#   installed-version: 6.47.9
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# 
# software id = U6G9-H4SU
#
#
#
/interface bridge
add fast-forward=no name=null0 protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-full comment=WAN
/interface vlan
add interface=ether1 name=30-mgnt-eth1 vlan-id=30
add disabled=yes interface=ether1 name=34-r1.serv vlan-id=34
add interface=ether1 name=35-BACKBONE vlan-id=35
add interface=ether2 name=725-ISP.astra vlan-id=725
add interface=ether2 name=761-ISP-kopiika vlan-id=761
add comment=tel.067-670-42-40 interface=ether2 name=3677-ISP-UARNET vlan-id=3677
/interface list
add name=mactel
add name=mac-winbox
add name=list-winbox_allow
add name=WAN
/ip pool
add name=pool1 ranges=10.35.1.200-10.35.1.205
/queue simple
add max-limit=1400M/1400M name=queue-Kopiika target=761-ISP-kopiika
/routing bgp instance
set default as=56797 router-id=213.174.0.1
/routing ospf instance
set [ find default=yes ] router-id=213.174.0.1
/snmp community
set [ find default=yes ] addresses=213.174.0.5/32,213.174.0.12/32,95.46.108.3/32 name=snmpR1
/system logging action
set 3 bsd-syslog=yes remote=213.174.0.12 src-address=213.174.0.1 syslog-facility=local6
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip neighbor discovery-settings
set discover-interface-list=mac-winbox
/interface list member
add interface=34-r1.serv list=mac-winbox
add interface=30-mgnt-eth1 list=mac-winbox
add interface=ether3 list=mac-winbox
add interface=3677-ISP-UARNET list=WAN
add interface=725-ISP.astra list=WAN
/interface pptp-server server
set default-profile=default
/ip address
add address=194.44.194.70/30 comment=ISP-UARnet interface=3677-ISP-UARNET network=194.44.194.68
add address=213.174.0.1/28 comment=BACKBONE interface=35-BACKBONE network=213.174.0.0
add address=10.36.100.1/24 comment=R1.serv interface=34-r1.serv network=10.36.100.0
add address=127.0.0.1 interface=null0 network=127.0.0.1
add address=10.35.1.240/24 comment=R1.mgnt interface=30-mgnt-eth1 network=10.35.1.0
add address=91.225.202.226/30 comment=ISP-Astra interface=725-ISP.astra network=91.225.202.224
add address=146.158.73.173 comment=ISP-kopiika interface=761-ISP-kopiika network=146.158.73.172
/ip cloud
set update-time=no
/ip dns
set servers=8.8.4.4
/ip firewall address-list
add address=95.47.136.9 list=admin
add address=95.47.136.14 list=admin
add address=192.168.100.249 list=admin
add address=10.0.0.0/24 list=cust
add address=10.2.0.0/24 list=cust
add address=10.3.0.0/24 list=cust
add address=213.174.0.25 list=25-pot_allow
add address=213.174.0.31 list=25-pot_allow
add address=10.36.100.0/24 list=admin
add address=10.35.1.0/24 list=admin
add address=10.35.1.0/24 list=mgnt
add address=10.36.100.0/24 list=mgnt
add address=192.168.100.0/24 list=mgnt
add address=172.16.10.64/28 list=admin
add address=213.174.0.5 list=admin
add address=213.174.0.160 list=25-pot_allow
add address=213.174.0.16-213.174.0.255 list=cust
add address=192.168.5.5 list=mgnt
add address=10.20.1.0/24 list=mgnt
add address=194.44.194.69 list=bgp-peers
add address=91.225.202.225 list=bgp-peers
add address=213.174.0.30 list=victim_of_ddos
add address=213.174.0.31 list=victim_of_ddos
add address=213.174.0.36 list=victim_of_ddos
add address=213.174.0.65 list=25-pot_allow
add address=213.174.0.12 list=admin
add address=95.46.108.0/24 list=admin
add address=213.174.0.118 list=25-pot_allow
/ip firewall filter
add action=drop chain=forward comment=pl.snlpanel.gemius.com.ua dst-address=91.221.127.102
add action=drop chain=forward comment=DdoS dst-address=213.174.0.200
add action=drop chain=forward comment=Sily_Ziily dst-address=213.174.0.218 dst-port=23 protocol=tcp
add action=drop chain=forward comment="abuse report about 213.174.0.54 ssh" dst-port=22 protocol=tcp src-address=213.174.0.54
add chain=input comment="allow ICMP" protocol=icmp
add chain=input comment="drop invalid connections" connection-state=established
add chain=input connection-state=related
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
add action=drop chain=forward disabled=yes dst-address=213.174.0.105 log=yes
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment=RIP dst-port=520 protocol=udp src-address=213.174.0.6
add action=accept chain=input dst-port=520 protocol=udp src-address=213.174.0.8
add chain=input comment=OSPF protocol=ospf src-address=213.174.0.0/28
add action=accept chain=input comment=BGP dst-port=179 protocol=tcp src-address-list=bgp-peers
add chain=forward comment="drop forward to MGNT" src-address-list=mgnt
add action=drop chain=forward out-interface=30-mgnt-eth1 src-address-list=cust
add action=drop chain=forward out-interface=34-r1.serv src-address-list=cust
add action=accept chain=input comment=MGNT src-address-list=admin
add action=accept chain=input in-interface=30-mgnt-eth1
add action=drop chain=input
/ip firewall nat
add action=dst-nat chain=dstnat comment=monitoring.agg dst-address=146.158.73.173 src-address=95.46.108.3 to-addresses=10.35.1.41
add action=masquerade chain=srcnat dst-address=10.35.1.41
/ip route
add distance=1 dst-address=194.226.179.44/32 gateway=194.44.194.69
add distance=1 dst-address=213.174.0.0/24 gateway=null0
add comment=srcNAT_nas-2 distance=1 dst-address=213.174.0.192/27 gateway=213.174.0.8
add comment=srcNAT_nas-1 distance=1 dst-address=213.174.0.224/28 gateway=213.174.0.6
add comment=srcNAT_nas-4 distance=1 dst-address=213.174.0.240/28 gateway=213.174.0.13
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add disabled=yes local-address=172.16.29.1 name=ppp1 password=ppp1 remote-address=172.16.29.2 service=pptp
/routing bgp network
add network=213.174.0.0/24 synchronize=no
/routing bgp peer
add in-filter=bgp-in-UarNET name=UARnet out-filter=bgp-out-UARnet remote-address=194.44.194.69 remote-as=3255 route-reflect=yes ttl=default
add in-filter=bgp-in-astra name=astra out-filter=bgp-out-astra remote-address=91.225.202.225 remote-as=49824 route-reflect=yes ttl=default
add in-filter=bgp-in-kopiika name=kopiika out-filter=bgp-out-kopiika remote-address=146.158.73.172 remote-as=51500 route-reflect=yes ttl=default
/routing filter
add action=accept chain=ospf-in prefix=10.0.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.2.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.3.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.4.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.5.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.6.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.7.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=10.8.0.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=172.16.10.0/24 prefix-length=32
add action=accept chain=ospf-in prefix=213.174.0.0/24 prefix-length=32
add action=discard chain=ospf-in
add action=discard chain=ospf-in prefix-length=0-128
add action=discard chain=ospf-out
add action=discard chain=ospf-out prefix-length=0-128
add action=accept chain=bgp-out-UARnet prefix=213.174.0.0/24 prefix-length=24
add action=accept chain=bgp-out-kopiika prefix=213.174.0.0/24 prefix-length=24
add action=discard chain=bgp-out-UARnet prefix=0.0.0.0/0 prefix-length=0-128
add action=discard chain=bgp-out-kopiika prefix=0.0.0.0/0 prefix-length=0-128
add action=discard chain=bgp-out-UARnet
add action=discard chain=bgp-out-kopiika
add action=discard chain=bgp-in-UarNET prefix=172.16.0.0/12
add action=discard chain=bgp-in-kopiika prefix=172.16.0.0/12
add action=discard chain=bgp-in-UarNET prefix=169.254.0.0/16
add action=discard chain=bgp-in-kopiika prefix=169.254.0.0/16
add action=discard chain=bgp-in-UarNET prefix=224.0.0.0/4
add action=discard chain=bgp-in-kopiika prefix=224.0.0.0/4
add action=discard chain=bgp-in-UarNET prefix=240.0.0.0/4
add action=discard chain=bgp-in-kopiika prefix=240.0.0.0/4
add action=discard chain=bgp-in-UarNET prefix=127.0.0.0/8
add action=discard chain=bgp-in-kopiika prefix=127.0.0.0/8
add action=discard chain=bgp-in-UarNET prefix=10.0.0.0/8
add action=discard chain=bgp-in-kopiika prefix=10.0.0.0/8
add action=discard chain=bgp-in-UarNET prefix=192.168.0.0/16
add action=discard chain=bgp-in-kopiika prefix=192.168.0.0/16
add action=discard chain=bgp-in-UarNET prefix=213.174.0.0/24
add action=discard chain=bgp-in-kopiika prefix=213.174.0.0/24
add action=accept chain=bgp-in-UarNET prefix=0.0.0.0/0
add action=accept chain=bgp-in-kopiika prefix=0.0.0.0/0
add action=discard chain=bgp-in-UarNET disabled=yes
add action=discard chain=bgp-in-kopiika disabled=yes
add action=discard chain=bgp-in-astra prefix=172.16.0.0/12
add action=discard chain=bgp-in-astra prefix=169.254.0.0/16
add action=discard chain=bgp-in-astra prefix=224.0.0.0/4
add action=discard chain=bgp-in-astra prefix=240.0.0.0/4
add action=discard chain=bgp-in-astra prefix=127.0.0.0/8
add action=discard chain=bgp-in-astra prefix=10.0.0.0/8
add action=discard chain=bgp-in-astra prefix=192.168.0.0/16
add action=discard chain=bgp-in-astra prefix=213.174.0.0/24
add action=accept chain=bgp-in-astra prefix=0.0.0.0/0
add action=discard chain=bgp-in-astra disabled=yes
add action=accept chain=bgp-out-astra prefix=213.174.0.0/24
add action=discard chain=bgp-out-astra prefix=0.0.0.0/0 prefix-length=0-128
add action=discard chain=bgp-out-astra
/routing ospf interface
add interface=35-BACKBONE network-type=broadcast
/routing ospf network
add area=backbone network=213.174.0.0/28
/routing prefix-lists
add chain=rip-in prefix=213.174.0.0/24 prefix-length=32
add chain=rip-in prefix=10.0.0.0/24 prefix-length=32
add action=discard chain=rip-out
add chain=rip-in prefix=10.1.0.0/24 prefix-length=32
add chain=rip-in prefix=10.2.0.0/24 prefix-length=32
add chain=rip-in prefix=10.3.0.0/24 prefix-length=32
add chain=rip-in prefix=10.4.0.0/24 prefix-length=32
add chain=rip-in prefix=10.5.0.0/24 prefix-length=32
add chain=rip-in prefix=10.6.0.0/24 prefix-length=32
add chain=rip-in prefix=10.7.0.0/24 prefix-length=32
add chain=rip-in prefix=10.8.0.0/24 prefix-length=32
add chain=rip-in prefix=10.9.0.0/24 prefix-length=32
add chain=rip-in prefix=10.10.0.0/24 prefix-length=32
add action=discard chain=rip-in prefix-length=0
/routing rip interface
add authentication=md5 authentication-key=Xeefah1phie3audah4lo in-prefix-list=rip-in interface=35-BACKBONE out-prefix-list=rip-out receive=v2
/routing rip neighbor
add address=213.174.0.6
add address=213.174.0.8
/routing rip network
add network=213.174.0.0/28
/snmp
set contact=hostmaster@albion.lviv.ua enabled=yes location="Zelena 49"
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name="AB #border"
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=error
/tool mac-server
set allowed-interface-list=mac-winbox
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool mac-server ping
set enabled=no
/tool romon
set enabled=yes secrets=r1romon
/tool user-manager database
set db-path=user-manager