File: /home/posscale/backup/MT_Backups/KC_Psych/BACKUP-KC-Psych-HEXs-2022apr21-211411.rsc
# apr/21/2022 21:14:11 by RouterOS 6.47.2
# software id = K0Q8-A4LJ
#
# model = RB760iGS
# serial number = A8150AE15EE4
/interface bridge
add name="Local-and-VPN Bridge"
/interface ethernet
set [ find default-name=ether2 ] comment="PBX Direct Connect"
set [ find default-name=ether3 ] comment="NBN-FTTC-AAPT-voip it up"
/interface vlan
add interface=ether4 name=vlan-100-NBN vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=66 name=66 value="'192.168.7.101'"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=VPN-POOL ranges=10.10.10.2-10.10.10.200
/ppp profile
add bridge="Local-and-VPN Bridge" dns-server=1.1.1.1,8.8.8.8 local-address=\
10.10.10.1 name="KC STAFF VPN Access" remote-address=VPN-POOL
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge="Local-and-VPN Bridge" interface=ether1
/ip firewall connection tracking
set udp-stream-timeout=4m
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile="KC STAFF VPN Access" \
enabled=yes ipsec-secret=S^aY4gYKM9hp use-ipsec=yes
/interface list member
add interface=ether5 list=WAN
add interface=ether1 list=LAN
add list=WAN
add interface=vlan-100-NBN list=WAN
add interface="Local-and-VPN Bridge" list=LAN
add interface=ether2 list=LAN
/ip address
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.7.2/24 interface="Local-and-VPN Bridge" network=\
192.168.7.0
add address=61.69.5.222/30 interface=vlan-100-NBN network=61.69.5.220
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=3.105.22.41 name=unifi type=A
add address=192.168.7.1 name=kcpsbs01.kcpsych.local type=A
add address=192.168.7.1 name=kcpsbs01 type=A
/ip firewall address-list
add address=208.73.211.69 list=SIP
add address=203.161.160.69 list=SIP
add address=203.161.160.70 list=SIP
add address=203.161.166.71 list=SIP
add address=203.161.160.0/20 list=SIP
add address=202.61.12.230 list=SIP
add address=203.161.164.69 list=SIP
add address=115.30.36.66 list=SIP
add address=1.132.96.183 list=SIP
add address=192.168.7.0/24 list=SIP
add address=115.70.205.66 list=SIP
add address=10.26.0.0/24 list=SIP
add address=61.69.57.74 list=SIP
add address=103.26.172.0/22 comment="Net SIP" list=SIP
add address=103.77.233.190 comment=Mondo list=FAX
add address=35.244.94.36 comment=Mondo list=FAX
add address=139.99.140.152 comment=Mondo list=FAX
add address=101.0.113.238 comment=Mondo list=FAX
add address=35.189.35.225 comment=Mondo list=FAX
add address=139.99.140.153 comment=Mondo list=FAX
add address=35.197.165.191 comment=Mondo list=FAX
add address=103.77.233.107 comment=Mondo list=FAX
add address=35.201.30.11 comment=Mondo list=FAX
add address=35.197.168.74 comment=Mondo list=FAX
add address=35.189.26.1 comment=Mondo list=FAX
add address=210.8.41.230 comment="Net SIP" list=SIP
add address=35.189.47.13 comment=Mondo list=FAX
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=forward comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=udp
add action=drop chain=output comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=udp
add action=drop chain=forward comment="Print Spooler Hacker Protection" \
dst-port=135,442 log=yes log-prefix="HACKER BLOCKED >>>" \
out-interface-list=WAN protocol=tcp
add action=drop chain=forward dst-port=6881 protocol=tcp
add action=drop chain=input dst-port=6881 protocol=tcp
add action=drop chain=input dst-port=6881 protocol=udp
add action=drop chain=forward dst-port=6881 protocol=udp
add action=accept chain=forward dst-port=5060 in-interface-list=WAN \
log-prefix="SIP >>>>> " protocol=udp src-address-list=SIP
add action=accept chain=forward dst-port=5060 in-interface-list=WAN protocol=\
tcp src-address-list=SIP
add action=accept chain=forward comment="Accept Established and related" \
connection-state=established,related in-interface-list=WAN
add action=accept chain=input comment="Accept Established and related" \
connection-state=established,related in-interface-list=WAN
add action=accept chain=input dst-port=8291 in-interface-list=WAN protocol=\
tcp src-address-list=SIP
add action=accept chain=input in-interface-list=LAN protocol=icmp
add action=drop chain=input in-interface-list=WAN protocol=icmp
add action=accept chain=input in-interface-list=WAN protocol=ipsec-esp
add action=accept chain=input in-interface-list=WAN protocol=ipsec-ah
add action=accept chain=input dst-port=500 in-interface-list=WAN protocol=udp
add action=accept chain=input dst-port=1701 in-interface-list=WAN protocol=\
udp
add action=accept chain=input dst-port=4500 in-interface-list=WAN protocol=\
udp
add action=accept chain=input in-interface-list=WAN src-address-list=SIP
add action=accept chain=forward dst-port=80 in-interface-list=WAN protocol=\
tcp
add action=accept chain=forward dst-port=443 in-interface-list=WAN protocol=\
tcp
add action=accept chain=forward dst-port=5950 in-interface-list=WAN protocol=\
tcp
add action=accept chain=forward dst-port=10000 in-interface-list=WAN \
protocol=tcp
add action=accept chain=forward dst-port=10000 in-interface-list=WAN \
protocol=udp
add action=drop chain=input comment="Drop All Input from WAN" in-interface=\
vlan-100-NBN
add action=drop chain=forward comment="Drop Not Dest Natted" \
connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.10.10.0/24
add action=masquerade chain=srcnat dst-address=192.168.2.0/24 src-address=\
192.168.2.0/24
add action=masquerade chain=srcnat out-interface=vlan-100-NBN
add action=accept chain=dstnat comment="Hairpin dest nat" disabled=yes \
dst-address=220.244.82.205 protocol=tcp
add action=dst-nat chain=dstnat comment="PPTP Server Access OLD" dst-port=\
1723 in-interface-list=WAN protocol=tcp to-addresses=192.168.7.1
add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface-list=\
WAN protocol=udp src-address-list=FAX to-addresses=192.168.2.2
add action=dst-nat chain=dstnat disabled=yes in-interface-list=WAN \
src-address-list=FAX to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=5950 in-interface-list=WAN protocol=\
tcp to-addresses=192.168.7.10 to-ports=80
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=\
tcp to-addresses=192.168.7.10 to-ports=0
add action=dst-nat chain=dstnat dst-port=10000 in-interface-list=WAN \
protocol=tcp to-addresses=192.168.7.10 to-ports=10000
add action=dst-nat chain=dstnat dst-port=10000 in-interface-list=WAN \
protocol=udp to-addresses=192.168.7.39 to-ports=10000
add action=dst-nat chain=dstnat dst-port=444 in-interface-list=WAN protocol=\
tcp to-addresses=192.168.2.2 to-ports=444
add action=dst-nat chain=dstnat dst-port=5060 in-interface-list=WAN protocol=\
tcp src-address-list=SIP to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=5060 in-interface-list=WAN protocol=\
udp src-address-list=SIP to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=15000-15998 in-interface-list=WAN \
protocol=udp src-address-list=SIP to-addresses=192.168.7.43
add action=dst-nat chain=dstnat dst-port=6000-6399 in-interface-list=WAN log=\
yes log-prefix="RTP >>>> " protocol=udp src-address-list=SIP \
to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=6000-6399 in-interface-list=WAN log=\
yes log-prefix="TCP RTP >> " protocol=tcp src-address-list=SIP \
to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=3478-3479 in-interface-list=WAN \
protocol=tcp to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=3478-3479 in-interface-list=WAN \
protocol=udp to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
tcp src-address-list=SIP to-addresses=192.168.7.39
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=61.69.5.221
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add comment=OuyaaXFUup!9#dt4 disabled=yes name=Joshua password=\
OuyaaXFUup!9#dt4 profile="KC STAFF VPN Access"
add comment=wL@xtGLY7pro13fN name=Kristie password=wL@xtGLY7pro13fN profile=\
"KC STAFF VPN Access"
add comment=Xg@nXf%k223jw@ name=Christine password=Xg@nXf%k223jw@ profile=\
"KC STAFF VPN Access"
add comment=Eh1Z3R!8sP^m4uTa disabled=yes name=Sandra password=\
Eh1Z3R!8sP^m4uTa profile="KC STAFF VPN Access"
add comment="OuyaaXF\$Uup!9#dt4" name=Jessica_D password="OuyaaXF\$Uup!9#dt4" \
profile="KC STAFF VPN Access"
/system clock
set time-zone-name=Australia/Brisbane
/system identity
set name=KC-Psych-HEXs
/system routerboard settings
set protected-routerboot=enabled reformat-hold-button=1m
/system scheduler
add interval=1w name=autobackup on-event=":local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/KC_Psych\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 5s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/05/2021 start-time=21:14:11
/tool romon
set enabled=yes
/tool sniffer
set file-limit=100000KiB file-name=call.pcap filter-interface=ether2 \
memory-limit=1000KiB