Configurazione allo stato odierno

Script esportato senza filtri (non dovrebbe contenere segreti)

dump.rsc

@@ -0,0 +1,134 @@
+# apr/18/2023 23:55:25 by RouterOS 6.47.2
+# software id = GU1A-JDES
+#
+# model = RB3011UiAS
+# serial number = B88D0BD46C83
+/interface bridge
+add name=bridge-officina
+/interface list
+add name=WAN
+add name=LAN
+/interface wireless security-profiles
+set [ find default=yes ] supplicant-identity=MikroTik
+/ip pool
+add name=dhcp_pool1 ranges=192.168.5.128-192.168.5.254
+add name=dhcp_pool2 ranges=192.168.3.10-192.168.3.200
+/ip dhcp-server
+add address-pool=dhcp_pool1 disabled=no interface=bridge-officina lease-time=\
+    1h name=dhcp1
+add address-pool=dhcp_pool2 interface=ether5 name=dhcp2 relay=192.168.3.1
+/queue tree
+add max-limit=3M name=upload parent=ether1
+add limit-at=20M max-limit=20M name=other_upload packet-mark=other_traffic \
+    parent=upload priority=1
+add limit-at=20M max-limit=40M name=heavy_upload packet-mark=heavy_traffic \
+    parent=upload
+add max-limit=30M name=download parent=bridge-officina
+add limit-at=200M max-limit=200M name=other_download packet-mark=\
+    other_traffic parent=download priority=1
+add limit-at=120M max-limit=200M name=heavy_download packet-mark=\
+    heavy_traffic parent=download
+/user group
+set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
+    sword,web,sniff,sensitive,api,romon,dude,tikapp"
+/interface bridge port
+add interface=ether2
+add interface=ether3
+add interface=ether4
+add interface=ether5
+add bridge=bridge-officina interface=ether6
+add bridge=bridge-officina interface=ether7
+add bridge=bridge-officina interface=ether8
+add bridge=bridge-officina interface=ether9
+add bridge=bridge-officina interface=ether10
+add interface=sfp1
+/interface bridge settings
+set use-ip-firewall=yes
+/ip neighbor discovery-settings
+set discover-interface-list=!dynamic
+/ipv6 settings
+set accept-redirects=no accept-router-advertisements=no
+/interface list member
+add interface=ether1 list=WAN
+add list=LAN
+/ip address
+add address=192.168.7.128/24 interface=ether1 network=192.168.7.0
+add address=192.168.5.20/24 interface=bridge-officina network=192.168.5.0
+/ip dhcp-server network
+add address=192.168.3.0/24 gateway=192.168.3.1
+add address=192.168.5.0/24 dns-server=8.8.8.8,1.1.1.1,8.8.4.4 gateway=\
+    192.168.5.20 netmask=24
+/ip dns
+set servers=208.67.220.220,208.67.222.222,1.1.1.1,8.8.8.8,8.8.4.4
+/ip firewall mangle
+add action=mark-connection chain=forward connection-mark=!heavy \
+    new-connection-mark=generic
+add action=mark-connection chain=forward connection-bytes=20000000-1797783552 \
+    connection-mark=generic connection-rate=1200k-100M new-connection-mark=\
+    heavy passthrough=yes protocol=tcp
+add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
+    heavy_traffic passthrough=no
+add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
+    other_traffic passthrough=no
+/ip firewall nat
+add action=masquerade chain=srcnat out-interface=ether1 src-address=\
+    192.168.5.0/24 to-addresses=192.168.1.128
+add action=dst-nat chain=dstnat dst-port=8010 protocol=tcp to-addresses=\
+    192.168.5.10 to-ports=22
+/ip route
+add distance=1 gateway=192.168.7.1
+/ip service
+set telnet port=30023
+set ftp disabled=yes
+set www port=30080
+set ssh port=30022
+set www-ssl certificate=webfig disabled=no
+set api disabled=yes
+set api-ssl disabled=yes
+/ipv6 address
+add address=2001:470:c844:1::3/127 advertise=no disabled=yes interface=ether1
+add address=2001:470:c844:200::1 interface=bridge-officina
+add address=fd00:6073::3/127 advertise=no disabled=yes interface=ether1
+/ipv6 firewall filter
+add action=accept chain=forward connection-state=established,related
+add action=accept chain=forward src-address=2001:470:c844::/48
+add action=accept chain=forward comment=\
+    "vupiuesse: allows certbot certificates renewals." dst-address=\
+    2001:470:c844:200:40e4:bcff:fed0:2635/128 dst-port=80 protocol=tcp
+add action=reject chain=forward reject-with=icmp-admin-prohibited
+/ipv6 firewall mangle
+add action=mark-connection chain=forward connection-mark=!heavy dst-address=\
+    !2001:470:c844:200::/56 new-connection-mark=generic passthrough=yes
+add action=mark-connection chain=forward connection-bytes=10000000-1797783552 \
+    connection-mark=generic connection-rate=200k-100M new-connection-mark=\
+    heavy passthrough=yes protocol=tcp
+add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
+    heavy_traffic passthrough=no
+add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
+    other_traffic passthrough=no
+add action=mark-connection chain=forward connection-bytes=1000000-0 \
+    connection-mark=generic connection-rate=1200k-100M disabled=yes \
+    new-connection-mark=heavy protocol=tcp
+/ipv6 nd
+set [ find default=yes ] interface=bridge-officina ra-interval=10s-30s
+/ipv6 route
+add distance=1 dst-address=2000::/3 gateway=fe80::20d:b9ff:fe44:e5f1%ether1
+add distance=1 dst-address=2001:470:c844:100::/64 gateway=\
+    2001:470:c844:200::10
+add distance=1 dst-address=2001:470:c844:202::/64 gateway=\
+    2001:470:c844:200::10
+add distance=1 dst-address=2001:470:c844:204::/64 gateway=\
+    2001:470:c844:200:2e0:81ff:fed0:ec03
+/system clock
+set time-zone-name=Europe/Rome
+/system identity
+set name=porceddu
+/system ntp client
+set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.105
+/tool graphing interface
+add interface=ether1 store-on-disk=no
+/tool graphing resource
+add store-on-disk=no
+/tool sniffer
+set file-name=giomba.pcap
+