# model: RB4011iGS+ # serial-number: B8F30A0BEEC4 # firmware-type: al2 # current-firmware: 6.49.10 # installed-version: 6.49.10 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U filter rule changed admin write # U filter rule changed admin write # U filter rule changed admin write # U filter rule moved admin write # U filter rule changed admin write # U filter rule moved admin write # U filter rule changed admin write # U filter rule moved admin write # U filter rule changed admin write # U filter rule moved admin write # U filter rule changed admin write # U filter rule moved admin write # U filter rule moved admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule changed admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule added admin write # U filter rule changed admin write # U filter rule added admin write # U address list entry added admin write # U address list entry added admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U nat rule changed admin write # U nat rule added admin write # U simple queue added admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U filter rule changed admin write # U filter rule changed admin write # U filter rule changed admin write # U filter rule added admin write # U filter rule changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U nat rule changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U simple queue added admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U user mentes added admin write # policy # U user group backup added admin write # policy # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # U address changed admin write # # software id = FZB2-6HNC # # model = RB4011iGS+ # serial number = B8F30A0BEEC4 /interface bridge add fast-forward=no name=loopback add fast-forward=no name=sip-bridge /interface ethernet set [ find default-name=ether1 ] comment="TCOM OPTIKA" name=ether1-budapest set [ find default-name=ether2 ] comment="SERVEREK tartalek kabel" name=ether2-serverek set [ find default-name=ether3 ] name=ether3-ripeatlas set [ find default-name=ether4 ] name=ether4-plaza set [ find default-name=ether5 ] name=ether5-upc set [ find default-name=ether6 ] comment="pfSense tuzfal Serverek fele" name=ether6-pfsense set [ find default-name=ether7 ] comment="Kamera server" name=ether7-kameraserver speed=100Mbps set [ find default-name=ether8 ] comment="Huncert Probe eszkoz" name=ether8-huncert set [ find default-name=ether9 ] comment="APC Smart UPS" name=ether9-APC set [ find default-name=ether10 ] comment="Lackner fele" name=ether10-lackner /interface eoip add !keepalive mac-address=02:39:EE:11:7D:57 name=eoip-sipinvitel remote-address=86.109.64.70 tunnel-id=55 add comment="eoip upc fele ospf miatt" local-address=10.99.0.1 mac-address=02:00:69:BE:ED:BB mtu=1500 name=eoip-upc-budapest-ospf remote-address=10.99.0.3 tunnel-id=600 /interface vlan add comment="SIP Link Invitel fele" interface=ether2-serverek name=vlan300-sip vlan-id=300 /interface ethernet switch port set 0 default-vlan-id=0 set 1 default-vlan-id=0 set 2 default-vlan-id=0 set 3 default-vlan-id=0 set 4 default-vlan-id=0 set 5 default-vlan-id=0 set 6 default-vlan-id=0 set 7 default-vlan-id=0 set 8 default-vlan-id=0 set 9 default-vlan-id=0 set 10 default-vlan-id=0 set 11 default-vlan-id=0 /interface list add name=server-portok /ip ipsec peer add name=peer passive=yes /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des /ip pool add name=dhcp_pool0 ranges=86.109.64.102 add name=dhcp_pool1 ranges=86.109.64.114 add name=dhcp_pool3 ranges=10.99.10.100-10.99.10.254 add name=dhcp_pool4 ranges=10.99.11.2-10.99.11.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=ether8-huncert name=dhcp1 add address-pool=dhcp_pool1 disabled=no interface=ether3-ripeatlas name=dhcp2 add address-pool=dhcp_pool3 disabled=no interface=ether7-kameraserver name=dhcp3 add address-pool=dhcp_pool4 disabled=no interface=ether9-APC name=dhcp4 /ppp profile set *FFFFFFFE local-address=10.99.99.1 only-one=yes /queue simple add limit-at=1G/1G max-limit=1G/1G name=T440.RLAN.HU target=86.109.64.3/32 add comment="Megsz\FBnt" disabled=yes limit-at=1G/1G max-limit=1G/1G name="SPACE - git szerver" target=86.109.64.4/32 add limit-at=20M/20M max-limit=20M/20M name=NS.RLAN.HU target=86.109.64.5/32 add limit-at=50M/50M max-limit=50M/50M name="NS.MAGICNET.HU - T440 gepen" target=86.109.64.6/32 add limit-at=50M/50M max-limit=100M/100M name=ZABBIX.RLAN.HU target=86.109.64.7/32 add limit-at=100M/100M max-limit=150M/150M name=W4.RLAN.HU target=86.109.64.8/32 add limit-at=50M/50M max-limit=50M/50M name="FUNC.RLAN.HU (web.magicnet.hu)" target=86.109.64.9/32 add limit-at=50M/50M max-limit=50M/50M name=MAIL.RLAN.HU target=86.109.64.10/32 add limit-at=1G/1G max-limit=1G/1G name=SPARTA.MAGICNET.HU target=86.109.64.11/32 add limit-at=11/11 max-limit=100M/100M name="SNMP4 UNMS / HOST" target=86.109.64.12/32 add limit-at=100M/100M max-limit=100M/100M name=MAIL3.RLAN.HU target=86.109.64.13/32 add limit-at=50M/50M max-limit=50M/50M name=SNMP.MAGICNET.HU target=86.109.64.14/32 add limit-at=50M/50M max-limit=50M/50M name=SQL.MAGICNET.HU target=86.109.64.15/32 add limit-at=50M/50M max-limit=50M/50M name=BACKUP.MAGICNET.HU target=86.109.64.16/32 add comment="Megsz\FBnt" disabled=yes limit-at=50M/50M max-limit=50M/50M name="PROXMOX BACKUP" target=86.109.64.17/32 add limit-at=100M/100M max-limit=100M/100M name=PHONE.MAGICNET.HU target=86.109.64.18/32 add limit-at=50M/50M max-limit=50M/50M name="WEB.MAGICNET.HU- T440 gepen" target=86.109.64.20/32 add limit-at=50M/50M max-limit=50M/50M name=SQL.RLAN.HU target=86.109.64.21/32 add limit-at=50M/50M max-limit=50M/50M name="RADIUS.RLAN.HU - sql.rlan.hu gepen" target=86.109.64.22/32 add limit-at=10M/10M max-limit=50M/50M name=SNMP2.MAGICNET.HU target=86.109.64.23/32 add limit-at=50M/50M max-limit=50M/50M name="WORK.RLAN.HU (web.magicnet.hu)" target=86.109.64.24/32 add limit-at=50M/50M max-limit=50M/50M name="PARTNER.RLAN.HU (web.magicnet.hu)" target=86.109.64.25/32 add limit-at=50M/50M max-limit=50M/50M name=PHONE.RLAN.HU target=86.109.64.27/32 add limit-at=20M/20M max-limit=100M/100M name="WAZUH.RLAN.HU -T440 gepen" target=86.109.64.29/32 add limit-at=50M/50M max-limit=300M/300M name=MAIL.RLANINTERNET.HU target=86.109.64.30/32 add limit-at=100/100 max-limit=100/100 name="URES cimek server taromanyban" target=86.109.64.0/27 add max-limit=100M/100M name="WEBMAIL.RLAN.HU - T440 gepen" target=86.109.64.34/32 add max-limit=300M/300M name="OpenStack Control Node" target=86.109.64.35/32 add max-limit=100M/100M name="Aginet ACS" target=86.109.64.36/32 add max-limit=100M/100M name="Kiss Zolt\E1n Nextcloud" target=86.109.64.37/32 add max-limit=100M/100M name="Kriszti\E1n Fejleszt\F5s g\E9pe" target=86.109.64.44/32 add limit-at=100/100 max-limit=100/100 name="URES cimek ugyfel server tartomanyban" target=86.109.64.32/27 add limit-at=30M/30M max-limit=30M/30M name="SCHEIDL ERNO" target=86.109.67.22/32 add max-limit=10M/10M name=sw-sopron.magicnet.hu target=10.0.0.3/32 add max-limit=10M/10M name="iDrac T440" target=10.0.0.4/32 add max-limit=10M/10M name="gw-uj-iroda router" target=10.0.0.5/32 add max-limit=100M/100M name="Netbox (T440en)" target=10.0.0.6/32 add max-limit=100M/100M name=Gitlab target=10.0.0.10/32 add max-limit=100M/100M name=Eramba target=10.0.0.11/32 /routing bgp instance set default disabled=yes add as=65000 disabled=yes name=bgp1 redistribute-ospf=yes router-id=86.109.64.89 /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=10.255.0.5 /snmp community set [ find default=yes ] addresses=86.109.64.0/27,10.0.0.0/24 add addresses=86.109.64.0/27 name=partnerlogin /system logging action set 3 remote=86.109.64.16 /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" add name=backup policy="ssh,read,sensitive,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!api,!romon,!dude,!tikapp" #error exporting /interface bridge calea /interface bridge port add bridge=sip-bridge interface=eoip-sipinvitel add bridge=sip-bridge interface=vlan300-sip /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set authentication=mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=1460 mrru=1600 /interface list member add interface=ether2-serverek list=server-portok add interface=ether6-pfsense list=server-portok /interface sstp-server server set authentication=mschap2 force-aes=yes pfs=yes /ip address add address=10.0.0.1/24 comment="SNMP server" interface=ether2-serverek network=10.0.0.0 add address=86.109.64.1/27 comment="Sajat serverek- EZT KAPCSOLD BE, HA LEALL A PFW" disabled=yes interface=ether2-serverek network=86.109.64.0 add address=86.109.67.21/30 comment="SCHEIDL ERNO Spartaban" disabled=yes interface=ether2-serverek network=86.109.67.20 add address=10.99.0.1/24 interface=ether5-upc network=10.99.0.0 add address=10.99.5.1/24 interface=eoip-upc-budapest-ospf network=10.99.5.0 add address=10.99.99.1/24 comment=L2tp/ipsec interface=loopback network=10.99.99.0 add address=10.99.22.1/24 comment="Lackner link fele" interface=ether10-lackner network=10.99.22.0 add address=86.109.64.97/30 comment=pfsense interface=ether6-pfsense network=86.109.64.96 add address=10.1.1.2/24 interface=ether1-budapest network=10.1.1.0 add address=86.109.64.252 comment="VPN internethez, kamera server" interface=loopback network=86.109.64.252 add address=10.255.0.5 interface=loopback network=10.255.0.5 add address=10.99.16.1/24 interface=ether4-plaza network=10.99.16.0 add address=86.109.64.101/30 interface=ether8-huncert network=86.109.64.100 add address=86.109.64.113/30 interface=ether3-ripeatlas network=86.109.64.112 add address=86.109.64.33/27 comment="Kulso serverek- EZT KAPCSOLD BE, HA LEALL A PFW" disabled=yes interface=ether2-serverek network=86.109.64.32 add address=10.99.10.1/24 interface=ether7-kameraserver network=10.99.10.0 add address=10.99.11.1/24 interface=ether9-APC network=10.99.11.0 /ip dhcp-server lease add address=10.99.10.2 client-id=1:74:f8:db:5c:44:b7 mac-address=74:F8:DB:5C:44:B7 server=dhcp3 /ip dhcp-server network add address=10.99.10.0/24 gateway=10.99.10.1 add address=10.99.11.0/24 gateway=10.99.11.1 add address=86.109.64.100/30 dns-server=86.109.64.5,8.8.4.4 gateway=86.109.64.101 add address=86.109.64.112/30 gateway=86.109.64.113 /ip dns set cache-size=20480KiB servers=86.109.64.5,8.8.8.8 /ip firewall address-list add address=86.109.64.0/19 list="belso ip" add address=10.0.0.0/8 list="belso ip" add address=86.109.64.20 list=web.magicnet.hu add address=86.109.64.9 list=web.magicnet.hu add address=86.109.64.24 list=web.magicnet.hu add address=86.109.64.25 list=web.magicnet.hu add address=86.109.64.10 list="mail serverek" add address=86.109.64.30 list="mail serverek" #error exporting /ip firewall calea /ip firewall filter add action=accept chain=input dst-port=21-23 protocol=tcp src-address=10.0.0.0/8 add action=accept chain=input dst-port=21-23 protocol=tcp src-address=86.109.64.0/19 add action=drop chain=input dst-port=21-23 protocol=tcp add action=accept chain=input comment=OSPF protocol=ospf add action=accept chain=input comment="pptp server" dst-port=1723 protocol=tcp add action=accept chain=input comment="l2tp ipsec" dst-port=500,1701,4500 protocol=udp add action=accept chain=input comment="l2tp ipsec" protocol=ipsec-esp add action=accept chain=input comment="==== Estabilished csomagok engedelyezese" connection-state=established add action=accept chain="Server tuzfal" comment="==== Estabilished csomagok engedelyezese" connection-state=established add action=accept chain=input comment="==== Related csomagok engedelyezese" connection-state=related add action=accept chain="Server tuzfal" comment="==== Related csomagok engedelyezese" connection-state=related add action=accept chain=input comment="==== UDP engedelyezese" protocol=udp add action=drop chain=input comment="==== Invalid csomagok eldobalasa" connection-state=invalid add action=drop chain="Server tuzfal" comment="==== Invalid csomagok eldobalasa" connection-state=invalid add action=accept chain=input comment="==== Ping engedelyezese" protocol=icmp add action=accept chain=input comment="==== SSH engedelyezese" disabled=yes dst-port=22 protocol=tcp add action=accept chain=input comment="eoip budapest upc fele" src-address=10.99.0.0/24 add action=accept chain=input comment="==== HTTP engedelyezese" disabled=yes dst-port=80 protocol=tcp add action=accept chain=input comment="==== Winbox engedelyezese" dst-port=8291 protocol=tcp add action=accept chain=input comment="==== Sajat IP-k engedelyezese" src-address=86.109.64.0/19 add action=accept chain=input comment="==== Sajat IP-k engedelyezese" dst-limit=0,5,dst-address/1m40s src-address=10.0.0.0/8 add action=accept chain=forward comment="SSH Apacakertbol" dst-port=22 protocol=tcp src-address=86.109.64.106 add action=log chain=forward comment="SSH tiltas nem sajat tartomanybol" dst-port=22 out-interface-list=server-portok protocol=tcp src-address-list="!belso ip" add action=drop chain=forward comment="SSH tiltas nem sajat tartomanybol" dst-port=22 out-interface-list=server-portok protocol=tcp src-address-list="!belso ip" add action=accept chain=forward comment="ICMP-t meg kell csinalni" disabled=yes add action=log chain=forward comment="web server email kuldes kifele" dst-port=25 protocol=tcp src-address=86.109.64.2 add action=accept chain=forward comment="POP3 login failed" content="Login failed" protocol=tcp src-port=110 add action=accept chain=forward comment="IMAPD login failed" content="Login failed" protocol=tcp src-port=143 add action=accept chain=forward comment="sw-sopron ntp engedelyezes" dst-address=10.0.0.3 dst-port=123 protocol=udp src-address=86.109.64.5 add action=accept chain=forward comment="ntp engedelyezese" dst-address=86.109.64.5 dst-port=123 out-interface-list=server-portok protocol=udp add action=accept chain=forward comment="ntp engedelyezese snmp gepre" dst-address=86.109.64.14 dst-port=123 out-interface-list=server-portok protocol=udp add action=accept chain=forward comment="ntp engedelyezese spartara" dst-address=86.109.64.11 dst-port=123 out-interface-list=server-portok protocol=udp add action=drop chain=forward comment="ntp tamadas eldobalasa" dst-address=!86.109.64.5 dst-port=123 out-interface-list=server-portok protocol=udp add action=log chain=input comment="==== Minden mas logolasa" disabled=yes log-prefix=drop add action=drop chain=input comment="==== Minden mas eldobalasa" add action=jump chain=forward comment="Serverek tuzfal ellenorzese" jump-target="Server tuzfal" add action=jump chain="Server tuzfal" comment=Zabbix dst-address=86.109.64.7 jump-target=Zabbix add action=jump chain="Server tuzfal" comment="Mail serverek" dst-address-list="mail serverek" jump-target="Mail serverek" add action=jump chain="Server tuzfal" comment="Wazuh server" dst-address=86.109.64.29 jump-target=wazuh add action=jump chain="Server tuzfal" comment="W3 server" dst-address=86.109.64.2 jump-target=W3 add action=jump chain="Server tuzfal" comment=SQl.MAGICNET.HU dst-address=86.109.64.15 jump-target=sql.magicnet.hu add action=jump chain="Server tuzfal" comment=PHONE.RLAN.HU dst-address=86.109.64.27 jump-target=phone.rlan.hu add action=jump chain="Server tuzfal" comment=WEB.MAGICNET.HU dst-address-list=web.magicnet.hu jump-target=web.magicnet.hu add action=log chain="Server tuzfal" comment="Minden mas logolasa" disabled=yes out-interface-list=server-portok add action=drop chain="Server tuzfal" comment="Minden mas eldobasa" disabled=yes out-interface-list=server-portok add action=accept chain="Server tuzfal" out-interface-list=server-portok add action=accept chain=wazuh comment="web eleres" dst-port=443 protocol=tcp src-address-list="belso ip" add action=accept chain=wazuh comment=ossec dst-port=1514-1515 protocol=tcp src-address-list="belso ip" add action=accept chain=wazuh comment=icmp protocol=icmp add action=log chain=wazuh add action=drop chain=wazuh add action=accept chain=W3 comment=ftp dst-port=21 protocol=tcp add action=accept chain=W3 comment=ftp dst-port=20000-30000 protocol=tcp add action=accept chain=W3 comment=web dst-port=80,443 protocol=tcp add action=accept chain="Mail serverek" comment=SMTP dst-port=25,587 protocol=tcp add action=accept chain="Mail serverek" comment=SMTPS dst-port=465 protocol=tcp add action=accept chain="Mail serverek" comment=IMAP dst-port=143 protocol=tcp add action=accept chain="Mail serverek" comment=IMAPS dst-port=993 protocol=tcp add action=accept chain="Mail serverek" comment=POP3 dst-port=110 protocol=tcp add action=accept chain="Mail serverek" comment=POP3S dst-port=995 protocol=tcp add action=accept chain=Zabbix comment=ICMP protocol=icmp add action=accept chain="Mail serverek" comment=web dst-port=80,443 protocol=tcp add action=accept chain="Mail serverek" comment=ICMP protocol=icmp add action=accept chain=Zabbix comment=Zabbix dst-port=10050-10051 protocol=tcp add action=accept chain=Zabbix comment=Zabbix protocol=tcp src-port=10050-10051 add action=accept chain=Zabbix comment=Web disabled=yes dst-port=80,443 protocol=tcp add action=accept chain=Zabbix comment="Web Apacakertbol" dst-port=80,443 protocol=tcp src-address=86.109.64.106 add action=accept chain=Zabbix comment=SNMP protocol=udp src-port=161 add action=accept chain=Zabbix comment="xrdp apacakertbol" dst-port=3389 protocol=tcp src-address=86.109.64.106 add action=log chain=W3 add action=log chain="Mail serverek" add action=drop chain=W3 add action=drop chain="Mail serverek" add action=log chain=Zabbix add action=drop chain=Zabbix add action=accept chain=sql.magicnet.hu comment="Mysql Apacakertbol" dst-port=3306 protocol=tcp src-address=86.109.64.106 add action=accept chain=phone.rlan.hu comment=SIP dst-port=5060 protocol=udp add action=accept chain=phone.rlan.hu comment=SIP dst-port=8000-20000 protocol=udp add action=accept chain=phone.rlan.hu comment=IAX dst-port=4569 protocol=udp add action=accept chain=phone.rlan.hu comment="Mysql Apacakertbol" dst-port=3306 protocol=tcp src-address=86.109.64.106 add action=accept chain=phone.rlan.hu comment="Mysql sajat tartomanybol" dst-port=3306 protocol=tcp src-address=86.109.64.0/27 add action=accept chain=sql.magicnet.hu comment=ICMP protocol=icmp add action=accept chain=phone.rlan.hu comment=ICMP protocol=icmp add action=log chain=sql.magicnet.hu add action=log chain=phone.rlan.hu add action=drop chain=sql.magicnet.hu add action=drop chain=phone.rlan.hu add action=accept chain=web.magicnet.hu comment=ICMP protocol=icmp add action=accept chain=web.magicnet.hu comment=Apacakert dst-port=80,443 protocol=tcp src-address=86.109.64.106 add action=accept chain=web.magicnet.hu comment="Apacakert FTP" dst-port=20,21 protocol=tcp src-address=86.109.64.106 add action=accept chain=web.magicnet.hu comment=Kassai dst-port=80,443 protocol=tcp src-address=86.109.64.194 add action=log chain=web.magicnet.hu add action=drop chain=web.magicnet.hu /ip firewall nat add action=dst-nat chain=dstnat comment="UBNT programozashoz" disabled=yes dst-address=86.109.64.6 dst-port=443 protocol=tcp to-addresses=10.99.16.4 add action=masquerade chain=srcnat comment="Vass Balazs ftp vpn-en keresztul" dst-address=86.109.64.14 src-address=10.0.0.252 add action=src-nat chain=srcnat dst-address-list="!kulso ip" src-address=10.0.0.240/28 to-addresses=86.109.64.252 add action=src-nat chain=srcnat comment="Kamera server" src-address=10.99.10.0/24 to-addresses=86.109.64.252 add action=src-nat chain=srcnat comment="APC Smart UPS" src-address=10.99.11.0/24 to-addresses=86.109.64.252 add action=src-nat chain=srcnat comment="Netbox telep\EDt\E9shez " src-address=10.0.0.6 to-addresses=86.109.64.252 add action=src-nat chain=srcnat comment="Gitlab telep\EDt\E9shez " src-address=10.0.0.10 to-addresses=86.109.64.252 add action=src-nat chain=srcnat comment="Eramba telep\EDt\E9shez " src-address=10.0.0.11 to-addresses=86.109.64.252 add action=masquerade chain=srcnat disabled=yes dst-address=86.109.64.5 src-address=10.0.0.3 /ip ipsec identity add generate-policy=port-override peer=peer secret=L3Txbmi0eN /ip ipsec policy set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0 /ip proxy set port=3128 src-address=86.109.64.40 /ip proxy access add src-address=86.109.64.0/19 add src-address=10.0.0.0/8 add action=deny /ip route add distance=200 gateway=10.1.1.1 add comment="virtualis gepeknek" distance=1 dst-address=10.0.1.0/24 gateway=86.109.64.98 add comment=Serverek distance=1 dst-address=86.109.64.0/27 gateway=86.109.64.98 add comment="Kulsos serverek" distance=1 dst-address=86.109.64.32/27 gateway=86.109.64.98 add check-gateway=ping comment="SCHEIDL ERNO SSpartaban" distance=1 dst-address=86.109.67.20/30 gateway=86.109.64.98,86.109.64.11 add comment="Karc FM Sopron Tancsics" distance=1 dst-address=86.109.69.160/30 gateway=10.99.22.13 add comment="WHB Laktanya" distance=1 dst-address=86.109.69.244/30 gateway=10.99.22.15 /ip service set www address=86.109.64.0/27 set api address=86.109.64.0/27 set api-ssl address=86.109.64.0/27 /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 nd set [ find default=yes ] advertise-dns=no /mpls ldp set enabled=yes lsr-id=10.255.0.5 transport-address=10.255.0.5 /mpls ldp interface add disabled=yes add disabled=yes interface=ether1-budapest /ppp secret add comment="III. KET TVE Market" disabled=yes local-address=172.16.1.7 name=tvebudapest password=focicsapat remote-address=172.16.1.8 service=l2tp add disabled=yes name=Krisz password=Adroc124@ profile=default-encryption remote-address=10.0.0.254 service=l2tp add name=VassBalazs password=fEM@9EQCD67r profile=default-encryption remote-address=10.0.0.252 service=l2tp add name=Kriszmobil password=Adroc124@ profile=default-encryption remote-address=10.0.0.251 service=l2tp add disabled=yes name=NagyLaci password=FmK8GJzHZGT2 profile=default-encryption remote-address=10.0.0.250 service=l2tp add disabled=yes name=Fusti password=HU2ui2hu2ioK profile=default-encryption remote-address=10.0.0.249 service=l2tp /routing bgp peer add disabled=yes instance=bgp1 name=peer1 remote-address=86.109.64.90 remote-as=65000 /routing ospf interface add cost=30 interface=eoip-upc-budapest-ospf network-type=broadcast add cost=15 interface=ether4-plaza network-type=broadcast add interface=ether10-lackner use-bfd=yes /routing ospf network add area=backbone network=10.99.5.0/24 add area=backbone network=10.99.22.0/24 add area=backbone network=10.1.1.0/24 add area=backbone network=10.99.16.0/24 /snmp set enabled=yes location=Sopron /system clock set time-zone-name=Europe/Budapest /system identity set name=fw /system logging add action=remote topics=info add action=remote topics=critical add action=remote topics=error add action=remote topics=warning add disabled=yes topics=ospf /system ntp client set enabled=yes primary-ntp=86.109.64.5 /system routerboard settings set auto-upgrade=yes /system scheduler add interval=6d name=mentes on-event=mentes policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jun/20/2018 start-time=09:44:47 /system script add dont-require-permissions=no name=mentes owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/export file=export\r\n/tool e-mail send from=\"backup@rlan.hu\" to=\"backup@rlan.hu\" subject=([/system identity get name] . \" export\") file=export.rsc\r\n/system backup save name=backup\r\n/tool e-mail send from=\"backup@rlan.hu\" to=\"backup@rlan.hu\" subject=([/system identity get name] . \" Backup\") file=backup.backup " add dont-require-permissions=yes name=pfw-down owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/ip add enable [find address=\"86.109.64.1/27\"]\r\n/ip add enable [find address=\"86.109.64.33/27\"]" add dont-require-permissions=yes name=pfw-up owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/ip add disable [find address=\"86.109.64.1/27\"]\r\n/ip add disable [find address=\"86.109.64.33/27\"]" /tool e-mail set address=86.109.64.10 from=fw.magicnet.hu /tool graphing interface add /tool graphing queue add /tool graphing resource add /tool netwatch add down-script=pfw-down host=86.109.64.98 interval=30s up-script=pfw-up /tool sniffer set file-name=capture filter-interface=ether6-pfsense filter-ip-address=10.1.5.7/32 memory-limit=1000KiB streaming-server=86.109.64.98