View difference between Paste ID: <a href="/fRBmK366">fRBmK366</a> and <a href="/cMz0gVze">cMz0gVze</a>

[admin@Home] > export
1		[admin@Home] > export
2
3		/interface bridge
4		add name=br0-lan protocol-mode=none
5
6		/interface ethernet
7		set [ find default-name=ether1 ] name=ether1-wan advertise=100M-full arp=disabled loop-protect=off
8		set [ find default-name=ether2 ] name=ether2-master advertise=100M-full,1000M-full speed=1Gbps
9		set [ find default-name=ether3 ] master-port=ether2-master advertise=10M-full,100M-full,1000M-full
10		set [ find default-name=ether4 ] master-port=ether2-master advertise=10M-full,100M-full,1000M-full
11		set [ find default-name=ether5 ] name=ether5-stb advertise=10M-full,100M-full,1000M-full
12
13		/interface wireless security-profiles
14		set [ find default=yes ] supplicant-identity=MikroTik
15		add name=wifi-ap-home authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys supplicant-identity="" wpa2-pre-shared-key=wifi-password
16
17		/interface wireless
18		add name=wlan1-home master-interface=wlan1 multicast-buffering=disabled multicast-helper=disabled security-profile=wifi-ap-home ssid=MikroTik wmm-support=enabled
19
20		/ip neighbor discovery
21		set wlan1-home discover=no
22
23		/ip pool
24		add name=pool-lan ranges=192.168.0.10-192.168.0.254
25		add name=pool-stb ranges=192.168.254.2-192.168.254.254
26
27		/ip dhcp-server
28		add name=server-lan add-arp=yes address-pool=pool-lan always-broadcast=yes disabled=no lease-time=1d10m interface=br0-lan
29		add name=server-stb add-arp=yes address-pool=pool-stb always-broadcast=yes disabled=no lease-time=1d10m interface=ether5-stb
30
31		/ppp profile
32		add name=pppoe-rt only-one=no use-compression=no use-encryption=no
33
34		/interface pppoe-client
35		add name=pppoe-rt interface=ether1-wan user=pppoe-user password=pppoe-password profile=pppoe-rt add-default-route=yes allow=chap disabled=no keepalive-timeout=disabled use-peer-dns=yes
36
37		/interface bridge port
38		add bridge=br0-lan interface=ether2-master
39		add bridge=br0-lan interface=wlan1-home
40
41		/ip firewall connection tracking
42		set enabled=yes
43
44		/ip settings
45		set rp-filter=loose
46
47		/interface list
48		add name=lan
49		add name=wan
50		add name=iptv-uplink
51		add name=iptv-downlink
52
53		/interface list member
54		add list=lan interface=br0-lan
55		add list=wan interface=pppoe-rt
56		add list=iptv-uplink interface=ether1-wan
57		add list=iptv-downlink interface=ether5-stb
58
59		/ip address
60		add interface=br0-lan address=192.168.0.1/24
61		add interface=ether1-wan address=10.1.33.7/32
62		add interface=ether5-stb address=192.168.254.1/24
63
64		/ip dhcp-server network
65		add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 ntp-server=192.168.0.1
66		add address=192.168.254.0/24 dns-server=192.168.254.1 gateway=192.168.254.1 ntp-server=192.168.254.1
67
68		/ip dns
69		set allow-remote-requests=yes
70
71		/ip firewall address-list
72		add address=8.8.8.8 list=DNS
73		add address=8.8.4.4 list=DNS
74		add address=195.34.224.1 list=DNS
75		add address=195.34.224.2 list=DNS
76		add address=224.0.0.0/23 list=MCAST_BLACKLIST
77		add address=239.255.255.0/24 list=MCAST_BLACKLIST
78		add address=239.192.152.0/24 list=MCAST_BLACKLIST
79		add address=239.2.0.0/24 list=MCAST_BLACKLIST
80		add address=224.0.0.2 list=MCAST_WHITELIST
81
82		/ip firewall filter
83
84		add chain=accept-FT action=fasttrack-connection
85		add chain=accept-FT action=accept
86
87		add chain=input action=jump jump-target=accept-FT
88
89		add chain=output action=jump jump-target=accept-FT
90
91		add chain=fwd-mcast action=jump in-interface-list=iptv-uplink jump-target=accept-FT out-interface-list=iptv-downlink
92		add chain=fwd-mcast action=jump in-interface-list=iptv-downlink jump-target=accept-FT out-interface-list=iptv-uplink
93		add chain=fwd-mcast action=drop
94
95		add chain=forward action=jump connection-state=established,related jump-target=accept-FT
96		add chain=forward action=jump in-interface-list=lan jump-target=accept-FT out-interface-list=lan
97		add chain=forward action=jump dst-address-type=multicast jump-target=fwd-mcast
98		add chain=forward action=jump in-interface-list=lan jump-target=accept-FT out-interface-list=wan
99		add chain=forward action=jump in-interface-list=iptv-downlink jump-target=accept-FT out-interface-list=wan
100		add chain=forward action=jump connection-nat-state=dstnat in-interface-list=wan jump-target=accept-FT
101		add chain=forward action=drop connection-state=invalid
102		add chain=forward action=reject
103
104		/ip firewall mangle
105
106		add chain=prerouting action=change-dscp dst-address-type=multicast new-dscp=63 passthrough=no
107
108		add chain=postrouting action=change-dscp dst-address-type=multicast new-dscp=63 passthrough=no
109
110		/ip firewall nat
111		add chain=srcnat action=masquerade out-interface-list=wan
112
113		/ip firewall raw
114
115		add chain=accept-NOCT action=notrack
116		add chain=accept-NOCT action=accept
117
118		add chain=pre-mcast action=accept in-interface-list=iptv-uplink
119		add chain=pre-mcast action=accept in-interface-list=iptv-downlink
120		add chain=pre-mcast action=drop
121
122		add chain=pre-lan action=jump dst-address-type=local jump-target=accept-NOCT
123		add chain=pre-lan action=accept
124
125		add chain=pre-local action=jump jump-target=accept-NOCT protocol=udp src-address-list=DNS src-port=53
126		add chain=pre-local action=drop dst-port=53 protocol=tcp
127		add chain=pre-local action=drop dst-port=53 protocol=udp
128		add chain=pre-local action=accept
129
130		add chain=prerouting action=jump dst-address-type=multicast jump-target=pre-mcast
131		add chain=prerouting action=jump in-interface-list=lan jump-target=pre-lan
132		add chain=prerouting action=jump in-interface-list=iptv-downlink jump-target=pre-lan
133		add chain=prerouting action=jump dst-address-type=local jump-target=pre-local
134		add chain=prerouting action=accept
135
136		add chain=out-mcast-uplink action=drop protocol=!igmp
137		add chain=out-mcast-uplink action=accept dst-address-list=MCAST_WHITELIST
138		add chain=out-mcast-uplink action=drop dst-address-list=MCAST_BLACKLIST
139		add chain=out-mcast-uplink action=accept
140
141		add chain=out-mcast action=jump jump-target=out-mcast-uplink out-interface-list=iptv-uplink
142		add chain=out-mcast action=accept out-interface-list=iptv-downlink
143		add chain=out-mcast action=drop
144
145		add chain=out-local action=jump dst-address-list=DNS dst-port=53 jump-target=accept-NOCT out-interface-list=wan protocol=udp
146		add chain=out-local action=jump jump-target=accept-NOCT out-interface-list=lan
147		add chain=out-local action=accept
148
149		add chain=output action=jump dst-address-type=multicast jump-target=out-mcast
150		add chain=output action=jump jump-target=out-local src-address-type=local
151		add chain=output action=accept
152
153		/ip route
154		add distance=1 dst-address=169.254.0.0/16 type=blackhole
155
156		/ip upnp
157		set enabled=yes
158
159		/ip upnp interfaces
160		add interface=br0-lan type=internal
161
162		/routing igmp-proxy interface
163		add alternative-subnets=0.0.0.0/0 interface=ether1-wan upstream=yes
164		add interface=ether5-stb
165
166		/system clock
167		set time-zone-autodetect=no
168
169		/system clock manual
170		set time-zone=+03:00
171
172		/system identity
173		set name=Home
174
175		/system ntp client
176		set enabled=yes primary-ntp=62.76.96.4 secondary-ntp=87.229.205.75
177
178		/system ntp server
179		set enabled=yes