Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IoT devices disconnect every 10 seconds  [SOLVED]

Post Reply
 
Kataius
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

IoT devices disconnect every 10 seconds

Fri May 31, 2024 8:21 pm

Hi, I have the following problem with VLANs:

-I have an hap connected with capsman to routerboard.

-I have 4 vlans

-I have IoT devices connected to the vlan (in this case vlan400)

Problem:

If I put the dhcp server on the bridge and not on vlan400 and in capsman I put only the bridge as the vlan400 datapath. Everything works.

If, however, I put a dhcp on the bridge of another vlan (example 900) and the vlan ID (400) in the capsman datapath, some IoT devices connected via Wifi to vlan400 disconnect and reconnect every 10 seconds.


Can someone help me?

AP CONFIG:
Code: Select all
# 2024-05-31 18:19:49 by RouterOS 7.15rc5
/interface bridge
add admin-mac=48:A9:8A:BC:A5:1F auto-mac=no name=BR-Cap port-cost-mode=short \
    vlan-filtering=yes
/interface vlan
add interface=BR-Cap mtu=1480 name=100-Casa vlan-id=100
add interface=BR-Cap mtu=1480 name=200-Mamma vlan-id=200
add interface=BR-Cap mtu=1480 name=300-Guest vlan-id=300
add interface=BR-Cap mtu=1480 name=400-Domus vlan-id=400
add interface=BR-Cap mtu=1480 name=900-Control vlan-id=900
/interface list
add name=LAN
add name=TRUSTED
/interface wifi datapath
add bridge=BR-Cap comment=defconf disabled=no interface-list=all name=capdp
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: LimitService5G, channel: 5220/ax/eeCe
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
    datapath=capdp disabled=no
# managed by CAPsMAN
# mode: AP, SSID: LimitService2G, channel: 2437/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
    datapath=capdp disabled=no
/ip smb users
set [ find default=yes ] disabled=yes
/interface bridge port
add bridge=BR-Cap comment=defconf interface=ether1 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=BR-Cap tagged=BR-Cap,ether1 vlan-ids=100
add bridge=BR-Cap tagged=BR-Cap,ether1 vlan-ids=400
add bridge=BR-Cap tagged=ether1,BR-Cap vlan-ids=200
add bridge=BR-Cap tagged=ether1,BR-Cap vlan-ids=300
add bridge=BR-Cap tagged=BR-Cap,ether1 vlan-ids=900
/interface list member
add interface=100-Casa list=LAN
add interface=100-Casa list=TRUSTED
add interface=400-Domus list=LAN
add interface=200-Mamma list=LAN
add interface=300-Guest list=LAN
add interface=900-Control list=TRUSTED
add interface=BR-Cap list=LAN
add interface=ether1 list=LAN
/interface wifi cap
set discovery-interfaces=BR-Cap enabled=yes lock-to-caps-man=no \
    slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=BR-Cap
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" disabled=yes list=\
    bad_ipv6
add address=::1/128 comment="defconf: lo" disabled=yes list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" disabled=yes list=\
    bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=yes \
    list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" disabled=yes list=bad_ipv6
add address=100::/64 comment="defconf: discard only " disabled=yes list=\
    bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" disabled=yes list=\
    bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" disabled=yes list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" disabled=yes list=bad_ipv6
/ipv6 firewall filter
add action=drop chain=input
add action=drop chain=forward
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMPv6" disabled=yes \
    protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    disabled=yes dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." disabled=yes dst-port=\
    546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" disabled=yes \
    dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" disabled=yes \
    protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" disabled=\
    yes protocol=ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" disabled=yes \
    ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" disabled=yes \
    in-interface-list=!LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" disabled=yes src-address-list=\
    bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=\
    bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    disabled=yes hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" disabled=yes \
    protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" disabled=yes \
    protocol=139
add action=accept chain=forward comment="defconf: accept IKE" disabled=yes \
    dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" disabled=\
    yes protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" disabled=\
    yes protocol=ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" disabled=yes \
    ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" disabled=yes \
    in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=AP
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.240.1
add address=10.10.0.1
/tool mac-server
set allowed-interface-list=TRUSTED
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED

ROUTERBOARD CONFIG
Code: Select all
# 2024-05-31 18:19:10 by RouterOS 7.15rc5
/container mounts
add dst=/opt/list name=pihole_list src=/usb1-part1/container_pihole/list
add dst=/etc/pihole name=pihole_etc src=/usb1-part1/container_pihole/etc
add dst=/etc/dnsmasq.d name=pihole_dnsmasq src=\
    /usb1-part1/container_pihole/dnsmasq
add dst=/etc/cron.d name=pihole_crono src=/usb1-part1/container_pihole/crono
/disk
set usb1 media-interface=none media-sharing=no slot=usb1
add media-interface=none media-sharing=no parent=usb1 partition-number=1 \
    partition-offset="1 048 576" partition-size="500 104 200 704" type=\
    partition
/interface bridge
add admin-mac=F6:2C:EA:E2:08:97 auto-mac=no comment=Capsman name=BR-Capsman \
    port-cost-mode=short priority=0x6000 vlan-filtering=yes
add admin-mac=4A:89:21:54:BD:D4 auto-mac=no comment=PiHole name=BR-PiHole \
    port-cost-mode=short protocol-mode=none
add comment=-mDNS name=BR-mDNS protocol-mode=none
/interface veth
add address=192.168.55.50/25 gateway=192.168.55.1 gateway6="" name=veth-mdns
add address=192.168.55.55/25 gateway=192.168.55.1 gateway6="" name=\
    veth-pihole
/interface vlan
add comment=Casa interface=BR-Capsman mtu=1480 name=100-Casa vlan-id=100
add comment=Mamma interface=BR-Capsman mtu=1480 name=200-Mamma vlan-id=200
add comment=Guests interface=BR-Capsman mtu=1480 name=300-Guest vlan-id=300
add comment=Domus interface=BR-Capsman mtu=1480 name=400-Domus vlan-id=400
add comment=Control interface=BR-Capsman mtu=1480 name=900-Control vlan-id=\
    900
add comment=WAN interface=ether1 mtu=1480 name=***-vlan vlan-id=***
/interface macvlan
add disabled=yes interface=100-Casa mac-address=BA:C9:E8:55:EE:D8 mode=\
    private mtu=1480 name=macvlan100
add disabled=yes interface=400-Domus mac-address=C2:AB:7F:29:3C:40 mode=\
    private mtu=1480 name=macvlan400
/interface pppoe-client
add add-default-route=yes disabled=no interface=***-vlan name=\
    ***-pppoe user=***
/interface list
add name=WAN
add name=LAN
add name=TRUSTED
add name=INTERNET
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2437 name=silent width=20/40mhz-Ce
add band=2ghz-g disabled=no name=guest
add band=5ghz-ax disabled=no frequency=5220 name=wlan5_esterno \
    skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-ax disabled=no frequency=2437 name=wlan2_channel6_main width=\
    20/40mhz
add band=2ghz-ax disabled=no frequency=2412 name=wlan2_channel1
add band=2ghz-ax disabled=no frequency=2462 name=wlan2_channel11
add band=5ghz-ax disabled=no frequency=5220 name=wlan5_interno \
    skip-dfs-channels=all width=20/40/80mhz
/interface wifi datapath
add bridge=BR-Capsman disabled=no name=Wifi_Mamma vlan-id=200
add bridge=BR-Capsman disabled=no name=Wifi_Guest vlan-id=300
add bridge=BR-Capsman disabled=no name=Wifi_Casa vlan-id=100
add bridge=BR-Capsman disabled=no name=Wifi_Domus vlan-id=400
add bridge=BR-Capsman disabled=yes name=Wifi_Command vlan-id=900
/interface wifi security
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp name=home
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp name=\
    guest
add authentication-types=wpa2-psk disabled=no name=silent
add authentication-types=wpa2-psk disabled=no name=service
/interface wifi configuration
add antenna-gain=2 country=Italy datapath=Wifi_Guest disabled=yes name=guest \
    security=guest ssid=Clochard
add country=Italy datapath=Wifi_Mamma disabled=no hide-ssid=yes mode=ap name=\
    silent security=silent ssid=silent
add antenna-gain=2 channel=wlan2_channel11 country=Italy datapath=Wifi_Domus \
    disabled=no mode=ap name=studio_2ghz security=service ssid=LimitService2G
add channel=wlan2_channel1 country=Italy datapath=Wifi_Domus disabled=no \
    mode=ap name=centro_2ghz security=service ssid=LimitService2G
add channel=wlan2_channel6_main country=Italy datapath=Wifi_Domus disabled=no \
    mode=ap name=server_2ghz security=service ssid=LimitService2G
add antenna-gain=1 channel=wlan2_channel11 country=Italy datapath=Wifi_Domus \
    disabled=no mode=ap name=taverna_2ghz security=service ssid=\
    LimitService2G
add antenna-gain=4 channel=wlan2_channel1 country=Italy datapath=Wifi_Domus \
    disabled=no mode=ap name=esterno_2ghz security=service ssid=\
    LimitService2G
add country=Italy datapath=Wifi_Casa disabled=no mode=ap name=home2G \
    security=home ssid=HyperLimitless
add channel=wlan5_esterno country=Italy datapath=Wifi_Domus disabled=no mode=\
    ap name=centro_5ghz security=service ssid=LimitService5G
add country=Italy datapath=Wifi_Casa disabled=no mode=ap name=home5G \
    security=home ssid=HyperLimitless
add channel=wlan5_esterno country=Italy datapath=Wifi_Domus disabled=no mode=\
    ap name=esterno_5ghz security=service ssid=LimitService5G
add channel=wlan5_esterno country=Italy datapath=Wifi_Domus disabled=no mode=\
    ap name=server_5ghz security=service ssid=LimitService5G
add channel=wlan5_interno country=Italy datapath=Wifi_Domus disabled=no mode=\
    ap name=studio_5ghz security=service ssid=LimitService5G
add channel=wlan5_interno country=Italy datapath=Wifi_Domus disabled=no mode=\
    ap name=taverna_5ghz security=service ssid=LimitService5G
/interface wifi
add configuration=server_5ghz disabled=no name=wifi1 radio-mac=\
    48:A9:8A:BC:A5:24
add configuration=home5G disabled=no mac-address=4A:A9:8A:BC:A5:24 \
    master-interface=wifi1 name=wifi2
add configuration=taverna_5ghz disabled=no name=wifi3 radio-mac=\
    48:A9:8A:0E:06:47
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:06:47 \
    master-interface=wifi3 name=wifi4
add configuration=centro_2ghz disabled=no name=wifi5 radio-mac=\
    48:A9:8A:0E:06:A9
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:06:A9 \
    master-interface=wifi5 name=wifi6
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:06:AA \
    master-interface=wifi5 name=wifi7
add configuration=studio_5ghz disabled=no name=wifi8 radio-mac=\
    48:A9:8A:0E:03:51
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:03:51 \
    master-interface=wifi8 name=wifi9
add configuration=esterno_5ghz disabled=no name=wifi10 radio-mac=\
    48:A9:8A:0E:09:5D
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:09:5D \
    master-interface=wifi10 name=wifi11
add configuration=centro_5ghz disabled=no name=wifi12 radio-mac=\
    48:A9:8A:0E:06:A8
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:06:A8 \
    master-interface=wifi12 name=wifi13
add configuration=taverna_2ghz disabled=no name=wifi14 radio-mac=\
    48:A9:8A:0E:06:48
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:06:48 \
    master-interface=wifi14 name=wifi15
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:06:49 \
    master-interface=wifi14 name=wifi16
add configuration=studio_2ghz disabled=no name=wifi17 radio-mac=\
    48:A9:8A:0E:03:52
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:03:52 \
    master-interface=wifi17 name=wifi18
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:03:53 \
    master-interface=wifi17 name=wifi19
add configuration=server_2ghz disabled=no name=wifi20 radio-mac=\
    48:A9:8A:BC:A5:25
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:BC:A5:25 \
    master-interface=wifi20 name=wifi21
add configuration=home2G disabled=no mac-address=4A:A9:8A:BC:A5:26 \
    master-interface=wifi20 name=wifi22
add configuration=silent disabled=no mac-address=4A:A9:8A:BC:A5:27 \
    master-interface=wifi20 name=wifi23
add configuration=esterno_2ghz disabled=no name=wifi24 radio-mac=\
    48:A9:8A:0E:09:5E
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:09:5E \
    master-interface=wifi24 name=wifi25
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:09:5F \
    master-interface=wifi24 name=wifi26
/ip pool
add name=MammaPool ranges=10.255.255.100-10.255.255.200
add name=GuestsPool ranges=172.16.0.2-172.16.15.254
add name=DomusPool ranges=192.168.240.100-192.168.240.200
add name=CasaPool ranges=192.168.0.100-192.168.0.200
add name=ControlPool ranges=10.10.0.100-10.10.0.200
/ip dhcp-server
add add-arp=yes address-pool=CasaPool interface=100-Casa lease-script="# When \
    \"1\" all DNS entries with IP address of DHCP lease are removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"lan\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"00:15:00\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"comment\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
    ameShort\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=1d name=Casa_dhcp
add add-arp=yes address-pool=MammaPool bootp-support=none interface=200-Mamma \
    lease-time=1d name=Mamma_dchp
add add-arp=yes address-pool=GuestsPool interface=300-Guest lease-time=12h \
    name=Guests_dhcp
add add-arp=yes address-pool=DomusPool interface=400-Domus lease-script="# Whe\
    n \"1\" all DNS entries with IP address of DHCP lease are removed\r\
    \n:local dnsRemoveAllByIp \"1\"\r\
    \n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
    \n:local dnsRemoveAllByName \"1\"\r\
    \n# When \"1\" addition and removal of DNS entries is always done also for\
    \_non-FQDN hostname\r\
    \n:local dnsAlwaysNonfqdn \"1\"\r\
    \n# DNS domain to add after DHCP client hostname\r\
    \n:local dnsDomain \"domus\"\r\
    \n# DNS TTL to set for DNS entries\r\
    \n:local dnsTtl \"00:15:00\"\r\
    \n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
    \_lease attribute, like \"host-name\" or \"comment\"\r\
    \n:local leaseClientHostnameSource \"comment\"\r\
    \n\r\
    \n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
    ostnameSource\"\r\
    \n:local leaseClientHostname\r\
    \n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
    \n  :set leaseClientHostname \$\"lease-hostname\"\r\
    \n} else={\r\
    \n  :set leaseClientHostname ([:pick \\\r\
    \n    [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
    me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
    \n    0]->\"\$leaseClientHostnameSource\")\r\
    \n}\r\
    \n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
    \n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
    \n:if ([:len [\$dnsDomain]] > 0) do={\r\
    \n  :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
    \n  :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
    \n    :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
    ameShort\"\r\
    \n  }\r\
    \n}\r\
    \n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\"]\r\
    \n}\r\
    \n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
    \n  :if (\$dnsRemoveAllByName = \"1\") do={\r\
    \n    /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
    \" and name=\"\$h\"]\r\
    \n  }\r\
    \n  /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
    and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
    \n  :if (\$leaseBound = \"1\") do={\r\
    \n    :delay 1\r\
    \n    /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
    \" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
    \n  }\r\
    \n}" lease-time=1d name=Domus_dhcp
add add-arp=yes address-pool=ControlPool interface=BR-Capsman lease-time=1d \
    name=Control_dhcp
/ip smb users
set [ find default=yes ] disabled=yes
/routing pimsm instance
add disabled=yes name=pimsm-instance1 vrf=main
/container
add envlist=pihole_envs interface=veth-pihole mounts=\
    pihole_list,pihole_etc,pihole_dnsmasq,pihole_crono root-dir=\
    usb2-part1/pihole start-on-boot=yes
add envlist=mdns_envs hostname=mdns-repeater interface=veth-mdns logging=yes \
    root-dir=usb1-part1/mdms start-on-boot=yes
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1-part1/pull
/container envs
add key=TZ name=pihole_envs value=Europe/Rome
add key=WEBPASSWORD name=pihole_envs value="***"
add key=DNSMASQ_USER name=pihole_envs value=root
add key=FTLCONF_LOCAL_IPV4 name=pihole_envs value=192.168.55.55
add key=REPEATER_INTERFACES name=mdns_envs value="eth0.100 eth0.400"
/interface bridge filter
add action=accept chain=forward comment="Allow mDNS only" disabled=yes \
    dst-address=224.0.0.251/32 dst-mac-address=\
    01:00:5E:00:00:FB/FF:FF:FF:FF:FF:FF dst-port=5353 in-bridge=BR-mDNS \
    ip-protocol=udp log-prefix="forward MDNS" mac-protocol=ip out-bridge=\
    BR-mDNS src-port=5353
add action=accept chain=forward comment="Forward SSDP" disabled=yes \
    dst-address=239.255.255.250/32 dst-mac-address=\
    01:00:5E:7F:FF:FA/FF:FF:FF:FF:FF:FF dst-port=1900 in-bridge=BR-mDNS \
    ip-protocol=udp log-prefix="forward SSDP" mac-protocol=ip out-bridge=\
    BR-mDNS
add action=drop chain=forward comment="Drop all other L2 traffic" disabled=\
    yes in-bridge=BR-mDNS out-bridge=BR-mDNS
/interface bridge nat
add action=src-nat chain=srcnat comment="mDNS - SNAT to Primary VLAN bridge" \
    disabled=yes dst-mac-address=01:00:5E:00:00:FB/FF:FF:FF:FF:FF:FF \
    log-prefix="NAT mdns" to-src-mac-address=F6:2C:EA:E2:08:97
add action=src-nat chain=srcnat comment="SSDP - SNAT to Primary VLAN bridge" \
    disabled=yes dst-mac-address=01:00:5E:7F:FF:FA/FF:FF:FF:FF:FF:FF \
    log-prefix="NAT ssdp" to-src-mac-address=F6:2C:EA:E2:08:97
/interface bridge port
add bridge=BR-Capsman interface=sfp-sfpplus1 internal-path-cost=10 path-cost=\
    10
add bridge=BR-Capsman interface=ether8 internal-path-cost=10 path-cost=10 \
    pvid=100
add bridge=BR-PiHole interface=veth-pihole internal-path-cost=10 path-cost=10
add bridge=BR-mDNS disabled=yes interface=macvlan100
add bridge=BR-mDNS disabled=yes interface=macvlan400
add bridge=BR-Capsman interface=veth-mdns
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=BR-Capsman comment="Mamma VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
    vlan-ids=200
add bridge=BR-Capsman comment="Guest VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
    vlan-ids=300
add bridge=BR-Capsman comment="Domus VLAN" tagged=\
    BR-Capsman,sfp-sfpplus1,veth-mdns vlan-ids=400
add bridge=BR-Capsman comment="Casa VLAN" tagged=\
    BR-Capsman,sfp-sfpplus1,veth-mdns untagged=ether8 vlan-ids=100
add bridge=BR-Capsman comment="Control VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
    vlan-ids=900
/interface detect-internet
set detect-interface-list=INTERNET internet-interface-list=INTERNET \
    lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=***-pppoe list=WAN
add interface=100-Casa list=LAN
add interface=***-vlan list=WAN
add interface=200-Mamma list=LAN
add interface=300-Guest list=LAN
add interface=400-Domus list=LAN
add interface=100-Casa list=TRUSTED
add interface=900-Control list=LAN
add interface=BR-Capsman list=LAN
add interface=BR-PiHole list=LAN
add interface=BR-Capsman list=TRUSTED
add disabled=yes interface=900-Control list=TRUSTED
add interface=***-pppoe list=INTERNET
/interface wifi access-list
add action=accept comment="Apple Device" disabled=yes mac-address=\
    18:34:51:00:00:00 mac-address-mask=FF:FF:FF:00:00:00
/interface wifi capsman
set enabled=yes interfaces=BR-Capsman package-path="" \
    require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=server_5ghz \
    name-format="" radio-mac=48:A9:8A:BC:A5:24 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=studio_2ghz \
    name-format="" radio-mac=48:A9:8A:0E:03:52 slave-configurations=\
    guest,home2G
add action=create-enabled disabled=no master-configuration=taverna_5ghz \
    name-format="" radio-mac=48:A9:8A:0E:06:47 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=esterno_5ghz \
    name-format="" radio-mac=48:A9:8A:0E:09:5D slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=centro_5ghz \
    name-format="" radio-mac=48:A9:8A:0E:06:A8 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=esterno_2ghz \
    name-format="" radio-mac=48:A9:8A:0E:09:5E slave-configurations=\
    guest,home2G
add action=create-enabled disabled=no master-configuration=server_2ghz \
    name-format="" radio-mac=48:A9:8A:BC:A5:25 slave-configurations=\
    guest,home2G,silent
add action=create-enabled disabled=no master-configuration=studio_5ghz \
    name-format="" radio-mac=48:A9:8A:0E:03:51 slave-configurations=home5G \
    supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=centro_2ghz \
    name-format="" radio-mac=48:A9:8A:0E:06:A9 slave-configurations=\
    guest,home2G
add action=create-enabled disabled=no master-configuration=taverna_2ghz \
    name-format="" radio-mac=48:A9:8A:0E:06:48 slave-configurations=\
    guest,home2G
/ip address
add address=192.168.0.1/24 interface=100-Casa network=192.168.0.0
add address=172.16.0.1/20 interface=300-Guest network=172.16.0.0
add address=10.255.255.1/24 interface=200-Mamma network=10.255.255.0
add address=192.168.240.1/24 interface=400-Domus network=192.168.240.0
add address=192.168.55.1/25 interface=BR-PiHole network=192.168.55.0
add address=10.10.0.1/24 interface=BR-Capsman network=10.10.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1d
/ip dhcp-server network
add address=10.10.0.0/24 dns-none=yes gateway=10.10.0.1 netmask=24 \
    ntp-server=10.10.0.1
add address=10.255.255.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.255.255.1 \
    netmask=24
add address=172.16.0.0/20 dns-server=1.1.1.3,1.0.0.3 gateway=172.16.0.1 \
    netmask=20
add address=192.168.0.0/24 dns-server=192.168.55.55 gateway=192.168.0.1 \
    netmask=24
add address=192.168.240.0/24 dns-server=192.168.55.55 gateway=192.168.240.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1m servers=1.1.1.1,1.0.0.1 \
    use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=104.16.248.249 name=cloudflare-dns.com
add address=104.16.249.249 name=cloudflare-dns.com
/ip firewall address-list
add address=192.168.0.0/24 comment="Casa NET" list=net_casa
add address=10.255.255.0/24 comment="Mamma NET" list=net_mamma
add address=172.16.0.0/20 comment="Guest NET" list=net_guest
add address=10.255.255.0/24 comment="Excluded from PiHole" list=excluded
add address=172.16.0.0/20 comment="Excluded from PiHole" list=excluded
add address=192.168.55.55 comment="Excluded from PiHole" list=excluded
add address=192.168.240.0/24 comment="Domus NET" list=net_domus
add address=10.10.0.0/24 comment="Excluded from PiHole" list=excluded
add address=192.168.240.10 comment="Excluded from PiHole" list=excluded
add address=192.168.0.0/24 comment="Filtered from PiHole" list=filtered
add address=192.168.240.0/24 comment="Filtered from PiHole" list=filtered
add address=10.10.0.0/24 comment="Control NET" list=net_control
add address=192.168.0.10 comment="Excluded from PiHole" list=excluded
add address=192.168.240.15 comment="Excluded from PiHole" list=excluded
add address=199.255.137.34 list=DNS-DOH
add address=103.112.162.165 list=DNS-DOH
add address=103.133.222.202 list=DNS-DOH
add address=82.146.26.2 list=DNS-DOH
add address=94.236.218.254 list=DNS-DOH
add address=185.81.41.81 list=DNS-DOH
add address=103.209.52.250 list=DNS-DOH
add address=119.160.80.164 list=DNS-DOH
add address=8.8.8.8 list=DNS-DOH
[...]A LOT OF THIS ADDRESS[...]
add address=81.82.253.90 list=DNS-DOH
add address=81.83.12.253 list=DNS-DOH
add address=81.83.14.63 list=DNS-DOH
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=\
    "ONLY allow trusted subnet full access to router services" \
    src-address-list=net_casa
add action=accept chain=input comment=PiHole dst-port=53,123 \
    in-interface-list=LAN protocol=udp
add action=accept chain=input comment=PiHole dst-port=53 in-interface-list=\
    LAN protocol=tcp
add action=drop chain=input comment="DROP ALL ELSE"
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment="allow access to ALL DomusNET" \
    dst-address-list=net_domus src-address-list=net_casa
add action=accept chain=forward comment="SSDP and mDNS" connection-state=\
    invalid disabled=yes dst-address-list=net_casa src-address-list=net_domus
add action=accept chain=forward comment="allow access to ALL ControlNET" \
    dst-address-list=net_control src-address-list=net_casa
add action=accept chain=forward comment="allow access to AP Mamma" \
    dst-address=10.255.255.2 src-address-list=net_casa
add action=accept chain=forward comment="allow access to MCZ from LAN" \
    dst-address=192.168.120.1 src-address-list=net_casa
add action=accept chain=forward comment="allow access to MCZ from DOMUS" \
    dst-address=192.168.120.1 src-address-list=net_domus
add action=accept chain=forward comment="allow access to PiHOLE" dst-address=\
    192.168.55.55 src-address-list=filtered
add action=drop chain=forward comment="BLOCK DOT and DOH" dst-address-list=\
    DNS-DOH dst-port=443,853 protocol=udp src-address-list=!excluded
add action=drop chain=forward comment="BLOCK DOT and DOH" dst-address-list=\
    DNS-DOH dst-port=443,853 protocol=tcp src-address-list=!excluded
add action=accept chain=forward comment="internet traffic" in-interface-list=\
    LAN out-interface-list=WAN src-address-list=!net_control
add action=accept chain=forward comment="port forwarding" \
    connection-nat-state=dstnat
add action=drop chain=forward comment="DROP ALL ELSE"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=Pihole dst-port=53 in-interface-list=\
    LAN protocol=udp src-address-list=!excluded to-addresses=192.168.55.55
add action=dst-nat chain=dstnat comment=Pihole dst-port=53 in-interface-list=\
    LAN protocol=tcp src-address-list=!excluded to-addresses=192.168.55.55
/ip firewall service-port
set ftp disabled=yes
set h323 disabled=yes
set pptp disabled=yes
/ip kid-control
add disabled=yes fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d \
    thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=\
    0s-1d tur-thu=0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip route
add comment=MCZ disabled=no distance=1 dst-address=192.168.120.0/24 gateway=\
    192.168.240.7 pref-src="" routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
/ip smb shares
set [ find default=yes ] directory=/pub
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=***-pppoe type=external
add interface=100-Casa type=internal
add interface=400-Domus type=internal
add interface=***-vlan type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=drop chain=input
add action=drop chain=forward
/routing pimsm interface-template
add disabled=yes instance=pimsm-instance1 interfaces=400-Domus,100-Casa
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=RB
/system logging
set 2 disabled=yes
add action=echo disabled=yes topics=dhcp
add action=echo disabled=yes topics=dhcp
add disabled=yes topics=wireless
add action=echo disabled=yes topics=wireless
add action=remote disabled=yes topics=wireless
add disabled=yes prefix=dhcp topics=debug
add disabled=yes prefix=wireless topics=debug
add disabled=yes topics=wireless,debug,error,info,info
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes local-clock-stratum=1 manycast=yes multicast=yes
/system ntp client servers
add address=time.cloudflare.com
/system scheduler
add disabled=yes interval=3w4d name="DOH Update" on-event=":global thefile \"\
    \"\r\
    \n{\r\
    \n    :local url        http://public-dns.info/nameservers-all.txt ;\r\
    \n    :local filesize   ([/tool fetch url=\$url as-value output=none]->\"d\
    ownloaded\")\r\
    \n    :local maxsize    64512 ; # is the maximum supported readable size o\
    f a block from a file\r\
    \n    :local start      0\r\
    \n    :local end        (\$maxsize - 1)\r\
    \n    :local partnumber (\$filesize / (\$maxsize / 1024))\r\
    \n    :local reminder   (\$filesize % (\$maxsize / 1024))\r\
    \n    :if (\$reminder > 0) do={ :set partnumber (\$partnumber + 1) }\r\
    \n    :for x from=1 to=\$partnumber step=1 do={\r\
    \n         :set thefile (\$thefile . ([/tool fetch url=\$url http-header-f\
    ield=\"Range: bytes=\$start-\$end\" as-value output=user]->\"data\"))\r\
    \n         :set start   (\$start + \$maxsize)\r\
    \n         :set end     (\$end   + \$maxsize)\r\
    \n    }\r\
    \n}\r\
    \n#:log info \"thefile=\$thefile\"\r\
    \n#/file remove [find where name=\"check.txt\"];\r\
    \n:execute \":put \\\$thefile\" file=check.txt;\r\
    \n\r\
    \n:global content value=\$thefile;\r\
    \n:local contentLen value=[:len \$content];\r\
    \n:local lineEnd value=0;\r\
    \n:local line value=\"\";\r\
    \n:local lastEnd value=0;\r\
    \n:local addressListName;\r\
    \n:set addressListName \"DNS-DOH\";\r\
    \n\r\
    \n:if (\$thefile != null) do={\r\
    \n  :log info \"There are some New DNS\"\r\
    \n  #/ip firewall address-list remove [/ip firewall address-list find list\
    =\$addressListName]\r\
    \n  :do {\r\
    \n      :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\
    \n      :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\
    \n      :set lastEnd ( \$lineEnd + 1 ) ;\r\
    \n      :local entry [:pick \$line 0 \$lineEnd ]\r\
    \n      :if (\$entry~\"^[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]\
    {1,3}\") do={\r\
    \n            :if ( [:len \$entry ] > 0 ) do={\r\
    \n                #:log info \"entry=\$entry\"\r\
    \n                /ip firewall address-list add list=\$addressListName add\
    ress=\$entry;\r\
    \n            }\r\
    \n      } \r\
    \n    } while=(\$lineEnd < \$contentLen);\r\
    \n  } else={\r\
    \n  :log info \"There no DNS in list\"\r\
    \n} " policy=ftp,read,write,policy,test,sniff start-date=2024-02-25 \
    start-time=02:00:00
add interval=3w6d name=Blocker-Import on-event="# Turris Import by Blacklister\
    \_and edited by Kato\r\
    \n{\r\
    \n# import config - delay for slow routers\r\
    \n#:delay 1m\r\
    \n:log warning \"Blocker script started\"\r\
    \n/ip firewall address-list\r\
    \n:local update do={\r\
    \n \r\
    \n :if (heirule != null) do={:set \$filtering \", filtering on: \$heirule\
    \"}\r\
    \n :put \"Start importing address-list: \$listname\$filtering\"\r\
    \n :log warning \"Start importing address-list: \$listname\$filtering\"\r\
    \n \r\
    \n /tool fetch url=\$url dst-path=\"/\$listname.txt\" as-value\r\
    \n # delay to wait file flush after fetch\r\
    \n :delay 1\r\
    \n :local filesize [/file get \"\$listname.txt\" size]\r\
    \n :local start 0\r\
    \n :local chunkSize 32767;\t\t# requested chunk size\r\
    \n :local partnumber\t(\$filesize / \$chunkSize); # how many chunk are chu\
    nkSize\r\
    \n :local remainder\t(\$filesize % (\$chunkSize-512)); # the last partly c\
    hunk and use reduced chunkSize\r\
    \n :if (\$remainder > 0) do={ :set partnumber (\$partnumber + 1) }; # tota\
    l number of chunks\r\
    \n \r\
    \n :local listCount [:len [find list=\$listname dynamic]]\r\
    \n \r\
    \n :put \"Deleting \$listCount entries (dynamic) from address-list: \$list\
    name\"\r\
    \n :log warning \"Deleting \$listCount entries (dynamic) from address-list\
    : \$listname\"\r\
    \n\r\
    \n :if (\$heirule = null) do={:set \$heirule \".\"}\r\
    \n\r\
    \n # remove the current dynamic entries completely\r\
    \n :do {remove [find where list=\$listname]} on-error={};\r\
    \n \r\
    \n :set \$listnameTemp (\$listname)\r\
    \n \r\
    \n :for x from=1 to=\$partnumber step=1 do={\r\
    \n   :local data ([:file read offset=\$start chunk-size=\$chunkSize file=\
    \"\$listname.txt\" as-value]->\"data\")\r\
    \n   # Only remove the first line only if you are not at the start of list\
    \r\
    \n   :if (\$start > 0) do={:set data [:pick \$data ([:find \$data \"\\n\"]\
    +1) [:len \$data]]}\r\
    \n   :while ([:len \$data]!=0) do={\r\
    \n     :local line [:pick \$data 0 [:find \$data \"\\n\"]]; # create only \
    once and checked twice as local variable\r\
    \n     :if (\$line~\"^[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1\
    ,3}\" && \$line~heirule) do={\r\
    \n       :local addr [:pick \$data 0 [:find \$data \$delimiter]]\r\
    \n       :do {add list=\$listnameTemp address=\$addr comment=\$description\
    } on-error={}; # on error avoids any panics\r\
    \n     }; # if IP address && extra filter if present\r\
    \n     :set data [:pick \$data ([:find \$data \"\\n\"]+1) [:len \$data]]; \
    # removes the just added IP from the data array\r\
    \n     # Cut of the end of the chunks by removing the last lines...very di\
    rty but it works\r\
    \n     :if (([:len \$data] < 256) && (x < \$partnumber)) do={:set data [:t\
    oarray \"\"]}   \r\
    \n   }; # while\r\
    \n\r\
    \n   #:set start (\$start + \$chunkSize)\r\
    \n   :set start ((\$start-512) + \$chunkSize); # shifts the subquential st\
    arts back with 512\r\
    \n }; #do for x\r\
    \n \r\
    \n  /file remove \"\$listname.txt\"\r\
    \n  :put \"Deleted downloaded file: \$listname.txt\"\r\
    \n  :log warning \"Deleted downloaded file: \$listname.txt\"\r\
    \n}; # do\r\
    \n\$update url=https://public-dns.info/nameservers-all.txt delimiter=(\"\\\
    n\") listname=DNS-DOH\r\
    \n#\$update url=https://level2.netset delimiter=(\"\\n\") listname=z-block\
    list-L2\r\
    \n#\$update url=https://latest.csv listname=z-blocklist delimiter=, heirul\
    e=http\r\
    \n#\$update url=https://drop.txt delimiter=(\"\\_\") listname=z-blocklist-\
    drop\r\
    \n\r\
    \n:log warning message=\"Blocker script COMPLETED running\"\r\
    \n}" policy=ftp,read,write,policy,test start-date=2024-05-01 start-time=\
    02:00:00
/system script
add dont-require-permissions=no name=Blocker-Import owner=RouterOS policy=\
    ftp,read,write,policy,test source="# Turris Import by Blacklister and edit\
    ed by Kato\r\
    \n{\r\
    \n# import config - delay for slow routers\r\
    \n#:delay 1m\r\
    \n:log warning \"Blocker script started\"\r\
    \n/ip firewall address-list\r\
    \n:local update do={\r\
    \n \r\
    \n :if (heirule != null) do={:set \$filtering \", filtering on: \$heirule\
    \"}\r\
    \n :put \"Start importing address-list: \$listname\$filtering\"\r\
    \n :log warning \"Start importing address-list: \$listname\$filtering\"\r\
    \n \r\
    \n /tool fetch url=\$url dst-path=\"/\$listname.txt\" as-value\r\
    \n # delay to wait file flush after fetch\r\
    \n :delay 1\r\
    \n :local filesize [/file get \"\$listname.txt\" size]\r\
    \n :local start 0\r\
    \n :local chunkSize 32767;\t\t# requested chunk size\r\
    \n :local partnumber\t(\$filesize / \$chunkSize); # how many chunk are chu\
    nkSize\r\
    \n :local remainder\t(\$filesize % (\$chunkSize-512)); # the last partly c\
    hunk and use reduced chunkSize\r\
    \n :if (\$remainder > 0) do={ :set partnumber (\$partnumber + 1) }; # tota\
    l number of chunks\r\
    \n \r\
    \n :local listCount [:len [find list=\$listname dynamic]]\r\
    \n \r\
    \n :put \"Deleting \$listCount entries (dynamic) from address-list: \$list\
    name\"\r\
    \n :log warning \"Deleting \$listCount entries (dynamic) from address-list\
    : \$listname\"\r\
    \n\r\
    \n :if (\$heirule = null) do={:set \$heirule \".\"}\r\
    \n\r\
    \n # remove the current dynamic entries completely\r\
    \n :do {remove [find where list=\$listname]} on-error={};\r\
    \n \r\
    \n :set \$listnameTemp (\$listname)\r\
    \n \r\
    \n :for x from=1 to=\$partnumber step=1 do={\r\
    \n   :local data ([:file read offset=\$start chunk-size=\$chunkSize file=\
    \"\$listname.txt\" as-value]->\"data\")\r\
    \n   # Only remove the first line only if you are not at the start of list\
    \r\
    \n   :if (\$start > 0) do={:set data [:pick \$data ([:find \$data \"\\n\"]\
    +1) [:len \$data]]}\r\
    \n   :while ([:len \$data]!=0) do={\r\
    \n     :local line [:pick \$data 0 [:find \$data \"\\n\"]]; # create only \
    once and checked twice as local variable\r\
    \n     :if (\$line~\"^[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1\
    ,3}\" && \$line~heirule) do={\r\
    \n       :local addr [:pick \$data 0 [:find \$data \$delimiter]]\r\
    \n       :do {add list=\$listnameTemp address=\$addr comment=\$description\
    } on-error={}; # on error avoids any panics\r\
    \n     }; # if IP address && extra filter if present\r\
    \n     :set data [:pick \$data ([:find \$data \"\\n\"]+1) [:len \$data]]; \
    # removes the just added IP from the data array\r\
    \n     # Cut of the end of the chunks by removing the last lines...very di\
    rty but it works\r\
    \n     :if (([:len \$data] < 256) && (x < \$partnumber)) do={:set data [:t\
    oarray \"\"]}   \r\
    \n   }; # while\r\
    \n\r\
    \n   #:set start (\$start + \$chunkSize)\r\
    \n   :set start ((\$start-512) + \$chunkSize); # shifts the subquential st\
    arts back with 512\r\
    \n }; #do for x\r\
    \n \r\
    \n  /file remove \"\$listname.txt\"\r\
    \n  :put \"Deleted downloaded file: \$listname.txt\"\r\
    \n  :log warning \"Deleted downloaded file: \$listname.txt\"\r\
    \n}; # do\r\
    \n\$update url=https://public-dns.info/nameservers-all.txt delimiter=(\"\\\
    n\") listname=DNS-DOH\r\
    \n#\$update url=https://level2.netset delimiter=(\"\\n\") listname=z-block\
    list-L2\r\
    \n#\$update url=https://latest.csv listname=z-blocklist delimiter=, heirul\
    e=http\r\
    \n#\$update url=https://drop.txt delimiter=(\"\\_\") listname=z-blocklist-\
    drop\r\
    \n\r\
    \n:log warning message=\"Blocker script COMPLETED running\"\r\
    \n}"
/tool mac-server
set allowed-interface-list=TRUSTED
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
Top
 
rolo95
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 16, 2022 5:19 pm

Re: IoT devices disconnect every 10 seconds

Sat Jun 01, 2024 12:34 am

i saw something similar on other post
problem was the MTU , it was tweaked some how
so set it back to the default

cant recall
on mine is 1500

try 1500 and report back
Top
 
Kataius
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

Re: IoT devices disconnect every 10 seconds

Sat Jun 01, 2024 1:28 am

Thanks for replay.

I try 1500 MTU (both on the AP and RB)

The issue still remain IoT device disconect and reconnet every 10 seconds
Top
 
User avatar
qatar2022
Member Candidate
Member Candidate
Posts: 178
Joined: Mon Aug 24, 2020 11:12 am

Re: IoT devices disconnect every 10 seconds

Sat Jun 01, 2024 8:44 pm

I have the same issue after updating to 7.15 but when I downgrade to 7.14.3 IOT connect normal
Top
 
Kataius
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

Re: IoT devices disconnect every 10 seconds

Sat Jun 01, 2024 10:57 pm

Unfortunately I'm from version 7.10. updating every version, I was hoping it was a bug but since it hasn't been resolved yet I think it's a configuration problem... (I also have the same problem with 7.14)
Top
 
rolo95
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 16, 2022 5:19 pm

Re: IoT devices disconnect every 10 seconds

Mon Jun 03, 2024 5:10 pm

I have the same issue after updating to 7.15 but when I downgrade to 7.14.3 IOT connect normal
maybe the OP can compare your config vs his, and that way see if it is config problem
Top
 
Kataius
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Sun Feb 05, 2023 4:38 pm
Location: Italy

Re: IoT devices disconnect every 10 seconds  [SOLVED]

Tue Jun 04, 2024 12:44 pm

For all those who come here for the same problem; I solved it by rolling back to version 7.8. no disconnection problems. I've tried them all, the most recent update that doesn't cause problems is 7.8. Thanks for those who dedicated their time to me
Top
 
rolo95
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jun 16, 2022 5:19 pm

Re: IoT devices disconnect every 10 seconds

Tue Jun 04, 2024 5:16 pm

Report it to MT
so they fix it in the next update, ( i hope )
Top
Post Reply
  4. RouterOS
  5. Beginner Basics