На всякий случай - полный конфиг (вставляю кодом, файлом почему-то не получается):
Код: Выделить всё
# apr/02/2022 19:24:49 by RouterOS 7.1.5
# software id = LVUE-YMHD
#
# model = RB4011iGS+5HacQ2HnD
# serial number = *********
/caps-man channel
add band=2ghz-b/g/n extension-channel=XX name=CAPSMAN-Channels-SETKO2
add band=5ghz-a/n/ac extension-channel=XXXX name=CAPSMAN-Channels-SETKO5
/interface bridge
add name=Bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=GAME name=Interface-ETH01-LAN
set [ find default-name=ether2 ] arp=proxy-arp comment=NOTER name=Interface-ETH02-LAN
set [ find default-name=ether3 ] arp=proxy-arp comment=AP2 name=Interface-ETH03-LAN
set [ find default-name=ether4 ] arp=proxy-arp disabled=yes name=Interface-ETH04-LAN
set [ find default-name=ether5 ] arp=proxy-arp disabled=yes name=Interface-ETH05-LAN
set [ find default-name=ether6 ] arp=proxy-arp disabled=yes name=Interface-ETH06-LAN
set [ find default-name=ether7 ] arp=proxy-arp disabled=yes name=Interface-ETH07-LAN
set [ find default-name=ether8 ] arp=proxy-arp disabled=yes name=Interface-ETH08-LAN
set [ find default-name=ether9 ] arp=proxy-arp disabled=yes name=Interface-ETH09-LAN
set [ find default-name=ether10 ] arp=proxy-arp disabled=yes name=Interface-ETH10-LAN poe-out=off
set [ find default-name=sfp-sfpplus1 ] mac-address=********* name=Interface-SFP01-WAN
/interface l2tp-server
add disabled=yes name=Interface-L2TP-DACHA user=*********
add name=Interface-L2TP-********* user=*********
add name=Interface-L2TP-********* user=*********
add name=Interface-L2TP-********* user=*********
add name=Interface-L2TP-********* user=*********
/caps-man datapath
add bridge=Bridge-LAN name=CAPSMAN-DP01
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=5m name=CAPSMAN-SETKO passphrase=*********
/caps-man configuration
add channel=CAPSMAN-Channels-SETKO2 channel.band=2ghz-b/g/n .control-channel-width=20mhz .extension-channel=XX country=russia2 datapath=CAPSMAN-DP01 mode=ap name=CAPSMAN-Config-SETKO2 rx-chains=0,1,2,3 security=CAPSMAN-SETKO ssid=SETKO2 tx-chains=0,1,2,3
add channel=CAPSMAN-Channels-SETKO5 channel.band=5ghz-onlyac .control-channel-width=20mhz .extension-channel=XXXX country=russia2 datapath=CAPSMAN-DP01 mode=ap name=CAPSMAN-Config-SETKO5 rx-chains=0,1,2,3 security=CAPSMAN-SETKO ssid=SETKO tx-chains=0,1,2,3
/interface list
add name=InterfaceList-LAN-Wired
add name=InterfaceList-LAN-Wireless
add name=InterfaceList-VPNClients
add name=InterfaceList-WAN
add include="InterfaceList-LAN-Wired,InterfaceList-LAN-Wireless,InterfaceList-VPNClients" name=InterfaceList-LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=SETKO supplicant-identity=MikroTik wpa2-pre-shared-key=*********
/ip dhcp-server option
add code=119 name="DNS suffix search list" value=0x067A6F6469616B000372646E056C6F63616C0004736B6466C00C
/ip ipsec policy group
add name=IPSec-Group-L2TPVPN
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des name=IPSec-Profile-L2TPVPN
/ip ipsec peer
add name=IPSec-Peer-L2TPVPN passive=yes profile=IPSec-Profile-L2TPVPN
/ip ipsec proposal
set [ find default=yes ] disabled=yes enc-algorithms=aes-256-cbc,aes-256-ctr,3des pfs-group=none
add enc-algorithms=aes-256-cbc,aes-256-ctr,3des name=IPSec-Proposal-L2TPVPN pfs-group=none
/ip pool
add name=Pool-IPv4-LAN ranges=192.168.111.101-192.168.111.150
add name=Pool-IPv4-VPN ranges=192.168.112.101-192.168.112.150
/ip dhcp-server
add add-arp=yes address-pool=Pool-IPv4-LAN authoritative=after-2sec-delay interface=Bridge-LAN lease-time=12h name=DHCP-IPv4-LAN
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add bridge=Bridge-LAN change-tcp-mss=yes dns-server=1.1.1.1,8.8.8.8 local-address=192.168.111.254 name=L2TP-Profile-VPN only-one=no remote-address=Pool-IPv4-VPN use-encryption=required
add bridge=Bridge-LAN change-tcp-mss=yes dns-server=1.1.1.1,8.8.8.8 local-address=192.168.111.254 name=L2TP-Profile-VPNDACHA only-one=no remote-address=Pool-IPv4-VPN-Site2Site use-compression=yes use-encryption=yes
add name=OVPN-Profile-Fornex use-encryption=required
/interface pptp-client
add allow=mschap2 connect-to=vpnse01.fornex.org name=Interface-Out-PPTP-Fornex password=********* profile=OVPN-Profile-Fornex user=moxhatbi4@_19743
/interface ovpn-client
add connect-to=vpnse01.fornex.org mac-address=********* max-mtu=1400 name=Interface-Out-OVPN-Fornex password=********* port=443 profile=OVPN-Profile-Fornex protocol=udp use-peer-dns=no user=moxhatbi4@_19743
/routing table
add fib name=route-mark-fornex
add fib name=route-mark-main
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
add disk-file-count=50 disk-file-name=logs/log name=logging target=disk
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp,rest-api"
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=-79..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=-120..-80 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
add disabled=no forbid=yes interface=Interface-Out-PPTP-Fornex
add disabled=no forbid=yes interface=Interface-SFP01-WAN
add disabled=no forbid=yes interface=Interface-Out-OVPN-Fornex
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,g,gn master-configuration=CAPSMAN-Config-SETKO2 name-format=prefix-identity name-prefix=2G
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=CAPSMAN-Config-SETKO5 name-format=prefix-identity name-prefix=5G
/interface bridge port
add bridge=Bridge-LAN ingress-filtering=no interface=InterfaceList-LAN
/ip neighbor discovery-settings
set discover-interface-list=!InterfaceList-WAN
/ip settings
set max-neighbor-entries=8192 rp-filter=strict
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set authentication=mschap2 default-profile=L2TP-Profile-VPNDACHA enabled=yes ipsec-secret=*********
/interface list member
add interface=Interface-ETH01-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH02-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH03-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH04-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH05-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH06-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH07-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH08-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH09-LAN list=InterfaceList-LAN-Wired
add interface=Interface-ETH10-LAN list=InterfaceList-LAN-Wired
add interface=Interface-L2TP-********* list=InterfaceList-VPNClients
add interface=Interface-L2TP-********* list=InterfaceList-VPNClients
add interface=Interface-L2TP-********* list=InterfaceList-VPNClients
add interface=Interface-L2TP-********* list=InterfaceList-VPNClients
add interface=Interface-SFP01-WAN list=InterfaceList-WAN
add interface=Interface-Out-OVPN-Fornex list=InterfaceList-WAN
/interface wireless access-list
add comment="Noter (2GHz/5GHz)" disabled=yes interface=InterfaceList-LAN-Wireless mac-address=********* vlan-mode=no-tag
add comment="MacBook Air \DE\EB\FF" disabled=yes interface=InterfaceList-LAN-Wireless mac-address=********* vlan-mode=no-tag
add comment="LG \D2\E5\EB\E5\E2\E8\E7\EE\F0 \E3\EE\F1\F2\E8\ED\ED\E0\FF (5GHz)" disabled=yes interface=InterfaceList-LAN-Wireless mac-address=********* vlan-mode=no-tag
add comment="LG washer (2GHz)" disabled=yes interface=InterfaceList-LAN-Wireless mac-address=********* vlan-mode=no-tag
/interface wireless cap
set bridge=Bridge-LAN certificate=request discovery-interfaces=Bridge-LAN enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip address
add address=192.168.111.254/24 interface=Bridge-LAN network=192.168.111.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=Interface-SFP01-WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.111.201 client-id=1:68:ec:c5:dd:82:4f comment="Noter (2GHz/5GHz)" mac-address=********* server=DHCP-IPv4-LAN
add address=192.168.111.204 client-id=1:38:f9:d3:67:8a:c5 comment="MacBook Air \DE\EB\FF (Wi-Fi)" mac-address=********* server=DHCP-IPv4-LAN
add address=192.168.111.174 client-id=1:f8:b9:5a:60:44:d5 comment="LG washer (Wi-Fi)" mac-address=********* server=DHCP-IPv4-LAN
add address=192.168.111.198 client-id=1:60:ab:14:ab:71:a comment="LG \D2\E5\EB\E5\E2\E8\E7\EE\F0 \E3\EE\F1\F2\E8\ED\ED\E0\FF (5GHz)" mac-address=********* server=DHCP-IPv4-LAN
/ip dhcp-server network
add address=192.168.111.0/24 comment="Lan Network" dhcp-option="DNS suffix search list" dns-server=192.168.111.254 domain=zodiak gateway=192.168.111.254 netmask=24 ntp-server=192.168.111.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.111.254 name=SHLUZKO-HOME.zodiak
add address=192.168.111.198 name=LGwebOSTV.zodiak ttl=6h
add address=192.168.111.253 name=AP2-HOME.zodiak.zodiak ttl=6h
add address=192.168.111.202 name=NOTER.zodiak ttl=6h
add address=192.168.111.174 name=qca-ioeboard.zodiak ttl=6h
/ip firewall address-list
add address=2ip.ru list=facebook_list
add address=facebook.com disabled=yes list=facebook_list
add address=fbcdn.net disabled=yes list=facebook_list
add address=31.13.24.0/21 disabled=yes list=facebook_list
add address=31.13.64.0/18 disabled=yes list=facebook_list
add address=45.64.40.0/22 disabled=yes list=facebook_list
add address=66.220.144.0/20 disabled=yes list=facebook_list
add address=69.63.176.0/20 disabled=yes list=facebook_list
add address=69.171.224.0/19 disabled=yes list=facebook_list
add address=74.119.76.0/22 disabled=yes list=facebook_list
add address=157.240.0.0/17 disabled=yes list=facebook_list
add address=173.252.64.0/18 disabled=yes list=facebook_list
add address=173.252.88.0/21 disabled=yes list=facebook_list
add address=185.60.216.0/22 disabled=yes list=facebook_list
add address=204.15.20.0/22 disabled=yes list=facebook_list
add address=whatismyipaddress.com list=facebook_list
add address=whatismyip.com list=facebook_list
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Allow fasttrack" connection-state=established,related hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes protocol=udp
add action=accept chain=forward comment="Checking OVPN flow" disabled=yes log=yes log-prefix=.___FW_CHECK out-interface=Interface-Out-OVPN-Fornex
add action=accept chain=input comment="Allow L2TP+IPSec" dst-port=500,1701,4500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=tcp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input comment="Allow L2TP VPN" in-interface-list=InterfaceList-WAN ipsec-policy=in,ipsec src-address=192.168.112.0/24
add action=accept chain=forward dst-address=192.168.111.0/24 in-interface-list=InterfaceList-WAN ipsec-policy=in,ipsec src-address=192.168.112.0/24
add action=accept chain=forward dst-address=192.168.112.0/24 ipsec-policy=out,ipsec out-interface-list=InterfaceList-WAN src-address=192.168.111.0/24
add action=accept chain=input comment="Accept established, related and untracked connections" connection-state=established,related,untracked
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward comment="Drop NAT attack" connection-nat-state=!dstnat connection-state=new in-interface-list=InterfaceList-WAN log=yes log-prefix=NATAttack_Drop
add action=drop chain=input comment="Drop bruteforcers" in-interface-list=InterfaceList-WAN log=yes log-prefix=BlacklistBruteforce_Drop src-address-list=brutefroce_blacklist
add action=drop chain=input comment="Drop portscanners" in-interface-list=InterfaceList-WAN log=yes log-prefix=BlacklistPortScan_Drop src-address-list=portscan_blacklist
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input comment="Blacklist portscanners on wellknown ports" connection-state=new dst-port=21-23,25,80,135-139,443-445,1723,3127-3149,3306,3389,8080,8888 in-interface-list=InterfaceList-WAN protocol=tcp
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input connection-state=new dst-port=80,135-139,443-445,1400-1499,3127-3149,5060,8080,8888 in-interface-list=InterfaceList-WAN protocol=udp
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input comment="Blacklist portscanners" in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_List protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input comment="Blacklist connections with wrong TCP flags" in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_SYN/FIN_scan_List protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_SYN/RST_scan_List protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_FIN/PSH/URG_scan_List protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_NMAP_NULL_scan_List protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=portscan_blacklist address-list-timeout=6h chain=input in-interface-list=InterfaceList-WAN log-prefix=BlacklistPortscan_NMAP_FIN_Stealth_scan_List protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid in-interface-list=InterfaceList-WAN
add action=drop chain=forward connection-state=invalid in-interface-list=InterfaceList-WAN
add action=drop chain=input comment="Drop Incoming DNS connections" dst-port=53 in-interface-list=InterfaceList-WAN protocol=tcp
add action=drop chain=input dst-port=53 in-interface-list=InterfaceList-WAN protocol=udp
add action=add-src-to-address-list address-list=ddos_blacklist address-list-timeout=6h chain=input comment="Blacklist DDoS" connection-limit=100,32 in-interface-list=InterfaceList-WAN protocol=tcp
add action=drop chain=input comment="Drop DDoS" connection-limit=3,32 in-interface-list=InterfaceList-WAN protocol=tcp src-address-list=ddos_blacklist
add action=jump chain=forward comment="Drop DDoS SYN" connection-state=new in-interface-list=InterfaceList-WAN jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=jump chain=input connection-state=new in-interface-list=InterfaceList-WAN jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new in-interface-list=InterfaceList-WAN limit=200,5:packet protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new in-interface-list=InterfaceList-WAN protocol=tcp tcp-flags=syn
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid
add action=drop chain=input comment="Final Rule" in-interface-list=InterfaceList-WAN log-prefix=FinRulDrop
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=InterfaceList-WAN
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark Main - IN" in-interface=Interface-SFP01-WAN log-prefix=___OVPN-MARK-IN new-connection-mark=conn-mark-main passthrough=no
add action=mark-connection chain=prerouting comment="Mark FornexVPN - IN" in-interface=Interface-Out-OVPN-Fornex log-prefix=___OVPN-MARK-IN new-connection-mark=conn-mark-fornex passthrough=no
add action=mark-routing chain=prerouting comment="Mark Main - OUT (conn-mark)" connection-mark=conn-mark-main dst-address-type=!local in-interface-list=InterfaceList-LAN log-prefix=___OVPN-MARK-PRE-R new-routing-mark=route-mark-main passthrough=no
add action=mark-routing chain=prerouting comment="Mark FornexVPN - OUT (conn-mark)" connection-mark=conn-mark-fornex dst-address-type=!local in-interface-list=InterfaceList-LAN log-prefix=___OVPN-MARK-PRE-R new-routing-mark=route-mark-fornex passthrough=no
add action=mark-routing chain=output comment="Mark Main - OUT (conn-mark)" connection-mark=conn-mark-main dst-address-type=!local log-prefix=___OVPN-MARK-OUTP new-routing-mark=route-mark-main passthrough=no
add action=mark-routing chain=output comment="Mark FornexVPN - OUT (conn-mark)" connection-mark=conn-mark-fornex dst-address-type=!local log-prefix=___OVPN-MARK-OUTP new-routing-mark=route-mark-fornex passthrough=no
add action=mark-routing chain=prerouting comment="Mark FornexVPN - OUT (dst-list)" dst-address-list=facebook_list dst-address-type=!local log=yes log-prefix=___OVPN-MARK-DST-LST new-routing-mark=route-mark-fornex passthrough=no
/ip firewall nat
add action=accept chain=srcnat comment="IPSec L2TP VPN" disabled=yes dst-address=192.168.112.0/24 ipsec-policy=out,ipsec out-interface-list=InterfaceList-WAN src-address=192.168.111.0/24
add action=dst-nat chain=dstnat comment="DNS only shluzko" dst-port=53 in-interface=Bridge-LAN protocol=tcp src-address=192.168.0.0/16 to-addresses=192.168.111.254 to-ports=53
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat comment="uTorrent Game" dst-port=7777 in-interface=Interface-SFP01-WAN protocol=tcp to-addresses=192.168.111.200 to-ports=7777
add action=dst-nat chain=dstnat dst-port=7777 in-interface=Interface-SFP01-WAN protocol=udp to-addresses=192.168.111.200 to-ports=7777
/ip firewall service-port
set sip disabled=yes
/ip ipsec identity
add generate-policy=port-override peer=IPSec-Peer-L2TPVPN policy-template-group=IPSec-Group-L2TPVPN remote-id=ignore secret=*********
/ip ipsec policy
set 0 group=IPSec-Group-L2TPVPN proposal=IPSec-Proposal-L2TPVPN
/ip proxy
set parent-proxy=0.0.0.0
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=route-mark-fornex scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=93.81.252.149 pref-src=0.0.0.0 routing-table=route-mark-main scope=30 suppress-hw-offload=no target-scope=10
add comment=2ip.ru disabled=yes distance=1 dst-address=195.201.201.32/32 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=103.4.96.0/22 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=173.252.64.0/19 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=173.252.70.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=173.252.96.0/19 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=175.28.1.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=204.15.20.0/22 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.24.0/21 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.64.0/19 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.69.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.70.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.71.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.72.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.73.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.75.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.76.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.77.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.78.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.79.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=31.13.80.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=66.220.144.0/20 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=66.220.152.0/21 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=66.220.159.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.171.224.0/19 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.171.239.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.171.240.0/20 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.171.255.0/24 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.63.176.0/21 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=69.63.184.0/21 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=Facebook disabled=yes distance=1 dst-address=74.119.76.0/22 gateway=Interface-Out-OVPN-Fornex pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet address=192.168.111.0/24 disabled=yes
set ftp address=192.168.111.0/24 disabled=yes
set www address=192.168.111.0/24 disabled=yes
set ssh address=192.168.111.0/24 disabled=yes
set www-ssl address=192.168.111.0/24 certificate=192.168.111.254 disabled=no
set api address=192.168.111.0/24 disabled=yes
set winbox address=192.168.111.0/24
set api-ssl address=192.168.111.0/24 certificate=192.168.111.254
/ip smb
set allow-guests=no domain=ZODIAK interfaces=Bridge-LAN
/ip smb shares
set [ find default=yes ] disabled=yes
add directory=/ disabled=yes name=root
add directory=/logs name=logs
/ip smb users
add name=********* password=********* read-only=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp interfaces
add interface=Bridge-LAN type=internal
add interface=Interface-SFP01-WAN type=external
add interface=Interface-Out-OVPN-Fornex type=external
add interface=Interface-Out-PPTP-Fornex type=external
/ppp secret
add local-address=192.168.111.254 name=********* password=********* profile=L2TP-Profile-VPN routes="0.0.0.0 192.168.111.254"
add local-address=192.168.111.254 name=********* password=********* profile=L2TP-Profile-VPN routes="0.0.0.0 192.168.111.254"
add local-address=192.168.111.254 name=********* password=********* profile=L2TP-Profile-VPN routes="0.0.0.0 192.168.111.254"
add local-address=192.168.111.254 name=********* password=********* profile=L2TP-Profile-VPN routes="0.0.0.0 192.168.111.254"
/routing rule
add action=lookup-only-in-table disabled=no routing-mark=route-mark-fornex table=route-mark-fornex
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system identity
set name=SHLUZKO-HOME.zodiak
/system logging
add topics=script
add action=logging topics=info,firewall
add prefix=ipsec topics=ipsec,!debug
add prefix=ipsec topics=ipsec,error
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes broadcast-addresses=192.168.111.254 enabled=yes
/system ntp client servers
add address=95.140.150.140
add address=194.190.168.1
/system resource irq rps
set Interface-SFP01-WAN disabled=no
/system scheduler
add interval=1h name="DNS-DHCP sync" on-event="/system script run \"DNS-DHCP sync\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=oct/16/2014 start-time=00:00:00
add interval=30m name="DDNS - Update" on-event="/system script run \"DDNS - Update\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=dec/01/2015 start-time=00:00:00
add interval=1d name="Update - Firmware" on-event="/system script run \"Update - Firmware\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/23/2018 start-time=07:30:00
add comment="SHLUZKO-HOME.zodiak started up at apr/02/2022 16:48:25" name="Notify - Router start" on-event="/system script run \"Notify - Router start\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add comment="Internet offline at mar/30/2022 01:00:18. \r\nInternet online at mar/30/2022 01:05:18" interval=5m name="Notify - Internet status" on-event="/system script run \"Notify - Internet status\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add disabled=yes interval=1m name="Notify - Computer status - Game" on-event="/system script run \"Notify - Computer status - Game\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add comment="Last succeeded login: apr/02/2022 19:23:52" interval=1m name="Notify - Login Succeeded" on-event="/system script run \"Notify - Login Succeeded\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add comment="Last failed login: oct/17 00:48:36" interval=1m name="Notify - Login Failed" on-event="/system script run \"Notify - Login Failed\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add interval=1m30s name="Global Variables" on-event="/system script run \"Global Variables\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
add interval=1d name="Update - Software" on-event="/system script run \"Update - Software\"" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/23/2018 start-time=07:00:00
add interval=1d name="Mail settings autoupdate" on-event="/system script run \"Mail settings autoupdate\"" policy=read,write,policy,test,password,sniff,sensitive start-date=jan/06/2021 start-time=00:00:00
/system script
add dont-require-permissions=no name="DNS-DHCP sync" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local scheduleName \"DNS-DHCP sync\"\r\n\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n /log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\"\r\n} else={\r\n :local dhcpserver \"DHCP-IPv4-LAN\"\r\n :local zone \"zodiak\"\r\n \r\n # Set the TTL to the scheduler frequency for this script.\r\n :local ttl \"06:00:00\"\r\n \r\n # Clear old static DNS entries matching the zone and TTL.\r\n /ip dns static\r\n :foreach dnsrecord in=[find where name ~ (\".*\\\\.\".\$zone) ] do={\r\n :local fqdn [ get \$dnsrecord name ]\r\n :local hostname [ :pick \$fqdn 0 ( [ :len \$fqdn ] - ( [ :len \$zone ] + 1 ) ) ]\r\n :local recordttl [get \$dnsrecord ttl]\r\n :if ( \$recordttl != \$ttl ) do={\r\n # /log debug \"[\$scheduleName]: Ignoring DNS record \$fqdn with TTL \$recordttl\"\r\n } else={\r\n /ip dhcp-server lease\r\n :local dhcplease [ find where host-name=\$hostname and server=\"\$dhcpserver\"]\r\n :if ( [ :len \$dhcplease ] > 0) do={\r\n # /log debug \"[\$scheduleName]: DHCP lease exists for \$hostname in \$dhcpserver, keeping DNS record \$fqdn\"\r\n } else={\r\n # /log info \"[\$scheduleName]: DHCP lease expired for \$hostname, deleting DNS record \$fqdn\"\r\n /ip dns static remove \$dnsrecord\r\n }\r\n }\r\n }\r\n \r\n # Create or update static DNS entries from DHCP server leases.\r\n /ip dhcp-server lease\r\n :foreach dhcplease in=[find where server ~ (\"\$dhcpserver\")] do={\r\n :local hostname [ get \$dhcplease host-name ]\r\n :local dhcphoststatus [ get \$dhcplease status ]\r\n :if ( \$dhcphoststatus = \"bound\" ) do={\r\n :if ( [ :len \$hostname ] > 0) do={\r\n :local dhcpip [ get \$dhcplease address ]\r\n :local fqdn ( \$hostname . \".\" . \$zone )\r\n /ip dns static\r\n :local dnsrecord [ find where name=\$fqdn ]\r\n :if ( [ :len \$dnsrecord ] > 0 ) do={\r\n :local dnsip [ get \$dnsrecord address ]\r\n :if ( \$dnsip = \$dhcpip ) do={\r\n # /log debug \"[\$scheduleName]: DNS record for \$fqdn to \$dhcpip is up to date\"\r\n } else={\r\n # /log info \"[\$scheduleName]: Updating DNS record for \$fqdn to \$dhcpip\"\r\n /ip dns static remove \$dnsrecord\r\n /ip dns static add name=\$fqdn address=\$dhcpip ttl=\$ttl\r\n }\r\n } else={\r\n # /log info \"[\$scheduleName]: Creating DNS record for \$fqdn to \$dhcpip\"\r\n /ip dns static add name=\$fqdn address=\$dhcpip ttl=\$ttl\r\n }\r\n }\r\n }\r\n }\r\n}\r\n"
add dont-require-permissions=no name="DDNS - Update" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local scheduleName \"DDNS - Update\"\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n /log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\"\r\n} else={\r\n :global CurrentIP\r\n \r\n :local tmpIP [/ip address get [find interface~\"WAN\"] address];\r\n :local myIP [:pick \$tmpIP 0 [:find \$tmpIP \"/\"]];\r\n \r\n :if (\$myIP != \$CurrentIP) do={\r\n /log info \"[\$scheduleName]: WAN IP address changed from [\$CurrentIP] to [\$myIP]\"\r\n :set CurrentIP \$myIP\r\n \r\n :local ResolvedName [/ip cloud get dns-name]\r\n :local ResolvedIP [:resolve \"\$ResolvedName\"]\r\n \r\n /tool fetch mode=http url=\"http://myip.dnsomatic.com/mypublicip.txt\"\r\n :delay 2;\r\n :local DynamicIP [/file get mypublicip.txt contents ]\r\n /file remove \"mypublicip.txt\"\r\n \r\n :if (\$DynamicIP != \$ResolvedIP) do={\r\n /log info \"[\$scheduleName]: Update needed (Dynamic IP: [\$DynamicIP] Resolved IP: [\$ResolvedIP])\"\r\n /ip cloud force-update\r\n } else={\r\n #/log info \"[\$scheduleName]: Update not needed (Dynamic IP: [\$DynamicIP] Resolved IP: [\$ResolvedIP])\"\r\n }\r\n } else={\r\n #/log info \"[\$scheduleName]: WAN IP address did not changed\"\r\n }\r\n}\r\n"
add dont-require-permissions=no name="Notify - Router start" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local CurDateTime ([/system clock get date].\" \".[/system clock get time]);\r\n:delay 1m;\r\n\r\n:local scheduleName \"Notify - Router start\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local lCheckAddress \"8.8.8.8\";\r\n :if ([/ping \$lCheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n :local lRouterName [/system identity get name];\r\n :local lEMail \"moxhatbi4@gmail.com\";\r\n :local Output \"\$lRouterName started up at \$CurDateTime\";\r\n /tool e-mail send to=\"\$lEMail\" subject=\"MikroTik (\$lRouterName): \$scheduleName\" body=\"\$Output\";\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\$Output;\r\n};\r\n"
add dont-require-permissions=no name="Notify - Internet status" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Notify - Internet status\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local sysuptime [/system resource get uptime];\r\n :if (\$sysuptime > 1m) do={\r\n :global email;\r\n :global RouterName;\r\n :global CheckAddress;\r\n \r\n :local PingCount 4;\r\n \r\n :local SchedComment [/system scheduler get [find name=\"\$scheduleName\"] comment];\r\n :local SchedCommentSubStr [find \$SchedComment \"online\" -1];\r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr > 0) do={\r\n :if ([/ping \$CheckAddress count=\$PingCount] = 0) do={\r\n :local FailDate [/system clock get date];\r\n :local FailTime [/system clock get time];\r\n :local FailMessage \"Internet offline at \$FailDate \$FailTime\";\r\n \r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr >\_0) do={\r\n :log error \"[\$scheduleName]: \$FailMessage\";\r\n /system scheduler set [find name=\"\$scheduleName\"]\_comment=\"\$FailMessage\";\r\n };\r\n };\r\n } else={\r\n :if ([/ping \$CheckAddress count=\$PingCount] > (\$PingCount\_- 1)) do={\r\n :local RestDate [/system clock get date];\r\n :local RestTime [/system clock get time];\r\n :local RestMessage \"Internet online at \$RestDate \$RestTime\";\r\n \r\n :log warning \"[\$scheduleName]: \$RestMessage\";\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\"\$SchedComment. \\r\\n\$RestMessage\";\r\n /tool e-mail send to=\$email subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$SchedComment\\r\\n\$RestMessage\";\r\n };\r\n };\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Update - Software" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Update - Software\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local currentOSver [/system package update get installed-version];\r\n \r\n :global updChannel;\r\n /system package update set channel=\$updChannel;\r\n \r\n /system package update check-for-updates;\r\n :local CheckUpdateStatus [/system package update get status];\r\n :if (\$CheckUpdateStatus = \"New version is available\") do={\r\n :local latestOSver [/system package update get latest-version];\r\n \r\n :global RouterName;\r\n :local upgradeOSmsg \"Upgrading software on router \$RouterName from \$currentOSver to \$latestOSver (channel:\$[/system package update get channel])\";\r\n :log info \"[\$scheduleName]: \$upgradeOSmsg\";\r\n \r\n :global CheckAddress;\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n :global email;\r\n /tool e-mail send to=\"\$email\" subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$upgradeOSmsg\";\r\n \r\n /system package update install;\r\n } else={\r\n :log info \"[\$scheduleName]: No updates found\";\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Update - Firmware" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Update - Firmware\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local currentFWver [/system routerboard get current-firmware];\r\n :local latestFWver [/system routerboard get upgrade-firmware];\r\n :if (\$currentFWver != \$latestFWver) do={\r\n :local upgradeFWmsg \"Upgrading firmware on router \$RouterName from \$currentFWver to \$latestFWver\";\r\n :log info \"[\$scheduleName]: \$upgradeFWmsg\";\r\n \r\n :global CheckAddress;\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n :global email;\r\n :global RouterName;\r\n /tool e-mail send to=\"\$email\" subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$upgradeFWmsg\";\r\n \r\n /system routerboard upgrade;\r\n /system reboot;\r\n } else={\r\n :log info \"[\$scheduleName]: No updates found\";\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Notify - Computer status - Game" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Notify - Computer status - Game\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local sysuptime [/system resource get uptime];\r\n :if (\$sysuptime > 1m) do={\r\n :global email;\r\n :global RouterName;\r\n :global CheckAddress;\r\n \r\n :local PingCount 4;\r\n :local GameName \"Game\";\r\n :local DNSZone \"zodiak\";\r\n :local GameAddr [resolve (\$GameName.\".\".\$DNSZone)];\r\n \r\n :local SchedComment [/system scheduler get [find name=\"\$scheduleName\"] comment];\r\n :local SchedCommentSubStr [find \$SchedComment \"online\" -1];\r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr > 0) do={\r\n :if ([/ping \$GameAddr count=\$PingCount] = 0) do={\r\n :local FailDate [/system clock get date];\r\n :local FailTime [/system clock get time];\r\n :local FailMessage \"\$GameName (\$GameAddr) went offline at \$FailDate \$FailTime\";\r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr >\_0) do={\r\n /system scheduler set [find name=\"\$scheduleName\"]\_comment=\"\$FailMessage\"\r\n :log error \"[\$scheduleName]: \$FailMessage\";\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n /tool e-mail send to=\$email subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$FailMessage\"\r\n };\r\n };\r\n } else={\r\n :if ([/ping \$GameAddr count=\$PingCount] > (\$PingCount - 1)) do={\r\n :local RestDate [/system clock get date];\r\n :local RestTime [/system clock get time];\r\n :local RestMessage \"\$GameName (\$GameAddr) went online\_at \$RestDate \$RestTime\";\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\"\$SchedComment. \\r\\n\$RestMessage\"\r\n :log warning \"[\$scheduleName]: \$RestMessage\";\r\n ;\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n /tool e-mail send to=\$email subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$SchedComment\\r\\n\$RestMessage\"\r\n };\r\n };\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Global Variables" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global email \"moxhatbi4@gmail.com\"\r\n:global RouterName [/system identity get name]\r\n:global CheckAddress \"8.8.8.8\"\r\n:global updChannel \"stable\"\r\n"
add dont-require-permissions=no name="Notify - Login Succeeded" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Notify - Login Succeeded\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local lastTime [/system scheduler get [find name=\"\$scheduleName\"] comment];\r\n :local startBuf [:toarray [/log find message~\"logged in\"]];\r\n \r\n :local message;\r\n :local output;\r\n :local currentTime;\r\n :foreach i in=\$startBuf do={\r\n :set currentTime [/log get \$i time];\r\n :if ([:len \$currentTime] = 8 ) do={\r\n :set currentTime ([/system clock get date].\" \".\$currentTime);\r\n };\r\n \r\n :set message [/log get \$i message];\r\n :set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\");\r\n \r\n :set currentTime (\"Last succeeded login: \".\$currentTime);\r\n :if (\$currentTime = \$lastTime) do={\r\n :set output \"\";\r\n };\r\n };\r\n if ([:len \$output] > 0) do={\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\$currentTime;\r\n :log warning \"[\$scheduleName] New login logs found, send email\";\r\n :global CheckAddress;\r\n :if ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s; ;\r\n };\r\n :global email;\r\n :global RouterName;\r\n /tool e-mail send to=\"\$email\" subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$output\";\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Notify - Login Failed" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Notify - Login Failed\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local lastTime [/system scheduler get [find name=\"\$scheduleName\"] comment];\r\n :local startBuf [:toarray [/log find message~\"login failure\"]];\r\n \r\n :local message;\r\n :local output;\r\n :local currentTime;\r\n :foreach i in=\$startBuf do={\r\n :set currentTime [/log get \$i time];\r\n :if ([:len \$currentTime] = 8 ) do={\r\n :set currentTime ([/system clock get date].\" \".\$currentTime);\r\n };\r\n :set message [/log get \$i message];\r\n :set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\");\r\n \r\n :set currentTime (\"Last failed login: \".\$currentTime);\r\n :if (\$currentTime = \$lastTime) do={\r\n :set output \"\";\r\n };\r\n };\r\n if ([:len \$output] > 0) do={\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\$currentTime;\r\n :log error \"[\$scheduleName]: New login logs found, send email\";\r\n :global CheckAddress;\r\n :if ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s; ;\r\n };\r\n :global email;\r\n :global RouterName;\r\n /tool e-mail send to=\"\$email\" subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$output\";\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Notify - Computer status - Server" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Notify - Computer status - Server\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local sysuptime [/system resource get uptime];\r\n :if (\$sysuptime > 1m) do={\r\n :global email;\r\n :global RouterName;\r\n :global CheckAddress;\r\n \r\n :local PingCount 4;\r\n :local ServerName \"Server\";\r\n :local DNSZone \"zodiak\";\r\n :local ServerAddr [resolve (\$ServerName.\".\".\$DNSZone)];\r\n \r\n :local SchedComment [/system scheduler get [find name=\"\$scheduleName\"] comment];\r\n :local SchedCommentSubStr [find \$SchedComment \"online\" -1];\r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr > 0) do={\r\n :if ([/ping \$ServerAddr count=\$PingCount] = 0) do={\r\n :local FailDate [/system clock get date];\r\n :local FailTime [/system clock get time];\r\n :local FailMessage \"\$ServerName (\$ServerAddr) went offline at \$FailDate \$FailTime\";\r\n :if ([:len \$SchedComment] = 0 || \$SchedCommentSubStr >\_0) do={\r\n /system scheduler set [find name=\"\$scheduleName\"]\_comment=\"\$FailMessage\"\r\n :log error \"[\$scheduleName]: \$FailMessage\";\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n /tool e-mail send to=\$email subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$FailMessage\"\r\n };\r\n };\r\n } else={\r\n :if ([/ping \$ServerAddr count=\$PingCount] > (\$PingCount -\_1)) do={\r\n :local RestDate [/system clock get date];\r\n :local RestTime [/system clock get time];\r\n :local RestMessage \"\$ServerName (\$ServerAddr) went online at \$RestDate \$RestTime\";\r\n /system scheduler set [find name=\"\$scheduleName\"] comment=\"\$SchedComment. \\r\\n\$RestMessage\"\r\n :log warning \"[\$scheduleName]: \$RestMessage\";\r\n ;\r\n :while ([/ping \$CheckAddress count=5] = 0) do={\r\n :delay 10s;\r\n };\r\n /tool e-mail send to=\$email subject=\"MikroTik (\$RouterName): \$scheduleName\" body=\"\$SchedComment\\r\\n\$RestMessage\"\r\n };\r\n };\r\n };\r\n};\r\n"
add dont-require-permissions=no name="Mail settings autoupdate" owner=********* policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local scheduleName \"Mail settings autoupdate\";\r\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\n :log error \"[\$scheduleName]: Schedule '\$scheduleName' does not exist. Create schedule and edit script to match name\";\r\n} else={\r\n :local mailserverip [:resolve smtp.mail.ru];\r\n /tool e-mail set address=\$mailserverip;\r\n :log info \"[E-Mail settings]: E-Mail server set to \$mailserverip\";\r\n};"
/tool bandwidth-server
set authenticate=no enabled=no
/tool e-mail
set address=94.100.180.160 from=********* password=********* port=465 tls=yes user=*********
/tool graphing interface
add interface=Interface-SFP01-WAN
/tool graphing resource
add