[exadmin@MegaSakh] > /export compact
# sep/12/2022 09:26:48 by RouterOS 6.49.6
# software id = LPCA-Y131
#
# model = 2011UiAS
# serial number = 8C1A09A55F2A
/interface l2tp-server
add disabled=yes name=L2TP user=peer1
/interface bridge
add arp=proxy-arp name=Local
/interface ethernet
set [ find default-name=ether2 ] name=LAN speed=100Mbps
set [ find default-name=ether1 ] name=WAN speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes default-route-distance=2 disabled=no interface=ether3 name=Rostik password= use-peer-dns=\
yes user=
add add-default-route=yes interface=WAN name=TTK_Internet password= use-peer-dns=yes user=
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=youtube regexp="^.+(yutube).*\$"
/ip ipsec profile
set [ find default=yes ] nat-traversal=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-ctr,aes-192-cbc,aes-128-cbc
/ip pool
add name=dhcp_pool0 ranges=192.168.126.20-192.168.126.250,192.168.126.252-192.168.126.254
add name=vpn_pool ranges=10.0.1.2-10.0.1.15
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=Local lease-time=20h10m name=dhcp1
/ppp profile
add bridge=Local change-tcp-mss=yes local-address=10.0.1.1 name=L2TPIPSEC use-encryption=yes
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=Local interface=LAN
add bridge=Local interface=ether6
add bridge=Local interface=ether7
add bridge=Local interface=ether8
add bridge=Local interface=ether9
add bridge=Local interface=ether10
add interface=sfp1
add bridge=Local interface=dynamic
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set default-profile=L2TPIPSEC enabled=yes ipsec-secret= use-ipsec=yes
/ip address
add address=192.168.126.251/24 interface=LAN network=192.168.126.0
/ip dhcp-server lease
add address=192.168.126.42 client-id=1:18:c0:4d:8:92:7f mac-address=18:C0:4D:08:92:7F server=dhcp1
add address=192.168.126.59 client-id=1:e0:d5:5e:a0:70:41 mac-address=E0:D5:5E:A0:70:41 server=dhcp1
/ip dhcp-server network
add address=192.168.126.0/24 dns-server=192.168.126.2,192.168.126.251 gateway=192.168.126.251
/ip dns
set allow-remote-requests=yes servers=192.168.126.2
/ip dns static
add address=192.168.126.1 name=sakh-1c
/ip firewall address-list
add address=twitter.com list=block
add address=
www.twitter.com list=block
add address=tumblr.com list=block
add address=
www.tumblr.com list=block
add address=soundcloud.com list=block
add address=
www.soundcloud.com list=block
add address=reddit.com list=block
add address=
www.reddit.com list=block
add address=pinterest.com list=block
add address=
www.pinterest.com list=block
add address=pinterest.ru list=block
add address=
www.pinterest.ru list=block
add address=myspace.com list=block
add address=
www.myspace.com list=block
add address=mewe.com list=block
add address=
www.mewe.com list=block
add address=livejournal.com list=block
add address=
www.livejournal.com list=block
add address=linkedin.com list=block
add address=
www.linkedin.com list=block
add address=
www.last.fm list=block
add address=last.fm list=block
add address=instagram.com list=block
add address=
www.instagram.com list=block
add address=foursquare.com list=block
add address=
www.foursquare.com list=block
add address=
www.flickr.com list=block
add address=flickr.com list=block
add address=facebook.com list=block
add address=
www.facebook.com list=block
add address=deviantart.com list=block
add address=
www.deviantart.com list=block
add address=change.org list=block
add address=
www.change.org list=block
add address=my.mail.ru list=block
add address=
www.my.mail.ru list=block
add address=ok.ru disabled=yes list=block
add address=
www.ok.ru disabled=yes list=block
add address=vk.com disabled=yes list=block
add address=
www.vk.com disabled=yes list=block
add address=
www.nextcloud.com list=block
add address=nextcloud.com list=block
add address=disk.yandex.ru list=block
add address=
www.disk.yandex.ru list=block
add address=disk.yandex.com list=block
add address=
www.disk.yandex.com list=block
add address=cloud.mail.ru list=block
add address=
www.cloud.mail.ru list=block
add address=tresorit.com list=block
add address=
www.tresorit.com list=block
add address=syncplicity.com list=block
add address=
www.syncplicity.com list=block
add address=sugarsync.com list=block
add address=
www.sugarsync.com list=block
add address=web.whatsapp.com list=block
add address=
www.web.whatsapp.com list=block
add address=spideroak.com list=block
add address=
www.spideroak.com list=block
add address=owncloud.com list=block
add address=
www.owncloud.com list=block
add address=onedrive.live.com list=block
add address=
www.onedrive.live.com list=block
add address=multcloud.com list=block
add address=
www.multcloud.com list=block
add address=mozy.com list=block
add address=
www.mozy.com list=block
add address=mega.io list=block
add address=
www.mega.io list=block
add address=idrive.com list=block
add address=
www.idrive.com list=block
add address=icloud.com list=block
add address=
www.icloud.com list=block
add address=photos.google.com list=block
add address=
www.photos.google.com list=block
add address=dropbox.com list=block
add address=
www.dropbox.com list=block
add address=crashplan.com list=block
add address=
www.crashplan.com list=block
add address=cloudme.com list=block
add address=
www.cloudme.com list=block
add address=box.com list=block
add address=
www.box.com list=block
add address=amazon.com list=block
add address=
www.amazon.com list=block
add address=4shared.com list=block
add address=
www.4shared.com list=block
add address=
www.youtube.com list=block
add address=rutube.ru list=block
add address=
www.rutube.ru list=block
add address=vimeo.com list=block
add address=
www.vimeo.com list=block
add address=ivi.ru list=block
add address=
www.ivi.ru list=block
add address=drive.google.com list=block
add address=
www.drive.google.com list=block
add address=divan.tv list=block
add address=
www.divan.tv list=block
add address=megogo.net list=block
add address=
www.megogo.net list=block
add address=tvzavr.ru list=block
add address=
www.tvzavr.ru list=block
add address=tvigle.ru list=block
add address=
www.tvigle.ru list=block
add address=premier.one list=block
add address=
www.premier.one list=block
add address=amediateka.ru list=block
add address=
www.amediateka.ru list=block
add address=itunes.apple.com list=block
add address=
www.itunes.apple.com list=block
add address=netflix.com list=block
add address=
www.netflix.com list=block
add address=web.telegram.org list=block
add address=
www.web.telegram.org list=block
add address=
www.tiktok.com list=block
add address=tiktok.com list=block
add address=gmail.com list=block
add address=
www.gmail.com list=block
add address=mail.yandex.ru list=block
add address=mail.ru list=block
add address=
www.mail.ru list=block
add address=outlook.com list=block
add address=mail.yahoo.com list=block
add address=
www.mail.yahoo.com list=block
add address=outlook.live.com list=block
add address=
www.zoho.com list=block
add address=zoho.com list=block
add address=mail.rambler.ru list=block
add address=
www.inbox.com list=block
add address=countermail.com list=block
add address=mailbox.org list=block
add address=posteo.de list=block
add address=kolabnow.com list=block
add address=runbox.com list=block
add address=startmail.com list=block
add address=ctemplar.com list=block
add address=zen.yandex.ru list=block
add address=
www.zen.yandex.ru list=block
add address=vikisews.com list=block
add address=sinsae.com list=block
add address=e.mail.ru list=block
add address=dom.sakh.com list=block
add address=sakhalin.info list=block
add address=auto.sakh.com list=block
add address=rent.sakh.com list=block
add address=market.sakh.com list=block
add address=forum.sakh.com list=block
add address=sakhalin.tv list=block
add address=shoppy.ru list=block
add address=look.sakh.com list=block
add address=rabota.sakh.com list=block
add address=booking.sakh.com list=block
add address=sakh.com list=block
add address=74.125.131.136 list=block
add address=74.125.131.93 list=block
add address=74.125.131.91 list=block
add address=103.224.182.246 list=block
add address=youtube.com list=block
add address=173.194.222.190 list=block
add address=173.194.222.136 list=block
add address=173.194.222.91 list=block
add address=173.194.222.93 list=block
add address=14.205.40.57 list=WhoIs
add address=192.168.126.63 list=WhoIs
add address=185.156.73.125 list=WhoIs
add address=192.168.126.44 list=WhoIs
add address=192.168.1.1 list=WhoIs
add address=192.168.126.59 list=WhoIs
add address=216.131.89.63 list=WhoIs
add address=192.168.126.1 list=WhoIs
add address=216.131.82.248 list=WhoIs
add address=10.90.90.90 list=WhoIs
add address=43.248.77.132 list=WhoIs
add address=176.67.86.251 list=WhoIs
add address=173.245.211.240 list=WhoIs
add address=216.131.77.250 list=WhoIs
add address=10.0.9.25 list=WhoIs
add address=192.200.158.134 list=WhoIs
add address=36.104.136.183 list=WhoIs
add address=112.111.101.39 list=WhoIs
add address=192.168.126.64 list=WhoIs
add address=185.147.213.247 list=WhoIs
add address=192.168.126.61 list=WhoIs
add address=43.131.85.205 list=WhoIs
add address=192.168.126.2 list=WhoIs
add address=152.32.245.239 list=WhoIs
add address=104.218.164.191 list=WhoIs
add address=152.32.153.103 list=WhoIs
add address=163.171.179.72 list=WhoIs
add address=192.168.126.6 list=WhoIs
add address=172.111.36.87 list=WhoIs
add address=152.32.171.91 list=WhoIs
add address=183.131.124.86 list=WhoIs
add address=185.142.236.38 list=WhoIs
add address=152.32.150.102 list=WhoIs
add address=152.32.221.84 list=WhoIs
add address=128.14.225.243 list=WhoIs
add address=192.168.126.65 list=WhoIs
add address=185.100.65.134 list=WhoIs
add address=128.14.224.234 list=WhoIs
add address=125.46.220.19 list=WhoIs
add address=213.226.123.216 list=WhoIs
add address=223.71.167.165 list=WhoIs
add address=192.168.126.67 list=WhoIs
add address=218.7.198.190 list=WhoIs
add address=192.168.126.52 list=WhoIs
add list=WhoIs
add address=192.168.126.49 list=WhoIs
add address=79.124.62.210 list=WhoIs
add address=167.94.138.131 list=WhoIs
add address=192.168.126.4 list=WhoIs
add address=59.22.165.6 list=WhoIs
add address=109.123.117.251 list=WhoIs
add address=192.241.219.163 list=WhoIs
add address=183.108.89.75 list=WhoIs
add address=152.32.217.103 list=WhoIs
add address=159.89.172.124 list=WhoIs
add address=39.171.74.46 list=WhoIs
add address=
www.superjob.ru list=block
add address=superjob.ru list=block
/ip firewall filter
add action=accept chain=input in-interface=Local src-address=192.168.126.0/24
add action=accept chain=input connection-state="" dst-port=1701,500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=drop chain=input comment="\D1\E1\F0\E0\F1\FB\E2\E0\E5\EC \ED\E5\EF\F0\E0\E2\E8\EB\FC\ED\FB\E5" connection-state=\
invalid,untracked connection-type=""
add action=drop chain=forward connection-state=invalid,untracked
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=Rostik
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=tcp src-address=192.168.126.59
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=udp src-address=192.168.126.59
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=tcp src-address=192.168.126.42
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=tcp src-address=192.168.126.49
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=udp src-address=192.168.126.42
add action=accept chain=forward dst-address-list=block in-interface=Local protocol=udp src-address=192.168.126.49
add action=drop chain=forward dst-address-list=block in-interface=Local protocol=tcp
add action=drop chain=forward dst-address-list=block in-interface=Local protocol=udp
add action=accept chain=input connection-state="" disabled=yes port=1701,500,50,4500 protocol=udp
add action=accept chain=input comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F3\F1\F2\E0\ED\EE\E2\EB\E5\ED\ED\FB\E5" connection-state=\
established
add action=accept chain=forward connection-state=established log=yes
add action=accept chain=forward comment="\D0\E0\E7\F0\E5\F8\E0\E5\EC \F1\E2\FF\E7\E0\ED\ED\FB\E5" connection-state=related
add action=accept chain=input connection-state=related log=yes
add action=drop chain=input dst-port=53 in-interface=Rostik protocol=tcp
add action=add-src-to-address-list address-list=ddos-blacklist address-list-timeout=1d chain=input comment=\
"\C7\E0\F9\E8\F2\E0 \EE\F2 DDoS" connection-limit=100,32 disabled=yes in-interface=TTK_Internet protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp src-address-list=ddos-blacklist
add action=jump chain=forward comment="\C7\E0\F9\E8\F2\E0 \EE\F2 SYN" connection-limit=100,32 connection-state=new jump-target=\
SYN-Protect protocol=tcp tcp-flags=syn
add action=jump chain=input connection-state=new disabled=yes in-interface=TTK_Internet jump-target=SYN-Protect protocol=tcp \
tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new connection-type="" limit=200,5:packet protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=none-dynamic chain=input comment=\
"\C7\E0\F9\E8\F2\E0 \EE\F2 \F1\EA\E0\ED \EF\EE\F0\F2\EE\E2" disabled=yes in-interface=TTK_Internet protocol=tcp psd=\
21,3s,3,1
add action=drop chain=input src-address-list="Port Scanners"
add action=drop chain=forward dst-address=192.168.126.1 in-interface=Rostik
add action=drop chain=forward disabled=yes dst-address=192.168.126.1 in-interface=TTK_Internet
add action=drop chain=input comment="\C7\E0\EF\F0\E5\F2 \E2\F1\E5\E3\EE \F7\F2\EE \ED\E5 \F0\E0\E7\F0\E5\F8\E5\ED\EE" disabled=\
yes in-interface=TTK_Internet
add action=drop chain=input connection-state="" in-interface=Rostik
/ip firewall nat
add action=masquerade chain=srcnat
add action=accept chain=dstnat dst-port=8088 in-interface=<l2tp-VladToSakh> protocol=tcp to-addresses=192.168.125.5 to-ports=\
8088
/ip firewall service-port
set ftp disabled=yes
/ip route
add distance=1 dst-address=192.168.124.0/24 gateway=10.0.1.3
add distance=1 dst-address=192.168.125.0/24 gateway=10.0.1.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox address=192.168.126.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set color-scheme=light default-screen=stats touch-screen=disabled
/ppp secret
add local-address=10.0.1.1 name=VladToSakh password= profile=L2TPIPSEC remote-address=10.0.1.2 service=l2tp
add local-address=10.0.1.1 name=HabToSakh password= profile=L2TPIPSEC remote-address=10.0.1.3 service=l2tp
add name=out password= profile=L2TPIPSEC service=l2tp
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Sakhalin
/system identity
set name=MegaSakh
/tool netwatch
add host=192.168.125.5
[exadmin@MegaSakh] >