Code:
/interface bridgeadd name=bridge/interface ethernetset [ find default-name=ether1 ] name=ether1_bridgeset [ find default-name=ether2 ] disabled=yes name=ether2_bridgeset [ find default-name=ether3 ] name=ether3_bridgeset [ find default-name=ether4 ] name=ether4_WANset [ find default-name=ether5 ] name=ether5_LAN/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/portset 0 name=serial0/interface bridge portadd bridge=bridge ingress-filtering=no interface=ether1_bridgeadd bridge=bridge ingress-filtering=no interface=ether2_bridgeadd bridge=bridge ingress-filtering=no interface=ether3_bridge/ip neighbor discovery-settingsset discover-interface-list=all/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface l2tp-server serverset enabled=yes one-session-per-host=yes use-ipsec=required/interface ovpn-server serverset auth=sha1,md5/interface wireguard peersadd allowed-address=192.168.216.2/32 interface=wireguard1 public-key=\ "rhgyufy+E/Pw5itB5ogyP1ousIJYObhhjvHGU="/ip addressadd address=xx.xx.xx.xx/29 interface=ether4_WAN network=xx.xx.xx.xxadd address=192.168.5.2/24 interface=ether5_LAN network=192.168.5.0add address=192.168.216.1/24 interface=wireguard1 network=192.168.216.0/ip cloudset ddns-enabled=yes ddns-update-interval=1m/ip dnsset cache-size=10000KiB servers=8.8.8.8,1.1.1.1/ip firewall filteradd action=accept chain=input comment="Router Access Remotely" dst-port=\ 4477,4478 protocol=tcpadd action=drop chain=input comment="Block Attack" dst-port=\ 25,53,87,512-515,543,544,7547,8080 protocol=tcpadd action=drop chain=input comment="Block Attack" dst-port=\ 53,80,87,161,162,1900,4520-4524,8080 protocol=udpadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "Port Scanners to Address List " protocol=tcp psd=21,3s,3,1add action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-NMAP FIN Stealth scan" protocol=tcp tcp-flags=\ fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-FIN/SYN scan" protocol=tcp tcp-flags=fin,synadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-RST/SYN scan" protocol=tcp tcp-flags=syn,rstadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-FIN/PSH/URG scan" protocol=tcp tcp-flags=\ fin,psh,urg,!syn,!rst,!ackadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urgadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-NMAP NULL scan" protocol=tcp tcp-flags=\ !fin,!syn,!rst,!psh,!ack,!urgadd action=drop chain=input comment="Dropping Port Scanners" \ src-address-list="Port Scanners"/ip firewall natadd action=masquerade chain=srcnat src-address=192.168.5.0/24add action=masquerade chain=srcnat src-address=192.168.216.0/24/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ xx.xx.xx.xx%ether4_WAN pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10/ip serviceset telnet disabled=yesset ftp disabled=yesset www port=4478set ssh disabled=yesset api disabled=yesset winbox port=4477set api-ssl disabled=yes/ppp secretadd local-address=192.168.5.2 name=L2TP profile=default-encryption \ remote-address=192.168.5.3 service=l2tp/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5Statistics: Posted by miankamran7100 — Fri Jan 05, 2024 7:38 pm