y7ZqA75K

· 6 years ago · Feb 05, 2020, 03:24 PM
1#RouterOS AutoConfig
2
3#Interface
4/interface bridge add name=bridge10 protocol-mode=none
5/interface list add name=secure
6/interface list member add interface=bridge10 list=secure
7
8#IPv4
9/ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1
10/ip address add address=10.100.10.1/24 interface=bridge10 network=10.100.10.0
11/ip pool add name=pool10 ranges=10.100.10.10-10.100.10.254
12/ip dhcp-server config set store-leases-disk=never
13/ip dhcp-server network add address=10.100.10.0/24 gateway=10.100.10.1
14/ip dhcp-server add address-pool=pool10 interface=bridge10 lease-time=1d name=dhcp10
15/ip firewall address-list
16add list=ManagementIP address=185.61.84.39 comment=ManagementIP
17/ip firewall nat add action=masquerade chain=srcnat comment="NAT 10" out-interface=ether1 src-address=10.100.10.0/24
18/ip firewall filter
19add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
20add action=drop chain=input comment="DROP Services !secure -> Router (!ManagementIP)" dst-port=21,22,23,80,443,8291,8728,8729 in-interface-list=!secure protocol=tcp src-address-list=!ManagementIP
21add action=drop chain=forward comment="DROP Services !secure -> InfrastructureIP (!ManagementIP)" dst-address-list=InfrastructureIP dst-port=21,22,23,80,443,8291,8728,8729 in-interface-list=!secure protocol=tcp src-address-list=!ManagementIP
22
23#IPv6
24/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=IPv6_WAN pool-prefix-length=48 request=prefix
25/ipv6 nd set [ find default=yes ] advertise-dns=yes managed-address-configuration=yes other-configuration=yes
26/ipv6 firewall address-list
27add address=2a02:78a5:1fe5:10::/64 comment=ManagementIP list=ManagementIP
28/ipv6 firewall filter
29add action=drop chain=input comment="DROP Services !secure -> Router (!ManagementIP)" dst-port=21,22,23,80,443,8291,8728,8729 in-interface-list=!secure protocol=tcp src-address-list=!ManagementIP
30add action=drop chain=forward comment="DROP Services !secure -> InfrastructureIP (!ManagementIP)" dst-address-list=InfrastructureIP dst-port=21,22,23,80,443,8291,8728,8729 in-interface-list=!secure protocol=tcp src-address-list=!ManagementIP
31
32#DNS
33/ip dns set servers=1.1.1.1,8.8.8.8,2606:4700:4700::1111,2001:4860:4860::8888
34
35#Services
36/ip service
37set telnet disabled=yes
38set ftp disabled=yes
39set ssh disabled=yes
40set api disabled=yes
41set api-ssl disabled=yes
42/ip ssh set strong-crypto=yes
43/tool bandwidth-server set enabled=no
44
45#Time
46/system clock set time-zone-autodetect=no time-zone-name=Europe/Prague
47/system ntp client set enabled=yes primary-ntp=217.31.202.100 secondary-ntp=195.113.144.201
48
49#Package
50/system package update set channel=long-term
51
52#RouterBoard
53/system routerboard settings
54set silent-boot=no
55set auto-upgrade=yes
56set protected-routerboot=enabled
57
58#WatchDog
59/system watchdog set automatic-supout=no
60
61#Grafy
62/tool graphing set store-every=24hours
63/tool graphing interface add
64/tool graphing queue add
65/tool graphing resource add
66
67#LOG INFO O DOKONCENI
68:log info ("Nutno nastavit Identitu, MAC bridge, porty do bridge, MAC WinBox+Telnet + discovery, SNMP, WAN iface")
69:log info ("Na WiFi: wpa key update 01:00:00; scan list, nastaveni podle txt")
70:log info ("IPv6 : Nastav sit + adress list, IP infrastruktury v listu")
71:log info ("Dodej script! (Kvuli start-time) ")
72:log info ("Po dokonceni nastaveni /export compact file=identity")
73:log info ("!!!!!NASTAV HESLO!!!!!")