mirror of
https://github.com/idanoo/router-configs
synced 2025-07-01 22:02:23 +00:00
Add Mikrotik default conf
This commit is contained in:
parent
28b091694f
commit
7c3e480540
1 changed files with 143 additions and 0 deletions
143
mikrotik-dhcp-novlan.conf
Normal file
143
mikrotik-dhcp-novlan.conf
Normal file
|
@ -0,0 +1,143 @@
|
|||
# 2024-09-18 19:38:27 by RouterOS 7.16rc4
|
||||
#
|
||||
# WAN on ether1 - No VLAN
|
||||
# Optional changes:
|
||||
# - Change DHCP IP range (Default 192.168.66.0/24)
|
||||
# - Change WAN interface (Default ether1)
|
||||
# - Confirm WAN interface is not in LAN bridge
|
||||
#
|
||||
# model = RB5009UG+S+
|
||||
/interface list
|
||||
add comment=defconf name=WAN
|
||||
add comment=defconf name=LAN
|
||||
|
||||
/ip pool
|
||||
add name=dhcp ranges=192.168.66.100-192.168.66.0.254
|
||||
|
||||
/ip dhcp-server
|
||||
add address-pool=dhcp interface=bridge name=defconf
|
||||
|
||||
/ip neighbor discovery-settings
|
||||
set discover-interface-list=LAN
|
||||
|
||||
/ipv6 settings
|
||||
set accept-router-advertisements=yes
|
||||
|
||||
/interface list member
|
||||
add comment=WAN interface=ether1 list=WAN
|
||||
add comment=LAN interface=bridge list=LAN
|
||||
|
||||
/ip address
|
||||
add address=192.168.66.1/24 comment=defconf interface=bridge network=192.168.66.0
|
||||
|
||||
/ip dhcp-client
|
||||
add comment=defconf interface=ether1
|
||||
|
||||
/ip dhcp-server network
|
||||
add address=192.168.66.1/24 comment=defconf gateway=192.168.66.1 netmask=24
|
||||
|
||||
/ip dns
|
||||
set allow-remote-requests=yes
|
||||
|
||||
/ip firewall filter
|
||||
add action=accept chain=input comment=\
|
||||
"defconf: accept established,related,untracked" connection-state=\
|
||||
established,related,untracked
|
||||
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
|
||||
invalid
|
||||
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
|
||||
add action=accept chain=input comment=\
|
||||
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
|
||||
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
|
||||
in-interface-list=!LAN
|
||||
|
||||
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
|
||||
ipsec-policy=in,ipsec
|
||||
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
|
||||
ipsec-policy=out,ipsec
|
||||
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
|
||||
connection-state=established,related hw-offload=yes
|
||||
add action=accept chain=forward comment=\
|
||||
"defconf: accept established,related, untracked" connection-state=\
|
||||
established,related,untracked
|
||||
add action=drop chain=forward comment="defconf: drop invalid" \
|
||||
connection-state=invalid
|
||||
add action=drop chain=forward comment=\
|
||||
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
|
||||
connection-state=new in-interface-list=WAN
|
||||
|
||||
/ip firewall nat
|
||||
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
|
||||
out,none out-interface-list=WAN
|
||||
|
||||
/ipv6 address
|
||||
add address=::1 from-pool=pool-ipv6 interface=bridge
|
||||
|
||||
/ipv6 dhcp-client
|
||||
add interface=ether1 pool-name=pool-ipv6 request=prefix use-interface-duid=yes \
|
||||
use-peer-dns=no
|
||||
|
||||
/ipv6 firewall address-list
|
||||
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
|
||||
add address=::1/128 comment="defconf: lo" list=bad_ipv6
|
||||
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
|
||||
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
|
||||
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
|
||||
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
|
||||
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
|
||||
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
|
||||
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
|
||||
|
||||
/ipv6 firewall filter
|
||||
add action=accept chain=input comment=\
|
||||
"defconf: accept established,related,untracked" connection-state=\
|
||||
established,related,untracked
|
||||
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
|
||||
invalid
|
||||
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
|
||||
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
|
||||
33434-33534 protocol=udp
|
||||
add action=accept chain=input comment=\
|
||||
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
|
||||
udp src-address=fe80::/10
|
||||
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
|
||||
protocol=udp
|
||||
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
|
||||
ipsec-ah
|
||||
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
|
||||
ipsec-esp
|
||||
add action=accept chain=input comment=\
|
||||
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
|
||||
add action=drop chain=input comment=\
|
||||
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
|
||||
add action=accept chain=forward comment=\
|
||||
"defconf: accept established,related,untracked" connection-state=\
|
||||
established,related,untracked
|
||||
add action=drop chain=forward comment="defconf: drop invalid" \
|
||||
connection-state=invalid
|
||||
add action=drop chain=forward comment=\
|
||||
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
|
||||
add action=drop chain=forward comment=\
|
||||
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
|
||||
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
|
||||
hop-limit=equal:1 protocol=icmpv6
|
||||
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
|
||||
icmpv6
|
||||
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
|
||||
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
|
||||
500,4500 protocol=udp
|
||||
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
|
||||
ipsec-ah
|
||||
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
|
||||
ipsec-esp
|
||||
add action=accept chain=forward comment=\
|
||||
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
|
||||
add action=drop chain=forward comment=\
|
||||
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
|
||||
|
||||
/ipv6 nd
|
||||
set [ find default=yes ] hop-limit=64 interface=\
|
||||
bridge ra-preference=high
|
||||
|
||||
/system clock
|
||||
set time-zone-name=Pacific/Auckland
|
Loading…
Add table
Add a link
Reference in a new issue