Created
November 24, 2017 14:26
-
-
Save allaniftrue/4108753ccdc2b2cb34607ac578e4d51c to your computer and use it in GitHub Desktop.
A sample mikrotik automation script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # nov/24/2017 22:10:36 by RouterOS 6.40.5 | |
| # software id = XXXXXX | |
| # | |
| # model = 951G-2HnD | |
| # serial number = XXXXX | |
| /interface bridge | |
| add fast-forward=no name=Bridge-LAN&WAN | |
| add admin-mac=6C:3B:6B:91:F5:3F auto-mac=no fast-forward=no name=bridgeLocal | |
| /interface wireless | |
| set [ find default-name=wlan1 ] band=2ghz-b/g/n country=singapore disabled=no frequency=auto mode=ap-bridge ssid="John 3:16" wireless-protocol=802.11 | |
| /interface ethernet | |
| set [ find default-name=ether2 ] name=LAN | |
| set [ find default-name=ether1 ] name=WAN | |
| /interface wireless security-profiles | |
| set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key="In God's Time.,." wpa2-pre-shared-key="In God's Time.,." | |
| /ip firewall layer7-protocol | |
| add name="Fake Mac Warning" regexp="^.+(macdamaged.space|letmegofaster.world).*\$" | |
| add name="Porn 1" regexp="(jasmin.com|www.streamate.com|www.myfreecams.com|chaturbate.com|click.dtiserv2.com|thefapp.com|nude.bustybay.com|www.fapstr.com|www.fappyness.com|nsfwr.com|fuskator.com|hellokisses.com|sheposes.com|www.faplr.com|www.picleecher.net|www.dumpomaat\ | |
| .nl|www.nsfwjpg.com|phapit.com|grazzier.hopto.org|www.post-tits.org|apinaporn.com|www.i-like-nsfw.com|shuttur.com|subimg.net|weluvporn.com|www.lustpin.com|www.pinme.xxx|punchpin.com|www.snatchly.com|www.pinsex.com|weluvporn.com|www.sex.com|smutty.com|pornopin.me|www\ | |
| .pingay.com|www.pichunter.com|www.amateurindex.com|www.tinyeve.net|www.boobstr.com|www.nsfw-pics.com|www.coedcherry.com|www.hq69.com|ero-love.com|www.gymnastsnude.com|www.nextdoortease.com|www.petiteteenager.com|www.petiteteenager.com|www.deluxebabes.com|www.kindgir\ | |
| ls.com|www.badashley.com|www.pussycalor.com|zossip.com|www.nurglesnymphs.com|www.nudespuri.com|freeadultsource.com|www.gallerygalore.net|www.brdteengal.com|www.wet-babe.com|www.littlethumbs.com|www.wildnudegirls.com|www.primebreasts.net|www.foxhq.com|teenselfpix.com\ | |
| |www.definefetish.com|www.labatidora.net|www.mytopnudes.com|profiles.met-art.com|www.eroticsymphonies.com|www.stiffville.com|www.showmenudes.com|www.tokyoteenies.com|xuk.ru|www.hottystop.com|www.hqtgp.com|fineartteens.com|www.teensinasia.com|www.subirporno.com|bigbo\ | |
| obsparadise.com|www.nudeshall.com|www.definebabe.com|www.nudesfromdownunder.com|www.bondage-shock.com|www.nastypornostars.com|sweetandpussy.com|photos.freeones.com|www.amateurindex.com|www.babepedia.com|www.coedcherry.com|www.pornstarcompendium.com|www.kellyfind.com\ | |
| |www.nurglesnymphs.com|www.definefetish.com|www.europornstar.com|www.asianbabesdatabase.com|www.pornstarbook.com|www.definebabe.com|www.beaverbattle.com|fapulike.com|boo.by|botto.ms|camelto.es|www.muffbattles.com|www.assbattles.com|www.tittybattles.com|www.studbattl\ | |
| es.com|www.eyehandy.com|bootyfix.com|www.meatbeerbabes.com|www.thenipslip.com|www.thongsaroundtheworld.com|www.rk.com|www.videobox.com|enter.mofosnetwork.com|join.teamskeet.com|www.kink.com|join.digitalplayground.com|refer.ccbill.com|enter.brazzersnetwork.com|enter.\ | |
| iknowthatgirl.com|join.18onlygirls.com|imlive.com|www.flirt4free.com|cams.com|www.cam4.com|secure.webpower.com|www.naked.com|chat.peekshows.com|sexier.com|www.seeme.com|asspictures.co|www.sexygorgeouswomen.com|www.old.smoder.com|sexit.fr|tehgiraffe.com|bootyoftheday\ | |
| .co|www.fappers.org|apina.biz|www.boobsaroundtheworld.com|join.wickedpictures.com|secure.twistysnetwork.com|track.braincash.com|enter.babesnetwork.com|join.playboy.com|join.playboy.tv|join.avidolz.com|refer.ccbill.com|join.crazyfetishpass.com|newnudecash.com|join.ja\ | |
| vhq.com|newnudecash.com|nudes.hegre-art.com|join.mycuteasian.com|revex.dhdmedia.com|adultfriendfinder.com|getiton.com|alt.com|www.fling.com|wildmatch.com|reddit.com|imgur.com|subimg.net|phapit.com|upload.imagefap.com|ftop.ru|urge.info|togtfo.com|www.iafd.com|fap1.co\ | |
| m|www.nsfwyoutube.com|www.indienudes.com|www.sinnandskinn.com|guesshermuff.blogspot.com|asciipr0n.com|c.actiondesk.com|www.monzy.org|naughtybigirl.stumbleupon.com|poison-baby.stumbleupon.com|crashraindog.stumbleupon.com)" | |
| add name="Porn 2" regexp="(rockyrat.stumbleupon.com|acemalain.stumbleupon.com|kingtaboo2.stumbleupon.com|imperfecttommy.stumbleupon.com|tblop.stumbleupon.com|qt3456.stumbleupon.com|med1862.stumbleupon.com|kazol.stumbleupon.com|antegodd.stumbleupon.com|boobiesdaily.stumb\ | |
| leupon.com|alker.stumbleupon.com|findinboobs.stumbleupon.com|www.gif-porn.com|boltontits.tumblr.com|pinkythekinky.com|nsfworld.com|tush.tumblr.com|bosom.tumblr.com|crotchtime.tumblr.com|mamelles.net|bananabunny.com|thenude.eu|xhamster.com|beeg.com|www.pornhub.com|ww\ | |
| w.xvideos.com|www.youporn.com|www.madthumbs.com|pornerbros.com|www.redtube.com|www.xxx.com|eporner.com|www.freudbox.com|www.xnxx.com|www.motherofporn.com|porn.com|www.videolovesyou.com|www.tube8.com|www.alphaporno.com|www.spankwire.com|www.whoreslag.com|www.bigtits.\ | |
| com|www.shufuni.com|xfapzap.com|www.orgasm.com|www.youbunny.com|www.fastjizz.com|www.my18tube.com|www.spankbang.com|www.pornwall.com|www.morningstarclub.com|www.analpornhd.com|fapdu.comcommunity|www.userporn.com|www.pornhost.com|xogogo.com|www.hdpornstar.com|www.por\ | |
| njog.com|www.moviesand.com|www.wetpussy.com|www.girlsongirlstube.com|www.xxxbunker.com|www.keezmovies.com|www.hdporn.net|www.submityourflicks.com|www.chumleaf.com|www.fucktube.com|www.youjizz.com|www.pornrabbit.com|www.fookgle.com|www.pornative.com|www.dailee.com|ww\ | |
| w.stileproject.com|pornsharia.com|www.sexfans.org|www.fux.com|sluttyred.com|www.pk5.net|24h-porn.net|www.extremetube.com|www.steponmyballs.com|www.kuntfutube.com|youpunish.com|yobt.tv|www.cuntest.com|www.thisav.com|femdom-tube.com|www.definefetish.com|www.vidxnet.co\ | |
| m|www.jizzbox.com|www.nextdoordolls.com|www.tube.smoder.com|www.eroxia.com|www.pornoxo.com|www.milkydick.com|yobt.com|www.tnaflix.com|www.thegootube.com|www.bondagetube.tv|spankingtube.com|www.empflix.com|www.pornheed.com|www.fuckuh.com|pornwaiter.com|www.yourpornji\ | |
| zz.com|www.sextv1.pl|lubetube.com|www.porncor.com|www.4tube.com|www.pornorake.com|www.slutload.com|www.definebabe.com|www.maxjizztube.com|www.yteenporn.com|www.nurglestube.com|www.yporn.tv|vankoi.comvideos|www.asianxtv.com|www.analxtv.com|www.theyxxx.com|www.besthdt\ | |
| ube.com|www.asiantubesex.com|zuzandra.com|www.moviesguy.com|www.bustnow.com|www.dirtydirtyangels.com|www.yazum.com|www.exgfupload.com|deviantclip.com|www.pornsitechoice.com|www.faptv.com|www.hardsextube.com|www.brazzershdtube.com|www.pornmd.com|www.nudevista.com|fap\ | |
| du.com|www.tubaholic.com|www.turnporn.com|findtubes.com|www.porndex.com|fantasti.cc|www.bing.com|www.askjolene.com|adultvideofinder.com|www.pornprox.com|www.badjojo.com|tubething.com|www.xpornz.com|p0rntub3.net|www.mynationporn.com|ro89.com|www.pornmaxim.com|www.por\ | |
| ntubese.com|www.cliphunter.com|fapgay.com|latinacast.com|www.tube555.com|www.wankspider.com|allofx.com|www.tubesimple.com|www.bulktube.com|www.mrsnake.com|torrents.empornium.me|pornbay.org|www.bootytape.com|pornbits.net|www.pornorip.net|rarbg.com|thepiratebay.se|www\ | |
| .torsky.org|www.cherrykiss.org|webop.me|en.gay-lounge.net|www.pornmade.com|adultbay.org|tdarkangel.com|hotpornfile.org|worldvoyeur.com|www.fetishscanner.com|www.inciteen.com|www.girlscanner.com|pornoh.info|www.hornywhores.net)" | |
| add name="Porn 3" regexp="(lustex.net|jav-porn.com|pornshare.biz|naked-sluts.us|fap2this.com|inteens.net|rapidshareporns.com|porn-porn.org|bestpornlink.com|www.lingur.org|hornyfile.com|ellefsworld.com|www.extremeplatform.com|www.freenetbat.com|www.2adultflashgames.com|w\ | |
| ww.funny-games.biz|www.gif-porn.com|reddit.com|www.bestporngifs.com|www.giffies.com|nwsgifs.com|4gifs.tvgallery|www.jigglegifs.com|www.gifporntube.com|www.giftube.com|titsthatjiggleabit.com|www.reddit.com|www.supertangas.com|girlselfpics.com|www.watchersweb.com|voye\ | |
| urweb.com|www.zoig.com|www.amateuralbum.net|www.worldwidewives.com|hunnyhive.com|www.flingtube.com|www.coomgirls.com|www.pornturbo.comen|www.yourfreeporn.usvideos|www.unitedhomeporn.com|www.realteengirls.org|amateurgalore.net|www.postyourgirls.com|www.xxxaporn.com|w\ | |
| ww.palevo.com|www.webgirlsonline.net|www.amateurxtv.com|www.freeamateurstube.com|www.burningcamel.com|www.yuvutu.com|www.hbrowse.com|www.fakku.net|gelbooru.com|www.animephile.com|freehentainow.com|www.hentaicrunch.com|www.hentai-foundry.com|chan.sankakucomplex.com|w\ | |
| ww.hentairules.net|luscious.net|rule34.paheal.net|www.futahentai.com|www.search34.org|www.doujin-moe.usmain.html|rule34.xxxindex.php|g.e-hentai.org|www.hentaipalm.com|www.onlineanime.org|myhentai.tv|hentai4manga.com|www.hentaixtv.com|www.aerisdies.com|www.urhentai.c\ | |
| om|fleshbot.com|popporn.com|www.erosblog.com|www.ggurls.com|www.tinynibbles.com|www.milovana.com|www.porn.comblog|gramponante.com|www.richardsonmag.com|www.avn.com|www.totallynsfw.com|erooups.com|www.sweetbabesblog.com|emo-porn.com|scene-porn.com|www.sexoteric.com|w\ | |
| ww.babe-lounge.com|www.exgfpics.com|www.perfectnaked.com|www.purelynsfw.com|regretfulmorning.com|freespanking.com.ar|boobies-daily.org|www.otty-hotties.com|www.ishootporn.com|myxxxcentral.com|unscathedcorpse.blogspot.com|dick-n-jane.com|www.inkedangels.net|your-dail\ | |
| y-girl.com|www.femalecoming.com|www.boobieblog.com|www.bigboobsalert.com|ourkinkylife.com|www.naughtyreviews.com|www.mybestfriendporn.com|www.artfulporn.com|2busty.net|emoandscenegirls.com|www.frontarmy.co.uk|www.pussypush.com|www.thenudeceleb.com|www.dreambabes.eu|\ | |
| www.flashingblog.com|hotyoungnude.com|www.seemygf.com|www.yourdirtymind.com|whatporntoday.com|www.xartmodels.com|exgfphotos.com|www.spank-otk.com|www.asianhumps.com|www.ithinkthatshot.com|hipstertits.com|www.getnudies.com|junkieporn.net|highonsex.net|www.nubilesblog\ | |
| .com|www.abbygirlgirl.com|www.badgirlsblog.com|www.thespankingblog.com|www.bustygirlsblog.com|erogarden.blogspot.com|www.dirtyrottenwhore.com|www.iseekgirls.com|www.nsfwpoa.com|www.asstr.org|www.lushstories.com|literotica.comstories|www.eroticast.net|t-s-s-a.com|mcs\ | |
| tories.com|www.bdsmlibrary.com|storiesonline.net|www.nifty.org|www.oglaf.com|www.pawn.se|slimythief.com|www.doctorvoluptua.com|www.c.urvy.org|www.rosettastonecomic.com|jessfink.com|www.menagea3.net|sissycedric.smackjeeves.com|piggypainslut.smackjeeves.com|dogdick.sm\ | |
| ackjeeves.com|nannygoat.smackjeeves.com|madamezelda.smackjeeves.com|www.pepsaga.com|www.thetalkingcunt.nl|kitnkayboodle.comicgenesis.com|pandamovies.com|publicagent.com|nontonsemi.com|bokepdo.com|kissinghd.com|cerdas.com|gonzodino.com|faketaxi.com|sukatoro.com|henta\ | |
| idream.co|fakku.net|time2sex.com|sikwap.com|sexowap.com|hentai.ms|perfectgirls.net)" | |
| /ip pool | |
| add name=dhcp ranges=192.168.27.100-192.168.27.254 | |
| /ip dhcp-server | |
| add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridgeLocal name=dhcp1 | |
| /interface bridge port | |
| add bridge=bridgeLocal interface=LAN | |
| add bridge=bridgeLocal interface=ether3 | |
| add bridge=bridgeLocal interface=ether4 | |
| add bridge=bridgeLocal interface=ether5 | |
| add bridge=bridgeLocal interface=wlan1 | |
| /interface wireless access-list | |
| add mac-address=AB:BC:11:22:33:44 | |
| /ip address | |
| add address=192.168.27.1/24 interface=LAN network=192.168.27.0 | |
| /ip dhcp-client | |
| add dhcp-options=hostname,clientid disabled=no interface=WAN | |
| /ip dhcp-server lease | |
| add address=192.168.27.2 comment="tux" mac-address=AB:BC:11:22:33:44 server=dhcp1 | |
| add address=192.168.27.3 mac-address=11:22:33:AA:44:55 server=dhcp1 | |
| /ip dhcp-server network | |
| add address=192.168.27.0/24 gateway=192.168.27.1 netmask=24 | |
| /ip dns | |
| set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 | |
| /ip firewall address-list | |
| add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons | |
| add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you need this subnet before enable it" disabled=yes list=bogons | |
| add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons | |
| add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons | |
| add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it" disabled=yes list=bogons | |
| add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it" disabled=yes list=bogons | |
| add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons | |
| add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons | |
| add address=198.18.0.0/15 comment="NIDB Testing" list=bogons | |
| add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons | |
| add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons | |
| add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this subnet before enable it" disabled=yes list=bogons | |
| /ip firewall filter | |
| add action=accept chain=input protocol=icmp | |
| add action=accept chain=input connection-state=established | |
| add action=accept chain=input connection-state=related | |
| add action=accept chain=forward src-address=192.168.27.2 | |
| add action=drop chain=forward layer7-protocol="Fake Mac Warning" | |
| add action=drop chain=forward layer7-protocol="Porn 1" | |
| add action=drop chain=forward layer7-protocol="Porn 2" | |
| add action=drop chain=forward layer7-protocol="Porn 3" | |
| add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn | |
| add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder | |
| add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1 | |
| add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner | |
| add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp | |
| add action=drop chain=input comment="Block all access to the winbox - except to support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp src-address-list=!support | |
| add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmp | |
| add action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogons | |
| add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp src-address-list=spammers | |
| add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp | |
| add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp | |
| add action=accept chain=input comment="Accept to established connections" connection-state=established | |
| add action=accept chain=input comment="Accept to related connections" connection-state=related | |
| add action=accept chain=input comment="Full access to SUPPORT address list" src-address-list=support | |
| add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yes | |
| add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp | |
| add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp | |
| add action=accept chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmp | |
| add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp | |
| add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp | |
| add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp | |
| add action=jump chain=input comment="Jump to RFC SSH Chain" jump-target="RFC SSH Chain" | |
| add action=add-src-to-address-list address-list="Black List (SSH)" address-list-timeout=none-dynamic chain="RFC SSH Chain" comment="Transfer repeated attempts from SSH Stage 3 to Black-List" connection-state=new dst-port=1000 protocol=tcp src-address-list=\ | |
| "SSH Stage 3" | |
| add action=add-src-to-address-list address-list="SSH Stage 3" address-list-timeout=1m chain="RFC SSH Chain" comment="Add succesive attempts to SSH Stage 3" connection-state=new dst-port=1000 protocol=tcp src-address-list="SSH Stage 2" | |
| add action=add-src-to-address-list address-list="SSH Stage 2" address-list-timeout=1m chain="RFC SSH Chain" comment="Add succesive attempts to SSH Stage 2" connection-state=new dst-port=1000 protocol=tcp src-address-list="SSH Stage 1" | |
| add action=add-src-to-address-list address-list="SSH Stage 1" address-list-timeout=1m chain="RFC SSH Chain" comment="Add intial attempt to SSH Stage 1 List" connection-state=new dst-port=1000 protocol=tcp | |
| add action=return chain="RFC SSH Chain" comment="Return From RFC SSH Chain" | |
| add action=accept chain=output comment="Section Break" disabled=yes | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat out-interface=WAN | |
| /ip service | |
| set telnet disabled=yes | |
| set ftp disabled=yes | |
| set www port=8080 | |
| set ssh port=1000 | |
| set api disabled=yes | |
| set winbox disabled=yes | |
| set api-ssl disabled=yes | |
| /ip upnp | |
| set enabled=yes | |
| /ip upnp interfaces | |
| add interface=bridgeLocal type=internal | |
| add interface=WAN type=external | |
| /system clock | |
| set time-zone-name=Asia/Singapore | |
| /system identity | |
| set name=Goldmine | |
| /system leds | |
| set 0 interface=wlan1 | |
| /system ntp client | |
| set enabled=yes primary-ntp=216.239.35.12 secondary-ntp=103.47.76.177 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment