# apr/18/2023 23:55:25 by RouterOS 6.47.2
# software id = GU1A-JDES
#
# model = RB3011UiAS
# serial number = B88D0BD46C83
/interface bridge
add name=bridge-officina
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.5.128-192.168.5.254
add name=dhcp_pool2 ranges=192.168.3.10-192.168.3.200
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-officina lease-time=\
    1h name=dhcp1
add address-pool=dhcp_pool2 interface=ether5 name=dhcp2 relay=192.168.3.1
/queue tree
add max-limit=3M name=upload parent=ether1
add limit-at=20M max-limit=20M name=other_upload packet-mark=other_traffic \
    parent=upload priority=1
add limit-at=20M max-limit=40M name=heavy_upload packet-mark=heavy_traffic \
    parent=upload
add max-limit=30M name=download parent=bridge-officina
add limit-at=200M max-limit=200M name=other_download packet-mark=\
    other_traffic parent=download priority=1
add limit-at=120M max-limit=200M name=heavy_download packet-mark=\
    heavy_traffic parent=download
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add bridge=bridge-officina interface=ether6
add bridge=bridge-officina interface=ether7
add bridge=bridge-officina interface=ether8
add bridge=bridge-officina interface=ether9
add bridge=bridge-officina interface=ether10
add interface=sfp1
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no
/interface list member
add interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.7.128/24 interface=ether1 network=192.168.7.0
add address=192.168.5.20/24 interface=bridge-officina network=192.168.5.0
/ip dhcp-server network
add address=192.168.3.0/24 gateway=192.168.3.1
add address=192.168.5.0/24 dns-server=8.8.8.8,1.1.1.1,8.8.4.4 gateway=\
    192.168.5.20 netmask=24
/ip dns
set servers=208.67.220.220,208.67.222.222,1.1.1.1,8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=forward connection-mark=!heavy \
    new-connection-mark=generic
add action=mark-connection chain=forward connection-bytes=20000000-1797783552 \
    connection-mark=generic connection-rate=1200k-100M new-connection-mark=\
    heavy passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
    heavy_traffic passthrough=no
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
    other_traffic passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
    192.168.5.0/24 to-addresses=192.168.1.128
add action=dst-nat chain=dstnat dst-port=8010 protocol=tcp to-addresses=\
    192.168.5.10 to-ports=22
/ip route
add distance=1 gateway=192.168.7.1
/ip service
set telnet port=30023
set ftp disabled=yes
set www port=30080
set ssh port=30022
set www-ssl certificate=webfig disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ipv6 address
add address=2001:470:c844:1::3/127 advertise=no disabled=yes interface=ether1
add address=2001:470:c844:200::1 interface=bridge-officina
add address=fd00:6073::3/127 advertise=no disabled=yes interface=ether1
/ipv6 firewall filter
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward src-address=2001:470:c844::/48
add action=accept chain=forward comment=\
    "vupiuesse: allows certbot certificates renewals." dst-address=\
    2001:470:c844:200:40e4:bcff:fed0:2635/128 dst-port=80 protocol=tcp
add action=reject chain=forward reject-with=icmp-admin-prohibited
/ipv6 firewall mangle
add action=mark-connection chain=forward connection-mark=!heavy dst-address=\
    !2001:470:c844:200::/56 new-connection-mark=generic passthrough=yes
add action=mark-connection chain=forward connection-bytes=10000000-1797783552 \
    connection-mark=generic connection-rate=200k-100M new-connection-mark=\
    heavy passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=heavy new-packet-mark=\
    heavy_traffic passthrough=no
add action=mark-packet chain=forward connection-mark=generic new-packet-mark=\
    other_traffic passthrough=no
add action=mark-connection chain=forward connection-bytes=1000000-0 \
    connection-mark=generic connection-rate=1200k-100M disabled=yes \
    new-connection-mark=heavy protocol=tcp
/ipv6 nd
set [ find default=yes ] interface=bridge-officina ra-interval=10s-30s
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=fe80::20d:b9ff:fe44:e5f1%ether1
add distance=1 dst-address=2001:470:c844:100::/64 gateway=\
    2001:470:c844:200::10
add distance=1 dst-address=2001:470:c844:202::/64 gateway=\
    2001:470:c844:200::10
add distance=1 dst-address=2001:470:c844:204::/64 gateway=\
    2001:470:c844:200:2e0:81ff:fed0:ec03
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=porceddu
/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.105
/tool graphing interface
add interface=ether1 store-on-disk=no
/tool graphing resource
add store-on-disk=no
/tool sniffer
set file-name=giomba.pcap