now, i reset my configuration and started again, i tought maybe some conf got corrupted, and the same thing, high usage.
Finally i went back to 6.46.6 and everything went to normal again, same low battery usage on standby.
i did not tested without capsman, i will try to, but if works ok as a ap, then capsman has a problem.
Anyone had a similar problem with the new stable version?
here are my 2 conf files
Code: Select all
# jul/03/2020 06:50:06 by RouterOS 6.46.6
# software id = YE7D-V6K7
#
# model = RBD52G-5HacD2HnD
# serial number =
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=channel_1-6-11
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX \
frequency=5180 name=channel_5G reselect-interval=1h
/caps-man datapath
add local-forwarding=yes name=datapathGuest vlan-id=20 vlan-mode=use-tag
add client-to-client-forwarding=yes local-forwarding=yes name=datapathLAN
/interface bridge
add comment="Guest LAN" disabled=yes name=bridgeGuest pvid=20 vlan-filtering=\
yes
add admin-mac=74:4D:28:C1:A5:B5 auto-mac=no comment=defconf name=bridgeLAN
/interface ethernet
set [ find default-name=ether1 ] comment=Izzi name=ether1-WAN1
set [ find default-name=ether2 ] comment="RBcAPGi-5acD2nD Pasillo" name=\
ether2-CAPsMAN
set [ find default-name=ether3 ] comment=LAN name=ether3-LAN
set [ find default-name=ether4 ] comment="Libre vLAN20"
set [ find default-name=ether5 ] comment=Telnor name=ether5-WAN2
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
antenna-gain=20 band=2ghz-g/n channel-width=20/40mhz-XX country=\
"united states" distance=indoors frequency=auto installation=indoor mode=\
ap-bridge multicast-helper=full name=wlan2GHz ssid=MikroTik \
wireless-protocol=802.11 wmm-support=enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(20dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
antenna-gain=10 band=5ghz-n/ac channel-width=20/40/80mhz-XXXX disabled=no \
distance=indoors hw-protection-mode=rts-cts hw-retries=4 installation=\
indoor mode=ap-bridge multicast-helper=full name=wlan5GHz ssid=RECGV \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface vlan
add interface=bridgeLAN name=vlan20 vlan-id=20
/caps-man rates
add basic=12Mbps name="GN Only" supported=\
12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name="RECGV WiFi"
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name="RECGV Guest"
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name="MEDIA WiFi"
/caps-man configuration
add channel=channel_5G country="united states3" datapath=datapathLAN \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
default name=MyHomeWifiAC rx-chains=0,1 security="RECGV WiFi" ssid=RECGV \
tx-chains=0,1
add channel=channel_5G country="united states3" datapath=datapathLAN \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \
name=xxMyHomeWifiAC_5 rx-chains=0,1 security="RECGV WiFi" ssid=RECGV_5G \
tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathLAN \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
default name=MyHomeWifi rates="GN Only" rx-chains=0,1 security=\
"RECGV WiFi" ssid=RECGV tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathGuest \
datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \
distance=indoors frame-lifetime=0ms guard-interval=any \
hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
default name=MyGuestWiFi rates="GN Only" rx-chains=0,1 security=\
"RECGV Guest" ssid=RECGV_Guest tx-chains=0,1
add channel=channel_5G country="united states3" datapath=datapathGuest \
datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \
distance=indoors frame-lifetime=0ms guard-interval=any \
hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
default name=MyGuestWiFiAC rx-chains=0,1 security="RECGV Guest" ssid=\
RECGV_Guest tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathLAN \
disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \
name=xxMyHomeWifi_2.4 rates="GN Only" rx-chains=0,1 security="RECGV WiFi" \
ssid=RECGV_2G tx-chains=0,1
/caps-man interface
add configuration=MyHomeWifi disabled=no l2mtu=1600 mac-address=\
64:D1:54:F7:B2:CF master-interface=none name="2.4-cAP ac" radio-mac=\
64:D1:54:F7:B2:CF radio-name=64D154F7B2CF
add configuration=MyGuestWiFi disabled=no l2mtu=1600 mac-address=\
66:D1:54:F7:B2:CF master-interface="2.4-cAP ac" name="2.4-cAP ac Guest" \
radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2CF
add configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\
64:D1:54:F7:B2:D0 master-interface=none name="5.0-cAP ac" radio-mac=\
64:D1:54:F7:B2:D0 radio-name=64D154F7B2D0
add configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\
66:D1:54:F7:B2:D0 master-interface="5.0-cAP ac" name="5.0-cAP ac Guest" \
radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2D0
add configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\
74:4D:28:C1:A5:BA master-interface=none name="5.0-hAP ac^2" radio-mac=\
74:4D:28:C1:A5:BA radio-name=744D28C1A5BA
add configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\
76:4D:28:C1:A5:BA master-interface="5.0-hAP ac^2" name=\
"5.0-hAP ac^2 Guest" radio-mac=00:00:00:00:00:00 radio-name=764D28C1A5BA
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=defconf name=WAN2
add comment=AllWAN name=WANAll
add comment=WLAN name=WLAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Youtube regexp=\
"^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=Facebook regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.co\
m|fbcdn.net|fb.com|tfbnw.net).*\$"
add name=Netflix regexp=\
"^.+(netflix|nflxext|nflximg|nflxsearch|nflxso|nflxvideo).*\$"
add name=youtube1 regexp="^.+(youtube).*\$"
add name=facebook1 regexp="^.+(facebook).*\$"
add name=whatsapp1 regexp="^.+(whatsapp).*\$"
add name=netflix1 regexp="^.+(netflix).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.150-192.168.0.220
add name=poolGuest ranges=192.168.20.100-192.168.20.150
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
defconf
add address-pool=poolGuest disabled=no interface=vlan20 lease-time=2h name=\
guestDHCP
/ppp profile
add name=profileTelnor on-down=":do {\r\
\n/ip firewall address-list remove [find where list=WAN2-ADDR]\r\
\n}" on-up=":do {\r\
\n/ip firewall address-list add list=WAN2-ADDR address=\$\"local-address\"\
\r\
\n}" remote-address=8.8.4.4
add change-tcp-mss=yes name=openvpn use-compression=no use-encryption=yes \
use-mpls=no
add change-tcp-mss=yes name=profileTorguard on-down=":do {\r\
\n/ip firewall address-list remove [find where list=VPN-ADDR]\r\
\n}" on-up=":do {\r\
\n/ip firewall address-list add list=VPN-ADDR address=\$\"local-address\"\
\r\
\n}"
/interface pppoe-client
add add-default-route=yes comment=Telnor default-route-distance=2 disabled=no \
interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \
use-peer-dns=yes user=gisselam@prodigy.net.mx
/interface l2tp-client
add comment=VPN connect-to=98.153.62.16 disabled=no name=TorGuard profile=\
profileTorguard use-ipsec=yes user=recgaxiola@gmail.com
/queue simple
add burst-limit=2M/5M burst-threshold=1M/5M burst-time=2s/2s limit-at=1M/5M \
max-limit=1M/5M name=queueGuest target=192.168.20.0/24
add burst-limit=1M/5M burst-threshold=1M/5M burst-time=1s/1s limit-at=1M/5M \
max-limit=1M/5M name=queueGuestE3000 target=192.168.0.5/32
add burst-limit=512k/4M burst-threshold=512k/4M burst-time=1s/1s disabled=yes \
limit-at=512k/4M max-limit=512k/4M name=queue1 target=192.168.0.0/24
/queue tree
add disabled=yes limit-at=100M max-limit=100M name=Root parent=global
add disabled=yes limit-at=2M max-limit=10M name=icmp packet-mark=icmp_packet \
parent=Root priority=1
add disabled=yes limit-at=40M max-limit=100M name=web packet-mark=web_packet \
parent=Root priority=5
add disabled=yes limit-at=20M max-limit=100M name=quic packet-mark=\
quic_packet parent=Root priority=5
add disabled=yes limit-at=38M max-limit=100M name=resto packet-mark=\
resto_packet parent=Root
add disabled=yes name=DESCARGA parent=bridgeLAN priority=1
add disabled=yes name=Dns packet-mark=Dns_Dow_Pk parent=DESCARGA priority=1
add disabled=yes name=Icmp packet-mark=Icmp_Pk_Down parent=DESCARGA priority=\
1
add disabled=yes name="Juegos Dow" parent=DESCARGA priority=2
add disabled=yes name=Dota packet-mark=Dota2_Dow_pk parent="Juegos Dow" \
priority=1
add disabled=yes name=Fornite packet-mark=fornite_Dow_pk parent="Juegos Dow" \
priority=2
add disabled=yes name=Lol packet-mark=LoL_Dow_PK parent="Juegos Dow" \
priority=1
add disabled=yes name=Wolftem packet-mark=Wolftem_Dow_Pk parent="Juegos Dow" \
priority=2
add disabled=yes name="Paginas Down" parent=DESCARGA priority=4
add disabled=yes name=Http packet-mark=Http_Pk_Down parent="Paginas Down" \
priority=3
add disabled=yes name=Https packet-mark=Https_Pk_Down parent="Paginas Down" \
priority=4
add disabled=yes name=Netflix packet-mark=Netflix_Pk_Down parent=\
"Paginas Down" priority=4
add disabled=yes name=YouTube packet-mark=YouTube_Pk_Down parent=\
"Paginas Down" priority=4
add disabled=yes name=Facebook packet-mark=Facebook_Pk_Down parent=\
"Paginas Down" priority=2
add disabled=yes name="Zxtras Dow" parent=DESCARGA priority=2
add disabled=yes name=Wasaap packet-mark=Wasaap_Dow_Pk parent="Zxtras Dow" \
priority=1
add disabled=yes name=Correo packet-mark=Correo_Dow_Pk parent="Zxtras Dow" \
priority=2
add disabled=yes name="PLAY PS3" packet-mark=PlayStation_Dow_Pk parent=\
"Zxtras Dow" priority=3
add disabled=yes name=Xbox packet-mark=Xbox_Dow_pk parent="Zxtras Dow" \
priority=3
add disabled=yes name=SUBIDA parent=ether1-WAN1 priority=1
add disabled=yes name="Dns up" packet-mark=Dns_Udp_Pk parent=SUBIDA priority=\
1
add disabled=yes name="Icmp up" packet-mark=Icmp_Pk_Up parent=SUBIDA \
priority=1
add disabled=yes name="Juegos Up" parent=SUBIDA priority=2
add disabled=yes name="Dota up" packet-mark=dota2_Udp_Pqt parent="Juegos Up" \
priority=1
add disabled=yes name=Fortine packet-mark=fornite_Udp_pk parent="Juegos Up" \
priority=2
add disabled=yes name="Lol up" packet-mark=LoL_UP_pk parent="Juegos Up" \
priority=1
add disabled=yes name="Wolftem up" packet-mark=Wolftem_Udp_pk parent=\
"Juegos Up" priority=2
add disabled=yes name="Paginas Up" parent=SUBIDA priority=4
add disabled=yes name="Facebook up" packet-mark=Facebook_Pk_Up parent=\
"Paginas Up" priority=2
add disabled=yes name="Http Up" packet-mark=Http_Pk_Up parent="Paginas Up" \
priority=3
add disabled=yes name="Https Up" packet-mark=Https_Pk_Up parent="Paginas Up" \
priority=4
add disabled=yes name="Netflix Up" packet-mark=Netflix_Pk_Up parent=\
"Paginas Up" priority=4
add disabled=yes name="YouTube Up" packet-mark=YouTube_Pk_Up parent=\
"Paginas Up" priority=4
add disabled=yes name="Zxtras UP" parent=SUBIDA priority=2
add disabled=yes name="PLAY PS3 up" packet-mark=Playstation_Up_Pk parent=\
"Zxtras UP" priority=3
add disabled=yes name="Wasaap up" packet-mark=Wasasp_Up_Pk parent="Zxtras UP" \
priority=1
add disabled=yes name="Xbox up" packet-mark=Xbox_Up_pk parent="Zxtras UP" \
priority=3
/queue type
add kind=pcq name=WEB
add kind=pcq name=YOUTUBE pcq-classifier=dst-address pcq-dst-address6-mask=64 \
pcq-src-address6-mask=64 pcq-total-limit=5000KiB
/system logging action
set 3 remote=192.168.0.4
add disk-file-count=31 disk-file-name=disk1/logs/log disk-lines-per-file=4096 \
name=disk1 target=disk
add disk-file-count=31 disk-file-name=disk1/logs/snmplog disk-lines-per-file=\
4096 name=snmpdisk target=disk
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
add name=sniffer policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!\
test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/caps-man access-list
add action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \
disabled=no interface="5.0-cAP ac" mac-address=00:F6:20:90:AB:F0 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \
disabled=no interface="5.0-hAP ac^2" mac-address=00:F6:20:90:AB:F0 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \
disabled=no interface="5.0-cAP ac" mac-address=F0:5C:77:4D:44:BD \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \
disabled=no interface="5.0-hAP ac^2" mac-address=F0:5C:77:4D:44:BD \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Nest Hub Cocina" disabled=no interface="5.0-cAP ac" mac-address=\
1C:F2:9A:0C:76:F4 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Nest Hub Cocina" disabled=no interface="5.0-hAP ac^2" \
mac-address=1C:F2:9A:0C:76:F4 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \
disabled=no interface="5.0-cAP ac" mac-address=48:D6:D5:14:48:60 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \
disabled=no interface="5.0-hAP ac^2" mac-address=48:D6:D5:14:48:60 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \
disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:3E:67:B2 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \
disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:3E:67:B2 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Hector" disabled=no interface="5.0-cAP ac" mac-address=\
D4:F5:47:21:0A:E0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Hector" disabled=no interface="5.0-hAP ac^2" \
mac-address=D4:F5:47:21:0A:E0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \
disabled=no interface="5.0-cAP ac" mac-address=A4:77:33:2F:1F:86 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \
disabled=no interface="5.0-hAP ac^2" mac-address=A4:77:33:2F:1F:86 \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Alex" disabled=no interface="5.0-cAP ac" mac-address=\
D4:F5:47:0D:C3:27 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Alex" disabled=no interface="5.0-hAP ac^2" mac-address=\
D4:F5:47:0D:C3:27 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Papas" disabled=no interface="5.0-cAP ac" mac-address=\
D4:F5:47:17:4E:9F ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
"Google Home Mini Papas" disabled=no interface="5.0-hAP ac^2" \
mac-address=D4:F5:47:17:4E:9F ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \
disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:46:94:EC \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \
disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:46:94:EC \
ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Galaxy S10" \
disabled=yes interface="2.4-cAP ac" mac-address=A8:DB:03:10:E7:3D \
signal-range=-70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Galaxy S20" \
disabled=yes interface="2.4-cAP ac" mac-address=8C:B8:4A:F7:7C:A3 \
signal-range=-70..120 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=\
yes disabled=no interface=any signal-range=-86..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
signal-range=-120..-87 ssid-regexp=""
add comment="Ipad Hector" mac-address=F0:76:6F:73:A7:7C
add comment="LG G6" mac-address=A8:B8:6E:81:B8:59
add comment="Alex PC" mac-address=54:E6:FC:86:56:10
add comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54
add comment="Foco Hector" mac-address=60:01:94:ED:E1:23
add comment="Foco Alex" mac-address=D8:F1:5B:98:92:63
add comment="Foco Papas" mac-address=CC:50:E3:65:0C:09
add comment=Roku mac-address=B8:A1:75:D4:E8:B4
/caps-man manager
set enabled=yes package-path=/disk1
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridgeLAN
add disabled=no interface=bridgeGuest
/caps-man provisioning
add action=create-enabled hw-supported-modes=g master-configuration=\
MyHomeWifi name-format=prefix-identity name-prefix=2.4 \
slave-configurations=MyGuestWiFi
add action=create-enabled hw-supported-modes=ac master-configuration=\
MyHomeWifiAC name-format=prefix-identity name-prefix=5.0 \
slave-configurations=MyGuestWiFiAC
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all wan-interface-list=all
/interface list member
add comment=defconf interface=bridgeLAN list=LAN
add comment=defconf interface=ether1-WAN1 list=WAN
add comment=defconf interface=pppoe-Telnor list=WAN2
add interface=pppoe-Telnor list=WANAll
add interface=TorGuard list=WANAll
add interface=ether1-WAN1 list=WANAll
add interface=vlan20 list=LAN
add interface=bridgeGuest list=LAN
add interface=ether5-WAN2 list=WANAll
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/interface wireless access-list
add interface=wlan5GHz vlan-mode=no-tag
/interface wireless cap
#
set bridge=bridgeLAN caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
wlan5GHz
/ip accounting
set threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.0/24
/ip address
add address=192.168.0.1/24 interface=ether3-LAN network=192.168.0.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-client
add comment=defconf disabled=no interface=ether1-WAN1 script=":if (\$bound=1) \
do={ \r\
\n /ip firewall address-list add list=WAN1-ADDR address=\$\"lease-addres\
s\"\r\
\n} else={\r\
\n /ip firewall address-list remove [find where list=WAN1-ADDR]\r\
\n}"
/ip dhcp-server lease
add address=192.168.0.47 comment="Chromecast 3 Papas" mac-address=\
7C:D9:5C:46:94:EC server=defconf
add address=192.168.0.41 comment=Roku mac-address=B8:A1:75:D4:E8:B4 server=\
defconf
add address=192.168.0.33 client-id=1:e0:d5:5e:12:c8:d6 comment="Hector PC" \
mac-address=E0:D5:5E:12:C8:D6 server=defconf
add address=192.168.0.46 comment="Chromecast 2 Cocina" mac-address=\
48:D6:D5:14:48:60 server=defconf
add address=192.168.0.45 comment="Chromecast 1 Alex" mac-address=\
A4:77:33:2F:1F:86 server=defconf
add address=192.168.0.34 client-id=1:54:e6:fc:86:56:10 comment="Alex PC" \
mac-address=54:E6:FC:86:56:10 server=defconf
add address=192.168.0.24 comment="Nintendo Switch" mac-address=\
58:2F:40:C3:29:D2 server=defconf
add address=192.168.0.29 client-id=1:e8:61:7e:53:19:7d comment="PS4 WiFi" \
mac-address=E8:61:7E:53:19:7D server=defconf
add address=192.168.0.55 comment="Foco Papas" mac-address=CC:50:E3:65:0C:09 \
server=defconf
add address=192.168.0.57 comment="Foco Hector" mac-address=60:01:94:ED:E1:23 \
server=defconf
add address=192.168.0.58 comment="Foco Alex" mac-address=D8:F1:5B:98:92:63 \
server=defconf
add address=192.168.0.56 comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54 \
server=defconf
add address=192.168.0.150 comment=DHCP mac-address=12:34:56:78:90:12 server=\
defconf
add address=192.168.0.11 client-id=1:0:30:67:53:22:f2 comment=LibreELEC \
mac-address=00:30:67:53:22:F2 server=defconf
add address=192.168.0.28 client-id=1:70:9e:29:c0:fa:49 comment="PS4 LAN" \
mac-address=70:9E:29:C0:FA:49 server=defconf
add address=192.168.0.26 client-id=1:0:1d:d8:af:d0:8b comment="Xbox 360" \
mac-address=00:1D:D8:AF:D0:8B server=defconf
add address=192.168.0.25 client-id=1:cc:7e:e7:df:99:b4 comment="TV Panasonic" \
mac-address=CC:7E:E7:DF:99:B4 server=defconf
add address=192.168.0.27 client-id=1:0:1f:a7:4e:d2:eb comment="PS3 LAN" \
mac-address=00:1F:A7:4E:D2:EB server=defconf
add address=192.168.0.53 comment="Google Home Sala " mac-address=\
00:F6:20:90:AB:F0 server=defconf
add address=192.168.0.48 comment="Chromecast 3 Hector" mac-address=\
7C:D9:5C:3E:67:B2 server=defconf
add address=192.168.0.51 comment="Google Home Mini Hector" mac-address=\
D4:F5:47:21:0A:E0 server=defconf
add address=192.168.0.54 comment="Google Nest Hub Cocina" mac-address=\
1C:F2:9A:0C:76:F4 server=defconf
add address=192.168.0.52 comment="Google Home Mini Alex" mac-address=\
D4:F5:47:0D:C3:27 server=defconf
add address=192.168.0.49 comment="Chromecast 3 Sala" mac-address=\
F0:5C:77:4D:44:BD server=defconf
add address=192.168.0.50 comment="Google Home Mini Papas" mac-address=\
D4:F5:47:17:4E:9F server=defconf
add address=192.168.0.35 client-id=1:30:9c:23:b3:7d:cd comment="Gissela PC" \
mac-address=30:9C:23:B3:7D:CD server=defconf
add address=192.168.0.13 client-id=1:b8:27:eb:f4:83:65 comment=\
"LibreELEC Pi 3" mac-address=B8:27:EB:F4:83:65 server=defconf
add address=192.168.0.14 client-id=1:b8:27:eb:a1:d6:30 mac-address=\
B8:27:EB:A1:D6:30 server=defconf
add address=192.168.0.6 comment="ESXi Server" mac-address=1C:87:2C:43:BE:E2 \
server=defconf
add address=192.168.0.36 client-id=1:8:21:ef:c5:2f:18 comment=\
"Galaxy Tab S2 Alex" mac-address=08:21:EF:C5:2F:18 server=defconf
add address=192.168.0.37 client-id=1:f0:76:6f:73:a7:7c comment="Ipad Hector" \
mac-address=F0:76:6F:73:A7:7C server=defconf
add address=192.168.20.99 comment=GuestWiFi mac-address=12:12:12:12:12:12
add address=192.168.0.124 client-id=1:2c:27:d7:88:9c:e2 comment="HP Printer" \
mac-address=2C:27:D7:88:9C:E2 server=defconf
add address=192.168.0.122 client-id=1:30:7:4d:6b:7d:1b comment="Galaxy S8" \
mac-address=30:07:4D:6B:7D:1B server=defconf
add address=192.168.0.125 client-id=1:d0:13:fd:54:bc:47 comment=\
"LG G4 Hector" mac-address=D0:13:FD:54:BC:47 server=defconf
add address=192.168.0.128 client-id=1:a8:db:3:10:e7:3d comment="Galaxy S10" \
mac-address=A8:DB:03:10:E7:3D server=defconf
add address=192.168.0.9 client-id=1:0:c:29:43:22:30 comment=pfSense disabled=\
yes mac-address=00:0C:29:43:22:30 server=defconf
add address=192.168.0.30 client-id=1:4:d4:c4:53:46:52 comment="Roberto PC" \
mac-address=04:D4:C4:53:46:52 server=defconf
add address=192.168.0.17 client-id=\
ff:bc:9a:4a:2d:0:2:0:0:ab:11:53:2:ee:36:52:a7:b:e1 comment=\
"Splunk Linux Server" disabled=yes mac-address=00:0C:29:0F:B3:C4 server=\
defconf
add address=192.168.0.120 client-id=1:8c:b8:4a:f7:7c:a3 comment="Galaxy S20" \
mac-address=8C:B8:4A:F7:7C:A3 server=defconf
add address=192.168.0.12 client-id=1:72:1d:1b:c4:a:7a comment=Win7v \
mac-address=72:1D:1B:C4:0A:7A server=defconf
add address=192.168.0.38 client-id=1:40:25:c2:37:da:d8 comment="Laptop Giss" \
mac-address=40:25:C2:37:DA:D8 server=defconf
add address=192.168.0.19 client-id=1:0:c:29:8b:48:25 mac-address=\
00:0C:29:8B:48:25 server=defconf
add address=192.168.0.18 client-id=\
ff:bc:9a:4a:2d:0:2:0:0:ab:11:fb:6c:72:a1:c8:3e:cc:2d comment=\
"No-Ip Server" mac-address=00:0C:29:A9:AB:81 server=defconf
add address=192.168.0.5 client-id=1:68:7f:74:a2:74:5d comment=E3000 \
mac-address=68:7F:74:A2:74:5D server=defconf
add address=192.168.0.8 client-id=\
ff:bc:9a:4a:2d:0:2:0:0:ab:11:d2:7a:93:3f:d1:69:c0:48 comment=pihole \
mac-address=00:0C:29:A4:3C:9E server=defconf
add address=192.168.0.121 client-id=1:a8:b8:6e:81:b8:59 comment="LG G6" \
mac-address=A8:B8:6E:81:B8:59 server=defconf
add address=192.168.0.7 comment="Ubuntu Proxy" mac-address=00:0C:29:C8:4A:C4
add address=192.168.0.15 client-id=1:0:c:29:6b:35:bd mac-address=\
00:0C:29:6B:35:BD server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
add address=192.168.20.0/24 gateway=192.168.20.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=104.223.91.210,104.223.91.210
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
add address=192.168.0.19 disabled=yes name=robslamp.servehttp.com
add address=192.168.0.19 name=pendejerto.no-ip.org
/ip firewall address-list
add address=192.168.0.30 comment=Roberto disabled=yes list=TorGuargList
add address=192.168.0.41 comment=Roku list=TorGuargList
add address=192.168.0.8 comment=PiHole list=NoPiHole
add address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\
TelnorList
add address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\
TorGuargList
add address=192.168.0.30 comment=Roberto disabled=yes list=TelnorList
add address=192.168.0.28 comment=PS4 disabled=yes list=TelnorList
add address=192.168.0.6 comment="ESXi Server" list=TelnorList
add address=192.168.0.18 comment="No-Ip Server" list=TelnorList
add address=192.168.0.8 comment=UbuntuPiHole disabled=yes list=TelnorList
add address=192.168.0.41 comment=Roku disabled=yes list=NoPiHole
add address=192.168.20.0/24 comment="Guest SSID" list=GuestSSID-NoNetflix
add address=192.168.0.30 comment=Roberto disabled=yes list=RestrictedAccess
add address=192.168.0.19 comment=WS2019 disabled=yes list=TorGuargList
add address=192.168.0.19 comment=WS2019 list=TelnorList
add address=192.168.0.45-192.168.0.60 list=GoogleLAN
add address=192.168.0.0/24 list=RobsLAN
add address=192.168.20.0/24 comment="Guest SSID" disabled=yes list=\
RestrictedAccess
add address=192.168.0.7 comment="Ubuntu Proxy" list=TelnorList
add address=b4a10a10b227.sn.mynetname.net list=MyPublicIP
add address=10.65.142.112 list=WAN1-ADDR
add address=10.1.2.2 list=VPN-ADDR
add address=192.168.0.15 comment="IIS Server" list=TelnorList
add address=201.143.246.54 list=WAN2-ADDR
/ip firewall filter
add action=drop chain=forward comment=Attack log-prefix="BlackList - " \
src-address-list=BlackList
add action=reject chain=forward comment="Drop incoming DNS traffic" dst-port=\
53 in-interface-list=WANAll protocol=tcp reject-with=\
icmp-network-unreachable
add action=reject chain=forward dst-port=53 in-interface-list=WANAll \
protocol=udp reject-with=icmp-network-unreachable
add action=drop chain=forward comment="Drop Internet" disabled=yes \
in-interface-list=LAN out-interface-list=WANAll src-address-list=\
BanInternet
add action=accept chain=forward disabled=yes in-interface-list=LAN \
out-interface-list=WANAll
add action=drop chain=forward comment="Separar Redes" dst-address=\
!192.168.0.8 in-interface=vlan20 out-interface=bridgeLAN src-address=\
!192.168.0.8
add action=drop chain=forward dst-address=!192.168.0.8 in-interface=bridgeLAN \
out-interface=vlan20 src-address=!192.168.0.8
add action=drop chain=input disabled=yes dst-address=!192.168.0.8 \
dst-address-list=RobsLAN log=yes log-prefix="drop 20-0: " src-address=\
!192.168.0.8 src-address-list=GuestSSID-NoNetflix
add action=reject chain=forward comment=\
"Drop Internet by MAC -- 44:87:FC:53:32:92" disabled=yes dst-address=\
!192.168.0.0/24 reject-with=icmp-network-unreachable src-mac-address=\
44:87:FC:53:32:92
add action=drop chain=forward comment="Block Facebook" dst-port=80,443 \
log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \
tls-host=*.facebook.com
add action=drop chain=forward layer7-protocol=Facebook log-prefix="BF2 - " \
src-address-list=RestrictedAccess
add action=drop chain=forward comment="Block YouTube" dst-port=80,443 \
log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \
tls-host=*.youtube.com
add action=drop chain=forward layer7-protocol=Youtube log-prefix="BF2 - " \
src-address-list=RestrictedAccess
add action=drop chain=forward comment="Block Netflix" dst-port=80,443 \
log-prefix="BF1 - " protocol=tcp src-address-list=GuestSSID-NoNetflix \
tls-host=*.netflix.com
add action=drop chain=forward layer7-protocol=Netflix log-prefix="BF2 - " \
src-address-list=GuestSSID-NoNetflix
add action=drop chain=forward comment="Restrict Facebook" disabled=yes \
log-prefix="RF1 - " packet-mark=Facebook_Pk_Up src-address-list=\
RestrictedAccess
add action=drop chain=forward disabled=yes log-prefix="RF1 - " packet-mark=\
Facebook_Pk_Down src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\
Facebook_Pk_Up src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\
Facebook_Pk_Down src-address-list=RestrictedAccess
add action=drop chain=forward comment="Restrict YouTube" disabled=yes \
packet-mark=YouTube_Pk_Up src-address-list=RestrictedAccess
add action=drop chain=forward disabled=yes packet-mark=YouTube_Pk_Down \
src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Up \
src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Down \
src-address-list=RestrictedAccess
add action=drop chain=forward comment="Restrict Netflix" disabled=yes \
packet-mark=Netflix_Pk_Up src-address-list=GuestSSID-NoNetflix
add action=drop chain=forward disabled=yes packet-mark=Netflix_Pk_Down \
src-address-list=GuestSSID-NoNetflix
add action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\
Netflix_Pk_Up src-address-list=GuestSSID-NoNetflix
add action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\
Netflix_Pk_Down src-address-list=GuestSSID-NoNetflix
add action=accept chain=input comment="CAPs to CAPsMAN" dst-port=5246,5247 \
protocol=udp src-address=127.0.0.1
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="ICMP from Chromecast into Router" \
in-interface=bridgeLAN log-prefix=Accept_Chromecast_ICMP_ protocol=icmp
add action=accept chain=icmp_chain comment="ICMP on Chromecast" dst-address=\
8.8.8.8 in-interface=bridgeLAN log-prefix=Accept_ICMP_Chromecast \
protocol=icmp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid log-prefix="defconf: drop invalid "
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input dst-address-type=local src-address-type=local
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN log-prefix="drop: "
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment="Fasttrack Disable RestrictedAccess" \
src-address-list=RestrictedAccess
add action=accept chain=forward dst-address-list=RestrictedAccess
add action=accept chain=forward comment="Fasttrack Disable TelnorList" \
connection-mark=Telnor_Conn disabled=yes
add action=accept chain=forward disabled=yes routing-mark=TelnorWAN
add action=accept chain=forward comment="Fasttrack Disable TelnorList" \
src-address-list=TelnorList
add action=accept chain=forward connection-state=established,related \
dst-address-list=TelnorList
add action=accept chain=forward comment="Fasttrack Disable VPNList" \
src-address-list=TorGuargList
add action=accept chain=forward connection-state=established,related \
dst-address-list=TorGuargList
add action=accept chain=forward comment="Fasttrack Disable GuestWiFi" \
src-address-list=GuestSSID-NoNetflix
add action=accept chain=forward connection-state=established,related \
dst-address-list=GuestSSID-NoNetflix
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid log-prefix="defconf: drop invalid "
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN log-prefix=\
"defconf: drop all from WAN not DSTNATed "
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN2 log-prefix=\
"defconf: drop all from WAN not DSTNATed 2 "
/ip firewall mangle
add action=accept chain=prerouting comment="Izzi WAN" disabled=yes \
dst-address-list=WAN1-ADDR in-interface=bridgeLAN
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=ether1-WAN1 new-connection-mark=Izzi_Conn passthrough=\
yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\
Izzi_Conn passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=prerouting connection-mark=Izzi_Conn disabled=\
yes dst-address-type="" in-interface=bridgeLAN new-routing-mark=IzziWAN \
passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=output connection-mark=Izzi_Conn disabled=yes \
new-routing-mark=IzziWAN passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=prerouting comment=Telnor disabled=yes \
new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=accept chain=prerouting comment="Telnor metodo 2" \
dst-address-list=WAN2-ADDR in-interface=bridgeLAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\
Telnor_Conn passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=prerouting connection-mark=Telnor_Conn \
dst-address-type="" in-interface=bridgeLAN new-routing-mark=TelnorWAN \
passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=output connection-mark=Telnor_Conn \
new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=prerouting comment=TorGuard new-routing-mark=\
VPN passthrough=yes src-address-list=TorGuargList
add action=mark-connection chain=prerouting comment=Telnor disabled=yes \
in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=no
add action=mark-connection chain=prerouting disabled=yes in-interface=\
bridgeLAN new-connection-mark=Telnor_Conn passthrough=yes \
src-address-list=TelnorList
add action=mark-routing chain=prerouting connection-mark=Telnor_Conn \
disabled=yes new-routing-mark=TelnorWAN passthrough=yes src-address-list=\
TelnorList
add action=mark-routing chain=output connection-mark=Telnor_Conn disabled=yes \
new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=mark-connection chain=prerouting comment=TorGuard \
connection-state=new disabled=yes in-interface-list=LAN \
new-connection-mark=VPN_Conn passthrough=yes src-address-list=\
TorGuargList
add action=mark-routing chain=prerouting connection-mark=VPN_Conn disabled=\
yes new-routing-mark=VPN passthrough=no src-address-list=TorGuargList
add action=set-priority chain=postrouting comment="Set priority for WMM" \
new-priority=from-dscp-high-3-bits passthrough=yes
add action=mark-connection chain=prerouting comment="QoS Icmp" disabled=yes \
new-connection-mark=Icmp_Conn_Down passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=Icmp_Conn_Down \
disabled=yes new-packet-mark=Icmp_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes \
new-connection-mark=Icmp_Conn_Up passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting connection-mark=Icmp_Conn_Up \
disabled=yes new-packet-mark=Icmp_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dns" disabled=yes \
dst-port=53 new-connection-mark=Dns_Udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Dns_Udp_conn \
disabled=yes new-packet-mark=Dns_Udp_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=53 \
new-connection-mark=Dns_Dow_Conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dns_Dow_Conn \
disabled=yes new-packet-mark=Dns_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dota" disabled=yes \
dst-port=27014-27050,27036,27037,8291 new-connection-mark=Dota2_Dow_conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dota2_Dow_conn \
disabled=yes new-packet-mark=Dota2_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
1500,3005,3101,20561,27017-27062,20561,4380,28960,27067 \
new-connection-mark=dota2_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=dota2_udp_conn \
disabled=yes new-packet-mark=dota2_Udp_Pqt passthrough=no
add action=mark-connection chain=prerouting comment="QoS fornite" disabled=\
yes dst-port=\
5060,45724,6250,137,138,9008,33234,9008,7862,7862,9012,45762,138 \
new-connection-mark=Fornite_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Fornite_udp_conn \
disabled=yes new-packet-mark=fornite_Udp_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5222,5795-5847,1935,3478-3480,3074,6667,12400,28910,29901,29920 \
new-connection-mark=Fornite_Dow_conn passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=Fornite_Dow_conn \
disabled=yes new-packet-mark=fornite_Dow_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS wolftem" disabled=\
yes dst-port="307,10,30711,30712,30713,30714,30715,30716,30717,30718,30719\
,30720,30721,30722" new-connection-mark=woltem_dow_Conn passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=woltem_dow_Conn \
disabled=yes new-packet-mark=Wolftem_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
40707-40718,20001 new-connection-mark=Wolftem_Udp_conn passthrough=yes \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=Wolftem_Udp_conn \
disabled=yes new-packet-mark=Wolftem_Udp_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS LoL" disabled=yes \
dst-port=2099,5223,5222,8393,8400,8088 new-connection-mark=LoL_Dow_conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=LoL_Dow_conn \
disabled=yes new-packet-mark=LoL_Dow_PK passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5000,8088,10004 new-connection-mark=LoL_Up_Pk passthrough=yes protocol=\
udp
add action=mark-packet chain=postrouting connection-mark=LoL_Up_Pk disabled=\
yes new-packet-mark=LoL_UP_pk passthrough=no
add action=mark-packet chain=forward connection-mark=Propaganda_conn \
disabled=yes new-packet-mark=propagandas passthrough=no
add action=mark-connection chain=prerouting comment=HttpS_QoS disabled=yes \
dst-port=443 new-connection-mark=Htpps_Conn_Down passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Htpps_Conn_Down \
disabled=yes new-packet-mark=Https_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=443 \
new-connection-mark=Https_Conn_Up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=Https_Conn_Up \
disabled=yes new-packet-mark=Https_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment=Http_QoS disabled=yes \
dst-port=80,8080,9000 new-connection-mark=Http_Conn_Down passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Http_Conn_Down \
disabled=yes new-packet-mark=Http_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
80,8080,9000 new-connection-mark=Http_Conn_Up passthrough=yes protocol=\
udp
add action=mark-packet chain=postrouting connection-mark=Http_Conn_Up \
disabled=yes new-packet-mark=Http_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment=correo disabled=yes \
dst-port=110,995,143,993,25,465,587 new-connection-mark=correo_Dow_Conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=correo_Dow_Conn \
disabled=yes new-packet-mark=Correo_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS wassapp" disabled=\
yes dst-port=5222-5228,5242 new-connection-mark=Wasapp_Dow_Conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Wasapp_Dow_Conn \
disabled=yes new-packet-mark=Wasaap_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5222,5223,5228,5242,53,3478 new-connection-mark=Wassapp_Udp_pk \
passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=Wassapp_Udp_pk \
disabled=yes new-packet-mark=Wasasp_Up_Pk passthrough=no
add action=mark-connection chain=prerouting comment="play station" disabled=\
yes dst-port=80,443,5223,10070 new-connection-mark=PlayS4_Dow_conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=PlayS4_Dow_conn \
disabled=yes new-packet-mark=PlayStation_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
3478,3479,3658,10070 new-connection-mark=PlayStation_Up_conn passthrough=\
yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=PlayStation_Up_conn \
disabled=yes new-packet-mark=Playstation_Up_Pk passthrough=no protocol=\
udp
add action=mark-connection chain=prerouting comment="QoS xbox" disabled=yes \
dst-port=3070-3073 new-connection-mark=Xbox_dow_conn passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Xbox_dow_conn \
disabled=yes new-packet-mark=Xbox_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
88,3074,53,500,3544,4500 new-connection-mark=Xbox_UP_conn passthrough=yes \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=Xbox_UP_conn \
disabled=yes new-packet-mark=Xbox_Up_pk passthrough=no
add action=mark-connection chain=forward comment=netflix disabled=yes \
dst-port=22,53,80,33001,179,443 layer7-protocol=Netflix \
new-connection-mark=Netflix_Conn_Down passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=Netflix_Conn_Down \
disabled=yes new-packet-mark=Netflix_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes dst-port=33001,53,123 \
layer7-protocol=Netflix new-connection-mark=Netflix_Conn_Up passthrough=\
yes protocol=udp
add action=mark-packet chain=forward connection-mark=Netflix_Conn_Up \
disabled=yes new-packet-mark=Netflix_Pk_Up passthrough=no
add action=mark-connection chain=forward comment="QoS YouTube" disabled=yes \
in-interface-list=WANAll layer7-protocol=Youtube new-connection-mark=\
YouTube_Conn_Down passthrough=yes
add action=mark-packet chain=forward connection-mark=YouTube_Conn_Down \
disabled=yes new-packet-mark=YouTube_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \
layer7-protocol=Youtube new-connection-mark=YouTube_Conn_Up passthrough=\
yes
add action=mark-packet chain=forward connection-mark=YouTube_Conn_Up \
disabled=yes new-packet-mark=YouTube_Pk_Up passthrough=no
add action=mark-connection chain=forward comment="QoS Facebook" disabled=yes \
in-interface-list=WANAll layer7-protocol=Facebook new-connection-mark=\
Facebook_Conn_Down passthrough=yes
add action=mark-packet chain=forward connection-mark=Facebook_Conn_Down \
disabled=yes new-packet-mark=Facebook_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \
layer7-protocol=Facebook new-connection-mark=Facebook_Conn_Up \
passthrough=yes
add action=mark-packet chain=forward connection-mark=Facebook_Conn_Up \
disabled=yes new-packet-mark=Facebook_Pk_Up passthrough=no
add action=add-dst-to-address-list address-list=Streaming_users \
address-list-timeout=12h chain=prerouting comment=ReRoute \
connection-mark=no-mark content=netflix disabled=yes dst-port=53 \
in-interface-list=LAN protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-list=Streaming_users in-interface-list=LAN \
new-connection-mark=markStreamers passthrough=yes
add action=mark-routing chain=prerouting connection-mark=markStreamers \
disabled=yes new-routing-mark=routeStreamers passthrough=no
add action=mark-connection chain=prerouting comment=Facebook connection-mark=\
no-mark content=facebook disabled=yes dst-port=53 new-connection-mark=\
facebook_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_CONN \
disabled=yes new-packet-mark=FACEBOOK_PACKET passthrough=yes
add action=mark-connection chain=prerouting comment=YouTube connection-mark=\
no-mark content=youtube disabled=yes dst-port=53 new-connection-mark=\
youtube_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_CONN \
disabled=yes new-packet-mark=YOUTUBE_PACKET passthrough=yes
add action=mark-connection chain=prerouting comment=Netflix connection-mark=\
no-mark content=netflix disabled=yes dst-port=53 new-connection-mark=\
netflix_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=NETFLIX_CONN \
disabled=yes new-packet-mark=NETFLIX_PACKET passthrough=yes
add action=mark-connection chain=forward comment="Marcado ICMP" \
connection-mark=no-mark disabled=yes new-connection-mark=icmp_conn \
passthrough=yes protocol=icmp
add action=mark-packet chain=forward connection-mark=icmp_conn disabled=yes \
new-packet-mark=icmp_packet passthrough=no
add action=mark-connection chain=forward comment=\
"Marcado WEB HTTP HTTPS con TCP" connection-mark=no-mark disabled=yes \
dst-port=80,443 new-connection-mark=web_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=web_conn disabled=yes \
new-packet-mark=web_packet passthrough=no
add action=mark-connection chain=forward comment="Marcado Trafico QUIC" \
connection-mark=no-mark disabled=yes new-connection-mark=quic_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=quic_conn disabled=yes \
new-packet-mark=quic_packet passthrough=no
add action=mark-connection chain=forward comment="Marcado Resto Trafico" \
connection-mark=no-mark disabled=yes new-connection-mark=resto_conn \
passthrough=yes
add action=mark-packet chain=forward connection-mark=resto_conn disabled=yes \
new-packet-mark=resto_packet passthrough=no
add action=mark-connection chain=forward comment="Mark IPsec" disabled=yes \
ipsec-policy=in,ipsec new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward disabled=yes ipsec-policy=out,ipsec \
new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward comment="Test Facebook" content=\
facebook disabled=yes dst-port=53 in-interface=bridgeLAN \
new-connection-mark=FACEBOOK_CONN_Down passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=FACEBOOK_CONN_Down \
disabled=yes new-packet-mark=FACEBOOK_PACKET_Down passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT Masq" dst-address=\
192.168.0.0/24 src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1-WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=pppoe-Telnor
add action=masquerade chain=srcnat comment="TorGuard OpenVPN" out-interface=\
TorGuard
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
out-interface-list=WANAll
add action=masquerade chain=srcnat comment="defconf: masquerade" src-address=\
192.168.20.0/24
add action=dst-nat chain=dstnat comment="UbuntuProxy SSH" dst-address-list=\
WAN2-ADDR dst-port=22 log-prefix="SSH: " protocol=tcp to-addresses=\
192.168.0.7 to-ports=22
add action=dst-nat chain=dstnat comment=WinServer dst-address-list=WAN2-ADDR \
dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.0.15 \
to-ports=443
add action=dst-nat chain=dstnat dst-address-list=WAN2-ADDR dst-address-type=\
"" dst-port=80 protocol=tcp to-addresses=192.168.0.15 to-ports=80
add action=dst-nat chain=dstnat comment=Pi-Hole disabled=yes \
dst-address-list=!NoPiHole dst-port=53 protocol=udp src-address-list=\
!NoPiHole to-addresses=192.168.0.8
add action=dst-nat chain=dstnat disabled=yes dst-address-list=!NoPiHole \
dst-port=53 protocol=tcp src-address-list=!NoPiHole to-addresses=\
192.168.0.8
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
dst-port=53 protocol=udp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
dst-port=53 protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
dst-port=53 protocol=udp src-address=192.168.20.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
dst-port=53 protocol=tcp src-address=192.168.20.0/24
add action=dst-nat chain=dstnat comment=ESXi disabled=yes dst-address-type=\
local dst-port=440 protocol=tcp to-addresses=192.168.0.6 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
902 protocol=tcp to-addresses=192.168.0.6 to-ports=902
add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
903 protocol=tcp to-addresses=192.168.0.6 to-ports=903
add action=dst-nat chain=dstnat comment="UbuntuProxy Webmin" disabled=yes \
dst-address-list=WAN2-ADDR dst-address-type="" dst-port=10000 protocol=\
tcp to-addresses=192.168.0.7 to-ports=10000
add action=dst-nat chain=dstnat comment="WS2019 Prtg" disabled=yes \
dst-address-list=WAN2-ADDR dst-address-type="" dst-port=450 protocol=tcp \
to-addresses=192.168.0.19 to-ports=443
add action=dst-nat chain=dstnat comment=Proxmox disabled=yes \
dst-address-type=local dst-port=8006 protocol=tcp to-addresses=\
192.168.0.6 to-ports=8006
add action=dst-nat chain=dstnat comment="Redirect DNS" disabled=yes dst-port=\
53 protocol=tcp to-addresses=192.168.0.250 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp \
to-addresses=192.168.0.250 to-ports=53
add action=dst-nat chain=dstnat comment=Win10v disabled=yes dst-address-type=\
local dst-port=8080 in-interface=TorGuard protocol=tcp to-addresses=\
192.168.0.118 to-ports=8080
add action=dst-nat chain=dstnat comment=VPN disabled=yes dst-address-type=\
local dst-port=1194 protocol=udp to-addresses=192.168.0.17 to-ports=1194
/ip route
add check-gateway=ping distance=1 gateway=pppoe-Telnor routing-mark=TelnorWAN
add check-gateway=ping distance=1 gateway=TorGuard routing-mark=VPN scope=255
add check-gateway=ping disabled=yes distance=1 gateway=10.65.128.1 \
routing-mark=IzziWAN scope=255
add check-gateway=ping distance=2 gateway=8.8.4.4
/ip traffic-flow
set enabled=yes interfaces=ether1-WAN1,pppoe-Telnor,TorGuard
/ip traffic-flow target
add dst-address=192.168.0.19 port=1234 version=ipfix
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridgeLAN type=internal
add interface=ether1-WAN1 type=external
add interface=ether5-WAN2 type=external
/snmp
set contact=RobsGax enabled=yes location="Home hAP ac2" trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name="hAP ac^2"
/system logging
set 3 action=memory
add topics=wireless,debug
add action=disk1 topics=critical
add action=disk1 topics=error
add action=disk1 topics=info
add action=disk1 topics=warning
add action=disk1 topics=wireless,debug
add topics=e-mail,debug
add action=disk1 topics=e-mail,debug
add action=disk1 topics=caps,debug
add topics=caps,debug
add action=snmpdisk disabled=yes topics=snmp
add action=remote disabled=yes prefix=MikroTik topics=dhcp
add action=remote disabled=yes
/system scheduler
add interval=30m name=sched_NoIp_1 on-event="/system script run NO_IP_1" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/31/2019 start-time=15:00:00
add interval=1d name="Firmware Updater" on-event=\
"/system script run BackupAndUpdate;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/21/2020 start-time=06:50:00
add disabled=yes interval=5m name="Data to Splunk" on-event=\
Data_to_Splunk_using_Syslog policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/28/2020 start-time=08:25:01
add interval=30m name=sched_NoIp_2 on-event="/system script run NO_IP_2" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/31/2019 start-time=15:00:00
/system script
add dont-require-permissions=no name=No_IP_1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
---------------------------------------------------SCRIPT INFORMATION-----\
-----------------------------------------------\r\
\n#\r\
\n# Script: Marthur's No-IP.com Dynamic DNS Update Script\r\
\n# Version: 1.0\r\
\n# Updated: 07/30/2018\r\
\n# Created: 10/21/2017\r\
\n# Author: Marthur Jones\r\
\n# Website: https://www.marthur.com\r\
\n#\r\
\n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \
Service. It is to be scheduled/ran on a Mikrotik \r\
\n# router as replacement for No-IP's Dynamic Update Client for Windows. T\
here are many versions of this script. However, \r\
\n# I've made my own modifications to the original script that was created\
\_on March 13, 2012 by riverron and published on\r\
\n# the MikroTik Wiki here:\r\
\n#\r\
\n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\
\r\
\n#\r\
\n# - Changed the scope of the variable that stores the previous IP addres\
s from global to local. The local variable's value \r\
\n# (IP address) is now assigned via MikroTik's DNS resolution. The scri\
pt compares the previous IP with the current IP \r\
\n# that is assigned to the WAN interface, if the IP addresses do not ma\
tch, the script will update the No-IP hostname\r\
\n# with the IP assigned to the WAN interface.\r\
\n#\r\
\n# - Added variable to define the log destination path that the script pu\
lls from No-IP.com after a DDNS IP update.\r\
\n#\r\
\n# - Made variable name changes.\r\
\n#\r\
\n#-----------------------------------------------TESTED USING THE FOLLOWI\
NG------------------------------------------------\r\
\n#\r\
\n# Hardware: CCR1009-7G-1C-1S+\r\
\n# Firmware: v3.41\r\
\n# RouterOS: v6.40.4\r\
\n#\r\
\n#----------------------------------------------MODIFY THIS SECTION AS NE\
EDED----------------------------------------------\r\
\n\r\
\n# No-IP account credentials.\r\
\n:local noipUsername \"@\"\r\
\n:local noipPassword \"\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noipHostname \"pendejerto.no-ip.org\"\r\
\n\r\
\n# The interface name with the assigned dynamic IP address (usually the W\
AN interface).\r\
\n:local wanInterface \"ether1\"\r\
\n\r\
\n# Log destination\r\
\n:local logDestination \"/disk1/logs/\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
--------------------------------------------------\r\
\n\r\
\n:log warning message=\"START: No-IP DDNS Update\"\r\
\n\r\
\n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\
\n\r\
\n# Get the previous IP via DNS resolution.\r\
\n :local previousIP [:resolve \"\$noipHostname\"]\r\
\n\r\
\n# Get the current IP on the WAN interface.\r\
\n :local currentIP [/ip address get [find interface=\"\$wanInterface\"\
\_disabled=no] address]\r\
\n\r\
\n# Strip net mask from IP address.\r\
\n :for i from=([:len \$currentIP] - 1) to=0 do={\r\
\n :if ([:pick \$currentIP \$i] = \"/\") do={\r\
\n :set currentIP [:pick \$currentIP 0 \$i]\r\
\n }\r\
\n }\r\
\n\r\
\n :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\
\"\r\
\n \r\
\n :if (\$currentIP != \$previousIP) do={\r\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previo\
us IP, update needed\"\r\
\n\r\
\n# The update URL. The \"\\3F\" is hex for question mark (\?). This\
\_is required since \? is a special character in the command.\r\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\
rentIP\"\r\
\n :local noipHostnames\r\
\n :set noipHostnames [:toarray \$noipHostname]\r\
\n :foreach hostname in=\$noipHostnames do={\r\
\n :log info \"No-IP: Sending update for \$hostname\"\r\
\n /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\
ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \
\"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\
\n :log info \"No-IP: Host \$hostname updated on No-IP with IP \
\$currentIP\"\r\
\n }\r\
\n } else={\r\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current \
IP, no update needed\"\r\
\n }\r\
\n\r\
\n} else={\r\
\n :log info \"No-IP: \$wanInterface is not currently running, unable t\
o verify and/or update IP.\"\r\
\n }\r\
\n \r\
\n:log warning message=\"END: No-IP DDNS Update\""
add dont-require-permissions=no name=No_IP_2 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
---------------------------------------------------SCRIPT INFORMATION-----\
-----------------------------------------------\r\
\n#\r\
\n# Script: Marthur's No-IP.com Dynamic DNS Update Script\r\
\n# Version: 1.0\r\
\n# Updated: 07/30/2018\r\
\n# Created: 10/21/2017\r\
\n# Author: Marthur Jones\r\
\n# Website: https://www.marthur.com\r\
\n#\r\
\n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \
Service. It is to be scheduled/ran on a Mikrotik \r\
\n# router as replacement for No-IP's Dynamic Update Client for Windows. T\
here are many versions of this script. However, \r\
\n# I've made my own modifications to the original script that was created\
\_on March 13, 2012 by riverron and published on\r\
\n# the MikroTik Wiki here:\r\
\n#\r\
\n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\
\r\
\n#\r\
\n# - Changed the scope of the variable that stores the previous IP addres\
s from global to local. The local variable's value \r\
\n# (IP address) is now assigned via MikroTik's DNS resolution. The scri\
pt compares the previous IP with the current IP \r\
\n# that is assigned to the WAN interface, if the IP addresses do not ma\
tch, the script will update the No-IP hostname\r\
\n# with the IP assigned to the WAN interface.\r\
\n#\r\
\n# - Added variable to define the log destination path that the script pu\
lls from No-IP.com after a DDNS IP update.\r\
\n#\r\
\n# - Made variable name changes.\r\
\n#\r\
\n#-----------------------------------------------TESTED USING THE FOLLOWI\
NG------------------------------------------------\r\
\n#\r\
\n# Hardware: CCR1009-7G-1C-1S+\r\
\n# Firmware: v3.41\r\
\n# RouterOS: v6.40.4\r\
\n#\r\
\n#----------------------------------------------MODIFY THIS SECTION AS NE\
EDED----------------------------------------------\r\
\n\r\
\n# No-IP account credentials.\r\
\n:local noipUsername \"@\"\r\
\n:local noipPassword \"\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noipHostname \"robslamp.servehttp.com\"\r\
\n\r\
\n# The interface name with the assigned dynamic IP address (usually the W\
AN interface).\r\
\n:local wanInterface \"ether1\"\r\
\n\r\
\n# Log destination\r\
\n:local logDestination \"/disk1/logs/\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
--------------------------------------------------\r\
\n\r\
\n:log warning message=\"START: No-IP DDNS Update\"\r\
\n\r\
\n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\
\n\r\
\n# Get the previous IP via DNS resolution.\r\
\n :local previousIP [:resolve \"\$noipHostname\"]\r\
\n\r\
\n# Get the current IP on the WAN interface.\r\
\n :local currentIP [/ip address get [find interface=\"\$wanInterface\"\
\_disabled=no] address]\r\
\n\r\
\n# Strip net mask from IP address.\r\
\n :for i from=([:len \$currentIP] - 1) to=0 do={\r\
\n :if ([:pick \$currentIP \$i] = \"/\") do={\r\
\n :set currentIP [:pick \$currentIP 0 \$i]\r\
\n }\r\
\n }\r\
\n\r\
\n :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\
\"\r\
\n \r\
\n :if (\$currentIP != \$previousIP) do={\r\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previo\
us IP, update needed\"\r\
\n\r\
\n# The update URL. The \"\\3F\" is hex for question mark (\?). This\
\_is required since \? is a special character in the command.\r\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\
rentIP\"\r\
\n :local noipHostnames\r\
\n :set noipHostnames [:toarray \$noipHostname]\r\
\n :foreach hostname in=\$noipHostnames do={\r\
\n :log info \"No-IP: Sending update for \$hostname\"\r\
\n /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\
ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \
\"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\
\n :log info \"No-IP: Host \$hostname updated on No-IP with IP \
\$currentIP\"\r\
\n }\r\
\n } else={\r\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current \
IP, no update needed\"\r\
\n }\r\
\n\r\
\n} else={\r\
\n :log info \"No-IP: \$wanInterface is not currently running, unable t\
o verify and/or update IP.\"\r\
\n }\r\
\n \r\
\n:log warning message=\"END: No-IP DDNS Update\""
add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 20.04.17\r\
\n# Created: 07/08/2018\r\
\n# Updated: 17/04/2020\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"recgaxiola@gmail.com\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup \t- \tOnly backup will be performed. (default value, if none pr\
ovided)\r\
\n#\r\
\n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
le.\r\
\n#\t\t\t\tIt will also create backups before and after update process.\r\
\n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n#\r\
\n# osnotify \t- \tThe script will send email notification only (without b\
ackups) if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n:local scriptMode \"osnotify\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup true;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig false;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates\tfalse;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n\t:log error (\"\$SMP Email configuration is not correct, please check T\
ools -> Email. Script stopped.\"); \r\
\n\t:error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n\t:log warning (\"\$SMP Please set identity name of your device (System \
-> Identity), keep it short and informative.\"); \r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n\t:local osVer \$paramOsVer;\r\
\n\t:local osVerNum;\r\
\n\t:local osVerMicroPart;\r\
\n\t:local zro 0;\r\
\n\t:local tmp;\r\
\n\t\r\
\n\t# Replace word `beta` with dot\r\
\n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n\t:if (\$isBetaPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
\$isBetaPos + 4) [:len \$osVer]]);\r\
\n\t}\r\
\n\t\r\
\n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n\t:if (\$dotPos1 > 0) do={ \r\
\n\r\
\n\t\t# AA\r\
\n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\t\t\r\
\n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n\t\t\t\t#Taking minor version, everything after first dot\r\
\n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
1) [:len \$osVer]];}\r\
\n\t\t#Taking minor version, everything between first and second dots\r\
\n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
\$dotPos2];}\r\
\n\t\t\r\
\n\t\t# AA 0B\r\
\n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t# AA BB\r\
\n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t\r\
\n\t\t:if (\$dotPos2 > 0) do={ \r\
\n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n\t\t\t# AA BB 0C\r\
\n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t\t# AA BB CC\r\
\n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t} else={\r\
\n\t\t\t# AA BB 00\r\
\n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n\t\t}\r\
\n\t} else={\r\
\n\t\t# AA 00 00\r\
\n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n\t}\r\
\n\r\
\n\t:return \$osVerNum;\r\
\n}\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments: \r\
\n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
\n#\t`backupPassword`\t\t| string \t|\r\
\n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
as fired.\"); \r\
\n\t\r\
\n\t:local backupFileSys \"\$backupName.backup\";\r\
\n\t:local backupFileConfig \"\$backupName.rsc\";\r\
\n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n\t## Make system backup\r\
\n\t:if ([:len \$backupPassword] = 0) do={\r\
\n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
\n\t} else={\r\
\n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\
\n\r\
\n\t## Export config file\r\
\n\t:if (\$sensetiveDataInConfig = true) do={\r\
\n\t\t/export compact file=\$backupName;\r\
\n\t} else={\r\
\n\t\t/export compact hide-sensitive file=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \
\r\
\n\r\
\n\t#Delay after creating backups\r\
\n\t:delay 5s;\t\r\
\n\t:return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n#Current date time in format: 2020jan15-221324 \r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
on];\r\
\n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
viceOsVerInst];\r\
\n:local deviceOsVerAvail \t\t\"\";\r\
\n:local deviceOsVerAvailNum \t\t0;\r\
\n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
\n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
\n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
\r\
\n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
\r\
\n:local deviceIdentityName \t\t[/system identity get name];\r\
\n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
\n\r\
\n:local isOsUpdateAvailable \tfalse;\r\
\n:local isOsNeedsToBeUpdated\tfalse;\r\
\n\r\
\n:local isSendEmailRequired\ttrue;\r\
\n\r\
\n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
\r\
\n:local mailBody \t \t\t\"\";\r\
\n\r\
\n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
stem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
ackup-and-update\";\r\
\n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
\n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal\t\t\$backupName;\r\
\n:local mailAttachments\t\t[:toarray \"\"];\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n\t:set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
ending email with backups,\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n\t:log info (\"\$SMP Performing the first step.\"); \r\
\n\r\
\n\t# Checking for new RouterOS version\r\
\n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
\n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
\_is: \$deviceOsVerInst\");\r\
\n\t\t/system package update set channel=\$updateChannel;\r\
\n\t\t/system package update check-for-updates;\r\
\n\t\t:delay 5s;\r\
\n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
\n\r\
\n\t\t# If there is a problem getting information about available RouterOS\
\_from server\r\
\n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
\_new RouterOS from server.\");\r\
\n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
terOS!\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
uldn't get any information about new RouterOS from server! \\r\\nWatch add\
itional information in device logs.\")\r\
\n\t\t} else={\r\
\n\t\t\t#Get numeric version of OS\r\
\n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
eviceOsVerAvail];\r\
\n\r\
\n\t\t\t# Checking if OS on server is greater than installed one.\r\
\n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n\t\t\t\t:set isOsUpdateAvailable true;\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
\");\r\
\n\t\t\t} else={\r\
\n\t\t\t\t:set isSendEmailRequired false;\r\
\n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
\n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
\n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
\r\
\n\t\t\t}\r\
\n\t\t};\r\
\n\t} else={\r\
\n\t\t:set scriptMode \"backup\";\r\
\n\t};\r\
\n\r\
\n\tif (\$forceBackup = true) do={\r\
\n\t\t# In this case the script will always send email, because it has to \
create backups\r\
\n\t\t:set isSendEmailRequired true;\r\
\n\t}\r\
\n\r\
\n\t# if new OS version is available to install\r\
\n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
{\r\
\n\t\t# If we only need to notify about new available version\r\
\n\t\tif (\$scriptMode = \"osnotify\") do={\r\
\n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
v.\$deviceOsVerAvail.\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
\")\r\
\n\t\t}\r\
\n\r\
\n\t\t# if we need to initiate RouterOs update process\r\
\n\t\tif (\$scriptMode = \"osupdate\") do={\r\
\n\t\t\t:set isOsNeedsToBeUpdated true;\r\
\n\t\t\t# if we need to install only patch updates\r\
\n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
\n\t\t\t\t#Check if Major and Minor builds are the same.\r\
\n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
={\r\
\n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
vailable.\"); \r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
ware is available. You need to update it manually.\");\r\
\n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
eOsVerAvail needs to be installed manually.\");\r\
\n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
\\r\\nYou chose to automatically install only patch updates, so this major\
\_update you need to install manually. \\r\\n\$changelogUrl\");\r\
\n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t}\r\
\n\t\t\t}\r\
\n\r\
\n\t\t\t#Check again, because this variable could be changed during checki\
ng for installing only patch updats\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
information will be sent when update process is completed. \\r\\nIf you ha\
ve not received second email in the next 5 minutes, then probably somethin\
g went wrong. (Check your device logs)\");\r\
\n\t\t\t\t#!! There is more code connected to this part and first step at \
the end of the script.\r\
\n\t\t\t}\r\
\n\t\t\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t## Checking If the script needs to create a backup\r\
\n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
;\r\
\n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
BeUpdated = true) do={\r\
\n\t\t:log info (\"\$SMP Creating system backups.\");\r\
\n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
\n\t\t};\r\
\n\t\tif (\$scriptMode != \"backup\") do={\r\
\n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n\t\t};\r\
\n\r\
\n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
\n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
ached to this email.\");\r\
\n\r\
\n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
veDataInConfig];\r\
\n\t} else={\r\
\n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
\n\t}\r\
\n\r\
\n\t# Combine fisrst step email\r\
\n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
);\r\
\n}\r\
\n\r\
\n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n\t:log info (\"\$SMP Performing the second step.\"); \r\
\n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
re\r\
\n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n\t\t:set isSendEmailRequired false;\r\
\n\t\t:delay 10s;\r\
\n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
rrentFw to v.\$deviceRbUpgradeFw\";\r\
\n\t\t## Start the upgrading process\r\
\n\t\t/system routerboard upgrade;\r\
\n\t\t## Wait until the upgrade is completed\r\
\n\t\t:delay 5s;\r\
\n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
o reboot in a moment!\";\r\
\n\t\t## Set scheduled task to send final report on the next boot, task wi\
ll be deleted when is is done. (That is why you should keep original scrip\
t name)\r\
\n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
ate;\" start-time=startup interval=0;\r\
\n\t\t## Reboot system to boot with new firmware\r\
\n\t\t/system reboot;\r\
\n\t} else={\r\
\n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
ate, skipping this step.\";\r\
\n\t\t:set updateStep 3;\r\
\n\t};\r\
\n}\r\
\n\r\
\n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n\t:log info (\"\$SMP Performing the third step.\"); \r\
\n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
\$deviceRbCurrentFw.\";\r\
\n\t## Small delay in case mikrotik needs some time to initialize connecti\
ons\r\
\n\t:log info \"\$SMP The final email with report and backups of upgraded \
system will be sent in a minute.\";\r\
\n\t:delay 1m;\r\
\n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
ew version: v.\$deviceOsVerInst!\");\r\
\n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\
pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\
fo \$mailBodyCopyright\";\r\
\n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
iveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n\t:log info \"\$SMP Sending email message, it will take around half a mi\
nute...\";\r\
\n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t:delay 5s;\r\
\n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
\_last-status]). Going to try it again in a while.\"\r\
\n\r\
\n\t\t:delay 5m;\r\
\n\r\
\n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t\t:delay 5s;\r\
\n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
et last-status]) for the second time.\"\r\
\n\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\
ocess due to inability to send backups to email.\"\r\
\n\t\t\t}\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t:delay 30s;\r\
\n\t\r\
\n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
\_\"succeeded\") do={\r\
\n\t\t:log info \"\$SMP File system cleanup.\"\r\
\n\t\t/file remove \$mailAttachments; \r\
\n\t\t:delay 2s;\r\
\n\t}\r\
\n\t\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
, task will be deleted when upgrade is done. (That is why you should keep \
original script name)\r\
\n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
-time=startup interval=0;\r\
\n \r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going \
to reboot in a moment!\"\r\
\n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
\_the same but under a different name\r\
\n\t/system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";"
add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="# Collect information from Mikrotik RouterOS\r\
\n# v 3.2 Jotne 2019\r\
\n# ----------------------------------\r\
\n\r\
\n\r\
\n# What data to collect. Set to false to skip the section \r\
\n# ----------------------------------\r\
\n:local SystemResource true\r\
\n:local SystemInformation true\r\
\n:local SystemHealth true\r\
\n:local TrafficData true\r\
\n:local uPnP true\r\
\n:local Wireless true\r\
\n:local AddressLists true\r\
\n:local DHCP true\r\
\n:local Neighbor true\r\
\n:local InterfaceData true\r\
\n\r\
\n# Interface to get data from (using regex)\r\
\n:local IF \"ether.*\"\r\
\n# Example\r\
\n# \"ether.*\" All ethernet interfaces\r\
\n# \"^ether[1-5]\\\$\" Only ethernet 1 to 5\r\
\n# \".*\" All interfaces (Briges/VLAN/pptp/Ether ++)\r\
\n# \"ether(1|2)\\\$\" interface ethernet 1 and 2 (/\$ needed to prevent \
ether11 etc)\r\
\n\r\
\n\r\
\n\r\
\n# Collect system resource\r\
\n# ----------------------------------\r\
\nif (\$SystemResource) do={\r\
\n\t:local cpuload ([/system resource get cpu-load])\r\
\n\t:local freemem ([/system resource get free-memory]/1048576)\r\
\n\t:local totmem ([/system resource get total-memory]/1048576)\r\
\n\t:local freehddspace ([/system resource get free-hdd-space]/1048576)\r\
\n\t:local totalhddspace ([/system resource get total-hdd-space]/1048576)\
\r\
\n\t:local up ([/system resource get uptime])\r\
\n\t:log info message=\"script=resource free_memory=\$freemem MB total_mem\
ory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhd\
dspace MB cpu_load=\$cpuload uptime=\$up\"\r\
\n}\r\
\n\r\
\n\r\
\n# Get traffic data (accounting data)\r\
\n# ----------------------------------\r\
\nif (\$TrafficData) do={\r\
\n# Test if fasttrack is enabled and give warning\r\
\n\t:if ([/ip firewall filter find where (action=fasttrack-connection && !\
disabled)] != \"\") do={\r\
\n\t\t:log info message=(\"script=traffic,fasttrack=1\")\r\
\n\t} else={\r\
\n\t\t:log info message=(\"script=traffic,fasttrack=0\")\r\
\n\t}\r\
\n# Test if accounting is enabled and if yes, get data\r\
\n\tif ([/ip accounting get enabled]=yes) do={\r\
\n\t\t/ip accounting snapshot take\r\
\n# Get uncounted data\r\
\n\t\t/ip accounting uncounted {\r\
\n\t\t\t:log info message=(\"script=uncounted,bytes=\".[get bytes].\",pack\
ets=\".[get packets])}\r\
\n# Send data to loggin server\r\
\n\t\tforeach logline in=[/ip accounting snapshot find] do={\r\
\n\t\t\t:local output \"\$[/ip accounting snapshot print as-value from=\$l\
ogline]\"\r\
\n\t\t\t:set ( \"\$output\"->\"script\" ) \"traffic\"\r\
\n\t\t\t:log info message=\"\$output\"\r\
\n\t\t}\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Get interface data\r\
\n# ----------------------------------\r\
\nif (\$InterfaceData) do={\r\
\n\t:foreach interface in=[/interface find where name~\"\$IF\"] do={\r\
\n\t\t:delay 100ms\r\
\n\t\t:local iname [/interface get \$interface name]\r\
\n\t\t:local monitor [/interface monitor-traffic \$interface as-value once\
]\r\
\n\t\t:local speedRX (\$monitor->\"rx-bits-per-second\")\r\
\n\t\t:local speedTX (\$monitor->\"tx-bits-per-second\")\r\
\n\t\t:log info message=\"script=monitor interface=\$iname RX=\$speedRX bp\
s TX=\$speedTX bps\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Finding dynmaic lines used in uPnP\r\
\n# ----------------------------------\r\
\nif (\$uPnP) do={\r\
\n\t:foreach logline in=[/ip firewall nat find dynamic=yes] do={\r\
\n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\
\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\
\n\t\t:log info message=\"\$output\" \r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system information\r\
\n# ----------------------------------\r\
\nif (\$SystemInformation) do={\r\
\n\t:local version ([/system resource get version])\r\
\n\t:local board ([/system resource get board-name])\r\
\n\t:local model ([/system routerboard get model]);\r\
\n\t:local serial ([/system routerboard get serial-number])\r\
\n\t:local identity ([/system identity get name])\r\
\n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-nam\
e=\\\"\$board\\\" model=\\\"\$model\\\" serial=\$serial identity=\\\"\$ide\
ntity\\\"\"\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system health\r\
\n# ----------------------------------\r\
\nif (\$SystemHealth) do={\r\
\n\t:if (([/system health get]~\"state=disabled\" || [/system health get]=\
\"\")=false) do={\r\
\n\t\t:local voltage ([/system health get voltage]/10)\r\
\n\t\t:local temperature ([/system health get temperature])\r\
\n\t\t:log info message=\"script=health voltage=\$voltage V temperature=\$\
temperature C\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Sends wireless client data to log server\r\
\n# ----------------------------------\r\
\nif (\$Wireless) do={\r\
\n\t:do {\r\
\n\t\t:if ([:len [/interface wireless find ]]>0) do={\r\
\n\t\t\t:foreach logline in=[/interface wireless registration-table find] \
do={\r\
\n\t\t\t\t:local output \"\$[/interface wireless registration-table print \
\_as-value from=\$logline]\"\r\
\n\t\t\t\t:set ( \"\$output\"->\"script\" ) \"wifi\"\r\
\n\t\t\t\t:log info message=\"\$output\"\r\
\n\t\t\t}\r\
\n\t\t}\r\
\n\t} on-error={}\r\
\n}\r\
\n\r\
\n\r\
\n# Count IP in address-lists\r\
\n#----------------------------------\r\
\nif (\$AddressLists) do={\r\
\n\t:local array [ :toarray \"\" ]\r\
\n\t:local addrcntdyn [:toarray \"\"] \r\
\n\t:local addrcntstat [:toarray \"\"] \r\
\n\t:local test\r\
\n\t:foreach id in=[/ip firewall address-list find] do={\r\
\n\t\t:local rec [/ip firewall address-list get \$id]\r\
\n\t\t:local listname (\$rec->\"list\")\r\
\n\t\t:local listdynamic (\$rec->\"dynamic\")\r\
\n\t\t:set ( \$array->\$listname ) 1\r\
\n\t\tif (\$listdynamic = true) do={\r\
\n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\
\n\t\t} else={\r\
\n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\
\n\t}\r\
\n\t:foreach k,v in=\$array do={\r\
\n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$ad\
drcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\
\n}\r\
\n\r\
\n\r\
\n# Get MNDP (CDP) Neighbors\r\
\n# ----------------------------------\r\
\nif (\$Neighbor) do={\r\
\n\t:foreach neighborID in=[/ip neighbor find] do={\r\
\n\t\t:local nb [/ip neighbor get \$neighborID]\r\
\n\t\t:foreach key,value in=\$nb do={\r\
\n\t\t\t:local newline [:find \$value \"\\n\"]\r\
\n\t\t\t:if ([\$newline]>0) do={\r\
\n\t\t\t\t:set \$value [:pick \$value 0 \$newline]\r\
\n\t\t\t}\r\
\n\t\t\t:set ( \"\$nb\"->\"\$key\" ) \"\\\"\$value\\\"\"\r\
\n\t\t}\r\
\n\t\t:set ( \"\$nb\"->\"script\" ) \"\\\"neighbor\\\"\"\r\
\n\t\t:log info message=\"\$nb\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect DHCP Pool information\r\
\n# ----------------------------------\r\
\nif (\$DHCP) do={\r\
\n\t/ip pool {\r\
\n\t\t:local poolname\r\
\n\t\t:local pooladdresses\r\
\n\t\t:local poolused\r\
\n\t\t:local minaddress\r\
\n\t\t:local maxaddress\r\
\n\t\t:local findindex\r\
\n\r\
\n# Iterate through IP Pools\r\
\n\t\t:foreach pool in=[find] do={\r\
\n\t\t\t:set poolname [get \$pool name]\r\
\n\t\t\t:set pooladdresses 0\r\
\n\t\t\t:set poolused 0\r\
\n\r\
\n# Iterate through current pool's IP ranges\r\
\n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\
\n\r\
\n# Get min and max addresses\r\
\n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\
\n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\
\n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\
\n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:le\
n [:tostr \$range]]]\r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:set minaddress [:tostr \$range]\r\
\n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\
\n\t\t\t\t}\r\
\n\r\
\n# Calculate number of ip in one range\r\
\n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\
\n\r\
\n# /foreach range\r\
\n\t\t\t}\r\
\n\r\
\n# Test if pools is used in DHCP or VPN and show leases used\r\
\n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\
\r\
\n\t\t\t:if ([:len \$dname] = 0) do={\r\
\n# No DHCP server found, assume VPN\r\
\n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\
\n\t\t\t} else={\r\
\n# DHCP server found, count leases\r\
\n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poo\
lname] name]\r\
\n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$d\
name]]}\r\
\n\r\
\n# Send data\r\
\n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused t\
otal=\$pooladdresses\")\r\
\n\r\
\n# /foreach pool\r\
\n\t\t}\r\
\n# /ip pool\r\
\n\t}\r\
\n}\r\
\n"
add dont-require-permissions=no name=RegList owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local maccaps\r\
\n:local macdhcp\r\
\n:local name\r\
\n:foreach i in=[/caps-man registration-table find ] do={\r\
\n\t:set maccaps ( [/caps-man registration-table get value-name=mac-addres\
s number=\$i])\r\
\n\t:foreach j in=[/ip dhcp-server lease find ] do={\r\
\n\t\t:set macdhcp ( [/ip dhcp-server lease get value-name=mac-address num\
ber=\$j])\r\
\n\t\t:set name [/ip dhcp-server lease get [find where mac-address=\$macdh\
cp] comment ] \r\
\n\t\t:if (\$maccaps = \$macdhcp ) do={\r\
\n\t\t/caps-man access-list disable [find mac-address=\$macdhcp]\r\
\n\t\t/caps-man access-list add mac-address=\$macdhcp comment=\$name\r\
\n\t\t}\r\
\n\t\t}\t\r\
\n\t}\r\
\n/caps-man access-list remove [find where disabled]"
/tool e-mail
set address= from="" port= start-tls=yes \
user=
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=all filter-ip-address=192.168.0.120/32 streaming-server=\
192.168.0.3
Code: Select all
# jul/03/2020 06:51:06 by RouterOS 6.46.6
# software id = WATD-YHFU
#
# model = RouterBOARD cAP Gi-5acD2nD
# serial number =
/interface bridge
add admin-mac=64:D1:54:F7:B2:CD auto-mac=no comment=defconf name=bridgeLocal
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \
management-protection=allowed mode=dynamic-keys name=wlan \
supplicant-identity=""
add authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \
management-protection=allowed mode=dynamic-keys name=wlan_guest \
supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(28dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-g/n country=mexico disabled=no frequency=2462 \
hw-protection-mode=rts-cts hw-retries=4 installation=indoor mode=\
ap-bridge multicast-helper=full security-profile=wlan ssid=RECGV \
wmm-support=enabled wps-mode=disabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(28dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=\
mexico disabled=no mode=ap-bridge security-profile=wlan ssid=RECGV \
wmm-support=enabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal interface=ether2
/interface detect-internet
set detect-interface-list=LAN
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless access-list
add vlan-mode=no-tag
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
interfaces=wlan1,wlan2
/ip address
add address=192.168.0.2/24 interface=bridgeLocal network=192.168.0.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip dns
set allow-remote-requests=yes servers=192.168.0.1
/ip firewall filter
add action=accept chain=input comment="ICMP from Chromecast into Router" \
disabled=yes in-interface=bridgeLocal protocol=icmp
add action=accept chain=icmp_chain comment="ICMP on Chromecast" disabled=yes \
dst-address=8.8.8.8 in-interface=bridgeLocal protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward disabled=yes log=yes log-prefix="drop "
/ip firewall mangle
add action=set-priority chain=postrouting comment="Set priority for WMM" \
new-priority=from-dscp-high-3-bits passthrough=yes
/ip route
add distance=1 gateway=192.168.0.1
/ip traffic-flow
set cache-entries=32k
/ip traffic-flow target
add dst-address=192.168.0.19 port=1234 version=ipfix
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridgeLocal type=internal
add interface=ether1 type=internal
/snmp
set contact=RobsGax enabled=yes location="Home cAP ac"
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name="cAP ac"
/system leds
add interface=bridgeLocal leds=user-led type=interface-status
/system logging
add topics=caps,debug
add topics=wireless,debug
add topics=e-mail,debug
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system scheduler
add interval=1d name="Firmware Updater" on-event=\
"/system script run BackupAndUpdate;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/21/2020 start-time=06:51:00
add interval=1d name=ledsOn on-event="/system script run ledOn;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/02/2020 start-time=06:30:00
add interval=1d name=ledsOff on-event="/system script run ledOff;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/01/2020 start-time=21:00:00
/system script
add dont-require-permissions=no name=dark-mode owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
:if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n } "
add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 20.04.17\r\
\n# Created: 07/08/2018\r\
\n# Updated: 17/04/2020\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"recgaxiola@gmail.com\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup \t- \tOnly backup will be performed. (default value, if none pr\
ovided)\r\
\n#\r\
\n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
le.\r\
\n#\t\t\t\tIt will also create backups before and after update process.\r\
\n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n#\r\
\n# osnotify \t- \tThe script will send email notification only (without b\
ackups) if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n:local scriptMode \"osnotify\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup true;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig false;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates\tfalse;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n\t:log error (\"\$SMP Email configuration is not correct, please check T\
ools -> Email. Script stopped.\"); \r\
\n\t:error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n\t:log warning (\"\$SMP Please set identity name of your device (System \
-> Identity), keep it short and informative.\"); \r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n\t:local osVer \$paramOsVer;\r\
\n\t:local osVerNum;\r\
\n\t:local osVerMicroPart;\r\
\n\t:local zro 0;\r\
\n\t:local tmp;\r\
\n\t\r\
\n\t# Replace word `beta` with dot\r\
\n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n\t:if (\$isBetaPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
\$isBetaPos + 4) [:len \$osVer]]);\r\
\n\t}\r\
\n\t\r\
\n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n\t:if (\$dotPos1 > 0) do={ \r\
\n\r\
\n\t\t# AA\r\
\n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\t\t\r\
\n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n\t\t\t\t#Taking minor version, everything after first dot\r\
\n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
1) [:len \$osVer]];}\r\
\n\t\t#Taking minor version, everything between first and second dots\r\
\n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
\$dotPos2];}\r\
\n\t\t\r\
\n\t\t# AA 0B\r\
\n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t# AA BB\r\
\n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t\r\
\n\t\t:if (\$dotPos2 > 0) do={ \r\
\n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n\t\t\t# AA BB 0C\r\
\n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t\t# AA BB CC\r\
\n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t} else={\r\
\n\t\t\t# AA BB 00\r\
\n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n\t\t}\r\
\n\t} else={\r\
\n\t\t# AA 00 00\r\
\n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n\t}\r\
\n\r\
\n\t:return \$osVerNum;\r\
\n}\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments: \r\
\n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
\n#\t`backupPassword`\t\t| string \t|\r\
\n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
as fired.\"); \r\
\n\t\r\
\n\t:local backupFileSys \"\$backupName.backup\";\r\
\n\t:local backupFileConfig \"\$backupName.rsc\";\r\
\n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n\t## Make system backup\r\
\n\t:if ([:len \$backupPassword] = 0) do={\r\
\n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
\n\t} else={\r\
\n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\
\n\r\
\n\t## Export config file\r\
\n\t:if (\$sensetiveDataInConfig = true) do={\r\
\n\t\t/export compact file=\$backupName;\r\
\n\t} else={\r\
\n\t\t/export compact hide-sensitive file=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \
\r\
\n\r\
\n\t#Delay after creating backups\r\
\n\t:delay 5s;\t\r\
\n\t:return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n#Current date time in format: 2020jan15-221324 \r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
on];\r\
\n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
viceOsVerInst];\r\
\n:local deviceOsVerAvail \t\t\"\";\r\
\n:local deviceOsVerAvailNum \t\t0;\r\
\n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
\n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
\n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
\r\
\n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
\r\
\n:local deviceIdentityName \t\t[/system identity get name];\r\
\n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
\n\r\
\n:local isOsUpdateAvailable \tfalse;\r\
\n:local isOsNeedsToBeUpdated\tfalse;\r\
\n\r\
\n:local isSendEmailRequired\ttrue;\r\
\n\r\
\n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
\r\
\n:local mailBody \t \t\t\"\";\r\
\n\r\
\n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
stem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
ackup-and-update\";\r\
\n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
\n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal\t\t\$backupName;\r\
\n:local mailAttachments\t\t[:toarray \"\"];\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n\t:set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
ending email with backups,\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n\t:log info (\"\$SMP Performing the first step.\"); \r\
\n\r\
\n\t# Checking for new RouterOS version\r\
\n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
\n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
\_is: \$deviceOsVerInst\");\r\
\n\t\t/system package update set channel=\$updateChannel;\r\
\n\t\t/system package update check-for-updates;\r\
\n\t\t:delay 5s;\r\
\n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
\n\r\
\n\t\t# If there is a problem getting information about available RouterOS\
\_from server\r\
\n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
\_new RouterOS from server.\");\r\
\n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
terOS!\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
uldn't get any information about new RouterOS from server! \\r\\nWatch add\
itional information in device logs.\")\r\
\n\t\t} else={\r\
\n\t\t\t#Get numeric version of OS\r\
\n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
eviceOsVerAvail];\r\
\n\r\
\n\t\t\t# Checking if OS on server is greater than installed one.\r\
\n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n\t\t\t\t:set isOsUpdateAvailable true;\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
\");\r\
\n\t\t\t} else={\r\
\n\t\t\t\t:set isSendEmailRequired false;\r\
\n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
\n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
\n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
\r\
\n\t\t\t}\r\
\n\t\t};\r\
\n\t} else={\r\
\n\t\t:set scriptMode \"backup\";\r\
\n\t};\r\
\n\r\
\n\tif (\$forceBackup = true) do={\r\
\n\t\t# In this case the script will always send email, because it has to \
create backups\r\
\n\t\t:set isSendEmailRequired true;\r\
\n\t}\r\
\n\r\
\n\t# if new OS version is available to install\r\
\n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
{\r\
\n\t\t# If we only need to notify about new available version\r\
\n\t\tif (\$scriptMode = \"osnotify\") do={\r\
\n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
v.\$deviceOsVerAvail.\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
\")\r\
\n\t\t}\r\
\n\r\
\n\t\t# if we need to initiate RouterOs update process\r\
\n\t\tif (\$scriptMode = \"osupdate\") do={\r\
\n\t\t\t:set isOsNeedsToBeUpdated true;\r\
\n\t\t\t# if we need to install only patch updates\r\
\n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
\n\t\t\t\t#Check if Major and Minor builds are the same.\r\
\n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
={\r\
\n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
vailable.\"); \r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
ware is available. You need to update it manually.\");\r\
\n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
eOsVerAvail needs to be installed manually.\");\r\
\n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
\\r\\nYou chose to automatically install only patch updates, so this major\
\_update you need to install manually. \\r\\n\$changelogUrl\");\r\
\n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t}\r\
\n\t\t\t}\r\
\n\r\
\n\t\t\t#Check again, because this variable could be changed during checki\
ng for installing only patch updats\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
information will be sent when update process is completed. \\r\\nIf you ha\
ve not received second email in the next 5 minutes, then probably somethin\
g went wrong. (Check your device logs)\");\r\
\n\t\t\t\t#!! There is more code connected to this part and first step at \
the end of the script.\r\
\n\t\t\t}\r\
\n\t\t\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t## Checking If the script needs to create a backup\r\
\n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
;\r\
\n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
BeUpdated = true) do={\r\
\n\t\t:log info (\"\$SMP Creating system backups.\");\r\
\n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
\n\t\t};\r\
\n\t\tif (\$scriptMode != \"backup\") do={\r\
\n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n\t\t};\r\
\n\r\
\n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
\n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
ached to this email.\");\r\
\n\r\
\n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
veDataInConfig];\r\
\n\t} else={\r\
\n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
\n\t}\r\
\n\r\
\n\t# Combine fisrst step email\r\
\n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
);\r\
\n}\r\
\n\r\
\n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n\t:log info (\"\$SMP Performing the second step.\"); \r\
\n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
re\r\
\n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n\t\t:set isSendEmailRequired false;\r\
\n\t\t:delay 10s;\r\
\n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
rrentFw to v.\$deviceRbUpgradeFw\";\r\
\n\t\t## Start the upgrading process\r\
\n\t\t/system routerboard upgrade;\r\
\n\t\t## Wait until the upgrade is completed\r\
\n\t\t:delay 5s;\r\
\n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
o reboot in a moment!\";\r\
\n\t\t## Set scheduled task to send final report on the next boot, task wi\
ll be deleted when is is done. (That is why you should keep original scrip\
t name)\r\
\n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
ate;\" start-time=startup interval=0;\r\
\n\t\t## Reboot system to boot with new firmware\r\
\n\t\t/system reboot;\r\
\n\t} else={\r\
\n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
ate, skipping this step.\";\r\
\n\t\t:set updateStep 3;\r\
\n\t};\r\
\n}\r\
\n\r\
\n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n\t:log info (\"\$SMP Performing the third step.\"); \r\
\n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
\$deviceRbCurrentFw.\";\r\
\n\t## Small delay in case mikrotik needs some time to initialize connecti\
ons\r\
\n\t:log info \"\$SMP The final email with report and backups of upgraded \
system will be sent in a minute.\";\r\
\n\t:delay 1m;\r\
\n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
ew version: v.\$deviceOsVerInst!\");\r\
\n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\
pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\
fo \$mailBodyCopyright\";\r\
\n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
iveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n\t:log info \"\$SMP Sending email message, it will take around half a mi\
nute...\";\r\
\n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t:delay 5s;\r\
\n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
\_last-status]). Going to try it again in a while.\"\r\
\n\r\
\n\t\t:delay 5m;\r\
\n\r\
\n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t\t:delay 5s;\r\
\n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
et last-status]) for the second time.\"\r\
\n\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\
ocess due to inability to send backups to email.\"\r\
\n\t\t\t}\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t:delay 30s;\r\
\n\t\r\
\n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
\_\"succeeded\") do={\r\
\n\t\t:log info \"\$SMP File system cleanup.\"\r\
\n\t\t/file remove \$mailAttachments; \r\
\n\t\t:delay 2s;\r\
\n\t}\r\
\n\t\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
, task will be deleted when upgrade is done. (That is why you should keep \
original script name)\r\
\n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
-time=startup interval=0;\r\
\n \r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going \
to reboot in a moment!\"\r\
\n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
\_the same but under a different name\r\
\n\t/system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";"
add dont-require-permissions=no name=ledOn owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
system leds settings set all-leds-off=never;\r\
\n:log info (\"Leds On\");"
add dont-require-permissions=no name=ledOff owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
system leds settings set all-leds-off=immediate;\r\
\n:log info (\"Leds Off\");"
/tool e-mail
set address=s from="R" port= start-tls=yes \
user=
