Nro 1;
:local Iter 1;
:local Name “---”;
:local IPx “…“;
:local Date ([/system clock get date]);
:local Time ([/system clock get time]);
:local File ("LANDivision (".[:pick $Date 7 11]."-".[:pick $Date 0 3]."-".[:pick
$Date 4 6]."-".[:pick $Time 0 2]."-".[:pick $Time 3 5]."-".[:pick $Time 6
8].”).txt”); #
File.Name de prueba
:local File ("LANDivision-01.txt”); # auto-Limitado a
4k=(4096b)
# ------------------------------------------------
/file remove [find name~"LANDivision"]; :delay 2s; # Dell All File (LANDivision)
/file print file=$File; :delay 2s; # Crea File
/file set [find name=$File] contents=""; # Borra contenido x def.
File-0X
# ------------------------------------------------
:foreach x in=[/queue simple find] do={:set IPx [:tostr ([/queue simple get $x
target])]; :set IPx ([:pick $IPx 0 ([:len $IPx]-3)]); :if (($SubNet1=([$FIPaOctX
$IPx 3])) or ($SubNet2=([$FIPaOctX $IPx 3]))) do={:set Name ([/queue simple get $x
name]); :set Name ([:pick $Name 0 26]); :set Plant (“M{}M - N{”.[$AddCToLen $Name
"Der." " " 26].”}N - I{”.(([$AddCToLen ([:tostr [$FIPaOctX $IPx 1]]) "Izq." “0"
3]).”.”.([$AddCToLen([:tostr [$FIPaOctX $IPx 2]]) "Izq." “0" 3]).”.”. ([$AddCToLen
([:tostr [$FIPaOctX $IPx 3]]) "Izq." “0" 3]).”.”.([$AddCToLen ([:tostr
[$FIPaOctX$IPx 4]]) "Izq." “0" 3])).“}I”); :if ($Iter<52) do={:set Iter ($Iter+1);}
else={:set Iter (1); :set Nro ($Nro+1); :set File ([:pick $File 0 ([find $File“-”
0]+1)].([$AddCToLen ([:tostr $Nro]) "Izq." “0" 2]).”.txt”); /file print file=$File;
:delay 2s; /file set [find name=$File] contents="";}; /file set
$Filecontents=([/file get $File contents].$Plant.”\r\n”); :set Body ($Body.”\r\n”.
$Plant);}};
#Nota: creara (05 files) por cada (255 Queue.Simple).

# RestauraTXT (QuequeSimple.LANDivision): --------------------------------------


# comment=”( RestauraTXT.QueueSimple-LANDivision )”
# ------------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return $1};
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local File ("LANDivision-”);
:local Body “---”;
:local Name “---”;
:local IPx “…”;
:local FileCant 10; # Establecer cantidad de files (LANDivision-
0X.txt)
:for x from=1 to=$FileCant step=1 do={:set File ([:pick $File 0 ([:find $File “-” -
1]+1)].([$AddCToLen ([:tostr $x]) "Izq." “0" 2]).”.txt”); :set Body([/file get
$File contents]); :while ([:find $Body “M{x}M” 0]>0) do={:set Body ([:pick $Body
([:find $Body “M{x}M” -1]+5) [:len $Body]]); :setIPx ([pick $Body ([:find $Body
“I{” -1]+2) ([:find $Body “}I” -1])]); :set IPx (([:tostr [$FIPaOctX $IPx 1]]).”.”.
([:tostr [$FIPaOctX $IPx 2]]).”.”.([:tostr [$FIPaOctX $IPx 3]]).”.”.([:tostr
[$FIPaOctX $IPx 4]])); :set Name ([/queue simple get value-name=name [find
target=($IPx."/32")]].”#1”); /queue simple set [find (target=($IPx."/32"))]
name=$Name;}}
# Nota: luego de comprobar, eliminar todos los files (LANDivision-0X.txt).

# Clona.Marcados (QueueSimple.LANDivision): ------------------------- [#1®#2]


# comment=”( Clona.Marcados (QueueSimple.LANDivision) )”
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local SubNetN 4; # Cambiar según (NewRed)
:local Octeto4N 50; # Establecer según cantidad de marcas (#1)
:local IPO;
:local IPN;
:local Name;
:local MaxLimit;
:local LimitAt;
:local BurstLimit;
:local BurstTime;
:local BurstThreshold;
:local Parent;
:local Queue;
:local Priority;
:foreach x in=[/queue simple find (name~”#1”)] do={:set IPO ([/queue simple get $x
target]); :set Name (([:pick ([/queue simple get $x name]) 0 ([:len [/queue simple
get $x name]]-1)])."2"); :set MaxLimit ([/queue simple get $x max-limit]); :set
LimitAt ([/queue simple get $x limit-at]); :setBurstLimit ([/queue simple get $x
burst-limit]); :set BurstTime ([/queue simple get $x burst-time]); :set
BurstThreshold ([/queue simple get $x burst-threshold]); :set Queue ([/queue simple
get $x queue]); :set Priority ([/queue simple get $x priority]); :set Parent
([/queue simple get $x parent]); :set IPN ((:tostr [$FIPaOctX $IPO 1]).”.”.(:tostr
[$FIPaOctX $IPO 2]).”.”. ($SubNetN).”.”. (:tostr [$Octeto4N])); /queue simple set
[find (target=($IPN."/32"))] name=$Name; /queue simple set [find
(target=($IPN."/32"))] max-limit=$MaxLimit; /queue simple set [find
(target=($IPN."/32"))] limit-at=$LimitAt; /queue simple set [find
(target=($IPN."/32"))] burst-limit=$BurstLimit; /queue simple set [find
(target=($IPN."/32"))] burst-time=$BurstTime; /queue simple set [find
(target=($IPN."/32"))] burst-threshold=$BurstThreshold; /queue simple set [find
(target=($IPN."/32"))] queue=$Queue; /queue simple set [find (target=($IPN."/32"))]
priority=$Priority; /queue simple set [find (target=($IPN."/32"))]
parent=$Parent; :set Octeto4N ($Octeto4N+1);}

# AddressList.LANDivision (Remove.#2):
----------------------------------------------
/ip firewall address-list remove [find (comment~"#2" and !(comment~"S: "))]; #
necesita de una previa limpia e identificación de IPs.

# AddressList.LANDivision (Add.#1):
---------------------------------------------------
:foreach x in=[/ip queue simple find (name~"#1")] do={/ip firewall address-list add
list=C-CLIENTDROP.List address=$x target; comment=”( Libre )”; disable=yes;}

QueueSimple.LANDivision (Rename.#1): ----------------------------------------------


# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# -----------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# -----------------------------------------------
:local y ”4”; #
cambiar según LAN
:local IPx;
:local Nombre “-”;
:foreach x in=[/ip queue simple find (name~"#1")] do={:set IPx ($x target); :set
Nombre ("_Libre 1.2.".[$AddCToLen $y "Izq." "0" 3].”.”.[$AddCToLen (:tostr
[$FIPaOctX $IPx 4]) "Izq." "0" 3]." [ 00000 :: __/__/__=__/__/__+__/__ ]");
disable=yes;}
# Nota: (Name.Len=25).

# Exportar Queue.Simple y ARP.List:


---------------------------------------------------
# /queue export file=QueueSimple.rsc
# /ip arp export file=ArpList.rsc

# Importar Queue.Simple y ARP.List:


---------------------------------------------------
# /import QueueSimple.rsc
# /import ArpList.rsc
QueueSimple.LANDivision: ------------------------------------------------ [ FIN ]

#
-----------------------------------------------------------------------------------
[INI]
# -------------------------------- [Protocolo BGP]
-------------------------------------
#
-----------------------------------------------------------------------------------
--------
# Reglas para (BGP):
--------------------------------------------------------------------
# Fundamentalmente, BGP (protocolo de router de pasarela externa: utiliza el puerto
179 TCP), conecta AS (sistemas autónomos: conjunto de redes/dispositivos bajo un
mismo dominio administrativo. Poseen, un bloque de IPv4/IPv6, que publican al resto
de AS, para poder ser alcanzados). Interconexion dentro de dominion
administrativos. Cada AS, tiene un ASN (numero de sistema autónomo). De (1 a 64511:
16b), reservados para uso público. De (64512 a 65534: 16b), para uso privado.
LACNIC, posee los ASN (4.0 a 4.1023). Las sesiones BGP, se establecen con otros
routers configurando (peers BGP). Los peers (pares BGP), son los routers vecinos
con los que comparto redes. (eBGP): si los peers vecinos pertenecen a otro AS (lo
utilizamos para conectarnos con roveedores de Internet u otras entidades que tengan
AS). (iBGP): si los peers vecinos pertenecen a nuestro AS (lo utilizamos para
distribuir rutas dentro de nuestro AS, generalmente iBGP se apoya en otro método de
ruteo (ruteo estátio, RIP, OSPF)). Algunos atributos conocidos son: Weight
("peso"), Local Preference ("preferencia local"), AS Path ("camino de AS"). Si dos
(peers), publican la misma ruta, se prioriza la de mayor peso (weight). Si dos
(routers) dentro de un mismo AS, permiten alcanzar las mismas rutas, se prioriza el
de mayor (local reference). BGP, utiliza el (as path) para que las redes destino se
alcancen tomando el camino que atraviese menos cantidad de AS. Bogons GBP servers:
(65332:888). Lista negra BGP servers (6549:666).

# ---------------------------------------------- (Constantes BGP)


:global BGPISP1IP30 10.1.1.10/30; # ARSAT-VCI.BGPIP30 (de ARSAT)
:global BGPISP2IP30 10.2.1.10/30; # TELCO-VCI.BGPIP30 (de TELCO)
:global BGPVCI1IP30 10.1.1.9/30; # VCI-ARSAT.BGPIP30 (de ARSAT)
:global BGPVCI2IP30 10.2.1.9/30; # VCI-TELCO.BGPIP30 (de TELCO)
# -----------------------
:global BGPISP1WAN “WAN1”; # ARSAT.BGPInterface (de ARSAT)
:global BGPISP2WAN “WAN1”; # TELCO.BGPInterface (de TELCO)
:global BGPVCI1WAN “WAN1”; # VCI-ARSAT.BGPInterface
:global BGPVCI2WAN “WAN2”; # VCI-TELCO.BGPInterface
# -----------------------
:global BGPISP1GW 10.10.100.1/22; # ARSAT.IPGW (de ARSAT)
:global BGPISP2GW 10.10.200.1/22; # TELCO.IPGW (de TELCO)
:global BGPVCI1GWA 192.168.252.1/24; # VCI.IPGWA
:global BGPVCI1GWB 192.168.253.1/23; # VCI.IPGWB
# -----------------------
:global BGPISP1LAN “LAN1”; # ARSAT.GWInterface (de ARSAT)
:global BGPISP2LAN “LAN1”; # TELCO.GWInterface (de TELCO)
:global BGPVCI1LANA “LAN1”; # VCI-ARSAT.GWAInterface
:global BGPVCI1LANB “LAN2”; # VCI-TELCO.GWBInterface
# -----------------------
:global BGPISP1ASN 64513; # ARSAT.ASN (de ARSAT)
:global BGPISP2ASN 64514; # TELCO.ASN (de TELCO)
:global BGPVCI1ASN 64515; # VCI.ASN
# -----------------------
:global BGPISP1IPP 10.100.12.0/22; # ARSAT.IPPublicadas (de ARSAT)
:global BGPISP2IPP 10.101.12.0/22; # TELCO.IPPublicadas (de TELCO)
:global BGPVCI1IPPA 192.168.252.0/24; # VCI.IPPublicadasA
:global BGPVCI1IPPB 192.167.252.0/23; # VCI.IPPublicadasB
# -------------------------------------------------
:global BGPISP1LBMAC 00:11:11:00:00:00; # ARSAT.LBMAC (de ARSAT)
:global BGPISP2LBMAC 00:11:22:00:00:00; # TELCO.LBMAC (de TELCO)
:global BGPVCI1LBMAC 00:11:55:00:00:00; # VCI.LBMAC
# -----------------------
:global BGPISP1LBIP 10.10.5.1; # ARSAT.LBIP (de ARSAT)
:global BGPISP2LBIP 10.10.5.2; # TELCO.LBIP (de TELCO)
:global BGPVCI1LBIP 10.10.5.5; # VCI.LBIP
# ----------------------- (si no uso: IP.LoopBack)
:global BGPISP1RID ([pick [tostr $BGPISP1IP30] 0 ([len [tostr $BGPISP1IP30]]-3)]);
# ARSAT-VCI.BGPRID de ARSAT)
:global BGPISP2RID ([pick [tostr $BGPISP2IP30] 0 ([len [tostr $BGPISP2IP30]]-3)]);
# TELCO-VCI.BGPRID (de TELCO)
:global BGPVCI1RID ([pick [tostr $BGPVCI1IP30] 0 ([len [tostr $BGPVCI1IP30]]-3)]);
# VCI-ARSAT.BGPRID (de ARSAT)
:global BGPVCI2RID ([pick [tostr $BGPVCI2IP30] 0 ([len [tostr $BGPVCI2IP30]]-3)]);
# VCI-TELCO.BGRID (de TELCO)

# GateWay.Border (VCI.BGP): ---------------------------- [switch (CISCO.3560G)]


# ------------------------------------------ (Estableciendo BGP.RIDs)
/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPVCI1LBMAC auto-mac=no
comment=”R+: BGP (BGP.VIC1LB Interface)” disable=yes;
/ip address add address=$BGPVCI1LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.VCI1LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPVCI1IP30 interface=$BGPVCI1WAN comment=”R+: BGP
(IPP/30, dispuesta x VCI1 x su S/R.BGP)” disable=yes;
/ip address add address=$BGPVCI2IP30 interface=$BGPVCI2WAN comment=”R+: BGP
(IPP/30, dispuesta x VCI2 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPVCI1GW interface=$BGPVCI1LAN comment=”R+: BGP (IPP/24,
dispuesta x VCI1 x su IP.GWA)” disable=yes;
/ip address add address=$BGPVCI2GW interface=$BGPVCI2LAN comment=”R+: BGP (IPP/23,
dispuesta x VCI1 x su IP.GWB)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPVCI1RID as=$BGPVCI1ASN comment=”R+: BGP
(VCI1.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.VCI-ARSAT” remote-address=$BGPISP1RID remote-
as=$BGPISP1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.ARSAT-VCI)” disable=yes;
# --------------------
/routing bgp peer add name=”BGP.VCI-TELCO” remote-address=$BGPISP2RID remote-
as=$BGPISP2ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.TELCO-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPVCI1IPPA synchronize=no comment=”R+: BGP
(IP.Pool de VCI1A)” disable=yes;
# --------------------
/routing bgp network add network=$BGPVCI1IPPB synchronize=no comment=”R+: BGP
(IP.Pool de VCI1B)” disable=yes;
# …

# GateWay.Border (ARSAT.BGP): ------------------------ [switch (CISCO.--------)]


/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPISP1LBMAC auto-mac=no
comment=”R+: BGP (BGP.ISP1LB Interface)” disable=yes;
/ip address add address=$BGPISP1LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.ISP1LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPISP1IP30 interface=$BGPISP1WAN comment=”R+: BGP
(IPP/30, dispuesta x ISP1 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPISP1GW interface=$BGPISP1LAN comment=”R+: BGP (IPP/22,
dispuesta x ISP1 x su IP.GW)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPISP1RID as=$BGPISP1ASN comment=”R+: BGP
(ISP1.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.ARSAT-VCI” remote-address=$BGPVCI1RID remote-
as=$BGPVCI1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.ARSAT-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPISP1IPP synchronize=no comment=”R+: BGP
(IP.Pool de ISP1)” disable=yes;
# …

# GateWay.Border (TELCO.BGP): ------------------------ [switch (CISCO.--------)]


/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPISP2LBMAC auto-mac=no
comment=”R+: BGP (BGP.ISP2LB Interface)” disable=yes;
/ip address add address=$BGPISP2LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.ISP2LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPISP2IP30 interface=$BGPISP2WAN comment=”R+: BGP
(IPP/30, dispuesta x ISP2 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPISP2GW interface=$BGPISP2LAN comment=”R+: BGP (IPP/22,
dispuesta x ISP2 x su IP.GW)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPISP2RID as=$BGPISP2ASN comment=”R+: BGP
(ISP2.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.TELCO-VCI” remote-address=$BGPVCI2RID remote-
as=$BGPVCI1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.TELCO-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPISP2IPP synchronize=no comment=”R+: BGP
(IP.Pool de ISP2)” disable=yes;
# …
#
-----------------------------------------------------------------------------------
[FIN]
# -------------------------------- [Protocolo BGP]
-------------------------------------
#
-----------------------------------------------------------------------------------
--------

#
-----------------------------------------------------------------------------------
[INI]
# ------------------------------ [Protocolo Romon]
-----------------------------------
#
-----------------------------------------------------------------------------------
-------
# (Access via Leyer.2): aplicar en c/Route que use x alcanzar (Route.Dst) desde
(Route.Local=WinBox.RomonAgent).
/tool romon set enable=yes secrets=private; # Secret=password
/tool romon port add interface=LAN1 disable=no; # Add (interfaces-Romon)
/tool romon port set forbid=yes [find (interface=all)]; # Block (interfaces-Romon)
# /tool romon port remove [find interface=LAN1]; # Dell (interfaces-Romon)
#
-----------------------------------------------------------------------------------
[FIN]
# ------------------------------ [Protocolo Romon]
-----------------------------------
#
-----------------------------------------------------------------------------------
-------

#
-----------------------------------------------------------------------------------
[INI]
# ----------------------------- [Balanceos de Carga]
---------------------------------
#
-----------------------------------------------------------------------------------
-------
# Reglas para (Balanceo de Carga): ----------------------------------- (no probado)
# Fundamentalmente, divide la carga (conexiones) entre diferentes
out-interfaces/enlaces. Existen tres tipos de balanceos de carga: (ECMP/NTH/PCC).

# Reglas para (Balanceo de Carga): ---------------------------------------- [ECMP]


# Activar reglas (NAT.masquerade: R<:), según corresponda (diferentes Gateways de
igual Mbps).
/ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-
connection-mark=ISP1Conn log=no log-prefix=”BC-ECMP.Marco (Conn.IN: ISP1Conn)”
comment=”001R<: BC-ECMP.Marco (Conn.IN: ISP1Conn)” disable=yes;
/ip firewall mangle add chain=output new-connection-mark=ISP1Conn action=mark-
routing log=no log-prefix=”BC-ECMP.Marco (Rout.OUT: toISP1)” new-routing=toISP1
comment=”002R<: BC-ECMP.Marco (Rout.OUT: toISP1)” disable=yes;
/ip firewall mangle add chain=input in-interface=WAN2 action=mark-connection new-
connection-mark=ISP2Conn log=no log-prefix=”BC-ECMP.Marco (Conn.IN: ISP2Conn)”
comment=”003R<: BC-ECMP.Marco (Conn.IN: ISP2Conn)” disable=yes;
/ip firewall mangle add chain=output new-connection-mark=ISP2Conn action=mark-
routing log=no log-prefix=”BC-ECMP.Marco (Rout.OUT: toISP2)” new-routing=toISP2
comment=”004R<: BC-ECMP.Marco (Rout.OUT: toISP2)” disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1,1.2.4.1 comment="10R<: BC-
ECMP.Rutas (ISPs.Rutas)" disable=yes; # Gateway distintos y distintos ISP.
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-ECMP.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-ECMP.Ruta (ISP2.Ruta)" disable=yes;
# …

# ------------------------------------------- [mismo Gateway y distintas


Interfaces]
# /ip route add check-gateway=ping gateway=1.2.3.1%WAN1,1.2.4.1%WAN2 comment="10R<:
BC-ECMP.Rutas (ISPs.Rutas)" disable=yes;
# /ip route add check-gateway=ping gateway=1.2.3.1%WAN1 routing-mark=toISP1
comment="20R<: BC-ECMP.Ruta (ISP1.Ruta)" disable=yes;
# /ip route add check-gateway=ping gateway=1.2.4.1%WAN2 routing-mark=toISP2
comment="21R<: BC-ECMP.Ruta (ISP2.Ruta)" disable=yes;
# …

# Reglas para (Balanceo de Carga): ------------------------------------------ [NTH]


# Activar reglas (NAT.masquerade: R<:), según corresponda. (nth=2,1), donde (2) es
el nro de WANx activas.
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
state=new nth=2,1 action=mark-connection new-connection-mark=ISP1Conn log=no log-
prefix=”BC-NTH.Marco (Conn.IN: ISP1Conn)” comment=”001R<: BC-NTH.Marco (Conn.IN:
ISP1Conn)” passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP1Conn action=mark-routing new-routing-mark=toISP1 log=no log-prefix=”BC-
NTH.Marco (Rout.OUT: toISP1)” comment=”002R<: BC-NTH.Marco (Rout.OUT: toISP1)”
passthrough=no disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
state=new nth=2,2 action=mark-connection new-connection-mark=ISP2Conn log=no log-
prefix=”BC-NTH.Marco (Conn.IN: ISP2Conn)” comment=”001R<: BC-NTH.Marco (Conn.IN:
ISP2Conn)” passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP2Conn action=mark-routing new-routing-mark=toISP2 log=no log-prefix=”BC-
NTH.Marco (Rout.OUT: toISP1)” comment=”002R<: BC-NTH.Marco (Rout.OUT: toISP1)”
passthrough=no disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-NTH.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-NTH.Ruta (ISP2.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.3.1 comment="22R<: BC-NTH.Ruta
(ISP1.Ruta x routing-mark=no-mark)" disable=yes;

# Reglas para (Balanceo de Carga): -------------------------------------------


[PCC]
# Activar reglas (NAT.masquerade: R<:), según corresponda. (src-address-and-
port:X/0)/(both-addresses:X/0), siendo (X), la cantidad de WANs (activas) o una
forma de ponderar interface (WANx) por sobre el resto (por tener mas Mbps).
/ip firewall mangle add chain=prerouting dst-address=1.2.3.0/24 action=accept in-
interface-list=LANs comment="001R<: BC-PCC.Accept (LANs to ISP1Conn)" disable=yes;
/ip firewall mangle add chain=prerouting dst-address=1.2.4.0/24 action=accept in-
interface-list=LANs comment="002R<: BC-PCC.Accept (LANs to ISP2Conn)" disable=yes;
# …

# -------------------------------------------
/ip firewall mangle add chain=prerouting in-interface=WAN1 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP1Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP1Conn)” comment=”003R<: BC-PCC.Marco (Conn.IN: ISP1Conn)” disable=yes;
/ip firewall mangle add chain=prerouting in-interface=WAN2 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP2Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP2Conn)” comment=”004R<: BC-PCC.Marco (Conn.IN: ISP2Conn)” disable=yes;
# …

# -------------------------------------------
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-mark=no-
mark per-connection-classifier=src-address-and-port:2/0 action=mark-connection dst-
address-type=!local new-connection-mark=ISP1Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP1Conn)” comment=”005R<: BC-PCC.Marco (Conn.IN: ISP1Conn)” disable=yes;
# /ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=no-mark per-connection-classifier=both-addresses:2/0 action=mark-connection
dst-address-type=!local new-connection-mark=ISP1Conn log=no log-prefix=”BC-
PCC.Marco (Conn.IN: ISP1Conn)” comment=”005Rx: BC-PCC.Marco (Conn.IN: ISP1Conn)”
disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-mark=no-
mark per-connection-classifier=src-address-and-port:2/1 action=mark-connection dst-
address-type=!local new-connection-mark=ISP2Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP2Conn)” comment=”006R<: BC-PCC.Marco (Conn.IN: ISP2Conn)” disable=yes;
# /ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=no-mark per-connection-classifier=both-addresses:2/1 action=mark-connection
dst-address-type=!local new-connection-mark=ISP2Conn log=no log-prefix=”BC-
PCC.Marco (Conn.IN: ISP2Conn)” comment=”006Rx: BC-PCC.Marco (Conn.IN: ISP2Conn)”
disable=yes;
# …

# ---------------------
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP1Conn action=mark-routing new-routing-mark=toISP1 log=no log-prefix=”BC-
PCC.Marco (Rout.IN: toISP1)” comment=”007R<: BC-PCC.Marco (Rout.IN: toISP1)”
disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP2Conn action=mark-routing new-routing-mark=toISP2 log=no log-prefix=”BC-
PCC.Marco (Rout.IN: toISP2)” comment=”008R<: BC-PCC.Marco (Rout.IN: toISP2)”
disable=yes;
# …

# ---------------------
/ip firewall mangle add chain=output connection-mark=ISP1Conn action=mark-routing
new-routing-mark=toISP1 log=no log-prefix=”BC-PCC.Marco (Rout.OUT: toISP1)”
comment=”009R<: BC-PCC.Marco (Rout.OUT: toISP1)” passthrough=no disable=yes;
/ip firewall mangle add chain=output connection-mark=ISP2Conn action=mark-routing
new-routing-mark=toISP2 log=no log-prefix=”BC-PCC.Marco (Rout.OUT: toISP2)”
comment=”010R<: BC-PCC.Marco (Rout.OUT: toISP2)” disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-PCC.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-PCC.Ruta (ISP2.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.3.1 scope=1 comment="22R<: BC-PCC.Ruta
(ISP1.Ruta-Failover)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 scope=2 comment="23R<: BC-PCC.Ruta
(ISP2.Ruta-Failover)" disable=yes;

#
-----------------------------------------------------------------------------------
[FIN]
# ----------------------------- [Balanceos de Carga]
---------------------------------
#
-----------------------------------------------------------------------------------
-------

#
-----------------------------------------------------------------------------------
[INI]
# ------------------------------------ [Bonding]
----------------------------------------
#
-----------------------------------------------------------------------------------
-------
# Reglas para (Bonding): ---- [agregación de interfaces en un unico enlace virtual]
# Sumatoria de interfaces. Se necesitan dos router/switch (uno en cada punta de los
enlaces) y conectar cada puerto con cada AP/ST (enlaces).
# ------------------------------------------- [Router.Local]
/interface bonding add name=VCIBonding slaves=WAN1,WAN2 mode=balance-rr
comment=”01R<: VCIBondig.Add (Bonding Interface.Local)” disable=yes;
# ------------------------
/ip address add address=192.168.79.13/30 interface=VCIBonding comment=”01R<:
VCIBonding.Interface (AP-ST)” disable=yes;
/ip address add address=192.168.79.1/30 interface=WAN1 comment=”01R>: BondingWAN1.[
Elisa (AP:1.2.3.1-ST:1.2.3.2) ]” disable=yes;
/ip address add address=192.168.79.5/30 interface=WAN2 comment=”02R>: BondingWAN2.[
Elisa (AP:1.2.3.4-ST:1.2.3.5) ]” disable=yes;
# …

# ------------------------------------------- [Router.no-Local]
/interface bonding add name=VCIBonding slaves=WAN1,WAN2 mode=balance-rr
comment=”01R>: VCIBondig.Add (Bonding Interface.no-Local)” disable=yes;
# ------------------------
/ip address add address=192.168.79.14/30 interface=VCIBonding comment=”01R>:
VCIBonding.Interface (ST-AP)” disable=yes;
/ip address add address=192.168.79.2/30 interface=WAN1 comment=”01R>: BondingWAN1.[
Elisa (ST:1.2.3.1-AP:1.2.3.2) ]” disable=yes;
/ip address add address=192.168.79.6/30 interface=WAN2 comment=”02R>: BondingWAN2.[
Elisa (ST:1.2.3.4-AP:1.2.3.5) ]” disable=yes;
# …
#
-----------------------------------------------------------------------------------
[FIN]
# ------------------------------------ [Bonding]
----------------------------------------
#
-----------------------------------------------------------------------------------
-------
-------------------------------------------------------------------------------
[ FIN ]
-----------------------------------------------------------------------------------
-----
--------------------------- Scripts (accesorios):
-----------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----

RouterOS.Config (Basic 02-02)


...

# HTB (Leyer7 Rules): ----------------------------------------------------- [ INI ]


# En análisis de HTB, es previo al de Queue.Simple en el Flow de RouterOS.
# Down (¿50M?):
------------------------------------------------------------------------
/ip firewall layer7-protocol add name=File.Down regexp="^.+\\.(exe|rar|zip|7z|cab|
asf|mov|vob|wmv|mpg|mpeg|mkv|avi|flv|wav|rm|mp3|mp|ram|rmvb|dat|daa|iso|nrg|bin|
vcd|3gp|aac|ace|aif|arj|bz2|gz|gzip|img|lzh|m4a|m4v|mpa|mpe|msi|msu|ogg|ogv|pdf|
plj|pps|ppt|qt|ro*|r1*|ra|rm|sea|sit|sitx|tar|tif|tiff|z|001|002|003|004|005).*\$"
comment="028C+: L7 (Patron regular de File.Down)";
/ip firewall layer7-protocol add name=Video.Streaming regexp=”^.+(videoplayback|
video).*\$” comment="001C+: L7 (Patron regular de VideoStream)";
/ip firewall layer7-protocol add name=P2P.WWW regexp="^.+(get|GET).+(torrent|
thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|
zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
comment="002C+: L7 (Patron regular de P2P.WWW)";
/ip firewall layer7-protocol add name=P2P.DNS regexp="^.+(torrent|thepiratebay|
isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|
bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$" comment="003C+: L7
(Patron regular de P2P.DNS)";
/ip firewall layer7-protocol add name=P2P.BitT regexp="^.+(\\x13bittorrent
protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get
/client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP].*\$"
comment="004C+: L7 (Patron regular de P2P.BitTorrent)";
# Nota: BitTorrent: (6881-6999)
/ip firewall layer7-protocol add name=P2P.BitTE regexp="^.+(\\x13bittorrent
protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get
/client/bitcomet/|GET/data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP].*\$"
comment="005C+: L7 (Patron regular de P2P.BitTorrent-Expert)";
# Services.Special:
-----------------------------------------------------------------------
/ip firewall layer7-protocol add name=SpeedTest regexp="^.+(speedtest.3bb.co.th|
speedtest.adslthailand.com|spe edtest1.totbb.net|speedtest.net|
speedtest.trueinternet.co.th|catspeedtest.net).*\$" comment="006C+: L7 (Patron
regular de SpeedTest)";
# Social.Media:
---------------------------------------------------------------------------
# …

# HTB (Mangle Rules): ---------------------------------------------------- [ INI ]


# Mecanismo similar a Firewall, salvo que agrega un condicional (passthrough=no),
evita que continue descendiendo.
# VoIP (Mangle Rules):
-----------------------------------------------------------------
/ip firewall mangle add chain=forward dst-address=X.X.X.X protocol=udp port=10000-
20000 connection-state=newcomment="001Cx: Marco (VoIP-RTP.Conn)" action=mark-
connection new-connection-mark=VoIP-RTP.Conn passthrough=yesdisable=yes;
/ip firewall mangle add chain=forward connection-mark=VoIP-RTP.Conn comment="002Cx:
Marco (VoIP-RTP.1erPacket)" action=mark-packet log=no log-prefix=VoIP-RTP.Pack new-
packet-mark=VoIP-RTP.Pack passthrough=no disable=yes;
# Nota: (87.2k x Call. Cambiar SIP.Port (C-Telefonica y Telefono.IP). RTP, se usa
para el intercambio de voz)
/ip firewall mangle add chain=forward dst-address=X.X.X.X protocol=tcp dst-
port=5060-5061 connection-state=newcomment="003Cx: Marco (VoIP-SIPTCP.Conn)"
action=mark-connection new-connection-mark=VoIP-SIPTCP.Connpassthrough=yes
disable=yes;
/ip firewall mangle add chain=forward connection-mark=VoIP-SIPTCP.Conn
comment="004Cx: Marco (VoIP-SIPTCP.1erPacket)" action=mark-packet log=no log-
prefix=VoIPSIPUDP.Pack new-packet-mark=VoIP-SIPUDP.Packpassthrough=no disable=yes;X
/ip firewall mangle add chain=forward dst-address=X.X.X.X protocol=udp dst-
port=5060-5061 connection-state=newcomment="005Cx: Marco (VoIP-SIPUDP.Conn)"
action=mark-connection new-connection-mark=VoIP-SIPUDP.Connpassthrough=yes
disable=yes;
/ip firewall mangle add chain=forward connection-mark=VoIP-SIPUDP.Conn
comment="006Cx: Marco (VoIP-SIPUDP.1erPacket)" action=mark-packet log=no log-
prefix=VoIP-SIPUDP.Pack new-packet-mark=VoIP-SIPUDP.Packpassthrough=no disable=yes;
# Nota: (65k x Call. Cambiar SIP.Port (C-Telefonica y Telefono.IP: VPN(x)), TCP y
UDP. SIP, se usa para iniciar sesión (RING))
/ip firewall mangle add chain=prerouting in-interface-list=WANs packet-mark=VoIP-
RTP.Pack comment="007Cx: Change (WAN-DSCP.Type Of Service)" action=change-dscp
log=no log-prefix=”WAN-DSCP.TOS (Change)“ new-dscp=10 passthrough=nodisable=yes;
/ip firewall mangle add chain=postrouting out-interface-list=LANs packet-mark=VoIP-
RTP.Pack comment="008Cx: Change(LANs-DSCP.Type Of Service)" action=change-dscp
log=no log-prefix=”LANs-DSCP.TOS (Change)“ new-dscp=46passthrough=no disable=yes;
# Nota: efectivo, en redes que soportan tratamiento por DSCP (priorización de
paquetes: 01-64) – obviamente, debe coincidir con config de C-Telefonica.DSCP –. Se
recomienda, crear VLAN(x) x (out-interface) exclusiva para VoIP.

# IPTV (Mangle Rules): --------------------------------------------------------


[ HLS ]
/ip firewall mangle add chain=forward dst-address=X.X.X.X protocol=tcp port=80
connection-state=new comment="009Cx: Marco(IPTV.Conn)" action=mark-connection new-
connection-mark=IPTV.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=IPTV.Conn comment="010Cx:
Marco (IPTV.1erPacket)" action=mark-packet log=no log-prefix=IPTV.Pack new-packet-
mark=IPTV.Pack passthrough=no disable=yes;
# Nota: (790k x Señal, en H.265). Es un servicio intranet. Fundamental: priorizar
paquetes TCP (SYN – inicio de negociación–/ACK – acuse de recibo –)).

# DNS (Mangle Rules): -------------------------------------------- [DNS.Cache=ON]


/ip firewall mangle add chain=prerouting protocol=udp dst-port=53 connection-
state=new comment="011C+: Marco (DNS-UDP.Conn)" action=mark-connection new-
connection-mark=DNS-UDP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting connection-mark=DNS-UDP.Conn
comment="012C+: Marco (DNS-UDP.1erPacket)" action=mark-packet log=no log-
prefix=DNS-UDP.Pack new-packet-mark=DNS-UDP.Pack passthrough=no disable=yes;
# Nota: (UDP), solicitud de resolución de nombre y (respuesta < 512b).
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=53 connection-
state=new comment="013C+: Marco (DNS-TCP.Conn)" action=mark-connection new-
connection-mark=DNS-TCP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting connection-mark=DNS-TCP.Conn
comment="014C+: Marco (DNS-TCP.1erPacket)" action=mark-packet log=no log-
prefix=DNS-TCP.Pack new-packet-mark=DNS-TCP.Pack passthrough=no disable=yes;
# Nota: (TCP), only x (respuesta >= 512b) y x CPU--, no estableci: (in-interface-
list=LANs).

# ICMP (Mangle Rules):


-----------------------------------------------------------------
/ip firewall mangle add chain=forward protocol=icmp connection-state=new
comment="015C+: Marco (ICMP.Conn)" action=mark-connection new-connection-
mark=ICMP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=ICMP.Conn comment="016C+:
Marco (ICMP.1erPacket)" action=mark-packet log=no log-prefix=ICMP.Pack new-packet-
mark=ICMP.Pack passthrough=no disable=yes;
# Nota: x CPU--, no estableci: (in-interface-list=LANs).

# Social.Media (Mangle Rules):


--------------------------------------------------------
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
YOUTUBE.List comment="017C+: Marco(Youtube.Conn)" action=mark-connection new-
connection-mark=Youtube.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Youtube.Conn comment="018C+:
Marco (Youtube.1erPacket)" action=mark-packet log=no log-prefix=Youtube.Pack new-
packet-mark=Youtube.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
FACEBOOK.List comment="019C+: Marco(Facebook.Conn)" action=mark-connection new-
connection-mark=Facebook.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Facebook.Conn comment="020C+:
Marco (Facebook.1erPacket)" action=mark-packet log=no log-prefix=Facebook.Pack new-
packet-mark=Facebook.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
TWITTER.List comment="021C+: Marco(Twitter.Conn)" action=mark-connection new-
connection-mark=Twitter.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Twitter.Conn comment="022C+:
Marco (Twitter.1erPacket)" action=mark-packet log=no log-prefix=Twitter.Pack new-
packet-mark=Twitter.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
INSTAGRAM.List comment="023C+: Marco(Instagram.Conn)" action=mark-connection new-
connection-mark=Instagram.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Instagram.Conn
comment="024C+: Marco (Instagram.1erPacket)" action=mark-packet log=no log-
prefix=Instagram.Pack new-packet-mark=Instagram.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
NETFLIX.List comment="025C+: Marco(Netflix.Conn)" action=mark-connection new-
connection-mark=Netflix.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Netflix.Conn comment="026C+:
Marco (Netflix.1erPacket)" action=mark-packet log=no log-prefix=Netflix.Pack new-
packet-mark=Netflix.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
WHATSAPP.List comment="027C+: Marco(Whatsapp.Conn)" action=mark-connection new-
connection-mark=Whatsapp.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Whatsapp.Conn comment="028C+:
Marco (Whatsapp.1erPacket)" action=mark-packet log=no log-prefix=Whatsapp.Pack new-
packet-mark=Whatsapp.Pack passthrough=no disable=yes;
# Nota: Whatsapp.Port=TCP: (4244,5222,5223,5228,5242), TCP/UDP: (50318,59234) y
UDP: (3478,45395).
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
SKYPE.List comment="029C+: Marco(Skype.Conn)" action=mark-connection new-
connection-mark=Skype.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Skype.Conn comment="030C+:
Marco (Skype.1erPacket)" action=mark-packet log=no log-prefix=Skype.Pack new-
packet-mark=Skype.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
SPOTIFY.List comment="031C+: Marco(Spotify.Conn)" action=mark-connection new-
connection-mark=Spotify.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Spotify.Conn comment="032C+:
Marco (Spotify.1erPacket)" action=mark-packet log=no log-prefix=Spotify.Pack new-
packet-mark=Spotify.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
SNAPCHAT.List comment="033C+: Marco(Snapchat.Conn)" action=mark-connection new-
connection-mark=Snapchat.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Snapchat.Conn comment="034C+:
Marco (Snapchat.1erPacket)" action=mark-packet log=no log-prefix=Snapchat.Pack new-
packet-mark=Snapchat.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
TELEGRAM.List comment="035C+: Marco(Telegram.Conn)" action=mark-connection new-
connection-mark=Telegram.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Telegram.Conn comment="036C+:
Marco (Telegram.1erPacket)" action=mark-packet log=no log-prefix=Telegram.Pack new-
packet-mark=Telegram.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
TWITCH.List comment="037C+: Marco(Twitch.Conn)" action=mark-connection new-
connection-mark=Twitch.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Twitch.Conn comment="038C+:
Marco (Twitch.1erPacket)" action=mark-packet log=no log-prefix=Twitch.Pack new-
packet-mark=Twitch.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=S-
VIMEO.List comment="039C+: Marco(Vimeo.Conn)" action=mark-connection new-
connection-mark=Vimeo.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Vimeo.Conn comment="040C+:
Marco (Vimeo.1erPacket)" action=mark-packet log=no log-prefix=Vimeo.Pack new-
packet-mark=Vimeo.Pack passthrough=no disable=yes;
# Nota: Deje Space x (17) reglas social media mas.

# HTTPS (Mangle Rules):


---------------------------------------------------------------
/ip firewall mangle add chain=forward protocol=udp dst-port=443 connection-
state=new comment="075C+: Marco (HTTPS-UDP.Conn)" action=mark-connection new-
connection-mark=HTTPS-UDP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=HTTPS-UDP.Conn
comment="076C+: Marco (HTTPS-UDP.1erPacket)" action=mark-packet log=no log-
prefix=HTTPS-UDP.Pack new-packet-mark=HTTPS-UDP.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward protocol=tcp dst-port=443 connection-
state=new comment="077C+: Marco (HTTPS-TCP.Conn)" action=mark-connection new-
connection-mark=HTTPS-TCP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=HTTPS-TCP.Conn
comment="078C+: Marco (HTTPS-TCP.1erPacket)" action=mark-packet log=no log-
prefix=HTTPS-TCP.Pack new-packet-mark=HTTPS-TCP.Pack passthrough=no disable=yes;

# HTTP (Mangle Rules):


-----------------------------------------------------------------
/ip firewall mangle add chain=forward protocol=tcp dst-port=80,8080 connection-
state=new comment="079C+: Marco(HTTP.Conn)" action=mark-connection new-connection-
mark=HTTP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=HTTP.Conn comment="080C+:
Marco (HTTP.1erPacket)" action=mark-packet log=no log-prefix=HTTP.Pack new-packet-
mark=HTTP.Pack passthrough=no disable=yes;

# Down (¿50M?) (Mangle Rules):


-----------------------------------------------------
/ip firewall mangle add chain=forward connection-state=new layer7-
protocol=File.Down connection-bytes=50M comment="111Cx: Marco (FileDown.Conn) :: "
action=mark-connection new-connection-mark=FileDown.Conn passthrough=yes
disable=yes;
/ip firewall mangle add chain=forward connection-mark=FileDown.Conn comment="112Cx:
Marco (FileDown.1erPacket) :: " action=mark-packet log=no log-prefix=FileDown.Pack
new-packet-mark=FileDown.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new layer7-
protocol=Video.Streaming connection-bytes=50M comment="113Cx: Marco
(VideoStreaming.Conn) :: " action=mark-connection new-connection-
mark=VideoStreaming.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VideoStreaming.Conn
comment="114Cx: Marco (VideoStreaming.1erPacket) :: " action=mark-packet log=no
log-prefix=VideoStreaming.Pack new-packet-mark=VideoStreaming.Pack passthrough=no
disable=yes;
/ip firewall mangle add chain=forward connection-state=new layer7-protocol=P2P.WWW
connection-bytes=50M comment="115Cx: Marco (P2PWWW.Conn) :: " action=mark-
connection new-connection-mark=P2PWWW.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=P2PWWW.Conn comment="116Cx:
Marco (P2PWWW.1erPacket) :: " action=mark-packet log=no log-prefix=P2P-WWW.Pack
new-packet-mark=P2P-WWW.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new layer7-protocol=P2P.DNS
connection-bytes=50M comment="117Cx: Marco (P2PDNS.Conn) :: " action=mark-
connection new-connection-mark=P2PDNS.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=P2PDNS.Conn comment="118Cx:
Marco (P2PDNS.1erPacket) :: " action=mark-packet log=no log-prefix=P2P-DNS.Pack
new-packet-mark=P2P-DNS.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new layer7-protocol=P2P.BitT
connection-bytes=50M comment="119Cx: Marco (P2PBitTorrent.Conn) :: " action=mark-
connection new-connection-mark=P2PBitT.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=P2PBitT.Conn comment="120Cx:
Marco (P2PBitTorrent.1erPacket) :: " action=mark-packet log=no log-prefix=P2P-
BitT.Pack new-packet-mark=P2P-BitT.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward connection-state=new layer7-
protocol=P2P.BitTE connection-bytes=50M comment="121Cx: Marco (P2PBitTorrentE.Conn)
:: " action=mark-connection new-connection-mark=P2PBitTE.Conn passthrough=yes
disable=yes;
/ip firewall mangle add chain=forward connection-mark=P2PBitTE.Conn comment="122Cx:
Marco (P2PBitTorrentE.1erPacket) :: " action=mark-packet log=no log-prefix=P2P-
BitTE.Pack new-packet-mark=P2P-BitTE.Pack passthrough=no disable=yes;
# Nota: decidir si conviene o no usar (connection-bytes=50M).

# Services.Special (Mangle Rules):


---------------------------------------------------
# VPN (Mangle Rules):
-----------------------------------------------------------------
/ip firewall mangle add chain=forward protocol=udp dst-port=500,1194,4500
connection-state=new comment="123C+: Marco (VPN-UDP.Conn) :: " action=mark-
connection new-connection-mark=VPN-UDP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-UDP.Conn comment="124C+:
Marco (VPN-UDP.1erPacket) :: " action=mark-packet log=no log-prefix=VPN-UDP.Pack
new-packet-mark=VPN-UDP.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward protocol=tcp dst-port=1194,1701,1723
connection-state=new comment="125C+: Marco (VPN-TCP.Conn) :: " action=mark-
connection new-connection-mark=VPN-TCP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-TCP.Conn comment="126C+:
Marco (VPN-TCP.1erPacket) :: " action=mark-packet log=no log-prefix=VPN-TCP.Pack
new-packet-mark=VPN-TCP.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward protocol=gre connection-state=new
comment="127C+: Marco (VPN-GREr.Conn) :: " action=mark-connection new-connection-
mark=VPN-GRE.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-GRE.Conn comment="128C+:
Marco (VPN-GRE.1erPacket) :: " action=mark-packet log=no log-prefix=VPN-GRE.Pack
new-packet-mark=VPN-GRE.Pack passthrough=no disable=yes;
/ip firewall mangle add chain=forward protocol=ipsec-esp connection-state=new
comment="129C+: Marco (VPN-IPSECESP.Conn) :: " action=mark-connection new-
connection-mark=VPN-IPSECESP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-IPSECESP.Conn
comment="130C+: Marco (VPN-IPSECESP.1erPacket) :: " action=mark-packet log=no log-
prefix=VPN-IPSECESP.Pack new-packet-mark=VPN-IPSECESP.Pack passthrough=no
disable=yes;
/ip firewall mangle add chain=forward protocol=ipsec-ah connection-state=new
comment="131C+: Marco (VPN-IPSECAH.Conn) :: " action=mark-connection new-
connection-mark=VPN-IPSECESP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-IPSECAH.Conn
comment="132C+: Marco (VPN-IPSECAH.1erPacket) :: " action=mark-packet log=no log-
prefix=VPN-IPSECAH.Pack new-packet-mark=VPN-IPSECAH.Pack passthrough=no
disable=yes;
/ip firewall mangle add chain=forward protocol=ipencap connection-state=new
comment="133C+: Marco (VPN-IPENCAP.Conn) :: " action=mark-connection new-
connection-mark=VPN-IPENCAP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-IPENCAP.Conn
comment="134C+: Marco (VPN-IPENCAP.1erPacket) :: " action=mark-packet log=no log-
prefix=VPN-IPENCAP.Pack new-packet-mark=VPN-IPENCAP.Pack passthrough=no
disable=yes;
/ip firewall mangle add chain=forward connection-state=new dst-address-list=V-
DDNS.List comment="135C+: Marco (VPN-DDNS.Conn) :: " action=mark-connection new-
connection-mark=VPN-DDNS.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=VPN-DDNS.Conn comment="136C+:
Marco (VPN-DDNS.1erPacket) :: " action=mark-packet log=no log-prefix=VPN-DDNS.Pack
new-packet-mark=VPN-DDNS.Pack passthrough=no disable=yes;
# Nota: only drop standart VPN.port (neither SSTP-TCP.433, except include V-
DDNS.List).

# FTP/SFTP (Mangle Rules):


------------------------------------------------------------
/ip firewall mangle add chain=forward protocol=tcp dst-port=20-23 packet-size=1400-
1500 connection-state=new comment="140C+: Marco (FTP/SFTP.Conn) :: " action=mark-
connection new-connection-mark=FTP.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=FTP.Conn comment="141C+:
Marco (FTP.1erPacket) :: " action=mark-packet log=no log-prefix=FTP.Pack new-
packet-mark=FTP.Pack passthrough=no disable=yes;

# SpeedTest (Mangle Rules):


-----------------------------------------------------------
/ip firewall mangle add chain=forward connection-state=new layer7-
protocol=SpeedTest comment="142Cx: Marco (SpeedTest.Conn) :: " action=mark-
connection new-connection-mark=SpeedTest.Conn passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=SpeedTest.Conn
comment="143Cx: Marco (SpeedTest.1erPacket) :: " action=mark-packet log=no log-
prefix=SpeedTest.Pack new-packet-mark=SpeedTest.Pack passthrough=no disable=yes;
# … (reservado hasta 179C)

# Resto de conexiones (Mangle Rules):


----------------------------------------------
/ip firewall mangle add chain=forward connection-state=new comment="180C+: Marco
(Rest.Conn) :: " action=mark-connection new-connection-mark=Rest.Conn
passthrough=yes disable=yes;
/ip firewall mangle add chain=forward connection-mark=Rest.Conn comment="181C+:
Marco (Resto.1erPacket) :: " action=mark-packet log=no log-prefix=Rest.Pack new-
packet-mark=Rest.Pack passthrough=no disable=yes;
# Nota: (asignar AB restante hasta Parent.max-limit).

# -------------------------- HTB (QueueTree Rules): ----------------- [ INI: 01 ]


# En QueueTree, no es posible usar interface-list (LANs), solo interface (etherX).
# QoS.QueueTree (Crea Variables):
---------------------------------------------------
# RB1.Interfaces
:global InterfWAN1 “ether1”; # RB1.WAN1 (interface) [ ISP.01 ]
:global InterfWAN2 “ether2”; # RB1.WAN2 (interface) [ ISP.02 ]
:global InterfLAN1 “ether3”; # RB1.LAN1 (interface) [ ]
:global InterfLAN2 “ether4”; # RB1.LAN2 (interface) [ ]
:global InterfLAN3 “ether5”; # RB1.LAN2 (interface) [ ]
# ---------------------------------------------
# RB2.Interfaces
:global InterfWAN1 “ether1”; # RB1.WAN1 (interface) [ ISP.01 ]
:global InterfWAN2 “ether2”; # RB1.WAN2 (interface) [ ISP.02 ]
:global InterfLAN1 “ether4”; # RB2.LAN1 (interface) [ ]
:global InterfLAN2 “ether5”; # RB2.LAN2 (interface) [ ]
# ---------------------------------------------
# RB3.Interfaces
:global InterfWAN1 “ether4”; # RB1.WAN1 (interface) [ ISP.01 ]
:global InterfLAN1 “ether-HFC”; # RB3.LAN1 (interface) [ CMTS ]

# QoS conections (QueueTree Rules): -------------------------------------------


# -----------------------------------------------------------------------------
[ INI ]

# QoS.UpLoad conections (QueueTree Rules): ----------------------------------


# -----------------------------------------------------------------------------
[ INI ]

# [ Nivel 01 ] -------------------------------------------------------------------
[ INI ]
/queue tree add name=010000.WAN1 parent=$InterfWAN1 limit-at=0 max-limit=0
priority=8 queue=ethernet-default comment="001C+: QoS (WAN1.Ups) :: " disable=yes;

# [ Nivel 02 ] ---------------------------------------------------------- [ INI ]


/queue tree add name=010100.VoIP parent=010000.WAN1 limit-at=0 max-limit=0
priority=1 queue=ethernet-default comment="002Cx: QoS (WAN1.VoIPs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=010101.RTP parent=010100.VoIP packet-mark=VoIP-RTP.Pack limit-
at=0 max-limit=0 priority=1 queue=ethernet-default comment="003Cx: QoS (WAN1.VoIP-
RTP) :: " disable=yes;
/queue tree add name=010102.SIPTCP parent=010100.VoIP packet-mark=VoIP-SIPTCP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="004Cx: QoS
(WAN1.VoIP-SIPTCP) :: " disable=yes;
/queue tree add name=010103.SIPUDP parent=010100.VoIP packet-mark=VoIP-SIPUDP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="005Cx: QoS
(WAN1.VoIP-SIPUDP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=010200.IPTV parent=010000.WAN1 packet-mark=IPTV.Pack limit-


at=0 max-limit=0 priority=2 queue=ethernet-default comment="006Cx: QoS (WAN1.IPTVs)
:: " disable=yes;
/queue tree add name=010300.DNS parent=010000.WAN1 limit-at=256k max-limit=512k
priority=2 queue=ethernet-default comment="007C+: QoS (WAN1.DNS) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=010301.DNS-UDP parent=010300.DNS packet-mark=DNS-UDP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="008C+: QoS
(WAN1.DNS-UDP) :: " disable=yes;
/queue tree add name=010302.DNS-TCP parent=010300.DNS packet-mark=DNS-TCP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="009C+: QoS
(WAN1.DNS-TCP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=010400.ICMP parent=010000.WAN1 packet-mark=ICMP.Pack limit-


at=128k max-limit=256k priority=2 queue=ethernet-default comment="010C+: QoS
(WAN1.ICMP) :: " disable=yes;
/queue tree add name=010500.SocialM parent=010000.WAN1 limit-at=0 max-limit=0
priority=3 queue=ethernet-default comment="011C+: QoS (WAN1.SocialMedia) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=010501.Youtube parent=010500.SocialM packet-mark=Youtube.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="012C+: QoS
(WAN1.Youtube) :: " disable=yes;
/queue tree add name=010502.Netflix parent=010500.SocialM packet-mark=Netflix.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="013C+: QoS
(WAN1.Netflix) :: " disable=yes;
/queue tree add name=010503.Facebook parent=010500.SocialM packet-
mark=Facebook.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="014C+: QoS (WAN1.Facebook) :: " disable=yes;
/queue tree add name=010504.Whatsapp parent=010500.SocialM packet-
mark=Whatsapp.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="015C+: QoS (WAN1.Whatsapp) :: " disable=yes;
/queue tree add name=010505.Twitter parent=010500.SocialM packet-mark=Twitter.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="016C+: QoS
(WAN1.Twitter) :: " disable=yes;
/queue tree add name=010506.Instagram parent=010500.SocialM packet-
mark=Instagram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="017C+: QoS (WAN1.Instagram) :: " disable=yes;
/queue tree add name=010507.Skype parent=010500.SocialM packet-mark=Skype.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="018C+: QoS
(WAN1.Skype) :: " disable=yes;
/queue tree add name=010508.Spotify parent=010500.SocialM packet-mark=Spotify.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="019C+: QoS
(WAN1.Spotify) :: " disable=yes;
/queue tree add name=010509.Snapchat parent=010500.SocialM packet-
mark=Snapchat.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="020C+: QoS (WAN1.Snapchat) :: " disable=yes;
/queue tree add name=010510.Telegram parent=010500.SocialM packet-
mark=Telegram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="021C+: QoS (WAN1.Telegram) :: " disable=yes;
/queue tree add name=010511.Twitch parent=010500.SocialM packet-mark=Twitch.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="022C+: QoS
(WAN1.Twitch) :: " disable=yes;
/queue tree add name=010512.Vimeo parent=010500.SocialM packet-mark=Vimeo.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="023C+: QoS
(WAN1.Vimeo) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=010600.HTTPSTCP parent=010000.WAN1 packet-mark=HTTPS-TCP.Pack


limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment="041C+: QoS
(WAN1.HTTPS-TCP) :: " disable=yes;
/queue tree add name=010700.HTTPSUDP parent=010000.WAN1 packet-mark=HTTPS-UDP.Pack
limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment="042C+: QoS
(WAN1.HTTPS-UDP) :: " disable=yes;
/queue tree add name=010800.HTTP parent=010000.WAN1 packet-mark=HTTP.Pack limit-
at=0 max-limit=0 priority=4 queue=ethernet-default comment="043C+: QoS
(WAN1.HTTP) :: " disable=yes;
/queue tree add name=010900.VPN parent=010000.WAN1 limit-at=0 max-limit=0
priority=5 queue=ethernet-default comment="044C+: QoS (WAN1.VPN) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=010901.VPNTCP parent=010900.VPN packet-mark=VPN-TCP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="045C+: QoS
(WAN1.VPN-TCP) :: " disable=yes;
/queue tree add name=010902.VPNUDP parent=010900.VPN packet-mark=VPN-UDP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="046C+: QoS
(WAN1.VPN-UDP) :: " disable=yes;
/queue tree add name=010903.VPNGRE parent=010900.VPN packet-mark=VPN-GRE.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="047C+: QoS
(WAN1.VPN-GRE) :: " disable=yes;
/queue tree add name=010904.VPNIPSECESP parent=010900.VPN packet-mark=VPN-
IPSECESP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="048C+: QoS (WAN1.VPN-IPSECESP) :: " disable=yes;
/queue tree add name=010905.VPNIPSECAH parent=010900.VPN packet-mark=VPN-
IPSECAH.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="049C+: QoS (WAN1.VPN-IPSECAH) :: " disable=yes;
/queue tree add name=010906.VPNIPENCAP parent=010900.VPN packet-mark=VPN-
IPENCAP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="050C+: QoS (WAN1.VPN-IPENCAP) :: " disable=yes;
/queue tree add name=010907.VPNDDNS parent=010900.VPN packet-mark=VPN-DDNS.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="051C+: QoS
(WAN1.VPN-DDNS) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=011000.FTP parent=010000.WAN1 packet-mark=FTP.Pack limit-at=0


max-limit=0 priority=5 queue=ethernet-default comment="052C+: QoS
(WAN1.FTP/SFTP) :: " disable=yes;
/queue tree add name=011100.SeepT parent=010000.WAN1 packet-mark=SpeedTest.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="053Cx: QoS
(WAN1.SpeedTest) :: " disable=yes;
/queue tree add name=011500.Down parent=010000.WAN1 limit-at=0 max-limit=0
priority=6 queue=ethernet-default comment="060Cx: QoS (WAN1.Downs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=011501.File parent=011500.Down packet-mark=FileDown.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="061Cx: QoS
(WAN1.File Down) :: " disable=yes;
/queue tree add name=011502.VideoS parent=011500.Down packet-
mark=VideoStreaming.Pack limit-at=0 max-limit=0 priority=6 queue=ethernet-default
comment="062Cx: QoS (WAN1.VideoStreaming) :: " disable=yes;
/queue tree add name=011503.P2PWWW parent=011500.Down packet-mark=P2P-WWW.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="063Cx: QoS
(WAN1.P2PWWW) :: " disable=yes;
/queue tree add name=011504.P2PDNS parent=011500.Down packet-mark=P2P-DNS.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="064Cx: QoS
(WAN1.P2PDNS) :: " disable=yes;
/queue tree add name=011505.P2PBitT parent=011500.Down packet-mark=P2P-BitT.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="065Cx: QoS
(WAN1.P2PBitTorrent) :: " disable=yes;
/queue tree add name=011506.P2PBitTE parent=011500.Down packet-mark=P2P-BitTE.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="066Cx: QoS
(WAN1.P2PBitTorrentExp) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=013000.Rest parent=010000.WAN1 packet-mark=Rest.Pack limit-


at=0 max-limit=0 priority=7 queue=ethernet-default comment="099C+: QoS
(WAN1.Rest) :: " disable=yes;
# [ Nivel 02 ] -------------------------------------------------------------------
[ FIN ]
# [ Nivel 01 ] -------------------------------------------------------------------
[ FIN ]

# QoS.DwLoad conections (QueueTree Rules): ---------------------------------


# -----------------------------------------------------------------------------
[ INI ]

# [ Nivel 01 ] -------------------------------------------------------------------
[ INI ]
/queue tree add name=020000.LAN1 parent=$InterfLAN1 limit-at=0 max-limit=0
priority=8 queue=ethernet-default comment="101C+: QoS (LAN1.Downs) :: "
disable=yes;

# [ Nivel 02 ] ---------------------------------------------------------- [ INI ]


/queue tree add name=020100.VoIP parent=020000.LAN1 limit-at=0 max-limit=0
priority=1 queue=ethernet-default comment="102Cx: QoS (WAN1.VoIPs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=020101.RTP parent=020100.VoIP packet-mark=VoIP-RTP.Pack limit-
at=0 max-limit=0 priority=1 queue=ethernet-default comment="103Cx: QoS (LAN1.VoIP-
RTP) :: " disable=yes;
/queue tree add name=020102.SIPTCP parent=020100.VoIP packet-mark=VoIP-SIPTCP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="104Cx: QoS
(LAN1.VoIP-SIPTCP) :: " disable=yes;
/queue tree add name=020103.SIPUDP parent=020100.VoIP packet-mark=VoIP-SIPUDP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="105Cx: QoS
(LAN1.VoIP-SIPUTP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=020200.IPTV parent=020000.LAN1 packet-mark=IPTV.Pack limit-


at=0 max-limit=0 priority=2 queue=ethernet-default comment="106Cx: QoS (LAN1.IPTVs)
:: " disable=yes;
/queue tree add name=020300.DNS parent=020000.LAN1 limit-at=256k max-limit=512k
priority=2 queue=ethernet-default comment="107C+: QoS (LAN1.DNS) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=020301.DNS-UDP parent=020300.DNS packet-mark=DNS-UDP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="108C+: QoS
(LAN1.DNS-UDP) :: " disable=yes;
/queue tree add name=020302.DNS-TCP parent=020300.DNS packet-mark=DNS-TCP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="109C+: QoS
(LAN1.DNS-TCP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=020400.ICMP parent=020000.LAN1 packet-mark=ICMP.Pack limit-


at=128k max-limit=256k priority=2 queue=ethernet-default comment="110C+: QoS
(LAN1.ICMP) :: " disable=yes;
/queue tree add name=020500.SocialM parent=020000.LAN1 limit-at=0 max-limit=0
priority=3 queue=ethernet-default comment=“111C+: QoS (LAN1.SocialMedia) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=020501.Youtube parent=020500.SocialM packet-mark=Youtube.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="112C+: QoS
(LAN1.Youtube) :: " disable=yes;
/queue tree add name=020502.Netflix parent=020500.SocialM packet-mark=Netflix.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="113C+: QoS
(LAN1.Netflix) :: " disable=yes;
/queue tree add name=020503.Facebook parent=020500.SocialM packet-
mark=Facebook.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="114C+: QoS (LAN1.Facebook) :: " disable=yes;
/queue tree add name=020504.Whatsapp parent=020500.SocialM packet-
mark=Whatsapp.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="115C+: QoS (LAN1.Whatsapp) :: " disable=yes;
/queue tree add name=020505.Twitter parent=020500.SocialM packet-mark=Twitter.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="116C+: QoS
(LAN1.Twitter) :: " disable=yes;
/queue tree add name=020506.Instagram parent=020500.SocialM packet-
mark=Instagram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="117C+: QoS (LAN1.Instagram) :: " disable=yes;
/queue tree add name=020507.Skype parent=020500.SocialM packet-mark=Skype.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="118C+: QoS
(LAN1.Skype) :: " disable=yes;
/queue tree add name=020508.Spotify parent=020500.SocialM packet-mark=Spotify.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="119C+: QoS
(LAN1.Spotify) :: " disable=yes;
/queue tree add name=020509.Snapchat parent=020500.SocialM packet-
mark=Snapchat.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="120C+: QoS (LAN1.Snapchat) :: " disable=yes;
/queue tree add name=020510.Telegram parent=020500.SocialM packet-
mark=Telegram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="121C+: QoS (LAN1.Telegram) :: " disable=yes;
/queue tree add name=020511.Twitch parent=020500.SocialM packet-mark=Twitch.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="122C+: QoS
(LAN1.Twitch) :: " disable=yes;
/queue tree add name=020512.Vimeo parent=020500.SocialM packet-mark=Vimeo.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="123C+: QoS
(LAN1.Vimeo) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=020600.HTTPSTCP parent=020000.LAN1 packet-mark=HTTPS-TCP.Pack


limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment="141C+: QoS
(LAN1.HTTPS-TCP) :: " disable=yes;
/queue tree add name=020700.HTTPSUDP parent=020000.LAN1 packet-mark=HTTPS-UDP.Pack
limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment=“142C+: QoS
(LAN1.HTTPS-UDP) :: " disable=yes;
/queue tree add name=020800.HTTP parent=020000.LAN1 packet-mark=HTTP.Pack limit-
at=0 max-limit=0 priority=4 queue=ethernet-default comment="143C+: QoS
(LAN1.HTTP) :: " disable=yes;
/queue tree add name=020900.VPN parent=020000.LAN1 limit-at=0 max-limit=0
priority=5 queue=ethernet-default comment="144C+: QoS (LAN1.VPN) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=020901.VPNTCP parent=020900.VPN packet-mark=VPN-TCP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="145C+: QoS
(LAN1.VPN-TCP) :: " disable=yes;
/queue tree add name=020902.VPNUDP parent=020900.VPN packet-mark=VPN-UDP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="146C+: QoS
(LAN1.VPN-UDP) :: " disable=yes;
/queue tree add name=020903.VPNGRE parent=020900.VPN packet-mark=VPN-GRE.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="147C+: QoS
(LAN1.VPN-GRE) :: " disable=yes;
/queue tree add name=020904.VPNIPSECESP parent=020900.VPN packet-mark=VPN-
IPSECESP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="148C+: QoS (LAN1.VPN-IPSECESP) :: " disable=yes;
/queue tree add name=020905.VPNIPSECAH parent=020900.VPN packet-mark=VPN-
IPSECAH.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="149C+: QoS (LAN1.VPN-IPSECAH) :: " disable=yes;
/queue tree add name=020906.VPNIPENCAP parent=020900.VPN packet-mark=VPN-
IPENCAP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="150C+: QoS (LAN1.VPN-IPENCAP) :: " disable=yes;
/queue tree add name=020907.VPNDDNS parent=020900.VPN packet-mark=VPN-DDNS.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="151C+: QoS
(LAN1.VPN-DDNS) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=021100.FTP parent=020000.LAN1 packet-mark=FTP.Pack limit-at=0


max-limit=0 priority=5 queue=ethernet-default comment="152C+: QoS
(LAN1.FTP/SFTP) :: " disable=yes;
/queue tree add name=021200.SeepT parent=020000.LAN1 packet-mark=SpeedTest.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="153Cx: QoS
(LAN1.SpeedTest) :: " disable=yes;
/queue tree add name=021500.Down parent=020000.LAN1 limit-at=0 max-limit=0
priority=6 queue=ethernet-default comment="160Cx: QoS (LAN1.Downs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=021501.File parent=021500.Down packet-mark=FileDown.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="161Cx: QoS
(LAN1.File Down) :: " disable=yes;
/queue tree add name=021502.VideoS parent=021500.Down packet-mark=VideoStream.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="162Cx: QoS
(LAN1.VideoStream) :: " disable=yes;
/queue tree add name=021503.P2PWWW parent=021500.Down packet-mark=P2P-WWW.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="163Cx: QoS
(LAN1.P2PWWW) :: " disable=yes;
/queue tree add name=021504.P2PDNS parent=021500.Down packet-mark=P2P-DNS.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="164Cx: QoS
(LAN1.P2PDNS) :: " disable=yes;
/queue tree add name=021505.P2PBitT parent=021500.Down packet-mark=P2P-BitT.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="165Cx: QoS
(LAN1.P2PBitTorrent) :: " disable=yes;
/queue tree add name=021506.P2PBitTE parent=021500.Down packet-mark=P2P-BitTE.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="166Cx: QoS
(LAN1.P2PBitTorrentExp) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=023000.Rest parent=020000.LAN1 packet-mark=Rest.Pack limit-


at=0 max-limit=0 priority=7 queue=ethernet-default comment="199C+: QoS
(LAN1.Rest) :: " disable=yes;
# [ Nivel 02 ] ---------------------------------------------------------- [ FIN ]
# [ Nivel 01 ] -------------------------------------------------------------------
[ FIN ]

# [ Nivel 01 ] -------------------------------------------------------------------
[ INI ]
/queue tree add name=030000.LAN2 parent=$InterfLAN2 limit-at=0 max-limit=0
priority=8 queue=ethernet-default comment="201C+: QoS (LAN2.Downs) :: "
disable=yes;

# [ Nivel 02 ] ---------------------------------------------------------- [ INI ]


/queue tree add name=030100.VoIP parent=030000.LAN2 limit-at=0 max-limit=0
priority=1 queue=ethernet-default comment="202Cx: QoS (WAN1.VoIPs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=030101.RTP parent=030100.VoIP packet-mark=VoIP-RTP.Pack limit-
at=0 max-limit=0 priority=1 queue=ethernet-default comment="203Cx: QoS (LAN2.VoIP-
RTP) :: " disable=yes;
/queue tree add name=030102.SIPTCP parent=030100.VoIP packet-mark=VoIP-SIPTCP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="204Cx: QoS
(LAN2.VoIP-SIPTCP) :: " disable=yes;
/queue tree add name=030103.SIPUDP parent=030100.VoIP packet-mark=VoIP-SIPUDP.Pack
limit-at=0 max-limit=0 priority=1 queue=ethernet-default comment="205Cx: QoS
(LAN2.VoIP-SIPUTP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=030200.IPTV parent=030000.LAN2 packet-mark=IPTV.Pack limit-


at=0 max-limit=0 priority=2 queue=ethernet-default comment="206Cx: QoS (LAN2.IPTVs)
:: " disable=yes;
/queue tree add name=030300.DNS parent=030000.LAN2 limit-at=256k max-limit=512k
priority=2 queue=ethernet-default comment="207C+: QoS (LAN2.DNS) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=030301.DNS-UDP parent=030300.DNS packet-mark=DNS-UDP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="208C+: QoS
(LAN2.DNS-UDP) :: " disable=yes;
/queue tree add name=030302.DNS-TCP parent=030300.DNS packet-mark=DNS-TCP.Pack
limit-at=128k max-limit=256k priority=2 queue=ethernet-default comment="209C+: QoS
(LAN2.DNS-TCP) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=030400.ICMP parent=030000.LAN2 packet-mark=ICMP.Pack limit-


at=128k max-limit=256k priority=2 queue=ethernet-default comment="210C+: QoS
(LAN2.ICMP) :: " disable=yes;
/queue tree add name=030500.SocialM parent=030000.LAN2 limit-at=0 max-limit=0
priority=3 queue=ethernet-default comment="211C+: QoS (LAN2.SocialMedia) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=030501.Youtube parent=030500.SocialM packet-mark=Youtube.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="212C+: QoS
(LAN2.Youtube) :: " disable=yes;
/queue tree add name=030502.Netflix parent=030500.SocialM packet-mark=Netflix.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="213C+: QoS
(LAN2.Netflix) :: " disable=yes;
/queue tree add name=030503.Facebook parent=030500.SocialM packet-
mark=Facebook.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="214C+: QoS (LAN2.Facebook) :: " disable=yes;
/queue tree add name=030504.Whatsapp parent=030500.SocialM packet-
mark=Whatsapp.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="215C+: QoS (LAN2.Whatsapp) :: " disable=yes;
/queue tree add name=030505.Twitter parent=030500.SocialM packet-mark=Twitter.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="216C+: QoS
(LAN2.Twitter) :: " disable=yes;
/queue tree add name=030506.Instagram parent=030500.SocialM packet-
mark=Instagram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="217C+: QoS (LAN2.Instagram) :: " disable=yes;
/queue tree add name=030507.Skype parent=030500.SocialM packet-mark=Skype.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="218C+: QoS
(LAN2.Skype) :: " disable=yes;
/queue tree add name=030508.Spotify parent=030500.SocialM packet-mark=Spotify.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="219C+: QoS
(LAN2.Spotify) :: " disable=yes;
/queue tree add name=030509.Snapchat parent=030500.SocialM packet-
mark=Snapchat.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="220C+: QoS (LAN2.Snapchat) :: " disable=yes;
/queue tree add name=030510.Telegram parent=030500.SocialM packet-
mark=Telegram.Pack limit-at=0 max-limit=0 priority=3 queue=ethernet-default
comment="221C+: QoS (LAN2.Telegram) :: " disable=yes;
/queue tree add name=030511.Twitch parent=030500.SocialM packet-mark=Twitch.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="222C+: QoS
(LAN2.Twitch) :: " disable=yes;
/queue tree add name=030512.Vimeo parent=030500.SocialM packet-mark=Vimeo.Pack
limit-at=0 max-limit=0 priority=3 queue=ethernet-default comment="223C+: QoS
(LAN2.Vimeo) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=030600.HTTPSTCP parent=030000.LAN2 packet-mark=HTTPS-TCP.Pack


limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment="241C+: QoS
(LAN2.HTTPS-TCP) :: " disable=yes;
/queue tree add name=030700.HTTPSUDP parent=030000.LAN2 packet-mark=HTTPS-UDP.Pack
limit-at=0 max-limit=0 priority=4 queue=ethernet-default comment="242C+: QoS
(LAN2.HTTPS-UDP) :: " disable=yes;
/queue tree add name=030800.HTTP parent=030000.LAN2 packet-mark=HTTP.Pack limit-
at=0 max-limit=0 priority=4 queue=ethernet-default comment="243C+: QoS
(LAN2.HTTP) :: " disable=yes;
/queue tree add name=030900.VPN parent=030000.LAN2 limit-at=0 max-limit=0
priority=5 queue=ethernet-default comment="244C+: QoS (LAN2.VPN) :: " disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=030901.VPNTCP parent=030900.VPN packet-mark=VPN-TCP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="245C+: QoS
(LAN2.VPN-TCP) :: " disable=yes;
/queue tree add name=030902.VPNUDP parent=030900.VPN packet-mark=VPN-UDP.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="246C+: QoS
(LAN2.VPN-UDP) :: " disable=yes;
/queue tree add name=030903.VPNGRE parent=030900.VPN packet-mark=VPN-GRE.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="247C+: QoS
(LAN2.VPN-GRE) :: " disable=yes;
/queue tree add name=030904.VPNIPSECESP parent=030900.VPN packet-mark=VPN-
IPSECESP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="248C+: QoS (LAN2.VPN-IPSECESP) :: " disable=yes;
/queue tree add name=030905.VPNIPSECAH parent=030900.VPN packet-mark=VPN-
IPSECAH.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="249C+: QoS (LAN2.VPN-IPSECAH) :: " disable=yes;
/queue tree add name=030906.VPNIPENCAP parent=030900.VPN packet-mark=VPN-
IPENCAP.Pack limit-at=0 max-limit=0 priority=5 queue=ethernet-default
comment="250C+: QoS (LAN2.VPN-IPENCAP) :: " disable=yes;
/queue tree add name=030907.VPNDDNS parent=030900.VPN packet-mark=VPN-DDNS.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="251C+: QoS
(LAN2.VPN-DDNS) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]
/queue tree add name=031100.FTP parent=030000.LAN2 packet-mark=FTP.Pack limit-at=0
max-limit=0 priority=5 queue=ethernet-default comment="252C+: QoS
(LAN2.FTP/SFTP) :: " disable=yes;
/queue tree add name=031200.SeepT parent=030000.LAN2 packet-mark=SpeedTest.Pack
limit-at=0 max-limit=0 priority=5 queue=ethernet-default comment="253Cx: QoS
(LAN2.SpeedTest) :: " disable=yes;
/queue tree add name=031500.Down parent=030000.LAN2 limit-at=0 max-limit=0
priority=6 queue=ethernet-default comment="260Cx: QoS (LAN2.Downs) :: "
disable=yes;

# [ Nivel 03 ] ------------------------------------------------- [ INI ]


/queue tree add name=031501.File parent=031500.Down packet-mark=FileDown.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="261Cx: QoS
(LAN2.File Down) :: " disable=yes;
/queue tree add name=031502.VideoS parent=031500.Down packet-mark=VideoStream.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="262Cx: QoS
(LAN2.VideoStream) :: " disable=yes;
/queue tree add name=031503.P2PWWW parent=031500.Down packet-mark=P2P-WWW.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="263Cx: QoS
(LAN2.P2PWWW) :: " disable=yes;
/queue tree add name=031504.P2PDNS parent=031500.Down packet-mark=P2P-DNS.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="264Cx: QoS
(LAN2.P2PDNS) :: " disable=yes;
/queue tree add name=031505.P2PBitT parent=031500.Down packet-mark=P2P-BitT.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="265Cx: QoS
(LAN2.P2PBitTorrent) :: " disable=yes;
/queue tree add name=031506.P2PBitTE parent=031500.Down packet-mark=P2P-BitTE.Pack
limit-at=0 max-limit=0 priority=6 queue=ethernet-default comment="266Cx: QoS
(LAN2.P2PBitTorrentExp) :: " disable=yes;
# [ Nivel 03 ] ------------------------------------------------- [ FIN ]

/queue tree add name=033000.Rest parent=030000.LAN2 packet-mark=Rest.Pack limit-


at=0 max-limit=0 priority=7 queue=ethernet-default comment="299C+: QoS
(LAN2.Rest) :: " disable=yes;
# [ Nivel 02 ] ---------------------------------------------------------- [ FIN ]
# [ Nivel 01 ] -------------------------------------------------------------------
[ FIN ]

# QoS conections (QueueTree Rules): -------------------------------------------


# -----------------------------------------------------------------------------
[ FIN ]

# QoS.QueueTree (Remove Variables): --------------------------------------- [ INI ]


/system script environment remove [find name="InterfWAN1"];
/system script environment remove [find name="InterfWAN2"];
/system script environment remove [find name="InterfLAN1"];
/system script environment remove [find name="InterfLAN2"];
/system script environment remove [find name="InterfLAN3"];
# QoS.QueueTree (Remove Variables): --------------------------------------- [ FIN ]
# -------------------------- HTB (QueueTree Rules): ----------------- [ FIN: 01 ]

# QoS.QueueType (QueueType Rules): ------- [ act. no usado ] ------ [ INI ]


# /queue type add kind=pcq name=PCQ.Down pcq-burst-rate=0 pcq-burst-threshold=0
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-
address6-mask=128 pcq-limit=50 pcq-rate=384k pcq-src-address-mask=32 pcq-src-
address6-mask=128 pcq-total-limit=2000 comment=”C: PCQ (Down.384k)”;
# /queue type add kind=pcq name=PCQ.Up pcq-burst-rate=0 pcq-burst-threshold=0 pcq-
burst-time=10s pcq-classifier=src-addresspcq-dst-address-mask=32 pcq-dst-address6-
mask=128 pcq-limit=50 pcq-rate=128k pcq-src-address-mask=32 pcq-src-address6-
mask=128 pcq-total-limit=2000 comment=”C: PCQ (Up.128k)”;
# Nota: (pcq-total-limit), maxino nro de datos en cola (tree). (pcq-limit), tamaño
de cola (tree). (pcq-rate), velocidad máxima disponible para cada cola (tree).
# QoS.QueueType (QueueType Rules): ------- [ act. no usado ] ------ [ FIN ]

#
-----------------------------------------------------------------------------------
--
# [FINALMENTE]: --------------------------------------------------------- [ INI ]
#
-----------------------------------------------------------------------------------
--
# Marcar como activas (comment=“+:”, “>:” y “+VL:”) y no-activas (comment=“x:”,
“<:” y “xVL:”), según corresponda.
# Filtrar: /ip firewall x (comment=”+:”) y habilitar reglas filtradas (en Address-
List, Firewall, NAT, Mangle y Raw).
# Filtrar: /ip firewall x (comment=(”>:”: userX) o (”<:”: userR-W)), según
corresponda y habilitar reglas filtradas.
# Filtrar: /ip firewall x (comment=(”+VL:”) o (”xVL:”)), según corresponda y
habilitar reglas filtradas.
# Listo.
#
-----------------------------------------------------------------------------------
--
# [FINALMENTE]: --------------------------------------------------------- [ FIN ]
#
-----------------------------------------------------------------------------------
--

-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----
--------------------------- ( RouterOS.Basic-Config ) --------------------- [ FIN ]
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----

RouterOS.Script (Basic 01-02)


--------------------------------------------------------------------------------
[ INI ]
-----------------------------------------------------------------------------------
-----
----------------------------- Scripts (basicos):
-------------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----
# AddressList.AddIP-RedesSociales:
----------------------------------------------------
# Name: AddressList.AddIP-RSociales
# comment="C+: ( AddressList.AddIP-RedesSociales )"
# ---------------------------------------------
:local TTL; # establezco como guardable todo
(dns.ttl>5m)
:local HoraINI;
:local HoraFIN;
:local Type ””;
:local Address (0.0.0.0);
:local Data “”;
:local Name “”;
:local Lista;
# ---------------------------------------
:local CountProcc 0;
:foreach x in [/system script job find (script="AddressList.AddIP-RSociales" or
script="AddressList.Ctrl (RedesSociales)")] do {:set CountProcc ($CountProcc+1);};
# Cant de éste process vinculantes activos
:if ($CountProcc=1) do={
# --------------------------------------- [Proccess.Ini (x Off Proccess Vinculant)]
# :global AddressListAdd “[ $AddressListTAdd ] - ”;
:global AddressListTAdd; :set HoraINI ([/system clock get time]); :log info
message=("[AddressList.AddIP-RSociales (INI: Pre-Foreach)]");
# ---------------------------------------------------
:foreach i in=[/ip dns cache all find ((name~"whatsapp" or name~"youtube" or
name~"googlevideo" or name~"twitter" or name~"facebook" or name~"instagram" or
name~"netflix" or name~"skype" or name~”spotify” or name~"snapchat" or
name~”telegram” or name~”twitch” or name~”vimeo”) and ((type="A" or type="CNAME")
and !negative))] do={
# --------------------------------------------------- [LOG.Add (Foreach Find Out)]
# :if ($CountProcc=1) do={:set CountProcc ($CountProcc+1); :log info
message=("[AddressList.AddIP-RSociales (INI: Pos-Foreach(Find))]");};
# ---------------------------------------------------
:set Name ([/ip dns cache get $i name]); :set Type ([/ip dns cache all get $i
type]); :set TTL ([/ip dns cache get $i ttl]); :if ($TTL>5m) do={:if ($Type=”A”)
do={:set Address ([/ip dns cache get $i address]); :set Address ([toip $Address]);
# -------------------------------------------------- [Type=A]
# :log info message=("[AddressList.AddIP-RSociales Address.Direct, Addr: (".
($Address).") – T: (".($Type).") – N: (".($Name).") – D: (".($TTL).") = [ ".
([typeof $Address])." ]]");
} else={:set Data ([/ip dns cache all get $i data]); :do {
# -------------------------------------------------- [Type=CNAME]
:set Address ([resolve $Data]);
# :log info message=("[AddressList.AddIP-RSociales DNS.Resolve, Addr: (".
($Address).") – Data: (".($Data).") – T: (".($Type).") – N: (".($Name).") – D: (".
($TTL).") = [ ".([typeof $Address])." ]]");
} on-error={
# -------------------------------------------------- [Resolve.Failure]
:set Address (0.0.0.0); :log error message=("[AddressList.AddIP-RSociales
DNS.Resolve-Failure, Data: (".($Data).") – T: (".($Type).") – N: (".($Name).") – D:
(".($TTL).")]");}}; :if ([len $Name]>0 and $Address!=0.0.0.0) do={
# -------------------------------------------------- [Establece (Lista)]
:if ($Name~"whatsapp") do={:set Lista (“S-WHATSAPP.List”);} else={:if
($Name~"youtube" or $Name~"googlevideo") do={:set Lista (“S-YOUTUBE.List”);}
else={:if ($Name~"facebook") do={:set Lista (“S-FACEBOOK.List”);} else={:if
($Name~"twitter") do={:set Lista (“S-TWITTER.List”);} else={:if ($Name~"instagram")
do={:set Lista (“S-INSTAGRAM.List”);} else={:if ($Name~"netflix") do={:set Lista
(“S-NETFLIX.List”);} else={:if ($Name~"skype") do={:set Lista (“S-SKYPE.List”);}
else={:if ($Name~"spotify") do={:set Lista (“S-SPOTIFY.List”);} else={:if
($Name~"snapchat") do={:set Lista (“S-SNAPCHAT.List”);} else={:if
($Name~"telegram") do={:set Lista (“S-TELEGRAM.List”);} else={:if ($Name~"twitch")
do={:set Lista (“S-TWITCH.List”);} else={:if ($Name~"vimeo") do={:set Lista (“S-
VIMEO.List”);}}}}}}}}}}}};
# --------------------------------------------------
:if ([/ip firewall address-list find (address=$Address and !disabled)]="") do={
# -------------------------------------------------- [AddressList.Add]
# :log info message=("[AddressList.AddIP-RSociales AddressList.Add, Addr: (".
($Address).") – L: (".($Lista).") – T: (".($Type).") – N: (".($Name).") – D: (".
($TTL).") = [ ".([typeof $Address])." ]]");
# --------------------------------------------------
/ip firewall address-list add address=$Address list=$Lista timeout=$TTL
comment="C+: QoS ( [ $Name ] – [ $Type ] – [ $TTL ] )"; :set AddressListTAdd
($AddressListTAdd+1);} else={
# -------------------------------------------------- [AddressList.Del x DNS.Reuso]
:local X (1);
# :foreach i in=[/ip firewall address-list find (address=$Address and !disabled)]
do={:log info message=("[AddressList.AddIP-RSociales AddressList.Del ( ".($X)." ,
".([/ip firewall address-list get $i list]=$Lista)." ), A: (".($Address).") –
Lista: (".($Lista).") – L.AL: (".([/ip firewall address-list get $i list]).") –
CT.AL: (".([/ip firewall address-list get $i creation-time]).")]"); :set X
($X+1);};
# --------------------------------------------------
:if ($X>2) do={/ip firewall address-list remove [find (address=$Address and list!
=$Lista and !disabled)]; :log error message=("[AddressList.AddIP-RSociales
Duplicate-Info ( ".($X-1)." ), A: (".($Address).") – Lista: (".($Lista).")]");}}}};
:delay 10ms;};
# -------------------------------------------------- [Proccess.End]
:set HoraFIN ([/system clock get time]); :log warning message=(“[AddressList.AddIP-
RSociales (FIN), duracion: (”.($HoraFIN-$HoraINI).”)]”);} else={:log error
message=(“[AddressList.AddIP-RSociales Activos: ( “.($CountProcc-1).” )]”);};
/system script environment remove [find name="AddressListTAdd"];
# Nota: mientras mas veces se ejecuta, mejor marca dicho trafico. Se producen
algunos (script error: no such item (4)), que infiero se debe a un error interno
del proceso (find (…) del foreach). (!negative), excluye los (type=unknown).

# AddressList.Ctrl (RedesSociales):
-----------------------------------------------------
# Name: AddressList.Ctrl (RedesSociales)
# comment=”C+: ( AddressList.Ctrl (Redes Sociales) )”
# -----------------------------------------------
# Funcion transforma Fecha en Nro (Fecha+Hora)
:local DateTimeToNro do={:local NroX; :local MC
("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); :local
DiaX ([pick $1 4 6]); :local MesCX ([pick $1 0 3]); :local MesX ([find $MC $MesCX -
1]+1); :if ($MesX<10) do={:set MesX (“0”.$MesX);}; :local AnioX ([pick $1 7
11]); :set NroX ($AnioX.$MesX.$DiaX); :if ([len $1]>12) do={:local HoraX ([pick $1
12 14]); :local MinX ([pick $1 15 17]); :local SegX ([pick $1 18 20]); :set NroX
($NroX.$HoraX.$MinX.$SegX);} else={:set NroX ($NroX.”000000”);}; return ([tonum
$NroX]);}
# -----------------------------------------------
# Funcion Incrementa Fecha en Dias (DiaMesAnioNr, DiasToIncr)
:local FechaIncr do={
# -------------------------
# Funcion calcula Dias del Mes (Mes, Anio)
{f de f}
:local DiasMes do={:local Dias; :if ($1=1 or $1=3 or $1=5 or $1=7 or $1=8 or $1=10
or $1=12) do={:set Dias (31);} else={:if ($1=4 or $1=6 or $1=9 or $1=11) do={:set
Dias (30);} else={:if ((((($2)/400)*400)=$2) or ((((($2)/4)*4)=$2) and
(((($2)/100)*100)!=$2))) do={:set Dias (29);} else={:set Dias (28);}}}; :return
([tonum $Dias]);}

# ----------------------------------------------- (Code Main de FechaIncr)


:local FechaHoraStr ([tostr $1]); :local AnioX ([tonum [pick $FechaHoraStr 0
4]]); :local MesX ([tonum [pick $FechaHoraStr 4 6]]); :local DiaX ([tonum [pick
$FechaHoraStr 6 8]]); :local HoraX ([tonum [pick $FechaHoraStr 8 14]]); :local
DiasToIncr ($2); :while ($DiasToIncr>[$DiasMes $MesX $AnioX]) do={:set DiasToIncr
($DiasToIncr-[$DiasMes $MesX $AnioX]); :if ($MesX<12) do={:set MesX ($MesX+1);}
else={:set AnioX ($AnioX+1); :set MesX (1);}}; :if (($DiaX+$DiasToIncr)>[$DiasMes
$MesX $AnioX]) do={:set DiasToIncr ($DiasToIncr-([$DiasMes $MesX $AnioX]-
$DiaX)); :set DiaX ($DiasToIncr); :if ($MesX<12) do={:set MesX ($MesX+1);}
else={:set AnioX ($AnioX+1); :set MesX (1);}} else={:set DiaX ($DiaX+
$DiasToIncr);}; :return (((($AnioX*10000)+($MesX*100)+($DiaX))*1000000)+[tonum
$HoraX]);}

# ------------------------------------ (Code Main de AddressList.Ctrl


(RedesSociales))
:local TimeDisableQoS ([tonum 180]); #
(en dias)
:local TimeRemoveQoS ([tonum 365]); #
(en dias)
# Nota: si (TimeRemoveSIC>0), sii (TimeDisableSIC<TimeRemoveSIC).
# -------------------------------------
:local HoraINI;
:local HoraFIN;
:local CountProcc 0;
:foreach x in [/system script job find (script="AddressList.AddIP-RSociales" or
script="AddressList.Ctrl (RedesSociales)")] do {:set CountProcc ($CountProcc+1);};
# Cant de proccess vinculantes activos
:if ($CountProcc=1) do={
# --------------------------------------- [Proccess.Ini (x Off Proccess Vinculant)]
:set HoraINI ([/system clock get time]);
# ------------------------------ [Address-List (RS).Disable/Remove]
# :log info message=("[AddressList.Ctrl (RedesSociales) (INI:
Disable/Remove)]"); :if ($TimeDisableQoS>0) do={:local DateTimeAct ([/system clock
get date].” ”.[/system clock get time]); :local CreationTime; :foreach i in=[/ip
firewall address-list find (comment~”C\\+: QoS \\( ”)] do={:set CreationTime ([/ip
firewall address-list get $i creation-time]); :if ($TimeRemoveQoS>0 and
(([$FechaIncr ([$DateTimeToNro $CreationTime]) $TimeRemoveQoS])<=[$DateTimeToNro
$DateTimeAct])) do={[/ip firewall address-list set $i disable=no]; [/ip firewall
address-list set $i timeout=10s];} else={:if (([$FechaIncr ([$DateTimeToNro
$CreationTime]) $TimeDisableQoS])<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall
address-list set $i disable=yes];}}}};
# ------------------------------ [Address-List (RS).DNS-Reuse.Remove]
:log info message=("[AddressList.Ctrl (RedesSociales) (INI: DNS-Reuse.Remove)]");
# Opciones a ponderar: (comment~”C\\+: QoS \\( ”) vs (list~“S-“)
# --------------------------------------- [AddressList-Services.Info]
:local CNAMECant (0); :local ACant (0); :local noDNSCacheCant (0); :local ErrorCant
(0); :local TotalS; :local Comment; :foreach i in=[/ip firewall address-list find
(list~“S-“ and !disabled)] do={:set Comment ([/ip firewall address-list get $i
comment]); :if ([find $Comment ”- [ CNAME ] -” 0]>0) do={:set CNAMECant
($CNAMECant+1);} else={:if ([find $Comment ”- [ A ] -” 0]>0) do={:set ACant
($ACant+1);} else={:if ([find $Comment ”- [ no-DNSCache ] -” 0]>0) do={:set
noDNSCacheCant ($noDNSCacheCant+1);} else={:set ErrorCant ($ErrorCant
+1);}}}}; :set TotalS ($CNAMECant+$ACant+$noDNSCacheCant+$ErrorCant);
# ---------------------------------------
:log info message=("[ AddressList.Ctrl (RedesSociales) AddressList.Total-Info,
CNAME: (".($CNAMECant).") – A: (".($ACant).") – no-DNSCache: (".
($noDNSCacheCant).") – Error: (".($ErrorCant).") – Total: (".($TotalS).")]");
# ---------------------------------------
:local CreationTime; :local Address; :local X; :local PosT (1); :foreach i in=[/ip
firewall address-list find (list~“S-“ and !disabled)] do={:set Address ([/ip
firewall address-list get $i address]); :set CreationTime (“jan/01/2000 00:00:00”);
:set X (1); :foreach j in=[/ip firewall address-list find (address=$Address and !
disabled)] do={:if ([$DateTimeToNro $CreationTime]<=[$DateTimeToNro ([/ip firewall
address-list get $j creation-time])]) do={:set CreationTime ([/ip firewall address-
list get $j creation-time]);};
# --------------------------------------------------
# :log info message=("[AddressList.Ctrl (RedesSociales) Specific-Info ( ".($X)." ,
".($TotalS-$PosT)." ), A.AL: (".([/ip firewall address-list get $j address]).") –
L.AL: (".([/ip firewall address-list get $j list]).") – CT.AL: (".([/ip firewall
address-list get $j creation-time]).")]"); :set X ($X+1); :set PosT ($PosT+1);
# --------------------------------------------------
}; :if ($X>2) do={/ip firewall address-list remove [find (address=$Address and
creation-time!=$CreationTime and !disabled)]; :log error
message=("[AddressList.Ctrl (RedesSociales) Duplicate-Info ( ".($X-1)." ), A: (".
($Address).") – CT: (".($CreationTime).")]");}; :delay 10ms;};
# -------------------------------------------------- [Proccess.End]
:set HoraFIN ([/system clock get time]); :log warning message=(“[AddressList.Ctrl
(RedesSociales) (FIN), duracion: (”.($HoraFIN-$HoraINI).”)]”);} else={
# --------------------------------------- [Proccess.End-Error]
:log error message=(“[AddressList.Ctrl (RedesSociales) Activos: ( “.($CountProcc-
1).” )]”);};

# AddressList.Ctrl (ServicesIPChange):
-------------------------------------------------
# (Add), aun las que no cambian periodicamente.
# Name: AddressList.Ctrl (ServicesIPChange)
# comment=”C+: ( AddressList.Ctrl (Services IP Change) )”
# -----------------------------------------------
# Funcion transforma Fecha en Nro (Fecha+Hora)
:local DateTimeToNro do={:local NroX; :local MC
("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); :local
DiaX ([pick $1 4 6]); :local MesCX ([pick $1 0 3]); :local MesX ([find $MC $MesCX -
1]+1); :if ($MesX<10) do={:set MesX (“0”.$MesX);}; :local AnioX ([pick $1 7
11]); :set NroX ($AnioX.$MesX.$DiaX); :if ([len $1]>12) do={:local HoraX ([pick $1
12 14]); :local MinX ([pick $1 15 17]); :local SegX ([pick $1 18 20]); :set NroX
($NroX.$HoraX.$MinX.$SegX);} else={:set NroX ($NroX.”000000”);}; return ([tonum
$NroX]);}
# -----------------------------------------------
# Funcion Incrementa Fecha en Dias (DiaMesAnioNr, DiasToIncr)
:local FechaIncr do={
# -------------------------
# Funcion calcula Dias del Mes (Mes, Anio)
{f de f}
:local DiasMes do={:local Dias; :if ($1=1 or $1=3 or $1=5 or $1=7 or $1=8 or $1=10
or $1=12) do={:set Dias (31);} else={:if ($1=4 or $1=6 or $1=9 or $1=11) do={:set
Dias (30);} else={:if ((((($2)/400)*400)=$2) or ((((($2)/4)*4)=$2) and
(((($2)/100)*100)!=$2))) do={:set Dias (29);} else={:set Dias (28);}}}; :return
([tonum $Dias]);}

# ----------------------------------------------- (Code Main de FechaIncr)


:local FechaHoraStr ([tostr $1]); :local AnioX ([tonum [pick $FechaHoraStr 0
4]]); :local MesX ([tonum [pick $FechaHoraStr 4 6]]); :local DiaX ([tonum [pick
$FechaHoraStr 6 8]]); :local HoraX ([tonum [pick $FechaHoraStr 8 14]]); :local
DiasToIncr ($2); :while ($DiasToIncr>[$DiasMes $MesX $AnioX]) do={:set DiasToIncr
($DiasToIncr-[$DiasMes $MesX $AnioX]); :if ($MesX<12) do={:set MesX ($MesX+1);}
else={:set AnioX ($AnioX+1); :set MesX (1);}}; :if (($DiaX+$DiasToIncr)>[$DiasMes
$MesX $AnioX]) do={:set DiasToIncr ($DiasToIncr-([$DiasMes $MesX $AnioX]-
$DiaX)); :set DiaX ($DiasToIncr); :if ($MesX<12) do={:set MesX ($MesX+1);}
else={:set AnioX ($AnioX+1); :set MesX (1);}} else={:set DiaX ($DiaX+
$DiasToIncr);}; :return (((($AnioX*10000)+($MesX*100)+($DiaX))*1000000)+[tonum
$HoraX]);}

# -------------------------------- (Code Main de AddressList.Ctrl


(ServicesIPChange))
:local TimeDisableSIC ([tonum 30]);
# (en dias)
:local TimeRemoveSIC ([tonum 60]); #
(en dias)
# Nota: si (TimeRemoveSIC>0), sii (TimeDisableSIC<TimeRemoveSIC).
# -----------------------------------------------
:local DNSX;
:local AddressX;
:local ListX;
:local IPtoResolver (“www.cuevana2.com:A-
ENACOMDROP.List@Dynamic*www.cuevana3.co:A-ENACOMDROP.List@Dynamic
*cuevana2espanol.com:A-ENACOMDROP.List@Static*www.cuevana.com:A-
ENACOMDROP.List@Static*cuevana.io:A-ENACOMDROP.List@Static*”);
# Constituir según necesidades, ordenadas por ListX (Dynamic/Static).
:local IPtoResolverX ($IPtoResolver);
:local IPtoResolverX1 ($IPtoResolver);
# ------------------------------------------------------------------- [Address-
List.Add]
:while ([len $IPtoResolver]>0) do={:set DNSX ([pick $IPtoResolver 0 ([find
$IPtoResolver “:”])]); :set ListX ([pick $IPtoResolver ([find $IPtoResolver “:”]+1)
([find $IPtoResolver “@”])]); :set IPtoResolver ([pick $IPtoResolver ([find
$IPtoResolver “*”]+1) [len $IPtoResolver]]); :do {:set AddressX ([resolve $DNSX]);}
on-error={:set AddressX (0.0.0.0); :log error message=("[AddressList-
Add.ServiceIPChange: (".($AddressX).") – (".($DNSX).") – (".($ListX).")]");}; :if
($AddressX!=0.0.0.0 and [/ip firewall address-list find (list=$ListX and
address=$AddressX)]=””) do={/ip firewall address-list add list=$ListX
address=$AddressX comment=(“C+: SIC ( [ ”.($ListX).” ] – [ “.($DNSX).” ] )”)
disable=no;}};
# --------------------------- [Address-List (ServiceIPChange).Disable/Remove]
:if ($TimeDisableSIC>0) do={:local ListXAnt (””); :local CommentX; :local
TypeX; :local DateTimeAct ([/system clock get date].” ”.[/system clock get
time]); :while ([len $IPtoResolverX]>0) do={:set ListX ([pick $IPtoResolverX ([find
$IPtoResolverX “:”]+1) ([find $IPtoResolverX “@”])]); :set TypeX ([pick
$IPtoResolverX ([find $IPtoResolverX “@”]+1) ([find $IPtoResolverX “*”])]); :set
IPtoResolverX ([pick $IPtoResolverX ([find $IPtoResolverX “*”]+1) [len
$IPtoResolverX]]); :if ($ListX!=$ListXAnt) do={:set ListXAnt ($ListX); :local
CreationTime; :foreach i in=[/ip firewall address-list find (list=$ListX)] do={:set
CreationTime ([/ip firewall address-list get $i creation-time]); :set CommentX
([/ip firewall address-list get $i comment]); :set DNSX ([pick $CommentX ([find
$CommentX “ ] – [ “]+7) ([find $CommentX “ )“]-2)]); :set TypeX ([pick
$IPtoResolverX1 ([find $IPtoResolverX1 $DNSX]) ([len $IPtoResolverX1])]); :set
TypeX ([pick $TypeX ([find $TypeX “@”]+1) ([find $TypeX “*”])]); :if
($TypeX=”Dynamic”) do={:if ($TimeRemoveSIC>0 and (([$FechaIncr ([$DateTimeToNro
$CreationTime]) $TimeRemoveSIC])<=[$DateTimeToNro $DateTimeAct])) do={[/ip firewall
address-list set $i disable=no]; [/ip firewall address-list set $i timeout=10s];}
else={:if (([$FechaIncr ([$DateTimeToNro $CreationTime])
$TimeDisableSIC])<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall address-list
set $i disable=yes];}}}}}}};
# Nota: usado, para (Add IPs) de servicios que la cambian x time. Ahora, si además
de cambiarlas, las reiutiliza para otros servicios, tendría que establecerse un
TimeLaps. Recordar que: address-list add.IP, aun si existe, pero (disabled).

# RB.AddressList-ImportnoDNSCache: ------------------------------------------------
# Name: RB.AddressList-ImportnoDNSCache
# comment=”R+: ( RB.AddressList-ImportnoDNSCache )”
# ------------------------------------------------
:local File “AddressList.noDNSCache.txt”;
:local ListaXContenido;
:local ListX;
:local CommentX;
:local AddressX;
:local AddressSX;
:if ([len [/file find name=$File]]!=0) do={:set ListaXContenido ([/file get $File
contents]); :if ([len $ListaXContenido]>0) do={:set ListX ([pick $ListaXContenido 0
([find $ListaXContenido “\n”])]); :set ListaXContenido ([pick $ListaXContenido
([find $ListaXContenido “\n”]+1) ([len $ListaXContenido])]); :set CommentX (“C+:
QoS ( [ “.([pick $ListX 2 ([find $ListX “.List”])]).” ] - [ no-DNSCache ] -
[ -------- ] )”); :while ([len $ListaXContenido]>0) do={:if ([find $ListaXContenido
“ ”]<0 or [find $ListaXContenido “ ”]>[find $ListaXContenido “\n”]) do={:set
AddressX ([pick $ListaXContenido 0 ([find $ListaXContenido “\n”])]);} else={:set
AddressX ([pick $ListaXContenido 0 ([find $ListaXContenido “ ”])]);}; :set
AddressSX ($AddressX);
# -------------------------------------------------- [Manejo de IP.Errors (no-
Funca)]
# :set AddressX ([toip $AddressX]); :if ([typeof $AddressX]!=”ip”) do={:do {
# -------------------------------------------------- [Resolve.Prob]
# :set AddressX ([resolve $AddressX]);} on-error={
# -------------------------------------------------- [Resolve.Failure]
# :log error message=("[AddressList.ImportnoDNSCache DNS.Resolve-Failure, Addr: (".
($AddressSX).")]"); :set AddressX (0.0.0.0);}};
# --------------------------------------------------
:if ($AddressX!=0.0.0.0) do={/ip firewall address-list remove [find
(address=$AddressX and list=$ListX)]; /ip firewall address-list add list=$ListX
address=$AddressX comment=$CommentX disable=yes;};
# --------------------------------------------------
:set ListaXContenido ([pick $ListaXContenido ([find $ListaXContenido “\n”]+1) ([len
$ListaXContenido])]);}}; /file remove $File;} else={:log error
message=(“[Error.Address-List ImportnoDNSCache]: Empty”);};
# Nota: (TXT.Conntent: Lista\n<IP, IP/XX, IP.Ini-IP.Fin, DNS>\n\r).

# RB.AddressListX-ExportSpecificList:
--------------------------------------------------
# Name: RB.AddressListX-ExportSpecificList
# comment=”Rx: ( RB.AddressListX-ExportSpecificList )”
# /ip firewall address-list print file=”Address-L” where (list="A-
ENACOMDROP.List"); # Alternativa poco eficiente en
tamaño.
:local ListaXContenido ””; # Error, si
(tamaño>4K)
:local File “Address-L”;
:foreach x in=[/ip firewall address-list find (list="A-ENACOMDROP.List")] do={:set
ListaXContenido ($ListaXContenido.[/ip firewall address-list get $x
list].”&:&“.[/ip firewall address-list get $x address].”&-&“.[/ip firewall address-
list get $x creation-time].”&+&“.[/ip firewall address-list get $x
comment].”&*&“);}; :if ([len $ListaXContenido]>0 and [len $ListaXContenido]<4097)
do={/file print file=$File; :delay 2s; /file set $File contents=$ListaXContenido;}
else={:log error message=(“[Error.Address-List ExportSpecificList]: (>4K)”);};
# Nota: establecer condición: (list=”__.List”…) según corresponda.

# RB.AddressListX-ImportSpecificList:
--------------------------------------------------
# Name: RB.AddressListX-ImportSpecificList
# comment=”Rx: ( RB.AddressListX-ImportSpecificList )”;
:local File “Address-L.txt”;
:local ListaXContenido;
:local ListX;
:local AddressX;
:local CreationTimeX;
:local CommentX;
:if ([len [/file find name=$File]]!=0) do={:set ListaXContenido ([/file get $File
contents]); :if ([len $ListaXContenido]>0) do={:while ([len $ListaXContenido]>0)
do={:set ListX ([pick $ListaXContenido 0 ([find $ListaXContenido “&:&”])]); :set
AddressX ([pick $ListaXContenido ([find $ListaXContenido “&:&”]+3) ([find
$ListaXContenido “&-&”])]); :set CreationTimeX ([pick $ListaXContenido ([find
$ListaXContenido “&-&”]+3) ([find $ListaXContenido “&+&”])]); :set CommentX ([pick
$ListaXContenido ([find $ListaXContenido “&+&”]+3) ([find $ListaXContenido
“&*&”])]); :set ListaXContenido ([pick $ListaXContenido ([find $ListaXContenido
“&*&”]+3) [len $ListaXContenido]]); :if ([/ip firewall address-list find
(list=$ListX and address=$AddressX)]=””) do={/ip firewall address-list add
list=$ListX address=$AddressX comment=$CommentX disable=yes;}}}; /file remove
$File;} else={:log error message=(“[Error.Address-List ImportSpecificList]:
Empty”);};

# RB.Restore-AddressListRSC:
----------------------------------------------------------
# Name: RB. Restore-AddressListRSC
# comment=”Rx: ( RB.Restaura AddressList (RSC) )”
/ip firewall address-list remove [find]; # Borra all
AddressList.IPs
/import file=AddressList.rsc;

# RB.BackUp-AddressListRSC:
----------------------------------------------------------
# Name: RB.BackUp-AddressListRSC
# comment=”R+: ( RB.BackUp-AddressList (RSC) )”
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en Address-List (do={:beep frequency=550
length=494ms;}).
# -----------------------------------------------
/ip firewall address-list export file=AddressList; :delay 5s;
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-AddressListRSC”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]
:local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get
[find name=”RB.BackUp-AddressListRSC”] comment]) 4 ([len ([/system scrip get [find
name=”RB.BackUp-AddressListRSC”] comment])])])); /tool e-mail send
to="[email protected]" subject=$Subjet body=“System : ($[/system identity get
name]) \r\nFecha : ($[/system clock get date]) \r\nHora : ($[/system
clock get time]) \r\nModelo : ($[/system resource get board-name]) \r\nIPWAN1
: ($[/ip address get [find comment~”TELCO.2.2.2.x”] value-name=address]) \r\
nEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-
name=interface]) \r\nIPEtherAux : ($[/ip address get [find comment~”EMERGENCY1”]
value-name=address])” file=AddressList.rsc;}

# AddressList.DOSAttack-Alert:
---------------------------------------------------------
# Name: AddressList.DOSAttack-Alert
# comment=”R+: ( AddressList.DOSAttack-Alert )”
# ---------------------------------------------------
# Función Tracert.IP: (IP, Count)
:local TracertIP do={
# ------------------------
# Función Transforma de BidimUnidim.Str: (StrBidim, StrExtra) {f
de f}
:local BidiToUniStr do={:local BStr ($1); :local LineStr ””; :while ([len $BStr]>0)
do={:set LineStr ($LineStr.[pick $BStr 0 ([find $BStr “\r\n”])].$2); :set BStr
([pick $BStr ([find $BStr“\r\n”]+2) [len $BStr]]);}; :return ($LineStr);}
# ------------------------
# Función Transforma de Tracert-BidimaUnidim.Str: (TStrBidim, StrExtra) {f de f}
:local TBidiToUniStr do={
# ------------------------
# Función Elimina Char255.Izq: (StrX, Direction) {f
de f de f}
:local KillChar255 do={:local StrXA ($1); :local X (0); :local Bloq (1); :if
($2=”Der.”) do={:set X ([len $1]-1); :set Bloq (-1);}; :if ([len $StrXA]>0)
do={:while ([pick $StrXA $X]=” ”) do={:set X ($X+$Bloq);}; :if ($2=“Izq.”) do={:set
StrXA ([pick $StrXA $X [len $StrXA]]);} else={:set StrXA ([pick $StrXA 0
($X+1)]);}}; :return ($StrXA);}

# ------------------------------------- (Code Main de TBidiToUniStr)


:local BStr ($1); :local LineStr ””; :local LineStrX ””; :local LineX (1); :while
([len $BStr]>0) do={:set LineStrX ([pick $BStr 0 ([find $BStr “\r\n”])]); :if ([len
$LineStrX]>53) do={:if ([pick $LineStrX 3 5]!=” “) do={:set LineStr
($LineStr.“[ ”.$LineX.” ]: ”.([$KillChar255 ([pick $LineStrX 3 35]) “Der.”]).” – “.
([pick $LineStrX 36 40]).” – “.([pick $LineStrX 46 53]).$2);} else={:set LineStr
($LineStr.“[ ”.$LineX.” ]: ( ----- ) – “.([pick $LineStrX 36 40]).” – “.([pick
$LineStrX 46 53]).$2);}; :set LineX ($LineX+1);}; :set BStr ([pick $BStr ([find
$BStr “\r\n”]+2) [len $BStr]]);}; :return ($LineStr);}

# ------------------------------------- (Code Main de TracertIP)


:global IPT ($1); :global Count ($2); /ip firewall raw set [find comment=”014R+:
Bloqueo.Resto de InputICMP.Conn (hacia WANs)”] disable=yes; :execute {tool
traceroute count=$Count use-dns=yes $IPT} file=iptracert.txt; :delay 5s; /ip
firewall raw set [find comment=”014R+: Bloqueo.Resto de InputICMP.Conn (hacia
WANs)”] disable=no; :local STracerIP ([/file get “iptracert.txt” contents]); /file
remove “iptracert.txt”; :if ($STracerIP!=”failure: could not start”) do={:set
STracerIP ([pick $STracerIP ([find $STracerIP “\r\n”]+2) ([len $STracerIP])]); :set
STracerIP (“[ Tracert. ”.$IPT.” ]:
--------------------------------------------------------------- ”.[$TBidiToUniStr
$STracerIP " ; "]);} else={:set STracerIP (“[ Tracert. “.$IPT.” ]:
--------------------------------------------------------------- ”.$STracerIP);};
/system script environment remove [find name="IPT"]; /system script environment
remove [find name="Count"]; :return ($STracerIP);}
# Nota: por alguna razón (IPT/Count {cant. de intentos}), debe ser global.
# ------------------------------------------------
# Función devuelve Time Absoluto según concatenación de Dia+Hora: (Fecha,Hora)
:local AbsTime do={:local TimeX “”; :local Mx
("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); :local
MesAct ([find $Mx ([pick $1 0 3]) -1]+1); :if ($MesAct<10) do={:set MesAct (“0”.
$MesAct);}; :set TimeX ([pick $1 7 11].$MesAct.[pick $1 4 6].[pick $2 0 2].[pick $2
3 5].[pick $2 6 8]); :return ($TimeX);}

# ---------------------------------------- (Code Main de AddressList.DOSAttack-


Alert)
:global DOSRegistroH; # En caso de ataque masivo, limpiar manualmente
:local TracertSend “NO”; # Envio TelegramAlert con (tracerout IP)
:local TimeAct ([$AbsTime ([/system clock get date]) ([/system clock get time])]);
:local DOSRegistro “”;
:local Listx “”;
:local IPx;
:local TimeOx;
:local Commentx “”;
:local Cont 0;
:local TimeLastC;
:local PosTF;
:local TimeCreatx;
:if ([/ip firewall address-list find (list~"T-DOS" and timeout>59s)]!=””)
do={/system script run AddressList.Ident-Client; /system script run
AddressList.Ident-Address; :delay 10s; :foreach x in=[/ip firewall address-list
find (list~"T-DOS" and timeout>29s)] do={:set Listx ([/ip firewall address-list get
$x list]); :set IPx ([/ip firewall address-list get $x address]); :set TimeOx ([/ip
firewall address-list get $x timeout]); :set Commentx ([/ip firewall address-list
get $x comment]); :if ([len $Commentx]=0) do={:set Commentx (“---(Error.Script-
Ident)---”);}; :set TimeCreatx ([/ip firewall address-list get $x creation-
time]); :set TimeCreatx ([$AbsTime [pick $TimeCreatx 0 11] [pick $TimeCreatx 12
21]]); :if ($DOSRegistroH~($IPx.”&”.$Listx.”%”)) do={:set PosTF ([find
$DOSRegistroH ($IPx.”&”.$Listx.”%”)]+[len [tostr $IPx]]+[len $Listx]+2); :set
TimeLastC ([pick $DOSRegistroH $PosTF ($PosTF+14)]); :if ($TimeCreatx>$TimeLastC)
do={:set Cont ($Cont+1); :set DOSRegistro ($DOSRegistro.(”[ ”.$Cont.” : ”.$Listx.”
”.$IPx.” “.$TimeOx.” ”.[pick $Commentx 0 450].” ] ”)); :set $DOSRegistroH ([pick
$DOSRegistroH 0 $PosTF].$TimeAct.[pick $DOSRegistroH ($PosTF+14) [len
$DOSRegistroH]]);}} else={:set Cont ($Cont+1); :set DOSRegistro ($DOSRegistro.
(”[ ”.$Cont.” : ”.$Listx.” ”.$IPx.” “.$TimeOx.” ”.[pick $Commentx 0 450].” ]
”)); :set DOSRegistroH ($DOSRegistroH.$IPx.”&”.$Listx.”%”.$TimeAct.”*”);}}; :if
([len $DOSRegistro]>0) do={:global TelegramMessage (“[DOS-Attack.Alert]:
------------ ( ”.([/system identity get name]).” ) -------------- ”.
($DOSRegistro)); /system script run RB.Telegram-MessageAlert; :delay 2s; :if
($TracertSend=“SI”) do={:global TelegramMessage ([$TracertIP $IPx 1]); /system
script run RB.Telegram-MessageAlert; :delay 2s;}}} else={:set DOSRegistroH (“”);};

# AddressList.Empty-!A!SComment:
----------------------------------------------------
# Name: AddressList.Empty-!A!SComment
# comment=”Rx: ( Limpia AddressList.(!A+!S)-Comment )”
:foreach x in=[/ip firewall address-list find (!(list~"A-" or list~"S-"))] do={/ip
firewall address-list set $x comment=””};

# AddressList.Empty-CComent:
---------------------------------------------------------
# Name: AddressList.Empty-CComment
# comment=”Rx: ( Limpia AddressList.(C)-Comment )”
:foreach x in=[/ip firewall address-list find (list~"C-")] do={/ip firewall
address-list set $x comment=””};

# AddressList.Empty-TComment:
-------------------------------------------------------
# Name: AddressList.Empty-TComment
# comment=”Rx: ( Limpia AddressList.(T)-Comment )”
:foreach x in=[/ip firewall address-list find (list~"T-")] do={/ip firewall
address-list set $x comment=””};

# AddressList.Ident-Address:
------------------------------------------------------------
# Name: AddressList.Ident-Address
# comment=”R+: ( AddressList.Ident-Address )”
# Es aconsejable, previamente borrar el (log)/(RB.Reboot) – por duplicaciones – y,
remover la variable global (MACLANDrop) al finalizar análisis de MACs.
# ----------------------------------------------
# Función cambia a mayúscula una MAC: (MAC)
:local UpCaseMAC do={
# ------------------------
# Función cambia a mayúscula una Hex.Letra: (Char) {función de función}
:local UpCaseHexL do={:local HexDw (“abcdef”); :local HexUp (“ABCDEF”); :if ([tonum
$1]<0 and !([find $HexDw $1]<0)) do={:set $1 [pick $HexUp ([find $HexDw $1]) ([find
$HexDw $1]+1)];}; return ($1)}
# ------------------------
:local MACUpC “”; :local z 0; :while (z<16) do={:set MACUpC ($MACUpC.[$UpCaseHexL
([pick $1 $z ($z+1)])].[$UpCaseHexL ([pick $1 ($z+1) ($z+2)])].”:”); :set z
($z+3);}; :return ([pick $MACUpC 0 ([:len $MACUpC]-1)])}
# ----------------------------------------------
# Función Identifica IP: (IP,MAC)
# Solo funciona con (/24).
:local IPIdent do={
# ------------------------------
# Función devuelve Whois IP-Public: (IP-Public)
{f de f}
:local WhoisIP do={
# ----------------------------------------------
# Función Elimina Char255.Izq: (StrX, Direction) {f
de f de f}
:local KillChar255 do={:local StrXA ($1); :local X (0); :local Bloq (1); :if
($2=”Der.”) do={:set X ([len $1]-1); :set Bloq (-1);}; :if ([len $StrXA]>0)
do={:while ([pick $StrXA $X]=” ”) do={:set X ($X+$Bloq);}; :if ($2=“Izq.”) do={:set
StrXA ([pick $StrXA $X [len $StrXA]]);} else={:set StrXA ([pick $StrXA 0
($X+1)]);}}; :return ($StrXA);}
# --------------------------
# Función Elimina Char255.IzqxURL: (StrX, Direction, StrCharsOk) {f de f de
f}
:local KillChar255xURL do={:local StrXA ($1); :local X (0); :local CharX; :local
Bloq (1); :if ($2=”Der.”) do={:set X ([len $1]-1); :set Bloq (-1);}; :if ([len
$StrXA]>0) do={:while ([pick $StrXA $X]=” ”) do={:set X ($X+$Bloq);}; :if
($2=“Izq.”) do={:set StrXA ([pick $StrXA $X [len $StrXA]]);} else={:set StrXA
([pick $StrXA 0 ($X+1)]);}};
# ------------ (Kill x no-encontrarse en $3)
:for rx from=0 to=([len $StrXA]-1) do={:while ([find $3 ([pick $StrXA $rx])]<0)
do={:set CharX ([pick $StrXA $rx]); :set StrXA (([pick $StrXA 0 ([find $StrXA
$CharX])]).“ ”.([pick $StrXA ([find $StrXA $CharX]+1) [len $StrXA]]));}};
# ------------ (Kill x encontrarse en $3, no funciona en RouterOS: “ñÑ$#&¿?”)
# :for rx from=0 to=([len $3]-1) do={:while ([find $StrXA ([pick $3 $rx])]>=0)
do={:set CharX ([pick $3 $rx]); :set StrXA (([pick $StrXA 0 ([find $StrXA
$CharX])]).“ ”.([pick $StrXA ([find $StrXA $CharX]+1) [len $StrXA]]));}};
# ------------
:return ($StrXA);}

# ---------------------------------------------- (Code Main de WhoisIP)


:local ICANN (“(ARIN): America.Anglo-Sajona*(RIPE NCC): Europa, Oriente.Medio y
Asia.Central*(APNIC): Asia y Region.Pacifico*(LACNIC): America.Latina y el
Caribe*(AfriNIC): Africa*(Direct Assignment): Ubicacion desconocida*”); :local
Owner (” “); :local NetName (” “); :local NetType (” “); :local IPGPS (” “); :local
OriginAS (” “); :local Country (” “); :local Responsible (” “); :local Address (”
“); :local Phone (” “); :local Organization (” “); :local City (” “); :local CIDR
(” “); :local Email (” “); :local WhoisX (“”); :local Type; :local FileT
(“ipwhois.txt“); # o ("\?q=".
$1);
# ----------------------
/tool fetch url=(”http://whois.arin.net/rest/ip/$1.txt”) mode=http dst-
path=($FileT);
# /tool fetch url=(“https://api.hackertarget.com/whois/\?q=”.$1) mode=https dst-
path=($FileT);
# Nota: Limitacion: (FileT<=4K). El (X/X/X), banearon nuestros IPv4 en (RIPE NCC x
https://api.hackertarget.com/whois/).
# ----------------------
:delay 2s; # usado too, x reducir la prob. de baneo x alguna entidad de (ICANN).
:local IPWhoisX ([/file get ($FileT) contents]); :local IPWhoisX1 (“”); :local
SCharsOk (“abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789–-*/@.;,)
(_:[]{%}”); /file remove ($FileT);
:if ([len $IPWhoisX]>0) do={
# ----------------------
:if ([find $IPWhoisX “NetType:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “NetType:”]) ([len $IPWhoisX])]); :set NetType ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :if ([find $NetType “to”]>0) do={:set NetType ([pick $NetType ([find
$NetType “to”]+3) ([len $NetType])]); :set Type ($NetType);} else={:set Type ([pick
$NetType 0 7]);}; :set IPGPS ([pick $ICANN [find $ICANN $Type] [len $ICANN]]); :set
IPGPS ([pick $IPGPS ([find $IPGPS “):”]+3) ([find $IPGPS “*”])]); :set WhoisX
($WhoisX.$IPGPS.” - ”); :set WhoisX ($WhoisX.$NetType.” - ”);};
# ----------------------
:if ([find $IPWhoisX “owner:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “owner:”]) ([len $IPWhoisX])]); :set Owner ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$Owner.” - ”);};
# ----------------------
:if ([find $IPWhoisX “responsible:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “responsible:”]) ([len $IPWhoisX])]); :set Responsible ([$KillChar255xURL
([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$Responsible.” - ”);};
# ----------------------
:if ([find $IPWhoisX “ddress:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find
$IPWhoisX1 “ddress:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1
“ddress:”]+6) ([len $IPWhoisX1])]); :set Address ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :if ([find $WhoisX ($Address.” - ”)]=-1) do={:set WhoisX ($WhoisX.
$Address.” - ”);}}};
# ----------------------
:if ([find $IPWhoisX “hone:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find
$IPWhoisX1 “hone:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1
“hone:”]+4) ([len $IPWhoisX1])]); :set Phone ([$KillChar255xURL ([pick $IPWhoisX1
([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find
$WhoisX ($Phone.” - ”)]=-1) do={:set WhoisX ($WhoisX.$Phone.” - ”);}}};
# ----------------------
:if ([find $IPWhoisX “City:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “City:”]) ([len $IPWhoisX])]); :set City ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$City.” - ”);};
# ----------------------
:if ([find $IPWhoisX “country:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “country:”]) ([len $IPWhoisX])]); :set Country ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$Country.” - ”);};
# ----------------------
:if ([find $IPWhoisX “Organization:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “Organization:”]) ([len $IPWhoisX])]); :set Organization
([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\
n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$Organization.” - ”);};
# ----------------------
:if ([find $IPWhoisX “NetName:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “NetName:”]) ([len $IPWhoisX])]); :set NetName ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$NetName.” - ”);};
# ----------------------
:if ([find $IPWhoisX “mail:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find
$IPWhoisX1 “mail:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1
“mail:”]+4) ([len $IPWhoisX1])]); :set Email ([$KillChar255xURL ([pick $IPWhoisX1
([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find
$WhoisX ($Email.” - ”)]=-1) do={:set WhoisX ($WhoisX.$Email.” - ”);}}};
# ----------------------
:if ([find $IPWhoisX “CIDR:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “CIDR:”]) ([len $IPWhoisX])]); :set CIDR ([$KillChar255xURL ([pick
$IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$CIDR.” - ”);};
# ----------------------
:if ([find $IPWhoisX “OriginAS:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find
$IPWhoisX “OriginAS:”]) ([len $IPWhoisX])]); :set OriginAS ([$KillChar255xURL
([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.”
$SCharsOk]); :set WhoisX ($WhoisX.$OriginAS.” - ”);};
# ----------------------
:set WhoisX ([pick $WhoisX 0 ([len $WhoisX]-3)]);} else={:set WhoisX
(“Error.WhoisIP-Inaccesible”);}; :return ($WhoisX);}
# ------------------------------
# Función Identifica-Cliente: (IP,Rango1,Rango2,Rango3,…) {f
de f}
:local ClientIdent do={
:local RegistroX (“IP.OutRange”);
:if ([pick $1 0 [len $2]]=$2 or [pick $1 0 [len $3]]=$3 or [pick $1 0 [len $4]]=$4)
do={:if ([/queue simple find (target=($1."/32"))]!="") do={:set RegistroX ([/queue
simple get value-name=name [find target=($1."/32")]]); :if ([find $RegistroX
“_Libre ”]<0) do={:set RegistroX ([pick $RegistroX 0 77]);} else={:set RegistroX
(”( Libre )”);}} else={:set RegistroX (”[Error-QS.IPFaltante]”);}}; :return
($RegistroX);}
# Nota: disponer en fila, los rangos de IP sin ceros a la izq., según corresponda.

# ------------------------------ (Code Main de IPIdent)


:global ICANNCont; :local IDOut (“ID.UnKnown”); :local RegistroY; :if ([len $2]>0
and [/ip arp find (mac-address=$2)]!=””) do={:set RegistroY ([$ClientIdent ([/ip
arp get [/ip arp find mac-address=$2] address]) ”1.2.A” ”1.2.B” ”1.2.C”]); :set
IDOut (($2).”,(”.([pick $RegistroY 0 25]).“=”.[/ip arp get [/ip arp find mac-
address=$2] address].”).”.[/ip arp get [/ip arp find mac-address=$2] interface]);}
else={:if ([/ip arp find (address=$1)]!=””) do={:set IDOut ([/ip arp get [/ip arp
find address=$1] mac-address].”,(”.($1).”).”.[/ip arp get [/ip arp find address=$1]
interface]);} else={:if ($ICANNCont<10) do={:set IDOut ([$WhoisIP $1]); :set
ICANNCont ($ICANNCont+1);} else={:set IDOut (“Error.WhoisIP-LimitAlcanzado”);}; :if
([len $2]>0) do={:set IDOut ($2.”,(”.$IDOut.”).WANX”);}}}; :return ($IDOut)}
# Nota: recordar que (10*RB.Cant<Min(ICANN.Limit-Consult)).

# ------------------------------------- [Code Main de AddressList.Ident-Address]


# -------------------------------------[Registro Regional de Internet: NRO+]
# (ARIN): America.Anglo-Sajona.
# (RIPE NCC): Europa, Oriente.Medio y Asia.Central.
# (APNIC): Asia y Region.Pacifico.
# (LACNIC): America.Latina y el Caribe.
# (AfriNIC): Africa.
# (Direct Assignment/Allocation): Ubicación desconocida.
# -------------------------------------
:global MACLANDrop “”; # Guarda all (MAC) de T-DOS___.List (empty)
:global ICANNCont (0); # Contador de consultas a entidades ICANN
:local IPx;
:local Listx;
:local IDClientx;
:local MACx “”;
:local Registro “”;
:local Encontrado;
:foreach x in=[/ip firewall address-list find (!comment and list~"T-")] do={:set
IPx ([/ip firewall address-list get $x address]); :set Listx ([/ip firewall
address-list get $x list]); :if (($Listx~"T-DOS" and [/log find (message~"DOS-” and
message~"src-mac” and message~$IPx)]!=””) or ($Listx~"T-VPN" and [/log find
(message~"VPN-” and message~"src-mac” and message~$IPx)]!=””)) do={:foreach y
in=[(($Listx~"T-DOS" and [/log find (message~"DOS-” and message~"src-mac” and
message~$IPx)]!=””) or ($Listx~"T-VPN" and [/log find (message~"VPN-” and
message~"src-mac” and message~$IPx)]!=””))] do={:set Registro ([/log get $y
message]);}; :set MACx ([pick $Registro ([find $Registro "src-mac”]+8) ([find
$Registro "src-mac”]+25)]); :set MACx ([$UpCaseMAC $MACx]); :set IDClientx
([$IPIdent $IPx $MACx]); :set MACLANDrop ($MACLANDrop.$MACx.”\r\n”); :set IDClientx
(“( “.($IDClientx).” ) – ( “.([pick $Registro ([find $Registro $IPx]) ([len
$Registro])]).” )”); /ip firewall address-list set $x comment=($IDClientx);}
else={/ip firewall address-list set $x comment=(”( ”.([$IPIdent $IPx ””]).” )”);}};
/system script environment remove [find name="ICANNCont"];
# /system script environment remove [find name="MACLANDrop"];
# Nota: usar (aplicación: WireShark), filtro (eth.addr == 6C:3B:6B:A8:13:5E), para
identificar cambios de IP. Exportar log: (/log print file=log.txt).

# AddressList.Ident-Client:
--------------------------------------------------------------
# Name: AddressList.Ident-Client
# comment=”C+: ( AddressList.Ident-Client )”
# Solo funciona con (/24).
# -----------------------------------------------
# Función Identifica-Cliente: (IP,Rango1,Rango2,Rango3,…)
:local ClientIdent do={
:local RegistroX (“IP.OutRange”);
:if ([pick $1 0 [len $2]]=$2 or [pick $1 0 [len $3]]=$3 or [pick $1 0 [len $4]]=$4)
do={:if ([/queue simple find (target=($1."/32"))]!="") do={:set RegistroX ([/queue
simple get value-name=name [find target=($1."/32")]]); :if ([find $RegistroX
“_Libre ”]<0) do={:set RegistroX ([pick $RegistroX 0 77]);} else={:set RegistroX
(”( Libre )”);}} else={:set RegistroX (”[Error-QS.IPFaltante]”);}}; :return
($RegistroX);}
# Nota: disponer en fila, los rangos de IP sin ceros a la izq., según corresponda.
# -----------------------------------------------
:local IPAL;
:local Registro;
:foreach x in=[/ip firewall address-list find (!comment)] do={:set IPAL ([/ip
firewall address-list get $x address]); :set Registro ([$ClientIdent $IPAL ”1.2.A”
”1.2.B” ”1.2.C”]); :if ($Registro!=“IP.OutRange”) do={/ip firewall address-list set
$x comment=$Registro;};};
# Nota: (77), depende de la longitud del formato para nombre de QS. (Error), no
detecta multiples IPs x Client. Run, antes de (AddressList.Ident-Address). Ej.
multiple target: ([/queue simple get value-name=name [find
target=("1.2.3.4/32”,”1.2.3.5/32”,”1.2.3.7/32")]]).

# Client.Ctrl (ABTemp):
--------------------------------------------------------------------
# Name: Client.Ctrl (ABTemp)
# comment=”C+: ( Client.Ctrl (ABTemp) )”
# -----------------------------------------------
# (+T: ).Comm: (all initial line) [+TE=20XX/0X/0X 0Xh&&ABUp%%ABDw]
# -----------------------------------------------
# Nota: (20XX/0X/0X 0Xh), fecha y hora final. (xTE=), regla inactiva.
:local Mx
("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
:local DateAct ([/system clock get date]);
:local DiaAct ([pick $DateAct 4 6]);
:local MesActP ([pick $DateAct 0 3]);
:local MesAct ([find $Mx $MesActP -1]+1);
:local AnioAct ([pick $DateAct 7 11]);
:local TimeAct ([/system clock get time]);
:local HoraAct ([pick $TimeAct 0 2]);
:if ($MesAct<10) do={:set MesAct (“0”.$MesAct);};
:local DateTimeAct ($AnioAct.$MesAct.$DiaAct.$HoraAct);
# -----------------------------------------------
:local DatePromo;
:local DiaPromo;
:local MesPromo; # No olvidar el (0) a la izquierda para
(<10).
:local AnioPromo;
:local HoraPromo;
:local DateTimePromo;
# ----------------------------------------------- [Ajustar, según actualizaciones]
:local QoSRelacion 8; # relación (max-limit(8):limit-at(1)) MT.Default=64k
:local QoSPBurstThres 75; # porcentaje (max-limit(1): limit-at(0,75))
:local QoSBurstL 2; # relación (max-limit(1):burst-limit(2))
:local UnidadUp; # x algoritmo: max-limit (min)=500k/500k
:local UnidadDw;
# -----------------------------------------------
:local QSComment;
:local QSName;
:local MaxLimitUp 0;
:local MaxLimitDw 0;
:local MaxLimitUpT “”;
:local MaxLimitDwT “”;
:local MaxLimit; # unidad: (k)
:local LimitAtUp 0;
:local LimitAtDw 0;
:local LimitAt; # unidad: (k)
:local BurstLimitUp 0;
:local BurstLimitDw 0;
:local BurstLimit;
:local BurstThresholdUp 0;
:local BurstThresholdDw 0;
:local BurstThreshold; # unidad: (k)
# -----------------------------------------------
:foreach x in=[/queue simple find (name~”\\+T: ”)] do={:set QSComment ([/queue
simple get $x comment]);
# ------------------------------------------------ [Existe (+T: )?]
:if ($QSComment~”\\+TE=”) do={:set DiaPromo ([pick $QSComment ([find $QSComment
“+TE=”]+12) ([find $QSComment “+TE=”]+14)]); :set MesPromo ([pick $QSComment ([find
$QSComment “+TE=”]+09) ([find $QSComment “+TE=”]+11)]); :set AnioPromo ([pick
$QSComment ([find $QSComment “+TE=”]+04) ([find $QSComment “+TE=”]+08)]); :set
HoraPromo ([pick $QSComment ([find $QSComment “+TE=”]+15) ([find $QSComment “+TE=”]
+17)]); :set DateTimePromo ($AnioPromo.$MesPromo.$DiaPromo.$HoraPromo);
# ------------------------------------------------ [Alcanzado Limite?]
:if ([tonum $DateTimeAct]>[tonum $DateTimePromo]) do={:set QSName ([/queue simple
get $x name]); :set QSName ([pick $QSName 4 [len $QSName]]); :set MaxLimitUpT
([pick $QSComment ([find $QSComment “&&”]+2) ([find $QSComment “%%”])]); :set
MaxLimitDwT ([pick $QSComment ([find $QSComment “%%”]+2) ([find $QSComment “]”])]);
# ------------------------------------------------ [Comment.Change]
:set QSComment ([pick $QSComment 0 ([find $QSComment “+TE=”])].”x”.([pick
$QSComment ([find $QSComment “TE=”]) [len $QSComment]]));
# :set QSComment ([pick $QSComment ([find $QSComment “]”]+1) [len $QSComment]]);
(limpieza de Comment alternativa)
# ------------------------------------------------ [AB.Change]
/queue simple set $x name=($QSName); /queue simple set $x
comment=($QSComment); :set MaxLimitUp ([tonum [pick $MaxLimitUpT 0 ([len
$MaxLimitUpT]-1)]]); :set MaxLimitDw ([tonum [pick $MaxLimitDwT 0 ([len
$MaxLimitDwT]-1)]]); :set UnidadUp ([pick $MaxLimitUpT ([len $MaxLimitUpT]-1) ([len
$MaxLimitUpT])]); :set UnidadDw ([pick $MaxLimitDwT ([len $MaxLimitDwT]-1) ([len
$MaxLimitDwT])]); :if ($UnidadUp=”M”) do={:set MaxLimitUp ($MaxLimitUp*1000);}; :if
($UnidadDw=”M”) do={:set MaxLimitDw ($MaxLimitDw*1000);}; :set LimitAtUp
($MaxLimitUp/$QoSRelacion);
:set LimitAtDw ($MaxLimitDw/$QoSRelacion); :set LimitAt ($LimitAtUp."k/".
$LimitAtDw."k"); :set MaxLimit ($MaxLimitUp."k/".$MaxLimitDw."k"); /queue simple
set $x limit-at=$LimitAt; /queue simple set $x burst-time=16/16; /queue simple set
$x max-limit=$MaxLimit; :set BurstThresholdUp
(($MaxLimitUp*$QoSPBurstThres)/100); :set BurstThresholdDw
(($MaxLimitDw*$QoSPBurstThres)/100); :set BurstThreshold ($BurstThresholdUp."k/".
$BurstThresholdDw."k"); /queue simple set $x burst-threshold=$BurstThreshold; :set
BurstLimitUp ($MaxLimitUp*$QoSBurstL); :set BurstLimitDw
($MaxLimitDw*$QoSBurstL); :set BurstLimit ($BurstLimitUp."k/".
$BurstLimitDw."k"); /queue simple set $x burst-limit=$BurstLimit; /queue simple set
$x queue=ethernet-default/ethernet-default; /queue simple set $x priority=8/8;
# ------------------------------------------------ [Change.Stat]
:log warning message=("[RB.ABTemp (Expire: $QSName) – ($DateTimeAct >
$DateTimePromo)]"); :global TelegramMessage (“[RB.ABTemp (Expire: $QSName) –
($DateTimeAct>$DateTimePromo)]”); /system script run RB.Telegram-MessageAlert;}}};
# -----------------------------------------------
# Nota: En caso de no definir (+TE=), debera aplicarse un proceso manual.

# DNSCache.Empty:
--------------------------------------------------------------------
# Name: DNSCache.Empty
# comment="Rx: ( DNSCache.Empty )"
/ip dns cache print file=DNSCache.txt; :delay 2s;
/ip dns cache flush; #
Borra all DNS.Cache

# Log.Empty:
-----------------------------------------------------------------------------
# Name: Log.Empty
# comment="Rx: ( Log.Empty )"
/log print file=Log.txt; :delay 2s;
/system logging action set memory memory-lines=1; :delay 2s; # Borra all log
/system logging action set memory memory-lines=1000; # Limita a 1000L

# QS.ChangeAB:
-------------------------------------------------------------------------
# Name: QS.ChangeAB
# comment=”C+: ( QS.ChangeAB.Si: 00/00 ] o Act.Mes/Act.Año] )”
# (QoSBurstT/16), determina el periodo de cada análisis (media de consumo de
target). Si esa media, es inferior a burst-threshold, activo ráfaga.
# -----------------------------------------------
# Función Convierte MesL en MesN (Fecha) {mejor usar
arreglo}
:local ConvertMLToN do={:local Anio ([pick $1 7 11]); :local MesL ([pick $1 0
3]); :local MesN “Error”; :if ($MesL=”jan”) do={:set MesN (“01”)} else={:if
($MesL=”feb”) do={:set MesN (“02”)} else={:if ($MesL=”mar”) do={:set MesN (“03”)}
else={:if ($MesL=”apr”) do={:set MesN (“04”)} else={:if ($MesL=”may”) do={:set MesN
(“05”)} else={:if ($MesL=”jun”) do={:set MesN (“06”)} else={:if ($MesL=”jul”)
do={:set MesN (“07”)} else={:if ($MesL=”aug”) do={:set MesN (“08”)} else={:if
($MesL=”sep”) do={:set MesN (“09”)} else={:if ($MesL=”oct”) do={:set MesN (“10”)}
else={:if ($MesL=”nov”) do={:set MesN (“11”)} else={:if ($MesL=”dec”) do={:set MesN
(“12”)}}}}}}}}}}}}; :return ($MesN.”/”.[pick $Anio 2 4])};
# ----------------------------------------------- (ajustar según actualizaciones)
:local QoSRelacion 8; # relación (max-limit(8):limit-at(1)) MT.Default=64k
:local QoSPBurstThres 75; # porcentaje (max-limit(1): limit-at(0,75))
:local QoSBurstL 2; # relación (max-limit(1):burst-limit(2))
:local UnidadUp; # x algoritmo: max-limit (min)=500k/500k
:local UnidadDw;
# -----------------------------------------------
:local MaxLimitUp 0;
:local MaxLimitDw 0;
:local MaxLimit; # unidad: (k)
:local LimitAtUp 0;
:local LimitAtDw 0;
:local LimitAt; # unidad: (k)
:local BurstLimitUp 0;
:local BurstLimitDw 0;
:local BurstLimit;
:local BurstThresholdUp 0;
:local BurstThresholdDw 0;
:local BurstThreshold; # unidad: (k)
:local ActMesAnio ([$ConvertMLToN [/system clock get date]].” ]”);
:foreach x in=[/queue simple find (name~$ActMesAnio or name~”00/00 ]”)] do={:set
MaxLimit ([/queue simple get $x max-limit]); :set MaxLimitUp ([tonum [pick
$MaxLimit 0 ([find $MaxLimit "/"]-1)]]); :set MaxLimitDw ([tonum [pick $MaxLimit
([find $MaxLimit "/"]+1) ([len $MaxLimit]-1)]]); :set UnidadUp ([pick $MaxLimit
([find $MaxLimit "/"]-1) ([find $MaxLimit "/"])]); :set UnidadDw ([pick $MaxLimit
([len $MaxLimit]-1) [len $MaxLimit]]); :if ($UnidadUp=”M”) do={:set MaxLimitUp
($MaxLimitUp*1000);}; :if ($UnidadDw=”M”) do={:set MaxLimitDw
($MaxLimitDw*1000)}; :set LimitAtUp ($MaxLimitUp/$QoSRelacion); :set LimitAtDw
($MaxLimitDw/$QoSRelacion); :set LimitAt ($LimitAtUp."k/".$LimitAtDw."k"); /queue
simple set $x limit-at=$LimitAt; /queue simple set $x burst-time=16/16; :set
BurstThresholdUp (($MaxLimitUp*$QoSPBurstThres)/100); :set BurstThresholdDw
(($MaxLimitDw*$QoSPBurstThres)/100); :set BurstThreshold ($BurstThresholdUp."k/".
$BurstThresholdDw."k"); /queue simple set $x burst-threshold=$BurstThreshold; :set
BurstLimitUp ($MaxLimitUp*$QoSBurstL); :set BurstLimitDw
($MaxLimitDw*$QoSBurstL); :set BurstLimit ($BurstLimitUp."k/".
$BurstLimitDw."k"); /queue simple set $x burst-limit=$BurstLimit; /queue simple set
$x queue=ethernet-default/ethernet-default; /queue simple set $x priority=8/8;
/queue simple set $x parent=none; /queue simple set $x total-queue=ethernet-
default;};
# ------------------------------------------------ (Restaura.__/__ ])
:local Nombre “-”;
:foreach x in=[/queue simple find (name~”00/00 ]”)] do={:set Nombre ([/queue simple
get $x name]); :set Nombre ([pick $Nombre 0 [find $Nombre “00/00
]“]].“__/__ ]“); /queue simple set $x name=$Nombre}};
# ------------------------------------------------
# Nota: RouterOS, no maneja bien los decimales, por eso ((valor*porcentaje)/100).
QueueSimple.ABChange (max-limit=burst-threshold).

# RB.BackUp-DNSCache (Email):
-------------------------------------------------------
# Name: RB.BackUp-DNSCache
# comment="R+: ( RB.BackUp-DNSCache )"
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en Address-List (do={:beep frequency=550
length=494ms;}).
# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-DNSCache”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]
:local FileName ([/system resource get board-name].”(DNSCache)[01].txt”);
/ip dns cache print detail file=$FileName; :delay 4s;
# ----------------------------------------------- [Inactivo debido a limit size 4K]
# /file print file=$FileName; :delay 2s; # Crea File
# /file set [find name=$FileName] contents=""; # Borra contenido x def. File-0X
# :local Line “”;
# :local TTL; # establezco como guardable todo
(ddns.ttl>10seg)
# :local Type ””;
# :local Address (0.0.0.0);
# :local AddressS “”;
# :local Name “”;
# :foreach i in=[/ip dns cache all find] do={:set Name ([/ip dns cache get $i
name]); :set AddressS ([/ip dns cache all get $i data]); :set Type ([/ip dns cache
all get $i type]); :set TTL ([/ip dns cache get $i ttl]); :if ([len $Type]>0 and
$TTL>10s) do={:set Line ($Address." – ".$AddressS." – ".$Type." – ".$Name." – ".
$TTL. " – ".[typeof $Address]); /file set $FileName contents=([/file get $FileName
contents].$Line.”\r\n”);}};
# -----------------------------------------------
:local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get
[find name=”RB.BackUp-DNSCache”] comment]) 4 ([len ([/system scrip get [find
name=”RB.BackUp-DNSCache”] comment])])])); /tool e-mail send to="[email protected]"
subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha
: ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\
nModelo : ($[/system resource get board-name]) \r\nIPWAN1 : ($[/ip
address get [find comment~”TELCO.2.2.2.x”] value-name=address]) \r\nEtherAux :
($[/ip address get [find comment~”EMERGENCY1”] value-name=interface]) \r\
nIPEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-
name=address])” file=$FileName;};

# RB.BackUp-Config (Email):
------------------------------------------------------------
# Name: RB.BackUp-Config
# comment="R+: ( RB.BackUp-Config )"
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550
length=494ms;}).
# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-Config”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]
:local MACList “”; :local IPList “”;
:foreach x in=[/interface find] do={:set MACList ($MACList.”(“.[$AddCToLen
[/interface get $x name] "Der." " " 12].” – “.[$AddCToLen [/interface get $x mac-
address] "Der." " " 18].” – “.[$AddCToLen [/interface get $x comment] "Der." " "
50].” – Disable=“.[$AddCToLen [/interface get $x disabled] "Der." " " 5].”)\r\
n“);};
:foreach x in=[/ip address find] do={:set IPList ($IPList.”(“.[$AddCToLen [/ip
address get $x interface] "Der." " " 12].” – “.[$AddCToLen [/ip address get $x
address] "Der." " " 18].” – “.[$AddCToLen [/ip address get $x comment] "Der." " "
50].” – Disable=“.[$AddCToLen [/ip address get $x disabled] "Der." " " 5].”)\r\
n“);};
# -----------------------------------------------
:local Name ([/system resource get board-name].”[01].backup”);
/system backup save name=$Name dont-encrypt=no encryption=aes-sha256
password=”xxx”; :delay 2s; :local Subjet (([/user get [find name=user(x)]
comment]).([pick ([/system scrip get [find name=”RB.BackUp-Config”] comment]) 4
([len ([/system scrip get [find name=”RB.BackUp-Config”] comment])])])); /tool e-
mail send to="[email protected]" subject=$Subjet body=“System : ($[/system
identity get name]) \r\nFecha : ($[/system clock get date]) \r\nHora
: ($[/system clock get time]) \r\nModelo : ($[/system resource get board-
name]) \r\nIPWAN1 : ($[/ip address get [find comment~”TELCO.2.2.2.x”] value-
name=address] \r\nEtherAux : ($[/ip address get [find comment~”EMERGENCY1”]
value-name=interface]) \r\nIPEtherAux : ($[/ip address get [find
comment~”EMERGENCY1”] value-name=address]) \r\n\r\nMAC.Rango :\r\n$MACList \r\
nIP.Rango :\r\n$IPList” file=$Name;}
# Nota: (Restore BackUp)
# 1- Actualizar Firmware (al menos, hasta v6.43).
# 2- Reset Config: /system reset-configuration no-defaults=yes skip-backup=yes
# 3- Copy BackUp.File into (/file) y buscar su (Password Encript).
# 4- Restore Config: /system backup load name=”CCR1012.backup”
# 5- Reset MAC Interface: /interface ethernet reset-mac-address [find];
# 6- Change MAC Interface: /interface ethernet set [find orig-mac-
address=X4:FA:6C:F5:82:E1] mac-address=AA:AA:AA:AA:AA:AA;

Actualización DDNS:
-------------------------------------------------------------------- [ INI ]
# Crear un script especifico y con distinto nombre, para cada WAN(x) a actualizar
(diferenciando los identificadores en DuckDNS) y agregarlos a una única tarea TP
(RB.IP-Change). En (https://www.duckdns.org/), ir a install seleccionar (identity y
mikrotik) copiar y pegar en un nuevo Script (DDNS.UpDate). Finalmente, cambiar
(interface=MATRIX) por (comment=WAN(x).[ (x) ]).
# RB.DDNSUpDate-WAN(x): ---------------------------------------------------------
# Name: RB.DDNSUpDate-WAN(x)
# comment="R+: ( RB.DDNSUpDate-WAN(x) )"
# --------------------------------------------------
:global actualIP value=[/ip address get [find where comment~”TELCO.2.2.2.x”] value-
name=address]; :global actualIP value=[:pick $actualIP -1 [:find $actualIP "/" -
1]]; :if ([:len [/file find where name=ipstore.txt]]<1) do={/file print
file=ipstore.txt where name=ipstore.txt; /delay delay-time=2; /file set ipstore.txt
contents="0.0.0.0";}; :global previousIP value=[/file get [find where
name=ipstore.txt] value-name=contents]; :if ($previousIP!=$actualIP) do={:log info
message=("[Try to Update DuckDNS]: a actual-IP ".$actualIP." - anterior-IP es ".
$previousIP);
# ------------------------
/tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt
address=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=("<<<
Token dado por duckdns >>>=".$actualIP);
# ------------------------
:delay 5s; :global lastChange value=[/file get [find where name=duckdns-result.txt]
value-name=contents]; :global previousIP value=$actualIP; /file set ipstore.txt
contents=$actualIP; :if ($lastChange="OK") do={:log warning message=("[DuckDNS
update successfull]: a actual-IP ".$actualIP);}; :if ($lastChange="KO") do={:log
error ("[Fail to update DuckDNS]: a actual-IP ".$actualIP);};};
# Nota: Alternativa+, (c/15-60s UDP.15252): (/ip cloud set ddns-enabled=yes;).
Actualización DDNS:
------------------------------------------------------------------- [ FIN ]

# RB.BackUp-Log (Email):
---------------------------------------------------------------
# Name: RB.BackUp-Log
# comment="R+: ( RB.BackUp-Log )"
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en Address-List (do={:beep frequency=550
length=494ms;}).
# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-Log”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]
:local MACList “”; :local IPList “”;
:foreach x in=[/interface find] do={:set MACList ($MACList.”(“.[$AddCToLen
[/interface get $x name] "Der." " " 12].” – “.[$AddCToLen [/interface get $x mac-
address] "Der." " " 18].” – “.[$AddCToLen [/interface get $x comment] "Der." " "
50].” – Disable=“.[$AddCToLen [/interface get $x disabled] "Der." " " 5].”)\r\
n“);};
:foreach x in=[/ip address find] do={:set IPList ($IPList.”(“.[$AddCToLen [/ip
address get $x interface] "Der." " " 12].” – “.[$AddCToLen [/ip address get $x
address] "Der." " " 18].” – “.[$AddCToLen [/ip address get $x comment] "Der." " "
50].” – Disable=“.[$AddCToLen [/ip address get $x disabled] "Der." " " 5].”)\r\
n“);};
# -----------------------------------------------
:local Name ([/system resource get board-name].”(Log)[01].txt”);
/log print file=$Name; :delay 2s;
# /system logging action set memory memory-lines=1; :delay 2s; # Borra all log
# /system logging action set memory memory-lines=1000; # Limita a 1000L
# -----------------------------------------------
:local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get
[find name=”RB.BackUp-Log”] comment]) 4 ([len ([/system scrip get [find
name=”RB.BackUp-Log”] comment])])])); /tool e-mail send [email protected]"
subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha
: ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\
nModelo : ($[/system resource get board-name]) \r\nIPWAN1 : ($[/ip
address get [find comment~”TELCO.2.2.2.x”] value-name=address] \r\nEtherAux :
($[/ip address get [find comment~”EMERGENCY1”] value-name=interface]) \r\
nIPEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-name=address])
\r\n\r\nMAC.Rango :\r\n$MACList \r\nIP.Rango :\r\n$IPList” file=$Name;};

# RB.IP-ChangeWAN(x):
-----------------------------------------------------------------
# Es aconsejable, al finalizar la tarea, remover las variables globales
(previousIP, lastChange y actualIP).
# Name: RB.IP-ChangeWAN(x)
# comment=”R+: ( RB.IP-ChangeWAN(x) )”
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550
length=494ms;}).
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.IP-ChangeWAN1”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]

# Establece IP.New:
----------------------------------------------------------------------
# -----------------------------------------------
# Función convierte IPv4 en número entero:
:local FIPaNr do={:local IPstr ($1."."); :local IPnum ""; :for x from=1 to=4
do={:set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :set IPstr ([:pick
$IPstr ([:find $IPstr "." 0]+1) [:len $IPstr]]);}; :return [:tonum $IPnum]};
# -----------------------------------------------
:local IniIP value=2.2.2.1; # sin ceros a la
izquierda
:local UltIP value=2.2.2.50; # sin ceros a la izquierda
# -----------------------------------------------
:local ActualIP value=[/ip address get [find comment~”TELCO.2.2.2.x”] value-
name=address];
:local ActualX value=[:pick $ActualIP -1 [:find $ActualIP "/" -1]];
<<< Mecanismo x descubrir la nueva IP >>>}; /ip address set [/ip address find
address=$ActualIP] address=$ActualX; :delay 2s;

# Actualiza DDNS:
------------------------------------------------------------------------
# /system script run RB.DDNSUpDate-WAN(x); :delay 3s; # UpDate DDNS.WAN(x)

# Envia Email informativo:


---------------------------------------------------------------
:local IntervaloT value=[/system scheduler get [find name=”TP (RB.IP-Change)”]
value-name=interval]; :global lastChange; :global QoSDropList; :local Subjet
(([/user get [find name=user(x)] comment]).([pick ([/system scrip get [find
name=”RB.IP-ChangeWAN(x)”] comment]) 4 ([len ([/system scrip get [find name=”RB.IP-
ChangeWAN(x)”] comment])])])); /tool e-mail send to="[email protected]" subject=$Subjet
body=“System : ($[/system identity get name]) \r\nFecha : ($[/system
clock get date]) \r\nHora : ($[/system clock get time]) \r\nIP.Actual :
($ActualX/24) \r\nDDNS.UpDate : ($lastChange) \r\nChange.Interv: ($IntervaloT) \r\
nIP.Pool : ($IniIP/24 - $UltIP/24) \r\nQoS.DropL : \r\n[$QoSDropList]”;
/system script environment remove [find name="previousIP"]; /system script
environment remove [find name="lastChange"]; /system script environment remove
[find name="actualIP"];};
# Nota: si bien, provoca un script error, aborta un script: /system script job
remove [/system script job find script=RB.IP-ChangeWAN(x)];

# RB.PromoXDay-Cheq:
-----------------------------------------------------------------
# Name: RB.PromoXDay-Cheq
# comment="C+: ( RB.PromoXDay-Cheq )"
# -----------------------------------------------
:local Mx
("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
:local DateAct ([/system clock get date]);
:local DiaAct ([pick $DateAct 4 6]);
:local MesActP ([pick $DateAct 0 3]);
:local MesAct ([find $Mx $MesActP -1]+1);
:local AnioAct ([pick $DateAct 7 11]);
:local DatePromo;
:local DiaPromo;
:local MesPromo; # No olvidar el (0) a la izquierda para
(<10).
:local AnioPromo;
:local Comment;
:local QSName;
:local CTimePromo;
:local IPPromo;
:if ($MesAct<10) do={:set MesAct (“0”.$MesAct);};
:set DateAct ($AnioAct.$MesAct.$DiaAct);
:local DateActF ($DiaAct.”/”.$MesAct.”/”.([pick $AnioAct 2 4]));
:log info message=("[RB.PromoXDay-Cheq (INI)]");
:foreach x in=[/ip firewall address-list find (list=”C-PROMOXDCLIENT.List” and !
disabled)] do={:set IPPromo ([/ip firewall address-list get $x address]); :set
CTimePromo ([/ip firewall address-list get $x creation-time]); :set Comment ([/ip
firewall address-list get $x comment]); :set DiaPromo ([pick $Comment ([find
$Comment “expira”]+11) ([find $Comment “expira”]+13)]); :set MesPromo ([pick
$Comment ([find $Comment “expira”]+14) ([find $Comment “expira”]+16)]); :set
AnioPromo ([pick $Comment ([find $Comment “expira”]+17) ([find $Comment “expira”]
+21)]); :set DatePromo ($AnioPromo.$MesPromo.$DiaPromo); :if ([tonum
$DateAct]>[tonum $DatePromo]) do={/ip firewall address-list set $x list=”C-
CLIENTDROP.List”; :set QSName ([/queue simple get [find target=($IPPromo."/32")]
value-name=name]); :set QSName ([pick $QSName 0 ([find $QSName “::”]+3)].$DateActF.
[pick $QSName ([find $QSName “::”]+11) [len $QSName]]); /queue simple set [find
target=($IPPromo."/32")] name=(“S: ”.$QSName); /queue simple set [find
target=($IPPromo."/32")] disable=yes; :log warning message=("[RB.PromoXDay-Cheq
(Expire: $QSName) – ($DateAct > $DatePromo)]"); :global TelegramMessage
(“[RB.PromoXDay-Cheq (Expire: $QSName) – ($DateAct>$DatePromo)]”); /system script
run RB.Telegram-MessageAlert;}};

...

RouterOS.Script (Basic 02-02)


...

# RB.QoSChange% (Empty):
------------------------------------------------------------
# Name: RB.QoSChange% (Empty)
# comment="Rx: ( RB.QoSChange% (Empty) )"
# -----------------------------------------------
:local Comment;
# ------------------------------------------------------
/queue tree disable [/queue tree find]; # All QueueTree.Rule
disabled
/ip firewall mangle disable [/ip firewall mangle find]; # All Mangle.Rule
disabled
# ------------------------------- [QoS.Mangle-Stat: (Empty)]
:foreach x in=[/ip firewall mangle find] do={:set Comment ([pick ([/ip firewall
mangle get $x comment]) 0 ([find ([/ip firewall mangle get $x comment]) “::”]+3)]);
/ip firewall mangle set $x comment=($Comment);};
# ------------------------------- [QoS.QT-Stat: (Empty)]
:foreach y in=[/queue tree find] do={:set Comment ([pick ([/queue tree get $y
comment]) 0 ([find ([/queue tree get $y comment]) “::”]+3)]); /queue tree set $y
limit-at=0; /queue tree set $y max-limit=0; /queue tree set $y
comment=($Comment);};
# ------------------------------------------------------
/queue tree reset-counters-all; # Reset all QueueTree
contadores
/ip firewall mangle reset-counters-all; # Reset all Mangle
contadores
:foreach i in=[/queue tree find (comment~”C\\+: ”)] do={[/queue tree set $i
disable=no];}; # QueueTree.Rule (Comment~C+) enabled
:foreach i in=[/ip firewall mangle find (comment~”C\\+: ”)] do={[/ip firewall
mangle set $i disable=no];}; # Mangle.Rule (Comment~C+) enabled

# RB.QoSChange% (xBytes): ---------------------------------------------- [ x


Bytes ]
# Name: RB.QoSChange% (xBytes)
# comment="Rx: ( RB.QoSChange% (xBytes) )"
# Limite para /queue tree max-limit=(4294M)
# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# -----------------------------------------------
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en address-list.
# ------------------------------------------------------
:local MinLimitAt 512; # (no usado) Minimo limit-at para (QT.Bytes=0)
:local MinRate 256; # (no usado) Minimo rate para
(QT.Rate=0)
:local PLimitAt 75; # % limit-at (75%) de
max-limit
:local PWAN 25; # % WAN.max-limit (25%) de LANs.max-limit
:local ABMTLAN1 140; # AB.Max de Dw (en Mbps) x RB.LAN1
:local ABMTLAN2 80; # AB.Max de Dw (en Mbps) x RB.LAN2
:local ABMTLAN3 0; # AB.Max de Dw (en Mbps) x RB.LAN3
:local ABMTWAN1 ((($ABMTLAN1+$ABMTLAN2+$ABMTLAN3)*$PWAN)/100); # AB.Max de Up x
RBX.WAN1
# ------------------------------------------------------
:local AuxSMPacket;
:local AuxSQTEtherA;
:local AuxSQTEtherD;
:local PCalc;
:local Comment;
:local BytesAEtherX;
:local BytesDEtherX;
:local RateAEtherX;
:local RateDEtherX;
:local MPacket “”;
# M.packet
:local MPBytes 0; #
M.bytes del paquete
:local LimitAt 0;
:local MaxLimit 0;
# ------------------------------------------------------
/queue tree disable [/queue tree find]; # All QueueTree.Rule
disabled
/ip firewall mangle disable [/ip firewall mangle find]; # All Mangle.Rule
disabled
# ------------------------------- [QoS.Mangle-Stat: (SMPacket, TMPBytes)]
:global SMPacket “”; # Str,
M.packet”=”bytes”*”
:local TMPBytes 0; # Sumatoria (M.bytes) x all
paquetes
:foreach x in=[/ip firewall mangle find (action=mark-packet)] do={:set MPBytes
([/ip firewall mangle get $x bytes]); :set TMPBytes ($TMPBytes+$MPBytes); :set
MPacket ([/ip firewall mangle get $x new-packet-mark]); :if ([/queue tree find
(packet-mark=$MPacket)]!=””) do={:set SMPacket ($SMPacket.$MPacket.”=”.
$MPBytes.”*”);} else={:log error message=(”[QoS.Error (MangleRule inexistente en
QT): $MPacket]”);}};
# ------------------------------- [Mangle-Rule.SetComment%]
:set AuxSMPacket ($SMPacket); :while ([len $AuxSMPacket]>0) do={:set MPacket ([pick
$AuxSMPacket 0 ([find $AuxSMPacket ”=”])]); :set MPBytes ([pick $AuxSMPacket ([find
$AuxSMPacket ”=”]+1) ([find $AuxSMPacket ”*”])]); :set Comment ([/ip firewall
mangle get value-name=comment [find new-packet-mark=$MPacket]]); :set PCalc
(([:tonum $MPBytes]*100)/[:tonum $TMPBytes]); :if (([len $Comment]-[find $Comment
“::”])<145) do={/ip firewall mangle set [find new-packet-mark=$MPacket]
comment=($Comment.([$AddCToLen ([:tostr $PCalc]) "Izq." "0" 2])."%");} else={/ip
firewall mangle set [find new-packet-mark=$MPacket] comment=(([:pick $Comment 0
([:find $Comment “::”]+3)]).([$AddCToLen ([:tostr $PCalc]) "Izq." "0"
2])."%");}; :set AuxSMPacket ([pick $AuxSMPacket ([find $AuxSMPacket ”*”]+1) [len
$AuxSMPacket]]);};
# Nota: (145=48hs scheduler.1h).
# ------------------------------------------------------ [QoS.QT-Stat]
:global SQTPacket “”; # Str, QT.packet (ID”=”bytes” ”ID”=”bytes“ ”…)”*”
# Nota: Los SQTEtherX, guardan totales por interfaces (RB.Act y RB.Disp).
:set AuxSMPacket ($SMPacket); :while ([len $AuxSMPacket]>0) do={:set MPacket ([pick
$AuxSMPacket 0 ([find $AuxSMPacket ”=”])]); :set SQTPacket ($SQTPacket.$MPacket.”
(“); :foreach y in=[/queue tree find (packet-mark=$MPacket)] do={:set SQTPacket
($SQTPacket.([/queue tree get $y name]).”=“.([/queue tree get $y
bytes]).”+“.([/queue tree get $y rate]).” “);}; :set SQTPacket
($SQTPacket.”)*“); :set AuxSMPacket ([pick $AuxSMPacket ([find $AuxSMPacket ”*”]+1)
[len $AuxSMPacket]]);};
# ------------------------------------------------------ [QoS.QT-ChangeStat]
:global SQTEtherA “”; # Str, {QT.name: ID[0-6].Abu}”=”bytes”+”rate”*”
:global SQTEtherD (“010000=$($ABMTWAN1*1000000)+0*020000=$
($ABMTLAN1*1000000)+0*030000=$($ABMTLAN2*1000000)+0*040000=$
($ABMTLAN3*1000000)+0*”); # AB.Disp (xEtherX.Ordenada).: Str, {QT.name: ID[0-
6].Abu}”=”bytes”+”rate”*”
:foreach y in=[/queue tree find (name~”0000”)] do={:set SQTEtherA ($SQTEtherA.
([pick ([/queue tree get $y name]) 0 6]).”=“.([/queue tree get $y
bytes]).”+“.([/queue tree get $y rate]).”*”);};
# ------------------------------------------------------ [QoS.Email-Stat]
:if (([len $SQTPacket]+[len $SMPacket]+29)<=4000) do={:if ([len [/file find
name=”qtstat.txt”]]=0) do={/file print file=”qtstat.txt”; :delay 2s; /file set
[find name=”qtstat.txt”] contents="";}; :if (([/file get [/file find
name=”qtstat.txt”] value-name=size]+[len $SQTPacket]+[len $SMPacket]+29)>4000) do={
# ----------------------------------------------- [Test.Connection]
:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.QoS-Stat”]=”OK”) do={
# ----------------------------------------------- [Test.Connection]
:local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get
[find name=”RB.QoSChange% (xBytes)”] comment]) 4 ([len ([/system scrip get [find
name=”RB.QoSChange% (xBytes)”] comment])])])); /tool e-mail send to="[email protected]"
subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha
: ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\
nModelo : ($[/system resource get board-name])” file=qtstat.txt; :delay 5s;};
/file set [find name=”qtstat.txt”] contents="";}; /file set ”qtstat.txt”
contents=([/file get ”qtstat.txt” contents].”SMPacket:\r\n$SMPacket\r\n\r\
nSQTPacket:\r\n$SQTPacket\r\n\r\n”);} else={:log error message=(”[QoS.Error
(Registro>4k, imposible enviar en un solo email)]”);};
# ------------------------------------------------------
:set AuxSQTEtherA ($SQTEtherA); :set AuxSQTEtherD ($SQTEtherD); :foreach y
in=[/queue tree find] do={:if (!([/queue tree get $y name]~”0000”)) do={:set
Comment ([/queue tree get $y comment]); :set PCalc (([/queue tree get $y
bytes]*100)/[:tonum $BytesAEtherX]); :set MaxLimit ([tonum
(($PCalc*$BytesDEtherX)/100)]); :set LimitAt ([tonum (($MaxLimit*$PLimitAt)/100)]);
/queue tree set $y limit-at=0; /queue tree set $y max-limit=0; /queue tree set $y
max-limit=($MaxLimit); /queue tree set $y limit-at=($LimitAt);
# ------------------------------- [QT-Rule.SetComment%]
:if (([len $Comment]-[find $Comment “::”])<144) do={/queue tree set $y
comment=($Comment.([$AddCToLen ([:tostr $PCalc]) "Izq." "0" 2])."%");} else={/queue
tree set $y comment=(([:pick $Comment 0 ([:find $Comment “::”]+3)]).([$AddCToLen
([:tostr $PCalc]) "Izq." "0" 2])."%");};
# -------------------------------
} else={:set BytesAEtherX ([tonum [pick $AuxSQTEtherA ([find $AuxSQTEtherA “=”]+1)
([find $AuxSQTEtherA “+”])]]); :set RateAEtherX ([tonum [pick $AuxSQTEtherA ([find
$AuxSQTEtherA “+”]+1) ([find $AuxSQTEtherA “*”])]]); :set AuxSQTEtherA ([pick
$AuxSQTEtherA ([find $AuxSQTEtherA “*”]+1) [len $AuxSQTEtherA]]); :set BytesDEtherX
([tonum [pick $AuxSQTEtherD ([find $AuxSQTEtherD “=”]+1) ([find $AuxSQTEtherD
“+”])]]); :set RateDEtherX ([tonum [pick $AuxSQTEtherD ([find $AuxSQTEtherD “+”]+1)
([find $AuxSQTEtherD “*”])]]); :set AuxSQTEtherD ([pick $AuxSQTEtherD ([find
$AuxSQTEtherD “*”]+1) [len $AuxSQTEtherD]]); /queue tree set $y limit-at=0; /queue
tree set $y max-limit=0; /queue tree set $y max-limit=($BytesDEtherX); /queue tree
set $y limit-at=(($BytesDEtherX*$PLimitAt)/100);};};
# Nota: Desestimo los (QT.Bytes=0), puesto que, serán acotados al consumir.
# ------------------------------------------------------
/system script environment remove [find name="PWAN"];
/system script environment remove [find name="PLimitAt"];
/system script environment remove [find name="SMPacket"];
/system script environment remove [find name="SQTPacket"];
/system script environment remove [find name="SQTEtherA"];
/system script environment remove [find name="SQTEtherD"];
/queue tree reset-counters-all; # Reset all QueueTree
contadores
/ip firewall mangle reset-counters-all; # Reset all Mangle
contadores
:foreach i in=[/queue tree find (comment~”C\\+: ”)] do={[/queue tree set $i
disable=no];}; # QueueTree.Rule (Comment~C+) enabled
:foreach i in=[/ip firewall mangle find (comment~”C\\+: ”)] do={[/ip firewall
mangle set $i disable=no];}; # Mangle.Rule (Comment~C+) enabled
# ------------------------ (Comando alternativo de habilitación, si fuese total)
# /queue tree enable [/queue tree find]; # All QueueTree.Rule enabled
# /ip firewall mangle enable [/ip firewall mangle find]; # All MangleRule enabled
# Nota: (considerar QueueTree.Rate (tasa promedio de transferencia), en el calculo
de mark-pack.%).

# RB.QoSChange% (xDropBytes): ----------------------------------- [ x DropBytes ]


# Name: RB.QoSChange% (xDropBytes)
# comment="Cx: ( RB.QoSChange% (xDropBytes) )"
# Limite para /queue tree max-limit=(4294M)
# ---------------------------------------------------
:global QoSDropList; # Dejar public y no remover x email
diario
:local QoSDropName;
:local Increment 0;
:local TIncrement 0;
:local PIncMaxLimit 10; # %.Inc de
(max-limit)
:local MaxLimit;
:local LimitAt;
:local Comment;
:local NroRegla;
:local DLAux;
:local DLRest;
:local TDrop;
:local NodoID;
:local CountProcc 0;
:foreach x in [/system script job find (script="RB.QoSChange% (xDropBytes)")] do
{:set CountProcc ($CountProcc+1);}; # Cant de éste proc activos
:if ($CountProcc=1) do={:foreach x in=[/queue tree find (dropped>1000)] do={:set
QoSDropName ([/queue tree get $x name]); :set MaxLimit ([/queue tree get [find
name=$QoSDropName] value-name=max-limit]); :set LimitAt ([/queue tree get [find
name=$QoSDropName] value-name=limit-at]); :set Comment ([/queue tree get [find
name=$QoSDropName] value-name=comment]); :set Increment
(($MaxLimit*$PIncMaxLimit)/100); :if ($Increment<1000) do={:set Increment (1000);};
:if ($MaxLimit+$Increment<4294000000) do={:if ($QoSDropList~$QoSDropName) do={:set
DLAux ($QoSDropList); :set QoSDropList ([pick $QoSDropList 0 ([find $QoSDropList
$QoSDropName]-1)]); :set DLAux ([pick $DLAux ([find $DLAux $QoSDropName]-1) [len
$DLAux]]); :set DLRest ([pick $DLAux ([find $DLAux ”)”]+1) [len $DLAux]]); :set
TDrop ([tonum ([pick $DLAux ([find $DLAux “=”]+1) ([find $DLAux “+”]-1)])]); :set
TDrop ([tostr ($TDrop+(([/queue tree get $x dropped])/1000))].”k”); :set TIncrement
([tonum ([pick $DLAux ([find $DLAux “+”]+1) ([find $DLAux “)”]-1)])]); :set
TIncrement ([tostr ($TIncrement+(($Increment)/1000))].”k”); :set QoSDropList
($QoSDropList.”(“.$QoSDropName.”=”.$TDrop.”+”.$TIncrement.”)”.$DLRest);} else={:set
TDrop ([tostr (([/queue tree get $x dropped])/1000)].”k”); :set TIncrement ([tostr
(($Increment)/1000)].”k”); :set QoSDropList ($QoSDropList.”(“.($QoSDropName).”=”.
$TDrop.”+”.$TIncrement.”)”);}; /queue tree set [find name=$QoSDropName] max-
limit=($MaxLimit+$Increment); /queue tree set [find name=$QoSDropName] limit-
at=($LimitAt+$Increment); :if ([pick $QoSDropName 4 6]!=”00”) do={:set NodoID
([pick $QoSDropName 0 4].”00”); :set MaxLimit ([/queue tree get [find name~$NodoID]
value-name=max-limit]); :set LimitAt ([/queue tree get [find name~$NodoID] value-
name=limit-at]); /queue tree set [find name~$NodoID] max-limit=($MaxLimit+
$Increment); /queue tree set [find name~$NodoID] limit-at=($LimitAt+
$Increment);}; :set NodoID ([pick $QoSDropName 0 2].”0000”); :set MaxLimit ([/queue
tree get [find name~$NodoID] value-name=max-limit]); :set LimitAt ([/queue tree get
[find name~$NodoID] value-name=limit-at]); /queue tree set [find name~$NodoID] max-
limit=($MaxLimit+$Increment); /queue tree set [find name~$NodoID] limit-
at=($LimitAt+$Increment); :set NroRegla ([tonum [pick $Comment 0 3]]-1); /queue
tree reset-counters numbers=($NroRegla);} else={:log error message=("[RB.QoSChange%
(xDropBytes), QT.Name: (".($QoSDropName).") – QT.DropBytes: (".([/queue tree get $x
dropped]).")]");}}};
# /system script environment remove [find name="QoSDropList"];
# Nota: /queue tree reset-counters-all (resetea all contadores x next-Tarea).

# RB.QoSChange% (xRate): ------------------------------------------------ [ x


Rate ]
# Name: RB.QoSChange% (xRate)
# comment="Rx: ( RB.QoSChange% (xRate) )"
# Limite para /queue tree max-limit=(4294M)
# ------------------------------------------------------
:local PMaxLimit 25; # % incremento de max-limit respecto de rate
:local QoSName;
:local RateX 0;
:local LimitAt 0;
:local MaxLimit 0;
# ------------------------------------------------------
/queue tree disable [/queue tree find]; # All QueueTree.Rule
disabled
/ip firewall mangle disable [/ip firewall mangle find]; # All Mangle.Rule
disabled
# ------------------------------------------------------
:foreach x in=[/queue tree find] do={:set QoSName ([/queue tree get $x name]); :set
RateX ([/queue tree get $x rate]); :if ($RateX>0) do={:set LimitAt ($RateX); :set
RateX ($RateX+(($RateX*$PMaxLimit)/100)); :if ($RateX<4294000000) do={/queue tree
set $x limit-at=0; /queue tree set $x max-limit=0; /queue tree set $x max-
limit=($RateX); /queue tree set $x limit-at=($LimitAt);} else={:log error
message=("[RB.QoSChange% (xRate), QT.Name: (".($QoSName).") – QT.Rate: (".([/queue
tree get $x rate]).")]");}}};
# ------------------------------------------------------
:foreach i in=[/queue tree find (comment~”C\\+: ”)] do={[/queue tree set $i
disable=no];}; # QueueTree.Rule (Comment~C+) enabled
:foreach i in=[/ip firewall mangle find (comment~”C\\+: ”)] do={[/ip firewall
mangle set $i disable=no];}; # Mangle.Rule (Comment~C+) enabled
# ------------------------ (Comando alternativo de habilitación, si fuese total)
# /queue tree enable [/queue tree find]; # All QueueTree.Rule enabled
# /ip firewall mangle enable [/ip firewall mangle find]; # All MangleRule enabled

#
-----------------------------------------------------------------------------------
[INI]
# -------------------------------- [TOOLS/Netwatch]
---------------------------------
#
-----------------------------------------------------------------------------------
--------

# Alert.LinkChange (ISP.Link): ------------------------------------------


[NetWatch]
# Name: Alert.LinkChange-ISPLink
# comment="R: ( Alert.LinkChange-ISPLink )"
# --------------------------------------------------- [ x RB.BGP ]
/tool netwatch add down-script="global TelegramMessage \"[Enlace.ST-AP
(DW)]\"; :log error message=(\"[Enlace.ST-AP (DW)]\");\r\n/system script run
RB.Telegram-MessageAlert" host=xxx.duckdns.org interval=1m up-script="global
TelegramMessage \"[Enlace.ST-AP (UP)]\"; :log warning message=(\"[Enlace.ST-AP
(UP)]\");\r\n/system script run RB.Telegram-MessageAlert" comment=("R:
( Netwhatch.Enlace [ ST-AP ] )") disable=yes;

#
-----------------------------------------------------------------------------------
[FIN]
# -------------------------------- [TOOLS/Netwatch]
---------------------------------
#
-----------------------------------------------------------------------------------
--------

# Alert.LinkChange (RBLink):
-----------------------------------------------------------
# ------------------------------------------------------------- [Independiente del
script]
:global AntFlagDDNS01 (“OK”); # No copiar dentro del script
:global AntFlagDDNS02 (“OK”); # No copiar dentro del script
:global AntFlagDDNS03 (“OK”); # No copiar dentro del script
# ------------------------------------------------------------- [Independiente del
script]
# Name: Alert.LinkChange-RBLink
# comment="R: ( Alert.LinkChange-RBLink )"
# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)
:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local
MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP
(false); :if ([/ip firewall address-list find (address=$1 and list=”A-
ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-
ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;}
else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and
list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall
address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP
(true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2)
do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set
PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable
[/ip firewall address-list find (address=$1)];}; :set PLoss (100-
(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]:
latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms
) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4)
do={:log info message=($LogMsg); :return (“OK”)} else={:log error
message=($LogMsg); :return (“KO”)}};
# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550
length=494ms;}).
# ---------------------------------------------------
:local FlagDDNS01 ([$TestConn ([resolve "xxx-1.duckdns.org"]) 10 30 100 XXX
”RB.AlertLinkChange”]=”OK”);
:local FlagDDNS02 ([$TestConn ([resolve "xxx-2.duckdns.org"]) 10 30 100 XXX
”RB.AlertLinkChange”]=”OK”);
:local FlagDDNS03 ([$TestConn ([resolve "xxx-3.duckdns.org"]) 10 30 100 XXX
”RB.AlertLinkChange”]=”OK”);
:if ($FlagDDNS01!=$AntFlagDDNS01) do={:if ($FlagDDNS01=”KO”) do={:global
TelegramMessage (“[ xxx-R1.DuckDNS.org (DW) ]”); :log error message=("[xxx-
R01.DuckDNS.org (DW)]"); /system script run RB.Telegram-MessageAlert;}
else={:global TelegramMessage (“[xxx-R1.DuckDNS.org (UP)]”); :log error
message=("[xxx-R01.DuckDNS.org (UP)]"); /system script run RB.Telegram-
MessageAlert;}};
:if ($FlagDDNS02!=$AntFlagDDNS02) do={:if ($FlagDDNS02=”KO”) do={:global
TelegramMessage (“[xxx-R2.DuckDNS.org (DW)]”); :log error message=("[xxx-
R02.DuckDNS.org (DW)]"); /system script run RB.Telegram-MessageAlert;}
else={:global TelegramMessage (“[xxx-R2.DuckDNS.org (UP)]”); :log error
message=("[xxx-R02.DuckDNS.org (UP)]"); /system script run RB.Telegram-
MessageAlert;}};
:if ($FlagDDNS03!=$AntFlagDDNS03) do={:if ($FlagDDNS03=”KO”) do={:global
TelegramMessage (“[xxx-R3.DuckDNS.org (DW)]”); :log error message=("[xxx-
R03.DuckDNS.org (DW)]"); /system script run RB.Telegram-MessageAlert;}
else={:global TelegramMessage (“[xxx-R3.DuckDNS.org (UP)]”); :log error
message=("[xxx-R03.DuckDNS.org (UP)]"); /system script run RB.Telegram-
MessageAlert;}};
:global AntFlagDDNS01 ($FlagDDNS01); :global AntFlagDDNS02 ($FlagDDNS02); :global
AntFlagDDNS03 ($FlagDDNS03);

# RB.Telegram-MessageAlert:
-----------------------------------------------------------
# Name: RB.Telegram-MessageAlert
# comment="R: ( RB.Telegram-MensageAlert )"
# --------------------------------------------------- [Telegram proccess]
# Find: @botfather (/newbot, ej: xxx_telegram_bot, vci_telegram_bot)
# Copy.BotID: (ej: <<< Paste1 >>>)
# Create Grup: (ej: xxx.Chat, add vci_telegram_bot, find and add @getidbot)
# Copy.ChatID: (ej: <<< Paste2 >>>)
# ------------------------------------------------------------ [Copy-Paste en
consola]
/system script add dont-require-permissions=yes name=RB.Telegram-MessageAlert
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#
Name: RB.Telegram-MessageAlert\r\n# comment=\"R: ( RB.Telegram-MensageAlert )\";\r\
n# --------------------------------------------------- [Telegram proccess]\r\n#
Find: @botfather (/newbot, xxx_telegram_bot, vci_telegram_bot)\r\n# Copy.BotID:
(ej: <<< Paste1 >>>)\r\n# Create Grup: (ej: xxx.Chat, add vci_telegram_bot, find
and add @getidbot)\r\n# Copy.ChatID: (ej: <<< Paste2 >>>)\r\n#
------------------------------------------------------------------------------\r\
n:global TelegramMessage;\r\n:local BotID (\"<<< Paste1 >>>\");\r\n:local ChatID
(\"<<< Paste2 >>>\”);\r\n:if (\$TelegramMessage!=\"\") do={\r\n /tool fetch
url=\"https://api.telegram.org/bot\$BotID/sendMessage\?chat_id=\$ChatID&text=\
$TelegramMessage\" keep-result=no\r\n}; /system script environment remove [find
name=\"TelegramMessage\"];" comment=("R: ( Telegram.MensageAlert )");
# Nota: al Telegram.Bot (URL.Limit), no acepta ni tildes ni Special.Chars. Some
Special.Chars, pueden enviarse via Telegram.Bot (URL), por ej.: (\$\?).

# RB.Winbox-SharedOFF (x PKnocking): ----------------------------------------------


# Name: RB.Winbox-SharedOFF
# comment="R: RB.Winbox-SharedOFF" # verificar que user(x), sea (0)
:if ([/user get 0 name]~”xxx” and [/user get 0 disable]=no) do={/user set 1
disable=yes; /user set 2 disable=yes;} else={:log error message=("[Error, en la
secuenciacion de Users]”);};
:foreach x in=[/ip firewall filter find (comment~”<:”)] do={/ip firewall filter set
$x disable=yes;};
:foreach x in=[/ip firewall filter find (comment~”*:”)] do={/ip firewall filter set
$x disable=yes;};
:if ([len $WinboxP]>0 and [len $Api]>0) do={/ip service set winbox
port=$WinboxP; /ip service set api port=$ApiP;} else={/ip service set winbox
port=3335; /ip service set api port=3336;}
/system script environment remove [find name="WinboxP"]; /system script environment
remove [find name="ApiP"];

# RB.Winbox-SharedON (x PKnocking.Special): -------------------------------------


# Name: RB.Winbox-SharedON(SPKnocking) # verificar que user(x), sea (0)
# comment="R: RB.Winbox-SharedON (SPKnocking)"
:if ([/user get 0 name]~”xxx” and [/user get 0 disable]=no) do={/user set 1
disable=no; /user set 2 disable=no;} else={:log error message=("[Error, en la
secuenciacion de Users]”);};
:foreach x in=[/ip firewall filter find (comment~”<:”)] do={/ip firewall filter set
$x disable=no;};
:global WinboxP ([/ip service get [find (name=”winbox”)] port]);
:global ApiP ([/ip service get [find (name=”api”)] port]);
/ip service set winbox port=3333; /ip service set api port=3334;
# Nota: x motivos de retrocompatibilidad, uso las var.globales (WinboxP y ApiP).

# RB.Winbox-SharedON (x Port.Special):
---------------------------------------------
# Name: RB.Winbox-SharedON(SPort) # verificar que user(x), sea (0)
# comment="R: RB.Winbox-SharedON (SPort)"
:if ([/user get 0 name]~”xxx” and [/user get 0 disable]=no) do={/user set 1
disable=no; /user set 2 disable=no;} else={:log error message=("[Error, en la
secuenciacion de Users]”);};
:foreach x in=[/ip firewall filter find (comment~”*:”)] do={/ip firewall filter set
$x disable=no;};
:global WinboxP ([/ip service get [find (name=”winbox”)] port]);
:global ApiP ([/ip service get [find (name=”api”)] port]);
/ip service set winbox port=3333; /ip service set api port=3334;
# Nota: x motivos de retrocompatibilidad, uso las var.globales (WinboxP y ApiP). x
secuenciación de mí (Firewall), sin +reglas, no puedo evitar usar algunos (port).

-------------------------------------------------------------------------------
[ FIN ]
-----------------------------------------------------------------------------------
-----
----------------------------- Scripts (basicos):
-------------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----

RouterOS.Script (Accesorios 01-01)


-------------------------------------------------------------------------------
[ INI ]
-----------------------------------------------------------------------------------
-----
--------------------------- Scripts (accesorios):
-----------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----
QueueSimple.LANDivision: ------------------------------------------------ [ INI ]
# Esquema general para (QueueSimple.LANDivision): ---------------------------------
# Establecer (IP.NewLAN) en especifica (RB.Interface).
# Run: QueueSimple.Add255 y AddressList.Add255.
# Modificar QueueSimple-Admin(36-40).Name, QueueSimple-DNS1.Name.
# Remove C-CLIENTDROP.List(DNS1).
# Marcar QueueSimple.OldLAN a clonar: (dos opciones)
# 1- Run: GuardaTXT (QueueSimple.LANDivision).
# Marcar cada línea de (LANDivision.txt) con (M{x}M), según corresponda.
# Run: RestauraTXT (QuequeSimple.LANDivision).
# 2- Marcar cada (QueueSimple.Name) con (#1), según corresponda.
# Run: Clona.Marcados (QueueSimple.LANDivision) (identifico clones con (#2)).
# Run: AddressList-ClientIP.ComentEmpty (limpio comentario de C-xx.List).
# Run: AddressList.IdentificaClient (Identifica.IPs limpias en Address-List).
# Run: AddressList.LANDivision (Remove.#2) (remove (#2) y !“S: ”).
# Modificar manualmente (Client-Router.Config), según corresponda (#1).
# Run: QueueSimple.LANDivision (Rename.#1) (Name (#1)=“_Libre…”).
# Run: AddressList.LANDivision (Add.#1) (Add.#1 y comment “( Libre )”).

# GuardaTXT (QueueSimple.LANDivision): ------------------------------------------


# ------------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local SubNet1 2; # Establecer redes a
dividir (1-2)
:local SubNet2 3; # Establecer redes a
dividir (2-2)
:local Plant (“M{}M - N{}N - I{}I”); # Patron de líneas
(LANDivision)
:local Body “”; # Opcional: copy-
paste en (TXT)
:local Nro 1;
:local Iter 1;
:local Name “---”;
:local IPx “…“;
:local Date ([/system clock get date]);
:local Time ([/system clock get time]);
:local File ("LANDivision (".[:pick $Date 7 11]."-".[:pick $Date 0 3]."-".[:pick
$Date 4 6]."-".[:pick $Time 0 2]."-".[:pick $Time 3 5]."-".[:pick $Time 6
8].”).txt”); #
File.Name de prueba
:local File ("LANDivision-01.txt”); # auto-Limitado a
4k=(4096b)
# ------------------------------------------------
/file remove [find name~"LANDivision"]; :delay 2s; # Dell All File (LANDivision)
/file print file=$File; :delay 2s; # Crea File
/file set [find name=$File] contents=""; # Borra contenido x def.
File-0X
# ------------------------------------------------
:foreach x in=[/queue simple find] do={:set IPx [:tostr ([/queue simple get $x
target])]; :set IPx ([:pick $IPx 0 ([:len $IPx]-3)]); :if (($SubNet1=([$FIPaOctX
$IPx 3])) or ($SubNet2=([$FIPaOctX $IPx 3]))) do={:set Name ([/queue simple get $x
name]); :set Name ([:pick $Name 0 26]); :set Plant (“M{}M - N{”.[$AddCToLen $Name
"Der." " " 26].”}N - I{”.(([$AddCToLen ([:tostr [$FIPaOctX $IPx 1]]) "Izq." “0"
3]).”.”.([$AddCToLen([:tostr [$FIPaOctX $IPx 2]]) "Izq." “0" 3]).”.”. ([$AddCToLen
([:tostr [$FIPaOctX $IPx 3]]) "Izq." “0" 3]).”.”.([$AddCToLen ([:tostr
[$FIPaOctX$IPx 4]]) "Izq." “0" 3])).“}I”); :if ($Iter<52) do={:set Iter ($Iter+1);}
else={:set Iter (1); :set Nro ($Nro+1); :set File ([:pick $File 0 ([find $File“-”
0]+1)].([$AddCToLen ([:tostr $Nro]) "Izq." “0" 2]).”.txt”); /file print file=$File;
:delay 2s; /file set [find name=$File] contents="";}; /file set
$Filecontents=([/file get $File contents].$Plant.”\r\n”); :set Body ($Body.”\r\n”.
$Plant);}};
#Nota: creara (05 files) por cada (255 Queue.Simple).

# RestauraTXT (QuequeSimple.LANDivision): --------------------------------------


# comment=”( RestauraTXT.QueueSimple-LANDivision )”
# ------------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return $1};
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local File ("LANDivision-”);
:local Body “---”;
:local Name “---”;
:local IPx “…”;
:local FileCant 10; # Establecer cantidad de files (LANDivision-
0X.txt)
:for x from=1 to=$FileCant step=1 do={:set File ([:pick $File 0 ([:find $File “-” -
1]+1)].([$AddCToLen ([:tostr $x]) "Izq." “0" 2]).”.txt”); :set Body([/file get
$File contents]); :while ([:find $Body “M{x}M” 0]>0) do={:set Body ([:pick $Body
([:find $Body “M{x}M” -1]+5) [:len $Body]]); :setIPx ([pick $Body ([:find $Body
“I{” -1]+2) ([:find $Body “}I” -1])]); :set IPx (([:tostr [$FIPaOctX $IPx 1]]).”.”.
([:tostr [$FIPaOctX $IPx 2]]).”.”.([:tostr [$FIPaOctX $IPx 3]]).”.”.([:tostr
[$FIPaOctX $IPx 4]])); :set Name ([/queue simple get value-name=name [find
target=($IPx."/32")]].”#1”); /queue simple set [find (target=($IPx."/32"))]
name=$Name;}}
# Nota: luego de comprobar, eliminar todos los files (LANDivision-0X.txt).

# Clona.Marcados (QueueSimple.LANDivision): ------------------------- [#1®#2]


# comment=”( Clona.Marcados (QueueSimple.LANDivision) )”
# ------------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# ------------------------------------------------
:local SubNetN 4; # Cambiar según (NewRed)
:local Octeto4N 50; # Establecer según cantidad de marcas (#1)
:local IPO;
:local IPN;
:local Name;
:local MaxLimit;
:local LimitAt;
:local BurstLimit;
:local BurstTime;
:local BurstThreshold;
:local Parent;
:local Queue;
:local Priority;
:foreach x in=[/queue simple find (name~”#1”)] do={:set IPO ([/queue simple get $x
target]); :set Name (([:pick ([/queue simple get $x name]) 0 ([:len [/queue simple
get $x name]]-1)])."2"); :set MaxLimit ([/queue simple get $x max-limit]); :set
LimitAt ([/queue simple get $x limit-at]); :setBurstLimit ([/queue simple get $x
burst-limit]); :set BurstTime ([/queue simple get $x burst-time]); :set
BurstThreshold ([/queue simple get $x burst-threshold]); :set Queue ([/queue simple
get $x queue]); :set Priority ([/queue simple get $x priority]); :set Parent
([/queue simple get $x parent]); :set IPN ((:tostr [$FIPaOctX $IPO 1]).”.”.(:tostr
[$FIPaOctX $IPO 2]).”.”. ($SubNetN).”.”. (:tostr [$Octeto4N])); /queue simple set
[find (target=($IPN."/32"))] name=$Name; /queue simple set [find
(target=($IPN."/32"))] max-limit=$MaxLimit; /queue simple set [find
(target=($IPN."/32"))] limit-at=$LimitAt; /queue simple set [find
(target=($IPN."/32"))] burst-limit=$BurstLimit; /queue simple set [find
(target=($IPN."/32"))] burst-time=$BurstTime; /queue simple set [find
(target=($IPN."/32"))] burst-threshold=$BurstThreshold; /queue simple set [find
(target=($IPN."/32"))] queue=$Queue; /queue simple set [find (target=($IPN."/32"))]
priority=$Priority; /queue simple set [find (target=($IPN."/32"))]
parent=$Parent; :set Octeto4N ($Octeto4N+1);}

# AddressList.LANDivision (Remove.#2):
----------------------------------------------
/ip firewall address-list remove [find (comment~"#2" and !(comment~"S: "))]; #
necesita de una previa limpia e identificación de IPs.

# AddressList.LANDivision (Add.#1):
---------------------------------------------------
:foreach x in=[/ip queue simple find (name~"#1")] do={/ip firewall address-list add
list=C-CLIENTDROP.List address=$x target; comment=”( Libre )”; disable=yes;}

QueueSimple.LANDivision (Rename.#1): ----------------------------------------------


# -----------------------------------------------
# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)
:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if
($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};
# -----------------------------------------------
# Función devuelve Octeto(x) de IP: (IP, NroOcteto)
:local FIPaOctX do={:local IPstr ($1."."); :local IPnum ""; :if ($2>1) do={:for x
from=1 to=($2-1) do={:set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len
$IPstr]])}}; :set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :return
[:tonum $IPnum]};
# -----------------------------------------------
:local y ”4”; #
cambiar según LAN
:local IPx;
:local Nombre “-”;
:foreach x in=[/ip queue simple find (name~"#1")] do={:set IPx ($x target); :set
Nombre ("_Libre 1.2.".[$AddCToLen $y "Izq." "0" 3].”.”.[$AddCToLen (:tostr
[$FIPaOctX $IPx 4]) "Izq." "0" 3]." [ 00000 :: __/__/__=__/__/__+__/__ ]");
disable=yes;}
# Nota: (Name.Len=25).

# Exportar Queue.Simple y ARP.List:


---------------------------------------------------
# /queue export file=QueueSimple.rsc
# /ip arp export file=ArpList.rsc

# Importar Queue.Simple y ARP.List:


---------------------------------------------------
# /import QueueSimple.rsc
# /import ArpList.rsc
QueueSimple.LANDivision: ------------------------------------------------ [ FIN ]

#
-----------------------------------------------------------------------------------
[INI]
# -------------------------------- [Protocolo BGP]
-------------------------------------
#
-----------------------------------------------------------------------------------
--------
# Reglas para (BGP):
--------------------------------------------------------------------
# Fundamentalmente, BGP (protocolo de router de pasarela externa: utiliza el puerto
179 TCP), conecta AS (sistemas autónomos: conjunto de redes/dispositivos bajo un
mismo dominio administrativo. Poseen, un bloque de IPv4/IPv6, que publican al resto
de AS, para poder ser alcanzados). Interconexion dentro de dominion
administrativos. Cada AS, tiene un ASN (numero de sistema autónomo). De (1 a 64511:
16b), reservados para uso público. De (64512 a 65534: 16b), para uso privado.
LACNIC, posee los ASN (4.0 a 4.1023). Las sesiones BGP, se establecen con otros
routers configurando (peers BGP). Los peers (pares BGP), son los routers vecinos
con los que comparto redes. (eBGP): si los peers vecinos pertenecen a otro AS (lo
utilizamos para conectarnos con roveedores de Internet u otras entidades que tengan
AS). (iBGP): si los peers vecinos pertenecen a nuestro AS (lo utilizamos para
distribuir rutas dentro de nuestro AS, generalmente iBGP se apoya en otro método de
ruteo (ruteo estátio, RIP, OSPF)). Algunos atributos conocidos son: Weight
("peso"), Local Preference ("preferencia local"), AS Path ("camino de AS"). Si dos
(peers), publican la misma ruta, se prioriza la de mayor peso (weight). Si dos
(routers) dentro de un mismo AS, permiten alcanzar las mismas rutas, se prioriza el
de mayor (local reference). BGP, utiliza el (as path) para que las redes destino se
alcancen tomando el camino que atraviese menos cantidad de AS. Bogons GBP servers:
(65332:888). Lista negra BGP servers (6549:666).

# ---------------------------------------------- (Constantes BGP)


:global BGPISP1IP30 10.1.1.10/30; # ARSAT-VCI.BGPIP30 (de ARSAT)
:global BGPISP2IP30 10.2.1.10/30; # TELCO-VCI.BGPIP30 (de TELCO)
:global BGPVCI1IP30 10.1.1.9/30; # VCI-ARSAT.BGPIP30 (de ARSAT)
:global BGPVCI2IP30 10.2.1.9/30; # VCI-TELCO.BGPIP30 (de TELCO)
# -----------------------
:global BGPISP1WAN “WAN1”; # ARSAT.BGPInterface (de ARSAT)
:global BGPISP2WAN “WAN1”; # TELCO.BGPInterface (de TELCO)
:global BGPVCI1WAN “WAN1”; # VCI-ARSAT.BGPInterface
:global BGPVCI2WAN “WAN2”; # VCI-TELCO.BGPInterface
# -----------------------
:global BGPISP1GW 10.10.100.1/22; # ARSAT.IPGW (de ARSAT)
:global BGPISP2GW 10.10.200.1/22; # TELCO.IPGW (de TELCO)
:global BGPVCI1GWA 192.168.252.1/24; # VCI.IPGWA
:global BGPVCI1GWB 192.168.253.1/23; # VCI.IPGWB
# -----------------------
:global BGPISP1LAN “LAN1”; # ARSAT.GWInterface (de ARSAT)
:global BGPISP2LAN “LAN1”; # TELCO.GWInterface (de TELCO)
:global BGPVCI1LANA “LAN1”; # VCI-ARSAT.GWAInterface
:global BGPVCI1LANB “LAN2”; # VCI-TELCO.GWBInterface
# -----------------------
:global BGPISP1ASN 64513; # ARSAT.ASN (de ARSAT)
:global BGPISP2ASN 64514; # TELCO.ASN (de TELCO)
:global BGPVCI1ASN 64515; # VCI.ASN
# -----------------------
:global BGPISP1IPP 10.100.12.0/22; # ARSAT.IPPublicadas (de ARSAT)
:global BGPISP2IPP 10.101.12.0/22; # TELCO.IPPublicadas (de TELCO)
:global BGPVCI1IPPA 192.168.252.0/24; # VCI.IPPublicadasA
:global BGPVCI1IPPB 192.167.252.0/23; # VCI.IPPublicadasB
# -------------------------------------------------
:global BGPISP1LBMAC 00:11:11:00:00:00; # ARSAT.LBMAC (de ARSAT)
:global BGPISP2LBMAC 00:11:22:00:00:00; # TELCO.LBMAC (de TELCO)
:global BGPVCI1LBMAC 00:11:55:00:00:00; # VCI.LBMAC
# -----------------------
:global BGPISP1LBIP 10.10.5.1; # ARSAT.LBIP (de ARSAT)
:global BGPISP2LBIP 10.10.5.2; # TELCO.LBIP (de TELCO)
:global BGPVCI1LBIP 10.10.5.5; # VCI.LBIP
# ----------------------- (si no uso: IP.LoopBack)
:global BGPISP1RID ([pick [tostr $BGPISP1IP30] 0 ([len [tostr $BGPISP1IP30]]-3)]);
# ARSAT-VCI.BGPRID de ARSAT)
:global BGPISP2RID ([pick [tostr $BGPISP2IP30] 0 ([len [tostr $BGPISP2IP30]]-3)]);
# TELCO-VCI.BGPRID (de TELCO)
:global BGPVCI1RID ([pick [tostr $BGPVCI1IP30] 0 ([len [tostr $BGPVCI1IP30]]-3)]);
# VCI-ARSAT.BGPRID (de ARSAT)
:global BGPVCI2RID ([pick [tostr $BGPVCI2IP30] 0 ([len [tostr $BGPVCI2IP30]]-3)]);
# VCI-TELCO.BGRID (de TELCO)

# GateWay.Border (VCI.BGP): ---------------------------- [switch (CISCO.3560G)]


# ------------------------------------------ (Estableciendo BGP.RIDs)
/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPVCI1LBMAC auto-mac=no
comment=”R+: BGP (BGP.VIC1LB Interface)” disable=yes;
/ip address add address=$BGPVCI1LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.VCI1LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPVCI1IP30 interface=$BGPVCI1WAN comment=”R+: BGP
(IPP/30, dispuesta x VCI1 x su S/R.BGP)” disable=yes;
/ip address add address=$BGPVCI2IP30 interface=$BGPVCI2WAN comment=”R+: BGP
(IPP/30, dispuesta x VCI2 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPVCI1GW interface=$BGPVCI1LAN comment=”R+: BGP (IPP/24,
dispuesta x VCI1 x su IP.GWA)” disable=yes;
/ip address add address=$BGPVCI2GW interface=$BGPVCI2LAN comment=”R+: BGP (IPP/23,
dispuesta x VCI1 x su IP.GWB)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPVCI1RID as=$BGPVCI1ASN comment=”R+: BGP
(VCI1.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.VCI-ARSAT” remote-address=$BGPISP1RID remote-
as=$BGPISP1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.ARSAT-VCI)” disable=yes;
# --------------------
/routing bgp peer add name=”BGP.VCI-TELCO” remote-address=$BGPISP2RID remote-
as=$BGPISP2ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.TELCO-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPVCI1IPPA synchronize=no comment=”R+: BGP
(IP.Pool de VCI1A)” disable=yes;
# --------------------
/routing bgp network add network=$BGPVCI1IPPB synchronize=no comment=”R+: BGP
(IP.Pool de VCI1B)” disable=yes;
# …

# GateWay.Border (ARSAT.BGP): ------------------------ [switch (CISCO.--------)]


/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPISP1LBMAC auto-mac=no
comment=”R+: BGP (BGP.ISP1LB Interface)” disable=yes;
/ip address add address=$BGPISP1LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.ISP1LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPISP1IP30 interface=$BGPISP1WAN comment=”R+: BGP
(IPP/30, dispuesta x ISP1 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPISP1GW interface=$BGPISP1LAN comment=”R+: BGP (IPP/22,
dispuesta x ISP1 x su IP.GW)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPISP1RID as=$BGPISP1ASN comment=”R+: BGP
(ISP1.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.ARSAT-VCI” remote-address=$BGPVCI1RID remote-
as=$BGPVCI1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.ARSAT-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPISP1IPP synchronize=no comment=”R+: BGP
(IP.Pool de ISP1)” disable=yes;
# …

# GateWay.Border (TELCO.BGP): ------------------------ [switch (CISCO.--------)]


/interface bridge add name=”BGP.LoopBack” admin-mac=$BGPISP2LBMAC auto-mac=no
comment=”R+: BGP (BGP.ISP2LB Interface)” disable=yes;
/ip address add address=$BGPISP2LBIP interface=”BGP.LoopBack” comment=”R+: BGP
(BGP.ISP2LB IP)” disable=yes;
# ------------------------------------------ (Estableciendo WAN.IPs)
/ip address add address=$BGPISP2IP30 interface=$BGPISP2WAN comment=”R+: BGP
(IPP/30, dispuesta x ISP2 x su S/R.BGP)” disable=yes;
# ------------------------------------------ (Estableciendo iBGP.GWs)
/ip address add address=$BGPISP2GW interface=$BGPISP2LAN comment=”R+: BGP (IPP/22,
dispuesta x ISP2 x su IP.GW)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Instances)
/routing bgp instance set 0 router-id=$BGPISP2RID as=$BGPISP2ASN comment=”R+: BGP
(ISP2.ASN)”;
# ------------------------------------------ (Estableciendo BGP.Peers)
/routing bgp peer add name=”BGP.TELCO-VCI” remote-address=$BGPVCI2RID remote-
as=$BGPVCI1ASN default-originate=if-installed comment=”R+: BGP (Estableciendo
relación con BGP.TELCO-VCI)” disable=yes;
# ------------------------------------------ (Estableciendo BGP.Networks)
/routing bgp network add network=$BGPISP2IPP synchronize=no comment=”R+: BGP
(IP.Pool de ISP2)” disable=yes;
# …
#
-----------------------------------------------------------------------------------
[FIN]
# -------------------------------- [Protocolo BGP]
-------------------------------------
#
-----------------------------------------------------------------------------------
--------

#
-----------------------------------------------------------------------------------
[INI]
# ------------------------------ [Protocolo Romon]
-----------------------------------
#
-----------------------------------------------------------------------------------
-------
# (Access via Leyer.2): aplicar en c/Route que use x alcanzar (Route.Dst) desde
(Route.Local=WinBox.RomonAgent).
/tool romon set enable=yes secrets=private; # Secret=password
/tool romon port add interface=LAN1 disable=no; # Add (interfaces-Romon)
/tool romon port set forbid=yes [find (interface=all)]; # Block (interfaces-Romon)
# /tool romon port remove [find interface=LAN1]; # Dell (interfaces-Romon)
#
-----------------------------------------------------------------------------------
[FIN]
# ------------------------------ [Protocolo Romon]
-----------------------------------
#
-----------------------------------------------------------------------------------
-------

#
-----------------------------------------------------------------------------------
[INI]
# ----------------------------- [Balanceos de Carga]
---------------------------------
#
-----------------------------------------------------------------------------------
-------
# Reglas para (Balanceo de Carga): ----------------------------------- (no probado)
# Fundamentalmente, divide la carga (conexiones) entre diferentes
out-interfaces/enlaces. Existen tres tipos de balanceos de carga: (ECMP/NTH/PCC).

# Reglas para (Balanceo de Carga): ---------------------------------------- [ECMP]


# Activar reglas (NAT.masquerade: R<:), según corresponda (diferentes Gateways de
igual Mbps).
/ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-
connection-mark=ISP1Conn log=no log-prefix=”BC-ECMP.Marco (Conn.IN: ISP1Conn)”
comment=”001R<: BC-ECMP.Marco (Conn.IN: ISP1Conn)” disable=yes;
/ip firewall mangle add chain=output new-connection-mark=ISP1Conn action=mark-
routing log=no log-prefix=”BC-ECMP.Marco (Rout.OUT: toISP1)” new-routing=toISP1
comment=”002R<: BC-ECMP.Marco (Rout.OUT: toISP1)” disable=yes;
/ip firewall mangle add chain=input in-interface=WAN2 action=mark-connection new-
connection-mark=ISP2Conn log=no log-prefix=”BC-ECMP.Marco (Conn.IN: ISP2Conn)”
comment=”003R<: BC-ECMP.Marco (Conn.IN: ISP2Conn)” disable=yes;
/ip firewall mangle add chain=output new-connection-mark=ISP2Conn action=mark-
routing log=no log-prefix=”BC-ECMP.Marco (Rout.OUT: toISP2)” new-routing=toISP2
comment=”004R<: BC-ECMP.Marco (Rout.OUT: toISP2)” disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1,1.2.4.1 comment="10R<: BC-
ECMP.Rutas (ISPs.Rutas)" disable=yes; # Gateway distintos y distintos ISP.
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-ECMP.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-ECMP.Ruta (ISP2.Ruta)" disable=yes;
# …

# ------------------------------------------- [mismo Gateway y distintas


Interfaces]
# /ip route add check-gateway=ping gateway=1.2.3.1%WAN1,1.2.4.1%WAN2 comment="10R<:
BC-ECMP.Rutas (ISPs.Rutas)" disable=yes;
# /ip route add check-gateway=ping gateway=1.2.3.1%WAN1 routing-mark=toISP1
comment="20R<: BC-ECMP.Ruta (ISP1.Ruta)" disable=yes;
# /ip route add check-gateway=ping gateway=1.2.4.1%WAN2 routing-mark=toISP2
comment="21R<: BC-ECMP.Ruta (ISP2.Ruta)" disable=yes;
# …

# Reglas para (Balanceo de Carga): ------------------------------------------ [NTH]


# Activar reglas (NAT.masquerade: R<:), según corresponda. (nth=2,1), donde (2) es
el nro de WANx activas.
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
state=new nth=2,1 action=mark-connection new-connection-mark=ISP1Conn log=no log-
prefix=”BC-NTH.Marco (Conn.IN: ISP1Conn)” comment=”001R<: BC-NTH.Marco (Conn.IN:
ISP1Conn)” passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP1Conn action=mark-routing new-routing-mark=toISP1 log=no log-prefix=”BC-
NTH.Marco (Rout.OUT: toISP1)” comment=”002R<: BC-NTH.Marco (Rout.OUT: toISP1)”
passthrough=no disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
state=new nth=2,2 action=mark-connection new-connection-mark=ISP2Conn log=no log-
prefix=”BC-NTH.Marco (Conn.IN: ISP2Conn)” comment=”001R<: BC-NTH.Marco (Conn.IN:
ISP2Conn)” passthrough=yes disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP2Conn action=mark-routing new-routing-mark=toISP2 log=no log-prefix=”BC-
NTH.Marco (Rout.OUT: toISP1)” comment=”002R<: BC-NTH.Marco (Rout.OUT: toISP1)”
passthrough=no disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-NTH.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-NTH.Ruta (ISP2.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.3.1 comment="22R<: BC-NTH.Ruta
(ISP1.Ruta x routing-mark=no-mark)" disable=yes;

# Reglas para (Balanceo de Carga): -------------------------------------------


[PCC]
# Activar reglas (NAT.masquerade: R<:), según corresponda. (src-address-and-
port:X/0)/(both-addresses:X/0), siendo (X), la cantidad de WANs (activas) o una
forma de ponderar interface (WANx) por sobre el resto (por tener mas Mbps).
/ip firewall mangle add chain=prerouting dst-address=1.2.3.0/24 action=accept in-
interface-list=LANs comment="001R<: BC-PCC.Accept (LANs to ISP1Conn)" disable=yes;
/ip firewall mangle add chain=prerouting dst-address=1.2.4.0/24 action=accept in-
interface-list=LANs comment="002R<: BC-PCC.Accept (LANs to ISP2Conn)" disable=yes;
# …

# -------------------------------------------
/ip firewall mangle add chain=prerouting in-interface=WAN1 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP1Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP1Conn)” comment=”003R<: BC-PCC.Marco (Conn.IN: ISP1Conn)” disable=yes;
/ip firewall mangle add chain=prerouting in-interface=WAN2 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP2Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP2Conn)” comment=”004R<: BC-PCC.Marco (Conn.IN: ISP2Conn)” disable=yes;
# …

# -------------------------------------------
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-mark=no-
mark per-connection-classifier=src-address-and-port:2/0 action=mark-connection dst-
address-type=!local new-connection-mark=ISP1Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP1Conn)” comment=”005R<: BC-PCC.Marco (Conn.IN: ISP1Conn)” disable=yes;
# /ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=no-mark per-connection-classifier=both-addresses:2/0 action=mark-connection
dst-address-type=!local new-connection-mark=ISP1Conn log=no log-prefix=”BC-
PCC.Marco (Conn.IN: ISP1Conn)” comment=”005Rx: BC-PCC.Marco (Conn.IN: ISP1Conn)”
disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-mark=no-
mark per-connection-classifier=src-address-and-port:2/1 action=mark-connection dst-
address-type=!local new-connection-mark=ISP2Conn log=no log-prefix=”BC-PCC.Marco
(Conn.IN: ISP2Conn)” comment=”006R<: BC-PCC.Marco (Conn.IN: ISP2Conn)” disable=yes;
# /ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=no-mark per-connection-classifier=both-addresses:2/1 action=mark-connection
dst-address-type=!local new-connection-mark=ISP2Conn log=no log-prefix=”BC-
PCC.Marco (Conn.IN: ISP2Conn)” comment=”006Rx: BC-PCC.Marco (Conn.IN: ISP2Conn)”
disable=yes;
# …

# ---------------------
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP1Conn action=mark-routing new-routing-mark=toISP1 log=no log-prefix=”BC-
PCC.Marco (Rout.IN: toISP1)” comment=”007R<: BC-PCC.Marco (Rout.IN: toISP1)”
disable=yes;
/ip firewall mangle add chain=prerouting in-interface-list=LANs connection-
mark=ISP2Conn action=mark-routing new-routing-mark=toISP2 log=no log-prefix=”BC-
PCC.Marco (Rout.IN: toISP2)” comment=”008R<: BC-PCC.Marco (Rout.IN: toISP2)”
disable=yes;
# …

# ---------------------
/ip firewall mangle add chain=output connection-mark=ISP1Conn action=mark-routing
new-routing-mark=toISP1 log=no log-prefix=”BC-PCC.Marco (Rout.OUT: toISP1)”
comment=”009R<: BC-PCC.Marco (Rout.OUT: toISP1)” passthrough=no disable=yes;
/ip firewall mangle add chain=output connection-mark=ISP2Conn action=mark-routing
new-routing-mark=toISP2 log=no log-prefix=”BC-PCC.Marco (Rout.OUT: toISP2)”
comment=”010R<: BC-PCC.Marco (Rout.OUT: toISP2)” disable=yes;
# …

# ------------------------------------------- [distintos Gateways y distintas


Interfaces]
/ip route add check-gateway=ping gateway=1.2.3.1 routing-mark=toISP1 comment="20R<:
BC-PCC.Ruta (ISP1.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 routing-mark=toISP2 comment="21R<:
BC-PCC.Ruta (ISP2.Ruta)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.3.1 scope=1 comment="22R<: BC-PCC.Ruta
(ISP1.Ruta-Failover)" disable=yes;
/ip route add check-gateway=ping gateway=1.2.4.1 scope=2 comment="23R<: BC-PCC.Ruta
(ISP2.Ruta-Failover)" disable=yes;

#
-----------------------------------------------------------------------------------
[FIN]
# ----------------------------- [Balanceos de Carga]
---------------------------------
#
-----------------------------------------------------------------------------------
-------

#
-----------------------------------------------------------------------------------
[INI]
# ------------------------------------ [Bonding]
----------------------------------------
#
-----------------------------------------------------------------------------------
-------
# Reglas para (Bonding): ---- [agregación de interfaces en un unico enlace virtual]
# Sumatoria de interfaces. Se necesitan dos router/switch (uno en cada punta de los
enlaces) y conectar cada puerto con cada AP/ST (enlaces).
# ------------------------------------------- [Router.Local]
/interface bonding add name=VCIBonding slaves=WAN1,WAN2 mode=balance-rr
comment=”01R<: VCIBondig.Add (Bonding Interface.Local)” disable=yes;
# ------------------------
/ip address add address=192.168.79.13/30 interface=VCIBonding comment=”01R<:
VCIBonding.Interface (AP-ST)” disable=yes;
/ip address add address=192.168.79.1/30 interface=WAN1 comment=”01R>: BondingWAN1.[
Elisa (AP:1.2.3.1-ST:1.2.3.2) ]” disable=yes;
/ip address add address=192.168.79.5/30 interface=WAN2 comment=”02R>: BondingWAN2.[
Elisa (AP:1.2.3.4-ST:1.2.3.5) ]” disable=yes;
# …

# ------------------------------------------- [Router.no-Local]
/interface bonding add name=VCIBonding slaves=WAN1,WAN2 mode=balance-rr
comment=”01R>: VCIBondig.Add (Bonding Interface.no-Local)” disable=yes;
# ------------------------
/ip address add address=192.168.79.14/30 interface=VCIBonding comment=”01R>:
VCIBonding.Interface (ST-AP)” disable=yes;
/ip address add address=192.168.79.2/30 interface=WAN1 comment=”01R>: BondingWAN1.[
Elisa (ST:1.2.3.1-AP:1.2.3.2) ]” disable=yes;
/ip address add address=192.168.79.6/30 interface=WAN2 comment=”02R>: BondingWAN2.[
Elisa (ST:1.2.3.4-AP:1.2.3.5) ]” disable=yes;
# …
#
-----------------------------------------------------------------------------------
[FIN]
# ------------------------------------ [Bonding]
----------------------------------------
#
-----------------------------------------------------------------------------------
-------

-------------------------------------------------------------------------------
[ FIN ]
-----------------------------------------------------------------------------------
-----
--------------------------- Scripts (accesorios):
-----------------------------------
-----------------------------------------------------------------------------------
-----
-----------------------------------------------------------------------------------
-----

You might also like