The full config given below (6.49.2 before upgrading config). Are anybody experiencing the same issue ?
Code: Select all
# dec/13/2021 13:16:10 by RouterOS 6.49.2
# software id = XXXXXXX
#
# model = CCR1036-12G-4S
# serial number = YYYYYYYYYY
/interface bridge
add fast-forward=no mtu=1500 name=Datacenter-Bridge
add fast-forward=no mtu=1500 name=lan-bridge
/interface ethernet
set [ find default-name=ether1 ] comment="ISP2 ILL Fiber" l2mtu=1590 speed=\
100Mbps
set [ find default-name=ether2 ] comment="Direct Net" l2mtu=1590 speed=\
100Mbps
set [ find default-name=ether3 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" l2mtu=1590 \
loop-protect=on loop-protect-disable-time=10s speed=100Mbps
set [ find default-name=ether4 ] comment="LAN Bridge" l2mtu=1590 speed=\
100Mbps
set [ find default-name=ether5 ] comment="LAN Bridge" l2mtu=1590 speed=\
100Mbps
set [ find default-name=ether6 ] l2mtu=1590 name=ether6-lan speed=100Mbps
set [ find default-name=ether7 ] comment="Direct Net" l2mtu=1590 speed=\
100Mbps
set [ find default-name=ether8 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" disabled=yes \
l2mtu=1590 loop-protect=on loop-protect-disable-time=10s speed=100Mbps
set [ find default-name=ether9 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether10 ] advertise="10M-half,10M-full,100M-half,100M-\
full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
laptop disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether11 ] advertise="10M-half,10M-full,100M-half,100M-\
full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" disabled=\
yes l2mtu=1590 rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether12 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=sfp1 ] advertise="10M-half,10M-full,100M-half,100M-ful\
l,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
"ISP1 ILL Fiber"
/interface vlan
add interface=ether6-lan loop-protect-disable-time=10s name=vlan15-noc \
vlan-id=15
add comment="HO, ATM, D35 WebServer" interface=ether6-lan name=vlan17-ho \
vlan-id=17
add interface=ether6-lan loop-protect=on loop-protect-disable-time=10s name=\
vlan18-main vlan-id=18
/interface wireless security-profiles
set [ find default=yes ] group-ciphers="" supplicant-identity=MikroTik \
unicast-ciphers=""
/ip firewall layer7-protocol
add name=facebook regexp="^.+(www.facebook.com|facebook.com|login.facebook.com\
|www.login.facebook.com|fbcdn.net|www.fbcdn.net|fbcdn.com|www.fbcdn.com|st\
atic.ak.fbcdn.net|static.ak.connect.facebook.com|connect.facebook.net|www.\
connect.facebook.net|apps.facebook.com|m.facebook.com|fbsbx.com).*\$"
add name=youtube regexp="^.+(ytstatic.l.google.com|youtube-ui.l.google.com|you\
tubei.googleapis.com|youtube.googleapis.com|youtube.com|www.youtube.com|m.\
youtube.com|ytimg.com|s.ytimg.com|ytimg.l.google.com|youtube.l.google.com|\
i.google.com|googlevideo.com|youtu.be|youtube-nocookie.com).*\$"
/ip hotspot user profile
set [ find default=yes ] transparent-proxy=yes
/ip ipsec policy group
set [ find default=yes ] name=group
/ip ipsec profile
add dh-group=modp1536 enc-algorithm=aes-256 name=profile_1
/ip ipsec peer
add address=RRR.NNN.164.1/32 name=peer1 profile=profile_1
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
aes-256-cbc pfs-group=modp1536
/ip pool
add name=dhcp ranges=172.16.63.11-172.16.63.240
add name=L8 ranges=10.0.0.10-10.0.1.220
add name=L1-PUBLIC ranges=LLL.71.158.6
add name=L6 ranges=10.0.2.10-10.0.3.220
add name=L4 ranges=10.0.4.10-10.0.5.220
add name=L3 ranges=10.0.6.10-10.0.7.220
add name=L2 ranges=10.0.8.10-10.0.9.220
add name=L1 ranges=10.0.10.10-10.0.11.220
add name=S2 ranges=10.0.9.222
add name=P2 ranges=10.0.9.221
add name=vpn ranges=192.168.254.20-192.168.254.50
add name=is1 ranges=192.168.254.8/29
add name=vpn1 ranges=192.168.254.60-192.168.254.100
add name="DC Bridge" ranges=10.255.255.20-10.255.255.250
add name=dhcp_main ranges=172.16.62.11-172.16.62.240
add name=dhcp_pool_noc ranges=172.16.61.20-172.16.61.245
add name=dhcp_pool-ho ranges=172.16.60.20-172.16.60.200
/ip dhcp-server
add address-pool="DC Bridge" authoritative=after-2sec-delay disabled=no \
interface=Datacenter-Bridge lease-time=3d name="direct net pool"
add address-pool=dhcp_main authoritative=after-2sec-delay disabled=no \
interface=vlan18-main name=dhcp-main
add address-pool=dhcp_pool_noc authoritative=after-2sec-delay disabled=no \
interface=vlan15-noc name=dhcp-noc
add address-pool=dhcp_pool-ho disabled=no interface=vlan17-ho name=dhcp_ho
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
up-port=1700
/port
set 0 flow-control=hardware name=serial0
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
stop-bits=1
/ppp profile
set *0 address-list=L8 dns-server=172.16.6.65 local-address=10.0.0.1 \
only-one=yes remote-address=L8 use-compression=no
add address-list=L6 dns-server=10.0.0.1 local-address=10.0.0.1 name=L6 \
only-one=yes remote-address=L6 use-compression=yes
add address-list=L4 dns-server=10.0.0.1 local-address=10.0.0.1 name=L4 \
only-one=yes remote-address=L4 use-compression=yes
add address-list=L3 dns-server=10.0.0.1 local-address=10.0.0.1 name=L3 \
only-one=yes remote-address=L3 use-compression=yes
add address-list=L1-PUBLIC dns-server=10.0.0.1 local-address=10.0.0.1 name=\
L1-PUBLIC only-one=yes remote-address=L1-PUBLIC use-compression=yes
add address-list=L2 dns-server=10.0.0.1 local-address=10.0.0.1 name=L2 \
only-one=yes remote-address=L2 use-compression=yes
add address-list=L1 dns-server=10.0.0.1 local-address=10.0.0.1 name=L1 \
only-one=yes remote-address=L1 use-compression=yes
add address-list=P2 dns-server=10.0.0.1 local-address=10.0.0.1 name=P2 \
only-one=yes remote-address=P2 use-compression=yes
add address-list=S2 dns-server=10.0.0.1 local-address=10.0.0.1 name=S2 \
only-one=yes remote-address=S2 use-compression=no use-encryption=no
add address-list=vpn dns-server=192.168.254.1 local-address=192.168.254.1 \
name=vpn only-one=yes remote-address=vpn use-compression=yes \
use-encryption=yes
add address-list=is1 dns-server=192.168.254.1 local-address=192.168.254.1 \
name=is1 only-one=yes remote-address=is1 use-compression=yes \
use-encryption=yes
add address-list=vpn1 dns-server=192.168.254.1 local-address=192.168.254.1 \
name=vpn1 only-one=yes remote-address=vpn1 use-compression=yes \
use-encryption=yes
set *FFFFFFFE only-one=yes use-compression=no use-encryption=no
/queue tree
add max-limit=1024M name=P-DL parent=global priority=1 queue=default
add disabled=yes limit-at=100k max-limit=2M name=L1 packet-mark=L1 parent=\
P-DL priority=2 queue=default
add disabled=yes limit-at=256k max-limit=4M name=L3 packet-mark=L3 parent=\
P-DL priority=3 queue=default
add disabled=yes limit-at=100k max-limit=4M name=L4 packet-mark=L4 parent=\
P-DL priority=1 queue=default
add disabled=yes limit-at=256k max-limit=4500k name=L2 packet-mark=L2 parent=\
P-DL priority=2 queue=default
add disabled=yes limit-at=100k max-limit=4M name=L8 packet-mark=L8 parent=\
P-DL queue=default
add disabled=yes limit-at=1M max-limit=10M name=L6 packet-mark=L6 parent=P-DL \
priority=6 queue=default
add disabled=yes limit-at=768k max-limit=4500k name=vpn-dl packet-mark=vpn \
parent=P-DL priority=1 queue=default
add disabled=yes limit-at=256k max-limit=1700k name=S2 packet-mark=S2 parent=\
P-DL priority=2 queue=default
add disabled=yes limit-at=256k max-limit=2M name=P2 packet-mark=P2 parent=\
P-DL priority=3 queue=default
add disabled=yes limit-at=256k max-limit=2M name=DN packet-mark=DN parent=\
P-DL queue=default
add burst-limit=15M burst-time=10s limit-at=1M max-limit=10M name=mbdn \
packet-mark=mbdn parent=P-DL queue=default
add burst-limit=10k burst-time=10s disabled=yes limit-at=10k max-limit=10k \
name=c packet-mark=mbdnc parent=P-DL queue=default
add burst-limit=20k burst-time=10s disabled=yes limit-at=1k max-limit=10k \
name=temp packet-mark=temp parent=P-DL queue=default
/routing bgp instance
set default as=4200000001 router-id=172.16.6.65
/routing ospf instance
set [ find default=yes ] redistribute-bgp=as-type-1 redistribute-other-ospf=\
as-type-1 redistribute-static=as-type-1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=ccbldc2357 write-access=yes
/system logging action
set 0 memory-lines=100
set 1 disk-file-count=9999 disk-lines-per-file=10000
set 3 bsd-syslog=yes remote=172.16.6.13 syslog-facility=syslog \
syslog-severity=info
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=lan-bridge hw=no interface=ether4
add bridge=lan-bridge hw=no interface=ether5
add bridge=Datacenter-Bridge hw=no interface=ether7
add bridge=Datacenter-Bridge hw=no interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=1024
/interface l2tp-server server
set default-profile=default enabled=yes max-mru=1300 max-mtu=1300
/interface ovpn-server server
set auth=sha1 certificate=server.crt_0 cipher=aes256 enabled=yes \
require-client-certificate=yes
/interface pppoe-server server
add disabled=no interface=vlan17-ho keepalive-timeout=11 max-mru=1480 \
max-mtu=1480 service-name=PPPoE
add disabled=no interface=Datacenter-Bridge max-mru=1480 max-mtu=1480 \
service-name="PPPoE DC"
add disabled=no interface=vlan18-main keepalive-timeout=11 max-mru=1480 \
max-mtu=1480 service-name=PPPoE
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default \
keepalive-timeout=11 max-mru=1460 max-mtu=1460
/interface sstp-server server
set default-profile=vpn
/ip address
add address=172.16.6.65/28 interface=lan-bridge network=172.16.6.64
add address=10.10.10.225/30 interface=vlan18-main network=10.10.10.224
add address=10.5.5.9/30 comment="ATM Main Br." interface=vlan17-ho network=\
10.5.5.8
add address=10.255.255.1/24 interface=Datacenter-Bridge network=10.255.255.0
add address=192.168.88.6/24 disabled=yes interface=ether1 network=\
192.168.88.0
add address=10.6.6.1/30 comment="web server" interface=vlan17-ho network=\
10.6.6.0
add address=MMM.NNN.126.242/28 comment="ISP2 ILL" disabled=yes interface=\
ether1 network=MMM.NNN.126.240
add address=172.16.62.1/24 interface=vlan18-main network=172.16.62.0
add address=172.16.61.1/24 interface=vlan15-noc network=172.16.61.0
add address=172.16.60.1/24 interface=vlan17-ho network=172.16.60.0
add address=10.9.9.1/30 interface=vlan18-main network=10.9.9.0
add address=10.50.50.1/24 comment="Main Br and Cash DVR" interface=vlan17-ho \
network=10.50.50.0
add address=10.52.52.1/24 comment="HO DVR" interface=vlan17-ho network=\
10.52.52.0
add address=10.8.8.1/24 disabled=yes network=10.8.8.0
add address=10.11.11.1/30 interface=ether1 network=10.11.11.0
add address=192.168.1.65/24 disabled=yes interface=ether3 network=192.168.1.0
add address=10.53.53.1/24 comment="ATM DVR" interface=vlan17-ho network=\
10.53.53.0
add address=LLL.HHH82.250/30 comment="ISP1 ILL" interface=sfp1 network=\
LLL.HHH82.248
add address=10.5.5.45/30 comment="Recycler Main Br." interface=vlan17-ho \
network=10.5.5.44
/ip dhcp-server lease
add address=10.255.255.29 always-broadcast=yes client-id=1:b4:b5:2f:81:3f:70 \
comment="sourav lappy" mac-address=B4:B5:2F:81:3F:70 server=\
"direct net pool"
add address=172.16.61.20 client-id=1:e8:40:f2:ac:5c:55 comment=NOC \
mac-address=E8:40:F2:AC:5C:55 server=dhcp-noc
add address=172.16.62.23 comment="shm m" mac-address=74:23:44:34:F0:93 \
server=dhcp-main
add address=172.16.62.25 always-broadcast=yes comment="sm mb" mac-address=\
18:59:36:08:BA:71 server=dhcp-main
add address=10.255.255.36 always-broadcast=yes client-id=1:a4:17:31:5d:eb:6b \
comment="srv laptop" mac-address=A4:17:31:5D:EB:6B server=\
"direct net pool"
add address=172.16.60.47 always-broadcast=yes comment="pr mb" mac-address=\
0C:1D:AF:77:4C:05
add address=172.16.60.58 always-broadcast=yes client-id=1:78:2:f8:9e:d3:69 \
comment="ap nt4" mac-address=78:02:F8:9E:D3:69
add address=10.255.255.72 client-id=1:38:a4:ed:e0:78:fd comment="smk mb" \
mac-address=38:A4:ED:E0:78:FD server="direct net pool"
add address=172.16.62.15 client-id=1:40:a8:f0:68:a0:62 comment="cts pc" \
mac-address=40:A8:F0:68:A0:62 server=dhcp-main
add address=172.16.60.51 always-broadcast=yes client-id=1:a4:17:31:5d:eb:6b \
comment="srv lap" mac-address=A4:17:31:5D:EB:6B
add address=172.16.60.53 client-id=1:3c:77:e6:9f:fe:bf comment=diwedi \
mac-address=3C:77:E6:9F:FE:BF
add address=10.255.255.25 always-broadcast=yes client-id=1:c4:b:cb:ce:d7:a3 \
comment="smk mb" mac-address=C4:0B:CB:CE:D7:A3 server="direct net pool"
add address=10.255.255.68 always-broadcast=yes client-id=1:e4:46:da:a9:4e:4b \
comment="SRV MB" mac-address=E4:46:DA:A9:4E:4B server="direct net pool"
add address=172.16.62.57 always-broadcast=yes client-id=1:0:f:5:40:38:a0 \
comment="dilip majee pc" mac-address=00:0F:05:40:38:A0 server=dhcp-main
add address=172.16.62.28 client-id=1:20:a6:c:dd:11:ec comment="dip mb" \
mac-address=20:A6:0C:DD:11:EC server=dhcp-main
add address=172.16.62.48 client-id=1:28:3b:82:30:a7:da comment=\
"director router" mac-address=28:3B:82:30:A7:DA server=dhcp-main
add address=172.16.60.87 client-id=1:60:23:a4:e9:c6:32 comment="Boardroom TV" \
mac-address=60:23:A4:E9:C6:32
add address=172.16.62.13 client-id=1:e0:d5:5e:44:4e:c4 comment="amit pc" \
mac-address=E0:D5:5E:44:4E:C4 server=dhcp-main
add address=172.16.60.20 client-id=1:0:ec:a:94:7c:f1 comment="piku mb" \
mac-address=00:EC:0A:94:7C:F1
add address=172.16.62.17 client-id=1:f0:67:28:3e:97:b9 comment="al mb" \
mac-address=F0:67:28:3E:97:B9 server=dhcp-main
add address=172.16.60.23 client-id=1:e0:d5:5e:1:b2:55 mac-address=\
E0:D5:5E:01:B2:55
add address=10.255.255.21 client-id=1:40:a8:f0:5c:52:fc comment=helpdesk \
mac-address=40:A8:F0:5C:52:FC server="direct net pool"
add address=172.16.60.45 client-id=1:b4:c4:fc:7a:fb:e3 comment="m kar mob" \
mac-address=B4:C4:FC:7A:FB:E3
add address=172.16.60.56 client-id=1:70:c9:4e:f7:c2:29 comment="rohitas lap" \
mac-address=70:C9:4E:F7:C2:29
add address=172.16.60.27 client-id=1:e0:1f:88:27:7e:d5 comment="sourav mob" \
mac-address=E0:1F:88:27:7E:D5 server=dhcp_ho
add address=172.16.60.59 client-id=1:4:95:e6:82:5d:20 comment=NOVA \
mac-address=04:95:E6:82:5D:20 server=dhcp_ho
add address=172.16.60.30 client-id=1:20:47:47:53:ed:45 comment="Bijoy Lap" \
mac-address=20:47:47:53:ED:45 server=dhcp_ho
add address=172.16.60.74 client-id=1:70:18:8b:b9:60:d7 comment="sec lap" \
mac-address=70:18:8B:B9:60:D7 server=dhcp_ho
add address=172.16.60.86 client-id=1:40:a8:f0:5b:a8:58 comment="apollo pc" \
mac-address=40:A8:F0:5B:A8:58 server=dhcp_ho
add address=172.16.60.111 client-id=1:4:95:e6:82:6b:70 comment=NOVA \
mac-address=04:95:E6:82:6B:70 server=dhcp_ho
add address=172.16.60.40 client-id=1:4:95:e6:82:6b:78 comment=NOVA \
mac-address=04:95:E6:82:6B:78 server=dhcp_ho
add address=172.16.60.112 client-id=1:4:95:e6:82:5d:28 comment=NOVA \
mac-address=04:95:E6:82:5D:28 server=dhcp_ho
add address=172.16.60.109 client-id=1:dc:b7:2e:20:ca:fd comment="pallab mob" \
mac-address=DC:B7:2E:20:CA:FD server=dhcp_ho
add address=172.16.60.83 client-id=1:e8:18:8f:41:6c:63 comment="santu pc" \
mac-address=E8:18:8F:41:6C:63 server=dhcp_ho
add address=172.16.60.67 client-id=1:70:bb:e9:31:81:4a comment="Sec Mob" \
mac-address=70:BB:E9:31:81:4A server=dhcp_ho
add address=172.16.60.119 client-id=1:a4:4b:d5:5e:47:23 comment="prasun mob" \
mac-address=A4:4B:D5:5E:47:23 server=dhcp_ho
add address=172.16.60.55 client-id=1:0:ec:a:94:7c:f1 comment="soumen mob" \
mac-address=00:EC:0A:94:7C:F1 server=dhcp_ho
add address=172.16.60.123 client-id=1:50:c8:e5:c3:2e:b9 comment="sekhar mob" \
mac-address=50:C8:E5:C3:2E:B9 server=dhcp_ho
add address=172.16.60.52 client-id=1:8c:aa:ce:5c:2:d3 comment="anirban mob" \
mac-address=8C:AA:CE:5C:02:D3 server=dhcp_ho
add address=172.16.60.100 client-id=1:4c:6f:9c:52:90:ef comment="Apollo Mob" \
mac-address=4C:6F:9C:52:90:EF server=dhcp_ho
add address=172.16.60.75 client-id=1:20:34:fb:7d:5c:ef comment="santu mob" \
mac-address=20:34:FB:7D:5C:EF server=dhcp_ho
add address=172.16.60.127 client-id=1:c:f3:46:e2:cd:67 comment="sambo mob" \
mac-address=0C:F3:46:E2:CD:67 server=dhcp_ho
add address=172.16.60.70 client-id=1:9c:28:f7:5:f4:a8 comment="Raju Mob" \
mac-address=9C:28:F7:05:F4:A8 server=dhcp_ho
add address=172.16.60.64 client-id=1:50:2b:73:22:3c:28 comment=NOVA \
mac-address=50:2B:73:22:3C:28 server=dhcp_ho
add address=172.16.60.136 client-id=1:38:e6:a:f2:1e:6c comment="debashis mob" \
mac-address=38:E6:0A:F2:1E:6C server=dhcp_ho
add address=172.16.60.135 client-id=1:1c:1b:d:2b:ed:f3 comment="Suman PC" \
mac-address=1C:1B:0D:2B:ED:F3 server=dhcp_ho
add address=172.16.60.143 client-id=1:18:87:40:69:3c:17 comment="Suman Mob" \
mac-address=18:87:40:69:3C:17 server=dhcp_ho
add address=172.16.60.151 client-id=1:10:3f:44:8:b4:f9 comment="Pinaki Mob" \
mac-address=10:3F:44:08:B4:F9 server=dhcp_ho
add address=172.16.60.85 client-id=1:a4:17:31:5d:eb:6b mac-address=\
A4:17:31:5D:EB:6B server=dhcp_ho
add address=172.16.60.93 client-id=1:54:8c:a0:bc:c6:31 comment=temp \
mac-address=54:8C:A0:BC:C6:31 server=dhcp_ho
add address=172.16.60.120 client-id=1:14:ab:c5:27:c4:55 comment="koushik lap" \
mac-address=14:AB:C5:27:C4:55 server=dhcp_ho
add address=172.16.60.130 client-id=1:10:3f:44:5:7d:9d comment="manu ph" \
mac-address=10:3F:44:05:7D:9D server=dhcp_ho
add address=172.16.60.44 client-id=1:1c:bf:c0:e4:3e:a9 comment="amit da" \
mac-address=1C:BF:C0:E4:3E:A9 server=dhcp_ho
add address=172.16.60.35 client-id=1:b2:ab:c1:1e:70:dd comment="arghya mob" \
mac-address=B2:AB:C1:1E:70:DD server=dhcp_ho
add address=172.16.60.98 client-id=1:b4:b5:2f:81:53:fe comment="prasun lap" \
mac-address=B4:B5:2F:81:53:FE server=dhcp_ho
add address=172.16.60.49 client-id=1:50:2b:73:22:3c:30 comment=\
"BoardRoom Nova" mac-address=50:2B:73:22:3C:30 server=dhcp_ho
add address=172.16.60.65 client-id=1:6a:d0:e4:85:9:6a comment=\
"Prasun karar mob" mac-address=6A:D0:E4:85:09:6A server=dhcp_ho
add address=172.16.60.95 client-id=1:1c:1b:d:be:c3:7a comment=sambo \
mac-address=1C:1B:0D:BE:C3:7A server=dhcp_ho
add address=172.16.62.12 client-id=1:c2:c2:4a:d5:89:a3 comment="hasibul mob" \
mac-address=C2:C2:4A:D5:89:A3 server=dhcp-main
add address=172.16.62.16 client-id=1:74:d4:35:6e:97:83 comment="printer pc" \
mac-address=74:D4:35:6E:97:83 server=dhcp-main
add address=172.16.60.60 client-id=1:0:1a:4b:4f:bb:62 comment="bbzr server" \
mac-address=00:1A:4B:4F:BB:62 server=dhcp_ho
add address=172.16.60.28 client-id=1:12:b3:70:23:ff:d3 comment="ram mob" \
mac-address=12:B3:70:23:FF:D3 server=dhcp_ho
add address=172.16.60.36 client-id=1:1e:ca:76:ab:4:35 comment="koushik ph" \
mac-address=1E:CA:76:AB:04:35 server=dhcp_ho
add address=172.16.60.69 client-id=1:34:a:33:2e:80:28 comment="share printer" \
mac-address=34:0A:33:2E:80:28 server=dhcp_ho
add address=172.16.60.39 client-id=1:dc:b7:2e:26:8d:56 comment="samik mob" \
mac-address=DC:B7:2E:26:8D:56 server=dhcp_ho
add address=172.16.60.61 client-id=1:e0:d5:5e:1:b2:55 comment=\
"recovery printer" mac-address=E0:D5:5E:01:B2:55 server=dhcp_ho
add address=172.16.60.63 client-id=1:34:6f:24:d:ea:83 comment=temp \
mac-address=34:6F:24:0D:EA:83 server=dhcp_ho
/ip dhcp-server network
add address=10.255.255.0/24 dns-server=172.16.6.65 gateway=10.255.255.1 \
netmask=24 ntp-server=10.255.255.1
add address=172.16.60.0/24 dns-server=172.16.6.65 gateway=172.16.60.1
add address=172.16.61.0/24 dns-server=172.16.6.65 gateway=172.16.61.1
add address=172.16.62.0/24 dns-server=172.16.6.65 gateway=172.16.62.1 \
ntp-server=172.16.62.1
add address=172.16.63.0/24 dns-server=172.16.6.65 gateway=172.16.63.1 \
netmask=24 ntp-server=172.16.63.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=10240KiB \
max-concurrent-queries=999999999 max-concurrent-tcp-sessions=999999999 \
query-server-timeout=10s query-total-timeout=20s servers=\
2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,8.8.4.4
/ip dns static
add address=172.16.6.20 name=ccbldcav01
add address=172.16.1.12 name=cbs3.ccbltd.net
add address=172.16.1.11 name=cbs2.ccbltd.net
add address=172.16.1.11 name=ac1.ccbltd.net
add address=172.16.1.11 name=dw.ccbltd.net
add address=172.16.1.11 name=mis2.ccbltd.net
add address=172.16.1.111 name=cbs1.ccbltd.net
add address=172.16.1.152 name=cm.ccbltd.net
add address=172.16.1.176 name=ccbldcad01.ccbltd.net
add address=172.16.1.186 name=ccbldcadc01.ccbltd.net
add address=172.16.1.181 name=test1.ccbltd.net
add address=172.16.1.152 name=crm.ccbltd.net
add address=172.16.1.152 name=los.ccbltd.net
add address=172.16.1.151 name=ac.ccbltd.net
add address=172.16.1.151 name=mis.ccbltd.net
add address=172.16.1.151 name=ho.ccbltd.net
add address=172.16.1.150 name=eip.ccbltd.net
add address=172.16.6.20 name=ccblbackup01
add address=172.16.1.173 name=dpis
add address=172.16.6.14 name=DESKTOP-HFDE6U3
/ip firewall filter
add action=accept chain=input comment=\
"allow established, related, untracked connections" connection-state=\
established,related,untracked
add action=drop chain=input comment="drop invalid connections" \
connection-state=invalid log-prefix=Invalid-Connection-Drop
add action=accept chain=forward comment=\
"allow established, related, untracked connections" connection-state=\
established,related,untracked
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid log-prefix=Invalid-Connection-Drop
add action=add-src-to-address-list address-list="DNS Attack" \
address-list-timeout=5m chain=input comment="DNS Attack" disabled=yes \
dst-port=53 in-interface=sfp1 protocol=udp
add action=add-src-to-address-list address-list="DNS Attack" \
address-list-timeout=5m chain=input comment="DNS Attack" disabled=yes \
dst-port=53 in-interface=sfp1 protocol=tcp
add action=reject chain=input comment="DNS Attack" disabled=yes in-interface=\
sfp1 log=yes log-prefix=DNS-Attack reject-with=icmp-host-unreachable \
src-address-list="DNS Attack"
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=1194 \
in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=1194 \
in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=1195 \
in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=1195 \
in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=21 \
in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 dst-port=2828 in-interface=ether1 \
protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=123 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=123 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=1723 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 dst-port=47 in-interface=ether1 protocol=\
tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=8291 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=8291 \
in-interface=sfp1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1 protocol=icmp
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
protocol=icmp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=39
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=gre
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 dst-port=1723 in-interface=ether1 \
protocol=tcp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=encap
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ipip
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ospf
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=vmtp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=rspf
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ddp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=xtp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=iso-tp4
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=rdp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=xns-idp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=hmp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=pup
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=egp
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=st
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=ipencap
add action=accept chain=input disabled=yes dst-address=\
MMM.NNN.126.242-MMM.NNN.126.254 in-interface=ether1 protocol=igmp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=500 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=500 \
in-interface=sfp1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
dst-port=4500 in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=LLL.HHH82.250 dst-port=4500 \
in-interface=sfp1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
protocol=ipsec-esp
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1 protocol=ipsec-ah
add action=accept chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 \
protocol=ipsec-ah
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=443 \
in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=25 \
in-interface=ether1 protocol=udp
add action=accept chain=input dst-address=MMM.NNN.126.245 dst-port=25 \
in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.242 \
dst-port=445 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-address=MMM.NNN.126.242 dst-port=22 \
in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.242 \
in-interface=ether1 protocol=ipv6-encap
add action=accept chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1 protocol=ipsec-ah
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
dst-port=4443 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
dst-port=443 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.244 \
dst-port=21 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.248 \
dst-port=8080 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
dst-port=9002 in-interface=ether1 protocol=tcp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
dst-port=4443 in-interface=ether1 protocol=udp
add action=accept chain=input disabled=yes dst-address=MMM.NNN.126.243 \
dst-port=9002 in-interface=ether1 protocol=udp
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
log-prefix=Piku-Youtube src-address=10.255.255.9
add action=drop chain=input comment="L8 Youtube" layer7-protocol=youtube log=\
yes log-prefix=L8-Youtube src-address=10.0.0.10-10.0.1.220
add action=drop chain=input comment="anirban Youtube" disabled=yes \
layer7-protocol=youtube log=yes log-prefix=anirban-Youtube src-address=\
172.16.60.31
add action=drop chain=input comment="L6 Youtube" layer7-protocol=youtube log=\
yes log-prefix=L6-Youtube src-address=10.0.2.10-10.0.3.220
add action=drop chain=input comment="NOC Youtube" layer7-protocol=youtube \
log=yes log-prefix=NOC-Youtube src-address=10.255.255.134
add action=drop chain=input comment="sunny Youtube" layer7-protocol=youtube \
log=yes log-prefix=sunny-Youtube src-address=172.16.60.41
add action=drop chain=input comment="L8 Facebook" layer7-protocol=facebook \
log=yes log-prefix=L8-Facebook src-address=10.0.0.10-10.0.1.220
add action=drop chain=input comment="anirban Facebook" disabled=yes \
layer7-protocol=facebook log=yes log-prefix=anirban-Facebook src-address=\
172.16.60.31
add action=drop chain=input comment="L6 Facebook" layer7-protocol=facebook \
log=yes log-prefix=L6-Facebook src-address=10.0.2.10-10.0.3.220
add action=drop chain=input comment="NOC Facebook" layer7-protocol=facebook \
log=yes log-prefix=NOC-Facebook src-address=10.255.255.134
add action=drop chain=input comment="sunny Facebook" layer7-protocol=facebook \
log=yes log-prefix=sunny-Facebook src-address=172.16.60.41
add action=drop chain=input disabled=yes layer7-protocol=youtube log=yes \
log-prefix=Samba-Youtube src-address=10.0.1.237
add action=drop chain=input disabled=yes layer7-protocol=youtube log=yes \
log-prefix=Samba-Youtube src-address=10.0.1.238
add action=drop chain=input disabled=yes layer7-protocol=facebook log=yes \
log-prefix=Samba-Facebook src-address=10.0.1.237
add action=drop chain=input disabled=yes layer7-protocol=facebook log=yes \
log-prefix=Samba-Facebook src-address=10.0.1.238
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
log-prefix=Biswajit-Youtube src-address=10.0.0.24
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
log-prefix=Sec-Youtube src-address=172.16.60.93
add action=log chain=input disabled=yes layer7-protocol=*2 log=yes \
log-prefix=MKar-Youtube src-address=172.16.60.62
add action=log chain=input disabled=yes layer7-protocol=*3 log=yes \
log-prefix=Piku-Facebook src-address=10.255.255.9
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=1h chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=reject chain=input comment="Port Scanner Attack" log=yes \
log-prefix=Port-Scanner-Attack reject-with=icmp-host-unreachable \
src-address-list="port scanners"
add action=drop chain=input dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1
add action=drop chain=forward dst-address=MMM.NNN.126.242-MMM.NNN.126.254 \
in-interface=ether1 log=yes
add action=drop chain=input dst-address=LLL.HHH82.250 in-interface=sfp1 log=\
yes log-prefix=Router-Attack
add action=drop chain=forward dst-address=139.167.64.3 in-interface=sfp1 log=\
yes log-prefix=Mail-Server-Attack
add action=drop chain=forward dst-address=139.167.64.2 in-interface=sfp1 log=\
yes log-prefix=Web-Server-Attack
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=L1 \
passthrough=yes src-address-list=L1
add action=mark-connection chain=prerouting comment=DN disabled=yes \
new-connection-mark=DN passthrough=yes src-address=10.255.255.0/24
add action=mark-connection chain=prerouting comment="ap h mob" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.24
add action=mark-connection chain=prerouting comment=tm disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.52
add action=mark-connection chain=prerouting comment=tm disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.61
add action=mark-connection chain=prerouting comment=tm disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.56
add action=mark-connection chain=prerouting comment="mk mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.54
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.26
add action=mark-routing chain=prerouting comment="vc ph" disabled=yes \
new-routing-mark=L4 passthrough=yes src-address=172.16.60.45
add action=mark-routing chain=prerouting comment=sms disabled=yes \
new-routing-mark=sms passthrough=yes src-address=172.16.1.152
add action=mark-routing chain=prerouting comment="smn mb" disabled=yes \
new-routing-mark=L4 passthrough=yes src-address=172.16.60.46
add action=mark-routing chain=prerouting comment="ap h" disabled=yes \
new-routing-mark=L4 passthrough=yes src-address=10.255.255.40
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.81
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.86
add action=mark-connection chain=prerouting comment="b tb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.15
add action=mark-connection chain=prerouting comment="shm mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.41
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.47
add action=mark-connection chain=prerouting comment="v mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.32
add action=mark-connection chain=prerouting comment="ap mb l" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.63
add action=mark-connection chain=prerouting comment="ap mb l" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.37
add action=mark-connection chain=prerouting comment="ap mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.22
add action=mark-connection chain=prerouting comment="AV Server" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.6.20
add action=mark-connection chain=prerouting comment="sec mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.105
add action=mark-connection chain=prerouting comment="sec j5" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.68
add action=mark-connection chain=prerouting comment="sec m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.33
add action=mark-connection chain=prerouting comment="prd m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.87
add action=mark-connection chain=prerouting comment=temp disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.29
add action=mark-connection chain=prerouting comment="ab m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.143
add action=mark-connection chain=prerouting comment="ahasan m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.39
add action=mark-connection chain=prerouting comment="pr mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.38
add action=mark-connection chain=prerouting comment=c disabled=yes \
new-connection-mark=mbdnc passthrough=yes src-address=172.16.62.15
add action=mark-connection chain=prerouting comment="sb m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.58
add action=mark-connection chain=prerouting comment="smn mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.247
add action=mark-connection chain=prerouting comment=lap disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.42
add action=mark-connection chain=prerouting comment="smn mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.31
add action=mark-connection chain=prerouting comment="ani mob" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.52
add action=mark-connection chain=prerouting comment="sec lap" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.74
add action=mark-connection chain=prerouting comment="bijoy lap" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.30
add action=mark-connection chain=prerouting comment="koushik ph" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.144
add action=mark-connection chain=prerouting comment="piku comp" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.15
add action=mark-connection chain=prerouting comment=temp disabled=yes \
dst-address=172.16.1.152 dst-port=8445 new-connection-mark=temp \
passthrough=yes protocol=tcp src-address=172.16.0.0/21
add action=mark-connection chain=prerouting comment="suman comp" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.135
add action=mark-connection chain=prerouting comment="debashis mob" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.136
add action=mark-connection chain=prerouting comment="sekhar mb" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.123
add action=mark-connection chain=prerouting comment="Raju Mob" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.70
add action=mark-connection chain=prerouting comment="manu mb" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.130
add action=mark-connection chain=prerouting comment="santu mb" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.75
add action=mark-connection chain=prerouting comment=test disabled=yes \
dst-port=1194 new-connection-mark=mbdn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ap comp" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.86
add action=mark-connection chain=prerouting comment="smk mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.25
add action=mark-connection chain=prerouting comment="am mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.84
add action=mark-connection chain=prerouting comment="sd mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.44
add action=mark-connection chain=prerouting comment="vc mb" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.66
add action=mark-connection chain=prerouting comment="hs mb" \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.41
add action=mark-connection chain=prerouting comment="cm m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.62.12
add action=mark-connection chain=prerouting comment="sn m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.113
add action=mark-connection chain=prerouting comment="ar m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.159
add action=mark-connection chain=prerouting comment=test disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=10.255.255.21
add action=mark-connection chain=prerouting comment="ppp m" disabled=yes \
new-connection-mark=mbdn passthrough=yes src-address=172.16.60.68
add action=mark-connection chain=prerouting new-connection-mark=L8-S \
passthrough=yes src-address-list=L8-S
add action=mark-routing chain=prerouting new-routing-mark=L1 passthrough=yes \
src-address-list=L1
add action=mark-connection chain=prerouting new-connection-mark=L8 \
passthrough=yes src-address-list=L8
add action=mark-routing chain=prerouting new-routing-mark=L8 passthrough=yes \
src-address-list=L8
add action=mark-connection chain=prerouting new-connection-mark=L6 \
passthrough=yes src-address-list=L6
add action=mark-routing chain=prerouting new-routing-mark=L6 passthrough=yes \
src-address-list=L6
add action=mark-connection chain=prerouting new-connection-mark=L4 \
passthrough=yes src-address-list=L4
add action=mark-routing chain=prerouting new-routing-mark=L4 passthrough=yes \
src-address-list=L4
add action=mark-routing chain=prerouting new-routing-mark=L4 passthrough=yes \
src-address=10.10.10.226
add action=mark-connection chain=prerouting new-connection-mark=L3 \
passthrough=yes src-address-list=L3
add action=mark-routing chain=prerouting new-routing-mark=L3 passthrough=yes \
src-address-list=L3
add action=mark-connection chain=prerouting new-connection-mark=L2 \
passthrough=yes src-address-list=L2
add action=mark-routing chain=prerouting new-routing-mark=L2 passthrough=yes \
src-address-list=L2
add action=mark-connection chain=prerouting new-connection-mark=vpn \
passthrough=yes src-address-list=vpn
add action=mark-routing chain=prerouting new-routing-mark=is1 passthrough=yes \
src-address-list=is1
add action=mark-connection chain=prerouting new-connection-mark=is1 \
passthrough=yes src-address-list=is1
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes \
src-address-list=vpn
add action=mark-routing chain=prerouting comment=mail disabled=yes \
new-routing-mark=mail passthrough=yes src-address=172.16.6.21
add action=mark-routing chain=prerouting comment=mail disabled=yes \
dst-address=172.16.6.21 new-routing-mark=mail passthrough=yes
add action=mark-connection chain=prerouting new-connection-mark=S2 \
passthrough=yes src-address-list=S2
add action=mark-routing chain=prerouting comment=S2 new-routing-mark=S2 \
passthrough=yes src-address-list=S2
add action=mark-routing chain=prerouting comment=web disabled=yes \
dst-address-type=!local new-routing-mark=web passthrough=yes src-address=\
10.6.6.2
add action=mark-connection chain=prerouting comment=cts disabled=yes \
dst-address-type=!local new-connection-mark=mbdnc passthrough=yes \
src-address=172.16.62.15
add action=mark-connection chain=prerouting new-connection-mark=P2 \
passthrough=yes src-address-list=P2
add action=mark-routing chain=prerouting new-routing-mark=P2 passthrough=yes \
src-address-list=P2
add action=mark-packet chain=forward connection-mark=L1 new-packet-mark=L1 \
passthrough=yes
add action=mark-packet chain=forward comment=DN connection-mark=DN \
new-packet-mark=DN passthrough=yes
add action=mark-packet chain=forward comment=mbdn connection-mark=mbdn \
new-packet-mark=mbdn passthrough=yes
add action=mark-packet chain=forward comment=temp connection-mark=temp \
disabled=yes new-packet-mark=temp passthrough=yes
add action=mark-packet chain=forward comment=c connection-mark=mbdnc \
new-packet-mark=mbdnc passthrough=yes
add action=mark-packet chain=forward connection-mark=L8-S new-packet-mark=\
L8-S passthrough=yes
add action=mark-packet chain=forward connection-mark=L8 new-packet-mark=L8 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=L6 new-packet-mark=L6 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=L4 new-packet-mark=L4 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=L3 new-packet-mark=L3 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=L2 new-packet-mark=L2 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=vpn new-packet-mark=vpn \
passthrough=yes
add action=mark-packet chain=forward connection-mark=is1 new-packet-mark=is1 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=S2 new-packet-mark=S2 \
passthrough=yes
add action=mark-packet chain=forward connection-mark=P2 new-packet-mark=P2 \
passthrough=yes
add action=mark-routing chain=prerouting comment=mbdn connection-mark=mbdn \
disabled=yes new-routing-mark=mbdn passthrough=yes
/ip firewall nat
add action=accept chain=dstnat comment="sakti UDP DNS Intercept" disabled=yes \
dst-port=53 protocol=udp src-address=10.0.1.230 to-ports=53
add action=accept chain=dstnat comment="sourav maiti UDP DNS Intercept" \
dst-port=53 protocol=udp src-address=10.255.255.29 to-ports=53
add action=accept chain=dstnat comment="sekhar UDP DNS Intercept" disabled=\
yes dst-port=53 protocol=udp src-address=10.0.1.233 to-ports=53
add action=accept chain=dstnat comment="s chak UDP DNS Intercept" disabled=\
yes dst-port=53 protocol=udp src-address=10.0.1.231 to-ports=53
add action=accept chain=dstnat comment="ani jana UDP DNS Intercept" disabled=\
yes dst-port=53 protocol=udp src-address=10.0.1.232 to-ports=53
add action=accept chain=dstnat comment="main br UDP DNS Intercept" disabled=\
yes dst-port=53 protocol=udp src-address=10.0.1.234 to-ports=53
add action=accept chain=dstnat comment="pmaji UDP DNS Intercept" disabled=yes \
dst-port=53 protocol=udp src-address=10.0.1.235 to-ports=53
add action=accept chain=dstnat comment="amit maiti UDP DNS Intercept" \
disabled=yes dst-port=53 protocol=udp src-address=10.0.1.236 to-ports=53
add action=accept chain=dstnat comment="helpdesk UDP DNS Intercept" disabled=\
yes dst-port=53 protocol=udp src-address=10.255.255.9 to-ports=53
add action=accept chain=dstnat comment="sourav maiti UDP DNS Intercept" \
disabled=yes dst-port=53 protocol=udp src-address=10.255.255.36 to-ports=\
53
add action=accept chain=dstnat comment="samba UDP DNS Intercept" disabled=yes \
dst-port=53 protocol=udp src-address=10.0.1.237 to-ports=53
add action=accept chain=dstnat comment="samikUDP DNS Intercept" disabled=yes \
dst-port=53 protocol=udp src-address=10.255.255.33 to-ports=53
add action=accept chain=dstnat comment="webserver UDP DNS Intercept" \
disabled=yes dst-port=53 log=yes protocol=udp src-address=10.6.6.2 \
to-ports=53
add action=accept chain=dstnat comment="sakti TCP DNS Intercept" disabled=yes \
dst-port=53 protocol=tcp src-address=10.0.1.230 to-ports=53
add action=accept chain=dstnat comment="sekhar TCP DNS Intercept" disabled=\
yes dst-port=53 protocol=tcp src-address=10.0.1.233 to-ports=53
add action=accept chain=dstnat comment="s chak TCP DNS Intercept" disabled=\
yes dst-port=53 protocol=tcp src-address=10.0.1.231 to-ports=53
add action=accept chain=dstnat comment="ani jana TCP DNS Intercept" disabled=\
yes dst-port=53 protocol=tcp src-address=10.0.1.232 to-ports=53
add action=accept chain=dstnat comment="main br TCP DNS Intercept" disabled=\
yes dst-port=53 protocol=tcp src-address=10.0.1.234 to-ports=53
add action=accept chain=dstnat comment="pmaji TCP DNS Intercept" disabled=yes \
dst-port=53 protocol=tcp src-address=10.0.1.235 to-ports=53
add action=accept chain=dstnat comment="amit maiti TCP DNS Intercept" \
disabled=yes dst-port=53 protocol=tcp src-address=10.0.1.236 to-ports=53
add action=accept chain=dstnat comment="sourav maiti TCP DNS Intercept" \
dst-port=53 protocol=tcp src-address=10.255.255.29 to-ports=53
add action=accept chain=dstnat comment="helpdesk TCP DNS Intercept" disabled=\
yes dst-port=53 protocol=tcp src-address=10.255.255.9 to-ports=53
add action=accept chain=dstnat comment="sourav maiti TCP DNS Intercept" \
disabled=yes dst-port=53 protocol=tcp src-address=10.255.255.36 to-ports=\
53
add action=accept chain=dstnat comment="samba TCP DNS Intercept" disabled=yes \
dst-port=53 protocol=tcp src-address=10.0.1.237 to-ports=53
add action=accept chain=dstnat comment="samikTCP DNS Intercept" disabled=yes \
dst-port=53 protocol=tcp src-address=10.255.255.33 to-ports=53
add action=accept chain=dstnat comment="webserver TCP DNS Intercept" \
disabled=yes dst-port=53 protocol=tcp src-address=10.6.6.2 to-ports=53
add action=redirect chain=dstnat comment="UDP DNS Intercept" dst-port=53 \
protocol=udp to-ports=53
add action=redirect chain=dstnat comment="TCP DNS Intercept" dst-port=53 \
protocol=tcp to-ports=53
add action=netmap chain=dstnat comment="Test ATM Interface" disabled=yes \
dst-address=10.7.59.250 log=yes src-address=10.0.249.200 to-addresses=\
172.16.1.203
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
172.16.1.150
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
172.16.1.203
add action=accept chain=srcnat dst-address=172.16.1.150 src-address=\
172.16.62.15
add action=accept chain=srcnat disabled=yes dst-address=172.16.1.203 \
src-address=172.16.62.15
add action=netmap chain=dstnat comment="Production ATM Interface" \
dst-address=10.7.59.251 dst-port=9933 log=yes protocol=tcp src-address=\
10.0.249.251 to-addresses=172.16.1.152
add action=netmap chain=dstnat comment="IMPS Test Interface" dst-address=\
10.7.59.101 dst-port=9932 log=yes protocol=tcp src-address=10.0.249.200 \
src-port="" to-addresses=172.16.1.203
add action=accept chain=srcnat disabled=yes dst-address=172.16.62.15 \
src-address=10.255.255.29
add action=accept chain=srcnat dst-address=172.16.62.15 src-address=\
192.168.254.10
add action=netmap chain=srcnat comment="Production ATM Interface" \
dst-address=10.0.249.251 src-address=172.16.1.152 to-addresses=\
10.7.59.251
add action=netmap chain=srcnat comment="ATM Machine 1 Main br" dst-address=\
10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=10.5.5.10 \
to-addresses=10.7.59.1
add action=netmap chain=srcnat comment="ATM Machine 4 Rng Br " dst-address=\
10.0.249.4 dst-port=2004 log=yes protocol=tcp src-address=10.5.5.22 \
to-addresses=10.7.59.4
add action=netmap chain=srcnat comment="ATM Machine 5 DGK Br " dst-address=\
10.0.249.4 dst-port=2005 log=yes protocol=tcp src-address=10.5.5.26 \
to-addresses=10.7.59.5
add action=netmap chain=srcnat comment="ATM Machine 6 BBZR Br " dst-address=\
10.0.249.4 dst-port=2003 log=yes protocol=tcp src-address=10.5.5.30 \
to-addresses=10.7.59.6
add action=netmap chain=srcnat comment="ATM Machine 8 Barb Br " dst-address=\
10.0.249.4 dst-port=2006 log=yes protocol=tcp src-address=10.5.5.38 \
to-addresses=10.7.59.8
add action=netmap chain=srcnat comment="ATM Machine 9 CK Road Br " \
dst-address=10.0.249.4 dst-port=2007 log=yes protocol=tcp src-address=\
10.5.5.42 to-addresses=10.7.59.9
add action=netmap chain=srcnat comment="Recycler Machine 10 Main Br TLS" \
dst-address=10.0.249.4 dst-port=2001 log=yes protocol=tcp src-address=\
10.5.5.46 to-addresses=10.7.59.10
add action=netmap chain=srcnat comment="ATM Machine 7 Egra Br " dst-address=\
10.0.249.4 dst-port=2002 log=yes protocol=tcp src-address=10.5.5.33 \
to-addresses=10.7.59.7
add action=netmap chain=srcnat comment="ATM Machine 2 dankuni br" \
dst-address=10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=\
10.5.5.18 to-addresses=10.7.59.2
add action=netmap chain=srcnat comment="ATM Machine 3 belda br" dst-address=\
10.0.249.4 dst-port=6309 log=yes protocol=tcp src-address=10.5.5.14 \
to-addresses=10.7.59.3
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=10.255.255.29 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=172.16.62.15 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=172.16.62.53 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=172.16.60.51 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.27 \
log=yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.26 \
log=yes src-address=172.16.60.82 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.26 \
log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI EFRM" dst-address=10.0.249.27 \
log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=10.6.6.2 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=192.168.254.66 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI DMS" dst-address=10.0.249.6 log=\
yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=10.255.255.29 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=10.6.6.2 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=172.16.62.15 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=172.16.62.53 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=172.16.60.51 to-addresses=10.7.59.101
add action=netmap chain=srcnat comment="NPCI RGCS" dst-address=10.0.249.13 \
log=yes src-address=10.255.255.36 to-addresses=10.7.59.101
add action=accept chain=srcnat comment=Biometric dst-address=172.16.69.128/26 \
log=yes src-address=10.255.255.0/24
add action=accept chain=srcnat comment=Biometric dst-address=192.168.2.6 log=\
yes src-address=10.255.255.0/24
add action=accept chain=srcnat comment=web disabled=yes dst-address=\
10.255.255.0/24 log=yes out-interface=Datacenter-Bridge src-address=\
10.6.6.2
add action=masquerade chain=srcnat comment=web disabled=yes dst-address=\
10.6.6.2 log=yes src-address=10.255.255.0/24
add action=masquerade chain=srcnat comment=L8 dst-address=0.0.0.0/0 \
src-address-list=L8 to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L6 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L4 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L3 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=\
vpn1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L2 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address-list=L1
add action=masquerade chain=srcnat comment=S2 dst-address=0.0.0.0/0 \
src-address-list=S2 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=P2 dst-address=0.0.0.0/0 \
src-address-list=P2 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.11 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.110
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.111
add action=masquerade chain=srcnat comment=test disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.63.7 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
src-address=10.255.255.29
add action=masquerade chain=srcnat comment=Helpdesk dst-address=0.0.0.0/0 \
src-address=10.255.255.21
add action=masquerade chain=srcnat comment="noc comp1" dst-address=0.0.0.0/0 \
src-address=10.255.255.134
add action=masquerade chain=srcnat comment="noc 2" dst-address=0.0.0.0/0 \
src-address=10.255.255.121
add action=masquerade chain=srcnat comment="SRV MB" dst-address=0.0.0.0/0 \
src-address=172.16.62.152 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="cts pc" dst-address=0.0.0.0/0 \
src-address=172.16.62.15 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="is audit 1" dst-address=0.0.0.0/0 \
src-address=172.16.62.102
add action=masquerade chain=srcnat comment="amit pc" dst-address=0.0.0.0/0 \
src-address=172.16.62.13
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=10.10.10.226 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="temp mail server" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.171 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=ADC disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.186 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="cm mb" disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.62.12 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Main Br NVR" dst-address=\
0.0.0.0/0 src-address=10.50.50.2
add action=masquerade chain=srcnat comment="ATM Main Br NVR" dst-address=\
0.0.0.0/0 src-address=10.53.53.2
add action=masquerade chain=srcnat comment="Main Br NVR" dst-address=\
0.0.0.0/0 src-address=10.50.50.4
add action=masquerade chain=srcnat comment="Main Br NVR" disabled=yes \
dst-address=0.0.0.0/0 src-address=10.5.5.46
add action=masquerade chain=srcnat comment="NVR PC" dst-address=0.0.0.0/0 \
src-address=10.50.50.3
add action=masquerade chain=srcnat comment=test disabled=yes dst-address=\
0.0.0.0/0 src-address=10.255.255.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv laptop" dst-address=0.0.0.0/0 \
src-address=10.8.8.2
add action=masquerade chain=srcnat comment="smn mb" disabled=yes dst-address=\
0.0.0.0/0 src-address=10.255.255.31 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.12 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="meeting room" dst-address=\
0.0.0.0/0 src-address=10.9.9.2 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sc rm" dst-address=0.0.0.0/0 \
src-address=10.10.10.226
add action=masquerade chain=srcnat comment="sekhar mob" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.60.123
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.76 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
src-address=172.16.62.53 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Raju Lap" dst-address=0.0.0.0/0 \
src-address=172.16.60.70
add action=masquerade chain=srcnat comment="Apollo Mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.100
add action=masquerade chain=srcnat comment="Mukti Ph" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.60.110
add action=masquerade chain=srcnat comment="sambo Mob" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.60.127
add action=masquerade chain=srcnat comment="manu mb" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.60.130
add action=masquerade chain=srcnat comment="Pinaki Mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.151
add action=masquerade chain=srcnat comment="prasun lap" dst-address=0.0.0.0/0 \
src-address=172.16.60.98
add action=masquerade chain=srcnat comment="debashis mob" dst-address=\
0.0.0.0/0 src-address=172.16.60.136
add action=masquerade chain=srcnat comment="pallab Mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.109
add action=masquerade chain=srcnat comment="sec m" dst-address=0.0.0.0/0 \
src-address=172.16.60.67
add action=masquerade chain=srcnat comment="core firewall" dst-address=\
0.0.0.0/0 src-address=172.16.6.81
add action=masquerade chain=srcnat comment="internet firewall" dst-address=\
0.0.0.0/0 src-address=172.16.6.70
add action=masquerade chain=srcnat comment=NACH dst-address=0.0.0.0/0 \
src-address=172.16.60.15
add action=masquerade chain=srcnat comment="sourav mb" dst-address=0.0.0.0/0 \
src-address=172.16.62.11
add action=masquerade chain=srcnat comment="soumen mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.55
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.102 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=server disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.101 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sec lap" dst-address=0.0.0.0/0 \
src-address=172.16.60.74
add action=masquerade chain=srcnat comment="santu pc" dst-address=0.0.0.0/0 \
src-address=172.16.60.83
add action=masquerade chain=srcnat comment="Suman Mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.143
add action=masquerade chain=srcnat comment="apollo pc" dst-address=0.0.0.0/0 \
src-address=172.16.60.86
add action=masquerade chain=srcnat comment="srv mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.27
add action=masquerade chain=srcnat comment="ram mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.28
add action=masquerade chain=srcnat comment="smk mb" dst-address=0.0.0.0/0 \
src-address=172.16.60.122
add action=masquerade chain=srcnat comment="anirban mob" dst-address=\
0.0.0.0/0 src-address=172.16.60.52
add action=masquerade chain=srcnat comment="samik mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.39
add action=masquerade chain=srcnat comment="santu mob" dst-address=0.0.0.0/0 \
src-address=172.16.60.75
add action=masquerade chain=srcnat comment="Operation Manager Server" \
disabled=yes dst-address=0.0.0.0/0 src-address=172.16.1.182 to-addresses=\
UUU.239.24.97
add action=masquerade chain=srcnat comment="app 04" disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.181
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 \
src-address=172.16.1.115 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="DNS Server" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.186 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address=\
10.11.11.2
add action=masquerade chain=srcnat comment="DNS AD Server" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.176 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="deep security server" disabled=\
yes dst-address=0.0.0.0/0 src-address=172.16.1.174
add action=masquerade chain=srcnat comment="samik pc" disabled=yes \
dst-address=0.0.0.0/0 src-address=10.255.255.33
add action=masquerade chain=srcnat comment="srv lap" dst-address=0.0.0.0/0 \
src-address=10.255.255.36 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="External Firewall 1 palo alto" \
dst-address=0.0.0.0/0 src-address=172.16.6.61
add action=masquerade chain=srcnat comment="External Firewall 2 palo alto" \
dst-address=0.0.0.0/0 src-address=172.16.6.62
add action=masquerade chain=srcnat comment="DC ALL Internet" disabled=yes \
dst-address=0.0.0.0/0 src-address=10.255.255.0/24
add action=masquerade chain=srcnat comment="pr mb" dst-address=0.0.0.0/0 \
src-address=172.16.62.76 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Bijoy Lappy" dst-address=\
0.0.0.0/0 src-address=172.16.60.30
add action=masquerade chain=srcnat comment="arghya mob" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.60.35
add action=masquerade chain=srcnat comment="pint mob" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.62.31
add action=masquerade chain=srcnat comment="dlp mjee " disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.62.57
add action=masquerade chain=srcnat comment="Infra 2" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.180 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Infra 1" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.170 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=NMMI disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.184 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=Server dst-address=0.0.0.0/0 \
src-address=172.16.10.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="atn mb" dst-address=0.0.0.0/0 \
src-address=172.16.62.28
add action=masquerade chain=srcnat comment="alv mb" dst-address=0.0.0.0/0 \
log=yes src-address=172.16.62.17
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
src-address=172.16.60.112
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
src-address=172.16.60.111
add action=masquerade chain=srcnat comment="Boardroom Nova" dst-address=\
0.0.0.0/0 log=yes src-address=172.16.60.49
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
src-address=172.16.60.59
add action=masquerade chain=srcnat comment="sourav lap" dst-address=0.0.0.0/0 \
log=yes src-address=172.16.60.85
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
src-address=172.16.60.64
add action=masquerade chain=srcnat comment=NOVA dst-address=0.0.0.0/0 log=yes \
src-address=172.16.60.40
add action=masquerade chain=srcnat comment="amit da" dst-address=0.0.0.0/0 \
log=yes src-address=172.16.60.44
add action=masquerade chain=srcnat comment=Server dst-address=0.0.0.0/0 \
src-address=172.16.2.100 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="NOC PCs" dst-address=0.0.0.0/0 \
src-address=172.16.61.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="HELPDESK PCs" dst-address=\
0.0.0.0/0 src-address=172.16.6.160/27 to-addresses=UUU.239.24.97
add action=src-nat chain=srcnat comment="IRS Server" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.171 to-addresses=\
MMM.NNN.126.245
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 \
src-address=172.16.1.5 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment=servers dst-address=0.0.0.0/0 \
src-address=172.16.1.0/24
add action=masquerade chain=srcnat comment=\
"Fortinet Firewall External Interface" dst-address=0.0.0.0/0 src-address=\
172.16.6.70 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="AV Server" dst-address=0.0.0.0/0 \
src-address=172.16.6.20 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Suman PC" dst-address=0.0.0.0/0 \
src-address=172.16.60.135
add action=masquerade chain=srcnat comment="Koushik Lap" dst-address=\
0.0.0.0/0 src-address=172.16.60.120
add action=masquerade chain=srcnat comment="Forti Authenticator" dst-address=\
0.0.0.0/0 src-address=172.16.2.70 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="Forti Analyzer" dst-address=\
0.0.0.0/0 src-address=172.16.2.74 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="TnD DB1" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.177 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="TnD DB2" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.187 to-addresses=UUU.239.24.97
add action=masquerade chain=srcnat comment="sunny pc" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.62.34
add action=src-nat chain=srcnat comment="Web Server" dst-address=0.0.0.0/0 \
src-address=10.6.6.2 to-addresses=139.167.64.3
add action=masquerade chain=srcnat comment="3PAR Out" dst-address=0.0.0.0/0 \
src-address=172.16.2.49
add action=masquerade chain=srcnat comment="StorServ Out" dst-address=\
0.0.0.0/0 src-address=172.16.2.50
add action=masquerade chain=srcnat comment="RTGS/NEFT Server" dst-address=\
0.0.0.0/0 log=yes src-address=172.16.6.13
add action=netmap chain=dstnat comment="SMS Inbound" dst-address=\
LLL.HHH82.250 dst-port=5566 log=yes protocol=tcp src-address=0.0.0.0/0 \
src-port="" to-addresses=172.16.6.13 to-ports=5566
add action=masquerade chain=srcnat comment="MIS Server" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.151 to-addresses=LLL.71.158.2
add action=masquerade chain=srcnat comment=SMS disabled=yes dst-address=\
0.0.0.0/0 log=yes src-address=172.16.1.152
add action=masquerade chain=srcnat comment="3 PAR Storage" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.2.49
add action=masquerade chain=srcnat comment=ILO dst-address=0.0.0.0/0 \
src-address=172.16.2.48
add action=netmap chain=srcnat comment=IMSS dst-address=0.0.0.0/0 \
src-address=172.16.6.21 to-addresses=139.167.64.2
add action=netmap chain=srcnat comment="test mail" disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.171 to-addresses=MMM.NNN.126.245
add action=netmap chain=srcnat comment=EXCHANGE disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.171 to-addresses=43.252.248.253
add action=netmap chain=srcnat comment=FTP disabled=yes dst-address=0.0.0.0/0 \
src-address=10.255.255.29 to-addresses=43.252.248.254
add action=netmap chain=dstnat comment="WEB Server" disabled=yes dst-address=\
MMM.NNN.126.244 dst-port=80 protocol=tcp src-address=0.0.0.0/0 src-port=\
"" to-addresses=10.6.6.2 to-ports=80
add action=netmap chain=dstnat comment="WEB Server" dst-address=139.167.64.3 \
dst-port=443 log=yes protocol=tcp src-address=0.0.0.0/0 src-port="" \
to-addresses=10.6.6.2 to-ports=443
add action=netmap chain=dstnat comment="WEB Server" dst-address=139.167.64.3 \
dst-port=21 protocol=tcp src-address=0.0.0.0/0 src-port="" to-addresses=\
10.6.6.2 to-ports=21
add action=netmap chain=dstnat comment="3PAR inbound 1" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
16.249.3.18 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 8" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
15.240.0.74 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 9" dst-address=\
136.233.107.66 dst-port=22 protocol=tcp src-address=0.0.0.0/0 src-port="" \
to-addresses=172.16.2.49 to-ports=22
add action=netmap chain=dstnat comment="3PAR inbound 11" dst-address=\
136.233.107.66 dst-port=5781 protocol=tcp src-address=0.0.0.0/0 src-port=\
"" to-addresses=172.16.2.49 to-ports=5781
add action=netmap chain=dstnat comment="3PAR inbound 10" dst-address=\
136.233.107.66 dst-port=5783 protocol=tcp src-address=0.0.0.0/0 src-port=\
"" to-addresses=172.16.2.49 to-ports=5783
add action=netmap chain=dstnat comment="3PAR inbound 7" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
15.240.0.73 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 6" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
15.201.200.206 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 5" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
15.201.200.205 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 4" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
16.251.4.224 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 3" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
16.251.3.82 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="3PAR inbound 2" disabled=yes \
dst-address=136.233.107.66 dst-port=443 protocol=tcp src-address=\
16.249.3.14 src-port="" to-addresses=172.16.2.49 to-ports=443
add action=netmap chain=dstnat comment="webmail mail" dst-address=\
139.167.64.2 dst-port=443 protocol=tcp src-port="" to-addresses=\
172.16.6.21 to-ports=443
add action=netmap chain=dstnat comment="smtp tls" dst-address=139.167.64.2 \
dst-port=587 protocol=tcp src-port="" to-addresses=172.16.6.21 to-ports=\
587
add action=netmap chain=dstnat comment="WEB Server" disabled=yes dst-address=\
MMM.NNN.126.244 dst-port=21 protocol=tcp src-address=0.0.0.0/0 src-port=\
"" to-addresses=10.6.6.2 to-ports=80
add action=netmap chain=dstnat comment=SFTP dst-address=LLL.HHH82.250 \
dst-port=22 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
172.16.6.13 to-ports=22
add action=netmap chain=dstnat comment=SFTP dst-address=LLL.HHH82.250 \
dst-port=443 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
172.16.6.13 to-ports=22
add action=netmap chain=dstnat comment="temp ftp" dst-address=LLL.HHH82.250 \
dst-port=990 log=yes protocol=tcp src-address=0.0.0.0/0 to-addresses=\
172.16.6.13 to-ports=990
add action=netmap chain=dstnat comment=\
"RTGS/NEFT Server LLL.71.158.3 43.252.248.251" disabled=yes dst-address=\
MMM.NNN.126.243 src-address=0.0.0.0/0 to-addresses=172.16.6.13
add action=netmap chain=dstnat comment=smtp dst-address=139.167.64.2 \
dst-port=25 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
to-ports=25
add action=netmap chain=dstnat comment="smtp ssl" dst-address=139.167.64.2 \
dst-port=465 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
to-ports=465
add action=netmap chain=dstnat comment=pop dst-address=139.167.64.2 dst-port=\
110 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 to-ports=\
110
add action=netmap chain=dstnat comment=imap dst-address=139.167.64.2 \
dst-port=143 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
to-ports=143
add action=netmap chain=dstnat comment="imap ssl/tls" dst-address=\
139.167.64.2 dst-port=993 protocol=tcp src-address=0.0.0.0/0 \
to-addresses=172.16.6.21 to-ports=993
add action=netmap chain=dstnat comment="pop ssl" dst-address=139.167.64.2 \
dst-port=995 protocol=tcp src-address=0.0.0.0/0 to-addresses=172.16.6.21 \
to-ports=995
add action=accept chain=srcnat dst-address-list=172.16.62.15 \
src-address-list=192.168.254.10
add action=masquerade chain=srcnat comment="koushik ph" dst-address=0.0.0.0/0 \
src-address=172.16.60.36
add action=masquerade chain=srcnat comment="prasun karar mob" dst-address=\
0.0.0.0/0 src-address=172.16.60.65
add action=masquerade chain=srcnat comment="director router" dst-address=\
0.0.0.0/0 src-address=172.16.62.48
add action=masquerade chain=srcnat comment="hasibul mob" dst-address=\
0.0.0.0/0 src-address=172.16.62.12
add action=masquerade chain=srcnat comment=al src-address=172.16.62.22
add action=masquerade chain=srcnat comment="prasun phoco ph" dst-address=\
0.0.0.0/0 src-address=172.16.60.119
add action=masquerade chain=srcnat comment="HO Biometric" dst-address=\
0.0.0.0/0 src-address=172.16.60.11
add action=masquerade chain=srcnat comment="PAN Verification" dst-address=\
0.0.0.0/0 log=yes src-address=172.16.6.12
add action=masquerade chain=srcnat comment="NACH H2H" dst-address=0.0.0.0/0 \
log=yes src-address=172.16.6.14
add action=masquerade chain=srcnat comment="T N D" disabled=yes dst-address=\
0.0.0.0/0 src-address=172.16.1.203
add action=masquerade chain=srcnat comment="Test VM" disabled=yes \
dst-address=0.0.0.0/0 src-address=172.16.1.132
add action=masquerade chain=srcnat comment="EIP SERVER" disabled=yes \
dst-address=0.0.0.0/0 log=yes src-address=172.16.1.150
add action=dst-nat chain=dstnat comment="MAIN BR CASH NVR" dst-address=\
LLL.HHH82.250 dst-port=1091 protocol=tcp to-addresses=10.50.50.2 \
to-ports=37777
add action=dst-nat chain=dstnat comment="MAIN BR ATM" dst-address=\
LLL.HHH82.250 dst-port=1090 protocol=tcp to-addresses=10.53.53.2 \
to-ports=37777
add action=dst-nat chain=dstnat comment="MAIN BR NVR" dst-address=\
LLL.HHH82.250 dst-port=1092 protocol=tcp to-addresses=10.50.50.4 \
to-ports=37777
add action=dst-nat chain=dstnat comment="HO NVR" dst-address=LLL.HHH82.250 \
dst-port=1093 protocol=tcp to-addresses=10.52.52.2 to-ports=37777
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
173.245.48.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
103.21.244.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
103.22.200.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
103.31.4.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
141.101.64.0/18
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
108.162.192.0/18
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
190.93.240.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
188.114.96.0/20
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
197.234.240.0/22
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
198.41.128.0/17
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
162.158.0.0/15
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
104.16.0.0/12
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
172.64.0.0/13
add action=masquerade chain=srcnat comment="Mail Portal" dst-address=\
131.0.72.0/22
/ip firewall raw
add action=accept chain=prerouting dst-address=172.16.1.152 src-address=\
172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.150 src-address=\
172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.151 src-address=\
172.16.6.13
add action=accept chain=prerouting dst-address=172.16.1.111 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.12 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.150 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=22 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8445 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8444 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8444 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.12 dst-port=8443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=8443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=9443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.11 dst-port=4848 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.111 dst-port=8443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8483 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.151 dst-port=8443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=8443 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.1.152 dst-port=9933 \
protocol=tcp
add action=accept chain=prerouting dst-address=172.16.6.14 dst-port=\
135-139,445 protocol=tcp src-address=10.255.255.29
add action=accept chain=prerouting dst-address=172.16.6.14 dst-port=\
135-139,445 protocol=tcp src-address=172.16.60.98
add action=drop chain=prerouting dst-address=172.16.6.14 dst-port=135-139,445 \
protocol=tcp
add action=drop chain=prerouting dst-address=172.16.1.111
add action=drop chain=prerouting dst-address=172.16.1.12
add action=drop chain=prerouting dst-address=172.16.1.11
add action=drop chain=prerouting disabled=yes dst-address=172.16.1.152
add action=drop chain=prerouting dst-address=172.16.1.151
add action=drop chain=prerouting dst-address=10.50.50.0/24 dst-port=37777 \
log=yes log-prefix=piku-cctv protocol=tcp src-address=172.16.60.15
add action=drop chain=prerouting dst-address=10.52.52.0/24 dst-port=37777 \
log=yes log-prefix=piku-cctv protocol=tcp src-address=172.16.60.15
add action=log chain=prerouting disabled=yes dst-port=37777 log=yes \
log-prefix=Piku-Watching-CCTV protocol=tcp src-address=172.16.60.15
add action=drop chain=prerouting dst-address=MMM.NNN.126.242-MMM.NNN.126.254
add action=drop chain=prerouting disabled=yes protocol=tcp src-port=9932
/ip ipsec identity
add peer=peer1
/ip ipsec policy
set 0 disabled=yes dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add comment="ATM Full Policy" dst-address=10.0.249.0/24 level=unique peer=\
peer1 src-address=10.7.59.0/24 tunnel=yes
add comment="ATM Full Policy" disabled=yes dst-address=192.168.4.0/24 level=\
unique sa-dst-address=122.176.66.44 sa-src-address=MMM.NNN.126.242 \
src-address=172.16.1.0/24 tunnel=yes
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip route
add disabled=yes distance=20 gateway=LLL.73.53.193 routing-mark=L4
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L4
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=L1
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L1
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=L8
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L8
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=L3
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=S2
add distance=3 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=cts
add disabled=yes distance=20 gateway=MMM.NNN.126.241 routing-mark=P2
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70 routing-mark=P2
add disabled=yes distance=3 gateway=LLL.73.53.193 routing-mark=mbdn
add distance=3 gateway=LLL.HHH82.249
add comment=main disabled=yes distance=4 gateway=MMM.NNN.126.241
add distance=1 dst-address=4.2.2.5/32 gateway=MMM.NNN.126.241
add distance=1 dst-address=4.2.2.6/32 gateway=LLL.HHH82.249
add distance=16 dst-address=172.16.0.0/21 gateway=172.16.6.70
/ip route rule
add action=drop disabled=yes dst-address=172.16.1.12/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.11/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.102/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.151/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.152/32 routing-mark=is1
add action=drop disabled=yes dst-address=172.16.1.203/32 routing-mark=is1
add action=drop disabled=yes dst-address=0.0.0.0/0 src-address=10.50.50.3/32
add action=drop disabled=yes dst-address=0.0.0.0/0 src-address=\
172.16.62.15/32
add action=drop disabled=yes dst-address=103.231.78.237/32 src-address=\
172.16.62.15/32
add action=drop disabled=yes dst-address=115.112.84.30/32 src-address=\
172.16.62.15/32
add action=drop disabled=yes dst-address=172.16.1.11/32 src-address=\
172.16.62.0/24
add action=drop disabled=yes dst-address=172.16.1.12/32 src-address=0.0.0.0/0
add action=drop disabled=yes dst-address=172.16.1.203/32 src-address=\
192.168.254.0/24
add action=drop disabled=yes dst-address=172.16.1.177/32 src-address=\
192.168.254.0/24
add action=drop disabled=yes dst-address=172.16.1.178/32 src-address=\
192.168.254.0/24
add action=drop dst-address=0.0.0.0/0 src-address=10.13.13.2/32
/ip service
set telnet disabled=yes port=26
set ftp disabled=yes port=6800
set www disabled=yes
set ssh disabled=yes port=25
set www-ssl port=1195
set api disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=ether7 type=internal
/ipv6 address
add address=BBBB:CCC:891::166/126 advertise=no comment="ISP1 WAN" interface=\
sfp1
add address=BBBB:CCC:c00::1/119 advertise=no comment="LAN Bridge" interface=\
lan-bridge
add address=BBBB:CCC:c00::401/119 advertise=no comment="DC Bridge" interface=\
Datacenter-Bridge
add address=BBBB:CCC:c00::601/119 advertise=no comment="HO Interface" \
interface=vlan17-ho
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=25 protocol=tcp
add action=accept chain=forward comment="web mail" dst-address=\
BBBB:CCC:c00::202/128 dst-port=443 log=yes protocol=tcp
add action=accept chain=forward comment="web server" dst-address=\
BBBB:CCC:c00::602/128 dst-port=443 log=yes protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=587 log=yes protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=465 log=yes protocol=tcp
add action=accept chain=forward comment=imap dst-address=\
BBBB:CCC:c00::202/128 dst-port=143 protocol=tcp
add action=accept chain=forward comment=SFTP dst-address=\
BBBB:CCC:c00::203/128 dst-port=22 protocol=tcp
add action=accept chain=forward comment=SFTP dst-address=\
BBBB:CCC:c00::203/128 dst-port=443 protocol=tcp
add action=accept chain=forward comment=imap dst-address=\
BBBB:CCC:c00::202/128 dst-port=995 log=yes protocol=tcp
add action=accept chain=forward comment=pop3 dst-address=\
BBBB:CCC:c00::202/128 dst-port=110 log=yes protocol=tcp
add action=accept chain=forward comment=pop3 dst-address=\
BBBB:CCC:c00::202/128 dst-port=993 protocol=tcp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=25 protocol=udp
add action=accept chain=forward comment="web mail" dst-address=\
BBBB:CCC:c00::202/128 dst-port=443 protocol=udp
add action=accept chain=forward comment="web server" dst-address=\
BBBB:CCC:c00::602/128 dst-port=443 protocol=udp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=587 protocol=udp
add action=accept chain=forward comment="IPv6 SMTP" dst-address=\
BBBB:CCC:c00::202/128 dst-port=465 protocol=udp
add action=accept chain=forward comment=imap dst-address=\
BBBB:CCC:c00::202/128 dst-port=143 protocol=udp
add action=accept chain=forward comment=imap dst-address=\
BBBB:CCC:c00::202/128 dst-port=995 protocol=udp
add action=accept chain=forward comment=pop3 dst-address=\
BBBB:CCC:c00::202/128 dst-port=110 protocol=udp
add action=accept chain=forward comment=pop3 dst-address=\
BBBB:CCC:c00::202/128 dst-port=993 protocol=udp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" in-interface=sfp1 \
src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 \
in-interface=sfp1
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 in-interface=sfp1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else coming from WAN" in-interface=sfp1 log=yes \
log-prefix="IPv6 Internal Attack"
add action=drop chain=input comment=\
"defconf: drop everything else coming from WAN" in-interface=sfp1 log=yes \
log-prefix="IPv6 Router Attack"
/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=Datacenter-Bridge \
ra-interval=30s-1m40s
/ipv6 route
add comment="Internet Routing" distance=1 gateway=BBBB:CCC:891::165
add distance=1 dst-address=BBBB:CCC:c00::200/119 gateway=BBBB:CCC:c00::2
/lcd
set backlight-timeout=never default-screen=stats touch-screen=disabled
/ppp secret
add name=apolloali service=pppoe
add name=audit service=pppoe
add name=bijoy profile=L1 service=pppoe
add name=debu service=pppoe
add name=ppp profile=L1 service=pppoe
add name=prasun profile=L1 service=pppoe
add name=rf001 profile=L1 service=pppoe
add name=sourav profile=L1 service=pppoe
add name=recovery service=pppoe
add name=sourav1 profile=L1 service=pppoe
add local-address=10.0.0.1 name=prasunkarar remote-address=10.0.0.3
add local-address=192.168.254.1 name=issac1 profile=is1 remote-address=\
192.168.254.9 service=ovpn
add local-address=10.4.4.5 name=panskura profile=vpn remote-address=10.4.4.6 \
service=ovpn
add local-address=10.4.4.41 name=bbzr profile=vpn remote-address=10.4.4.42 \
service=ovpn
add local-address=10.4.4.53 name=ckroad profile=vpn remote-address=10.4.4.54 \
service=ovpn
add local-address=10.4.4.33 name=egra profile=vpn remote-address=10.4.4.34 \
service=ovpn
add local-address=10.4.4.29 name=ndk profile=vpn remote-address=10.4.4.30 \
service=ovpn
add disabled=yes local-address=10.4.4.61 name=aroymid profile=vpn \
remote-address=10.4.4.62 service=ovpn
add local-address=192.168.254.1 name=issac2 profile=is1 remote-address=\
192.168.254.10 service=ovpn
add local-address=10.4.4.45 name=ndg profile=vpn remote-address=10.4.4.46 \
service=ovpn
add local-address=10.4.4.37 name=heria profile=vpn remote-address=10.4.4.38 \
service=ovpn
add local-address=10.4.4.9 name=dgk profile=vpn remote-address=10.4.4.10 \
service=ovpn
add local-address=10.4.4.49 name=mahi profile=vpn remote-address=10.4.4.50 \
service=ovpn
add local-address=10.4.4.17 name=bld profile=vpn remote-address=10.4.4.18 \
service=ovpn
add local-address=10.4.4.25 name=mgmro profile=vpn remote-address=10.4.4.26 \
service=ovpn
add local-address=192.168.254.1 name=admin profile=vpn1 remote-address=\
192.168.254.66
add local-address=10.4.4.1 name=rng profile=vpn remote-address=10.4.4.2 \
service=ovpn
add disabled=yes local-address=10.0.0.1 name=pmajee service=pppoe
add name=soumen service=pppoe
add local-address=10.4.4.21 name=dankuni profile=vpn remote-address=10.4.4.22 \
service=ovpn
add name=sourav3 profile=L1
add local-address=10.4.4.13 name=midnapur profile=vpn remote-address=\
10.4.4.14 service=ovpn
add local-address=10.0.0.1 name=anirban service=pppoe
add name=sourav4 profile=L1 service=pppoe
add name=mrinal service=pppoe
add local-address=192.168.254.1 name=prasunvpn profile=vpn1 remote-address=\
192.168.254.69
add name=amit service=pppoe
add local-address=192.168.254.1 name=issac3 profile=is1 remote-address=\
192.168.254.11 service=ovpn
add name=manab service=pppoe
add disabled=yes name=auditcell service=pppoe
add name=accounts service=pppoe
add disabled=yes local-address=10.0.0.1 name=mainbr service=pppoe
add name=samik service=pppoe
add name=sujit service=pppoe
add name=suryendu service=pppoe
add name=nitya service=pppoe
add name=mrchaudhuri service=pppoe
add local-address=10.4.4.57 name=barb profile=vpn remote-address=10.4.4.58 \
service=ovpn
add name=sambo service=pppoe
add disabled=yes local-address=10.0.0.1 name=sakti remote-address=10.0.1.230 \
service=pppoe
add local-address=10.0.0.1 name=sekhar service=pppoe
add disabled=yes name=biswajit service=pppoe
add name=hasibul service=pppoe
add name=rupak service=pppoe
add name=adcell service=pppoe
add name=moni service=pppoe
add disabled=yes name=asahoo service=pppoe
add name=nova service=pppoe
add name=nova1 service=pppoe
add local-address=10.0.0.1 name=kousik remote-address=10.0.0.4
add disabled=yes name=dipu service=pppoe
add disabled=yes name=adcell1 service=pppoe
add disabled=yes local-address=192.168.254.1 name=pijush profile=is1 \
remote-address=192.168.254.12 service=ovpn
add disabled=yes local-address=192.168.254.1 name=bijoyvpn profile=is1 \
remote-address=192.168.254.13 service=ovpn
add name=pallab service=pppoe
add name=santu service=pppoe
add name=arindam service=pppoe
add name=nmandal service=pppoe
add name=souradeep service=pppoe
add name=atanu
add local-address=192.168.254.1 name=issac4 profile=is1 remote-address=\
192.168.254.12 service=ovpn
add local-address=192.168.254.1 name=jayanta profile=is1 remote-address=\
192.168.254.14 service=ovpn
add name=arghya service=pppoe
add name=soumitra
/routing bgp aggregate
add include-igp=yes instance=default prefix=10.4.4.0/24
/routing bgp network
add network=10.255.255.0/24 synchronize=no
add network=172.16.0.0/21 synchronize=no
add network=10.0.249.4/32 synchronize=no
add network=172.16.62.0/24 synchronize=no
add network=10.50.50.0/24 synchronize=no
add network=10.0.249.101/32 synchronize=no
/routing bgp peer
add name=peer2 out-filter=to_R1 remote-address=10.4.4.2 remote-as=4200000002 \
ttl=default
add name=peer8 out-filter=to_R1 remote-address=10.4.4.6 remote-as=4200000008 \
ttl=default
add name=peer16 out-filter=to_R1 remote-address=10.4.4.22 remote-as=\
4200000016 ttl=default
add name=peer7 out-filter=to_R1 remote-address=10.4.4.10 remote-as=4200000007 \
ttl=default
add name=peer17 out-filter=to_R1 remote-address=10.4.4.14 remote-as=\
4200000017 ttl=default
add name=peer6 out-filter=to_R1 remote-address=10.4.4.18 remote-as=4200000006 \
ttl=default
add name=peer5 out-filter=to_R1 remote-address=10.4.4.26 remote-as=4200000005 \
ttl=default
add name=peer10 out-filter=to_R1 remote-address=10.4.4.30 remote-as=\
4200000010 ttl=default
add name=peer3 out-filter=to_R1 remote-address=10.4.4.34 remote-as=4200000003 \
ttl=default
add name=peer4 out-filter=to_R1 remote-address=10.4.4.38 remote-as=4200000004 \
ttl=default
add name=peer13 out-filter=to_R1 remote-address=10.4.4.42 remote-as=\
4200000013 ttl=default
add name=peer12 out-filter=to_R1 remote-address=10.4.4.46 remote-as=\
4200000012 ttl=default
add name=peer9 out-filter=to_R1 remote-address=10.4.4.50 remote-as=4200000009 \
ttl=default
add name=peer14 out-filter=to_R1 remote-address=10.4.4.54 remote-as=\
4200000014 ttl=default
add name=peer11 out-filter=to_R1 remote-address=10.4.4.58 remote-as=\
4200000011 ttl=default
/routing filter
add action=discard chain=to_R1 prefix=172.16.66.0/26
add action=discard chain=to_R1 prefix=172.16.66.64/26
add action=discard chain=to_R1 prefix=172.16.66.128/26
add action=discard chain=to_R1 prefix=172.16.66.192/26
add action=discard chain=to_R1 prefix=172.16.67.0/26
add action=discard chain=to_R1 prefix=172.16.67.64/26
add action=discard chain=to_R1 prefix=172.16.67.128/26
add action=discard chain=to_R1 prefix=172.16.67.192/26
add action=discard chain=to_R1 prefix=172.16.68.0/26
add action=discard chain=to_R1 prefix=172.16.68.64/26
add action=discard chain=to_R1 prefix=172.16.68.128/26
add action=discard chain=to_R1 prefix=172.16.68.192/26
add action=discard chain=to_R1 prefix=172.16.69.0/26
add action=discard chain=to_R1 prefix=172.16.69.64/26
add action=discard chain=to_R1 prefix=172.16.69.128/26
add action=discard chain=to_R1 prefix=172.16.69.192/26
/snmp
set enabled=yes trap-version=3
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name=SrvRouter
/system leds
set 0 interface=sfp1 leds=sfp1-led type=interface-activity
set 1 interface=sfp2 leds=sfp2-led
set 2 interface=sfp3 leds=sfp3-led
set 3 interface=sfp4 leds=sfp4-led
set 4 disabled=yes interface=sfp1 leds=user-led type=interface-speed
/system logging
set 3 action=memory
add topics=system
add topics=ntp
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=ntp
add action=remote topics=system
add action=remote topics=warning
/system ntp client
set enabled=yes primary-ntp=162.159.200.1 secondary-ntp=2606:4700:f1::123
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/tool bandwidth-server
set max-sessions=10
/tool e-mail
set address=smtp.ccbltd.net from=admin@ccbltd.net start-tls=yes user=\
admin@ccbltd.net
/tool graphing interface
add
/tool romon port
add
/tool user-manager database
set db-path=user-manager1
