File: /home/posscale/backup/MT_Backups/Bygreen/BACKUP-Austraw--15202-0-204723.rsc
# 2025-05-15 20:47:23 by RouterOS 7.15.3
# software id = A9RJ-VGXE
#
# model = RB960PGS
# serial number = 7D4F075D99AB
/interface bridge
add disabled=yes fast-forward=no name=LAN-Bridge port-cost-mode=short
add disabled=yes name="VPN EOIP LINK" port-cost-mode=short
/interface ethernet
set [ find default-name=ether3 ] name=P3-WAN3-netmode poe-out=off
set [ find default-name=ether1 ] name="ether1 - Server"
set [ find default-name=ether2 ] name="ether2 - PBX"
set [ find default-name=ether4 ] disabled=yes poe-out=off
set [ find default-name=ether5 ] comment="4G Failover - WAP Mikrotik"
/interface l2tp-client
add connect-to=3.106.179.83 disabled=no name=Management use-ipsec=yes user=\
Bygreen
/interface eoip
add disabled=yes mac-address=02:86:B6:AB:57:F0 name=eoip-tunnel-posscales \
remote-address=10.10.10.210 tunnel-id=0
/interface wireguard
add listen-port=444 mtu=1420 name=wireguard1
/interface vlan
add interface="ether1 - Server" name="Guest-WiFi network" vlan-id=100
add interface=P3-WAN3-netmode name=Netmode-Vlan vlan-id=66
/interface list
add name=WAN
add name=L2TP-Connections
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=192.168.0.25-192.168.0.50
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool2 ranges=192.168.100.2-192.168.100.254
add name=VPN-Pool ranges=10.10.10.10-10.10.10.210
/ip smb users
set [ find default=yes ] disabled=yes
/ppp profile
add dns-server=8.8.8.8 interface-list=L2TP-Connections local-address=\
10.10.10.1 name="Bygreen VPN" remote-address=VPN-Pool use-encryption=\
required
/queue simple
add burst-limit=768k/0 burst-threshold=512k/0 burst-time=2s/0s disabled=yes \
dst=ether4 limit-at=256k/0 max-limit=384k/0 name=opendrive packet-marks=\
OpenDrive target=192.168.0.2/32
add disabled=yes dst=172.217.167.110/32 max-limit=256k/1M name=mac target=\
192.168.0.68/32
add disabled=yes name=Austraw target=""
/queue type
add kind=pcq name=Voip_Downstream pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=Voip_Upstream pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
/queue tree
add disabled=yes max-limit=2M name=Upload parent=ether4 priority=1 queue=\
default
add disabled=yes limit-at=500k max-limit=500k name=opendrive parent=Upload \
queue=default
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=TO_WAN1
add fib name=TO_WAN2
/system logging action
add memory-lines=10 name=UPS target=memory
add disk-file-count=1 disk-file-name=flash/ScriptsLog disk-lines-per-file=100 \
name=Scripts target=disk
/interface bridge port
add bridge=LAN-Bridge disabled=yes ingress-filtering=no interface=\
"ether1 - Server" internal-path-cost=10 path-cost=10
add bridge="VPN EOIP LINK" ingress-filtering=no interface=\
eoip-tunnel-posscales internal-path-cost=10 path-cost=10
add bridge="VPN EOIP LINK" ingress-filtering=no interface="ether1 - Server" \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile="Bygreen VPN" enabled=yes \
use-ipsec=yes
/interface list member
add interface=P3-WAN3-netmode list=WAN
add interface=Netmode-Vlan list=WAN
add interface="ether1 - Server" list=LAN
add interface="ether2 - PBX" list=LAN
add interface=ether5 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=wireguard1 name=Mick public-key=\
"ZT9gaSrR5BCrDUfpR/tyDvGn95iLAFCuJwOpoBBCrx8="
add allowed-address=0.0.0.0/0 interface=wireguard1 name=mick2 public-key=\
"8FFnRzmXEugG9wCiz01aHmkrOIgXOHAJ1xsbHKKpK2s="
/ip address
add address=192.168.0.1/24 interface="ether1 - Server" network=192.168.0.0
add address=192.168.5.1/24 interface="ether2 - PBX" network=192.168.5.0
add address=103.98.87.3/27 interface=Netmode-Vlan network=103.98.87.0
add address=192.168.100.1/24 interface="Guest-WiFi network" network=\
192.168.100.0
add address=192.168.50.5/24 interface=ether5 network=192.168.50.0
add address=10.10.10.1/24 interface=wireguard1 network=10.10.10.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=10 interface=ether5
add add-default-route=no interface=ether4
add add-default-route=no interface=P3-WAN3-netmode
/ip dhcp-server
add address-pool=dhcp_pool2 interface="Guest-WiFi network" name=dhcp1
/ip dhcp-server network
add address=192.168.100.0/24 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=3.105.22.41 name=unifi
/ip firewall address-list
add address=208.73.211.69 list=sip
add address=203.161.160.69 list=sip
add address=203.161.160.70 list=sip
add address=203.161.166.71 list=sip
add address=203.161.160.0/20 list=sip
add address=202.61.12.230 list=sip
add address=202.61.13.102 list=sip
add address=115.30.57.97 list=sip
add address=115.30.36.66 list=sip
add address=14.202.254.86 list=sip
add address=203.161.164.69 list=sip
add address=61.69.57.74 list=sip
add address=192.168.0.0/24 list=sip
add address=35.189.35.225 comment="RTP Voip IT UP" list=sip
add address=101.187.142.60 comment="Mick Home telstra NBN Connection" list=\
RDP
add address=61.69.57.74 comment="Jason Pos Scales Office IP" list=RDP
add address=192.168.16.1 comment="WAN 2 Telstra Modem NOT BRIDGED." list=RDP
add address=61.69.57.74 list=Support
add address=192.168.0.0/24 list=Support
add address=192.168.5.0/24 list=Support
add address=38.108.185.0/24 list=OpenDrive
add address=103.26.172.0/22 comment="NetSip IP Range" list=sip
add address=35.189.47.13 list=sip
add address=35.189.44.220 list=sip
add address=61.69.73.194 comment="Mick Home telstra NBN Connection" list=RDP
add address=49.191.174.78 comment=C.Baxton list=RDP
add address=27.253.10.186 comment="Chad Home NBN Connection" list=RDP
add address=10.11.3.1 list=Support
add address=10.10.10.0/24 list=Support
add address=101.182.152.218 comment="Leighton Home NBN Connection" list=RDP
/ip firewall filter
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=444 protocol=tcp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=fasttrack-connection chain=input connection-state=\
established,related disabled=yes hw-offload=yes
add action=accept chain=input connection-state="" disabled=yes protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input in-interface-list=LAN
add action=accept chain=input src-address-list=Support
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="drop DNS resolver requests from WAN" \
dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="drop DNS resolver requests from WAN" \
dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop port scan list" src-address-list=\
Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE BEFORE ADDING YOUR SUBNET TO SUPPORT ADDRES\
S LIST #" dst-port=8291 protocol=tcp src-address-list=!Support
add action=add-src-to-address-list address-list=ftp_Brute \
address-list-timeout=3h chain=input comment=\
"Add bruteforcers to list for 3 hours" connection-limit=30,32 content=\
"530 Login incorrect" dst-port=21 limit=10/1m,0:packet protocol=tcp
add action=drop chain=input comment="Drop ftp bruteforce" dst-port=21 \
protocol=tcp src-address-list=ftp_Brute
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" \
in-interface-list=WAN log-prefix="INPUT DROP -->> "
add action=accept chain=forward disabled=yes src-address=192.168.0.73
add action=accept chain=forward connection-state=established,related \
in-interface-list=WAN
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward dst-port=33389 in-interface-list=WAN \
protocol=tcp src-address-list=RDP
add action=accept chain=forward dst-port=6000-6399,3478-3479 \
in-interface-list=WAN protocol=udp src-address-list=sip
add action=accept chain=forward dst-port=6000-6399,3478-3479 \
in-interface-list=WAN protocol=tcp src-address-list=sip
add action=accept chain=forward dst-port=5060 in-interface-list=WAN protocol=\
udp src-address-list=sip
add action=accept chain=forward dst-port=5060 in-interface-list=WAN protocol=\
tcp src-address-list=sip
add action=drop chain=forward comment="Drop syn flood list" src-address-list=\
Syn_Flooder
add action=jump chain=forward comment="Jump for icmp forward flow" disabled=\
yes jump-target=ICMP protocol=icmp
add action=drop chain=input disabled=yes in-interface-list=WAN log=yes \
log-prefix="DROP INPUT>> "
add action=drop chain=input disabled=yes in-interface="!ether1 - Server"
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=add-src-to-address-list address-list=Spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 disabled=\
yes dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=add-src-to-address-list address-list=Spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 disabled=\
yes dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" disabled=yes \
dst-port=25,587 protocol=tcp src-address-list=Spammers
add action=tarpit chain=forward comment="Tarpit login bruteforce" dst-port=25 \
protocol=tcp src-address-list=smtp_Brute
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=drop chain=forward comment="Drop ALL From WAN NOT Dest-NAT" \
connection-nat-state=!dstnat disabled=yes in-interface-list=WAN log=yes \
log-prefix="DROP NOT DEST NAT>> "
add action=accept chain=output connection-state=established,related,new
add action=drop chain=forward connection-state=invalid in-interface-list=WAN
/ip firewall mangle
add action=add-dst-to-address-list address-list=SMTP_Brute \
address-list-timeout=10m chain=forward comment=\
"Add excessive login failures to list for 10 minutes" connection-state=\
established content=\
"535 5.7.8 Error: authentication failed: authentication failure" limit=\
!3/1m,3:packet protocol=tcp src-port=25
add action=accept chain=prerouting disabled=yes dst-address=192.168.16.0/24 \
in-interface="ether1 - Server"
add action=accept chain=prerouting disabled=yes dst-address=203.45.253.1 \
in-interface="ether2 - PBX"
add action=accept chain=prerouting disabled=yes dst-address=110.145.127.189 \
in-interface="ether2 - PBX"
add action=accept chain=prerouting disabled=yes dst-address=103.98.87.3 \
in-interface="ether2 - PBX"
add action=accept chain=prerouting disabled=yes dst-address=103.98.87.3 \
in-interface="ether1 - Server"
add action=accept chain=prerouting disabled=yes dst-address=203.45.253.1 \
in-interface="ether1 - Server"
add action=accept chain=prerouting disabled=yes dst-address=110.145.127.189 \
in-interface="ether1 - Server"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=*B new-connection-mark=WAN1_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=ether4 new-connection-mark=WAN2_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=Netmode-Vlan new-connection-mark=WAN2_Conn passthrough=\
yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-type=!local in-interface="ether2 - PBX" \
new-connection-mark=WAN1_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-type=!local in-interface="ether1 - Server" \
new-connection-mark=WAN2_Conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_Conn disabled=\
yes in-interface="ether2 - PBX" new-routing-mark=TO_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_Conn disabled=\
yes in-interface="ether1 - Server" new-routing-mark=TO_WAN2 passthrough=\
yes
add action=mark-routing chain=prerouting connection-mark=WAN1_Conn disabled=\
yes in-interface="ether1 - Server" new-routing-mark=TO_WAN1 passthrough=\
yes
add action=mark-routing chain=output connection-mark=WAN2_Conn disabled=yes \
new-routing-mark=TO_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_Conn disabled=yes \
new-routing-mark=TO_WAN1 passthrough=yes
add action=mark-packet chain=forward disabled=yes dst-address-list=OpenDrive \
new-packet-mark=OpenDrive passthrough=yes src-address=192.168.0.2
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=L2TP-Connections
add action=masquerade chain=srcnat comment="MAnagement VPN" out-interface=\
Management
add action=masquerade chain=srcnat out-interface=Netmode-Vlan
add action=masquerade chain=srcnat log-prefix="Outbound Traffic: " \
out-interface=ether4
add action=masquerade chain=srcnat log-prefix="Outbound Traffic: " \
out-interface=ether5
add action=dst-nat chain=dstnat dst-port=33389 in-interface-list=WAN \
log-prefix="RDP CONNECTION>> " protocol=tcp src-address-list=RDP \
to-addresses=192.168.0.2 to-ports=3389
add action=dst-nat chain=dstnat comment=\
"CCTV CMS POS Scales GRoup Update Test" dst-port=6036 in-interface-list=\
WAN log-prefix="CCTV CMS" protocol=tcp src-address-list=RDP to-addresses=\
192.168.0.69 to-ports=6036
add action=add-src-to-address-list address-list="BAD BLOCK LIST" \
address-list-timeout=2d3h16m56s chain=dstnat disabled=yes dst-port=33389 \
in-interface-list=WAN log=yes log-prefix=\
"BAD RDP Added to BlackList >> " protocol=tcp src-address-list=!RDP \
to-addresses=192.168.0.2 to-ports=3389
add action=dst-nat chain=dstnat dst-port=6000-6399,3478-3479 \
in-interface-list=WAN log-prefix="RTP PACKETS>> " protocol=udp \
src-address-list=sip to-addresses=192.168.5.5
add action=dst-nat chain=dstnat dst-port=6000-6399,3478-3479 \
in-interface-list=WAN log-prefix="RTP PACKETS>> " protocol=tcp \
src-address-list=sip to-addresses=192.168.5.5
add action=dst-nat chain=dstnat dst-port=5060 in-interface-list=WAN \
log-prefix="SIP PACKETS>> " protocol=tcp src-address-list=sip \
to-addresses=192.168.5.5
add action=dst-nat chain=dstnat dst-port=5060 in-interface-list=WAN \
log-prefix="SIP PACKETS>> " protocol=udp src-address-list=sip \
to-addresses=192.168.5.5
add action=dst-nat chain=dstnat disabled=yes dst-port=3478-3479 \
in-interface-list=WAN log-prefix="SIP PACKETS>> " protocol=tcp \
to-addresses=192.168.5.5
add action=dst-nat chain=dstnat disabled=yes dst-port=3478-3479 \
in-interface-list=all log-prefix="SIP PACKETS>> " protocol=udp \
to-addresses=192.168.5.5
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN log=yes \
log-prefix="PBX LOG IN >> " protocol=tcp src-address=61.69.57.74 \
to-addresses=192.168.5.5
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN \
log-prefix="PBX LOG IN >> " protocol=tcp src-address=61.69.57.74 \
to-addresses=192.168.5.5
/ip firewall raw
add action=drop chain=prerouting disabled=yes in-interface-list=WAN \
log-prefix="RAW - DROP BAD IP IN LIST :" src-address-list=\
"BAD BLOCK LIST"
add action=log chain=prerouting disabled=yes dst-port=443 in-interface-list=\
WAN log=yes log-prefix="443 ADD to BLACKLIST >" protocol=tcp \
src-address-list=!RDP
add action=drop chain=prerouting dst-port=3389 in-interface-list=WAN log=yes \
log-prefix="RAW 3389 Drop >" protocol=tcp src-address-list=!RDP
add action=add-src-to-address-list address-list="BAD BLOCK LIST" \
address-list-timeout=2d46m39s chain=prerouting disabled=yes dst-port=21 \
in-interface-list=WAN log=yes log-prefix="21 ADD to BLACKLIST >" \
protocol=tcp src-address-list=!RDP
add action=drop chain=prerouting dst-port=5060-5070 in-interface-list=WAN \
log=yes log-prefix="RAW 5060 DROP >> " protocol=udp src-address-list=\
!sip
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
1.1.1.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.50.1
add disabled=yes dst-address=1.1.2.2/32 gateway=192.168.50.1
add disabled=no dst-address=1.1.1.1/32 gateway=103.98.87.1 scope=9
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=103.98.87.1 \
routing-table=main scope=9 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp l2tp-secret
add address=10.10.10.0/24 comment=!Pss.974082**
/ppp secret
add disabled=yes name=Mel.Erbsland profile="Bygreen VPN"
add name=PosScalesOffice profile="Bygreen VPN"
add name=laighton profile="Bygreen VPN"
add name=Mick profile="Bygreen VPN"
add name=Mellissa profile="Bygreen VPN"
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set enabled=yes trap-generators=interfaces trap-version=3
/system clock
set time-zone-autodetect=no time-zone-name=Australia/Brisbane
/system identity
set name=Austraw
/system logging
set 0 topics=info,!ups
set 2 topics=warning,!script
add action=UPS topics=ups,info
add action=Scripts topics=script
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes
/system ntp client servers
add address=162.159.200.123
add address=159.196.3.239
/system scheduler
add interval=1w name=autobackup on-event=":local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Bygreen\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:delay 10s\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2021-08-05 start-time=20:47:23
add disabled=yes interval=30s name="Check UPS" on-event=UPS_Alert policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2023-06-08 start-time=09:21:14
/system script
add dont-require-permissions=no name=UPS_Alert owner=posscales policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
\r\
\n:local mailserver [:resolve mail.voipitup.com.au];\r\
\n:local mailfrom \"UPS_PSS@voipitup.com.au\";\r\
\n:local mailto \"jloeken@posscales.com.au\";\r\
\n:local mailcc \"jloeken@voipitup.com.au\"; #Multiple addresses allowed, \
use \",\" to separate entries\r\
\n:local upsName \"ups1\";\r\
\n\r\
\n\r\
\n:global flagonbatt;\r\
\n:global flagbattlow;\r\
\n:global flagbattlowa;\r\
\n:global shutdownin;\r\
\n:global shutdown;\r\
\n:global restored;\r\
\n:local online;\r\
\n:local runtimeleft;\r\
\n:local battcharge;\r\
\n:local sysname [/system identity get name];\r\
\n:local datetime \"\$[/system clock get date] \$[/system clock get time]\
\";\r\
\n:if ([:typeof \$flagonbatt]=\"nothing\") do={:set flagonbatt 0}\r\
\n:if ([:typeof \$flagbattlow]=\"nothing\") do={:set flagbattlow 0}\r\
\n:if ([:typeof \$flagbattlowa]=\"nothing\") do={:set flagbattlowa 0}\r\
\n:if ([:typeof \$shutdownin]=\"nothing\") do={:set shutdownin 100}\r\
\n:if ([:typeof \$shutdown]=\"nothing\") do={:set shutdown 0}\r\
\n:if ([:typeof \$restored]=\"nothing\") do={:set restored 0}\r\
\n/system ups monitor ups1 once do={\r\
\n:set online \$\"on-line\";\r\
\n:set runtimeleft \$\"runtime-left\";\r\
\n:set battcharge \$\"battery-charge\";\r\
\n:set shutdownin \$\"offline-after\";\r\
\n}\r\
\n:log warning (\"\$online, \$runtimeleft, \$battcharge, \$shutdow\
nin, \$flagonbatt, \$flagbattlow, \$restored, \$shutdown \")\r\
\n# /tool e-mail send subject=\"\$sysname | **Power Failure** | \$datetime\
\_| System will shutdown in \$shutdownin | Battery Charge at \$battcharge%\
\" to=\$mailto cc=\$mailcc body=\"\$sysname | **Power Failure** | \$dateti\
me \\r\\n System will shutdown in \$shutdownin \\r\\n Battery Charge at \
\$battcharge% \\r\\n \\r\\n Good luck to you, let's hope they fix it quic\
kly!...\"\r\
\n#:log info (\" EMail sent\")\r\
\n\r\
\n:if ((\$online=false) && (\$flagonbatt=0) && (\$battcharge<100)) do={\r\
\n:set flagonbatt 1;\r\
\n/tool e-mail send subject=\"\$sysname | **Power Failure** | System will \
shutdown in \$runtimeleft | Battery Charge at \$battcharge%\" to=\$mailto \
cc=\$mailcc body=\"\$sysname | **Power Failure** \\r\\n \$datetime \
\\r\\n System will shutdown in \$runtimeleft \\r\\n Battery Charge at \
\$battcharge% \\r\\n \\r\\n Good luck to you, let's hope they fix it qu\
ickly!...\"\r\
\n:log info (\"PowerFailure: EMail sent\")\r\
\n}\r\
\n:if ((\$online=true) && (\$flagonbatt=1)) do={\r\
\n:set flagonbatt 0;\r\
\n:set shutdown 0;\r\
\n:set flagbattlowa 0;\r\
\n:set restored 1;\r\
\n/tool e-mail send subject=\"\$sysname | *Power Restored* | Battery Char\
ge at \$battcharge%\" to=\$mailto cc=\$mailcc body=\"\$sysname | *Power Re\
stored* \\r\\n \$datetime \\r\\n Battery Charge at \$battcharge% \\r\
\\n \\r\\n They fixed it! Well done to the electric company!...\"\r\
\n:log info (\"PowerRestored: EMail sent\")\r\
\n}\r\
\n:if ((\$online=false) && (\$runtimeleft <= 00:10:00)) do={\r\
\n#:set restored 0;\r\
\n/tool e-mail send subject=\"\$sysname | Battery Almost OUT - Power off i\
n \$runtimeleft minutes | Battery Charge \$battcharge% | WARNING !!\" to=\
\$mailto cc=\$mailcc body=\"\$sysname \\r\\n Battery Almost OUT - Power\
\_off in \$runtimeleft \\r\\n Battery Charge at \$battcharge% \\r\\n \
\_ \\r\\n \$datetime | WARNING !!!\"\r\
\n:log info (\"Battery almost out: Email sent\")\r\
\n}\r\
\n:if ((\$shutdownin <= 00:10:00) && (\$shutdown=0) && (\$shutdownin > 00:\
00:00)) do={\r\
\n:set shutdown 1;\r\
\n/tool e-mail send subject=\"\$sysname | System Warning | System will sh\
utdown in \$shutdownin minutes | Battery Charge at \$battcharge%\" to=\$ma\
ilto cc=\$mailcc body=\"\$sysname | System Warning \\r\\n \$datetime \\\
r\\n System will shutdown in \$shutdownin minutes \\r\\n UPS can Run for\
\_Another \$runtimeleft \\r\\n Battery Charge at \$battcharge% \\r\\n \
\\r\\n Better start praying!...\"\r\
\n:log info (\"\$runtimeleft MinLeft: Email sent\")\r\
\n}\r\
\n:if ((\$shutdownin <= 00:01:00) && (\$flagbattlowa=0) && (\$shutdownin >\
\_00:00:00)) do={\r\
\n:set flagbattlowa 1;\r\
\n/tool e-mail send subject=\"\$sysname | System Warning | System will sh\
utdown in \$shutdownin minute | Battery Charge at \$battcharge%\" to=\$mai\
lto cc=\$mailcc body=\"\$sysname | System Warning \\r\\n \$datetime \\r\
\\n System will shutdown in \$shutdownin minute \\r\\n UPS can Run for \
Another \$runtimeleft \\r\\n Battery Charge at \$battcharge% \\r\\n \\r\
\\n Pray for a miracle brother!...\"\r\
\n:log info (\"1MinLeft: Email sent\")\r\
\n}\r\
\n:if ((\$battcharge=100) && (\$restored=1)) do={\r\
\n:set restored 0;\r\
\n/tool e-mail send subject=\"\$sysname | Battery | Battery is Fully Charg\
ed\" to=\$mailto cc=\$mailcc body=\"\$sysname | Battery \\r\\n \$datetim\
e \\r\\n Battery is Fully Charged \\r\\n \\r\\n yeah, we're ready to \
go again!...\"\r\
\n:log info (\"BatteryFull: Email sent\")\r\
\n}\r\
\n"
add dont-require-permissions=no name="manual backup" owner=posscales policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Bygreen\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:delay 10s\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\""
/tool bandwidth-server
set enabled=no
/tool e-mail
set from=UPS@voipitup.com.au port=587 server=mail.voipitup.com.au user=\
ups@voipitup.com.au
/tool romon
set enabled=yes