Skip to content

Instantly share code, notes, and snippets.

View changeme's full-sized avatar

Diego changeme

21 followers · 5 following
View GitHub Profile
@changeme
changeme / mikro.md
Created March 9, 2017 19:27 — forked from Mikulas/mikro.md
http://forum.mikrotik.com/viewtopic.php?t=82890#p517324

This is for Posterity: Googling issues with Apple iOS 9 Mikrotik and L2TP VPN lead me to this Post. I had many troubles and finally got it to work. I will post my commands below to hopefully save others some headache. :D

this assumes some default configuration on the router: local subnet 192.168.1.0/24 router address 192.168.1.1 dhcp pool 192.168.1.100 - 192.168.1.200

@changeme
changeme / ovpn-server-with-cert.rsc
Created March 9, 2017 19:26 — forked from SmartFinn/ovpn-server-with-certs.md
MikroTik (RouterOS) script for setup OpenVPN server and generate certificates
# Setup OpenVPN Server
#
# Edit variables below and copy paste the script
# in a MikroTik terminal window.
#
:global CN [/system identity get name]
:global COUNTRY "UA"
:global STATE "KV"
:global LOC "Kyiv"
@changeme
changeme / mtrancid
Created March 9, 2017 19:21 — forked from udienz/mtrancid
Rancid script for mikrotik and vyatta
#! /usr/bin/perl
##
## $Id$
##
## rancid 2.3.9
## Copyright (C) 1997-2011 by Terrapin Communications, Inc.
## All rights reserved.
##
## This software may be freely copied, modified and redistributed
## without fee for non-commerical purposes provided that this license
@changeme
changeme / gist:49662b638632e6235831d83fda2bb85b
Created March 9, 2017 19:15 — forked from timkeller/gist:559d8289929cb22ff043
Mikrotik Progressive Brute Force Blocking
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
@changeme
changeme / volts.sh
Created March 9, 2017 19:14 — forked from TheSkorm/volts.sh
SNMP grabs mikrotik volts reading.
#!/bin/bash
#Makes a CSV of UNIX Time, wget speed, and link speed from an SNMP router
VOLTS=`snmpwalk -OvQ -v2c -cpublic IP .1.3.6.1.4.1.14988.1.1.3.8.0`
TIME=`date +%s`
VOLTS=`echo "scale=3;$VOLTS/10"|/usr/bin/bc`
echo $TIME,$VOLTS V >> /home/mwheeler/scripts/volts.csv
@changeme
changeme / guacamole.conf
Last active August 24, 2017 21:25
nginx guacamole reverse proxy let'sencrypt. Original: https://www.reddit.com/r/homelab/comments/5m1fng/finally_got_nginx_reverse_proxy_working_with_lets/
server {
listen 443 ssl;
server_name sub.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;
location / {
proxy_buffering off;
proxy_pass http://[IPADDRESS]:[PORT]/guacamole/;
proxy_http_version 1.1;
@changeme
changeme / guacamole.conf
Created January 5, 2017 04:35
nginx guacamole reverse proxy let'sencrypt.
server {
listen 443 ssl;
server_name sub.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;
location / {
proxy_buffering off;
proxy_pass http://[IPADDRESS]:[PORT]/guacamole/;
proxy_http_version 1.1;
@changeme
changeme / Mikrotik - Microsoft telemetry block
Last active October 14, 2023 18:14
/ip firewall filter
add action=reject chain=forward comment="Reject MS Telemetry" \
dst-address-list=MStelemetry reject-with=icmp-network-unreachable
/ip firewall address-list
add address=111.221.29.177 list=MStelemetry
add address=111.221.29.253 list=MStelemetry
add address=131.253.40.37 list=MStelemetry
add address=134.170.30.202 list=MStelemetry
add address=134.170.115.60 list=MStelemetry
@changeme
changeme / Bloquear Whatsapp en Mikrotik
Last active December 4, 2018 01:01
Agregar el siguiente script en Mikrotik para bloquear Whatsapp. Adaptar según sea necesario las líneas 1, 4,13,19, y 20.
add comment="Whatsapp Address List" interval=2m name="Whatsapp Blocker" \
on-event="# Use DNS Entrys and add Address to the Firewall Address-list #\
\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \"\
\") do={ \r\
@changeme
changeme / ActiveDirectory-iptables-firewall
Created April 29, 2016 14:15
Active Directory - Reglas para iptables
# Basado en http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
#
# Adaptarlo para saliente
#
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT