# may/31/2023 11:34:10 by RouterOS 6.49.7 # software id = TJFT-0DMQ # # model = RB750Gr3 # serial number = HDF0832JC40 /interface bridge add name=LAN_NAT add name=WAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool1 ranges=192.168.78.1-192.168.78.253 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=LAN_NAT name=dhcp1 /snmp community add addresses=190.61.4.34/32,190.61.4.170/32,190.61.4.35/32,190.61.4.36/32 name=ifxcliente write-access=yes /interface bridge port add bridge=LAN_NAT interface=ether3 add bridge=LAN_NAT interface=ether4 add bridge=LAN_NAT interface=ether2 add bridge=WAN interface=ether1 add bridge=LAN_NAT interface=ether5 /ip address add address=181.78.128.10/30 interface=WAN network=181.78.128.8 add address=192.168.78.254/24 interface=LAN_NAT network=192.168.78.0 /ip dhcp-server network add address=192.168.78.0/24 dns-server=208.67.222.222,8.8.8.8 gateway=192.168.78.254 /ip firewall filter add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist add action=drop chain=input comment="drop Telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=accept chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp add action=add-dst-to-address-list address-list=telnet_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \ src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \ src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist add action=drop chain=input comment="drop Telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=accept chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp add action=add-dst-to-address-list address-list=telnet_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \ src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \ src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist /ip firewall nat add action=src-nat chain=srcnat out-interface=WAN src-address=192.168.78.0/24 to-addresses=181.78.128.10 /ip route add check-gateway=ping distance=1 gateway=181.78.128.9 /system identity set name=SID_1927343_CIA_GOLY_BODEGA_MILLA8