搜尋
搜尋
  • 860

[研究所] MikroTik RouterOS 學習 (持續更新)

前往頁尾
LoveTaiwan
LoveTaiwan
LoveTaiwan
203分
8461樓
2024-05-10 15:24
@gfx

網兄,我在國外論壇看到一個script , 可以用來封鎖惡意vpn 連接ip ..
我是打算用在wireguide. 上面.. 但是看不是很懂..
可以請你幫忙看一下嗎?


# Created Jotne && rextended 2022 v1.5
#
# This script add ip of user who with "IPSEC negotiation failed", "SPI* not registered" and "Invalid exchange" to a block list for 7 days
# Schedule the script to run every 5 min
# It should run on all routerOS version
# 1.3 added "Invalid exchange"
# 1.4 added dot behind "negotiation failed" to get only lines with IP
# 1.4 made all inn to one loop, based on idea by rextended
# 1.5 Fixed typo

:local logMessage ""
:local logIp ""
/log
:foreach i in=[find where message~"phase1 negotiation failed\\." or message~"SPI.*not regist" or message~"Invalid exchange"] do={
:set logMessage [get $i message]

:if ($logMessage~"phase1 negotiation failed\\.") do={
:set logIp [:toip [:pick $logMessage -1 [:find $logMessage " "]]]
:if ([:len [/ip fire addr find where list=IPSEC address=$logIp]] < 1) do={
/ip fire addr add address=$logIp list=IPSEC timeout=7d
:log info message="script=IPSEC_failed src_ip=$logIp why=negotiation_failed"
}
}

:if ($logMessage~"SPI .* not registered for") do={
:set logIp [:toip [:pick $logMessage ([:find $logMessage "for "]+4) [:find $logMessage "["]]]
:if ([:len [/ip fire addr find where list=IPSEC address=$logIp]] < 1) do={
/ip fire addr add address=$logIp list=IPSEC timeout=7d
:log info message="script=IPSEC_failed src_ip=$logIp why=SPI_not_registered"
}
}

:if ($logMessage~"Invalid exchange") do={
:set logIp [:toip [:pick $logMessage ([:find $logMessage "from "]+5) [:find $logMessage "["]]]
:if ([:len [/ip fire addr find where list=IPSEC address=$logIp]] < 1) do={
/ip fire addr add address=$logIp list=IPSEC timeout=7d
:log info message="script=IPSEC_failed src_ip=$logIp why=Invalid_exchange"
}
}
}
gfx
gfx

而且上面有許多ipsec字樣,wireguard與ipsec的log訊息格式天差地遠,要編輯給wireguard使用沒您想像中簡單

2024-05-13 0:13
LoveTaiwan
LoveTaiwan

routeros 在wireguard 上面還是沒有完全優化好...

2024-05-13 9:02
lobo826
lobo826
lobo826
  • lobo826
  • 個人積分:0分
    文章編號:89721726
0分
8462樓
2024-05-24 15:32
想請教各位以下的script 應該怎樣修改才能達到下面我想要的效果.

目前同一個ISP 有2個IP address, 之前ISP DHCP 派不同subnet,
所以上網找到用以下的script 相距一段時間檢查IP & gateway有沒改動

但最近ISP DHCP 改派了同一subnet, 查回舊帖需要在IP route 中的gateway 加上 gwIP%wan1_ISP 和 gwIP%wan2_ISP,
但我不知應該怎修改以下script, 各位能否指導一下, 謝謝!!

例如ISP GW IP address 是100.100.100.1

100.100.100.1%wan1_ISP
100.100.100.1%wan2_ISP

:global newgw [/ip dhcp-client get [find interface="wan1_ISP" ] gateway ]
:global activegw [/ip route get [/ip route find comment="wan1"] gateway ]
:if ($newgw != $activegw) do={
/ip route set [find comment="wan1"] gateway=$newgw
/ip route set [find comment="wan1 routing gateway"] gateway=$newgw
}
:global newgw [/ip dhcp-client get [find interface="wan2_ISP" ] gateway ]
:global activegw [/ip route get [/ip route find comment="wan2"] gateway ]
:if ($newgw != $activegw) do={
/ip route set [find comment="wan2"] gateway=$newgw
/ip route set [find comment="wan2 routing gateway"] gateway=$newgw
}
gfx
gfx
gfx
  • gfx
  • 個人積分:1603分
    文章編號:89724719
1603分
8463樓
2024-05-25 0:30
lobo826 wrote:
想請教各位以下的script...(恕刪)
:foreach i in=[/ip route find comment=wan1] do={/ip route set $i gateway="$"gateway-address"%wan1_ISP"}
:foreach i in=[/ip route find comment=wan2] do={/ip route set $i gateway="$"gateway-address"%wan2_ISP"}
lobo826
lobo826

感謝gfx 已測試成功了 謝謝

2024-05-25 12:44
casioc
casioc
casioc
  • casioc
  • 個人積分:115分
    文章編號:89753879
115分
8464樓
2024-05-29 20:56
最近小弟家用的陸製TP-LINK網路攝影機在ROUTEROS路由器下的WIFI不知為何無法連線(之前正常),把它移到OpenWrt路由器下的WIFI就正常(同一個Fiber數據機下),請問各位大大,ROUTEROS路由器要調整哪裡的參數才能恢復正常呢?感謝回應。
型號:RB750GR3
RouterOS 版本: 6.49.7

add address=211.21.0.0/16 list=TW-IP
add address=211.79.128.0/19 list=TW-IP
add address=211.78.128.0/19 list=TW-IP
add address=211.78.0.0/20 list=TW-IP
add address=211.77.0.0/18 list=TW-IP
add address=211.22.0.0/16 list=TW-IP
add address=211.78.96.0/19 list=TW-IP
add address=211.78.64.0/20 list=TW-IP
add address=211.77.64.0/18 list=TW-IP
add address=211.78.80.0/20 list=TW-IP
add address=211.79.208.0/20 list=TW-IP
add address=211.23.0.0/16 list=TW-IP
add address=211.79.192.0/20 list=TW-IP
add address=211.79.64.0/19 list=TW-IP
add address=202.39.0.0-202.39.95.255 list=TW-IP
add address=211.79.32.0/20 list=TW-IP
add address=61.216.0.0/16 list=TW-IP
add address=61.218.0.0/15 list=TW-IP
add address=61.217.0.0/16 list=TW-IP
add address=211.76.0.0/19 list=TW-IP
add address=210.67.96.0/20 list=TW-IP
add address=211.78.208.0/20 list=TW-IP
add address=211.77.128.0/17 list=TW-IP
add address=61.20.0.0/16 list=TW-IP
add address=211.78.32.0/19 list=TW-IP
add address=211.78.16.0/20 list=TW-IP
add address=211.78.160.0/19 list=TW-IP
add address=211.76.128.0/20 list=TW-IP
add address=61.56.224.0/19 list=TW-IP
add address=211.79.160.0/19 list=TW-IP
add address=61.56.192.0/19 list=TW-IP
add address=61.30.0.0/16 list=TW-IP
add address=61.220.0.0/14 list=TW-IP
add address=61.224.0.0/14 list=TW-IP
add address=211.73.224.0/19 list=TW-IP
add address=218.32.0.0/16 list=TW-IP
add address=61.58.64.0/20 list=TW-IP
add address=61.60.0.0/19 list=TW-IP
add address=61.57.224.0/20 list=TW-IP
add address=61.61.0.0-61.61.191.255 list=TW-IP
add address=61.56.64.0/20 list=TW-IP
add address=218.160.0.0/14 list=TW-IP
add address=218.164.0.0/15 list=TW-IP
add address=61.228.0.0/14 list=TW-IP
add address=61.58.192.0/18 list=TW-IP
add address=61.56.128.0/20 list=TW-IP
add address=61.57.160.0/20 list=TW-IP
add address=202.5.4.0/23 list=TW-IP
add address=61.60.32.0-61.60.127.255 list=TW-IP
add address=61.56.80.0/20 list=TW-IP
add address=211.76.144.0/20 list=TW-IP
add address=61.63.0.0/19 list=TW-IP
add address=211.76.96.0/20 list=TW-IP
add address=61.58.96.0/20 list=TW-IP
add address=219.80.0.0/16 list=TW-IP
add address=61.31.0.0/16 list=TW-IP
add address=219.81.0.0/16 list=TW-IP
add address=61.56.144.0/20 list=TW-IP
add address=61.57.176.0/20 list=TW-IP
add address=61.58.32.0/20 list=TW-IP
add address=61.58.16.0/20 list=TW-IP
add address=61.60.224.0/20 list=TW-IP
add address=61.65.0.0/17 list=TW-IP
add address=61.64.64.0/18 list=TW-IP
add address=211.78.240.0/20 list=TW-IP
add address=61.66.0.0/16 list=TW-IP
add address=61.67.0.0/20 list=TW-IP
add address=211.76.160.0/20 list=TW-IP
add address=61.56.160.0/19 list=TW-IP
add address=61.63.32.0-61.63.95.255 list=TW-IP
add address=61.57.208.0/20 list=TW-IP
add address=61.64.128.0/17 list=TW-IP
add address=218.166.0.0/15 list=TW-IP
add address=220.128.0.0/18 list=TW-IP
add address=218.168.0.0/13 list=TW-IP
add address=202.5.12.0/22 list=TW-IP
add address=211.76.176.0/20 list=TW-IP
add address=211.76.240.0/20 list=TW-IP
add address=61.58.80.0/20 list=TW-IP
add address=202.8.14.0/23 list=TW-IP
add address=61.57.144.0/20 list=TW-IP
add address=61.62.0.0/16 list=TW-IP
add address=61.58.160.0/19 list=TW-IP
add address=163.30.0.0-163.32.255.255 list=TW-IP
add address=163.13.0.0-163.28.255.255 list=TW-IP
add address=61.56.16.0/20 list=TW-IP
add address=61.67.64.0/19 list=TW-IP
add address=221.120.0.0-221.120.95.255 list=TW-IP
add address=211.76.32.0/19 list=TW-IP
add address=211.79.48.0/20 list=TW-IP
add address=61.67.128.0/17 list=TW-IP
add address=220.128.64.0-220.128.255.255 list=TW-IP
add address=220.129.0.0-220.143.255.255 list=TW-IP
add address=61.65.128.0/18 list=TW-IP
add address=61.56.0.0/20 list=TW-IP
add address=202.168.192.0/20 list=TW-IP
add address=61.60.192.0/20 list=TW-IP
add address=140.138.0.0/16 list=TW-IP
add address=140.132.0.0/16 list=TW-IP
add address=140.120.0.0/13 list=TW-IP
add address=140.112.0.0/16 list=TW-IP
add address=140.134.0.0/16 list=TW-IP
add address=140.129.0.0/16 list=TW-IP
add address=140.114.0.0/16 list=TW-IP
add address=140.109.0.0/16 list=TW-IP
add address=140.136.0.0/15 list=TW-IP
add address=140.131.0.0/16 list=TW-IP
add address=140.116.0.0/14 list=TW-IP
add address=140.111.0.0/16 list=TW-IP
add address=140.133.0.0/16 list=TW-IP
add address=140.128.0.0/16 list=TW-IP
add address=140.113.0.0/16 list=TW-IP
add address=140.135.0.0/16 list=TW-IP
add address=140.130.0.0/16 list=TW-IP
add address=140.115.0.0/16 list=TW-IP
add address=140.110.0.0/16 list=TW-IP
add address=61.56.96.0/20 list=TW-IP
add address=219.84.0.0/16 list=TW-IP
add address=219.85.0.0/16 list=TW-IP
add address=203.119.3.0/24 list=TW-IP
add address=61.63.96.0/19 list=TW-IP
add address=61.57.240.0/20 list=TW-IP
add address=220.228.0.0/16 list=TW-IP
add address=220.229.0.0/16 list=TW-IP
add address=202.160.64.0/19 list=TW-IP
add address=61.61.208.0-61.61.239.255 list=TW-IP
add address=202.6.104.0/23 list=TW-IP
add address=61.58.48.0/20 list=TW-IP
add address=61.57.64.0/18 list=TW-IP
add address=61.67.16.0-61.67.47.255 list=TW-IP
add address=61.61.240.0/20 list=TW-IP
add address=61.65.192.0/19 list=TW-IP
add address=61.57.32.0/19 list=TW-IP
add address=59.120.0.0/14 list=TW-IP
add address=59.112.0.0/13 list=TW-IP
add address=210.85.0.0/16 list=TW-IP
add address=218.34.0.0/16 list=TW-IP
add address=222.250.0.0/16 list=TW-IP
add address=210.58.0.0/16 list=TW-IP
add address=218.184.0.0/16 list=TW-IP
add address=218.35.0.0/16 list=TW-IP
add address=202.178.128.0/17 list=TW-IP
add address=222.251.0.0/17 list=TW-IP
add address=61.58.128.0/19 list=TW-IP
add address=60.248.0.0/16 list=TW-IP
add address=61.60.240.0/20 list=TW-IP
add address=61.67.48.0/20 list=TW-IP
add address=61.64.48.0/20 list=TW-IP
add address=203.160.224.0/19 list=TW-IP
add address=219.86.0.0/15 list=TW-IP
add address=60.198.0.0/16 list=TW-IP
add address=60.245.0.0/18 list=TW-IP
add address=211.76.64.0/20 list=TW-IP
add address=211.73.160.0/19 list=TW-IP
add address=203.121.224.0/20 list=TW-IP
add address=58.86.0.0/16 list=TW-IP
add address=210.202.32.0/20 list=TW-IP
add address=203.79.128.0/17 list=TW-IP
add address=219.91.0.0/17 list=TW-IP
add address=210.202.64.0/18 list=TW-IP
add address=210.201.0.0/16 list=TW-IP
add address=222.157.0.0/16 list=TW-IP
add address=210.202.128.0/17 list=TW-IP
add address=60.244.0.0/17 list=TW-IP
add address=218.187.0.0/16 list=TW-IP
add address=210.202.48.0/21 list=TW-IP
add address=210.200.0.0/16 list=TW-IP
add address=222.156.0.0/16 list=TW-IP
add address=210.203.0.0/17 list=TW-IP
add address=210.202.0.0/19 list=TW-IP
add address=58.99.0.0/18 list=TW-IP
add address=192.83.172.0/24 list=TW-IP
add address=192.83.167.0/24 list=TW-IP
add address=192.83.194.0/24 list=TW-IP
add address=192.83.189.0/24 list=TW-IP
add address=192.83.184.0/24 list=TW-IP
add address=192.83.179.0/24 list=TW-IP
add address=192.83.174.0/24 list=TW-IP
add address=192.83.169.0/24 list=TW-IP
add address=192.83.196.0/24 list=TW-IP
add address=192.83.191.0/24 list=TW-IP
add address=192.83.186.0/24 list=TW-IP
add address=192.83.181.0/24 list=TW-IP
add address=192.83.176.0/24 list=TW-IP
add address=192.83.171.0/24 list=TW-IP
add address=202.144.208.0/20 list=TW-IP
add address=192.83.166.0/24 list=TW-IP
add address=192.83.193.0/24 list=TW-IP
add address=192.83.188.0/24 list=TW-IP
add address=192.83.183.0/24 list=TW-IP
add address=192.83.178.0/24 list=TW-IP
add address=192.83.173.0/24 list=TW-IP
add address=192.83.168.0/24 list=TW-IP
add address=192.83.195.0/24 list=TW-IP
add address=192.83.190.0/24 list=TW-IP
add address=192.83.185.0/24 list=TW-IP
add address=192.83.180.0/24 list=TW-IP
add address=192.83.175.0/24 list=TW-IP
add address=192.83.170.0/24 list=TW-IP
add address=192.192.0.0/16 list=TW-IP
add address=192.83.192.0/24 list=TW-IP
add address=192.83.187.0/24 list=TW-IP
add address=192.83.182.0/24 list=TW-IP
add address=192.83.177.0/24 list=TW-IP
add address=168.95.0.0/16 list=TW-IP
add address=203.145.192.0/20 list=TW-IP
add address=202.148.208.0/20 list=TW-IP
add address=218.210.0.0/16 list=TW-IP
add address=218.211.0.0/16 list=TW-IP
add address=202.169.160.0/20 list=TW-IP
add address=61.57.128.0/20 list=TW-IP
add address=202.151.48.0/20 list=TW-IP
add address=125.224.0.0/13 list=TW-IP
add address=59.124.0.0/14 list=TW-IP
add address=125.232.0.0/15 list=TW-IP
add address=60.199.0.0/16 list=TW-IP
add address=124.8.0.0/14 list=TW-IP
add address=124.12.0.0/16 list=TW-IP
add address=124.199.96.0/20 list=TW-IP
add address=124.199.64.0/19 list=TW-IP
add address=203.78.176.0/20 list=TW-IP
add address=124.29.128.0/19 list=TW-IP
add address=203.201.32.0/20 list=TW-IP
add address=203.207.32.0/20 list=TW-IP
add address=203.84.144.0/21 list=TW-IP
add address=203.118.224.0/20 list=TW-IP
add address=203.111.208.0/20 list=TW-IP
add address=58.99.64.0/18 list=TW-IP
add address=124.155.128.0/19 list=TW-IP
add address=203.160.144.0/20 list=TW-IP
add address=203.145.208.0/20 list=TW-IP
add address=203.121.240.0/20 list=TW-IP
add address=60.244.128.0/17 list=TW-IP
add address=124.219.0.0/17 list=TW-IP
add address=124.218.0.0/16 list=TW-IP
add address=203.190.16.0/21 list=TW-IP
add address=122.118.0.0/16 list=TW-IP
add address=60.250.0.0/15 list=TW-IP
add address=122.116.0.0/15 list=TW-IP
add address=122.120.0.0/13 list=TW-IP
add address=60.249.0.0/16 list=TW-IP
add address=61.247.160.0/20 list=TW-IP
add address=220.157.112.0/20 list=TW-IP
add address=122.100.64.0/18 list=TW-IP
add address=122.99.0.0/18 list=TW-IP
add address=124.29.160.0/19 list=TW-IP
add address=123.99.0.0/19 list=TW-IP
add address=123.50.32.0/19 list=TW-IP
add address=122.201.128.0/17 list=TW-IP
add address=123.0.192.0/18 list=TW-IP
add address=122.255.80.0/20 list=TW-IP
add address=211.76.112.0/20 list=TW-IP
add address=123.252.0.0/17 list=TW-IP
add address=123.192.0.0/14 list=TW-IP
add address=122.146.0.0/15 list=TW-IP
add address=123.99.32.0/19 list=TW-IP
add address=123.110.0.0/16 list=TW-IP
add address=123.240.0.0/15 list=TW-IP
add address=116.50.32.0/20 list=TW-IP
add address=116.59.0.0/16 list=TW-IP
add address=116.89.128.0/20 list=TW-IP
add address=116.118.128.0/18 list=TW-IP
add address=117.19.0.0/16 list=TW-IP
add address=117.56.0.0/16 list=TW-IP
add address=117.103.96.0/20 list=TW-IP
add address=121.50.144.0/21 list=TW-IP
add address=124.109.112.0/20 list=TW-IP
add address=124.155.160.0/19 list=TW-IP
add address=118.160.0.0/13 list=TW-IP
add address=121.50.176.0/20 list=TW-IP
add address=118.168.0.0/14 list=TW-IP
add address=118.232.0.0/15 list=TW-IP
add address=118.231.0.0/16 list=TW-IP
add address=211.79.112.0/20 list=TW-IP
add address=119.14.0.0/16 list=TW-IP
add address=119.15.192.0/18 list=TW-IP
add address=210.202.56.0/21 list=TW-IP
add address=119.30.16.0/20 list=TW-IP
add address=60.245.96.0/19 list=TW-IP
add address=60.245.64.0/19 list=TW-IP
add address=120.96.0.0/11 list=TW-IP
add address=114.24.0.0/14 list=TW-IP
add address=114.32.0.0/12 list=TW-IP
add address=122.200.152.0/21 list=TW-IP
add address=114.30.32.0/20 list=TW-IP
add address=61.60.128.0/19 list=TW-IP
add address=210.62.176.0/20 list=TW-IP
add address=61.63.128.0/19 list=TW-IP
add address=61.60.160.0/19 list=TW-IP
add address=61.63.160.0-61.63.255.255 list=TW-IP
add address=114.136.0.0/15 list=TW-IP
add address=114.140.0.0/16 list=TW-IP
add address=115.30.64.0/18 list=TW-IP
add address=115.43.0.0/16 list=TW-IP
add address=115.42.112.0/21 list=TW-IP
add address=115.80.0.0/14 list=TW-IP
add address=115.85.144.0/20 list=TW-IP
add address=113.21.160.0/19 list=TW-IP
add address=113.61.128.0/17 list=TW-IP
add address=113.196.0.0/16 list=TW-IP
add address=123.51.128.0/17 list=TW-IP
add address=210.63.160.0/19 list=TW-IP
add address=210.243.96.0/19 list=TW-IP
add address=61.57.0.0/19 list=TW-IP
add address=124.108.128.0/18 list=TW-IP
add address=210.67.208.0/20 list=TW-IP
add address=210.63.128.0/19 list=TW-IP
add address=210.243.64.0/19 list=TW-IP
add address=211.79.0.0/19 list=TW-IP
add address=210.67.144.0/20 list=TW-IP
add address=210.67.192.0/20 list=TW-IP
add address=112.78.64.0/19 list=TW-IP
add address=61.60.208.0/20 list=TW-IP
add address=123.0.32.0/19 list=TW-IP
add address=119.77.128.0/17 list=TW-IP
add address=112.104.0.0/15 list=TW-IP
add address=110.24.0.0/13 list=TW-IP
add address=110.50.128.0/18 list=TW-IP
add address=192.72.224.0/20 list=TW-IP
add address=139.175.0.0/16 list=TW-IP
add address=210.64.0.0/16 list=TW-IP
add address=192.72.64.0/18 list=TW-IP
add address=192.72.248.0/22 list=TW-IP
add address=221.169.0.0/16 list=TW-IP
add address=192.72.128.0/18 list=TW-IP
add address=210.68.0.0/16 list=TW-IP
add address=203.73.0.0/16 list=TW-IP
add address=192.72.3.0/24 list=TW-IP
add address=192.72.192.0/19 list=TW-IP
add address=211.74.128.0/17 list=TW-IP
add address=210.244.0.0/17 list=TW-IP
add address=192.72.4.0/22 list=TW-IP
add address=192.72.240.0/21 list=TW-IP
add address=210.66.0.0/16 list=TW-IP
add address=203.70.0.0/16 list=TW-IP
add address=192.72.8.0/21 list=TW-IP
add address=192.72.252.0/24 list=TW-IP
add address=192.72.16.0/20 list=TW-IP
add address=123.204.0.0/15 list=TW-IP
add address=211.74.0.0/17 list=TW-IP
add address=210.243.128.0/17 list=TW-IP
add address=61.59.0.0/16 list=TW-IP
add address=203.67.0.0/16 list=TW-IP
add address=59.104.0.0/15 list=TW-IP
add address=192.72.32.0/19 list=TW-IP
add address=111.80.0.0/14 list=TW-IP
add address=111.70.0.0/15 list=TW-IP
add address=203.65.160.0/19 list=TW-IP
add address=210.67.160.0/19 list=TW-IP
add address=210.62.192.0/19 list=TW-IP
add address=210.62.0.0/19 list=TW-IP
add address=210.62.32.0/19 list=TW-IP
add address=122.254.0.0/18 list=TW-IP
add address=114.198.160.0/20 list=TW-IP
add address=124.6.0.0/19 list=TW-IP
add address=115.165.192.0/18 list=TW-IP
add address=61.58.112.0/20 list=TW-IP
add address=114.198.176.0/20 list=TW-IP
add address=61.64.0.0/19 list=TW-IP
add address=180.92.0.0/20 list=TW-IP
add address=111.240.0.0/12 list=TW-IP
add address=124.150.128.0/21 list=TW-IP
add address=180.176.0.0/15 list=TW-IP
add address=180.204.0.0/14 list=TW-IP
add address=180.214.176.0/20 list=TW-IP
add address=180.217.0.0/16 list=TW-IP
add address=180.218.0.0/16 list=TW-IP
add address=118.99.128.0/17 list=TW-IP
add address=175.96.0.0/14 list=TW-IP
add address=175.41.48.0/20 list=TW-IP
add address=175.111.192.0/18 list=TW-IP
add address=175.180.0.0/14 list=TW-IP
add address=175.184.240.0/21 list=TW-IP
add address=27.240.0.0/13 list=TW-IP
add address=27.52.0.0/15 list=TW-IP
add address=27.51.0.0/16 list=TW-IP
add address=27.147.0.0/18 list=TW-IP
add address=1.34.0.0/15 list=TW-IP
add address=1.160.0.0/12 list=TW-IP
add address=27.100.64.0/18 list=TW-IP
add address=203.105.224.0/19 list=TW-IP
add address=210.192.0.0/18 list=TW-IP
add address=27.105.0.0/16 list=TW-IP
add address=202.145.128.0/17 list=TW-IP
add address=210.208.192.0/18 list=TW-IP
add address=203.77.32.0/19 list=TW-IP
add address=202.145.64.0/18 list=TW-IP
add address=210.17.0.0/17 list=TW-IP
add address=203.211.0.0/19 list=TW-IP
add address=202.132.0.0/16 list=TW-IP
add address=210.192.128.0/17 list=TW-IP
add address=203.77.0.0/19 list=TW-IP
add address=202.145.32.0/19 list=TW-IP
add address=210.208.96.0/19 list=TW-IP
add address=203.77.64.0/18 list=TW-IP
add address=223.136.0.0/13 list=TW-IP
add address=223.165.8.0/21 list=TW-IP
add address=223.22.0.0/15 list=TW-IP
add address=223.200.0.0/16 list=TW-IP
add address=211.76.80.0/20 list=TW-IP
add address=203.119.94.0/24 list=TW-IP
add address=49.128.112.0/20 list=TW-IP
add address=49.158.0.0/15 list=TW-IP
add address=49.216.0.0/14 list=TW-IP
add address=49.214.0.0/15 list=TW-IP
add address=49.213.128.0/17 list=TW-IP
add address=101.8.0.0/13 list=TW-IP
add address=59.102.128.0/17 list=TW-IP
add address=116.241.0.0/16 list=TW-IP
add address=101.136.0.0/14 list=TW-IP
add address=101.0.128.0-101.0.223.255 list=TW-IP
add address=182.155.0.0/16 list=TW-IP
add address=36.224.0.0/12 list=TW-IP
add address=42.64.0.0/12 list=TW-IP
add address=223.27.32.0/19 list=TW-IP
add address=115.42.80.0/20 list=TW-IP
add address=112.213.48.0/20 list=TW-IP
add address=42.0.64.0/18 list=TW-IP
add address=106.1.0.0/16 list=TW-IP
add address=39.1.0.0/16 list=TW-IP
add address=39.8.0.0/13 list=TW-IP
add address=106.64.0.0/15 list=TW-IP
add address=202.140.160.0/19 list=TW-IP
add address=1.200.0.0/16 list=TW-IP
add address=106.104.0.0/14 list=TW-IP
add address=103.2.216.0/22 list=TW-IP
add address=103.10.4.0/22 list=TW-IP
add address=103.5.32.0/22 list=TW-IP
add address=103.23.108.0/22 list=TW-IP
add address=103.247.112.0/22 list=TW-IP
add address=103.8.104.0/22 list=TW-IP
add address=103.20.40.0/22 list=TW-IP
add address=103.20.176.0/22 list=TW-IP
add address=103.21.60.0/22 list=TW-IP
add address=103.21.196.0/22 list=TW-IP
add address=103.30.44.0/22 list=TW-IP
add address=103.30.128.0/22 list=TW-IP
add address=103.30.132.0/22 list=TW-IP
add address=103.31.196.0/22 list=TW-IP
add address=103.16.240.0/22 list=TW-IP
add address=103.16.244.0/22 list=TW-IP
add address=103.17.8.0/22 list=TW-IP
add address=103.17.240.0/22 list=TW-IP
add address=103.18.128.0/22 list=TW-IP
add address=103.24.100.0/22 list=TW-IP
add address=103.25.232.0/22 list=TW-IP
add address=103.25.236.0/22 list=TW-IP
add address=103.235.88.0/24 list=TW-IP
add address=150.242.100.0/22 list=TW-IP
add address=103.235.90.0/23 list=TW-IP
add address=103.241.68.0/22 list=TW-IP
add address=103.243.248.0/22 list=TW-IP
add address=103.252.68.0/22 list=TW-IP
add address=103.224.132.0/22 list=TW-IP
add address=103.224.192.0/22 list=TW-IP
add address=103.224.200.0/22 list=TW-IP
add address=103.224.204.0/22 list=TW-IP
add address=103.225.0.0/22 list=TW-IP
add address=103.227.32.0/22 list=TW-IP
add address=103.227.224.0/22 list=TW-IP
add address=103.228.216.0/22 list=TW-IP
add address=103.229.100.0/22 list=TW-IP
add address=103.229.132.0/22 list=TW-IP
add address=103.233.68.0/22 list=TW-IP
add address=45.64.28.0/22 list=TW-IP
add address=45.64.32.0/22 list=TW-IP
add address=103.234.40.0/22 list=TW-IP
add address=45.64.228.0/22 list=TW-IP
add address=45.64.232.0/22 list=TW-IP
add address=103.234.80.0/22 list=TW-IP
add address=103.234.76.0/22 list=TW-IP
add address=150.107.60.0/22 list=TW-IP
add address=150.107.56.0/22 list=TW-IP
add address=150.107.64.0/22 list=TW-IP
add address=150.129.36.0/22 list=TW-IP
add address=103.234.224.0/22 list=TW-IP
add address=150.129.72.0/22 list=TW-IP
add address=103.234.228.0/22 list=TW-IP
add address=150.129.96.0/22 list=TW-IP
add address=43.254.16.0/22 list=TW-IP
add address=43.255.12.0/22 list=TW-IP
add address=43.255.88.0/22 list=TW-IP
add address=103.239.60.0/22 list=TW-IP
add address=43.255.92.0/22 list=TW-IP
add address=43.255.180.0/22 list=TW-IP
add address=43.240.24.0/22 list=TW-IP
add address=43.240.44.0/22 list=TW-IP
add address=43.240.108.0/22 list=TW-IP
add address=43.240.104.0/22 list=TW-IP
add address=103.36.116.0/22 list=TW-IP
add address=43.248.16.0/22 list=TW-IP
add address=43.250.44.0/22 list=TW-IP
add address=103.42.144.0/22 list=TW-IP
add address=103.42.148.0/22 list=TW-IP
add address=43.251.56.0/22 list=TW-IP
add address=43.251.60.0/22 list=TW-IP
add address=43.224.20.0/22 list=TW-IP
add address=103.43.48.0/22 list=TW-IP
add address=45.113.156.0/22 list=TW-IP
add address=103.59.220.0/22 list=TW-IP
add address=43.246.188.0/22 list=TW-IP
add address=119.31.176.0/20 list=TW-IP
add address=118.150.0.0/16 list=TW-IP
add address=150.116.0.0/15 list=TW-IP
add address=113.21.80.0/20 list=TW-IP
add address=103.196.172.0/22 list=TW-IP
add address=202.123.124.0/22 list=TW-IP
add address=220.158.228.0/22 list=TW-IP
add address=103.197.172.0/22 list=TW-IP
add address=103.200.0.0/22 list=TW-IP
add address=27.96.224.0/19 list=TW-IP
add address=111.67.48.0/20 list=TW-IP
add address=114.29.240.0/22 list=TW-IP
add address=114.29.244.0/22 list=TW-IP
add address=103.252.128.0/22 list=TW-IP
add address=103.252.196.0/22 list=TW-IP
add address=27.0.152.0/22 list=TW-IP
add address=103.207.252.0/22 list=TW-IP
add address=111.235.192.0/18 list=TW-IP
add address=101.3.0.0/16 list=TW-IP
add address=111.125.128.0/21 list=TW-IP
add address=103.222.248.0/22 list=TW-IP
add address=159.117.64.0/19 list=TW-IP
add address=103.229.50.0/24 list=TW-IP
add address=61.65.224.0/19 list=TW-IP
add address=103.97.48.0/22 list=TW-IP
add address=103.99.88.0/22 list=TW-IP
add address=103.100.124.0/22 list=TW-IP
add address=103.100.164.0/22 list=TW-IP
add address=103.103.80.0/22 list=TW-IP
add address=103.104.148.0/22 list=TW-IP
add address=103.106.52.0/22 list=TW-IP
add address=101.0.224.0/19 list=TW-IP
add address=103.116.68.0/22 list=TW-IP
add address=103.116.96.0/22 list=TW-IP
add address=103.117.4.0/22 list=TW-IP
add address=103.117.112.0/22 list=TW-IP
add address=103.117.224.0/22 list=TW-IP
add address=103.118.24.0/22 list=TW-IP
add address=103.119.212.0/22 list=TW-IP
add address=103.120.148.0/22 list=TW-IP
add address=103.129.180.0/22 list=TW-IP
add address=103.129.160.0/22 list=TW-IP
add address=103.129.144.0/22 list=TW-IP
add address=103.129.176.0/22 list=TW-IP
add address=103.129.164.0/22 list=TW-IP
add address=103.129.136.0/22 list=TW-IP
add address=103.129.168.0/22 list=TW-IP
add address=103.122.20.0/22 list=TW-IP
add address=103.122.16.0/22 list=TW-IP
add address=103.129.240.0/22 list=TW-IP
add address=103.122.124.0/22 list=TW-IP
add address=103.122.116.0/22 list=TW-IP
add address=103.122.148.0/22 list=TW-IP
add address=103.122.196.0/22 list=TW-IP
add address=103.122.188.0/22 list=TW-IP
add address=103.122.224.0/22 list=TW-IP
add address=103.122.216.0/22 list=TW-IP
add address=103.122.208.0/22 list=TW-IP
add address=103.123.0.0/22 list=TW-IP
add address=103.122.236.0/22 list=TW-IP
add address=103.123.128.0/22 list=TW-IP
add address=103.123.124.0/22 list=TW-IP
add address=103.123.132.0/22 list=TW-IP
add address=103.123.140.0/22 list=TW-IP
add address=103.123.184.0/22 list=TW-IP
add address=103.123.196.0/22 list=TW-IP
add address=103.123.188.0/22 list=TW-IP
add address=103.123.192.0/22 list=TW-IP
add address=103.123.216.0/22 list=TW-IP
add address=103.123.240.0/22 list=TW-IP
add address=103.130.44.0/22 list=TW-IP
add address=103.130.32.0/22 list=TW-IP
add address=103.130.28.0/22 list=TW-IP
add address=103.130.24.0/22 list=TW-IP
add address=103.130.20.0/22 list=TW-IP
add address=103.130.40.0/22 list=TW-IP
add address=103.130.36.0/22 list=TW-IP
add address=103.123.252.0/22 list=TW-IP
add address=103.130.48.0/22 list=TW-IP
add address=103.130.0.0/22 list=TW-IP
add address=103.130.84.0/22 list=TW-IP
add address=202.126.64.0/20 list=TW-IP
add address=103.130.96.0/22 list=TW-IP
add address=103.130.100.0/22 list=TW-IP
add address=103.130.92.0/22 list=TW-IP
add address=103.130.124.0/22 list=TW-IP
add address=103.130.120.0/22 list=TW-IP
add address=103.130.248.0/22 list=TW-IP
add address=103.130.252.0/22 list=TW-IP
add address=103.131.172.0/22 list=TW-IP
add address=103.131.112.0/22 list=TW-IP
add address=103.131.124.0/22 list=TW-IP
add address=103.131.252.0/22 list=TW-IP
add address=103.124.40.0/22 list=TW-IP
add address=103.124.72.0/22 list=TW-IP
add address=103.124.148.0/22 list=TW-IP
add address=103.124.176.0/22 list=TW-IP
add address=103.125.0.0/22 list=TW-IP
add address=103.124.252.0/22 list=TW-IP
add address=103.125.64.0/22 list=TW-IP
add address=103.125.156.0/22 list=TW-IP
add address=103.125.224.0/22 list=TW-IP
add address=103.125.228.0/22 list=TW-IP
add address=103.126.88.0/22 list=TW-IP
add address=103.126.140.0/22 list=TW-IP
add address=103.126.164.0/22 list=TW-IP
add address=103.126.180.0/22 list=TW-IP
add address=103.126.252.0/22 list=TW-IP
add address=103.127.148.0/22 list=TW-IP
add address=103.127.228.0/22 list=TW-IP
add address=103.127.232.0/22 list=TW-IP
add address=103.127.236.0/22 list=TW-IP
add address=103.127.240.0/22 list=TW-IP
add address=103.132.44.0/22 list=TW-IP
add address=103.132.132.0/22 list=TW-IP
add address=103.132.156.0/22 list=TW-IP
add address=103.133.44.0/22 list=TW-IP
add address=103.133.152.0/22 list=TW-IP
add address=103.134.80.0/22 list=TW-IP
add address=103.134.120.0/22 list=TW-IP
add address=103.135.16.0/22 list=TW-IP
add address=103.135.20.0/22 list=TW-IP
add address=103.135.116.0/22 list=TW-IP
add address=103.136.60.0/23 list=TW-IP
add address=103.136.210.0/23 list=TW-IP
add address=103.136.212.0/23 list=TW-IP
add address=103.136.224.0/23 list=TW-IP
add address=103.137.22.0/23 list=TW-IP
add address=103.137.62.0/23 list=TW-IP
add address=103.137.246.0/23 list=TW-IP
add address=103.138.92.0/23 list=TW-IP
add address=103.138.106.0/23 list=TW-IP
add address=103.138.194.0/23 list=TW-IP
add address=103.139.240.0/23 list=TW-IP
add address=103.140.110.0/23 list=TW-IP
add address=103.140.232.0/23 list=TW-IP
add address=103.141.82.0/23 list=TW-IP
add address=103.141.80.0/23 list=TW-IP
add address=103.37.36.0/22 list=TW-IP
add address=43.241.32.0/22 list=TW-IP
add address=203.222.16.0/20 list=TW-IP
add address=210.209.144.0/20 list=TW-IP
add address=210.209.192.0/18 list=TW-IP
add address=203.222.0.0/20 list=TW-IP
add address=210.209.128.0/20 list=TW-IP
add address=121.254.64.0/18 list=TW-IP
add address=210.209.160.0/19 list=TW-IP
add address=203.217.96.0/19 list=TW-IP
add address=103.142.42.0/23 list=TW-IP
add address=103.142.44.0/23 list=TW-IP
add address=103.142.150.0/23 list=TW-IP
add address=103.142.152.0/23 list=TW-IP
add address=103.142.176.0/23 list=TW-IP
add address=103.143.56.0/23 list=TW-IP
add address=43.240.152.0/22 list=TW-IP
add address=175.111.32.0/19 list=TW-IP
add address=103.5.100.0/22 list=TW-IP
add address=223.26.64.0/18 list=TW-IP
add address=203.163.192.0/19 list=TW-IP
add address=103.144.34.0/23 list=TW-IP
add address=103.144.32.0/23 list=TW-IP
add address=103.146.164.0/23 list=TW-IP
add address=116.212.80.0/20 list=TW-IP
add address=61.67.122.0-61.67.127.255 list=TW-IP
add address=203.207.0.0/20 list=TW-IP
add address=103.146.212.0/23 list=TW-IP
add address=103.146.210.0/23 list=TW-IP
add address=103.147.22.0/23 list=TW-IP
add address=103.147.58.0/23 list=TW-IP
add address=103.147.130.0/23 list=TW-IP
add address=103.148.68.0/23 list=TW-IP
add address=103.148.72.0/23 list=TW-IP
add address=203.65.224.0/19 list=TW-IP
add address=43.227.24.0/22 list=TW-IP
add address=103.46.188.0/22 list=TW-IP
add address=103.148.142.0/23 list=TW-IP
add address=103.148.146.0/23 list=TW-IP
add address=103.149.66.0/23 list=TW-IP
add address=103.149.64.0/23 list=TW-IP
add address=103.150.36.0/23 list=TW-IP
add address=103.150.230.0/23 list=TW-IP
add address=150.129.228.0/22 list=TW-IP
add address=103.234.204.0/22 list=TW-IP
add address=103.98.72.0/22 list=TW-IP
add address=103.152.150.0/23 list=TW-IP
add address=103.152.202.0/23 list=TW-IP
add address=103.152.220.0/23 list=TW-IP
add address=103.152.252.0/23 list=TW-IP
add address=182.173.0.0/22 list=TW-IP
add address=103.153.176.0/23 list=TW-IP
add address=103.155.202.0/23 list=TW-IP
add address=103.156.116.0/23 list=TW-IP
add address=103.156.184.0/23 list=TW-IP
add address=103.156.242.0/23 list=TW-IP
add address=103.157.42.0/23 list=TW-IP
add address=103.157.86.0/23 list=TW-IP
add address=103.158.76.0/23 list=TW-IP
add address=103.158.80.0/23 list=TW-IP
add address=103.158.74.0/23 list=TW-IP
add address=103.158.78.0/23 list=TW-IP
add address=103.158.118.0/23 list=TW-IP
add address=103.158.116.0/23 list=TW-IP
add address=103.158.112.0/23 list=TW-IP
add address=103.158.114.0/23 list=TW-IP
add address=103.158.134.0/23 list=TW-IP
add address=103.158.184.0/23 list=TW-IP
add address=103.158.186.0/23 list=TW-IP
add address=103.158.228.0/23 list=TW-IP
add address=103.159.88.0/23 list=TW-IP
add address=103.159.86.0/23 list=TW-IP
add address=103.159.118.0/23 list=TW-IP
add address=103.159.120.0/23 list=TW-IP
add address=103.159.176.0/23 list=TW-IP
add address=103.159.172.0/23 list=TW-IP
add address=103.159.210.0/23 list=TW-IP
add address=103.159.206.0/23 list=TW-IP
add address=103.160.0.0/23 list=TW-IP
add address=103.160.86.0/23 list=TW-IP
add address=103.160.180.0/23 list=TW-IP
add address=103.160.214.0/23 list=TW-IP
add address=211.73.72.0/21 list=TW-IP
add address=103.160.220.0/23 list=TW-IP
add address=211.73.80.0/20 list=TW-IP
add address=103.160.226.0/23 list=TW-IP
add address=103.160.224.0/23 list=TW-IP
add address=103.160.250.0/23 list=TW-IP
add address=103.161.6.0/23 list=TW-IP
add address=103.161.12.0/23 list=TW-IP
add address=103.161.10.0/23 list=TW-IP
add address=103.161.8.0/23 list=TW-IP
add address=103.161.36.0/23 list=TW-IP
add address=103.161.78.0/23 list=TW-IP
add address=103.161.90.0/23 list=TW-IP
add address=103.162.84.0/23 list=TW-IP
add address=103.235.89.0/24 list=TW-IP
add address=103.1.220.0/22 list=TW-IP
add address=202.12.76.0/22 list=TW-IP
add address=103.167.50.0/23 list=TW-IP
add address=103.168.156.0/23 list=TW-IP
add address=103.169.46.0/23 list=TW-IP
add address=103.169.106.0/23 list=TW-IP
add address=103.169.126.0/23 list=TW-IP
add address=103.169.212.0/23 list=TW-IP
add address=103.170.14.0/23 list=TW-IP
add address=103.231.48.0/22 list=TW-IP
add address=103.172.128.0/23 list=TW-IP
add address=103.172.126.0/23 list=TW-IP
add address=103.172.124.0/23 list=TW-IP
add address=103.173.94.0/23 list=TW-IP
add address=103.174.154.0/23 list=TW-IP
add address=103.175.152.0/23 list=TW-IP
add address=103.175.166.0/23 list=TW-IP
add address=103.175.194.0/23 list=TW-IP
add address=103.175.254.0/23 list=TW-IP
add address=103.176.0.0/23 list=TW-IP
add address=103.176.50.0/23 list=TW-IP
add address=103.177.32.0/23 list=TW-IP
add address=103.177.50.0/23 list=TW-IP
add address=103.177.126.0/23 list=TW-IP
add address=103.178.10.0/23 list=TW-IP
add address=103.178.36.0/23 list=TW-IP
add address=103.178.92.0/23 list=TW-IP
add address=103.179.28.0/23 list=TW-IP
add address=103.179.148.0/23 list=TW-IP
/ip firewall filter
add action=drop chain=input comment="\\B0\\EA\\A5~ip\\A5\\FE\\BE\\D7(TCP 8728,8729,21,2\\
2,23,8291,80,443,1723\\B6i\\A4JROS)" dst-port=\
8728,8729,21,22,23,8291,80,443,1723 in-interface-list=Wan_Internet \
protocol=tcp src-address-list=!TW-IP
add action=drop chain=input comment=\
"\B0\EA\A5~ip\A5\FE\BE\D7(UDP 500,1701,4500\B6i\A4JROS)" dst-port=\
500,1701,4500 in-interface-list=Wan_Internet protocol=udp src-address-list=\
!TW-IP
add action=add-src-to-address-list address-list=drop_scan_ip \
address-list-timeout=35w chain=input comment="\\A7\\E2Internet\\A6b\\B1\\BD\\B4yip\\
\\AA\\BA\\B9\\EF\\A4\\E8ip\\AB\\D8\\A5\\DF\\B6\\C2\\A6W\\B3\\E6" protocol=tcp psd=\
21,3s,3,1 src-address-list=!Lan_ip
add action=drop chain=input comment="\\B9\\EF\\A4w\\A6b\\B1\\BD\\B4yip\\A6W\\B3\\E6\\A4\\BA\\
\\AA\\BA\\A4\\A3\\A9\\FAip\\AB\\CA\\A5]\\A5\\E1\\B1\\F3" src-address-list=drop_scan_ip
add action=accept chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9\\
w--> \\B6\\B6\\A7\\C70 (\\A9\\F1\\A6\\E6\\A6\\A8\\A5\\\\\\B5n\\A4J\\AB\\E1\\AA\\BAIP)" \
dst-port=21,22,23,8291 protocol=tcp src-address-list=login-ok
add action=drop chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9w-\\
-> \\B6\\B6\\A7\\C71 , \\B3o\\A5\\\\\\AF\\E0\\ACO\\A7P\\C2_Internet\\AA\\BA\\AD\\AF\\A5\\CDi\\
P\\B1\\FD\\B9\\C1\\B8\\D5\\B3s\\C4\\F2\\B5n\\A4J\\B8\\F4\\A5\\D1\\BE\\B9\\A1A\\A6b30\\AC\\ED\\A4\\
\\BA\\B3s\\C4\\F2\\B5n\\A4J\\A4\\AD\\A6\\B8\\AB\\E1\\A1A\\A9\\F3\\B2\\C4\\A4\\BB\\A6\\B8\\B5n\\A4J\\
\\AE\\C9\\B9\\EF\\A4\\E8\\AA\\BAIP\\B4N\\B7|\\B3Q\\A9\\D4\\B6\\C2\\B5L\\AAk\\A6A\\B9\\C1\\B8\\D5(\\
\\A8\\C3\\A5B\\A6\\DB\\B0\\CA\\A9\\D4\\B6\\C21\\A4\\D1)\\A1I\\A6p\\AAG\\ACO\\B1q\\A4\\BA\\BA\\F4\\
\\A5h\\B5n\\A4J\\B4N\\A4\\A3\\B0\\BB\\B4\\FA\\A1C\\B9w\\B3]\\B0\\BB\\B4\\FA\\AA\\FD\\BE\\D7\\AA\\BA\\
PORT \\A6\\B321,22,23,8291\\B3o6\\AD\\D3\\A1C" dst-port=21,22,23,8291 protocol=\
tcp src-address-list=login_error_ip
add action=add-src-to-address-list address-list=login_error_ip \
address-list-timeout=1d chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C72" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
ros_service_login5
add action=add-src-to-address-list address-list=ros_service_login5 \
address-list-timeout=1d30s chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C73" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
ros_service_login4
add action=add-src-to-address-list address-list=ros_service_login4 \
address-list-timeout=30s chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C74" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
ros_service_login3
add action=add-src-to-address-list address-list=ros_service_login3 \
address-list-timeout=30s chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C75" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
ros_service_login2
add action=add-src-to-address-list address-list=ros_service_login2 \
address-list-timeout=30s chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C76" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
ros_service_login1
add action=add-src-to-address-list address-list=ros_service_login1 \
address-list-timeout=30s chain=input comment=\
"\B6\B6\A7\C7\A6\EC\B8m\A5\B2\B6\B7\A9T\A9w--> \B6\B6\A7\C77" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp src-address-list=\
!Lan_ip
add action=add-src-to-address-list address-list=login-ok address-list-timeout=\
2d chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9w--> \\B6\\B6\\
\\A7\\C78 (\\A6\\A8\\A5\\\\\\B5n\\A4J\\AB\\E1\\AA\\BAIP\\A4\\A3\\A8\\FC\\B5n\\A4J\\A6\\B8\\BC\\C6\\
\\BCv\\C5T)" connection-rate=200k-5M connection-state=established dst-port=\
21,22,23,8291 in-interface-list=Wan_Internet protocol=tcp src-address-list=\
!login-ok
add action=accept chain=input comment="\\A5X\\B3f\\B3]\\A9w (\\A4\\B9\\B3\\\\\\A6^\\C0\\B3\\
\\A5~\\AD\\B1\\AA\\BAping\\AB\\CA\\A5]) \\A5i\\A6\\DB\\A6\\E6\\B0\\B1\\A5\\CE\\A9\\CE\\B2\\BE\\B0\\
\\A3" in-interface-list=Wan_Internet protocol=icmp
add action=accept chain=input comment="\\A5X\\B3f\\B3]\\A9w,\\A5i\\A6\\DB\\A6\\E6\\AD\\D7\\
\\A7\\EF_\\A4\\B9\\B3\\\\\\B3s\\A4J tcp port 80,8291 (\\B3o\\AD\\D3\\A5\\B2\\B6\\B7\\A4\\B9\\B3\\
\\\\,\\A7_\\ABh\\B5L\\AAk\\B1q\\BB\\B7\\BA\\DD\\BA\\DE\\B2zRouterOS)" dst-port=80,8291 \
protocol=tcp
add action=accept chain=input comment="\\A5X\\B3f\\B3]\\A9w,\\A5i\\A6\\DB\\A6\\E6\\AD\\D7\\
\\A7\\EF_\\A4\\B9\\B3\\\\\\B3s\\A4J tcp port 21,22,23,443,1723" dst-port=\
21,22,23,443,1723 protocol=tcp
add action=accept chain=input comment="\\A5X\\B3f\\B3]\\A9w,\\A5i\\A6\\DB\\A6\\E6\\AD\\D7\\
\\A7\\EF_\\A4\\B9\\B3\\\\\\B3s\\A4Judp port 500,1701,4500" dst-port=500,1701,4500 \
protocol=udp
add action=accept chain=forward comment="\\A5X\\B3f\\B3]\\A9w,\\A5i\\A6\\DB\\A6\\E6\\AD\\D7\\
\\A7\\EF_\\A4\\B9\\B3\\\\\\C2\\E0\\B0etcp port 80 (\\B3o\\ACO\\AB\\FC\\A4\\B9\\B3\\\\NAT\\C2\\E0\\
\\B1\\B5\\B5\\B9\\B0\\CF\\BA\\F4\\AA\\BA\\BE\\F7\\BE\\B9)" dst-port=80 in-interface-list=\
Wan_Internet protocol=tcp
add action=accept chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9\\
w--> \\B6\\B6\\A7\\C7A1 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8,\\A4\\B9\\B3\\\\\\B3s\\
\\B6i\\A8\\BE\\A4\\F5\\C0\\F0\\A4w\\B3s\\BDu\\BDT\\BB{\\AA\\BA\\AB\\CA\\A5])" \
connection-state=established,related,untracked
add action=drop chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9w-\\
-> \\B6\\B6\\A7\\C7A2 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8 \\A5\\E1\\B1\\F3\\B6i\\A8\\
\\D3\\AA\\BA\\B5L\\AE\\C4\\AB\\CA\\A5])" connection-state=invalid
add action=accept chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9\\
w--> \\B6\\B6\\A7\\C7A3 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8 \\B1\\B5\\A8\\FCCAPsM\\
AN\\AA\\BA local loopback" dst-address=127.0.0.1
add action=drop chain=input comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9w-\\
-> \\B6\\B6\\A7\\C7A4 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8 \\B0\\A3\\A4F\\A4\\BA\\BA\\
\\F4\\A4\\A7\\A5~,\\A5\\E1\\B1\\F3\\A9\\D2\\A6\\B3\\B6i\\A8\\D3\\AA\\BA\\AB\\CA\\A5])" \
src-address-list=!Lan_ip
add action=accept chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\
\\A9w--> \\B6\\B6\\A7\\C7A5 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8 \\B1\\B5\\A8\\FCip\\
sec\\B5\\A6\\B2\\A4)" ipsec-policy=in,ipsec
add action=accept chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\
\\A9w--> \\B6\\B6\\A7\\C7A6 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8 \\B1\\B5\\A8\\FCip\\
sec\\B5\\A6\\B2\\A4out)" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\
\\B2\\B6\\B7\\A9T\\A9w--> \\B6\\B6\\A7\\C7A7 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8,f\\
asttrack-connection\\B5w\\C5\\E9\\A5[\\B3t (\\A6p\\AAG\\A6\\B3\\AD\\AD\\B3t\\A9\\CE\\ACO\\B5\\
\\A6\\B2\\A4\\B8\\F4\\A5\\D1\\BB\\DD\\A8D,\\A5\\B2\\B6\\B7\\B0\\B1\\A5\\CE\\B3o\\B1\\F8)" \
connection-state=established,related
add action=accept chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\
\\A9w--> \\B6\\B6\\A7\\C7A8 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8,\\C2\\E0\\B5o\\B1\\
\\B5\\A8\\FC\\A4w\\AB\\D8\\A5\\DF\\AA\\BA\\A1A\\AC\\DB\\C3\\F6\\AA\\BA\\A4\\CE\\A5\\BC\\B8\\F2\\C2\\
\\DC\\AA\\BA\\AB\\CA\\A5])" connection-state=established,related,untracked
add action=drop chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9\\
w--> \\B6\\B6\\A7\\C7A9 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3],\\A5\\E1\\B1\\F3\\C2\\E0\\B5o\\B5L\\
\\AE\\C4\\AA\\BA\\B3s\\B1\\B5)" connection-state=invalid
add action=drop chain=forward comment="\\B6\\B6\\A7\\C7\\A6\\EC\\B8m\\A5\\B2\\B6\\B7\\A9T\\A9\\
w--> \\B6\\B6\\A7\\C7A10 (\\B3o\\ACO\\A5X\\BCt\\AA\\BA\\B3]\\A9w\\AD\\C8,\\A5\\E1\\B1\\F3Wan\\
\\BA\\DD\\B6i\\A8\\D3\\C2\\E0\\B5o\\AA\\BA\\B3s\\B1\\B5,\\A4\\A3\\B6i\\A6\\E6DSTNATed)" \
connection-nat-state=!dstnat connection-state=new in-interface-list=\
Wan_Internet
/ip firewall nat
add action=masquerade chain=srcnat comment="\\B3o\\A4@\\B1\\F8\\A4\\A3\\AF\\E0\\A7R,\\A7_\\
\\ABhNAT\\AA\\BA\\A5\\CE\\A4\\E1\\A5X\\A4\\A3\\A5h,\\A6p\\AAG\\B1z\\AA\\BA\\B0\\CF\\BA\\F4\\A6\\B3\\
\\AC[\\B3]server\\AA\\BA\\B8\\DC,\\A6bsrc.Address\\B3o\\A6\\EC\\B8m\\ADn\\B6\\F1\\A4W\\B0\\CF\\
\\BA\\F4\\AA\\BA\\BA\\F4\\ACq,\\A8\\D2\\A6p192.168.88.0/24,\\B3o\\BC\\CB\\A7A\\AA\\BA\\A6\\F8\\
\\AAA\\BE\\B9\\AA\\BA\\AC\\F6\\BF\\FD\\A4~\\AF\\E0\\B0\\BB\\B4\\FA\\A8\\EC\\B9\\EA\\BB\\DA\\B3s\\B6i\\
\\A8\\D3\\AA\\BA\\A4\\BD\\BA\\F4ip." ipsec-policy=out,none src-address=\
192.168.0.0/24
add action=dst-nat chain=dstnat comment="\\B3o\\A4@\\B1\\F8\\ACOPORT\\ACM\\AEg\\BDd\\A8\\
\\D2,(to-addresses=192.168.88.8\\ADn\\B4\\AB\\A6\\A8\\B1z\\A4\\BA\\BA\\F4\\A6\\F8\\AAA\\BE\\
\\B9\\AA\\BAIP\\A6\\EC\\A7})" dst-port=80 in-interface=pppoe-out1 protocol=tcp \
to-addresses=192.168.0.15 to-ports=80
add action=dst-nat chain=dstnat comment="NAT Loopback \\B3]\\A9w1" disabled=yes \
dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.88.8 \
to-ports=80
add action=masquerade chain=srcnat comment="NAT Loopback \\B3]\\A9w2" disabled=\
yes dst-address=192.168.88.8 dst-port=80 out-interface=Bridge-Lan protocol=\
tcp src-address=192.168.88.0/24 to-addresses=192.168.88.5 to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name="\\B3o\\B8\\CC\\B6\\F1PPPOE\\A5\\CE\\A9R\\A6W" password=\
"\B3o\B8\CC\B6\F1PPPOE\B1K\BDX" profile=profile-pppoe service=pppoe
add disabled=yes name="\\B3o\\B8\\CC\\B6\\F1VPN\\A5\\CE\\A9R\\A6W" password=\
"\B3o\B8\CC\B6\F1VPN\B1K\BDX" profile=profile-vpn service=pptp
/system clock
set time-zone-name=Asia/Taipei
/system identity
set name=RouterOS
/system ntp client
set enabled=yes primary-ntp=211.22.103.158 secondary-ntp=118.163.81.62
/system scheduler
add comment="\\B6}\\BE\\F7\\A7\\B9\\AB\\E13\\A4\\C0\\C4\\C1\\B9B\\C2\\E0" name=\
"\B6}\BE\F7\A6\DB\B0\CANTP\AE\C9\B6\A1\A6P\A8B" on-event=":delay 15\\r\\
\\n:global newntpip1 [:resolve clock.stdtime.gov.tw]\\r\\
\\n:global newntpip2 [:resolve tick.stdtime.gov.tw]\\r\\
\\n/system ntp client set enabled=yes primary-ntp=\\$newntpip1 secondary\\
-ntp=\\$newntpip2\\r\\
\\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup
add comment="\\B3]\\A9w\\B6}\\BE\\F730\\AC\\ED\\AB\\E1\\A6\\DB\\B0\\CA\\AD\\AB\\B8mmac-address\\t\\
, \\C1\\D7\\A7K\\C1\\D9\\AD\\EC\\A8\\EC\\A5t\\A4@\\A5x\\BE\\F7\\BE\\B9\\AE\\C9\\BA\\F4\\A5d\\A6\\EC\\
\\A7}\\A4@\\BC\\CB" name=all_mac-address_reset on-event=\
":delay 30\r\
\n /interface ethernet reset-mac-address [find]" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add comment="\\AD\\AB\\B6}\\BE\\F7\\AB\\E1\\A6\\DB\\B0\\CA\\A7\\F3\\B7sF/W upgrade " name=\
"F/W upgrade " on-event=":delay 5\\r\\
\\n/system routerboard upgrade " policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add disabled=yes interval=5m name="DDNS\\B8}\\A5\\BB(\\A8\\CF\\A5\\CE changeip)" \
on-event=":global ddnsuser \\"\B3o\B8\CC\B6\F1\A4J\A7A\A6b\BA\F4\AF\B8\A9\D2\
\B5\F9\A5U\AA\BAid\"\r\
\n:global ddnspass \"\B3o\B8\CC\B6\F1\A4Jid\B8\D3\B1b\B8\B9\AA\BA\B1K\BDX\"\
\r\
\n:global ddnshost \"\B3o\B8\CC\B6\F1\A4J\A7A\A9\D2\A5\D3\BD\D0\AA\BA\B0\EC\
\A6W,\A8\D2\A6p ros.ddns.ms\"\r\
\n:global ddnsinterface \"pppoe-out1\"\r\
\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\
\n# END OF USER DEFINED CONFIGURATION\r\
\n# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\
\n\r\
\n:global ddnssystem (\"mt-\" . [/system package get [/system package find n\
ame=system] version] )\r\
\n:global ddnsip [ /ip address get [/ip address find interface=\$ddnsinterfa\
ce] address ]\r\
\n:global ddnslastip\r\
\n\r\
\n:if ([:len [/interface find name=\$ddnsinterface]] = 0 ) do={ :log info \"\
DDNS: No interface named \$ddnsinterface, please check configuration.\" }\r\
\n\r\
\n:if ([ :typeof \$ddnslastip ] = \"nothing\" ) do={ :global ddnslastip 0.0.\
0.0/0 }\r\
\n\r\
\n:if ([ :typeof \$ddnsip ] = \"nothing\" ) do={\r\
\n\r\
\n:log info (\"DDNS: No ip address present on \" . \$ddnsinterface . \", ple\
ase check.\")\r\
\n\r\
\n} else={\r\
\n\r\
\n :if (\$ddnsip != \$ddnslastip) do={\r\
\n\r\
\n :log info \"DDNS: Sending UPDATE!\"\r\
\n :log info [ :put [/tool dns-update name=\$ddnshost address=[:pick \$dd\
nsip 0 [:find \$ddnsip \"/\"] ] key-name=\$ddnsuser key=\$ddnspass ] ]\r\
\n :global ddnslastip \$ddnsip\r\
\n\r\
\n } else={ \r\
\n\r\
\n :log info \"DDNS: No changes necessary.\"\r\
\n\r\
\n }\r\
\n\r\
\n}\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-date=jun/21/2014 start-time=13:56:21
add interval=1w name="Auto reboot" on-event="7 day auto reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=nov/27/2022 start-time=06:00:00
/tool graphing interface
add
/tool netwatch
add down-script=":log info \\"NETWATCH--Auto check ping google...\"\r\
\n:if ([/ping 8.8.8.8 count=5]=0) do={\r\
\nlog info \"NETWATCH--Check ping down, auto reset Interface/Wireless Port!\
\" ; /interface disable ether2 ; delay 5000ms ; /interface enable ether2}" \
host=8.8.8.8 up-script=":log info \\"NETWATCH--Auto check ping google...\"\r\
\n:if ([/ping 8.8.8.8 count=5]=0) do={\r\
\nlog info \"NETWATCH--Check ping down, auto reset Interface/Wireless Port!\
\" ; /interface disable ether2 ; delay 5000ms ; /interface enable ether2}"
[admin@RouterOS] >
gfx
gfx

開啟routeros命令窗,輸入export,把視窗上的文字全分享過來

2024-05-31 11:19
gfx
gfx

/ip firewall filter裡有一個fasttrack的規則,把他關閉試試

2024-06-01 20:02
LoveTaiwan
LoveTaiwan
LoveTaiwan
203分
8465樓
2024-05-31 9:28
gfx wrote:
.(恕刪)






gfx 兄.

7.15 改進了 wireguard..
gfx
gfx

對我沒用啊,才更新7.15,rb450gx4還是很不給面子的不定時崩潰重開機

2024-05-31 11:16
gfx
gfx
gfx
  • gfx
  • 個人積分:1603分
    文章編號:89770797
1603分
8466樓
2024-06-01 20:06
casioc wrote:
最近小弟家用的陸製TP...(恕刪)
/ip firewall filter裡有一個fasttrack的規則,把他關閉試試
casioc
casioc

ok,我已修改此參數,可能要觀察幾天看看,過幾天再回報結果,感謝gfx大大.

2024-06-03 22:54
top100011
top100011
top100011
  • top100011
  • 個人積分:1982分
    文章編號:89771161
1982分
8467樓
2024-06-01 21:42
想請教一下各位先位

最近有2的地方用 RouterOS 設備對接 WireGuard ,測試過可以互相連到對方內網了

但發現有一個內網設備連不到,後來才發現那台共用主機設備是沒有設網路閘道,只有設內網的IP而以
因為安全性問題,所以那台是不開通外網連接

所以設備1 下電腦 連到 設備2 的主機沒開閘道就會連不到
但是測試過如果是用 pptp 連的話,是可以連到那台設備的

所以想請教下 RouterOS 設備對接 WireGuard 是否有方法可以讓 不開閘道的電腦也可以被連到呢?
gfx
gfx

另一個方式用設備B的dhcp-serve,宣告設備A的網段給這個裝置。但這個裝置必需是用dhcp的方式拿到ip,若是手動的將無法透過router廣播路由給它

2024-06-03 12:59
top100011
top100011

好的,謝謝gfx大,我再試看看

2024-06-03 16:31
關友博
關友博
關友博
  • 關友博
  • 個人積分:1114分
    文章編號:89795154
1114分
8468樓
2024-06-06 14:37
大家好
這兩天遇到了一點瓶頸,想求救一下。
在MikroTik底下設定了兩個網段 10.10.8.0/24、10.10.2.0/24
規劃是將 .8 給User使用、 .2 給Server使用
因為又有無線網路的需求,所以將 10.10.8.1 給了TP-LINK XE75 Pro 使用
無線網路連接的User 設備就使用經由 TP-LINK DHCP派送出來的 192.168.8.0/24

這兩天User反應 如果是用 192.168.8.x的網段 可以Ping到 10.10.2.x的設備
但反向來說 10.10.2.x的設備只能Ping 到 10.10.8.1,如果要Ping到 192.168.8.x 就會顯示無回應

這部分是我在Router上少設定了些什麼嗎? 謝謝
kendrv
kendrv

ping不通就是加路由表

2024-06-06 19:17
Galrie
Galrie
Galrie
  • Galrie
  • 個人積分:79分
    文章編號:90027176
79分
8469樓
2024-07-21 18:04
gfx wrote:
封包進入firewall...(恕刪)


回頭過來考古,將原本設在Filter中的Rules改設在Raw,
果然CPU使用率由2x%~5x%降至個位數,效果實在明顯。
騎磨姿勢佳
騎磨姿勢佳
騎磨姿勢佳
65分
8470樓
2024-07-27 15:58
pctine wrote:
RouterOS 內建有相當多實用的工具程式. 其中 netwatch 可以透過 ping 的方式持續對特定主機做 alive check.


更新到了v7.1x之後
netwatch 串telegram發送主機斷線訊息反而沒用了

v7.9 netwatch 還能正常執行
加下面這條之後就沒問題
:log info "send message to your phone"
/tool fetch url="https://api.telegram.org/bot<token>/sendMessage?chat_id=<chat_id>&text=YourMessage"



但升上去之後就完全沒作用了

查了一下都沒看到好一點的作法
前輩們有成功嗎?</chat_id></token>
  • 860
內文搜尋
搜尋
從 APP 打開從 APP 打開
X
X
加入好友名單
取消 確定
評分
取消 確定
評分
取消 確定
複製連結
複製
請輸入您要前往的頁數(1 ~ 860)
確定
留言回報
取消 確定
Mobile01提醒您
您目前瀏覽的是行動版網頁
是否切換到電腦版網頁呢?