0xF6/conf.rsc

## conf.rsc
# dec/14/2022 04:17:05 by RouterOS 7.7rc1
# software id = XH5D-E1DZ
#
# model = RB2011UiAS-2HnD
# serial number = HCN087QV7D1
/interface bridge add admin-mac=18:FD:74:20:D9:C2 auto-mac=no comment=defconf name=bridge
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid="BlackBox 2G" wireless-protocol=802.11
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip dhcp-server option add code=1 name=test
/ip dhcp-server option sets add name=test
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add add-arp=yes address-pool=dhcp always-broadcast=yes dhcp-option-set=test interface=bridge lease-time=50m name=dhcp1
/port set 0 name=serial0
/interface bridge port add bridge=bridge comment=defconf interface=ether2
/interface bridge port add bridge=bridge comment=defconf interface=ether3
/interface bridge port add bridge=bridge comment=defconf interface=ether4
/interface bridge port add bridge=bridge comment=defconf interface=ether5
/interface bridge port add bridge=bridge comment=defconf interface=ether6
/interface bridge port add bridge=bridge comment=defconf interface=ether7
/interface bridge port add bridge=bridge comment=defconf interface=ether8
/interface bridge port add bridge=bridge comment=defconf interface=ether9
/interface bridge port add bridge=bridge comment=defconf interface=ether10
/interface bridge port add bridge=bridge comment=defconf interface=sfp1
/interface bridge port add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip arp add address=192.168.88.156 interface=bridge published=yes
/ip arp add address=192.168.88.183 interface=bridge mac-address=50:EB:F6:BD:A3:88
/ip dhcp-client add comment=defconf interface=ether1
/ip dhcp-server lease add address=192.168.88.159 client-id=1:24:18:c6:dc:2a:36 mac-address=24:18:C6:DC:2A:36 server=dhcp1
/ip dhcp-server lease add address=192.168.88.162 mac-address=EC:FA:BC:B1:4A:A1 server=dhcp1
/ip dhcp-server lease add address=192.168.88.183 client-id=1:50:eb:f6:bd:a3:88 dhcp-option-set=test mac-address=50:EB:F6:BD:A3:88 server=dhcp1
/ip dhcp-server lease add address=192.168.88.178 client-id=1:2c:c8:1b:1c:fb:5a mac-address=2C:C8:1B:1C:FB:5A server=dhcp1
/ip dhcp-server lease add address=192.168.88.170 client-id=1:30:ab:6a:2e:fb:cd dhcp-option-set=test mac-address=30:AB:6A:2E:FB:CD server=dhcp1
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns set allow-remote-requests=yes use-doh-server=https://dns.google/dns-query
/ip dns static add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 address add from-pool=poolv6 interface=bridge
/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=poolv6 request=prefix use-interface-duid=yes
/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" list=bad_ipv6
/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " list=bad_ipv6
/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/lcd set backlight-timeout=never default-screen=stats read-only-mode=yes touch-screen=disabled
/system clock set time-zone-name=Europe/Moscow
/system package update set channel=testing
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
	# dec/14/2022 04:17:05 by RouterOS 7.7rc1
	# software id = XH5D-E1DZ
	#
	# model = RB2011UiAS-2HnD
	# serial number = HCN087QV7D1
	/interface bridge add admin-mac=18:FD:74:20:D9:C2 auto-mac=no comment=defconf name=bridge
	/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid="BlackBox 2G" wireless-protocol=802.11
	/interface list add comment=defconf name=WAN
	/interface list add comment=defconf name=LAN
	/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
	/ip dhcp-server option add code=1 name=test
	/ip dhcp-server option sets add name=test
	/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
	/ip dhcp-server add add-arp=yes address-pool=dhcp always-broadcast=yes dhcp-option-set=test interface=bridge lease-time=50m name=dhcp1
	/port set 0 name=serial0
	/interface bridge port add bridge=bridge comment=defconf interface=ether2
	/interface bridge port add bridge=bridge comment=defconf interface=ether3
	/interface bridge port add bridge=bridge comment=defconf interface=ether4
	/interface bridge port add bridge=bridge comment=defconf interface=ether5
	/interface bridge port add bridge=bridge comment=defconf interface=ether6
	/interface bridge port add bridge=bridge comment=defconf interface=ether7
	/interface bridge port add bridge=bridge comment=defconf interface=ether8
	/interface bridge port add bridge=bridge comment=defconf interface=ether9
	/interface bridge port add bridge=bridge comment=defconf interface=ether10
	/interface bridge port add bridge=bridge comment=defconf interface=sfp1
	/interface bridge port add bridge=bridge comment=defconf interface=wlan1
	/ip neighbor discovery-settings set discover-interface-list=LAN
	/interface list member add comment=defconf interface=bridge list=LAN
	/interface list member add comment=defconf interface=ether1 list=WAN
	/ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
	/ip arp add address=192.168.88.156 interface=bridge published=yes
	/ip arp add address=192.168.88.183 interface=bridge mac-address=50:EB:F6:BD:A3:88
	/ip dhcp-client add comment=defconf interface=ether1
	/ip dhcp-server lease add address=192.168.88.159 client-id=1:24:18:c6:dc:2a:36 mac-address=24:18:C6:DC:2A:36 server=dhcp1
	/ip dhcp-server lease add address=192.168.88.162 mac-address=EC:FA:BC:B1:4A:A1 server=dhcp1
	/ip dhcp-server lease add address=192.168.88.183 client-id=1:50:eb:f6:bd:a3:88 dhcp-option-set=test mac-address=50:EB:F6:BD:A3:88 server=dhcp1
	/ip dhcp-server lease add address=192.168.88.178 client-id=1:2c:c8:1b:1c:fb:5a mac-address=2C:C8:1B:1C:FB:5A server=dhcp1
	/ip dhcp-server lease add address=192.168.88.170 client-id=1:30:ab:6a:2e:fb:cd dhcp-option-set=test mac-address=30:AB:6A:2E:FB:CD server=dhcp1
	/ip dhcp-server network add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
	/ip dns set allow-remote-requests=yes use-doh-server=https://dns.google/dns-query
	/ip dns static add address=192.168.88.1 comment=defconf name=router.lan
	/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
	/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
	/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
	/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
	/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
	/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
	/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
	/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
	/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
	/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
	/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
	/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
	/ipv6 address add from-pool=poolv6 interface=bridge
	/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=poolv6 request=prefix use-interface-duid=yes
	/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
	/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" list=bad_ipv6
	/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
	/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
	/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
	/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " list=bad_ipv6
	/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
	/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
	/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
	/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
	/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
	/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
	/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
	/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
	/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
	/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
	/lcd set backlight-timeout=never default-screen=stats read-only-mode=yes touch-screen=disabled
	/system clock set time-zone-name=Europe/Moscow
	/system package update set channel=testing
	/tool mac-server set allowed-interface-list=LAN
	/tool mac-server mac-winbox set allowed-interface-list=LAN