File: /home/posscale/backup/MT_Backups/Cameron_Plat/BACKUP-Grand_Pallis-2022oct06-172040.rsc
# oct/06/2022 17:20:41 by RouterOS 6.49.6
# software id = ANFN-8F5Z
#
# model = CCR2004-1G-12S+2XS
# serial number = F0740E4892F6
/interface bridge
add name="LAN Bridge"
add name=localnetwork
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\
"WAN 1 - NBN VDSL - SFP VDSL CAGE"
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no comment=\
"WAN 2 - NBN "
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no comment=\
"WAN 3 - NBN EE - 1000 Mbps Link"
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no comment="WAN 4"
set [ find default-name=sfp-sfpplus7 ] auto-negotiation=no comment=\
"Comms - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled"
set [ find default-name=sfp-sfpplus8 ] auto-negotiation=no comment=\
"Lvl Office - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled"
set [ find default-name=sfp-sfpplus9 ] auto-negotiation=no comment=\
"Lvl G & 1 - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled"
set [ find default-name=sfp-sfpplus10 ] auto-negotiation=no comment=\
"Lvl 2 - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled"
set [ find default-name=sfp-sfpplus11 ] auto-negotiation=no comment=\
"Lvl 3 - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled"
set [ find default-name=sfp-sfpplus12 ] auto-negotiation=no comment=\
"Lvl 4 - LAN Bridge With VLANS 101-170 , 90-99 and DHCP pooled" \
rx-flow-control=auto tx-flow-control=auto
/interface l2tp-client
add connect-to=3.106.179.83 disabled=no ipsec-secret=!Pss.974082** name=\
Management-VPN password="5Ua22Zi2\$nG8T\$" use-ipsec=yes user=\
Grand-palais-Cameron
/interface vlan
add interface="LAN Bridge" name=vlan-90 vlan-id=90
add interface="LAN Bridge" name=vlan-91 vlan-id=91
add interface="LAN Bridge" name=vlan-95 vlan-id=95
add interface="LAN Bridge" name=vlan-96 vlan-id=96
add interface="LAN Bridge" name=vlan-97 vlan-id=97
add interface="LAN Bridge" name=vlan-98 vlan-id=98
add interface="LAN Bridge" name=vlan-99 vlan-id=99
add interface="LAN Bridge" name=vlan-101 vlan-id=101
add interface="LAN Bridge" name=vlan-102 vlan-id=102
add interface="LAN Bridge" name=vlan-103 vlan-id=103
add interface="LAN Bridge" name=vlan-104 vlan-id=104
add interface="LAN Bridge" name=vlan-105 vlan-id=105
add interface="LAN Bridge" name=vlan-106 vlan-id=106
add interface="LAN Bridge" name=vlan-107 vlan-id=107
add interface="LAN Bridge" name=vlan-108 vlan-id=108
add interface="LAN Bridge" name=vlan-109 vlan-id=109
add interface="LAN Bridge" name=vlan-110 vlan-id=110
add interface="LAN Bridge" name=vlan-111 vlan-id=111
add interface="LAN Bridge" name=vlan-112 vlan-id=112
add interface="LAN Bridge" name=vlan-113 vlan-id=113
add interface="LAN Bridge" name=vlan-114 vlan-id=114
add interface="LAN Bridge" name=vlan-115 vlan-id=115
add interface="LAN Bridge" name=vlan-116 vlan-id=116
add interface="LAN Bridge" name=vlan-117 vlan-id=117
add interface="LAN Bridge" name=vlan-118 vlan-id=118
add interface="LAN Bridge" name=vlan-119 vlan-id=119
add interface="LAN Bridge" name=vlan-120 vlan-id=120
add interface="LAN Bridge" name=vlan-121 vlan-id=121
add interface="LAN Bridge" name=vlan-122 vlan-id=122
add interface="LAN Bridge" name=vlan-123 vlan-id=123
add interface="LAN Bridge" name=vlan-124 vlan-id=124
add interface="LAN Bridge" name=vlan-125 vlan-id=125
add interface="LAN Bridge" name=vlan-126 vlan-id=126
add interface="LAN Bridge" name=vlan-127 vlan-id=127
add interface="LAN Bridge" name=vlan-128 vlan-id=128
add interface="LAN Bridge" name=vlan-129 vlan-id=129
add interface="LAN Bridge" name=vlan-130 vlan-id=130
add interface="LAN Bridge" name=vlan-131 vlan-id=131
add interface="LAN Bridge" name=vlan-132 vlan-id=132
add interface="LAN Bridge" name=vlan-133 vlan-id=133
add interface="LAN Bridge" name=vlan-134 vlan-id=134
add interface="LAN Bridge" name=vlan-135 vlan-id=135
add interface="LAN Bridge" name=vlan-136 vlan-id=136
add interface="LAN Bridge" name=vlan-137 vlan-id=137
add interface="LAN Bridge" name=vlan-138 vlan-id=138
add interface="LAN Bridge" name=vlan-139 vlan-id=139
add interface="LAN Bridge" name=vlan-140 vlan-id=140
add interface="LAN Bridge" name=vlan-141 vlan-id=141
add interface="LAN Bridge" name=vlan-142 vlan-id=142
add interface="LAN Bridge" name=vlan-143 vlan-id=143
add interface="LAN Bridge" name=vlan-144 vlan-id=144
add interface="LAN Bridge" name=vlan-145 vlan-id=145
add interface="LAN Bridge" name=vlan-146 vlan-id=146
add interface="LAN Bridge" name=vlan-147 vlan-id=147
add interface="LAN Bridge" name=vlan-148 vlan-id=148
add interface="LAN Bridge" name=vlan-149 vlan-id=149
add interface="LAN Bridge" name=vlan-150 vlan-id=150
add interface="LAN Bridge" name=vlan-151 vlan-id=151
add interface="LAN Bridge" name=vlan-152 vlan-id=152
add interface="LAN Bridge" name=vlan-153 vlan-id=153
add interface="LAN Bridge" name=vlan-154 vlan-id=154
add interface="LAN Bridge" name=vlan-155 vlan-id=155
add interface="LAN Bridge" name=vlan-156 vlan-id=156
add interface="LAN Bridge" name=vlan-157 vlan-id=157
add interface="LAN Bridge" name=vlan-158 vlan-id=158
add interface="LAN Bridge" name=vlan-159 vlan-id=159
add interface="LAN Bridge" name=vlan-160 vlan-id=160
add interface="LAN Bridge" name=vlan-161 vlan-id=161
add interface="LAN Bridge" name=vlan-162 vlan-id=162
add interface="LAN Bridge" name=vlan-163 vlan-id=163
add interface="LAN Bridge" name=vlan-164 vlan-id=164
add interface="LAN Bridge" name=vlan-165 vlan-id=165
add interface="LAN Bridge" name=vlan-166 vlan-id=166
add interface="LAN Bridge" name=vlan-167 vlan-id=167
add interface="LAN Bridge" name=vlan-168 vlan-id=168
add interface="LAN Bridge" name=vlan-169 vlan-id=169
add interface="LAN Bridge" name=vlan-170 vlan-id=170
/interface list
add name=WAN
add name=LAN
add name=Vlans
add name="Printer access"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.19.100.1-172.19.199.254
add name=Guest-POOL ranges=172.15.1.1-172.15.239.250
add name=VPN-Pool ranges=10.10.10.2-10.10.10.254
add name=Static-Phones ranges=172.19.99.101-172.19.99.170
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface="LAN Bridge" lease-time=\
1h10m name=dhcp-Management
add address-pool=Guest-POOL disabled=no interface=localnetwork lease-time=\
1h10m name="DHCP Guest"
/ppp profile
add bridge="LAN Bridge" dns-server=8.8.8.8,1.1.1.1 local-address=10.10.10.1 \
name=Grand_VPN remote-address=VPN-Pool
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge filter
add action=accept chain=forward comment=\
"Block Office from accessing Switches" dst-address=172.19.239.251/32 \
mac-protocol=ip src-address=172.19.97.0/24
add action=drop chain=forward comment="Block Office from accessing Switches" \
dst-address=172.19.239.0/24 mac-protocol=ip src-address=172.19.97.0/24
add action=drop chain=forward comment=\
"Block Office from accessing Intercomms" dst-address=172.19.99.0/24 \
dst-port=80 ip-protocol=tcp mac-protocol=ip src-address=172.19.97.0/24
add action=drop chain=forward comment=\
"Block Office from accessing Intercomms" dst-address=172.19.99.0/24 \
dst-port=443 ip-protocol=tcp mac-protocol=ip src-address=172.19.97.0/24
add action=drop chain=forward comment=\
"Block Office from accessing Intercomms" dst-address=172.19.99.0/24 \
ip-protocol=icmp mac-protocol=ip src-address=172.19.97.0/24
/interface bridge port
add bridge="LAN Bridge" horizon=1 interface=vlan-96 multicast-router=disabled \
pvid=96
add bridge="LAN Bridge" horizon=1 interface=vlan-98 multicast-router=disabled \
pvid=98
add bridge=localnetwork horizon=1 interface=vlan-101 multicast-router=\
disabled pvid=101
add bridge=localnetwork horizon=1 interface=vlan-102 multicast-router=\
disabled pvid=102
add bridge=localnetwork horizon=1 interface=vlan-103 multicast-router=\
disabled pvid=103
add bridge=localnetwork horizon=1 interface=vlan-104 multicast-router=\
disabled pvid=104
add bridge=localnetwork horizon=1 interface=vlan-105 multicast-router=\
disabled pvid=105
add bridge=localnetwork horizon=1 interface=vlan-106 multicast-router=\
disabled pvid=106
add bridge=localnetwork horizon=1 interface=vlan-107 multicast-router=\
disabled pvid=107
add bridge=localnetwork horizon=1 interface=vlan-108 multicast-router=\
disabled pvid=108
add bridge=localnetwork horizon=1 interface=vlan-109 multicast-router=\
disabled pvid=109
add bridge=localnetwork horizon=1 interface=vlan-110 multicast-router=\
disabled pvid=110
add bridge=localnetwork horizon=1 interface=vlan-111 multicast-router=\
disabled pvid=111
add bridge=localnetwork horizon=1 interface=vlan-112 multicast-router=\
disabled pvid=112
add bridge=localnetwork horizon=1 interface=vlan-113 multicast-router=\
disabled pvid=113
add bridge=localnetwork horizon=1 interface=vlan-114 multicast-router=\
disabled pvid=114
add bridge=localnetwork horizon=1 interface=vlan-115 multicast-router=\
disabled pvid=115
add bridge=localnetwork horizon=1 interface=vlan-116 multicast-router=\
disabled pvid=116
add bridge=localnetwork horizon=1 interface=vlan-117 multicast-router=\
disabled pvid=117
add bridge=localnetwork horizon=1 interface=vlan-118 multicast-router=\
disabled pvid=118
add bridge=localnetwork horizon=1 interface=vlan-119 multicast-router=\
disabled pvid=119
add bridge=localnetwork horizon=1 interface=vlan-120 multicast-router=\
disabled pvid=120
add bridge=localnetwork horizon=1 interface=vlan-121 multicast-router=\
disabled pvid=121
add bridge=localnetwork horizon=1 interface=vlan-122 multicast-router=\
disabled pvid=122
add bridge=localnetwork horizon=1 interface=vlan-123 multicast-router=\
disabled pvid=123
add bridge=localnetwork horizon=1 interface=vlan-124 multicast-router=\
disabled pvid=124
add bridge=localnetwork horizon=1 interface=vlan-125 multicast-router=\
disabled pvid=125
add bridge=localnetwork horizon=1 interface=vlan-126 multicast-router=\
disabled pvid=126
add bridge=localnetwork horizon=1 interface=vlan-127 multicast-router=\
disabled pvid=127
add bridge=localnetwork horizon=1 interface=vlan-128 multicast-router=\
disabled pvid=128
add bridge=localnetwork horizon=1 interface=vlan-129 multicast-router=\
disabled pvid=129
add bridge=localnetwork horizon=1 interface=vlan-130 multicast-router=\
disabled pvid=130
add bridge=localnetwork horizon=1 interface=vlan-131 multicast-router=\
disabled pvid=131
add bridge=localnetwork horizon=1 interface=vlan-132 multicast-router=\
disabled pvid=132
add bridge=localnetwork horizon=1 interface=vlan-133 multicast-router=\
disabled pvid=133
add bridge=localnetwork horizon=1 interface=vlan-134 multicast-router=\
disabled pvid=134
add bridge=localnetwork horizon=1 interface=vlan-135 multicast-router=\
disabled pvid=135
add bridge=localnetwork horizon=1 interface=vlan-136 multicast-router=\
disabled pvid=136
add bridge=localnetwork horizon=1 interface=vlan-137 multicast-router=\
disabled pvid=137
add bridge=localnetwork horizon=1 interface=vlan-138 multicast-router=\
disabled pvid=138
add bridge=localnetwork horizon=1 interface=vlan-139 multicast-router=\
disabled pvid=139
add bridge=localnetwork horizon=1 interface=vlan-140 multicast-router=\
disabled pvid=140
add bridge=localnetwork horizon=1 interface=vlan-141 multicast-router=\
disabled pvid=141
add bridge=localnetwork horizon=1 interface=vlan-142 multicast-router=\
disabled pvid=142
add bridge=localnetwork horizon=1 interface=vlan-143 multicast-router=\
disabled pvid=143
add bridge=localnetwork horizon=1 interface=vlan-144 multicast-router=\
disabled pvid=144
add bridge=localnetwork horizon=1 interface=vlan-145 multicast-router=\
disabled pvid=145
add bridge=localnetwork horizon=1 interface=vlan-146 multicast-router=\
disabled pvid=146
add bridge=localnetwork horizon=1 interface=vlan-147 multicast-router=\
disabled pvid=147
add bridge=localnetwork horizon=1 interface=vlan-148 multicast-router=\
disabled pvid=148
add bridge=localnetwork horizon=1 interface=vlan-149 multicast-router=\
disabled pvid=149
add bridge=localnetwork horizon=1 interface=vlan-150 multicast-router=\
disabled pvid=150
add bridge=localnetwork horizon=1 interface=vlan-151 multicast-router=\
disabled pvid=151
add bridge=localnetwork horizon=1 interface=vlan-152 multicast-router=\
disabled pvid=152
add bridge=localnetwork horizon=1 interface=vlan-153 multicast-router=\
disabled pvid=153
add bridge=localnetwork horizon=1 interface=vlan-154 multicast-router=\
disabled pvid=154
add bridge=localnetwork horizon=1 interface=vlan-155 multicast-router=\
disabled pvid=155
add bridge=localnetwork horizon=1 interface=vlan-156 multicast-router=\
disabled pvid=156
add bridge=localnetwork horizon=1 interface=vlan-157 multicast-router=\
disabled pvid=157
add bridge=localnetwork horizon=1 interface=vlan-158 multicast-router=\
disabled pvid=158
add bridge=localnetwork horizon=1 interface=vlan-159 multicast-router=\
disabled pvid=159
add bridge=localnetwork horizon=1 interface=vlan-160 multicast-router=\
disabled pvid=160
add bridge=localnetwork horizon=1 interface=vlan-161 multicast-router=\
disabled pvid=161
add bridge=localnetwork horizon=1 interface=vlan-162 multicast-router=\
disabled pvid=162
add bridge=localnetwork horizon=1 interface=vlan-163 multicast-router=\
disabled pvid=163
add bridge=localnetwork horizon=1 interface=vlan-164 multicast-router=\
disabled pvid=164
add bridge=localnetwork horizon=1 interface=vlan-165 multicast-router=\
disabled pvid=165
add bridge=localnetwork horizon=1 interface=vlan-166 multicast-router=\
disabled pvid=166
add bridge=localnetwork horizon=1 interface=vlan-167 multicast-router=\
disabled pvid=167
add bridge=localnetwork horizon=1 interface=vlan-168 multicast-router=\
disabled pvid=168
add bridge=localnetwork horizon=1 interface=vlan-169 multicast-router=\
disabled pvid=169
add bridge=localnetwork horizon=1 interface=vlan-170 multicast-router=\
disabled pvid=170
add bridge="LAN Bridge" horizon=1 interface=vlan-95 multicast-router=disabled \
pvid=95
add bridge="LAN Bridge" horizon=1 interface=vlan-90 multicast-router=disabled \
pvid=90
add bridge="LAN Bridge" horizon=1 interface=vlan-91 multicast-router=disabled \
pvid=91
add bridge=localnetwork horizon=1 interface=vlan-97 multicast-router=disabled \
pvid=97
add bridge="LAN Bridge" interface=vlan-99 multicast-router=disabled pvid=99
add bridge="LAN Bridge" interface=ether1 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus12 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus11 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus10 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus9 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus8 multicast-router=disabled
add bridge="LAN Bridge" interface=sfp-sfpplus7 multicast-router=disabled
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=localnetwork disabled=yes vlan-ids=27
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=Grand_VPN enabled=yes \
ipsec-secret=Ba*P*U811wzv use-ipsec=yes
/interface list member
add interface=sfp-sfpplus1 list=WAN
add interface=sfp-sfpplus12 list=LAN
add interface=sfp-sfpplus2 list=WAN
add interface=sfp-sfpplus3 list=WAN
add interface=sfp-sfpplus4 list=WAN
add interface=vlan-90 list=Vlans
add interface=vlan-91 list=Vlans
add interface=vlan-95 list="Printer access"
add interface=vlan-96 list="Printer access"
add interface=vlan-97 list="Printer access"
add interface=vlan-98 list=Vlans
add interface=vlan-99 list="Printer access"
add interface=vlan-101 list=Vlans
add interface=localnetwork list=LAN
add interface=sfp-sfpplus12 list="Printer access"
add interface="LAN Bridge" list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface="LAN Bridge" network=\
192.168.88.0
add address=172.19.239.254/16 comment="Management Device Network" interface=\
"LAN Bridge" network=172.19.0.0
add address=172.15.239.254/16 comment="Guest VLAN Network" interface=\
localnetwork network=172.15.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no disabled=no interface=sfp-sfpplus4 script="{\r\
\n:local interfacename \$\"interface\"\r\
\n:local portid [:pick \$interfacename 11]\r\
\n;local gw \$\"gateway-address\"\r\
\n:local leaseip \$\"lease-address\"\r\
\n:local gw2 \"\$gw%\$interfacename\"\r\
\n:local mark \"wan\$portid-out\"\r\
\n:local rmark \"AUTO_SNAT_By_DHCP-Client_Script_WAN\$portid\"\r\
\n:local Mangleid [/ip firewall mangle find where comment=\"Mark wan\$port\
id con\"]\r\
\n:local count [/ip firewall nat print count-only where comment=\$rmark]\r\
\n\r\
\n/log error \"\$interfacename >>> \$portid >>> \$gw2 >>> \$mark>>>\$rmark\
>>>\$Mangleid>>>COUNT>\$count>>>BOUND>\$bound\"\r\
\n\r\
\n :if (\$bound=1) do={\r\
\n/log warning \" entered Bound= 1 > Count = \$count\"\r\
\n :if (\$count = 0) do={\r\
\n/log warning \" /ip firewall nat add action=src-nat chain=srcnat \
comment=\$rmark out-interface=\$interfacename to-addresses=\$leaseip plac\
e-before=3\"\r\
\n/log warning \" /ip firewall mangle enable \$Mangleid\"\r\
\n/log warning \" /ip route add dst-address=0.0.0.0/0 gateway=\$gw2\
\_routing-mark=\$mark check-gateway=ping comment=\$mark\"\r\
\n/ip firewall nat add action=src-nat chain=srcnat out-interface=\$interfa\
cename to-addresses=\$leaseip place-before=[find comment=\"Insert_Point_Do\
_NOT_Remove\"] comment=\$rmark;\r\
\n/ip firewall mangle enable \$Mangleid\r\
\n/ip route add dst-address=0.0.0.0/0 gateway=\$gw2 routing-mark=\$mark ch\
eck-gateway=ping comment=\$mark\r\
\n# /ip firewall nat move [find comment=\$rmark] destination=3\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip firewall nat find where comment=\$rmark\
]\r\
\n :if ([/ip firewall nat get \$test to-addresses] != \$\"l\
ease-address\") do={\r\
\n /ip firewall nat set \$test to-addresses=\$\"lease-a\
ddress\"\r\
\n }\r\
\n } else={\r\
\n /log error \" Multiple SRC-NST found with ID: \$r\
mark\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n/log warning \" Bound= \$bound > Count = \$count Removing fi\
rewall Rules\"\r\
\n \r\
\n/ip firewall nat remove [find comment=\$rmark]\r\
\n\r\
\n /ip firewall mangle disable \$Mangleid\r\
\n /ip route remove [find comment=\$mark]\r\
\n\r\
\n\t:foreach a in=[/ip firewall connection find connection-mark=\"wan\$por\
tid\"] do={/ip firewall connection remove \$a}\r\
\n/log warning \" \$a Rules Removed OK\"\r\
\n }\r\
\n:local gatewaylist \"\"\r\
\n:for i from=1 to=4 do={\r\
\n:local dhcpIP [/ip dhcp-client get [find interface=\"sfp-sfpplus\$i\"] g\
ateway];\r\
\n /log error \" DATA sfp-sfpplus\$i >\$dhcpIP<\"\r\
\n\r\
\n:if (\$dhcpIP = []) do={} else={\r\
\n:if (\$gatewaylist = \"\") do={:set \$gatewaylist \"\$dhcpIP%sfp-sfpplu\
s\$i\"\r\
\n} else={:set \$gatewaylist \"\$gatewaylist,\$dhcpIP%sfp-sfpplus\$i\"}}}\
\r\
\n/log warning \" NEW Gateway List >\$gatewaylist<\"\r\
\n/log warning [/ip route get [find comment=base-ruel] gateway];\r\
\n/ip route set [find comment=base-ruel] gateway=\$gatewaylist\r\
\n/log warning \"Finished End script\"\r\
\n}" use-peer-dns=no
add add-default-route=no disabled=no interface=sfp-sfpplus3 script="{\r\
\n:local interfacename \$\"interface\"\r\
\n:local portid [:pick \$interfacename 11]\r\
\n;local gw \$\"gateway-address\"\r\
\n:local leaseip \$\"lease-address\"\r\
\n:local gw2 \"\$gw%\$interfacename\"\r\
\n:local mark \"wan\$portid-out\"\r\
\n:local rmark \"AUTO_SNAT_By_DHCP-Client_Script_WAN\$portid\"\r\
\n:local Mangleid [/ip firewall mangle find where comment=\"Mark wan\$port\
id con\"]\r\
\n:local count [/ip firewall nat print count-only where comment=\$rmark]\r\
\n\r\
\n/log error \"\$interfacename >>> \$portid >>> \$gw2 >>> \$mark>>>\$rmark\
>>>\$Mangleid>>>COUNT>\$count>>>BOUND>\$bound\"\r\
\n\r\
\n :if (\$bound=1) do={\r\
\n/log warning \" entered Bound= 1 > Count = \$count\"\r\
\n :if (\$count = 0) do={\r\
\n/log warning \" /ip firewall nat add action=src-nat chain=srcnat \
comment=\$rmark out-interface=\$interfacename to-addresses=\$leaseip plac\
e-before=3\"\r\
\n/log warning \" /ip firewall mangle enable \$Mangleid\"\r\
\n/log warning \" /ip route add dst-address=0.0.0.0/0 gateway=\$gw2\
\_routing-mark=\$mark check-gateway=ping comment=\$mark\"\r\
\n/ip firewall nat add action=src-nat chain=srcnat out-interface=\$interfa\
cename to-addresses=\$leaseip place-before=[find comment=\"Insert_Point_Do\
_NOT_Remove\"] comment=\$rmark;\r\
\n/ip firewall mangle enable \$Mangleid\r\
\n/ip route add dst-address=0.0.0.0/0 gateway=\$gw2 routing-mark=\$mark ch\
eck-gateway=ping comment=\$mark\r\
\n# /ip firewall nat move [find comment=\$rmark] destination=3\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip firewall nat find where comment=\$rmark\
]\r\
\n :if ([/ip firewall nat get \$test to-addresses] != \$\"l\
ease-address\") do={\r\
\n /ip firewall nat set \$test to-addresses=\$\"lease-a\
ddress\"\r\
\n }\r\
\n } else={\r\
\n /log error \" Multiple SRC-NST found with ID: \$r\
mark\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n/log warning \" Bound= \$bound > Count = \$count Removing fi\
rewall Rules\"\r\
\n \r\
\n/ip firewall nat remove [find comment=\$rmark]\r\
\n\r\
\n /ip firewall mangle disable \$Mangleid\r\
\n /ip route remove [find comment=\$mark]\r\
\n\r\
\n\t:foreach a in=[/ip firewall connection find connection-mark=\"wan\$por\
tid\"] do={/ip firewall connection remove \$a}\r\
\n/log warning \" \$a Rules Removed OK\"\r\
\n }\r\
\n:local gatewaylist \"\"\r\
\n:for i from=1 to=4 do={\r\
\n:local dhcpIP [/ip dhcp-client get [find interface=\"sfp-sfpplus\$i\"] g\
ateway];\r\
\n /log error \" DATA sfp-sfpplus\$i >\$dhcpIP<\"\r\
\n\r\
\n:if (\$dhcpIP = []) do={} else={\r\
\n:if (\$gatewaylist = \"\") do={:set \$gatewaylist \"\$dhcpIP%sfp-sfpplu\
s\$i\"\r\
\n} else={:set \$gatewaylist \"\$gatewaylist,\$dhcpIP%sfp-sfpplus\$i\"}}}\
\r\
\n/log warning \" NEW Gateway List >\$gatewaylist<\"\r\
\n/log warning [/ip route get [find comment=base-ruel] gateway];\r\
\n/ip route set [find comment=base-ruel] gateway=\$gatewaylist\r\
\n/log warning \"Finished End script\"\r\
\n}" use-peer-dns=no
add add-default-route=no disabled=no interface=sfp-sfpplus2 script="{\r\
\n:local interfacename \$\"interface\"\r\
\n:local portid [:pick \$interfacename 11]\r\
\n;local gw \$\"gateway-address\"\r\
\n:local leaseip \$\"lease-address\"\r\
\n:local gw2 \"\$gw%\$interfacename\"\r\
\n:local mark \"wan\$portid-out\"\r\
\n:local rmark \"AUTO_SNAT_By_DHCP-Client_Script_WAN\$portid\"\r\
\n:local Mangleid [/ip firewall mangle find where comment=\"Mark wan\$port\
id con\"]\r\
\n:local count [/ip firewall nat print count-only where comment=\$rmark]\r\
\n\r\
\n/log error \"\$interfacename >>> \$portid >>> \$gw2 >>> \$mark>>>\$rmark\
>>>\$Mangleid>>>COUNT>\$count>>>BOUND>\$bound\"\r\
\n\r\
\n :if (\$bound=1) do={\r\
\n/log warning \" entered Bound= 1 > Count = \$count\"\r\
\n :if (\$count = 0) do={\r\
\n/log warning \" /ip firewall nat add action=src-nat chain=srcnat \
comment=\$rmark out-interface=\$interfacename to-addresses=\$leaseip plac\
e-before=3\"\r\
\n/log warning \" /ip firewall mangle enable \$Mangleid\"\r\
\n/log warning \" /ip route add dst-address=0.0.0.0/0 gateway=\$gw2\
\_routing-mark=\$mark check-gateway=ping comment=\$mark\"\r\
\n/ip firewall nat add action=src-nat chain=srcnat out-interface=\$interfa\
cename to-addresses=\$leaseip place-before=[find comment=\"Insert_Point_Do\
_NOT_Remove\"] comment=\$rmark;\r\
\n/ip firewall mangle enable \$Mangleid\r\
\n/ip route add dst-address=0.0.0.0/0 gateway=\$gw2 routing-mark=\$mark ch\
eck-gateway=ping comment=\$mark\r\
\n# /ip firewall nat move [find comment=\$rmark] destination=3\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip firewall nat find where comment=\$rmark\
]\r\
\n :if ([/ip firewall nat get \$test to-addresses] != \$\"l\
ease-address\") do={\r\
\n /ip firewall nat set \$test to-addresses=\$\"lease-a\
ddress\"\r\
\n }\r\
\n } else={\r\
\n /log error \" Multiple SRC-NST found with ID: \$r\
mark\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n/log warning \" Bound= \$bound > Count = \$count Removing fi\
rewall Rules\"\r\
\n \r\
\n/ip firewall nat remove [find comment=\$rmark]\r\
\n\r\
\n /ip firewall mangle disable \$Mangleid\r\
\n /ip route remove [find comment=\$mark]\r\
\n\r\
\n\t:foreach a in=[/ip firewall connection find connection-mark=\"wan\$por\
tid\"] do={/ip firewall connection remove \$a}\r\
\n/log warning \" \$a Rules Removed OK\"\r\
\n }\r\
\n:local gatewaylist \"\"\r\
\n:for i from=1 to=4 do={\r\
\n:local dhcpIP [/ip dhcp-client get [find interface=\"sfp-sfpplus\$i\"] g\
ateway];\r\
\n /log error \" DATA sfp-sfpplus\$i >\$dhcpIP<\"\r\
\n\r\
\n:if (\$dhcpIP = []) do={} else={\r\
\n:if (\$gatewaylist = \"\") do={:set \$gatewaylist \"\$dhcpIP%sfp-sfpplu\
s\$i\"\r\
\n} else={:set \$gatewaylist \"\$gatewaylist,\$dhcpIP%sfp-sfpplus\$i\"}}}\
\r\
\n/log warning \" NEW Gateway List >\$gatewaylist<\"\r\
\n/log warning [/ip route get [find comment=base-ruel] gateway];\r\
\n/ip route set [find comment=base-ruel] gateway=\$gatewaylist\r\
\n/log warning \"Finished End script\"\r\
\n}" use-peer-dns=no
add add-default-route=no disabled=no interface=sfp-sfpplus1 script="{\r\
\n:local interfacename \$\"interface\"\r\
\n:local portid [:pick \$interfacename 11]\r\
\n;local gw \$\"gateway-address\"\r\
\n:local leaseip \$\"lease-address\"\r\
\n:local gw2 \"\$gw%\$interfacename\"\r\
\n:local mark \"wan\$portid-out\"\r\
\n:local rmark \"AUTO_SNAT_By_DHCP-Client_Script_WAN\$portid\"\r\
\n:local Mangleid [/ip firewall mangle find where comment=\"Mark wan\$port\
id con\"]\r\
\n:local count [/ip firewall nat print count-only where comment=\$rmark]\r\
\n\r\
\n/log error \"\$interfacename >>> \$portid >>> \$gw2 >>> \$mark>>>\$rmark\
>>>\$Mangleid>>>COUNT>\$count>>>BOUND>\$bound\"\r\
\n\r\
\n :if (\$bound=1) do={\r\
\n/log warning \" entered Bound= 1 > Count = \$count\"\r\
\n :if (\$count = 0) do={\r\
\n/log warning \" /ip firewall nat add action=src-nat chain=srcnat \
comment=\$rmark out-interface=\$interfacename to-addresses=\$leaseip plac\
e-before=3\"\r\
\n/log warning \" /ip firewall mangle enable \$Mangleid\"\r\
\n/log warning \" /ip route add dst-address=0.0.0.0/0 gateway=\$gw2\
\_routing-mark=\$mark check-gateway=ping comment=\$mark\"\r\
\n/ip firewall nat add action=src-nat chain=srcnat out-interface=\$interfa\
cename to-addresses=\$leaseip place-before=[find comment=\"Insert_Point_Do\
_NOT_Remove\"] comment=\$rmark;\r\
\n/ip firewall mangle enable \$Mangleid\r\
\n/ip route add dst-address=0.0.0.0/0 gateway=\$gw2 routing-mark=\$mark ch\
eck-gateway=ping comment=\$mark\r\
\n# /ip firewall nat move [find comment=\$rmark] destination=3\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip firewall nat find where comment=\$rmark\
]\r\
\n :if ([/ip firewall nat get \$test to-addresses] != \$\"l\
ease-address\") do={\r\
\n /ip firewall nat set \$test to-addresses=\$\"lease-a\
ddress\"\r\
\n }\r\
\n } else={\r\
\n /log error \" Multiple SRC-NST found with ID: \$r\
mark\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n/log warning \" Bound= \$bound > Count = \$count Removing fi\
rewall Rules\"\r\
\n \r\
\n/ip firewall nat remove [find comment=\$rmark]\r\
\n\r\
\n /ip firewall mangle disable \$Mangleid\r\
\n /ip route remove [find comment=\$mark]\r\
\n\r\
\n\t:foreach a in=[/ip firewall connection find connection-mark=\"wan\$por\
tid\"] do={/ip firewall connection remove \$a}\r\
\n/log warning \" \$a Rules Removed OK\"\r\
\n }\r\
\n:local gatewaylist \"\"\r\
\n:for i from=1 to=4 do={\r\
\n:local dhcpIP [/ip dhcp-client get [find interface=\"sfp-sfpplus\$i\"] g\
ateway];\r\
\n /log error \" DATA sfp-sfpplus\$i >\$dhcpIP<\"\r\
\n\r\
\n:if (\$dhcpIP = []) do={} else={\r\
\n:if (\$gatewaylist = \"\") do={:set \$gatewaylist \"\$dhcpIP%sfp-sfpplu\
s\$i\"\r\
\n} else={:set \$gatewaylist \"\$gatewaylist,\$dhcpIP%sfp-sfpplus\$i\"}}}\
\r\
\n/log warning \" NEW Gateway List >\$gatewaylist<\"\r\
\n/log warning [/ip route get [find comment=base-ruel] gateway];\r\
\n/ip route set [find comment=base-ruel] gateway=\$gatewaylist\r\
\n/log warning \"Finished End script\"\r\
\n}" use-peer-dns=no
add interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=172.15.238.77 client-id=1:48:5f:99:ca:ae:de mac-address=\
48:5F:99:CA:AE:DE server="DHCP Guest"
add address=172.15.238.71 client-id=1:80:19:34:3c:3:2a mac-address=\
80:19:34:3C:03:2A server="DHCP Guest"
add address=172.19.239.53 client-id=1:0:17:c8:a0:84:97 mac-address=\
00:17:C8:A0:84:97 server=dhcp-Management
add address=172.19.97.30 client-id=1:84:25:19:60:d3:43 comment=\
"Samsung 4060 Printer" mac-address=84:25:19:60:D3:43 server=\
dhcp-Management
/ip dhcp-server network
add address=172.15.0.0/16 dns-server=8.8.8.8,8.8.4.4 gateway=172.15.239.254
add address=172.19.0.0/16 dns-server=8.8.8.8,8.8.4.4 gateway=172.19.239.254 \
ntp-server=172.19.239.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,202.142.142.142
/ip firewall address-list
add address=61.69.57.74 list=Management
add address=172.19.0.0/16 list=Management
add address=202.52.129.0/24 comment="sip.bitprecision.com MaxoTel network" \
list=SIP
add address=163.172.230.60 comment=sip.bitprecision.com list=SIP
add address=103.5.76.0/24 comment="sip.bitprecision.com MaxoTel network" \
list=SIP
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
add action=accept chain=input dst-port=123 in-interface-list=!WAN protocol=\
udp
add action=accept chain=forward dst-port=123 in-interface-list=!WAN \
log-prefix="TIME PORT: " protocol=udp
add action=accept chain=input connection-state=established,related \
in-interface=sfp-sfpplus3
add action=accept chain=forward comment="Accept Gatey" dst-address=\
172.19.239.254 log-prefix="Internal phones out drop"
add action=accept chain=forward comment="Inbound SIP Allow List" \
in-interface-list=WAN log-prefix="Inbound SIP Allow List" \
src-address-list=SIP
add action=drop chain=forward comment=\
"Block Units/Guests from accessing Inferstucture" dst-address=\
172.19.0.0/16 src-address=172.15.0.0/16
add action=drop chain=forward comment=\
"Block Units/Guests room intercom from accessing internet" disabled=yes \
log=yes log-prefix="Internal phones out drop" out-interface-list=WAN \
src-address=172.19.99.0/24
add action=passthrough chain=forward comment="Counter for WAN1" \
out-interface=sfp-sfpplus1
add action=passthrough chain=forward comment="Counter for WAN2" \
out-interface=sfp-sfpplus2
add action=passthrough chain=forward comment="Counter for WAN3" \
out-interface=sfp-sfpplus3
add action=passthrough chain=forward comment="Counter for WAN4" \
out-interface=sfp-sfpplus4
add action=accept chain=input comment="Allow Winbox" dst-port=8291 protocol=\
tcp src-address-list=Management
add action=accept chain=input comment="Allow Winbox" dst-port=8291 \
in-interface-list=WAN protocol=tcp src-address-list=Management
add action=accept chain=input comment="MANAGEMENT VPN" dst-port=500 \
in-interface-list=WAN protocol=udp
add action=accept chain=input comment="MANAGEMENT VPN" dst-port=1701 \
in-interface-list=WAN protocol=udp
add action=accept chain=input comment="MANAGEMENT VPN" dst-port=4500 \
in-interface-list=WAN protocol=udp
add action=accept chain=input comment="MANAGEMENT VPN" in-interface-list=WAN \
protocol=ipsec-esp
add action=accept chain=input comment="MANAGEMENT VPN" in-interface-list=WAN \
protocol=ipsec-ah
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment="accept ICMP" in-interface-list=LAN \
protocol=igmp
add action=accept chain=input comment="Allow Winbox" dst-port=8291 \
in-interface=Management-VPN protocol=tcp
add action=accept chain=input in-interface="LAN Bridge" src-address=\
172.19.0.0/16
add action=accept chain=input comment="UBNT Cloud Controller" \
in-interface-list=WAN src-address=101.0.91.105
add action=accept chain=input comment="UNMS Cloud Controller" \
in-interface-list=WAN src-address=101.0.91.104
add action=accept chain=forward comment="UNMS Cloud Controller" \
in-interface-list=WAN src-address=101.0.91.104
add action=accept chain=forward comment="UBNT Cloud Controller" \
in-interface-list=WAN src-address=101.0.91.105
add action=accept chain=forward dst-address=172.19.139.53 out-interface-list=\
"Printer access"
add action=accept chain=forward in-interface-list="Printer access" \
src-address=172.19.139.53
add action=accept chain=input comment="accept established,related,untracked" \
connection-state=established,related,untracked
add action=accept chain=forward comment=\
"accept established,related, untracked" connection-state=\
established,related
add action=accept chain=forward comment="accept all LAN Trafic" \
in-interface-list=LAN
add action=accept chain=forward in-interface=localnetwork
add action=accept chain=forward comment="Accept Dest NAT" \
connection-nat-state=dstnat
add action=drop chain=input comment="drop invalid" connection-state=invalid \
in-interface-list=WAN log-prefix="input invalid drop"
add action=drop chain=input comment="drop all not coming from LAN" \
in-interface-list=WAN log-prefix="INput DROP ALL: "
add action=drop chain=forward comment="drop invalid" connection-state=invalid \
in-interface-list=WAN log=yes
add action=drop chain=forward comment="drop invalid" in-interface-list=WAN \
log=yes log-prefix="Drop Alll Forward on WAN"
/ip firewall mangle
add action=accept chain=prerouting disabled=yes in-interface=sfp-sfpplus12 \
protocol=icmp
add action=accept chain=prerouting disabled=yes dst-address=120.88.120.0/22 \
in-interface=all-vlan
add action=accept chain=prerouting disabled=yes dst-address=120.88.120.0/22 \
in-interface=sfp-sfpplus12
add action=accept chain=prerouting disabled=yes dst-address=120.88.120.0/22 \
in-interface=localnetwork
add action=mark-connection chain=prerouting comment="Mark wan1 con" \
connection-mark=no-mark dst-address-type="" in-interface-list=LAN \
new-connection-mark=wan3 passthrough=yes src-address=172.19.98.254
add action=mark-connection chain=prerouting comment="eth 1" connection-mark=\
no-mark in-interface=sfp-sfpplus1 new-connection-mark=wan1 passthrough=\
yes
add action=mark-connection chain=prerouting comment="eth 2" connection-mark=\
no-mark in-interface=sfp-sfpplus2 new-connection-mark=wan2 passthrough=\
yes
add action=mark-connection chain=prerouting comment="eth 3" connection-mark=\
no-mark in-interface=sfp-sfpplus3 new-connection-mark=wan3 passthrough=\
yes
add action=mark-connection chain=prerouting comment="eth 4" connection-mark=\
no-mark in-interface=sfp-sfpplus4 new-connection-mark=wan4 passthrough=\
yes
add action=mark-connection chain=prerouting comment="Mark wan1 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan1 passthrough=yes \
per-connection-classifier=both-addresses:7/0
add action=mark-connection chain=prerouting comment="Mark wan2 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan2 passthrough=yes \
per-connection-classifier=both-addresses:7/1
add action=mark-connection chain=prerouting comment="Mark wan3 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan3 passthrough=yes \
per-connection-classifier=both-addresses:7/2
add action=mark-connection chain=prerouting comment="Mark wan4 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan4 passthrough=yes \
per-connection-classifier=both-addresses:7/3
add action=mark-connection chain=prerouting comment="Mark wan5 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan5 passthrough=yes \
per-connection-classifier=both-addresses:7/4
add action=mark-connection chain=prerouting comment="Mark wan6 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan6 passthrough=yes \
per-connection-classifier=both-addresses:7/5
add action=mark-connection chain=prerouting comment="Mark wan7 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan7 passthrough=yes \
per-connection-classifier=both-addresses:7/6
add action=mark-routing chain=prerouting comment="Mark Rout wan1" \
connection-mark=wan1 in-interface-list=LAN new-routing-mark=wan1-out \
passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan2" \
connection-mark=wan2 disabled=yes in-interface-list=LAN new-routing-mark=\
wan2-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan3" \
connection-mark=wan3 in-interface-list=LAN new-routing-mark=wan3-out \
passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan4" \
connection-mark=wan4 disabled=yes in-interface-list=LAN new-routing-mark=\
wan4-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan5" \
connection-mark=wan5 disabled=yes in-interface-list=LAN new-routing-mark=\
wan5-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan6" \
connection-mark=wan6 disabled=yes in-interface-list=LAN new-routing-mark=\
wan6-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan7" \
connection-mark=wan7 disabled=yes in-interface-list=LAN new-routing-mark=\
wan7-out passthrough=yes
add action=mark-routing chain=output comment="Output rout mark wan 1" \
connection-mark=wan1 disabled=yes new-routing-mark=wan1-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 2" \
connection-mark=wan2 disabled=yes new-routing-mark=wan2-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 3" \
connection-mark=wan3 disabled=yes new-routing-mark=wan3-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 4" \
connection-mark=wan4 disabled=yes new-routing-mark=wan4-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 5" \
connection-mark=wan5 disabled=yes new-routing-mark=wan5-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 6" \
connection-mark=wan6 disabled=yes new-routing-mark=wan6-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 7" \
connection-mark=wan7 disabled=yes new-routing-mark=wan7-out passthrough=\
yes
add action=mark-connection chain=input comment="ABOVE THIS - " \
connection-mark=no-mark disabled=yes in-interface=sfp-sfpplus1 \
new-connection-mark=wan1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark disabled=yes \
in-interface=sfp-sfpplus2 new-connection-mark=wan2 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark disabled=yes \
in-interface=sfp-sfpplus3 new-connection-mark=wan3 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark disabled=yes \
in-interface=sfp-sfpplus4 new-connection-mark=wan4 passthrough=no
add action=mark-routing chain=output connection-mark=wan1 disabled=yes \
new-routing-mark=wan1-out passthrough=no
add action=mark-routing chain=output connection-mark=wan2 disabled=yes \
new-routing-mark=wan2-out passthrough=no
add action=mark-routing chain=output connection-mark=wan3 disabled=yes \
new-routing-mark=wan3-out passthrough=no
add action=mark-routing chain=output connection-mark=wan4 disabled=yes \
new-routing-mark=wan4-out passthrough=no
add action=mark-routing chain=output connection-mark=wan5 disabled=yes \
new-routing-mark=wan5-out passthrough=no
add action=mark-routing chain=output connection-mark=wan6 disabled=yes \
new-routing-mark=wan6-out passthrough=no
add action=mark-routing chain=output connection-mark=wan7 disabled=yes \
new-routing-mark=wan7-out passthrough=no
add action=mark-connection chain=prerouting disabled=yes in-interface=\
sfp-sfpplus4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting disabled=yes in-interface=\
sfp-sfpplus3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting disabled=yes in-interface=\
sfp-sfpplus2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting disabled=yes in-interface=\
sfp-sfpplus1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan1 passthrough=yes per-connection-classifier=both-addresses:7/0
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan2 passthrough=yes per-connection-classifier=both-addresses:7/1
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan3 passthrough=yes per-connection-classifier=both-addresses:7/2
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan4 passthrough=yes per-connection-classifier=both-addresses:7/3
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan5 passthrough=yes per-connection-classifier=both-addresses:7/4
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan6 passthrough=yes per-connection-classifier=both-addresses:7/5
add action=mark-connection chain=prerouting connection-state=new disabled=yes \
dst-address-type=!local in-interface=localnetwork new-connection-mark=\
wan7 passthrough=yes per-connection-classifier=both-addresses:7/6
add action=mark-routing chain=prerouting connection-mark=wan1 disabled=yes \
in-interface=localnetwork new-routing-mark=wan1-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2 disabled=yes \
in-interface=localnetwork new-routing-mark=wan2-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3 disabled=yes \
in-interface=localnetwork new-routing-mark=wan3-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4 disabled=yes \
in-interface=localnetwork new-routing-mark=wan4-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5 disabled=yes \
in-interface=localnetwork new-routing-mark=wan5-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan6 disabled=yes \
in-interface=localnetwork new-routing-mark=wan6-output passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan7 disabled=yes \
in-interface=localnetwork new-routing-mark=wan7-output passthrough=yes
/ip firewall nat
add action=src-nat chain=srcnat disabled=yes dst-address=3.106.179.83 \
to-addresses=159.196.10.79
add action=masquerade chain=srcnat out-interface="LAN Bridge" src-address=\
10.10.10.0/24
add action=src-nat chain=srcnat comment=AUTO_SNAT_By_DHCP-Client_Script_WAN3 \
out-interface=sfp-sfpplus3 to-addresses=159.196.11.95
add action=src-nat chain=srcnat comment=AUTO_SNAT_By_DHCP-Client_Script_WAN1 \
out-interface=sfp-sfpplus1 to-addresses=159.196.10.79
add action=passthrough chain=srcnat comment=Insert_Point_Do_NOT_Remove
add action=masquerade chain=srcnat out-interface=Management-VPN
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
add action=masquerade chain=srcnat out-interface=sfp-sfpplus2
add action=masquerade chain=srcnat out-interface=sfp-sfpplus3
add action=masquerade chain=srcnat out-interface=sfp-sfpplus4
add action=dst-nat chain=dstnat dst-port=5060-5062,10000-20000 \
in-interface-list=WAN protocol=udp src-address-list=SIP to-addresses=\
172.19.239.251
add action=dst-nat chain=dstnat dst-port=5060 in-interface-list=WAN \
log-prefix="Unknowern SIP Server access over 5060" protocol=udp \
to-addresses=172.19.239.251
add action=dst-nat chain=dstnat dst-port=5060-5062,10000-20000 \
in-interface-list=WAN protocol=tcp src-address-list=SIP to-addresses=\
172.19.239.251
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping comment=wan1-out distance=1 gateway=\
159.196.8.1%sfp-sfpplus1 routing-mark=wan1-out
add check-gateway=ping comment=wan3-out distance=1 gateway=\
159.196.8.1%sfp-sfpplus3 routing-mark=wan3-out
add check-gateway=ping comment=base-ruel distance=1 gateway=\
159.196.8.1%sfp-sfpplus3
add comment="base-ruel Failover" distance=2 gateway=159.196.8.1%sfp-sfpplus1
add check-gateway=ping comment=base-ruel distance=2 gateway=\
159.196.8.1%sfp-sfpplus1
add check-gateway=ping distance=1 dst-address=3.106.179.83/32 gateway=\
159.196.8.1%sfp-sfpplus3
add check-gateway=ping distance=2 dst-address=3.106.179.83/32 gateway=\
159.196.8.1%sfp-sfpplus1
add check-gateway=ping distance=3 dst-address=3.106.179.83/32 gateway=\
159.196.8.1%sfp-sfpplus2
add disabled=yes distance=1 dst-address=172.19.139.53/32 gateway=\
172.19.139.254
/ip route vrf
add disabled=yes interfaces=sfp-sfpplus3 route-distinguisher=3.3.3.3:333 \
routing-mark=wan3-out
add disabled=yes interfaces=sfp-sfpplus1 route-distinguisher=1.1.1.1:111 \
routing-mark=wan1-out
add disabled=yes interfaces=sfp-sfpplus2 route-distinguisher=2.2.2.2:222 \
routing-mark=wan2-out
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote
/ppp secret
add comment="\$dgt4437" name=Grand-Palais password="\$dgt4437" profile=\
Grand_VPN
/system clock
set time-zone-name=Australia/Brisbane
/system identity
set name=Grand_Pallis
/system logging
add topics=script,debug
/system ntp client
set enabled=yes mode=broadcast primary-ntp=203.14.0.250 secondary-ntp=\
203.14.0.251
/system ntp server
set enabled=yes
/system scheduler
add disabled=yes interval=1w name=" reboot-3am" on-event=" /system reboot" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/17/2017 start-time=03:00:00
add disabled=yes interval=1w name=Port_Shutdown-10min on-event=":local cycleNu\
mber 3\r\
\n:local downtime 600\r\
\n:local sleepBetween 5\r\
\n:local trying false;\r\
\n\r\
\n\t/interface ethernet \r\
\n\t\t\t:log info \"Starting interface reset procedure >>> \" \r\
\n\r\
\n\t\t\tset sfp-sfpplus12 disabled=yes\r\
\n\t\t\t:delay \$downtime\r\
\n\t\t\tset sfp-sfpplus12 disabled=no\r\
\n\t\t\t" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/19/2021 start-time=03:00:18
add interval=1w name=autobackup on-event=":local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Cameron_Plat\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:delay 10s\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/05/2021 start-time=17:20:40
/system script
add dont-require-permissions=no name="Manual Backup" owner=posscales policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Cameron_Plat\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:delay 10s\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\""
/tool graphing interface
add
/tool graphing resource
add