Code: Select all
/interface bridge
add admin-mac=D4:CA:6D:21:1F:C9 arp=proxy-arp auto-mac=no l2mtu=1594 name=\
bridge-local protocol-mode=rstp
add l2mtu=1594 name=bridge2-guest protocol-mode=rstp
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-b="" \
channel-width=20/40mhz-ht-above country=ireland disabled=no \
disconnect-timeout=5s distance=indoors frequency=2437 ht-rxchains=0,1 \
ht-txchains=0,1 l2mtu=2290 max-station-count=100 mode=ap-bridge ssid=\
"hide yo kids, hide yo wifi" supported-rates-b="" tx-power-mode=\
card-rates wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment=Wan name=ether1-gateway speed=1Gbps
set [ find default-name=ether2 ] comment="to switch" name=ether2-local-master \
speed=1Gbps
set [ find default-name=ether3 ] comment=Amiko master-port=\
ether2-local-master name=ether3-local-slave
set [ find default-name=ether4 ] comment=HTPC master-port=ether2-local-master \
name=ether4-local-slave
set [ find default-name=ether5 ] comment=PS3 master-port=ether2-local-master \
name=ether5-local-slave
/interface pptp-client
add allow=mschap1,mschap2 connect-to=xxxxxxxxx name=xxxx_vpn password=\
xxxxxxx user=xxxx
/interface pptp-server
add name=pptp-vpn-server user=""
/ip neighbor discovery
set ether1-gateway comment=Wan
set ether2-local-master comment="to switch"
set ether3-local-slave comment=Amiko
set ether4-local-slave comment=HTPC
set ether5-local-slave comment=PS3
set wlan1 discover=no
/interface vlan
add interface=ether2-local-master l2mtu=1594 name=vlan1-mgmt vlan-id=1
add interface=ether2-local-master l2mtu=1594 name=vlan2-guest vlan-id=2
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-mode=fallback
set 2 default-vlan-id=1 vlan-header=always-strip vlan-mode=fallback
set 3 default-vlan-id=1 vlan-header=always-strip vlan-mode=fallback
set 4 default-vlan-id=1 vlan-header=always-strip vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=xxxxxxxx \
wpa2-pre-shared-key=xxxxxxxx
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm management-protection=allowed name=guest \
supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
xxxxxxxx wpa2-pre-shared-key=xxxxxxx
/interface wireless
add default-ap-tx-limit=1024000 default-client-tx-limit=256000 \
default-forwarding=no disabled=no l2mtu=2290 mac-address=\
D6:CA:6D:21:1F:CD master-interface=wlan1 name=vap security-profile=guest \
ssid="the meth lab" wds-cost-range=0 wds-default-cost=0
/ip neighbor discovery
set vap discover=no
/ip firewall layer7-protocol
add name=Denied regexp="^.+(firstrownow.eu).*\$"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=10.10.0.100-10.10.0.254
add name=VPN-Pool ranges=10.10.0.91-10.10.0.99
add name=virtual-dhcp ranges=10.20.0.100-10.20.0.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=virtual-dhcp disabled=no interface=bridge2-guest name=\
virtual
/ppp profile
set 1 bridge=bridge-local dns-server=10.10.0.1 local-address=10.10.0.90 \
remote-address=VPN-Pool
/queue tree
add name=satbox packet-mark=satbox-packets parent=ether1-gateway priority=1
add limit-at=2M max-limit=7M name=p2p packet-mark=p2p-packets parent=\
ether1-gateway
add name=dns packet-mark=dns-packets parent=ether1-gateway priority=1
add name=teamspeak packet-mark=teamspeak-packet parent=ether1-gateway \
priority=2
add limit-at=2M max-limit=7M name=usenet packet-mark=https-packet-usenet \
parent=ether1-gateway
add name=http packet-mark=http-packet parent=ether1-gateway priority=4
add name=https packet-mark=https-packet parent=ether1-gateway priority=4
add name=ftp packet-mark=ftp-packet parent=ether1-gateway
add name=steam packet-mark=steam-packet parent=ether1-gateway priority=2
add name="steam dl" packet-mark=steam-dl-packet parent=ether1-gateway
add name="incoming http" packet-mark=incoming-packet parent=ether1-gateway \
priority=3
/queue simple
add limit-at=750k/5200 max-limit=850k/6200k name=parent_q_peak priority=2/2 \
queue=pcq-upload-default/pcq-download-default target=10.10.0.0/24 time=\
18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add limit-at=128k/2M max-limit=512k/5M name="HTPC peak" parent=parent_q_peak \
priority=2/2 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.229/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=2
add limit-at=128k/2M max-limit=512k/5M name="ps3 peak" parent=parent_q_peak \
priority=2/2 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.110/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=2
add limit-at=128k/2M max-limit=512k/5M name="colm s3 peak" parent=\
parent_q_peak priority=3/3 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.111/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=3
add limit-at=128k/2M max-limit=512k/5M name="olivia n4 peak" parent=\
parent_q_peak priority=3/3 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.105/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=3
add limit-at=128k/2M max-limit=512k/5M name="colm/dman r540 peak" parent=\
parent_q_peak priority=4/4 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.247/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=4
add limit-at=128k/2M max-limit=512k/5M name="nexus 7 peak" parent=\
parent_q_peak priority=4/4 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.102/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=4
add limit-at=128k/2M max-limit=512k/4M name="dman pc peak" parent=\
parent_q_peak priority=5/5 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.250/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=128k/2M max-limit=512k/4M name="dman pc eth 2 peak" parent=\
parent_q_peak priority=5/5 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.103/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=128k/2M max-limit=512k/4M name="aoife s peak" parent=\
parent_q_peak priority=5/5 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.251/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=128k/2M max-limit=512k/4M name="aoife laptop peak" parent=\
parent_q_peak priority=5/5 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.109/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=128k/2M max-limit=512k/4M name="aoife laptop 2 peak" parent=\
parent_q_peak priority=5/5 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.113/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=128k/2M max-limit=850k/6200k name="homer peak" parent=\
parent_q_peak priority=6/6 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.252/32 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=6
add limit-at=64k/1M max-limit=256k/2M name="default catch all peak" parent=\
parent_q_peak priority=7/7 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.0/24 time=18h-23h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=7
add limit-at=900k/6M max-limit=1M/7M name=parent_q priority=2/2 queue=\
pcq-upload-default/pcq-download-default target=10.10.0.0/24 time=\
0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat
add limit-at=256k/2M max-limit=768k/6M name=HTPC parent=parent_q priority=2/2 \
queue=pcq-upload-default/pcq-download-default target=10.10.0.229/32 time=\
0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat total-priority=2
add limit-at=256k/2M max-limit=768k/6M name=ps3 parent=parent_q priority=2/2 \
queue=pcq-upload-default/pcq-download-default target=10.10.0.110/32 time=\
0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat total-priority=2
add limit-at=256k/2M max-limit=768k/6M name="colm s3" parent=parent_q \
priority=3/3 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.111/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=3
add limit-at=256k/2M max-limit=768k/6M name="olivia n4" parent=parent_q \
priority=3/3 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.105/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=3
add limit-at=256k/2M max-limit=768k/6M name="colm/dman r540" parent=parent_q \
priority=4/4 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.247/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=4
add limit-at=256k/2M max-limit=768k/6M name="nexus 7" parent=parent_q \
priority=4/4 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.102/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=4
add limit-at=256k/2M max-limit=768k/5M name="dman pc" parent=parent_q \
priority=5/5 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.250/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=256k/2M max-limit=768k/5M name="dman pc eth2" parent=parent_q \
priority=5/5 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.103/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=256k/2M max-limit=768k/5M name="aoife s" parent=parent_q \
priority=5/5 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.251/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=256k/2M max-limit=768k/5M name="aoife laptop" parent=parent_q \
priority=5/5 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.109/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=256k/2M max-limit=768k/5M name="aoife laptop 2" parent=parent_q \
priority=5/5 queue=pcq-upload-default/pcq-download-default target=\
10.10.0.113/32 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=5
add limit-at=256k/2M max-limit=1M/7M name=homer parent=parent_q priority=6/6 \
queue=pcq-upload-default/pcq-download-default target=10.10.0.252/32 time=\
0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat total-priority=6
add limit-at=128k/1M max-limit=512k/4M name="default catch all" parent=\
parent_q priority=7/7 queue=pcq-upload-default/pcq-download-default \
target=10.10.0.0/24 time=0s-17h59m59s,sun,mon,tue,wed,thu,fri,sat \
total-priority=7
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=vlan1-mgmt
add bridge=bridge2-guest interface=vlan2-guest
add bridge=bridge2-guest interface=vap
/interface ethernet switch vlan
add independent-learning=no ports="ether2-local-master,ether3-local-slave,ethe\
r4-local-slave,ether5-local-slave" switch=switch1 vlan-id=1
add independent-learning=no ports=ether2-local-master switch=switch1 vlan-id=\
2
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=10.10.0.1/24 comment="default configuration" interface=\
bridge-local network=10.10.0.0
add address=10.20.0.1/24 interface=vap network=10.20.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1-gateway use-peer-ntp=no
/ip dhcp-server lease
add address=10.10.0.247 address-list=time_restricted always-broadcast=yes \
client-id=1:78:e4:0:fd:2:c5 comment="bart wifi" mac-address=\
78:E4:00:FD:02:C5 server=default
add address=10.10.0.252 client-id=1:a0:b3:cc:e0:b:14 comment=Homer \
mac-address=A0:B3:CC:E0:0B:14 server=default
add address=10.10.0.250 address-list=time_restricted client-id=\
1:0:1b:fc:2e:c:15 comment="Dman pc" mac-address=00:1B:FC:2E:0C:15 server=\
default
add address=10.10.0.203 client-id=1:8:3e:8e:19:31:17 comment=\
"Brother printer" mac-address=08:3E:8E:19:31:17 server=default
add address=10.10.0.100 client-id=1:0:27:22:62:24:bb mac-address=\
00:27:22:62:24:BB server=default
add address=10.10.0.101 client-id=1:0:27:22:62:24:b4 mac-address=\
00:27:22:62:24:B4 server=default
add address=10.10.0.120 client-id=1:30:0:a:0:28:e comment=Alien2 mac-address=\
30:00:0A:00:28:0E server=default
add address=10.10.0.229 comment=HTPC mac-address=F4:6D:04:E8:A1:E5 server=\
default
add address=10.10.0.104 comment=HDMini mac-address=28:07:0A:00:01:B2 server=\
default
add address=10.10.0.251 address-list=time_restricted always-broadcast=yes \
client-id=1:b4:7:f9:98:5f:44 comment="Aoife S" mac-address=\
B4:07:F9:98:5F:44 server=default
add address=10.10.0.111 comment="Colm S3" mac-address=38:AA:3C:41:D2:07 \
server=default
add address=10.10.0.103 address-list=time_restricted client-id=\
1:0:1b:fc:2e:9:66 comment="Dman pc eth2" mac-address=00:1B:FC:2E:09:66 \
server=default
add address=10.10.0.110 address-list=time_restricted client-id=\
1:28:d:fc:d8:bd:8f comment=Ps3 mac-address=28:0D:FC:D8:BD:8F server=\
default
add address=10.10.0.102 client-id=1:10:bf:48:c1:86:29 comment=N7 mac-address=\
10:BF:48:C1:86:29 server=default
add address=10.10.0.106 address-list=time_restricted comment="dman s" \
mac-address=B4:07:F9:F1:D2:1A server=default
add address=10.10.0.105 client-id=1:40:b0:fa:9c:f6:d1 comment="Olivia N4" \
mac-address=40:B0:FA:9C:F6:D1 server=default
add address=10.10.0.109 address-list=time_restricted client-id=\
1:e4:11:5b:f4:92:ce comment="aoife laptop" mac-address=E4:11:5B:F4:92:CE \
server=default
add address=10.10.0.113 client-id=1:1c:65:9d:de:d1:e6 comment=\
"aoife laptop 2" mac-address=1C:65:9D:DE:D1:E6 server=default
/ip dhcp-server network
add address=10.10.0.0/24 comment="default configuration" dns-server=10.10.0.1 \
gateway=10.10.0.1
add address=10.20.0.0/24 comment=virtual dns-server=8.8.8.8 gateway=10.20.0.1
/ip dns
set allow-remote-requests=yes cache-size=4096KiB max-udp-packet-size=512 \
servers=159.134.0.1,159.134.0.2
/ip dns static
add address=10.10.0.1 name=router
add address=10.10.0.252 name=homer
add address=10.10.0.120 name=alien2
add address=10.10.0.111 name=galaxys3
add address=194.71.107.80 name=thepiratebay.se
add address=194.71.107.80 name=thepiratebay.sx
add address=194.71.107.80 name=thepiratebay.org
/ip firewall filter
add action=drop chain=forward disabled=yes out-interface=!ether1-gateway \
src-address=10.20.0.0/24
add action=drop chain=forward disabled=yes dst-address=10.20.0.0/24 \
src-address=10.10.0.0/24
add chain=input comment="allow icmp" protocol=icmp
add chain=input comment="allow winbox" dst-port=8291 protocol=tcp
add chain=input comment="allow api" dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=trying_to_rdp \
address-list-timeout=1d chain=input comment="list IP's who try rdp" \
dst-port=3389 protocol=tcp
add action=add-src-to-address-list address-list=trying_to_login \
address-list-timeout=1d chain=input comment=\
"list IP's who try remote login" dst-port=20-23 protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 chain=input \
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add chain=input comment="allow ssh" dst-port=22 protocol=tcp
add action=drop chain=input comment="drop ftp" disabled=yes dst-port=21 \
protocol=tcp
add chain=input comment="accept vpn" dst-port=1723 in-interface=\
ether1-gateway protocol=tcp
add chain=input in-interface=ether1-gateway protocol=gre
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid
add chain=forward comment="allow already established connections" \
connection-state=established
add chain=forward comment="allow related connections" connection-state=\
related
add action=drop chain=input comment="drop invalid connections" \
connection-state=invalid
add chain=input comment="allow established connections" connection-state=\
established
add chain=input comment="acccept lan" in-interface=!ether1-gateway \
src-address=10.10.0.0/24
add action=drop chain=input comment="drop everything else"
/ip firewall mangle
add action=mark-connection chain=output comment="mark dns" connection-state=\
new dst-port=53 new-connection-mark=dns-con protocol=udp
add action=mark-connection chain=output connection-state=new dst-port=53 \
new-connection-mark=dns-con protocol=tcp
add action=mark-packet chain=output connection-mark=dns-con new-packet-mark=\
dns-packets passthrough=no
add action=mark-connection chain=forward comment="mark satbox" \
connection-state=new dst-port=29092 new-connection-mark=satbox-con \
out-interface=ether1-gateway protocol=tcp src-address=10.10.0.120
add action=mark-connection chain=forward connection-state=new dst-port=29092 \
new-connection-mark=satbox-con out-interface=ether1-gateway protocol=tcp \
src-address=10.10.0.104
add action=mark-connection chain=forward connection-state=new dst-port=29092 \
new-connection-mark=satbox-con out-interface=ether1-gateway protocol=tcp \
src-address=10.10.0.116
add action=mark-packet chain=forward connection-mark=satbox-con \
new-packet-mark=satbox-packets passthrough=no
add action=mark-connection chain=forward comment="http con" connection-state=\
new dst-port=80,8080 new-connection-mark=http-con out-interface=\
ether1-gateway protocol=tcp src-address=10.10.0.0/24
add action=mark-packet chain=forward connection-mark=http-con \
new-packet-mark=http-packet passthrough=no
add action=mark-connection chain=forward comment="https con" \
connection-state=new dst-port=443 new-connection-mark=https-con \
out-interface=ether1-gateway protocol=tcp src-address=10.10.0.0/24
add action=mark-connection chain=forward connection-mark=https-con dst-port=\
443 new-connection-mark=https-con-all protocol=tcp src-address=\
!10.10.0.252
add action=mark-connection chain=forward connection-mark=https-con dst-port=\
443 new-connection-mark=https-con-usenet protocol=tcp src-address=\
10.10.0.252
add action=mark-packet chain=forward connection-mark=https-con-all \
new-packet-mark=https-packet passthrough=no
add action=mark-packet chain=forward connection-mark=https-con-usenet \
new-packet-mark=https-packet-usenet passthrough=no
add action=mark-connection chain=forward comment="mark teamspeak" \
connection-state=new dst-port=9999 new-connection-mark=teamspeak-con \
out-interface=ether1-gateway protocol=udp src-address=10.10.0.250
add action=mark-connection chain=forward connection-state=new dst-address=\
86.43.111.229 new-connection-mark=teamspeak-con out-interface=\
ether1-gateway protocol=udp src-port=9999
add action=mark-packet chain=forward connection-mark=teamspeak-con \
new-packet-mark=teamspeak-packet passthrough=no
add action=mark-connection chain=forward comment="ftp con" connection-state=\
new dst-port=20-21 new-connection-mark=ftp-con out-interface=\
ether1-gateway protocol=tcp src-address=10.10.0.0/24
add action=mark-packet chain=forward connection-mark=ftp-con new-packet-mark=\
ftp-packet passthrough=no
add action=mark-connection chain=prerouting comment="mark p2p" \
connection-state=new new-connection-mark=p2p-con protocol=udp \
src-address=10.10.0.252 src-port=24106
add action=mark-connection chain=prerouting connection-state=new dst-address=\
86.43.111.229 dst-port=24106 new-connection-mark=p2p-con protocol=udp
add action=mark-connection chain=prerouting connection-state=new \
new-connection-mark=p2p-con protocol=tcp src-address=10.10.0.252 \
src-port=24106
add action=mark-connection chain=prerouting connection-state=new dst-address=\
86.43.111.229 dst-port=24106 new-connection-mark=p2p-con protocol=tcp
add action=mark-packet chain=prerouting connection-mark=p2p-con \
new-packet-mark=p2p-packets passthrough=no
add action=mark-connection chain=forward comment=steam connection-state=new \
dst-port=27000-27015 new-connection-mark=steam-con out-interface=\
ether1-gateway protocol=udp src-address=10.10.0.250
add action=mark-connection chain=forward connection-state=new dst-address=\
86.43.111.229 new-connection-mark=steam-con out-interface=ether1-gateway \
protocol=udp src-port=27000-27015
add action=mark-packet chain=forward connection-mark=steam-con \
new-packet-mark=steam-packet passthrough=no
add action=mark-connection chain=forward comment="steam dl" connection-state=\
new dst-port=27014-27050 new-connection-mark=steam-dl-con out-interface=\
ether1-gateway protocol=tcp src-address=10.10.0.250
add action=mark-connection chain=forward connection-state=new dst-address=\
86.43.111.229 new-connection-mark=steam-dl-con out-interface=\
ether1-gateway protocol=tcp src-port=27014-27050
add action=mark-packet chain=forward connection-mark=steam-dl-con \
new-packet-mark=steam-dl-packet passthrough=no
add action=mark-connection chain=forward comment=incoming connection-state=\
new dst-port=3389,8282,9095,8787,8008,8081,5050,8089,8989,8182,7080,81,82 \
in-interface=ether1-gateway new-connection-mark=incoming-con protocol=tcp
add action=mark-packet chain=forward connection-mark=incoming-con \
new-packet-mark=incoming-packet passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade out-interface=\
ether1-gateway
add action=masquerade chain=srcnat comment="hairpin nat rule" dst-address=\
10.10.0.252 src-address=10.10.0.0/24
add action=redirect chain=dstnat comment="redirect dns" disabled=yes \
dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat disabled=yes dst-port=53 protocol=udp \
to-ports=53
add action=dst-nat chain=dstnat comment="homer rdp" disabled=yes dst-port=\
3389 protocol=tcp to-addresses=10.10.0.252 to-ports=3389
add action=dst-nat chain=dstnat comment=sabnzb dst-port=8282 protocol=tcp \
to-addresses=10.10.0.252 to-ports=8282
add action=dst-nat chain=dstnat comment="sabnzb https" dst-port=9095 \
protocol=tcp to-addresses=10.10.0.252 to-ports=9095
add action=dst-nat chain=dstnat comment="alien 2" dst-port=8787 protocol=tcp \
to-addresses=10.10.0.120 to-ports=8787
add action=dst-nat chain=dstnat dst-port=8787 protocol=udp to-addresses=\
10.10.0.120 to-ports=8787
add action=dst-nat chain=dstnat comment="utorrent web" dst-port=8008 \
protocol=tcp to-addresses=10.10.0.252 to-ports=8008
add action=dst-nat chain=dstnat dst-port=8008 protocol=udp to-addresses=\
10.10.0.252 to-ports=8008
add action=dst-nat chain=dstnat comment=sickbeard dst-port=8081 protocol=tcp \
to-addresses=10.10.0.252 to-ports=8081
add action=dst-nat chain=dstnat comment=couchpotato dst-port=5050 protocol=\
tcp to-addresses=10.10.0.252 to-ports=5050
add action=dst-nat chain=dstnat comment=nzbdrone dst-port=8989 protocol=tcp \
to-addresses=10.10.0.252 to-ports=8989
add action=dst-nat chain=dstnat comment="htpc manager" dst-port=8089 \
protocol=tcp to-addresses=10.10.0.252 to-ports=8089
add action=dst-nat chain=dstnat comment=headphones dst-port=8182 protocol=tcp \
to-addresses=10.10.0.252 to-ports=8182
add action=dst-nat chain=dstnat dst-port=8182 protocol=udp to-addresses=\
10.10.0.252 to-ports=8182
add action=dst-nat chain=dstnat comment=Airvision dst-port=7080 protocol=tcp \
to-addresses=10.10.0.252 to-ports=7080
add action=dst-nat chain=dstnat dst-port=7443 protocol=tcp to-addresses=\
10.10.0.252 to-ports=7443
add action=dst-nat chain=dstnat dst-port=1935 protocol=tcp to-addresses=\
10.10.0.252 to-ports=1935
add action=dst-nat chain=dstnat comment="aircam 1" dst-port=81 protocol=tcp \
to-addresses=10.10.0.100 to-ports=80
add action=dst-nat chain=dstnat dst-port=81 protocol=udp to-addresses=\
10.10.0.100 to-ports=80
add action=dst-nat chain=dstnat comment="aircam 2" dst-port=82 protocol=tcp \
to-addresses=10.10.0.101 to-ports=80
add action=dst-nat chain=dstnat dst-port=82 protocol=udp to-addresses=\
10.10.0.101 to-ports=80
add action=dst-nat chain=dstnat comment=Torchlight1 disabled=yes dst-port=\
4549 protocol=tcp to-addresses=10.10.0.250 to-ports=4549
add action=dst-nat chain=dstnat comment=Torchlight2 disabled=yes dst-port=\
4175 protocol=udp to-addresses=10.10.0.250 to-ports=4175
add action=dst-nat chain=dstnat comment=Torchlight3 disabled=yes dst-port=\
4179 protocol=udp to-addresses=10.10.0.250 to-ports=4179
add action=dst-nat chain=dstnat comment=Torchlight4 disabled=yes dst-port=\
4171 protocol=udp to-addresses=10.10.0.250 to-ports=4171
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes ports=1723
/ip proxy
set max-cache-size=none parent-proxy=0.0.0.0
/ip service
set telnet disabled=yes
set www port=89
set api disabled=yes
/ip traffic-flow target
add address=10.10.0.252:2055 version=5
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/ppp secret
add name=xxxx password=xxxxxxxx profile=default-encryption service=pptp
/queue interface
set ether1-gateway queue=default-small
set ether2-local-master queue=default-small
set ether3-local-slave queue=default-small
set ether4-local-slave queue=default-small
set ether5-local-slave queue=default-small
/system clock
set time-zone-name=Europe/Dublin
/system identity
set name=Milhouse
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.1.193.157 secondary-ntp=\
85.91.1.164
/system scheduler
add disabled=yes interval=5m name=dynDNS on-event=\
"/system script run dynDNS\r\
\n" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup
add comment="Backup and email config" interval=1w name="backup config" \
on-event="/system script run backup\r\
\n" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup
add disabled=yes interval=15m name="dhcp check" on-event=\
"/system script run dhcprenew" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=nov/20/2012 start-time=09:57:34
add comment="Check and set NTP servers" interval=1w name=CheckNTPServers \
on-event=setntppool policy=read,write,test start-date=jan/01/1970 \
start-time=16:00:00
/system script
add name=backup policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/export file=([/system identity get name] . \"-\" . \\\
\n[:pick [/system clock get date] 7 11] . [:pick [/system clock get date] \
0 3] . [:pick [/system clock get date] 4 6]); \\\
\n/tool e-mail send to=\"xxxxxxx\" subject=([/system identity \
get name] . \" Backup \" . \\\
\n[/system clock get date]) file=([/system identity get name] . \"-\" . [:\
pick [/system clock get date] 7 11] . \\\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4\
\_6] . \".rsc\"); :delay 10; \\\
\n/file rem [/file find name=([/system identity get name] . \"-\" . [:pick\
\_[/system clock get date] 7 11] . \\\
\n[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4\
\_6] . \".rsc\")]; \\\
\n:log info (\"System Backup emailed at \" . [/sys cl get time] . \" \" . \
[/sys cl get date])"
add name=dhcprenew policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":if ( [/ping 8.8.8.8 interface=ether1-gateway count=10 ] = 0 ) do=\
{/system reboot}\r\
\n:log info (\"dhcprenew: run\")"
add name=dynDNS policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="# Set needed variables\r\
\n:local username \xxxxxxx\"\r\
\n:local password \"ozbCttQs\"\r\
\n:local hostname \"xxxxxxx\"\r\
\n\r\
\n:global dyndnsForce\r\
\n:global previousIP\r\
\n\r\
\n# print some debug info \r\
\n:log info (\"UpdateDynDNS: username = \$username\")\r\
\n:log info (\"UpdateDynDNS: hostname = \$hostname\")\r\
\n:log info (\"UpdateDynDNS: previousIP = \$previousIP\")\r\
\n\r\
\n# get the current IP address from the internet (in case of double-nat)\r\
\n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-\
path=\"/dyndns.checkip.html\"\r\
\n:local result [/file get dyndns.checkip.html contents]\r\
\n\r\
\n# parse the current IP result\r\
\n:local resultLen [:len \$result]\r\
\n:local startLoc [:find \$result \": \" -1]\r\
\n:set startLoc (\$startLoc + 2)\r\
\n:local endLoc [:find \$result \"</body>\" -1]\r\
\n:local currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n:log info \"UpdateDynDNS: currentIP = \$currentIP\"\r\
\n\r\
\n# Remove the # on next line to force an update every single time - usefu\
l for debugging, but you could end up getting blacklisted by DynDNS!\r\
\n#:set dyndnsForce true\r\
\n\r\
\n# Determine if dyndns update is needed\r\
\n# more dyndns updater request details available at http://www.dyndns.com\
/developers/specs/syntax.html\r\
\n:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\r\
\n :set dyndnsForce false\r\
\n :set previousIP \$currentIP\r\
\n /tool fetch user=\$username password=\$password mode=http address=\"\
members.dyndns.org\" src-path=\"/nic/update\?hostname=\$hostname&myip=\$cu\
rrentIP\" dst-path=\"/dyndns.txt\"\r\
\n :local result [/file get dyndns.txt contents]\r\
\n :log info (\"UpdateDynDNS: Dyndns update needed\")\r\
\n :log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\r\
\n :put (\"Dyndns Update Result: \".\$result)\r\
\n} else={\r\
\n :log info (\"UpdateDynDNS: No dyndns update needed\")\r\
\n}"
add name=GlobalVars policy=\
ftp,reboot,write,policy,test,winbox,password,sniff,sensitive,api source="#\
\_System configuration script - \"GlobalVars\"\r\
\n\r\
\n:put \"Setting system globals\";\r\
\n\r\
\n# System name\r\
\n:global SYSname [/system identity get name];\r\
\n\r\
\n# E-mail address to send notifications to\r\
\n:global SYSsendemail \"xxxxxxx\";\r\
\n\r\
\n# E-mail address to send notifications from\r\
\n:global SYSmyemail \"xxxxxxx\";\r\
\n\r\
\n# Mail server to use\r\
\n:global SYSemailserver \"159.134.198.135\";\r\
\n\r\
\n# NTP pools to use (check www.pool.ntp.org)\r\
\n:global SYSntpa \"0.ie.pool.ntp.org\";\r\
\n:global SYSntpb \"1.ie.pool.ntp.org\";"
add name=setntppool policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="# Check and set NTP servers - \"setntppool\"\r\
\n\r\
\n# We need to use the following globals which must be defined here even\r\
\n# though they are also defined in the script we call to set them.\r\
\n:global SYSname;\r\
\n:global SYSsendemail;\r\
\n:global SYSmyemail;\r\
\n:global SYSmyname;\r\
\n:global SYSemailserver;\r\
\n:global SYSntpa;\r\
\n:global SYSntpb;\r\
\n\r\
\n# Load the global variables with the system defaults\r\
\n/system script run GlobalVars\r\
\n\r\
\n# Resolve the two ntp pool hostnames\r\
\n:local ntpipa [:resolve \$SYSntpa];\r\
\n:local ntpipb [:resolve \$SYSntpb];\r\
\n\r\
\n# Get the current settings\r\
\n:local ntpcura [/system ntp client get primary-ntp];\r\
\n:local ntpcurb [/system ntp client get secondary-ntp];\r\
\n\r\
\n# Define a variable so we know if anything's changed.\r\
\n:local changea 0;\r\
\n:local changeb 0;\r\
\n\r\
\n# Debug output\r\
\n:put (\"Old: \" . \$ntpcura . \" New: \" . \$ntpipa);\r\
\n:put (\"Old: \" . \$ntpcurb . \" New: \" . \$ntpipb);\r\
\n\r\
\n# Change primary if required\r\
\n:if (\$ntpipa != \$ntpcura) do={\r\
\n :put \"Changing primary NTP\";\r\
\n /system ntp client set primary-ntp=\"\$ntpipa\";\r\
\n :set changea 1;\r\
\n }\r\
\n\r\
\n# Change secondary if required\r\
\n:if (\$ntpipb != \$ntpcurb) do={\r\
\n :put \"Changing secondary NTP\";\r\
\n /system ntp client set secondary-ntp=\"\$ntpipb\";\r\
\n :set changeb 1;\r\
\n }\r\
\n\r\
\n# If we've made a change, send an e-mail to say so.\r\
\n:if ((\$changea = 1) || (\$changeb = 1)) do={\r\
\n :put \"Sending e-mail.\";\r\
\n /tool e-mail send \\\r\
\n to=\$SYSsendemail \\\r\
\n subject=(\$SYSname . \" NTP change\") \\\r\
\n from=\$SYSmyemail \\\r\
\n server=\$SYSemailserver \\\r\
\n body=(\"Your NTP servers have just been changed:\\n\\nPrimary:\\\
nOld: \" . \$ntpcura . \"\\nNew: \" \\\r\
\n . \$ntpipa . \"\\n\\nSecondary\\nOld: \" . \$ntpcurb . \"\\nNe\
w: \" . \$ntpipb);\r\
\n }"
/tool e-mail
set address=159.134.198.135 from=<>xxxxxxx
/tool graphing
set store-every=hour
/tool graphing interface
add allow-address=10.10.0.0/24 interface=ether1-gateway
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
[admin@Milhouse] >