File: /home/posscale/backup/MT_Backups/Madders/BACKUP-Madders-Kitchens-2025aug05-114637.rsc
# aug/05/2025 11:46:38 by RouterOS 6.43.4
# software id = BH31-18SV
#
# model = 2011UiAS-2HnD
# serial number = 91E309309532
/interface bridge
add admin-mac=B8:69:F4:14:19:35 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp1 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=\
"madders key" supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key=0738899344 wpa2-pre-shared-key=0738899344
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
country=australia disabled=no distance=indoors frequency=auto mode=\
ap-bridge nv2-preshared-key=0738899344 security-profile="madders key" \
ssid=MADDERS wireless-protocol=802.11 wps-mode=disabled
/ip dhcp-server option
add code=66 name=3cx-66 value="'https://pbx2-3cx.voipitup.com.au/provisioning/\
lrbvvfvg1e/001565B37209.cfg'"
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp-madders ranges=192.168.1.100-192.168.1.200
add name="10.0.0.0 POOL" ranges=10.0.0.10-10.0.0.100
/ip dhcp-server
add address-pool=dhcp-madders disabled=no interface=bridge name=defconf
/metarouter
add name=mr1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge disabled=yes interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add list=discover
add interface=ether1 list=mactel
add interface=ether2-master list=mactel
add interface=ether1 list=mac-winbox
add interface=ether6-master list=mactel
add interface=ether2-master list=mac-winbox
add interface=sfp1 list=mactel
add interface=ether6-master list=mac-winbox
add interface=sfp1 list=mac-winbox
/ip address
add address=210.8.53.126/30 comment=defconf interface=ether1 network=\
210.8.53.124
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=10.0.0.138/24 interface=bridge network=10.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid interface=wlan1
/ip dhcp-server lease
add address=192.168.1.197 client-id=1:0:15:65:b3:72:9 mac-address=\
00:15:65:B3:72:09 server=defconf
add address=192.168.1.198 client-id=1:5c:ea:1d:56:90:1c comment=\
"Brother Printer - Scanner" mac-address=5C:EA:1D:56:90:1C server=defconf
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.138 netmask=8
add address=192.168.1.0/24 dhcp-option=3cx-66 gateway=192.168.1.1 netmask=24
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=203.8.183.1,192.189.54.33
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall address-list
add address=101.0.97.107 comment="Phone system" list="SIP RTP Servers"
add address=101.0.97.109 list="SIP RTP Servers"
add address=139.99.140.152 list="SIP RTP Servers"
add address=139.99.140.153 list="SIP RTP Servers"
add address=35.189.31.167 list="SIP RTP Servers"
add address=35.189.35.225 list="SIP RTP Servers"
add address=35.189.44.220 list="SIP RTP Servers"
add address=103.77.233.187 list="SIP RTP Servers"
add address=61.69.57.74 comment="PSS OFFICE" list="SIP RTP Servers"
add address=54.79.1.213 comment=Pbx2-3cx.voipitup list="SIP RTP Servers"
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp \
src-address=61.69.57.74
add action=accept chain=forward in-interface=ether1 src-address-list=\
"SIP RTP Servers"
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=67 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1 log=yes log-prefix=\
"INPUT DROP: "
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge)
add action=masquerade chain=srcnat out-interface=wlan1
add action=dst-nat chain=dstnat in-interface=ether1 src-address=54.79.1.213 \
to-addresses=192.168.1.197
/ip route
add distance=1 gateway=210.8.53.125
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Australia/Adelaide
/system identity
set name=Madders-Kitchens
/system routerboard settings
set silent-boot=no
/system scheduler
add interval=1w name=schedule1 on-event=":local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Madders\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 5s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/05/2021 start-time=11:46:37
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool mac-server ping
set enabled=no