Самое смешное, что лично мне эти айфоны и телевизоры даром не нужны - жена и дети без них жить не могут. Все мое работает.
Что в сети: 3 стационарных компа, NAS, телевизор, playstation, принтер, приблуда для контроля UPS - это на проводе; 6 телефонов (3 айфона и 3 самсунга), 3 планшета (2 айпада и самсунг) 2 ноута - беспроводка. Естественно, все это сразу не работает. Проблема медленно возникала только с эпплом, причем сначала легко лечилась установкой на них статики, со временем уже ничего не помогало. Весь эппл белый.
Т.к. они IP получают (хотя не всегда пингуются), то, думаю, все же в маршрутизации.
В файрволл я добавлял только по надобности, там не должно быть ничего мешающего, да и в логах все чисто.
Я догадываюсь, что надо бы все сделать заново, но уж очень страшно. Даже с цисками было проще, там я несколько раз нормально писал с нуля. Хотя и сеть было сильно проще.
Конфиг (вот только сейчас обратил внимание на # software id = NFEK-29UA - что это? Слабо напрягает UA :)) :
Код: Выделить всё
# aug/12/2019 11:57:11 by RouterOS 6.45.3
# software id = NFEK-29UA
#
# model = CRS125-24G-1S-2HnD
# serial number = 49C6020C9CD3
/interface bridge
add admin-mac=D4:CA:6D:FE:3E:2D auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] l2mtu=4064 mac-address=D4:CA:6D:FE:3E:2B \
mtu=4000 name=ISP rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] comment=Mike1st-2 l2mtu=4064 mtu=4000 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether3 ] comment=NAS l2mtu=4064 mtu=4000 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether4 ] comment=AP9630 l2mtu=4064 mtu=4000 \
rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether5 ] comment=Vova rx-flow-control=on speed=\
100Mbps tx-flow-control=on
set [ find default-name=ether6 ] comment="Red on Eugene table" speed=100Mbps
set [ find default-name=ether7 ] comment=Mike3rd-yellow rx-flow-control=auto \
speed=100Mbps tx-flow-control=auto
set [ find default-name=ether8 ] name=ether8-slave-local rx-flow-control=auto \
speed=100Mbps tx-flow-control=auto
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] comment=printer speed=100Mbps
set [ find default-name=ether11 ] speed=100Mbps
set [ find default-name=ether12 ] comment="USB server" speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] comment="LG TV" rx-flow-control=on speed=\
100Mbps tx-flow-control=on
set [ find default-name=ether15 ] comment=Mike1stN-1 name=ether15-slave-local \
speed=100Mbps
set [ find default-name=ether16 ] comment="TV set" name=ether16-slave-local \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether17 ] disabled=yes name=ether17-slave-local \
speed=100Mbps
set [ find default-name=ether18 ] disabled=yes name=ether18-slave-local \
speed=100Mbps
set [ find default-name=ether19 ] disabled=yes name=ether19-slave-local \
speed=100Mbps
set [ find default-name=ether20 ] disabled=yes name=ether20-slave-local \
speed=100Mbps
set [ find default-name=ether21 ] disabled=yes name=ether21-slave-local \
speed=100Mbps
set [ find default-name=ether22 ] disabled=yes name=ether22-slave-local \
speed=100Mbps
set [ find default-name=ether23 ] disabled=yes name=ether23-slave-local \
speed=100Mbps
set [ find default-name=ether24 ] disabled=yes name=ether24-slave-local \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
name=sfp1-slave-local
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-onlyn channel-width=20/40mhz-Ce country=russia \
default-authentication=no disabled=no distance=indoors \
hw-protection-mode=rts-cts mode=ap-bridge ssid=MZN wireless-protocol=\
802.11 wmm-support=enabled
/interface list
add name=mactel
add name=mac-winbox
add exclude=dynamic name=discover
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp_pool2 ranges=109.173.80.2-109.173.87.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
add address-pool=dhcp_pool2 disabled=no interface=ISP name=dhcp1
/ppp profile
set *FFFFFFFE local-address=dhcp remote-address=dhcp use-compression=no \
use-encryption=no use-ipv6=no use-mpls=no
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9
add bridge=bridge-local interface=ether10
add bridge=bridge-local interface=ether11
add bridge=bridge-local interface=ether12
add bridge=bridge-local interface=ether13
add bridge=bridge-local interface=ether14
add bridge=bridge-local interface=ether15-slave-local
add bridge=bridge-local interface=ether16-slave-local
add bridge=bridge-local interface=ether17-slave-local
add bridge=bridge-local interface=ether18-slave-local
add bridge=bridge-local interface=ether19-slave-local
add bridge=bridge-local interface=ether20-slave-local
add bridge=bridge-local interface=ether21-slave-local
add bridge=bridge-local interface=ether22-slave-local
add bridge=bridge-local interface=ether23-slave-local
add bridge=bridge-local interface=ether24-slave-local
add bridge=bridge-local interface=sfp1-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/ipv6 settings
set max-neighbor-entries=1024
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
all wan-interface-list=all
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6 list=mactel
add interface=ether5 list=mac-winbox
add interface=ether7 list=mactel
add interface=ether8-slave-local list=mactel
add interface=ether6 list=mac-winbox
add interface=ether9 list=mactel
add interface=ether7 list=mac-winbox
add interface=ether10 list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether11 list=mactel
add interface=ether9 list=mac-winbox
add interface=ether12 list=mactel
add interface=ether10 list=mac-winbox
add interface=ether13 list=mactel
add interface=ether11 list=mac-winbox
add interface=ether14 list=mactel
add interface=ether12 list=mac-winbox
add interface=ether15-slave-local list=mactel
add interface=ether13 list=mac-winbox
add interface=ether16-slave-local list=mactel
add interface=ether14 list=mac-winbox
add interface=ether17-slave-local list=mactel
add interface=ether15-slave-local list=mac-winbox
add interface=ether18-slave-local list=mactel
add interface=ether16-slave-local list=mac-winbox
add interface=ether19-slave-local list=mactel
add interface=ether17-slave-local list=mac-winbox
add interface=ether20-slave-local list=mactel
add interface=ether18-slave-local list=mac-winbox
add interface=ether21-slave-local list=mactel
add interface=ether19-slave-local list=mac-winbox
add interface=ether22-slave-local list=mactel
add interface=ether20-slave-local list=mac-winbox
add interface=ether23-slave-local list=mactel
add interface=ether21-slave-local list=mac-winbox
add interface=ether22-slave-local list=mac-winbox
add interface=ether23-slave-local list=mac-winbox
add interface=ether24-slave-local list=mactel
add interface=ether24-slave-local list=mac-winbox
add interface=sfp1-slave-local list=mactel
add interface=wlan1 list=mactel
add interface=sfp1-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8-slave-local list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=ether11 list=discover
add interface=ether12 list=discover
add interface=ether13 list=discover
add interface=ether14 list=discover
add interface=ether15-slave-local list=discover
add interface=ether16-slave-local list=discover
add interface=ether17-slave-local list=discover
add interface=ether18-slave-local list=discover
add interface=ether19-slave-local list=discover
add interface=ether20-slave-local list=discover
add interface=ether21-slave-local list=discover
add interface=ether22-slave-local list=discover
add interface=ether23-slave-local list=discover
add interface=ether24-slave-local list=discover
add interface=sfp1-slave-local list=discover
add interface=ISP list=WAN
/interface pptp-server server
set authentication=mschap2 default-profile=default keepalive-timeout=5
/interface sstp-server server
set default-profile=default-encryption
/interface wireless access-list
add comment=T61 interface=wlan1 mac-address=00:1F:3B:B5:DF:9B
add comment="USB Server" interface=wlan1 mac-address=00:0E:3B:68:02:45
add comment="Julia NB" interface=wlan1 mac-address=F4:B7:E2:D0:2E:A7
add comment="PIXMA MG3540" interface=wlan1 mac-address=D8:49:2F:83:8B:28
add comment="Olga iph6" interface=wlan1 mac-address=D4:F4:6F:77:E1:39
add comment=G850F interface=wlan1 mac-address=48:5A:3F:45:F3:5E vlan-mode=\
no-tag
add comment=Xperia disabled=yes interface=wlan1 mac-address=44:74:6C:4B:FC:75 \
vlan-mode=no-tag
add comment="Eugene ZTE Nubia Z11 mini S" interface=wlan1 mac-address=\
DC:F0:90:8B:CF:71 vlan-mode=no-tag
add comment="iPad 3mini" interface=wlan1 mac-address=6C:94:F8:C1:FB:7B \
vlan-mode=no-tag
add comment="SAM PLANSHET ULIA" interface=wlan1 mac-address=D4:AE:05:43:A8:F1 \
vlan-mode=no-tag
add comment="Jul SAM Ph" interface=wlan1 mac-address=C8:D7:B0:6C:1F:44 \
vlan-mode=no-tag
add comment="NAT SAM Ph" interface=wlan1 mac-address=88:75:98:57:6F:6B \
vlan-mode=no-tag
add comment="Luda iPad" interface=wlan1 mac-address=08:E6:89:AF:23:13 \
vlan-mode=no-tag
add comment="Asus on main" interface=wlan1 mac-address=10:7B:44:57:B7:E8 \
vlan-mode=no-tag
add comment="My 2nd Alpha" mac-address=F4:09:D8:9D:8A:AC vlan-mode=no-tag
add comment=Note8 interface=wlan1 mac-address=B8:D7:AF:74:68:0C vlan-mode=\
no-tag
add comment=UliPh6s interface=wlan1 mac-address=FC:B6:D8:A2:97:A7 vlan-mode=\
no-tag
add comment="Luda iPh" interface=wlan1 mac-address=58:E2:8F:6E:1E:97 \
vlan-mode=no-tag
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=ether2 \
network=192.168.1.0
/ip arp
add address=192.168.1.254 comment="Broadcast for WoL" interface=bridge-local \
mac-address=FF:FF:FF:FF:FF:FF
add address=192.168.1.14 comment=NAS1 interface=bridge-local mac-address=\
00:11:32:37:97:57
add address=192.168.1.15 comment=MikeL2 interface=bridge-local mac-address=\
00:1F:BC:0E:17:CA
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ISP
/ip dhcp-server network
add address=109.173.80.0/21 gateway=109.173.80.1
add address=192.168.1.0/24 comment="default configuration" dns-server=\
192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=2606:4700:4700::1001,8.8.8.8
/ip dns static
add address=192.168.1.1 name=router
add address=1.0.0.1 name=Cloudflare2
add address=1.1.1.1 name=Cloudflare1
/ip firewall address-list
add list=blacklist
ВЫРЕЗАНО
/ip firewall filter
add action=accept chain=input comment="Accept 8728" dst-port=8728 protocol=\
tcp
add action=drop chain=input comment="pptp protection" in-interface=ISP \
protocol=tcp src-address-list="ppp black"
add action=drop chain=input comment=\
"Drop new connections from blacklisted IP's to this router" \
connection-state=new in-interface=ISP src-address-list=blacklist
add action=drop chain=input comment="Drop bl" src-address-list=bl
add action=drop chain=forward comment="Drop bl" src-address-list=bl
add action=add-src-to-address-list address-list=WAKENAS address-list-timeout=\
none-dynamic chain=input comment="For WakeNAS" dst-port=60001 protocol=\
tcp
add action=add-src-to-address-list address-list=WAKEMIKE \
address-list-timeout=none-dynamic chain=input comment="For WakeMike" \
dst-port=60002 protocol=tcp
add action=accept chain=forward comment="Allow WoL" dst-address=\
192.168.1.0/24 dst-port=9 out-interface=bridge-local protocol=udp \
src-port=""
add action=accept chain=input comment="Accept iWinbox" dst-port=8291 \
in-interface=ISP protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established
add action=accept chain=input comment="default configuration" \
connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ISP
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="Accept forward for NAS FTP" \
dst-address-list=!192.168.1.14 dst-port=20,22,221,55536-55543 \
in-interface=ISP log=yes log-prefix=ftp protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=accept chain=forward dst-address=192.168.0.0/16 src-address=\
192.168.0.0/16
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes \
in-interface=ISP
add action=accept chain=input connection-state=related disabled=yes \
in-interface=ISP
add action=accept chain=input dst-port=1723 in-interface=ISP protocol=tcp
add action=drop chain=input in-interface=ISP
add action=jump chain=forward disabled=yes in-interface=ISP jump-target=\
customer
add action=accept chain=customer connection-state=established disabled=yes
add action=accept chain=customer connection-state=related disabled=yes
add action=drop chain=customer disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="For broadcast WoL" dst-port=9 \
protocol=udp to-addresses=192.168.1.254 to-ports=9
add action=dst-nat chain=dstnat comment=NAS_FTP_outside dst-port=221 \
protocol=tcp to-addresses=192.168.1.14 to-ports=221
add action=dst-nat chain=dstnat dst-port=55536-55543 protocol=tcp \
to-addresses=192.168.1.14 to-ports=55536-55543
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=221 \
protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.18 dst-port=\
55536-55543 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ISP
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
src-address=192.168.89.0/24
add action=accept chain=srcnat comment="accept 8728" dst-port=8728 protocol=\
tcp
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add comment=Olga disabled=yes distance=1 dst-address=192.168.2.0/24 gateway=\
10.10.0.2
add comment=Eugene disabled=yes distance=1 dst-address=192.168.3.0/24 \
gateway=10.10.0.3
/ip service
set telnet address=192.168.1.15/32
set ftp port=221
set winbox address=0.0.0.0/0
/ip smb
set allow-guests=no comment="" domain=""
/ip smb users
add name=Mike read-only=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp interfaces
add interface=ISP type=external
add interface=bridge-local type=internal
/ipv6 address
add address=::d6ca:6dff:fefe:3e2d eui-64=yes from-pool=ONLMv6 interface=\
bridge-local
/ipv6 dhcp-client
add add-default-route=yes interface=ISP pool-name=ONLMv6 request=\
address,prefix
/ipv6 firewall filter
add action=drop chain=input comment="\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \E2\F1\
\E5 \AB\ED\E5\EF\F0\E0\E2\E8\EB\FC\ED\FB\E5\BB \F1\EE\E5\E4\E8\ED\E5\ED\E8\
\FF" connection-state=invalid
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\
\E5 \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF\
" connection-state=established,related in-interface=ISP
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \F3\E6\
\E5 \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5 \F1\EE\E5\E4\E8\ED\E5\ED\E8\FF\
" connection-state=established,related in-interface=ISP out-interface=\
bridge-local
add action=accept chain=input comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\EF\
\E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
limit=50,5:packet protocol=icmpv6
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC ICMP-\
\EF\E0\EA\E5\F2\FB, \ED\EE \EE\E3\F0\E0\ED\E8\F7\E8\F2\FC \EB\E8\EC\E8\F2" \
limit=50,5:packet protocol=icmpv6
add action=accept chain=input comment="\F0\E0\E7\F0\E5\F8\E8\F2\FC \F1\EE\E5\
\E4\E8\ED\E5\ED\E8\FF \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 \EF\EE \EF\F0\
\EE\F2\EE\EA\EE\EB\F3 UDP \ED\E0 \EF\EE\F0\F2 546 - \E1\E5\E7 \FD\F2\EE\E3\
\EE \EF\F0\E0\E2\E8\EB\E0 \ED\E5 \EF\EE\EB\F3\F7\E8v \E0\E4\F0\E5\F1 IPv6 \
\EF\EE DHCPv6 \EE\F2 \EF\F0\EE\E2\E0\E9\E4\E5\F0\E0 " dst-port=546 \
in-interface=ISP protocol=udp
add action=accept chain=forward comment="\EF\F0\EE\EF\F3\F1\EA\E0\F2\FC \E2\F1\
\E5 \E8\E7 \EB\EE\EA\E0\EB\FC\ED\EE\E9 \F1\E5\F2\E8 \E2 \C8\ED\F2\E5\F0\ED\
\E5\F2" in-interface=bridge-local out-interface=ISP
add action=drop chain=input comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC \
\E2\F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
add action=drop chain=forward comment="\E7\E0\E1\EB\EE\EA\E8\F0\EE\E2\E0\F2\FC\
\_\E2\F1\E5 \EE\F1\F2\E0\EB\FC\ED\EE\E5 "
/lcd
set default-screen=stats-all time-interval=hour
/snmp
set enabled=yes trap-interfaces=ether13
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set dst-end="jun/07/2018 00:00:00" dst-start="jun/07/2018 00:00:00" \
time-zone=+03:00
/system identity
set name=MT
/system logging
add topics=wireless
/system ntp client
set enabled=yes primary-ntp=81.88.210.197 secondary-ntp=24.56.178.140
/system ntp server
set enabled=yes
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=2d name=DDNSNOIP on-event=DDNS_NO_IP policy=read,write,test \
start-time=startup
add name=WAKENAS on-event=":local WAKENAS [/ip firewall address-list find wher\
e list=\"WAKENAS\"]\r\
\n:if (\$WAKENAS!=\"\") do={\r\
\n/tool wol mac=00:11:32:37:97:57 interface=bridge-local\r\
\n/ip firewall address-list remove [find where list=\"WAKENAS\"]\r\
\n}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add name=WAKEMIKE on-event=":local WAKEMIKE [/ip firewall address-list find wh\
ere list=\"WAKEMIKE\"]\r\
\n:if (\$WAKEMIKE!=\"\") do={\r\
\n/tool wol mac=00:1F:BC:0E:17:CA interface=bridge-local\r\
\n/ip firewall address-list remove [find where list=\"WAKEMIKE\"]\r\
\n}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=OpenBL on-event="/system scheduler add comment=\"Download\
\_openbl list_Apply openbl List\" interval=3d name=\"Download and Apply Op\
enBL_List\" on-event=DownloadOpenBL_ReplaceOpenBL start-date=jan/01/1970 s\
tart-time=00:35:04" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=Spamhaus on-event="# Schedule the download and applicatio\
n of the spamhaus list\r\
\n/system scheduler add comment=\"Download spamhaus list_Apply spamhaus Li\
st\" interval=3d name=\"DownloadSpamhausList and ApplySpamhausList\" on-ev\
ent=DownloadSpamhaus_ReplaceSpamhaus start-date=jan/01/1970 start-time=00:\
40:04" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=dshield.org on-event="/system scheduler add comment=\"Dow\
nloadDShieldList_InstallDShieldList\" interval=3d name=\"Download and Appl\
y dshield_List\" on-event=Download_dshield_Replace_dshield start-date=jan/\
01/1970 start-time=00:45:04" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=malc0de.com on-event="# Schedule the download and applica\
tion of the malc0de list\r\
\n/system scheduler add comment=\"Download and Apply malc0de list\" interv\
al=3d name=\"Downloadmalc0deList_Installmalc0deList\" on-event=Download_ma\
lc0de_Replace_malc0de start-date=jan/01/1970 start-time=00:50:04" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add comment="Download spamhaus list_Apply spamhaus List" interval=3d name=\
"DownloadSpamhausList and ApplySpamhausList" on-event=\
DownloadSpamhaus_ReplaceSpamhaus policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/22/2018 start-time=00:40:04
add comment="Download openbl list_Apply openbl List" interval=3d name=\
"Download and Apply OpenBL_List" on-event=DownloadOpenBL_ReplaceOpenBL \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/22/2018 start-time=00:35:04
add comment=DownloadDShieldList_InstallDShieldList interval=3d name=\
"Download and Apply dshield_List" on-event=\
Download_dshield_Replace_dshield policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/22/2018 start-time=00:45:04
add comment="Download and Apply malc0de list" interval=3d name=\
Downloadmalc0deList_Installmalc0deList on-event=\
Download_malc0de_Replace_malc0de policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/22/2018 start-time=00:50:04
add interval=2d name=no-ip_ddns_update policy=read,write,test start-date=\
dec/28/2018 start-time=03:51:17
/system script
add dont-require-permissions=no name=DDNS_NO_IP owner=admin policy=\
read,write,test source=":local inetinterface value=\"ISP\";\r\
\n\r\
\n:local noipuser \"Mike1st\";\r\
\n\r\
\n:local noippass \"dxubq0cl\";\r\
\n\r\
\n:local noiphost \"mz1.ddns.net\";\r\
\n\r\
\n:local dnsurl value=\"http://dynupdate.no-ip.com/nic/update\?myip=\";\r\
\n\r\
\n:local currentIP;\r\
\n\r\
\n:global previousIP [:resolve \$noiphost];\r\
\n\r\
\n:if ([/interface get \$inetinterface value-name=running] = true) do={\r\
\n\r\
\n:set \$currentIP value=[/ip address get [find where interface=\$inetinte\
rface] address];\r\
\n\r\
\n:for i from=([:len \$currentIP] - 1) to=0 do={\r\
\n\r\
\n:if ([:pick \$currentIP \$i] = \"/\") do={\r\
\n\r\
\n:set \$currentIP value=[:pick \$currentIP 0 \$i];\r\
\n\r\
\n}\r\
\n\r\
\n}\r\
\n\r\
\n:if (\$currentIP != \$previousIP) do={\r\
\n\r\
\n:log info message=(\"No-IP: Current IP: \".\$currentIP.\" is not equal t\
o previous IP: \".\$previousIP.\", update needed\");\r\
\n\r\
\n:set \$previousIP value=\$currentIP;\r\
\n\r\
\n:log info message=(\"No-IP: Sending update for \".\$noiphost);\r\
\n\r\
\n/tool fetch url=(\$dnsurl.\$currentIP.\"&hostname=\".\$noiphost) user=\$\
noipuser password=\$noippass mode=http keep-result=no;\r\
\n\r\
\n:log info message=(\"No-IP: Host \".\$noiphost.\" updated on No-IP with \
IP \".\$currentIP);\r\
\n\r\
\n} else={\r\
\n\r\
\n:log info message=(\"No-IP: Previous IP \".\$previousIP.\" is equal to c\
urrent IP: \".\$previousIP.\", no update needed\");\r\
\n\r\
\n}\r\
\n\r\
\n} else={\r\
\n\r\
\n:log info message=(\"No-IP: \".\$inetinterface.\" is not currently runni\
ng, so therefore will not update.\");\r\
\n\r\
\n}"
add dont-require-permissions=no name=OpenBL owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script which will download the OpenBL list as a text file & Script which\
\_will Remove old OpenBL records and add new one\r\
\n/system script add name=\"DownloadOpenBL_ReplaceOpenBL\" source={\r\
\n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
\n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
\n/import file-name=openbl.rsc;\r\
\n:log info \"Removed old OpenBL records and imported new list\";\r\
\n}"
add dont-require-permissions=no name=Spamhouse owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script which will download the drop list as a text file & Script which w\
ill Remove old Spamhaus list and add new one\r\
\n/system script add name=\"DownloadSpamhaus_ReplaceSpamhaus\" source={\r\
\n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
\n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
\n/import file-name=spamhaus.rsc;\r\
\n:log info \"Removed old Spamhaus records and imported new list\";\r\
\n}"
add dont-require-permissions=no name=dshield.org owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script which will download the drop list as a text file & Script which w\
ill Remove old dshield list and add new one\r\
\n/system script add name=\"Download_dshield_Replace_dshield\" source={\r\
\n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
\n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
\n/import file-name=dshield.rsc;\r\
\n:log info \"Removed old dshield records and imported new list\";\r\
\n}"
add dont-require-permissions=no name=malc0de.com owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script which will download the malc0de list as a text file & Script whic\
h will Remove old malc0de list and add new one\r\
\n/system script add name=\"Download_malc0de_Replace_malc0de\" source={\r\
\n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
\n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
\n/import file-name=malc0de.rsc;\r\
\n:log info \"Removed old malc0de records and imported new list\";\r\
\n}"
add dont-require-permissions=no name=DownloadOpenBL_ReplaceOpenBL owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\r\
\n:log info \"Downloaded openbl.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"OpenBL\"];\r\
\n/import file-name=openbl.rsc;\r\
\n:log info \"Removed old OpenBL records and imported new list\";\r\
\n"
add dont-require-permissions=no name=DownloadSpamhaus_ReplaceSpamhaus owner=\
admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\r\
\n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"SpamHaus\"];\r\
\n/import file-name=spamhaus.rsc;\r\
\n:log info \"Removed old Spamhaus records and imported new list\";\r\
\n"
add dont-require-permissions=no name=Download_dshield_Replace_dshield owner=\
admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\r\
\n:log info \"Downloaded dshield.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"DShield\"];\r\
\n/import file-name=dshield.rsc;\r\
\n:log info \"Removed old dshield records and imported new list\";\r\
\n"
add dont-require-permissions=no name=Download_malc0de_Replace_malc0de owner=\
admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n/tool fetch url=\"http://joshaven.com/malc0de.rsc\" mode=http;\r\
\n:log info \"Downloaded malc0de.rsc from Joshaven.com\";\r\
\n:delay 40;\r\
\n/ip firewall address-list remove [find where comment=\"malc0de\"];\r\
\n/import file-name=malc0de.rsc;\r\
\n:log info \"Removed old malc0de records and imported new list\";\r\
\n"
add dont-require-permissions=no name="WoL 1st" owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"toolwol interface=Mike3rd-yellow-master-local mac=34-97-F6-5A-43-7C"
add dont-require-permissions=no name=no-ip_ddns_update owner=admin policy=\
read,write,test source="# No-IP automatic Dynamic DNS update\r\
\n\r\
\n#--------------- Change Values in this section to match your setup -----\
-------------\r\
\n\r\
\n# No-IP User account info\r\
\n:local noipuser \"Mike1st\"\r\
\n:local noippass \"dxubq0cl\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noiphost \"mznas.ddns.net\", \"mz1.ddns.net\", \"mz2.ddns.net\"\r\
\n\r\
\n# Change to the name of interface that gets the dynamic IP address\r\
\n:local inetinterface \"ISP\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
-------------\r\
\n# No more changes need\r\
\n\r\
\n:global previousIP\r\
\n\r\
\n:if ([/interface get \$inetinterface value-name=running]) do={\r\
\n# Get the current IP on the interface\r\
\n :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
\_disabled=no] address]\r\
\n\r\
\n# Strip the net mask off the IP address\r\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
\n :set currentIP [:pick \$currentIP 0 \$i]\r\
\n } \r\
\n }\r\
\n\r\
\n :if (\$currentIP != \$previousIP) do={\r\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previou\
s IP, update needed\"\r\
\n :set previousIP \$currentIP\r\
\n\r\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\r\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
entIP\"\r\
\n :local noiphostarray\r\
\n :set noiphostarray [:toarray \$noiphost]\r\
\n :foreach host in=\$noiphostarray do={\r\
\n :log info \"No-IP: Sending update for \$host\"\r\
\n /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
. \".txt\")\r\
\n :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
rentIP\"\r\
\n }\r\
\n } else={\r\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current I\
P, no update needed\"\r\
\n }\r\
\n} else={\r\
\n :log info \"No-IP: \$inetinterface is not currently running, so there\
fore will not update.\"\r\
\n}\r\
\n\r\
\n\r\
\n3. Create a new scheduler entry to run this script every 5 mins.\r\
\n\r\
\n/system scheduler add comment=\"Update No-IP DDNS\" disabled=no interval\
=5m \\\r\
\nname=no-ip_ddns_update on-event=no-ip_ddns_update policy=read,write,test\
\r\
\n\r\
\n--riverron 03:18, 18 March 2012 (UTC)\r\
\n\r\
\n\r\
\nAlternative script.\r\
\n\r\
\nAlternative script uses DNS Resolve and is based on an documentation htt\
p://wiki.mikrotik.com/wiki/Manual:Scripting-examples and documentation No-\
IP DNS Update API http://www.no-ip.com/integrate/request\r\
\n\r\
\nCan be modified for use with other Dynamic DNS services supported ReST A\
PI.\r\
\n\r\
\n\r\
\n##############Script Settings##################\r\
\n\r\
\n:local NOIPUser \"no-ip.com LOGIN\"\r\
\n:local NOIPPass \"no-ip.com PASSWORD\"\r\
\n:local WANInter \"MikroTik Router WAN Interface Name\"\r\
\n\r\
\n###############################################\r\
\n\r\
\n:local NOIPDomain \"\$NOIPUser.no-ip.org\"\r\
\n:local IpCurrent [/ip address get [find interface=\$WANInter] address];\
\r\
\n:for i from=( [:len \$IpCurrent] - 1) to=0 do={ \r\
\n :if ( [:pick \$IpCurrent \$i] = \"/\") do={ \r\
\n :local NewIP [:pick \$IpCurrent 0 \$i];\r\
\n :if ([:resolve \$NOIPDomain] != \$NewIP) do={\r\
\n /tool fetch mode=http user=\$NOIPUser password=\$NOIPPass url=\"ht\
tp://dynupdate.no-ip.com/nic/update\\3Fhostname=\$NOIPDomain&myip=\$NewIP\
\" keep-result=no\r\
\n :log info \"NO-IP Update: \$NOIPDomain - \$NewIP\"\r\
\n }\r\
\n } \r\
\n}"
/system watchdog
set auto-send-supout=yes send-email-from=router send-email-to=\
mikezimn@gmail.com send-smtp-server=smtp.gmail.com watch-address=8.8.8.8
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add
/tool user-manager database
set db-path=user-manager1