#              model: CCR1009-7G-1C-1S+
#      serial-number: HD008ASGAW1      
#      firmware-type: tilegx           
#   current-firmware: 7.16.2           
#   installed-version: 7.18.2
# Flags: U - UNDOABLE
# Columns: ACTION, BY, POLICY, TIME
#   ACTION                 BY      POLICY  TIME               
# U nat rule removed       daniel  write   2025-11-30 14:16:35
# U nat rule changed       daniel  write   2025-11-30 14:16:32
# U nat rule added         daniel  write   2025-11-30 14:15:31
# U nat rule changed       daniel  write   2025-11-30 14:09:55
# U dhcp lease added       daniel  write   2025-10-07 17:00:42
# U dhcp lease added       daniel  write   2025-10-07 17:00:25
# U dhcp lease added       daniel  write   2025-10-07 17:00:08
# U dhcp lease added       daniel  write   2025-10-07 16:59:53
# U dhcp lease added       daniel  write   2025-10-07 16:59:35
# U dhcp lease added       daniel  write   2025-10-07 16:59:13
# U changed snmp settings  daniel  write   2025-09-28 18:10:23
# U item changed           daniel  write   2025-09-28 18:10:21
# U item changed           daniel  write   2025-09-28 18:10:18
# U item removed           daniel  write   2025-09-28 18:10:14
# U dhcp lease removed     daniel  write   2025-09-13 16:32:29
# 
# software id = U5F9-718X
#
# model = CCR1009-7G-1C-1S+
# serial number = HD008ASGAW1
/interface bridge
add admin-mac=18:FD:74:83:7A:81 auto-mac=no ingress-filtering=no name=bridge port-cost-mode=short vlan-filtering=yes
add admin-mac=18:FD:74:83:7A:81 auto-mac=no name=loopback port-cost-mode=short protocol-mode=none
/interface ethernet
set [ find default-name=combo1 ] l2mtu=9200 mtu=9000
set [ find default-name=ether1 ] l2mtu=9200 mtu=9000
set [ find default-name=ether2 ] disabled=yes l2mtu=9200 mtu=9000
set [ find default-name=ether3 ] l2mtu=9200 mtu=9000
set [ find default-name=ether4 ] l2mtu=9200 mtu=9000
set [ find default-name=ether5 ] l2mtu=9200 mtu=9000
set [ find default-name=ether6 ] l2mtu=9200 mtu=9000
set [ find default-name=ether7 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus1 ] l2mtu=9200 mtu=9000
/interface eoip
add mac-address=02:FB:F6:DE:FE:72 name=EoIP-M1 remote-address=172.16.0.1 tunnel-id=1001
/interface vlan
add comment=Management interface=bridge name=BR-VL99 vlan-id=99
add interface=bridge name=BR.VL5 vlan-id=5
add interface=bridge name=BR.VL6 vlan-id=6
add interface=bridge name=BR.VL10 vlan-id=10
add interface=bridge name=BR.VL11 vlan-id=11
add interface=bridge name=BR.VL16 vlan-id=16
add interface=bridge name=BR.VL18 vlan-id=18
add interface=bridge name=BR.VL23 vlan-id=23
add disabled=yes interface=bridge name=BR.VL25 vlan-id=25
add interface=bridge name=BR.VL26 vlan-id=26
add interface=bridge name=BR.VL30 vlan-id=30
add interface=bridge name=BR.VL141 vlan-id=141
add interface=bridge name=BR.VL143 vlan-id=143
add interface=bridge name=BR.VL144 vlan-id=144
add interface=bridge name=BR.VL163 vlan-id=163
add interface=bridge name=BR.VL264 vlan-id=264
add interface=bridge name=BR.VL3000 vlan-id=3000
add interface=BR.VL3000 name=BR.VL3000.VL530 vlan-id=530
add interface=bridge name=VL300 vlan-id=300
add interface=sfp-sfpplus1 name=sfp-sfpplus1.3001 vlan-id=3001
/interface pppoe-client
add add-default-route=yes disabled=no interface=BR.VL3000.VL530 max-mru=1492 max-mtu=1492 name=pppoe-out password=530cgpt user=530collins@nbn.truetelco.com.au
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.3.16.2-10.3.16.254
add name=dhcp_pool1 ranges=10.3.23.2-10.3.23.254
add name=dhcp_pool2 ranges=10.3.25.2-10.3.25.254
add name=PPPoE ranges=100.64.0.11-100.64.0.199
add name=dhcp_pool4 ranges=10.3.18.2-10.3.18.254
add name=dhcp_pool7 ranges=10.1.13.1-10.1.13.253
add name=dhcp_pool8 ranges=192.168.99.1-192.168.99.253
add name=dhcp_pool9 ranges=10.3.26.10-10.3.26.254
add name=dhcp_pool10 ranges=172.16.13.1-172.16.13.253
add name=dhcp_pool11 ranges=172.16.50.1-172.16.50.253
add name=dhcp_pool12 ranges=10.1.13.1-10.1.13.253
add name=dhcp_pool13 ranges=192.168.143.2-192.168.143.254
add name=dhcp_pool14 ranges=192.168.144.11-192.168.144.199
add name=dhcp_pool15 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool16 ranges=192.168.11.2-192.168.11.254
add name=dhcp_pool17 ranges=192.168.163.11-192.168.163.199
add name=dhcp_pool18 ranges=192.168.141.2-192.168.141.254
add name=dhcp_pool19 ranges=192.168.26.2-192.168.26.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=BR.VL16 lease-time=10m name=dhcp1
add address-pool=dhcp_pool1 interface=BR.VL23 lease-time=10m name=dhcp2
add address-pool=dhcp_pool2 interface=BR.VL25 lease-time=10m name=dhcp3
add address-pool=dhcp_pool4 disabled=yes interface=BR.VL18 lease-time=10m name=dhcp4
add address-pool=dhcp_pool8 interface=BR-VL99 lease-time=10m name=dhcp8
add address-pool=dhcp_pool9 interface=BR.VL26 lease-time=10m name=dhcp9
add address-pool=dhcp_pool11 interface=BR.VL18 lease-time=10m name=dhcp6
add address-pool=dhcp_pool13 interface=BR.VL143 lease-time=10m name=dhcp5
add address-pool=dhcp_pool14 interface=BR.VL144 lease-time=10m name=dhcp7
add address-pool=dhcp_pool16 interface=BR.VL11 name=dhcp10
add address-pool=dhcp_pool17 interface=BR.VL163 name=dhcp11
add address-pool=dhcp_pool18 interface=BR.VL141 name=dhcp12
add address-pool=dhcp_pool19 interface=BR.VL264 name=dhcp13
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add dns-server=1.1.1.1,8.8.8.8 local-address=100.64.0.1 name=PPPoE remote-address=PPPoE use-compression=no use-encryption=no use-mpls=no
add local-address=192.168.255.3 name=l2tp
/routing id
add disabled=no id=10.255.1.1 name=id-1 select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=10.255.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-1
/snmp community
set [ find default=yes ] name=CFNCOM
add addresses=::/0 name=valve
/system logging action
add name=ValveSyslog remote=175.45.182.80 remote-log-format=syslog src-address=113.212.93.108 target=remote
add name=Syslog remote=172.16.0.254 src-address=172.16.1.1 target=remote
/interface bridge port
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 multicast-router=disabled path-cost=10
add bridge=bridge ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10 pvid=144
add bridge=bridge interface=ether7 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether5 internal-path-cost=10 path-cost=10 pvid=99
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=23
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=16
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=25
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=18
add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=ether5 vlan-ids=99
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=26
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=143
add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=ether6 vlan-ids=144
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether7 vlan-ids=5
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether7 vlan-ids=6
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=3000
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=11
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=163
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=30
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=300
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=141
add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=264
/interface l2tp-server server
set enabled=yes ipsec-secret=TrueTelco1#42 use-ipsec=yes
/interface list member
add interface=pppoe-out list=WAN
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:BD:E0:AE:0C:C6 name=ovpn-server1
/interface pppoe-server server
add authentication=pap,chap default-profile=PPPoE disabled=no interface=BR-VL99 max-mru=1500 max-mtu=1500 pado-delay=100 service-name=PPPoE-VL25.530C
add authentication=pap,chap default-profile=PPPoE disabled=no interface=BR.VL18 max-mru=1500 max-mtu=1500 pado-delay=100 service-name=PPPoE-VL18-530C
/ip address
add address=192.168.88.1/24 interface=BR.VL6 network=192.168.88.0
add address=10.3.16.1/24 interface=BR.VL16 network=10.3.16.0
add address=10.3.23.1/24 interface=BR.VL23 network=10.3.23.0
add address=10.3.25.1/24 disabled=yes interface=BR.VL25 network=10.3.25.0
add address=192.168.90.1/24 interface=BR-VL99 network=192.168.90.0
add address=10.3.18.1/24 interface=BR.VL18 network=10.3.18.0
add address=192.168.99.254/24 interface=BR-VL99 network=192.168.99.0
add address=10.3.26.1/24 interface=BR.VL26 network=10.3.26.0
add address=113.212.93.96/29 interface=bridge network=113.212.93.96
add address=172.16.50.254/24 interface=BR.VL18 network=172.16.50.0
add address=10.255.255.202 comment="OSPF Router ID" interface=loopback network=10.255.255.202
add address=192.168.1.22 interface=BR.VL18 network=192.168.1.22
add address=10.10.25.1/30 disabled=yes interface=BR.VL25 network=10.10.25.0
add address=192.168.143.1/24 interface=BR.VL143 network=192.168.143.0
add address=192.168.144.1/24 interface=BR.VL144 network=192.168.144.0
add address=172.16.1.1/16 interface=BR.VL5 network=172.16.0.0
add address=192.168.11.1/24 interface=BR.VL11 network=192.168.11.0
add address=10.11.1.2/30 interface=EoIP-M1 network=10.11.1.0
add address=192.168.163.1/24 interface=BR.VL163 network=192.168.163.0
add address=10.255.3.1 comment="OSPF Router ID" interface=loopback network=10.255.3.1
add address=10.30.0.4/24 disabled=yes interface=BR.VL30 network=10.30.0.0
add address=10.30.0.4/24 interface=VL300 network=10.30.0.0
add address=192.168.141.1/24 interface=BR.VL141 network=192.168.141.0
add address=192.168.26.1/24 interface=BR.VL264 network=192.168.26.0
add address=192.168.0.97 interface=BR.VL5 network=192.168.0.97
/ip dhcp-server lease
add address=10.3.16.252 client-id=1:f4:ea:67:74:17:39 mac-address=F4:EA:67:74:17:39 server=dhcp1
add address=10.3.16.253 mac-address=70:85:C4:97:94:5E server=dhcp1
add address=10.3.16.251 mac-address=9C:2B:A6:5B:11:96 server=dhcp1
add address=10.3.23.254 mac-address=70:85:C4:81:36:AE server=dhcp2
add address=10.3.23.247 client-id=1:f8:25:51:74:d2:48 mac-address=F8:25:51:74:D2:48 server=dhcp2
add address=10.3.23.246 mac-address=1C:7D:22:55:0B:11 server=dhcp2
add address=10.3.23.241 client-id=1:44:73:d6:c7:12:b9 mac-address=44:73:D6:C7:12:B9 server=dhcp2
add address=10.3.23.240 client-id=1:44:73:d6:bc:53:e2 mac-address=44:73:D6:BC:53:E2 server=dhcp2
add address=10.3.23.239 client-id=1:44:73:d6:bc:4f:86 mac-address=44:73:D6:BC:4F:86 server=dhcp2
add address=10.3.16.250 mac-address=54:16:51:AA:EA:B9 server=dhcp1
add address=192.168.99.253 client-id=1:18:fd:74:b2:cd:7d comment="Distribution Switch" mac-address=18:FD:74:B2:CD:7D server=dhcp8
add address=172.16.50.32 client-id=1:ac:8b:a9:a2:da:ad mac-address=AC:8B:A9:A2:DA:AD server=dhcp6
add address=10.3.26.62 client-id=1:44:73:d6:bc:85:88 mac-address=44:73:D6:BC:85:88 server=dhcp9
add address=10.3.16.180 client-id=1:34:9f:7b:d3:48:4b mac-address=34:9F:7B:D3:48:4B server=dhcp1
add address=10.3.23.196 mac-address=94:83:C4:23:AC:92 server=dhcp2
add address=192.168.143.254 client-id=1:44:73:d6:d7:3a:12 mac-address=44:73:D6:D7:3A:12 server=dhcp5
add address=192.168.143.253 mac-address=10:82:3D:59:31:16 server=dhcp5
add address=192.168.143.251 client-id=1:44:73:d6:c7:44:3d mac-address=44:73:D6:C7:44:3D server=dhcp5
add address=10.3.16.86 client-id=1:3a:f2:ad:b8:fd:fa mac-address=3A:F2:AD:B8:FD:FA server=dhcp1
add address=10.3.16.85 client-id=1:2:94:dc:51:64:d0 mac-address=02:94:DC:51:64:D0 server=dhcp1
add address=10.3.23.123 client-id=1:f0:f6:c1:a3:2d:cc mac-address=F0:F6:C1:A3:2D:CC server=dhcp2
add address=192.168.143.240 client-id=1:2c:3f:b:ea:4a:45 mac-address=2C:3F:0B:EA:4A:45 server=dhcp5
add address=192.168.144.175 client-id=1:44:73:d6:d7:3a:27 mac-address=44:73:D6:D7:3A:27 server=dhcp7
add address=192.168.143.241 client-id=1:3c:2a:f4:63:b8:b9 mac-address=3C:2A:F4:63:B8:B9 server=dhcp5
add address=10.3.26.61 mac-address=94:83:C4:23:AE:15 server=dhcp9
add address=10.3.23.242 client-id=1:f0:f6:c1:a3:2f:18 mac-address=F0:F6:C1:A3:2F:18 server=dhcp2
add address=10.3.26.19 client-id=1:44:73:d6:bc:53:bb mac-address=44:73:D6:BC:53:BB server=dhcp9
add address=10.3.26.18 client-id=1:44:73:d6:bc:2c:c1 mac-address=44:73:D6:BC:2C:C1 server=dhcp9
add address=10.3.26.15 client-id=1:44:73:d6:c6:f6:a mac-address=44:73:D6:C6:F6:0A server=dhcp9
add address=10.3.23.234 client-id=1:f0:f6:c1:a3:2f:2 mac-address=F0:F6:C1:A3:2F:02 server=dhcp2
add address=10.3.23.101 client-id=1:4e:11:a6:8f:b7:93 mac-address=4E:11:A6:8F:B7:93 server=dhcp2
add address=192.168.144.177 client-id=1:44:73:d6:c7:ab:27 mac-address=44:73:D6:C7:AB:27 server=dhcp7
add address=10.3.23.90 client-id=1:78:af:8:ba:e2:1c mac-address=78:AF:08:BA:E2:1C server=dhcp2
add address=192.168.144.173 client-id=1:44:73:d6:db:ad:c8 mac-address=44:73:D6:DB:AD:C8 server=dhcp7
add address=192.168.144.172 mac-address=70:85:C4:81:2A:BA server=dhcp7
add address=10.3.26.14 mac-address=70:85:C4:81:2A:82 server=dhcp9
add address=192.168.144.176 client-id=1:44:73:d6:c7:44:3a mac-address=44:73:D6:C7:44:3A server=dhcp7
add address=192.168.144.121 client-id=1:18:fd:74:fd:2a:11 mac-address=18:FD:74:FD:2A:11 server=dhcp7
add address=192.168.99.251 client-id=1:18:fd:74:b2:cd:7c mac-address=18:FD:74:B2:CD:7C server=dhcp8
add address=192.168.143.252 client-id=1:44:73:d6:db:8f:30 mac-address=44:73:D6:DB:8F:30 server=dhcp5
add address=192.168.144.174 client-id=1:44:73:d6:db:95:3 mac-address=44:73:D6:DB:95:03 server=dhcp7
add address=172.16.50.237 client-id=BrightSign:M1E33C005817 mac-address=90:AC:3F:2A:0B:2B server=dhcp6
add address=172.16.50.228 client-id=1:44:73:d6:d7:a3:a mac-address=44:73:D6:D7:A3:0A server=dhcp6
add address=10.3.26.17 mac-address=54:16:51:AA:E9:88 server=dhcp9
add address=192.168.144.169 mac-address=F0:74:8D:11:C4:8A server=dhcp7
add address=192.168.143.248 mac-address=F0:74:8D:11:C6:10 server=dhcp5
add address=192.168.144.167 mac-address=F0:74:8D:11:C5:C5 server=dhcp7
add address=10.3.23.248 mac-address=54:16:51:AA:E8:F7 server=dhcp2
add address=10.3.26.16 mac-address=54:16:51:AA:E9:AB server=dhcp9
add address=192.168.143.249 mac-address=F0:74:8D:11:C5:F7 server=dhcp5
add address=192.168.144.168 mac-address=F0:74:8D:11:C6:15 server=dhcp7
add address=172.16.50.222 client-id=1:ac:8b:a9:67:54:99 mac-address=AC:8B:A9:67:54:99 server=dhcp6
add address=192.168.144.166 mac-address=F0:74:8D:11:C6:0B server=dhcp7
add address=192.168.144.109 client-id=1:a8:46:9d:69:29:66 mac-address=A8:46:9D:69:29:66 server=dhcp7
add address=10.3.23.250 mac-address=54:16:51:AA:E9:9C server=dhcp2
add address=192.168.99.250 client-id=1:18:fd:74:fd:2a:11 mac-address=18:FD:74:FD:2A:11 server=dhcp8
add address=172.16.50.224 client-id=1:ac:8b:a9:65:e7:b3 mac-address=AC:8B:A9:65:E7:B3 server=dhcp6
add address=172.16.50.218 client-id=1:ac:8b:a9:67:4c:c5 mac-address=AC:8B:A9:67:4C:C5 server=dhcp6
add address=172.16.50.226 client-id=1:ac:8b:a9:67:53:c5 mac-address=AC:8B:A9:67:53:C5 server=dhcp6
add address=172.16.50.232 client-id=1:44:73:d6:d7:6d:76 mac-address=44:73:D6:D7:6D:76 server=dhcp6
add address=172.16.50.242 client-id=1:44:73:d6:c7:13:7c mac-address=44:73:D6:C7:13:7C server=dhcp6
add address=172.16.50.221 client-id=1:ac:8b:a9:65:e9:17 mac-address=AC:8B:A9:65:E9:17 server=dhcp6
add address=172.16.50.12 client-id=1:80:6d:97:3e:3f:2 mac-address=80:6D:97:3E:3F:02 server=dhcp6
add address=172.16.50.219 client-id=1:ac:8b:a9:65:ef:e3 mac-address=AC:8B:A9:65:EF:E3 server=dhcp6
add address=172.16.50.9 client-id=1:ac:8b:a9:65:ea:87 mac-address=AC:8B:A9:65:EA:87 server=dhcp6
add address=172.16.50.223 client-id=1:ac:8b:a9:67:51:d9 mac-address=AC:8B:A9:67:51:D9 server=dhcp6
add address=172.16.50.7 client-id=1:ac:8b:a9:a2:d9:fc mac-address=AC:8B:A9:A2:D9:FC server=dhcp6
add address=172.16.50.3 client-id=1:ac:8b:a9:a2:da:aa mac-address=AC:8B:A9:A2:DA:AA server=dhcp6
add address=172.16.50.248 client-id=1:ac:8b:a9:a2:db:d9 mac-address=AC:8B:A9:A2:DB:D9 server=dhcp6
add address=172.16.50.8 client-id=1:ac:8b:a9:65:ee:6b mac-address=AC:8B:A9:65:EE:6B server=dhcp6
add address=172.16.50.229 client-id=1:44:73:d6:d7:a5:5c mac-address=44:73:D6:D7:A5:5C server=dhcp6
add address=172.16.50.231 client-id=1:44:73:d6:d7:a3:25 mac-address=44:73:D6:D7:A3:25 server=dhcp6
add address=172.16.50.230 client-id=1:44:73:d6:d7:44:0 mac-address=44:73:D6:D7:44:00 server=dhcp6
add address=172.16.50.234 client-id=1:44:73:d6:d7:6d:73 mac-address=44:73:D6:D7:6D:73 server=dhcp6
add address=172.16.50.244 client-id=1:44:73:d6:c7:13:cd mac-address=44:73:D6:C7:13:CD server=dhcp6
add address=172.16.50.233 client-id=1:44:73:d6:d7:a3:2e mac-address=44:73:D6:D7:A3:2E server=dhcp6
add address=172.16.50.119 client-id=1:64:51:6:48:9d:af mac-address=64:51:06:48:9D:AF server=dhcp6
add address=172.16.50.53 client-id=1:44:73:d6:d7:a5:64 mac-address=44:73:D6:D7:A5:64 server=dhcp6
add address=172.16.50.2 client-id=1:a8:46:9d:69:2c:9f mac-address=A8:46:9D:69:2C:9F server=dhcp6
add address=192.168.163.200 mac-address=1C:7D:22:65:ED:32 server=dhcp11
add address=192.168.141.4 mac-address=70:85:C4:81:2A:52 server=dhcp12
add address=192.168.141.6 mac-address=98:4A:6B:A3:1E:97 server=dhcp12
add address=192.168.141.3 mac-address=98:4A:6B:A3:14:A1 server=dhcp12
add address=192.168.141.5 mac-address=98:4A:6B:A3:6A:8C server=dhcp12
add address=192.168.141.7 mac-address=98:4A:6B:A3:67:2B server=dhcp12
add address=192.168.141.101 mac-address=B8:A4:4F:91:07:B5 server=dhcp12
add address=192.168.141.102 mac-address=20:3A:43:03:11:4E server=dhcp12
add address=192.168.141.103 mac-address=4C:D7:17:97:60:04 server=dhcp12
add address=192.168.141.104 mac-address=B8:A4:4F:E7:0E:FB server=dhcp12
add address=192.168.141.105 mac-address=B8:A4:4F:6A:ED:9A server=dhcp12
add address=192.168.141.106 mac-address=B8:A4:4F:65:2E:DC server=dhcp12
/ip dhcp-server network
add address=10.1.13.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.1.13.254
add address=10.3.16.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.3.16.1
add address=10.3.18.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.3.18.1
add address=10.3.23.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.3.23.1
add address=10.3.25.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.3.25.1
add address=10.3.26.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.3.26.1
add address=172.16.13.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=172.16.13.254
add address=172.16.50.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=172.16.50.254
add address=192.168.11.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.11.1
add address=192.168.26.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.26.1
add address=192.168.99.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.99.254
add address=192.168.141.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.141.1
add address=192.168.143.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.143.1
add address=192.168.144.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.144.1
add address=192.168.163.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.163.1
/ip dns
set servers=203.57.50.102,203.29.240.136
/ip dns static
add address=192.168.90.5 name=gpt530c.speed-test.au ttl=10m type=A
/ip firewall address-list
add address=acl.watti.tools comment="Daniel's ACL" list=TrustedIPs
add address=acl.manisp.au comment="ManISP's ACL" list=TrustedIPs
add address=tools.corefibre.com.au comment="CoreFibre's ACL" list=TrustedIPs
add address=172.16.0.0/16 comment="Internal Superset" list=TrustedIPs
add address=103.67.56.0/23 comment=CF-Superset list=TrustedIPs
add address=100.64.0.0/16 comment=CF-CGNat-Superset list=TrustedIPs
add address=172.31.255.0/24 comment=172.31.255.0/24 list=TrustedIPs
add address=172.16.0.0/16 list=list-NTP-Targets
add address=172.16.0.0/16 list=list-DNS-Targets
add address=172.16.0.0/16 list=list-SSH-Targets
add address=172.16.0.0/16 list=list-SNMP-Targets
add address=172.16.0.0/16 list=list-HTTP-Targets
add address=172.16.0.0/16 list=list-HTTPS-Targets
add address=172.16.0.0/16 list=list-Winbox-Targets
add address=172.16.0.0/16 list=list-RADIUS-Targets
add address=172.16.0.0/16 list=list-GRE-Targets
add address=172.16.0.0/16 list=list-Core-Interconnects
add address=172.16.0.0/16 list=list-Loopback-Address
add address=1.1.1.1 list=DNS-Servers
add address=8.8.8.8 list=DNS-Servers
add address=8.8.4.4 list=DNS-Servers
add address=9.9.9.9 list=DNS-Servers
add address=valve-space-router.qld.valvenetworks.net comment=valve-space-router.qld.valvenetworks.net list=TrustedIPs
add address=oxidized.valvenetworks.net comment=valve-space-router.qld.valvenetworks.net list=TrustedIPs
/ip firewall filter
add action=accept chain=input comment="Permit Established, Related" connection-state=established,related
add action=jump chain=input comment="Shape ICMP Chain & Jump" jump-target=ICMP limit=512k,512k:bit protocol=icmp
add action=accept chain=input comment="Permit UDP Traceroute" limit=512k,512k:bit log-prefix=Accepted-Traceroute port=33434-33534 protocol=udp
add action=accept chain=input comment="Permit NTP" dst-port=123 limit=2M,2M:bit log-prefix=Accepted-NTP protocol=udp src-address-list=list-NTP-Targets
add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=TrustedIPs
add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=DNS-Servers
add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=list-DNS-Targets
add action=accept chain=input comment="Permit SSH" dst-port=22 limit=10M,10M:bit log-prefix=Accepted-SSH protocol=tcp src-address-list=TrustedIPs
add action=accept chain=input comment="Permit SSH" dst-port=22 limit=10M,10M:bit log-prefix=Accepted-SSH protocol=tcp src-address-list=list-SSH-Targets
add action=accept chain=input comment="Permit SNMP" dst-port=161 limit=2M,2M:bit log-prefix=Accepted-SNMP protocol=udp src-address-list=TrustedIPs
add action=accept chain=input comment="Permit SNMP" dst-port=161 limit=2M,2M:bit log-prefix=Accepted-SNMP protocol=udp src-address-list=list-SNMP-Targets
add action=accept chain=input comment="Permit HTTP" dst-port=80 limit=10M,10M:bit log-prefix=Accepted-HTTP protocol=tcp src-address-list=list-HTTP-Targets
add action=accept chain=input comment="Permit HTTPS" dst-port=443 limit=10M,10M:bit log-prefix=Accepted-HTTPS protocol=tcp src-address-list=list-HTTPS-Targets
add action=accept chain=input comment="Permit Winbox" dst-port=8291 limit=10M,10M:bit log-prefix=Accepted-Winbox protocol=tcp src-address-list=TrustedIPs
add action=accept chain=input comment="Permit Winbox" dst-port=8291 limit=10M,10M:bit log-prefix=Accepted-Winbox protocol=tcp src-address-list=list-Winbox-Targets
add action=accept chain=input comment="Permit RADIUS" limit=10M,10M:bit log-prefix=Accepted-RADIUS port=1700 protocol=udp src-address-list=list-RADIUS-Targets
add action=accept chain=input comment="Permit RADIUS Incoming" limit=10M,10M:bit log-prefix=Accepted-RADIUS port=3799 protocol=udp src-address-list=list-RADIUS-Targets
add action=accept chain=input comment="Permit GRE" log-prefix=Accepted-GRE protocol=gre src-address-list=list-GRE-Targets
add action=accept chain=input comment="Permit BFD" limit=2M,2M:bit log-prefix=Accepted-BFD port=3784 protocol=udp src-address-list=list-Core-Interconnects
add action=accept chain=input comment="Permit OSPF" limit=2M,2M:bit log-prefix=Accepted-OSPF protocol=ospf src-address-list=list-Core-Interconnects
add action=accept chain=input comment="Permit IBGP" dst-address-list=list-Loopback-Address limit=50M,50M:bit log-prefix=Accepted-IBGP port=179 protocol=tcp ttl=less-than:5
add action=accept chain=input comment="Permit Unprotected Direct EBGP" limit=10M,10M:bit log-prefix=Accepted-EBGP port=179 protocol=tcp ttl=equal:1
add action=accept chain=input comment="Permit RFC3682-Protected EBGP" limit=20M,20M:bit log-prefix=Accepted-RFC3682 port=179 protocol=tcp ttl=equal:255
add action=add-src-to-address-list address-list=list-SYN-Flooders address-list-timeout=30m chain=input comment="Restrict SYN Flooding" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=list-Port-Scanners address-list-timeout=1w chain=input comment="Restrict Port Scanning" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop SYN Flooders" disabled=yes src-address-list=list-SYN-Flooders
add action=drop chain=input comment="Drop Port Scanners" disabled=yes src-address-list=list-Port-Scanners
add action=drop chain=input comment="Drop Remaining Traffic" disabled=yes
add action=drop chain=input comment="Drop all in WAN" disabled=yes in-interface=pppoe-out
add action=drop chain=ICMP comment="Drop ICMP Fragments" disabled=yes fragment=yes protocol=icmp
add action=accept chain=ICMP comment="Permit Type 8 - Echo Request" icmp-options=8:0 protocol=icmp
add action=accept chain=ICMP comment="Permit Type 0 - Echo Reply" icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment="Permit Type 11 - Time Exceeded" icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment="Permit Type 3 - Destination Unreachable" icmp-options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment="Permit Type 3 - Path MTU Discovery" icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop Remaining ICMP Types" protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT out PPP WAN" out-interface=pppoe-out
add action=dst-nat chain=dstnat disabled=yes dst-address=113.212.93.108 dst-port=88 protocol=tcp to-addresses=192.168.90.5 to-ports=80
add action=dst-nat chain=dstnat comment="Winbox to SW1.530C.Fixtel.com.au for TrustedIPs" disabled=yes dst-port=8292 protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.99.253 to-ports=8291
add action=dst-nat chain=dstnat comment="SNMP to SW0.530C" dst-port=162 protocol=udp to-addresses=192.168.99.253 to-ports=161
add action=dst-nat chain=dstnat comment="UPS Management" dst-port=808 protocol=tcp to-addresses=172.16.1.221 to-ports=80
add action=dst-nat chain=dstnat comment="UPS Management" dst-port=1161 protocol=udp to-addresses=172.16.1.221 to-ports=161
add action=dst-nat chain=dstnat comment="SSH to SW0.530C" dst-port=221 protocol=tcp to-addresses=192.168.99.253 to-ports=22
add action=dst-nat chain=dstnat comment="SSH to SW1.530C" dst-port=222 protocol=tcp to-addresses=192.168.99.252 to-ports=22
add action=dst-nat chain=dstnat comment="SSH to SW2.530C" dst-port=223 protocol=tcp to-addresses=192.168.99.251 to-ports=22
add action=dst-nat chain=dstnat comment="SNMP to SW1.530C" dst-port=163 protocol=udp to-addresses=192.168.99.252 to-ports=161
add action=dst-nat chain=dstnat comment="SNMP to SW2.530C" dst-port=164 protocol=udp to-addresses=192.168.99.251 to-ports=161
add action=dst-nat chain=dstnat comment="SSH to MiniPC" dst-port=2022 protocol=tcp to-addresses=192.168.90.4 to-ports=22
add action=dst-nat chain=dstnat comment=TEMP dst-port=8081 protocol=tcp to-addresses=172.16.1.221 to-ports=80
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=103.67.57.11/32 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=103.248.50.201/29 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no
add distance=10 dst-address=0.0.0.0/0 gateway=172.16.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ppp aaa
set use-radius=yes
/ppp secret
add name=ttadmin password="Tru3t3lc0@\$" profile=l2tp remote-address=192.168.255.4 service=l2tp
add disabled=yes name=240475-704@nbn.truetelco.com.au password=wlQsWZVv profile=PPPoE remote-address=113.212.93.96 service=pppoe
add name=daniel password=Kitkat2023!! profile=l2tp remote-address=192.168.255.5 service=l2tp
/radius
add address=172.16.0.1 require-message-auth=no secret=CFNCOM service=login src-address=172.16.1.1
add address=45.124.54.5 comment=MLB require-message-auth=no secret=c0a5ffxcf8koi service=ppp,login src-address=113.212.93.108
/radius incoming
set accept=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/routing filter rule
add chain=ospf-in comment="Discard all inputs from upstream" disabled=no rule="if (dst in 0.0.0.0/0 && dst-len in 0-32) { reject; }"
add chain=ospf-out comment="Allow Export of Valve IP address" disabled=no rule="if (dst in 103.96.4.0/22 && dst-len in 22-32) { accept; }"
add chain=ospf-out comment="Allow Export of Valve IP address" disabled=no rule="if (dst in 113.212.93.0/24 && dst-len in 24-32) { accept; }"
add chain=ospf-out comment="Allow Export of Valve IP address" disabled=no rule="if (dst in 113.212.94.0/24 && dst-len in 24-32) { accept; }"
add chain=ospf-out comment="Allow Export of Valve IP address" disabled=no rule="if (dst in 113.212.95.0/24 && dst-len in 24-32) { accept; }"
add chain=ospf-out comment="Allow Export of the Router ID" disabled=no rule="if (dst in 10.255.255.202 && dst-len == 32) { accept; }"
add chain=ospf-out comment="Discard all out" disabled=no rule="if (dst in 0.0.0.0/0 && dst-len in 0-32) { reject; }"
/routing ospf interface-template
add area=ospf-area-1 auth=md5 auth-key=CFNMD5K#y disabled=no interfaces=VL300 type=ptp
/snmp
set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-version=2
/system clock
set time-zone-name=Australia/Melbourne
/system identity
set name=CR.530C.MEL.CFN.net.au
/system logging
add action=ValveSyslog topics=critical
add action=ValveSyslog topics=error
add action=ValveSyslog topics=info
add action=ValveSyslog topics=warning
add action=Syslog topics=info
add action=Syslog topics=warning
add action=Syslog topics=error
add action=Syslog topics=critical
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=172.16.0.1
/system scheduler
add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00
/system script
add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot"
/tool romon
set enabled=yes id=18:FD:74:83:7A:83 secrets=CFN
/user aaa
set use-radius=yes