首页 > 其他分享 >RB951Ui-2nD

RB951Ui-2nD

时间:2024-01-20 14:11:22浏览次数:21  
标签:comment defconf list accept 2nD add RB951Ui interface

RB951Ui-2nD

 

The following default configuration has been installed on your router:

Welcome to RouterOS!
   1) Set a strong router password in the System > Users menu
   2) Upgrade the software in the System > Packages menu
   3) Enable firewall on untrusted networks
-----------------------------------------------------------------------------
RouterMode:
 * WAN port is protected by firewall and enabled DHCP client
 * Ethernet interfaces (except WAN port/s) are part of LAN bridge
LAN Configuration:
    IP address 192.168.88.1/24 is set on bridge (LAN port)
    DHCP Server: enabled;
    DNS: enabled;
WAN (gateway) Configuration:
    gateway:  ether1 ;
    ip4 firewall:  enabled;
    ip6 firewall:  enabled;
    NAT:   enabled;
    DHCP Client: enabled;
Login
    admin user protected by password

You can click on "Show Script" to see the exact commands that are used to add and remove this default configuration.To remove this default configuration click on "Remove Configuration" or click on "OK" to continue. 

NOTE: If you are connected using the above IP and you remove it, you will be disconnected.

 

#| Welcome to RouterOS!
#|    1) Set a strong router password in the System > Users menu
#|    2) Upgrade the software in the System > Packages menu
#|    3) Enable firewall on untrusted networks
#| -----------------------------------------------------------------------------
#| RouterMode:
#|  * WAN port is protected by firewall and enabled DHCP client
#|  * Ethernet interfaces (except WAN port/s) are part of LAN bridge
#| LAN Configuration:
#|     IP address 192.168.88.1/24 is set on bridge (LAN port)
#|     DHCP Server: enabled;
#|     DNS: enabled;
#| WAN (gateway) Configuration:
#|     gateway:  ether1 ;
#|     ip4 firewall:  enabled;
#|     ip6 firewall:  enabled;
#|     NAT:   enabled;
#|     DHCP Client: enabled;
#| Login
#|     admin user protected by password

:global defconfMode;
:log info "Starting defconf script";
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
  # wait for interfaces
  :local count 0;
  :while ([/interface ethernet find] = "") do={
    :if ($count = 30) do={
      :log warning "DefConf: Unable to find ethernet interfaces";
      /quit;
    }
    :delay 1s; :set count ($count +1); 
  };
 /interface list add name=WAN comment="defconf"
 /interface list add name=LAN comment="defconf"
 /interface bridge
   add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
 :local bMACIsSet 0;
 :foreach k in=[/interface find where !(slave=yes   || name="ether1" || passthrough=yes   || name="ether1" || name~"bridge")] do={
   :local tmpPortName [/interface get $k name];
   :if ($bMACIsSet = 0) do={
     :if ([/interface get $k type] = "ether") do={
       /interface bridge set "bridge" auto-mac=no admin-mac=[/interface get $tmpPortName mac-address];
       :set bMACIsSet 1;
     }
   }
     :if (([/interface get $k type] != "ppp-out") && ([/interface get $k type] != "lte")) do={
       /interface bridge port
         add bridge=bridge interface=$tmpPortName comment=defconf;
     }
   }
   /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
   /ip dhcp-server
     add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
   /ip dhcp-server network
     add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="defconf";
  /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
 /ip dns {
     set allow-remote-requests=yes
     static add name=router.lan address=192.168.88.1 comment=defconf
 }

   /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
 /interface list member add list=LAN interface=bridge comment="defconf"
 /interface list member add list=WAN interface=ether1 comment="defconf"
 /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
 /ip firewall {
   filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
   filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
   filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
   filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
   filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
   filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
   filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
   filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
   filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
 }
 /ipv6 firewall {
   address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"
   address-list add list=bad_ipv6 address=::1 comment="defconf: lo"
   address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"
   address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"
   address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"
   address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "
   address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"
   address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"
   address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"
   filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
   filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
   filter add chain=input action=accept protocol=udp port=33434-33534 comment="defconf: accept UDP traceroute"
   filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
   filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
   filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
   filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
   filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
   filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
   filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
   filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"
   filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"
   filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"
   filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
   filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"
   filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
   filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
   filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
   filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
   filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
 }
   /ip neighbor discovery-settings set discover-interface-list=LAN
   /tool mac-server set allowed-interface-list=LAN
   /tool mac-server mac-winbox set allowed-interface-list=LAN
 :if (!($keepUsers = "yes")) do={
   :if (!($defconfPassword = "" || $defconfPassword = nil)) do={
     /user set admin password=$defconfPassword
     :delay 0.5
     /user expire-password admin 
   }
 }
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
 :if (!($keepUsers = "yes")) do={
   /user set admin password=""
   :delay 0.5
   /user expire-password admin 
 }
 /system routerboard mode-button set enabled=no
 /system routerboard mode-button set on-event=""
 /system script remove [find comment~"defconf"]
 /system health settings set fan-full-speed-temp=65C fan-target-temp=58C fan-min-speed-percent=0% fan-control-interval=30s
 /ip firewall filter remove [find comment~"defconf"]
 /ipv6 firewall filter remove [find comment~"defconf"]
 /ipv6 firewall address-list remove [find comment~"defconf"]
 /ip firewall nat remove [find comment~"defconf"]
 /interface list member remove [find comment~"defconf"]
 /interface detect-internet set detect-interface-list=none
 /interface detect-internet set lan-interface-list=none
 /interface detect-internet set wan-interface-list=none
 /interface detect-internet set internet-interface-list=none
 /interface list remove [find comment~"defconf"]
 /tool mac-server set allowed-interface-list=all
 /tool mac-server mac-winbox set allowed-interface-list=all
 /ip neighbor discovery-settings set discover-interface-list=!dynamic
   :local o [/ip dhcp-server network find comment="defconf"]
   :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
   :local o [/ip dhcp-server find name="defconf" !disabled]
   :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
   /ip pool {
     :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
     :if ([:len $o] != 0) do={ remove $o }
   }
   :local o [/ip dhcp-client find comment="defconf"]
   :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
 /ip dns {
   set allow-remote-requests=no
   :local o [static find comment="defconf"]
   :if ([:len $o] != 0) do={ static remove $o }
 }
 /ip address {
   :local o [find comment="defconf"]
   :if ([:len $o] != 0) do={ remove $o }
 }
 :foreach iface in=[/interface ethernet find] do={
   /interface ethernet set $iface name=[get $iface default-name]
 }
 /interface bridge port remove [find comment="defconf"]
 /interface bridge remove [find comment="defconf"]
 /interface bonding remove [find comment="defconf"]
}
:log info Defconf_script_finished;
:set defconfMode;

 

=========== End

 

标签:comment,defconf,list,accept,2nD,add,RB951Ui,interface
From: https://www.cnblogs.com/lsgxeva/p/17976419

相关文章

  • The 2nd Universal Cup Stage 18: Dolgoprudny H
    题意大概是说求有所有有标号有根树及其黑白染色方案使得定义\(S_{x}\)为\(x\)和其儿子节点构成的集合,则\(S_{x}\)中的黑色节点个数要求不少于白色节点个数,且定义\(x\)的白色节点个数为\(cnt_{x}\),则其方案的贡献为\(\sum_{i=1}^{n}cnt_{i}!\)(原题意这里似乎说的非常抽......
  • kaggle Open Problems – Single-Cell Perturbations 1st & 2nd place solution summa
    Leaderboard:https://www.kaggle.com/competitions/open-problems-single-cell-perturbations/leaderboard2ndSolution:https://www.kaggle.com/competitions/open-problems-single-cell-perturbations/discussion/458738Code:https://github.com/Eliorkalfon/single_ce......
  • The 2nd Universal Cup. Stage 3: Binjiang
    比赛链接没做完。A.AlmostPrefixConcatenation给定字符串\(S,T\)。称一个串是好的,当且仅当可以通过修改不超过一个字符使其成为\(T\)的前缀。称一个把\(S\)划分成\(n\)个非空子串\(S_1,S_2,\cdots,S_n\)的方案是合法的,当且仅当对于任意\(1\lei\len\),串\(S_i......
  • 2023 China Collegiate Programming Contest (CCPC) Guilin Onsite (The 2nd Universa
    题解:https://files.cnblogs.com/files/clrs97/2023Guilin_Tutorial.pdf Code:A.EasyDiameterProblem#include<bits/stdc++.h>usingnamespacestd;constintN=300;constintmod=1e9+7;typedefpair<int,int>pii;vector<pair<int,int......
  • 聪明办法学 Python 2nd Edition
    聪明办法学Python2ndEditionChapter5循环Loopfor循环和循环范围for循环的特点基于提供的范围,重复执行特定次数的操作In[1]defsumFromMToN(m,n):total=0#注意:range(x,y)是左闭右开区间,包含x,不包含yforxinrange(m,n+1):total......
  • The 2nd Universal Cup. Stage 6: Warsaw L.Spectacle (思维)
    大致题意:  给定n个玩家,每个玩家有一个战力值,安排x(1<=x<=n/2(向下取整))场游戏,每场游戏安排x对玩家对战,对于每一场游戏每个玩家只能参加一次对战,要求对于每x场玩家对战的两个玩家rating差的最大值尽可能小。  例如给定6个玩家战力值为10131420100105,当x=1的时......
  • The 2nd Universal Cup. Stage 5: Northern J Sets May Be Good
    题解我们考虑计算\(\sum_{S\subseteq\{1,2,3,\cdots,n\}}(-1)^{cnt(S)}\),这里\(cnt(S)\)表示\(S\)集合的导出子图的边数。我们记\(x_i=[i\inS]\)。我们考虑删掉\(n\)号点。注意到如果\(x_i\)的取值会影响\(cnt(s)\)的奇偶性,则正负相消,贡献为\(0\)。所以我们需......
  • The 2nd Universal Cup. Stage 4: Taipei - I(状压DP)
    目录I.IntervalAdditionI.IntervalAddition题意给定一个长度为n$(1\len\le23)$的数组a。你可以进行一种操作:选择区间\([l,r]\)并给这个区间所有的数都加上一个任意的数。问你使得整个数组均为0所需的最小操作次数?思路考虑差分数组无论怎么对于区间\([l,r......
  • The 2018 ACM-ICPC Asia Qingdao Regional Contest, Online (The 2nd Universal Cup
    The2018ACM-ICPCAsiaQingdaoRegionalContest,Online(The2ndUniversalCup.Stage1:Qingdao)J-PresstheButton\(1\leqa,b,c,d\leq10^6\)题解容易发现存在循环节,每次位于\(gcd(a,c)\)的倍数的位置所以我们考虑处理一个循环节内的情况如果\(v\le......
  • [NSSCTF 2nd]MyBase
    思路:IDA打开,发现有符号表,还贴心的备注了Base64加密。仔细一看也确实是这样。拿base64表直接丢到赛博厨子,太棒了,没有结果。怀疑是不是趁我睡着了改了我的Base64表,直接下断点动调,不调不要紧,一调吓一跳,Base64表在每次循环的时候都会变,但是加密用的表一定是相同的,那就记录每一次的表,......