#        routerboard: yes
#              model: RB3011UiAS
#      serial-number: 783D0796E847
#      firmware-type: ipq8060
#   factory-firmware: 3.35
#   current-firmware: 6.45.8
#   upgrade-firmware: 7.7
# 
#             channel: development
#   installed-version: 7.7
# 
# 
# software id = TAW0-H0D2
#
# model = RB3011UiAS
# serial number = 783D0796E847
/interface bridge
add fast-forward=no name=loopbridge
add name=painel
/interface ethernet
set [ find default-name=ether1 ] comment="Marco 5 x Vilmar ( redundancia )" loop-protect=off
set [ find default-name=ether2 ] comment="Recebe Link Ervateira"
set [ find default-name=ether3 ] comment=PTK-BLT-MC5-M2 speed=10Mbps
set [ find default-name=ether4 ] comment=PTK-NN-MC5-02
set [ find default-name=ether5 ] comment=PTK-RKT-MC5-01 speed=10Mbps
set [ find default-name=ether6 ] auto-negotiation=no comment=QUEIMADA disabled=yes
set [ find default-name=ether7 ] comment=QUEIMADA disabled=yes
set [ find default-name=ether8 ] comment=PTK-ARG-MC5-03 speed=10Mbps
set [ find default-name=ether9 ] comment="PTK-NN-MC5-01 + CONVERSOR EVERTON" speed=10Mbps
set [ find default-name=ether10 ] comment=pp-mc5-X-jngd name=ether10-link-jangada
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=100.65.24.2-100.65.24.254
add name=pgcorte ranges=192.168.42.0/24
add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.23.0/24
add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.23.0/24
/port
set 0 name=serial0
/ppp profile
set *0 dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 rate-limit=15m/15m remote-address=pool1 use-ipv6=no use-mpls=no use-upnp=no
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no in-filter-chain=ospf-in name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.13
add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.13 version=3
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes
/user group
add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api"
#error exporting /interface/bridge/calea
/interface bridge filter
add action=accept chain=input mac-protocol=pppoe-discovery
add action=accept chain=input mac-protocol=pppoe
# no interface
add action=accept chain=input in-bridge=*10 src-mac-address=00:27:22:20:B6:F6/FF:FF:FF:FF:FF:FF
add action=accept chain=input mac-protocol=pppoe-discovery
add action=accept chain=input mac-protocol=pppoe
# no interface
add action=accept chain=input in-bridge=*10 src-mac-address=00:27:22:20:B6:F6/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=painel ingress-filtering=no interface=ether8
add bridge=painel ingress-filtering=no interface=ether9
add bridge=painel ingress-filtering=no interface=ether4
add bridge=painel ingress-filtering=no interface=ether3
add bridge=painel interface=ether5
add bridge=painel disabled=yes interface=ether10-link-jangada
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add disabled=no interface=painel one-session-per-host=yes service-name=service1
add disabled=no interface=painel service-name=jangada
/ip address
add address=192.168.200.13 interface=loopbridge network=192.168.200.13
add address=192.168.100.41/29 interface=painel network=192.168.100.40
add address=192.168.99.65/29 comment="PTP JANGADA" interface=ether10-link-jangada network=192.168.99.64
add address=192.168.102.25/29 interface=painel network=192.168.102.24
add address=192.168.102.57/29 interface=painel network=192.168.102.56
add address=192.168.102.65/28 interface=painel network=192.168.102.64
add address=192.168.99.134/30 interface=ether2 network=192.168.99.132
add address=192.168.99.113/29 interface=ether1 network=192.168.99.112
/ip dns
set servers=45.236.84.18,45.236.84.19
/ip firewall address-list
add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local
#error exporting /ip/firewall/calea
/ip firewall filter
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.23.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" disabled=yes dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.23.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" disabled=yes dst-port=!53 protocol=udp src-address-list=aviso_bloqueio
add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" disabled=yes dst-address=!192.168.199.1 protocol=tcp src-address=172.22.23.0/24
add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" disabled=yes dst-address=!192.168.199.1 protocol=tcp src-address-list=aguardando_assinatura
add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" disabled=yes dst-port=!53 protocol=udp src-address=172.22.23.0/24
add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" disabled=yes dst-port=!53 protocol=udp src-address-list=aguardando_assinatura
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=45.236.84.13 dst-port=12443 protocol=tcp to-addresses=192.168.1.20 to-ports=443
add action=dst-nat chain=dstnat dst-address=45.236.84.13 dst-port=12443 protocol=tcp to-addresses=192.168.1.20 to-ports=443
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.23.0/24 to-addresses=192.168.199.1 to-ports=8082
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.23.0/24 to-addresses=192.168.199.1 to-ports=8086
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086
/ip service
set telnet disabled=yes
set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021
set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080
set ssh address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32 port=10022
set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32
set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22" port=25000
set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp aaa
set interim-update=20m use-radius=yes
/ppp secret
add name=torre.marco service=pppoe
add name=everton.g service=pppoe
add name=silvia service=pppoe
add name=daianimoura service=pppoe
add disabled=yes name=anacarolinacosta service=pppoe
add name=associacao service=pppoe
add name=cassiano service=pppoe
/radius
add address=45.236.84.27 disabled=yes service=ppp src-address=192.168.200.13
add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.13 timeout=3s
/radius incoming
set accept=yes
/routing filter rule
add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.13; accept; }"
add chain=ospf-in disabled=yes rule="if (dst == 192.168.199.1) { set pref-src 192.168.200.13 }"
add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8) { accept }"
add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12) { accept }"
add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10) { accept }"
add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16) { accept }"
add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22) { accept }"
/routing ospf area range
add area=area1-v2 disabled=no prefix=100.65.24.0/24
add area=area1-v2 disabled=no prefix=100.65.44.0/24
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" disabled=no interfaces=ether2 networks=192.168.99.132/30 priority=1
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether10-link-jangada networks=192.168.99.65/29 priority=1 type=ptp
add area=backbone-v2 auth-id=1 auth-key="" cost=20 disabled=no interfaces=ether1 networks=192.168.99.113/29 priority=1 type=ptp
add area=area1-v2 auth-id=1 auth-key="" cost=10 disabled=no instance-id=121 interfaces=loopbridge networks=192.168.200.13 passive priority=1
add area=area1-v2 disabled=no interfaces=all networks=100.65.24.0/24,100.65.44.0/24 passive
/snmp
set contact="Acacio Correa <acacio.protek@gmail.com>" enabled=yes location="[-26.39266287, -51.28312563]" trap-version=2
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=Protek-Marco5
/system logging
set 1 topics=error,!ospf
add disabled=yes topics=debug,ospf
/system ntp client
set enabled=yes
/system ntp client servers
add address=45.236.84.23
add address=200.160.7.209
/system package update
set channel=development
/system scheduler
add disabled=yes name=schedule1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=dec/13/2017 start-time=19:45:00
add disabled=yes name=reboot-ospf on-event="/system reboot" policy=reboot,read,write,policy,test,sensitive start-date=apr/19/2018 start-time=01:36:00
add name=reboot-ativar-ipv6 on-event="/system reboot" policy=reboot,read,write,policy,password start-date=jul/06/2021 start-time=05:00:00
add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jun/19/2023 start-time=04:00:00
/system script
add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Marco5.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Marco5\" file=backup-mikrotik_Marco5.rsc start-tls=yes"
/system watchdog
set watchdog-timer=no
/tool e-mail
set address=smtps.uhserver.com.com from=financeiro@proteknet.com.br port=465 user=financeiro@proteknet.com.br
/tool romon
set enabled=yes