File: /home/posscale/backup/MT_Backups/Reflections/BACKUP-Reflections_T2_Main-2025feb16-192245.rsc
# feb/16/2025 19:22:47 by RouterOS 6.49.15
# software id = L05X-CLSD
#
# model = CCR1009-7G-1C-1S+
# serial number = E3220F7681CD
/interface bridge
add name="Executive Bridge - 80"
add name="GOD BRIDGE"
add admin-mac=DC:2C:6E:A3:33:27 auto-mac=no name=Guest-Bridge
add name="OFFICE 40 - Bridge"
add admin-mac=DC:2C:6E:A3:33:2E auto-mac=no comment=\
"VALN 10 OPS and Untaged AP" name=Ops-Bridge
add name=PPPoE-Unit-Bridge-Radius
add name="SMTV Cast - Bridge"
add name=Voice-Bridge
/interface ethernet
set [ find default-name=combo1 ] auto-negotiation=no comment=\
"Tower 1 Uplink Port Via WiFi Link\r\
\n"
set [ find default-name=ether1 ] comment=\
"NBN EE - 500Mbps - 60.240.32.226/30 - With Addon IP's"
set [ find default-name=ether2 ] comment="SPARE - WAN2 - 115.187.157.231" \
disabled=yes
set [ find default-name=ether3 ] comment="SMTV Controller - Vlan 20"
set [ find default-name=ether4 ] comment="PBX Vlan 50 Network"
set [ find default-name=ether5 ] comment=\
"Office Network 40 - CCTV Connection"
set [ find default-name=ether6 ] comment="LInk TO T2 Office Switch"
set [ find default-name=ether7 ] comment=\
"Managemant PORT - Ops Network - To POE Swithc with Pi"
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\
"10G Link to T2 Distrobutions Fibre Router CCR-2004"
/interface l2tp-client
add connect-to=3.106.179.83 disabled=no ipsec-secret=!Pss.974082** name=\
Management-VPN password=A%b32!^*@o1EldFEbI use-ipsec=yes user=\
Reflections-Coolangatta-Beach
/interface eoip
add disabled=yes mac-address=02:A7:F6:D3:2B:FF mtu=1458 name=AWS_Domotz_EoIP \
remote-address=10.11.3.1 tunnel-id=1
/interface vlan
add interface=ether3 name="SMTV-20 Vlan" vlan-id=20
add interface=combo1 name="T1-NBN 1 - 999" vlan-id=999
add interface=combo1 name="T1-NBN 2 - 998" vlan-id=998
add interface=combo1 name="VLAN 50 - Voice Link - T1" vlan-id=50
add interface=combo1 name="Vlan 70 - Guest - T1" vlan-id=70
add interface=sfp-sfpplus1 name="Vlan 70 - Guest - T2" vlan-id=70
add interface=combo1 name="Vlan 80 - Executive Network - T1" vlan-id=80
add interface=sfp-sfpplus1 name="Vlan 80 - Executive Network - T2" vlan-id=80
add interface=combo1 name=Vlan99_PPPoE_Tower1 vlan-id=99
add interface=sfp-sfpplus1 name=Vlan99_PPPoE_Tower2 vlan-id=99
add interface=combo1 name="vlan 20 - SMTV Cast - T1" vlan-id=20
add interface=sfp-sfpplus1 name="vlan 20 - SMTV Cast - T2" vlan-id=20
add comment="STAFF/ Managemant Wifi & Office Network " interface=combo1 \
name="vlan 40 - OFFICE-Tower 1" vlan-id=40
add comment="STAFF/ Managemant Wifi & Office Network " interface=\
sfp-sfpplus1 name="vlan 40 - OFFICE-Tower 2" vlan-id=40
add comment="Inforstucture Hardware and switches" interface=combo1 name=\
vlan10-OPS-Tower1 vlan-id=10
add comment="Inforstucture Hardware and switches" interface=sfp-sfpplus1 \
name=vlan10-OPS-Tower2 vlan-id=10
add comment="Chrome Cast Network for SMAART TV People." disabled=yes \
interface=Ops-Bridge name=vlan20-Casting-Ops-Bridge vlan-id=20
add comment="Phones and PA Network" disabled=yes interface=Ops-Bridge name=\
vlan50-Phones-OPS-Bridge vlan-id=50
add comment="Radius Seperation PPP from 2004" disabled=yes interface=\
Ops-Bridge name=vlan99-PPPoE-Unit vlan-id=99
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=login.voipitup hotspot-address=10.10.0.1 login-by=\
mac,cookie,http-pap mac-auth-password=Vo1p!tUp name=hsprof1 \
radius-interim-update=30m use-radius=yes
/ip hotspot
add addresses-per-mac=unlimited interface=Ops-Bridge name=hotspot1 profile=\
hsprof1
/ip pool
add name=Guest-Pool ranges=10.10.4.2-10.10.7.254
add name=OPS-Pool ranges=192.168.10.100-192.168.10.254
add name=VLAN_Unit_Pool ranges=192.168.22.10-192.168.23.254
add name="SMTV Cast - POOL" ranges=192.168.20.50-192.168.20.240
add name="OFFICE - POOL" ranges=192.168.40.170-192.168.40.250
add name="Voice Pool" ranges=192.168.50.100-192.168.50.250
add name=VPN-Pool ranges=10.10.10.10-10.10.10.200
add name="DHCP SMTV CAST" ranges=192.168.25.50-192.168.25.240
add name="Executive Pool" ranges=192.168.80.50-192.168.80.250
/ip dhcp-server
add address-pool=Guest-Pool disabled=no interface=Guest-Bridge lease-time=1h \
name=Guest-DHCP
add address-pool=OPS-Pool conflict-detection=no disabled=no interface=\
Ops-Bridge lease-script="{\r\
\n:local Bound \$\"leaseBound\"\r\
\n:local leaseMAC \$\"leaseActMAC\"\r\
\n:local Vendor [:pick \"\$leaseMAC\" 0 8]\r\
\n:local dserver \$\"leaseServerName\"\r\
\n:local aip \$\"leaseActIP\"\r\
\n:local lhost \$\"lease-hostname\"\r\
\n# :local rmark \"\$interfacename-WG\"\r\
\n# :local DIS \"2\"\r\
\n#\t:local Mangleid [/ip firewall mangle find where comment=\"Mark wan2 c\
on\"]\r\
\n:log warning \"NEW OPS LEASE-> Bound: \$Bound MAC: \$leaseMAC \
\_ Vendor: \$Vendor\";\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n:if (\$Bound=\"1\") do={\r\
\n# :log warning \"NEW OPS LEASE-> Bound: \$Bound MAC: \$leaseMAC \
\_ Vendor: \$Vendor\";\r\
\n\r\
\n\r\
\n:if ((\$Vendor = \"C0:74:AD\") || (\$Vendor = \"64:9D:99\") || (\$Vendor\
\_= \"2C:C8:1B\")) do={\r\
\n:log info \"OPS LEASE OK -> Bound: \$Bound MAC: \$leaseMAC \
\_ Vendor: \$Vendor\";\r\
\n# /tool e-mail send from=\"pbx@voipitup.com.au\" server=\"mail.voipitup.\
com.au\" body=\"Notice: \\r\\n \\r\\n NOT A Rogue Device has been connect\
ed to Reflections \\r\\n \\r\\n OK OPS LEASE-> Bound: \$Bound MAC: \
\_\$leaseMAC Vendor: \$Vendor \\r\\n \\r\\n DHCP SERVER: \$dserv\
er \\r\\n \\r\\n IP: \$aip \\r\\n \\r\\n Host Name: lhost \" subject=\
\"NOT a Rogue Device has been connected to Reflections Operations Infrastr\
ucture Network \" to=\"jloeken@posscales.com.au\" port=587 user=pbx@voipit\
up.com.au password=Pss.974082 start-tls=no\r\
\n\r\
\n\r\
\n} else={\r\
\n:log error \"BAD OPS LEASE-> Bound: \$Bound MAC: \$leaseMAC \
\_ Vendor: \$Vendor\";\r\
\n# /tool e-mail send from=\"pbx@voipitup.com.au\" server=\"mail.voipitup.\
com.au\" body=\"Notice: \\r\\n \\r\\n Rogue Device has been connected to \
Reflections Operations Infrastructure Network \\r\\n \\r\\n BAD OPS LEASE\
-> Bound: \$Bound MAC: \$leaseMAC Vendor: \$Vendor \\r\\n \
\_\\r\\n DHCP SERVER: \$dserver \\r\\n \\r\\n IP: \$aip \\r\\n \\r\\n\
\_Host Name: \$lhost \" subject=\"Rogue Device has been connected to Refle\
ctions Operations Infrastructure Network \" to=\"jloeken@posscales.com.au\
\" cc=\"info@harrisontech.com,admin@philscottcommunications.com.au\" port=\
587 user=pbx@voipitup.com.au password=Pss.974082 start-tls=no\r\
\n\r\
\n\r\
\n};\r\
\n}\r\
\n\r\
\n\r\
\n}" lease-time=1h10m name=OPS-DHCP
add address-pool="DHCP SMTV CAST" disabled=no interface=ether3 name=\
"SMTV Cast - DHCP" use-framed-as-classless=no
add address-pool="OFFICE - POOL" disabled=no interface="OFFICE 40 - Bridge" \
lease-time=1h10m name="OFFICE - DHCP"
add address-pool="Voice Pool" disabled=no interface=Voice-Bridge name=\
"Voice DHCP"
add address-pool="Executive Pool" disabled=no interface=\
"Executive Bridge - 80" name="Executive DHCP"
/ppp profile
add local-address=10.12.0.1 name=PPPoe-Units-Profile remote-address=\
VLAN_Unit_Pool
add name=dux
add dns-server=1.1.1.1,8.8.8.8 local-address=10.10.10.1 name=\
"Reflections Operations VPN" remote-address=VPN-Pool
/interface sstp-client
add connect-to=duxVPN.mel.duxadmin.com disabled=no name=duxVPN password=\
Vo1p!tUp profile=default-encryption user=Reflections \
verify-server-address-from-certificate=no
add comment="added by duxtel support" connect-to=203.21.76.254 disabled=no \
name=duxVPN-Support password=hmOWK-ymoh! profile=dux user=\
r5824911@support.duxtel
add connect-to=duxVPN.mel.duxadmin.com name=sstp-out1 password=Vo1p!tUp \
profile=default-encryption user=Reflections \
verify-server-address-from-certificate=no
/queue simple
add burst-time=10s/10s max-limit=5M/5M name=Guest- target=Guest-Bridge
/system logging action
set 0 memory-lines=4000
add disk-file-count=1 disk-file-name=PPPoE_LOGS name=PPPoELOGS target=disk
add disk-file-name=SystemLogs name=SystemLogs target=disk
/user group
add name=Btest policy="test,!local,!telnet,!ssh,!ftp,!reboot,!read,!write,!pol\
icy,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=PPPoE-Unit-Bridge-Radius horizon=20 interface=Vlan99_PPPoE_Tower1
add bridge=PPPoE-Unit-Bridge-Radius horizon=20 interface=Vlan99_PPPoE_Tower2
add bridge=Ops-Bridge horizon=20 interface=vlan10-OPS-Tower1
add bridge=Ops-Bridge horizon=20 interface=vlan10-OPS-Tower2
add bridge="SMTV Cast - Bridge" horizon=20 interface=\
"vlan 20 - SMTV Cast - T1"
add bridge="SMTV Cast - Bridge" horizon=20 interface=\
"vlan 20 - SMTV Cast - T2"
add bridge="OFFICE 40 - Bridge" interface="vlan 40 - OFFICE-Tower 1"
add bridge="OFFICE 40 - Bridge" interface="vlan 40 - OFFICE-Tower 2"
add bridge=Ops-Bridge interface=ether7
add bridge=Ops-Bridge disabled=yes interface=combo1
add bridge=Guest-Bridge horizon=20 interface="Vlan 70 - Guest - T1"
add bridge=Guest-Bridge horizon=20 interface="Vlan 70 - Guest - T2"
add bridge=Voice-Bridge interface="VLAN 50 - Voice Link - T1"
add bridge=Voice-Bridge interface=ether4
add bridge="OFFICE 40 - Bridge" interface=ether5
add bridge="OFFICE 40 - Bridge" interface=ether6
add bridge="SMTV Cast - Bridge" interface="SMTV-20 Vlan"
add bridge=Ops-Bridge disabled=yes interface=AWS_Domotz_EoIP
add bridge=PPPoE-Unit-Bridge-Radius disabled=yes interface=ether3
add bridge="Executive Bridge - 80" horizon=20 interface=\
"Vlan 80 - Executive Network - T1"
add bridge="Executive Bridge - 80" horizon=20 interface=\
"Vlan 80 - Executive Network - T2"
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set tcp-syncookies=yes
/interface l2tp-server server
set default-profile="Reflections Operations VPN" enabled=yes ipsec-secret=\
"\$#m7aEYbpT^6" use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=Ops-Bridge list=LAN
add interface=Guest-Bridge list=LAN
add interface="OFFICE 40 - Bridge" list=LAN
add interface="SMTV Cast - Bridge" list=LAN
add interface=Voice-Bridge list=LAN
add interface="Executive Bridge - 80" list=LAN
/interface pppoe-server server
add default-profile=PPPoe-Units-Profile disabled=no interface=\
PPPoE-Unit-Bridge-Radius service-name="Unit PPPoE Connections"
add default-profile=PPPoe-Units-Profile disabled=no interface=Ops-Bridge \
service-name=PPPoE-1
/ip address
add address=192.168.50.1/24 interface=Voice-Bridge network=192.168.50.0
add address=192.168.10.1/24 interface=Ops-Bridge network=192.168.10.0
add address=192.168.20.1/24 interface="SMTV Cast - Bridge" network=\
192.168.20.0
add address=10.10.4.1/22 interface=Guest-Bridge network=10.10.4.0
add address=192.168.40.1/24 interface="OFFICE 40 - Bridge" network=\
192.168.40.0
add address=172.31.32.0/20 disabled=yes interface=AWS_Domotz_EoIP network=\
172.31.32.0
add address=60.240.32.226/30 comment="Main NBN EE Connection" interface=\
ether1 network=60.240.32.224
add address=14.203.147.96/30 comment="AddON /30 SUBNET for PBX T1 & T2" \
interface=ether1 network=14.203.147.96
add address=192.168.25.1/24 interface=ether3 network=192.168.25.0
add address=192.168.80.1/24 interface="Executive Bridge - 80" network=\
192.168.80.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=2 interface=ether2 use-peer-dns=no
add add-default-route=no interface=ether1 script="{\r\
\n:local interfacename \$\"interface\"\r\
\n:local portid [:pick \$interfacename 5]\r\
\n;local gw \$\"gateway-address\"\r\
\n:local leaseip \$\"lease-address\"\r\
\n:local gw2 \"\$gw%\$interfacename\"\r\
\n:local mark \"wan\$portid-out\"\r\
\n:local rmark \"AUTO_SNAT_By_DHCP-Client_Script_WAN\$portid\"\r\
\n:local Mangleid [/ip firewall mangle find where comment=\"Mark wan\$port\
id con\"]\r\
\n:local count [/ip firewall nat print count-only where comment=\$rmark]\r\
\n\r\
\n/log error \"\$interfacename >>> \$portid >>> \$gw2 >>> \$mark>>>\$rmark\
>>>\$Mangleid>>>COUNT>\$count>>>BOUND>\$bound\"\r\
\n\r\
\n :if (\$bound=1) do={\r\
\n/log warning \" entered Bound= 1 > Count = \$count\"\r\
\n :if (\$count = 0) do={\r\
\n/log warning \" /ip firewall nat add action=src-nat chain=srcnat \
comment=\$rmark out-interface=\$interfacename to-addresses=\$leaseip plac\
e-before=3\"\r\
\n/log warning \" /ip firewall mangle enable \$Mangleid\"\r\
\n/log warning \" /ip route add dst-address=0.0.0.0/0 gateway=\$gw2\
\_routing-mark=\$mark check-gateway=ping comment=\$mark\"\r\
\n/ip firewall nat add action=src-nat chain=srcnat out-interface=\$interfa\
cename to-addresses=\$leaseip place-before=[find comment=\"Insert_Point_Do\
_NOT_Remove\"] comment=\$rmark;\r\
\n/ip firewall mangle enable \$Mangleid\r\
\n/ip route add dst-address=0.0.0.0/0 gateway=\$gw2 routing-mark=\$mark ch\
eck-gateway=ping comment=\$mark\r\
\n# /ip firewall nat move [find comment=\$rmark] destination=3\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip firewall nat find where comment=\$rmark\
]\r\
\n :if ([/ip firewall nat get \$test to-addresses] != \$\"l\
ease-address\") do={\r\
\n /ip firewall nat set \$test to-addresses=\$\"lease-a\
ddress\"\r\
\n }\r\
\n } else={\r\
\n /log error \" Multiple SRC-NST found with ID: \$r\
mark\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n/log warning \" Bound= \$bound > Count = \$count Removing fi\
rewall Rules\"\r\
\n \r\
\n/ip firewall nat remove [find comment=\$rmark]\r\
\n\r\
\n /ip firewall mangle disable \$Mangleid\r\
\n /ip route remove [find comment=\$mark]\r\
\n\r\
\n\t:foreach a in=[/ip firewall connection find connection-mark=\"wan\$por\
tid\"] do={/ip firewall connection remove \$a}\r\
\n/log warning \" \$a Rules Removed OK\"\r\
\n }\r\
\n:local gatewaylist \"\"\r\
\n:for i from=1 to=7 do={\r\
\n:local dhcpIP [/ip dhcp-client get [find interface=\"ether\$i\"] gateway\
];\r\
\n# /log error \" DATA ether\$i >\$dhcpIP<\"\r\
\n\r\
\n:if (\$dhcpIP = []) do={} else={\r\
\n:if (\$gatewaylist = \"\") do={:set \$gatewaylist \"\$dhcpIP%ether\$i\"\
\r\
\n} else={:set \$gatewaylist \"\$gatewaylist,\$dhcpIP%ether\$i\"}}}\r\
\n/log warning \" NEW Gateway List >\$gatewaylist<\"\r\
\n/log warning [/ip route get [find comment=base-ruel] gateway];\r\
\n/ip route set [find comment=base-ruel] gateway=\$gatewaylist\r\
\n/log warning \"Finished End script\"\r\
\n}" use-peer-dns=no
add add-default-route=no interface="T1-NBN 1 - 999" use-peer-dns=no
add add-default-route=no interface="T1-NBN 2 - 998" use-peer-dns=no
/ip dhcp-server alert
add disabled=no interface=Ops-Bridge on-alert=rogue-dhcp
add disabled=no interface="OFFICE 40 - Bridge" on-alert=rogue-dhcp
add disabled=no interface=Guest-Bridge
add disabled=no interface=ether3
/ip dhcp-server lease
add address=192.168.25.50 client-id=\
ff:d1:ae:58:40:0:2:0:0:ab:11:2:24:a8:21:de:5a:ce:38 comment=\
"Smtv Cast Controller" mac-address=02:11:22:AA:BB:CC server=\
"SMTV Cast - DHCP"
/ip dhcp-server network
add address=10.10.0.0/22 dns-server=10.10.0.1,8.8.8.8 gateway=10.10.0.1
add address=10.10.4.0/22 comment=Guest dns-server=10.10.4.1,8.8.8.8 gateway=\
10.10.4.1
add address=192.168.10.0/24 comment=OPS dns-server=192.168.10.1,8.8.8.8 \
gateway=192.168.10.1
add address=192.168.20.0/23 comment=SMTV dns-server=192.168.20.1,8.8.8.8 \
gateway=192.168.20.1
add address=192.168.25.0/24 comment="SMTV - UNIT POOL" dns-server=\
192.168.25.1,8.8.8.8 gateway=192.168.25.1
add address=192.168.40.0/24 comment=OFFICE dns-server=192.168.40.1,8.8.8.8 \
gateway=192.168.40.1
add address=192.168.50.0/24 comment=Voice dns-server=192.168.50.1,8.8.8.8 \
gateway=192.168.50.1
add address=192.168.80.0/24 comment="Executive Network" dns-server=\
192.168.80.1,8.8.8.8 gateway=192.168.80.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,203.12.160.35,203.12.160.36
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment=\
"Private[RFC 1918] - CLASS A # Check if you need this" disabled=yes list=\
bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment=\
"Private[RFC 1918] - CLASS B # Check if you need this" disabled=yes list=\
bogons
add address=192.168.0.0/16 comment=\
"Private[RFC 1918] - CLASS C # Check if you need this" disabled=yes list=\
bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this" \
disabled=yes list=bogons
add address=61.69.57.74 comment="IP's Used By Sip Provider" list=PBX
add address=61.69.57.74 comment="IP's Used For Remote access to ROUTER" list=\
support
add address=203.21.76.254 comment="duxtel support team" list=support
add address=10.0.0.10 comment="UNiFi Controller PC" list=support
add address=35.189.47.13 comment="IP's Used By Sip Provider" list=PBX
add address=35.189.44.220 comment="IP's Used By Sip Provider" list=PBX
add address=101.0.97.107 comment="IP's Used By Sip Provider" list=PBX
add address=101.0.97.109 comment="IP's Used By Sip Provider" list=PBX
add address=139.99.140.152 comment="IP's Used By Sip Provider" list=PBX
add address=139.99.140.153 comment="IP's Used By Sip Provider" list=PBX
add address=35.189.31.167 comment="IP's Used By Sip Provider" list=PBX
add address=35.189.35.225 comment="IP's Used By Sip Provider" list=PBX
add address=158.69.11.7 comment="IP's Used By Sip Provider" list=PBX
add address=10.10.10.0/24 comment="VPN ACCESS USERS" list=support
add address=10.10.10.0/24 comment="Access from VPN" list=PBX
add address=192.168.50.0/24 list=PBX
add address=203.174.130.70 comment="IP's Used For Remote access to ROUTER" \
list=support
add address=220.233.0.0/24 list=SIP
add address=208.73.211.69 list=SIP
add address=203.161.160.69 list=SIP
add address=203.161.160.70 list=SIP
add address=203.161.166.71 list=SIP
add address=203.161.160.0/20 list=SIP
add address=202.61.12.230 list=SIP
add address=202.61.13.102 list=SIP
add address=203.161.164.69 list=SIP
add address=61.69.57.74 list=SIP
add address=61.69.5.128/30 list=SIP
add address=101.0.97.107 disabled=yes list=SIP
add address=101.0.97.109 disabled=yes list=SIP
add address=139.99.140.152 comment="VoIP IT UP" list=SIP
add address=139.99.140.153 comment="VoIP IT UP" list=SIP
add address=35.189.31.167 disabled=yes list=SIP
add address=35.189.35.225 comment="VoIP IT UP" list=SIP
add address=35.189.47.13 comment="VoIP IT UP - SIP" list=SIP
add address=35.189.44.220 comment="VoIP IT UP - SIP" list=SIP
add address=61.69.5.130 list=SIP
add address=192.168.1.0/24 list=SIP
add address=172.30.0.0/24 list=SIP
add address=103.77.233.190 comment="VoIP IT UP" list=SIP
add address=35.244.94.36 comment="VoIP IT UP" list=SIP
add address=101.0.113.238 comment="VoIP IT UP" list=SIP
add address=35.197.165.191 comment="VoIP IT UP" list=SIP
add address=103.77.233.107 comment="VoIP IT UP" list=SIP
add address=35.201.30.11 comment="VoIP IT UP" list=SIP
add address=35.197.168.74 comment="VoIP IT UP (FAX RTP)" list=SIP
add address=35.189.26.1 comment="VoIP IT UP" list=SIP
add address=10.220.0.1 comment="Radius Server" list=support
add address=10.220.1.1 comment="Radius Server" list=support
add address=13.237.137.170 comment="Radius Server" list=support
add address=10.11.3.0/24 comment="VPN ACCESS USERS" list=support
add address=192.168.20.0/22 comment="VPN ACCESS USERS" disabled=yes list=\
support
add address=188.209.155.54 comment="Aresh Dux support" list=support
add address=192.168.0.0/24 comment=\
"POS Office IP for Setup only - Remove when commissioned" disabled=yes \
list=support
add address=172.19.1.1 comment="Radius Server" list=support
add address=192.168.20.0/24 list=White-Llist
add address=192.168.10.89 list=White-Llist
add address=192.168.50.10 list=T1-Phone-system
add address=192.168.50.11 list=T1-Phone-system
add address=192.168.50.20 list=T2-Phone-system
add address=192.168.50.21 list=T2-Phone-system
add address=120.22.145.231 comment=\
"IP's Used For Remote access to ROUTER Harrisontech " list=support
add address=35.156.114.39 list=GWN_Cloud
add address=52.57.82.70 list=GWN_Cloud
add address=203.175.179.9 comment="Radius Server" list=support
/ip firewall filter
add action=drop chain=input dst-port=500 in-interface-list=WAN protocol=udp \
src-address-list=IPSEC
add action=accept chain=input comment="DUX Radious VPN" in-interface=duxVPN
add action=accept chain=input comment="added by duxtel support" src-address=\
172.19.1.1
# no interface
add action=accept chain=forward in-interface=*F00B3E
add action=accept chain=input comment="WInbox on Infrastructure Network" \
dst-port=8291 protocol=tcp src-address=192.168.10.0/24
add action=accept chain=input comment=\
"Winbox acces from any Support Access List." dst-port=8291 protocol=tcp \
src-address-list=support
add action=accept chain=input dst-port=80 in-interface-list=WAN protocol=tcp \
src-address-list=support
add action=accept chain=input comment="Management VPN Access" in-interface=\
Management-VPN
add action=accept chain=input comment="Management VPN Access" dst-port=\
500,1701,4500 in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Management VPN Access" protocol=\
ipsec-esp
add action=accept chain=input comment="Management VPN Access" protocol=\
ipsec-ah
add action=drop chain=input comment="drop DNS resolver requests from WAN" \
dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="drop DNS resolver requests from WAN" \
dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
20:1F:3B:3A:26:AA
add action=accept chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device DESKTOP-ABU6OFU" log=yes \
log-prefix="Accept Phill Laptop Rogue Device" src-address=\
192.168.10.0/24 src-mac-address=98:43:FA:F2:97:CF
add action=accept chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device DESKTOP-ABU6OFU" log=yes \
log-prefix="Accept Phill Laptop - Rogue Device" src-address=\
192.168.10.0/24 src-mac-address=00:E0:4C:68:08:23
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Jodie-s-A53" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=1A:67:5B:22:E1:D7
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
36:FD:D9:3C:06:3C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device CALLIES" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=F0:1D:BC:33:97:6E
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
10:C7:53:F1:D5:5A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C2:06:64:4E:C9:8D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
6C:56:97:25:2D:6F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
76:7D:AA:0A:43:03
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
EA:E8:6C:D1:65:E2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
62:27:B7:A7:39:C4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A0:92:08:11:5C:64
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device TY_WR" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
70:89:76:B1:5E:D2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
96:0D:4E:8A:F8:85
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
86:C0:3F:DC:49:6F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
CE:EE:ED:C5:A8:DC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:E5:2F:08:05:DF
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
EA:DA:F8:71:76:0A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3E:76:10:1E:11:90
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
CA:31:CD:13:4E:7E
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Apple-TV" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A8:51:AB:9D:BC:55
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device ESP_C07409" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A4:CF:12:C0:74:09
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
74:D4:23:90:3F:7A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E6:D1:C3:CB:01:39
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=80:8A:BD:17:D0:94
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Warwick-s-Z-Flip3" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=F2:62:67:F3:57:02
add action=drop chain=forward,input comment="Added By - DHCP - Bad Ops Lease R\
ogue Device Foxtel-MX6505NF-0210192200310291" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B0:83:D6:A0:A0:7B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
4E:05:39:89:D6:08
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E2:16:7B:25:41:A9
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
CE:CD:DA:13:33:9C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:D8:F4:C9
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3C:5C:C4:68:1E:70
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
66:D1:3E:9C:BF:56
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B2:B6:E2:6F:A4:51
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Steve-s-S20-Ultra" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=02:C7:20:1C:B6:A9
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device android-aa6a21b409c30dac" \
log=yes log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=4C:18:9A:82:FB:39
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Nest-Cam" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:33:EC:58
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C6:01:3B:93:32:A2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1C:53:F9:04:9E:D7
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device OPPO-A57" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=42:4B:25:D6:6E:53
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A0:92:08:EC:E3:7F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A0:92:08:EC:ED:47
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A0:92:08:60:CC:9B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
86:EE:0E:02:EE:58
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
EA:95:07:B2:90:DE
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device BedroomAppleTV" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A4:D1:8C:67:88:67
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
EC:8A:C4:66:36:92
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device G6Laptop" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=00:68:EB:DF:47:BD
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
6A:5A:B5:DE:41:76
add action=accept chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Andrews-MBP" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=00:E0:4C:36:0B:36
add action=accept chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Andrews-MBP" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=5C:E9:1E:97:EB:D3
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=1C:AF:4A:50:49:9A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
82:CD:7B:E3:E0:07
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4B:B1:E4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=20:1F:3B:3B:A6:C6
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:71:8B:41
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1C:D6:BE:58:4B:8C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
30:32:35:B7:BB:DA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
70:70:AA:FF:E2:45
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
70:F0:88:30:72:A2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4B:56:62
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:89:5C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:A9:02
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:B1:95:38
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=14:C1:4E:12:CB:32
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Renee-s-S21-FE" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=AE:01:02:74:F3:EB
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A4:30:7A:95:5D:B8
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:EA:30
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Andrea-s-S21-FE" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=BE:5E:64:77:4B:F7
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:49:9E:62
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:EA:0C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4B:74:0A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Renee-s-Galaxy-Tab-A7" log=\
yes log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=BE:EC:21:91:E0:F6
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
26:D1:D2:EB:82:9D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1E:F4:1B:A7:EB:73
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
72:B7:A2:9F:FF:6B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
60:23:A4:D3:E9:39
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9E:18:81:EA:4C:41
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A2:E2:48:C5:DF:D1
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
D6:C0:EE:12:30:AD
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
2A:A5:B2:D5:09:82
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:72:98:60:A3:CA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
74:F9:CA:25:30:22
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
22:B7:E7:99:82:68
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1A:5A:F3:19:D1:74
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device A" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B8:E8:56:90:75:88
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A6:61:39:59:F0:7B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
42:5F:11:92:9D:49
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
4A:3C:36:C3:E8:DE
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
60:23:A4:55:37:0D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device XBOX" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E4:2A:AC:31:C9:86
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
CA:9B:58:C6:85:8F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Christine-s-Tab-A-8-0-2019" \
log=yes log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=8E:99:57:4A:5E:67
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Galaxy-S9" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=08:C5:E1:B3:DF:62
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
FA:00:C1:22:0A:68
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
F2:E7:0C:62:8E:70
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9E:0B:03:B1:B6:30
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
4A:75:4C:F9:A6:B3
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
36:7C:73:24:C6:31
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
92:64:38:D1:01:2F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
AA:19:CD:43:21:A0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Kym-s-Tab-A7" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=36:D6:AC:09:7D:10
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3E:49:C8:F0:33:7B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
86:A9:85:E8:5C:91
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device DESKTOP-GAAFL45" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=1C:1B:B5:53:79:8D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Fionas-iPad" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=22:51:C8:77:B0:25
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Toms-Air" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=08:6D:41:B8:82:C6
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E2:9A:89:10:BE:1D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
6A:67:BA:8B:08:8A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A8:80:55:B2:D5:18
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
7C:F6:66:ED:D0:D5
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1E:D7:A7:FA:F2:69
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
16:D2:03:2B:5F:B0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Lisas-iPad" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=CE:F8:06:E5:2D:CC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
62:3D:DE:E7:38:E0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Rachael-s-S21" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=4A:11:30:86:78:E4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A2:FA:84:F3:A3:9D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LAPTOP-FJOQGUBT" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=9E:57:7E:15:49:C0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device android-f5da173944065e45" \
log=yes log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=B4:1C:30:0A:EB:BF
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3A:00:4D:E2:8B:E4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device myrossin-G9LDHR3" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=64:D6:9A:64:A3:70
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B2:1D:1D:EB:FE:5D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Pixel-7" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=06:18:AF:A1:7F:33
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
4A:68:59:40:57:1D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9E:3B:FA:2C:14:AD
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1E:CD:2C:41:DF:A8
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3A:D4:24:94:5C:D7
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
F0:A2:25:76:6E:D1
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1A:F3:F8:F0:08:6E
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
46:4F:FC:FF:D1:79
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
D4:AB:CD:23:12:61
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device wlan0" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A8:80:55:B2:E2:43
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
62:F0:E3:DB:1C:2D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device PP-LAP-167" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=44:E5:17:4A:A1:9B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Morgans-Air-2" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D4:57:63:E8:26:AB
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
D2:31:E4:D2:FE:CE
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Isabelles-MBP" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A4:CF:99:76:7C:D8
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1A:45:95:46:0F:5F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LAPTOP-FJOQGUBT" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=3C:52:82:EB:65:7D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LAPTOP-FJOQGUBT" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=3C:F8:62:00:F0:FF
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device OPPO-A54-5G" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=4A:69:99:1C:BE:92
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device OPPO-A54-5G" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=7A:AC:75:66:22:6D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device BRWACD1B833BD95" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=AC:D1:B8:33:BD:95
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device iPhone" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
40:70:F5:62:86:EE
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:69:B7:8B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A0:D7:F3:C3:77:9A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:4B:28
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:4A:EA:1C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
84:3E:1D:2C:27:13
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Galaxy-A52" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=AA:BC:A4:89:66:CC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
98:22:EF:43:DD:DA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device OPPO-A76" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=82:0A:E3:AC:B5:18
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E8:DA:20:59:CF:3F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LP-Oppo" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=06:D2:35:C5:C0:E1
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
98:B6:E9:01:52:A2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
02:F5:41:86:CB:05
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
18:EF:3A:F8:B5:F0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
84:E6:57:70:21:40
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1C:53:F9:85:3A:14
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
38:F7:3D:75:87:41
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:77:11:65
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device TIZEN" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
D0:03:DF:C5:A6:FA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=A0:D7:F3:50:86:DA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
16:66:B3:F1:15:FC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9A:EC:0F:99:E0:C0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
F2:22:7C:C1:7B:6F
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
AE:8D:24:6E:C1:9E
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
AA:4F:FE:9F:60:AC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3E:E5:9A:F1:FD:CF
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
44:01:BB:49:9E:3A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device ANORA-NB17" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=F8:9E:94:2D:E4:DE
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device ANORA-NB12" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=28:39:26:CE:95:E3
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B4:6C:47:65:7D:E8
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Chromecast" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=D8:EB:46:72:CE:92
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
26:32:DC:8C:62:18
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Samsung" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=B0:99:D7:7B:E2:16
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
56:21:2B:6E:8A:07
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
B6:49:91:09:8F:68
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C6:84:AA:3E:A9:6A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Scarletts-MBP" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=C4:91:0C:AB:9C:7D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
D2:BA:62:33:6C:FC
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E2:C8:67:EE:0C:07
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Violets-MBP-2" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=C4:91:0C:B0:FE:3A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device iPad-2" log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
06:9C:33:09:C8:63
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9E:1A:E0:72:E6:BB
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
0E:0A:EA:6D:54:84
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
42:9E:61:EF:E6:E9
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C6:20:7D:92:48:AA
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
BA:FE:5A:1A:CA:3A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
2A:8C:91:38:76:40
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
3A:BD:EC:35:FD:93
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
06:02:0E:54:2B:22
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
2E:83:BE:30:BA:50
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:29:6E:73:2E:05
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Matt-Laptop" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=80:91:33:0C:55:57
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
36:05:1F:AD:19:11
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device DESKTOP-ABU6OFU" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=20:7B:D2:B6:E7:15
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
8A:2A:F3:A2:A3:2D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:94:25:BD:F0:79
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
BE:48:E2:DD:F8:0B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:78:C1:B4:97:E0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
F6:4E:A7:91:3B:F0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
6E:90:73:17:FC:21
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
4E:BA:09:7A:93:85
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
82:0B:E4:5C:5D:A1
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C2:66:F4:27:FF:9B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
26:2A:4E:EE:99:A6
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
52:63:2C:79:15:F8
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
E6:8C:BF:67:C1:F1
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
AE:39:34:8B:CB:E2
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
02:B1:11:20:D8:6A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
F2:B8:84:0F:D2:9C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LAPTOP-2R0LDPN5" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=B0:7D:64:25:C5:BF
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device LAPTOP-939UTP44" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=84:EF:18:2F:27:6D
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Maes-MBP" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=6C:40:08:BC:84:00
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Paul-s-S23-Ultra" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=E2:22:22:48:BA:66
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9A:89:3E:9F:30:58
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
A6:8B:7E:64:79:73
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
BE:C7:C4:E0:40:F4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
9A:36:6C:60:FE:5C
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Lachlans-Air" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=14:7D:DA:A7:61:1B
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
CE:50:F3:E1:C8:27
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:8E:87:0E:7A:A7
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
1E:B1:D6:02:9B:81
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
C6:BD:A8:25:69:F4
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device CFS2132113159" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=E4:0D:36:EE:98:6E
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device TP-Daniella-22" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=3C:21:9C:03:FC:50
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
82:5B:49:F6:AB:7A
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device HLKK9Y3" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=30:05:05:E4:8C:C0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
DA:CE:27:4E:0C:D0
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Tony-s-S21-FE" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=26:CB:FA:FB:39:D9
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device " log=yes log-prefix=\
"Drop Rogue Device" src-address=192.168.10.0/24 src-mac-address=\
06:65:23:8F:84:67
add action=drop chain=forward,input comment=\
"Added By - DHCP - Bad Ops Lease Rogue Device Galaxy-S9" log=yes \
log-prefix="Drop Rogue Device" src-address=192.168.10.0/24 \
src-mac-address=C2:4A:F3:BF:3A:7A
add action=accept chain=forward disabled=yes out-interface=\
"SMTV Cast - Bridge" protocol=icmp
add action=drop chain=forward comment="Drop Trafic Between OPS Network" \
disabled=yes dst-address=192.168.10.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment=\
"drop all traffic from Guest 10.10.4.0/22 to Guest" disabled=yes \
dst-address=10.10.4.0/22 src-address=10.10.4.0/22
add action=drop chain=input comment=\
"drop all traffic from Unit Vlans with a destination of 10.0.0.0/22 OPS" \
disabled=yes dst-address=10.0.0.0/22 src-address=192.168.20.0/22
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input disabled=yes in-interface-list=WAN log=yes \
log-prefix="ICMP ACCEPT :> " protocol=icmp
add action=accept chain=input disabled=yes in-interface-list=WAN log=yes \
log-prefix="ICMP ACCEPT :> " protocol=igmp
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=fasttrack-connection chain=input comment=\
"Accept established and related connections" connection-state=\
established,related disabled=yes
add action=accept chain=input connection-state=established,related
add action=accept chain=input comment="Accept all from \"Support\" List" \
src-address-list=support
add action=accept chain=input in-interface-list=LAN src-address=\
192.168.10.0/24
add action=accept chain=input disabled=yes src-address=10.10.10.0/24
add action=log chain=forward disabled=yes log=yes log-prefix=\
"PRINTER IP -->> " src-address=10.0.0.200
# no interface
add action=accept chain=forward in-interface=*23
add action=accept chain=forward disabled=yes dst-port=5060,4000-6399 \
in-interface-list=WAN protocol=tcp
add action=accept chain=forward dst-port=5060,4000-6399,6089,5060 \
in-interface-list=WAN protocol=udp src-address-list=SIP
add action=accept chain=forward dst-port=5060,4000-6399,6089,5060 \
in-interface-list=WAN protocol=tcp src-address-list=SIP
add action=accept chain=forward in-interface-list=WAN src-address-list=SIP
add action=accept chain=forward comment="Grandstream GWN Cloud Server" \
in-interface-list=WAN src-address-list=GWN_Cloud
add action=accept chain=forward dst-port=443 in-interface-list=WAN \
log-prefix="Accept Forward On Support LIst -- >>>" protocol=tcp \
src-address-list=support
add action=accept chain=forward connection-nat-state=dstnat disabled=yes \
in-interface-list=WAN
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Accept Established and Related" \
connection-state=established,related in-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat \
in-interface-list=WAN
add action=drop chain=forward connection-state=invalid in-interface-list=WAN \
log=yes log-prefix="DROP Forward -->>> "
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=forward comment="Drop syn flood list" src-address-list=\
Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1 src-address-list=!White-Llist
add action=drop chain=input comment="Drop port scan list" src-address-list=\
Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE BEFORE ADDING YOUR SUBNET TO SUPPORT ADDRES\
S LIST #" dst-port=8291 protocol=tcp src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=add-src-to-address-list address-list=Spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=Spammers
add action=add-src-to-address-list address-list=ftp_Brute \
address-list-timeout=3h chain=input comment=\
"Add bruteforcers to list for 3 hours" connection-limit=30,32 content=\
"530 Login incorrect" dst-port=21 limit=10/1m,0:packet protocol=tcp
add action=tarpit chain=forward comment="Tarpit login bruteforce" dst-port=25 \
protocol=tcp src-address-list=smtp_Brute
add action=drop chain=input comment="Drop ftp bruteforce" dst-port=21 \
protocol=tcp src-address-list=ftp_Brute
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" \
in-interface-list=WAN log-prefix="Drop Imput -->> "
add action=accept chain=ICMP comment="Echo reply" in-interface-list=LAN \
protocol=icmp src-address=192.168.10.0/24
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
disabled=yes icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0-255 \
protocol=icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=accept chain=ICMP log=yes log-prefix="Accept ICMP LAN --->> " \
src-address=10.0.0.0/21
add action=accept chain=ICMP in-interface=all-ppp protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=yes \
log-prefix="ICMP RULES DROP -->> " protocol=icmp
add action=accept chain=output connection-state=\
invalid,established,related,new,untracked disabled=yes log-prefix=\
"OUTPUT >>> "
add action=log chain=output disabled=yes log=yes log-prefix=\
"OUTPUT Midded >>> "
add action=drop chain=3CX-PBX log-prefix="3CX DRop -->> "
/ip firewall mangle
add action=add-dst-to-address-list address-list=smtp_Brute \
address-list-timeout=10m chain=forward comment=\
"Add excessive login failures to list for 10 minutes" connection-state=\
established content=\
"535 5.7.8 Error: authentication failed: authentication failure" limit=\
!3/1m,3:packet protocol=tcp src-port=25
add action=mark-connection chain=prerouting comment="T1 phones Route" \
connection-mark=no-mark disabled=yes in-interface-list=LAN \
new-connection-mark=wan2 passthrough=yes src-address-list=T1-Phone-system
add action=mark-connection chain=prerouting comment=\
"TEMP ACCESS to MODEM From T1 Reception" connection-mark=no-mark \
disabled=yes in-interface-list=LAN new-connection-mark=wan2 passthrough=\
yes src-address=192.168.40.231
add action=mark-connection chain=prerouting comment="T2 phones Route" \
connection-mark=no-mark disabled=yes in-interface-list=LAN \
new-connection-mark=wan1 passthrough=yes src-address-list=T2-Phone-system
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes new-connection-mark=wan2 passthrough=yes src-address=192.168.50.0/24
add action=accept chain=prerouting disabled=yes dst-address=120.88.120.0/22 \
in-interface=all-vlan
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address=3.106.179.83 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="eth 1" connection-mark=\
no-mark disabled=yes in-interface=ether1 new-connection-mark=wan1 \
passthrough=yes
add action=mark-connection chain=prerouting comment="eth 2" connection-mark=\
no-mark disabled=yes in-interface=ether2 new-connection-mark=wan2 \
passthrough=yes
add action=mark-connection chain=prerouting comment="eth 3" connection-mark=\
no-mark disabled=yes in-interface=ether3 new-connection-mark=wan3 \
passthrough=yes
add action=mark-connection chain=prerouting comment="eth 5" connection-mark=\
no-mark disabled=yes in-interface="T1-NBN 1 - 999" new-connection-mark=\
T1-wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="eth 5" connection-mark=\
no-mark disabled=yes in-interface="T1-NBN 2 - 998" new-connection-mark=\
T1-wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark wan1 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan1 passthrough=yes \
per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark wan2 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan2 passthrough=yes \
per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark wan3 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=wan3 passthrough=yes \
per-connection-classifier=both-addresses:3/2
add action=mark-connection chain=prerouting comment="Mark T1-wan2 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=T1-wan2 passthrough=yes \
per-connection-classifier=both-addresses:5/4
add action=mark-connection chain=prerouting comment="Mark T1-wan1 con" \
connection-mark=no-mark disabled=yes dst-address-type=!local \
in-interface-list=LAN new-connection-mark=T1-wan1 passthrough=yes \
per-connection-classifier=both-addresses:5/3
add action=mark-routing chain=prerouting comment="Mark Rout wan1" \
connection-mark=wan1 disabled=yes in-interface-list=LAN new-routing-mark=\
wan1-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan2" \
connection-mark=wan2 disabled=yes in-interface-list=LAN new-routing-mark=\
wan2-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout wan3" \
connection-mark=wan3 disabled=yes in-interface-list=LAN new-routing-mark=\
wan3-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout T1" \
connection-mark=T1-wan1 disabled=yes in-interface-list=LAN \
new-routing-mark=T1wan1-out passthrough=yes
add action=mark-routing chain=prerouting comment="Mark Rout T1 -2" \
connection-mark=T1-wan2 disabled=yes in-interface-list=LAN \
new-routing-mark=T1wan2-out passthrough=yes
add action=mark-routing chain=output comment="Output rout mark wan 1" \
connection-mark=wan1 disabled=yes new-routing-mark=wan1-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 2" \
connection-mark=wan2 disabled=yes new-routing-mark=wan2-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 3" \
connection-mark=wan3 disabled=yes new-routing-mark=wan3-out passthrough=\
yes
add action=mark-routing chain=output comment="Output rout mark wan 5" \
connection-mark=T1-wan1 disabled=yes new-routing-mark=T1wan1-out \
passthrough=yes
add action=mark-routing chain=output comment="Output rout mark wan 5" \
connection-mark=T1-wan2 disabled=yes new-routing-mark=T1wan2-out \
passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=wan1 disabled=yes \
dst-address=3.106.179.83
# no interface
add action=masquerade chain=srcnat out-interface=*F00B3E
add action=masquerade chain=srcnat out-interface=duxVPN
add action=masquerade chain=srcnat disabled=yes out-interface=\
"SMTV Cast - Bridge" src-address=192.168.10.98
add action=masquerade chain=srcnat disabled=yes src-address-list=\
T1-Phone-system
add action=masquerade chain=srcnat out-interface=Management-VPN
add action=src-nat chain=srcnat comment="src-nat PBX T1 out set wan IP /30" \
out-interface-list=WAN src-address=192.168.50.8/29 to-addresses=\
14.203.147.97
add action=src-nat chain=srcnat comment="src-nat PBX T2 out set wan IP /30" \
out-interface-list=WAN src-address=192.168.50.16/29 to-addresses=\
14.203.147.98
add action=src-nat chain=srcnat comment=\
"AUTO_SNAT_By_DHCP-Client_Script_WAN T1 NBN1" disabled=yes out-interface=\
"T1-NBN 1 - 999" to-addresses=192.168.1.100
add action=src-nat chain=srcnat comment=\
"AUTO_SNAT_By_DHCP-Client_Script_ T1 NBN 2" disabled=yes out-interface=\
"T1-NBN 2 - 998" to-addresses=10.1.1.21
add action=masquerade chain=srcnat out-interface-list=WAN
add action=log chain=srcnat comment=Insert_Point_Do_NOT_Remove disabled=yes
add action=dst-nat chain=dstnat comment="PBX T1 Access over addon /30" \
dst-address=14.203.147.97 dst-port=5060,4000-6000,5065,6089 in-interface=\
ether1 protocol=tcp to-addresses=192.168.50.10
add action=dst-nat chain=dstnat comment="PBX T1 Access over addon /30" \
dst-address=14.203.147.97 dst-port=5060,4000-6000,5065,6089 in-interface=\
ether1 protocol=udp to-addresses=192.168.50.10
add action=dst-nat chain=dstnat comment="PBX T1 Access over addon /30" \
dst-address=14.203.147.97 dst-port=48901 in-interface=ether1 protocol=tcp \
to-addresses=192.168.50.10 to-ports=8080
add action=dst-nat chain=dstnat comment="PBX T1 Access over addon /30" \
dst-address=14.203.147.97 dst-port=48900 in-interface=ether1 protocol=tcp \
to-addresses=192.168.50.11 to-ports=80
add action=dst-nat chain=dstnat comment="PBX T2 Access over addon /30" \
dst-address=14.203.147.98 dst-port=5060,4000-6000,5065,6089 in-interface=\
ether1 protocol=tcp to-addresses=192.168.50.20
add action=dst-nat chain=dstnat comment="PBX T2 Access over addon /30" \
dst-address=14.203.147.98 dst-port=5060,4000-6000,5065,6089 in-interface=\
ether1 protocol=udp to-addresses=192.168.50.20
add action=dst-nat chain=dstnat comment="PBX T2 Access over addon /30" \
dst-address=14.203.147.98 dst-port=48901 in-interface=ether1 protocol=tcp \
to-addresses=192.168.50.20 to-ports=8080
add action=dst-nat chain=dstnat comment="PBX T2 Access over addon /30" \
dst-address=14.203.147.98 dst-port=48900 in-interface=ether1 protocol=tcp \
to-addresses=192.168.50.21 to-ports=80
add action=dst-nat chain=dstnat comment="PBX Access T1" disabled=yes \
dst-port=48900 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.50.11 to-ports=80
add action=dst-nat chain=dstnat comment="SIP Card PBX Access T1" disabled=yes \
dst-port=48901 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.50.10 to-ports=8080
add action=dst-nat chain=dstnat disabled=yes dst-port=5060,4000-6000 \
in-interface=ether2 protocol=tcp to-addresses=192.168.50.10
add action=dst-nat chain=dstnat disabled=yes dst-port=5060,4000-6000 \
in-interface=ether1 protocol=tcp to-addresses=192.168.50.20
add action=dst-nat chain=dstnat disabled=yes dst-port=\
5060,4000-6000,5065,6089 in-interface=ether2 protocol=udp to-addresses=\
192.168.50.10
add action=dst-nat chain=dstnat disabled=yes dst-port=\
5060,4000-6000,5065,6089 in-interface=ether1 protocol=udp to-addresses=\
192.168.50.20
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=src-nat chain=srcnat comment="src-nat guests" disabled=yes \
out-interface-list=WAN src-address=10.10.0.0/22 to-addresses=\
210.10.231.37
add action=src-nat chain=srcnat comment="src-nat guests - NEW VLANS" \
disabled=yes out-interface-list=WAN src-address=192.168.20.0/22 \
to-addresses=210.10.231.37
add action=src-nat chain=srcnat comment="src-nat guests" disabled=yes \
out-interface-list=WAN src-address=10.10.4.0/22 to-addresses=\
210.10.231.37
add action=src-nat chain=srcnat comment="src-nat ops" disabled=yes \
out-interface-list=WAN src-address=10.0.0.0/22 to-addresses=210.10.231.33
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN \
src-address=!210.10.231.32/29
/ip firewall service-port
set sip disabled=yes
/ip hotspot walled-garden
add dst-host=voipitup.duxadmin.com
/ip route
add check-gateway=ping comment=wan1-out disabled=yes distance=1 gateway=\
60.240.32.225%ether1 routing-mark=wan1-out
add check-gateway=ping comment=wan2-out disabled=yes distance=1 gateway=\
192.168.1.1%ether2 routing-mark=wan2-out
add check-gateway=ping comment=base-ruel distance=1 gateway=\
60.240.32.225%ether1
add check-gateway=ping comment=base-ruel disabled=yes distance=3 gateway=\
192.168.1.1%ether2
add check-gateway=ping distance=1 dst-address=3.106.179.83/32 gateway=\
60.240.32.225%ether1
add check-gateway=ping disabled=yes distance=2 dst-address=3.106.179.83/32 \
gateway=192.168.100.1%ether2
add check-gateway=ping disabled=yes distance=3 dst-address=3.106.179.83/32 \
gateway=192.168.1.1%ether3
add distance=1 dst-address=172.16.27.0/24 gateway=duxVPN
add distance=1 dst-address=172.31.32.0/20 gateway=192.168.10.5
add disabled=yes distance=1 dst-address=192.168.10.30/31 gateway=combo1 \
pref-src=192.168.10.1
add distance=1 dst-address=203.175.179.43/32 gateway=duxVPN
/ip route rule
add action=drop disabled=yes dst-address=10.10.4.0/22 src-address=\
10.10.4.0/22
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp aaa
set interim-update=30m use-radius=yes
/ppp l2tp-secret
add address=10.10.10.0/24 comment="\$#m7aEYbpT^6" secret="\$#m7aEYbpT^6"
/ppp secret
add comment="\$dGt5649#0361" name=harrisontech password="\$dGt5649#0361" \
profile="Reflections Operations VPN"
/radius
add address=172.16.27.9 secret=becomme service=ppp,hotspot timeout=3s
add address=203.175.179.9 secret=becomme
/radius incoming
set accept=yes
/snmp
set enabled=yes trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=Australia/Brisbane
/system identity
set name=Reflections_T2_Main
/system logging
set 0 topics=info,!pppoe
set 1 topics=error,!pppoe
add disabled=yes topics=debug,radius
add topics=error
add disabled=yes topics=info
add action=PPPoELOGS disabled=yes topics=pppoe
add topics=ipsec,l2tp,debug
add topics=firewall,info
add disabled=yes topics=ppp,debug
add disabled=yes topics=radius,debug
add action=SystemLogs topics=system
/system scheduler
add interval=2d name=autobackup on-event=":local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Reflections\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=mar/16/2022 start-time=19:22:45
/system script
add dont-require-permissions=no name=rogue-dhcp owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/log error \" Rogue DHCP server detected!\""
add dont-require-permissions=no name="Manual Backup" owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local saveUserDB false\r\
\n:local saveSysBackup true\r\
\n:local encryptSysBackup false\r\
\n:local saveRawExport true\r\
\n\r\
\n:local FTPServer \"backup.posscales.com.au\"\r\
\n:local FTPPort 21\r\
\n:local FTPUser \"MT_Backups@backup.posscales.com.au\"\r\
\n:local FTPPass \"!Dgt.974082\"\r\
\n:local FTPdest \"/Reflections\"\r\
\n\r\
\n:local ts [/system clock get time]\r\
\n:set ts ([:pick \$ts 0 2].[:pick \$ts 3 5].[:pick \$ts 6 8])\r\
\n:local ds [/system clock get date]\r\
\n:set ds ([:pick \$ds 7 11].[:pick \$ds 0 3].[:pick \$ds 4 6])\r\
\n\r\
\n:local fname (\"BACKUP-\".[/system identity get name].\"-\".\$ds.\"-\".\
\$ts)\r\
\n:local sfname (\"/\".\$fname)\r\
\n:if (\$saveUserDB) do={\r\
\n /tool user-manager database save name=(\$sfname.\".umb\")\r\
\n :log info message=\"User Manager DB Backup Finished\"\r\
\n}\r\
\n:if (\$saveSysBackup) do={\r\
\n :if (\$encryptSysBackup = true) do={ /system backup save name=(\$sfnam\
e.\".backup\") }\r\
\n :if (\$encryptSysBackup = false) do={ /system backup save dont-encrypt\
=yes name=(\$sfname.\".backup\") }\r\
\n :log info message=\"System Backup Finished\"\r\
\n}\r\
\nif (\$saveRawExport) do={\r\
\n /export file=(\$sfname.\".rsc\")\r\
\n :log info message=\"Raw configuration script export Finished\"\r\
\n}\r\
\n:local backupFileName \"\"\r\
\n:local backupDestPath \"\"\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :set backupFileName (\"/\".[/file get \$backupFile name])\r\
\n :set backupDestPath (\$FTPdest.\$backupFileName)\r\
\n :if ([:typeof [:find \$backupFileName \$sfname]] != \"nil\") do={\r\
\n # :log warning message=\"/tool fetch address=\$FTPServer port=\$FTPPor\
t src-path=\$backupFileName user=\$FTPUser mode=ftp password=\$FTPPass dst\
-path=\$backupDestPath upload=yes\"\r\
\n\r\
\n /tool fetch address=\$FTPServer port=\$FTPPort src-path=\$backupFile\
Name user=\$FTPUser mode=ftp password=\$FTPPass dst-path=\$backupDestPath \
upload=yes\r\
\n }\r\
\n}\r\
\n:delay 10s\r\
\n:foreach backupFile in=[/file find] do={\r\
\n :if ([:typeof [:find [/file get \$backupFile name] \"BACKUP-\"]]!=\"ni\
l\") do={\r\
\n /file remove \$backupFile\r\
\n }\r\
\n}\r\
\n\r\
\n:log info message=\"Successfully removed Temporary Backup Files\"\r\
\n:log info message=\"Automatic Backup Completed Successfully\""
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool netwatch
add host=8.8.8.8 up-script="/tool e-mail send from=\"pbx@voipitup.com.au\" ser\
ver=\"mail.voipitup.com.au\" body=\"Reflections Internet Router Back UP\" \
subject=\"Reflections Internet is back oonline \" to=\"jloeken@posscales.c\
om.au\" port=587 user=pbx@voipitup.com.au password=Pss.974082 start-tls=no\
"
/tool romon
set enabled=yes
/tool sniffer
set file-limit=10000KiB file-name=radius-DuxVPN.pcap filter-interface=duxVPN