Scribd Logo
Upload

Welcome to Scribd!

  • 99 views

    Copia RB 2011 Rita ... Mikrotik

    Uploaded by

    Wireless Networks Empresa de telecomunicaciones
    The document configures a MikroTik router with the following: 1. It creates interfaces, wireless security profiles, DHCP pools, firewall rules, and routing tables. 2. It implements traffic shaping and queueing for different services like VoIP, videos, and social media. 3. It marks packets based on connection, address list, port, and layer 7 protocol to apply different queueing policies.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Copia RB 2011 Rita ... Mikrotik

    Uploaded by

    Wireless Networks Empresa de telecomunicaciones
    99 views9 pages
    The document configures a MikroTik router with the following: 1. It creates interfaces, wireless security profiles, DHCP pools, firewall rules, and routing tables. 2. It implements traffic shaping and queueing for different services like VoIP, videos, and social media. 3. It marks packets based on connection, address list, port, and layer 7 protocol to apply different queueing policies.

    Original Description:

    Original Title

    Copia Rb 2011 Rita ...Mikrotik

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document configures a MikroTik router with the following: 1. It creates interfaces, wireless security profiles, DHCP pools, firewall rules, and routing tables. 2. It implements traffic shaping and queueing for different services like VoIP, videos, and social media. 3. It marks packets based on connection, address list, port, and layer 7 protocol to apply different queueing policies.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    99 views9 pages

    Copia RB 2011 Rita ... Mikrotik

    Uploaded by

    Wireless Networks Empresa de telecomunicaciones
    The document configures a MikroTik router with the following: 1. It creates interfaces, wireless security profiles, DHCP pools, firewall rules, and routing tables. 2. It implements traffic shaping and queueing for different services like VoIP, videos, and social media. 3. It marks packets based on connection, address list, port, and layer 7 protocol to apply different queueing policies.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 9

    /interface bridge

    add name=bridge1-LAn
    /interface ethernet
    set [ find default-name=ether1 ] name=ether1-Wan
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip firewall layer7-protocol
    add name=MarcadoN regexp="^.+(netflix).+\$"
    add name="Redes Sociales" regexp=\
    "^.+(facebook|instagram|twitter).+\$"
    add name=MarcadoY regexp="^.+(youtube|googlevideo).+\$"
    add name=MarcadoFortnite regexp="^.+(epicgames).+\$"
    add name=MarcadoLeagueoflegends regexp="^.+(leagueoflegends).+\$"
    add name=MarcadoWorldofwarcraft regexp="^.+(worldofwarcraft).+\$"
    /ip pool
    add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
    /ip dhcp-server
    add address-pool=dhcp_pool0 disabled=no interface=bridge1-LAn name=\
    dhcp1
    /queue tree
    add max-limit=50M name=down parent=bridge1-LAn
    add limit-at=50M max-limit=55M name=down_plan_50m_gr1 parent=down
    add name=up parent=ether1-Wan
    add limit-at=50M max-limit=55M name=up_plan_50m_gr1 parent=up
    add limit-at=1M max-limit=55M name=down_plan_50M_gr1_correo \
    packet-mark=pk_plan_50m_gr1_correo parent=down_plan_50m_gr1 \
    queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_http/s \
    packet-mark=pk_plan_50m_gr1_http/s parent=down_plan_50m_gr1 \
    priority=2 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_redes_sociales \
    packet-mark=pk_plan_50m_gr1_redes_sociales parent=\
    down_plan_50m_gr1 priority=2 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_resto \
    packet-mark=pk_plan_50m_gr1_resto parent=down_plan_50m_gr1 \
    priority=6 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_videos \
    packet-mark=pk_plan_50m_gr1_videos parent=down_plan_50m_gr1 \
    priority=1 queue=pcq-download-default
    add limit-at=1M max-limit=55M name=down_plan_50M_gr1_voip \
    packet-mark=pk_plan_50m_gr1_voip parent=down_plan_50m_gr1 \
    queue=pcq-download-default
    add limit-at=1M max-limit=55M name=up_plan_50M_gr1_correo \
    packet-mark=pk_plan_50m_gr1_correo parent=up_plan_50m_gr1 \
    queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_http/s \
    packet-mark=pk_plan_50m_gr1_http/s parent=up_plan_50m_gr1 \
    priority=2 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_redes_sociales \
    packet-mark=pk_plan_50m_gr1_redes_sociales parent=\
    up_plan_50m_gr1 priority=2 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_resto \
    packet-mark=pk_plan_50m_gr1_resto parent=up_plan_50m_gr1 \
    priority=6 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_videos \
    packet-mark=pk_plan_50m_gr1_videos parent=up_plan_50m_gr1 \
    priority=1 queue=pcq-upload-default
    add limit-at=1M max-limit=55M name=up_plan_50M_gr1_voip \
    packet-mark=pk_plan_50m_gr1_voip parent=up_plan_50m_gr1 queue=\
    pcq-upload-default
    /user group
    set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api,romon,dude,tikapp"
    /interface bridge port
    add bridge=bridge1-LAn interface=ether2
    add bridge=bridge1-LAn interface=ether3
    add bridge=bridge1-LAn interface=ether4
    add bridge=bridge1-LAn interface=ether5
    add bridge=bridge1-LAn interface=ether6
    add bridge=bridge1-LAn interface=ether7
    add bridge=bridge1-LAn interface=ether8
    add bridge=bridge1-LAn interface=ether9
    add bridge=bridge1-LAn interface=ether10
    /ip neighbor discovery-settings
    set discover-interface-list=!dynamic
    /ip address
    add address=192.168.5.1/24 interface=bridge1-LAn network=\
    192.168.5.0
    add address=192.168.1.100/24 interface=ether1-Wan network=\
    192.168.1.0
    /ip dhcp-server network
    add address=192.168.5.0/24 gateway=192.168.5.1
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
    /ip firewall address-list
    add address=192.168.5.0/24 list=plan_50m_gr1
    add address=192.168.5.253 comment="Bolqueo De Facebook" list=\
    "Bolqueo De Facebook"
    /ip firewall filter
    add action=drop chain=forward comment="Bolqueo De Facebook" \
    layer7-protocol="Redes Sociales"
    add action=accept chain=input comment=\
    "input - permitir trafico establecido & relacionado" \
    connection-state=established,related
    add action=drop chain=input comment=\
    "input - denegar trafico invalido" connection-state=invalid
    add action=accept chain=input comment="Permitir puertos API" \
    dst-port=8728 protocol=tcp
    add action=accept chain=input comment="Permitir puertos WWW" \
    dst-port=8082 protocol=tcp
    add action=accept chain=input dst-port=8728 protocol=udp
    add action=accept chain=input comment="input-Permitir ovpn (1194)" \
    dst-port=1194 protocol=udp
    add action=accept chain=input dst-port=1194 protocol=tcp
    add action=drop chain=input comment=\
    "input - denegar escaneo de puertos" protocol=tcp psd=10,3s,3,1
    add action=accept chain=input comment=\
    "input - permitir puerto 8291 (winbox desde la wan)" dst-port=\
    8291 protocol=tcp
    add action=tarpit chain=input comment=\
    "input - denegar direcciones que se encuentran en black_list" \
    connection-limit=3,32 protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment=\
    "input - detectar direccion IP de atacante DoS" \
    connection-limit=10,32 protocol=tcp
    add action=jump chain=input comment=\
    "input - salto a los chains de icmp" jump-target=icmp protocol=\
    icmp
    add action=accept chain=input comment="input - permitir trafico de a\
    dministracion desde el address-list \"administracion\"" \
    src-address-list=Redes_Privadas
    add action=accept chain=input comment="input - permitir trafico de a\
    dministracion desde el address-list \"administracion\"" \
    dst-port=5960 protocol=tcp
    add action=drop chain=input comment=\
    "input - denegar el resto de trafico" disabled=yes
    add action=accept chain=icmp comment=\
    "chain icmp - trafico icmp permitido" icmp-options=0:0 limit=\
    5,5:packet protocol=icmp
    add action=accept chain=icmp icmp-options=8:0 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=11:0 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=3:3 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=3:4 limit=5,5:packet \
    protocol=icmp
    add action=drop chain=icmp protocol=icmp
    add action=accept chain=forward comment=\
    "forward - permitr trafico establecido & relacionado" \
    connection-state=established,related
    add action=accept chain=forward comment="Permitir trafico privado" \
    src-address-list=Redes_Privadas
    add action=drop chain=forward comment=\
    "forward - denegar trafico invalido" connection-state=invalid
    add action=jump chain=forward comment=\
    "forward - salto a los chains de icmp" jump-target=icmp \
    protocol=icmp
    add action=accept chain=forward comment=\
    "forward - permitir puerto 3389 (escritorio remoto)" dst-port=\
    3389 protocol=tcp
    add action=drop chain=forward comment=\
    "forward - descartar todo lo demas" disabled=yes
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="PLAN 50m gr1" \
    new-connection-mark=conn_plan_50m_gr1 passthrough=yes \
    src-address-list=plan_50m_gr1
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=\
    pk_plan_50m_gr1_redes_sociales passthrough=no src-address-list=\
    "redes sociales"
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 dst-address-list="redes sociales" \
    new-packet-mark=pk_plan_50m_gr1_redes_sociales passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol="Redes Sociales" \
    new-packet-mark=pk_plan_50m_gr1_redes_sociales passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_videos \
    passthrough=no src-address-list=videos
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 dst-address-list=videos new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol=MarcadoN new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol=MarcadoY new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_voip \
    passthrough=no port=10000-20000 protocol=udp
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_correo \
    passthrough=no port=25,110,993,995,587,465,143 protocol=tcp \
    routing-mark=""
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_http/s \
    passthrough=no port=80,443 protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_resto \
    passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat comment=Enmascaramiento \
    out-interface=ether1-Wan
    add action=redirect chain=dstnat comment=\
    "Servidor DNS Transparente" dst-port=53 protocol=udp to-ports=\
    53
    /ip route
    add distance=1 gateway=192.168.1.1
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /lcd
    set color-scheme=light
    /system clock
    set time-zone-name=America/Bogota
    /system scheduler
    add comment="Reinicio 24 Horas" interval=1d name=\
    "Reinicio 24 Horas" on-event="/system reboot" policy="ftp,reboo
    ,read,write,policy,test,password,sniff,sensitive,romon" \
    start-date=feb/17/2021 start-time=04:00:00
    [admin@MikroTik] >

    /////////////////////////////////////////////////////////////////////

    Export Rb 750 Gr Olaya

    /interface bridge
    add name=bridge1-LAn
    /interface ethernet
    set [ find default-name=ether1 ] name=ether1_Wan
    set [ find default-name=ether2 ] l2mtu=1598 mac-address=\
    64:D1:54:24:B7:9F
    set [ find default-name=ether3 ] l2mtu=1598 mac-address=\
    64:D1:54:24:B7:A0
    set [ find default-name=ether4 ] l2mtu=1598 mac-address=\
    64:D1:54:24:B7:A1
    set [ find default-name=ether5 ] l2mtu=1598 mac-address=\
    64:D1:54:24:B7:A2
    /interface ethernet switch
    set 1 name=switch2
    /interface ethernet switch port
    set 0 default-vlan-id=auto vlan-mode=disabled
    set 1 default-vlan-id=auto vlan-mode=disabled
    set 2 default-vlan-id=auto vlan-mode=disabled
    set 3 default-vlan-id=auto vlan-mode=disabled
    set 10 default-vlan-id=auto vlan-mode=disabled
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip firewall layer7-protocol
    add name=MarcadoN regexp="^.+(netflix).+\$"
    add name="Redes Sociales" regexp=\
    "^.+(facebook|instagram|twitter).+\$"
    add name=MarcadoY regexp="^.+(youtube|googlevideo).+\$"
    add name=MarcadoFortnite regexp="^.+(epicgames).+\$"
    add name=MarcadoLeagueoflegends regexp=\
    "^.+(leagueoflegends).+\$"
    add name=MarcadoWorldofwarcraft regexp=\
    "^.+(worldofwarcraft).+\$"
    /ip hotspot profile
    set [ find default=yes ] html-directory=flash/hotspot
    /ip pool
    add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
    /ip dhcp-server
    add address-pool=dhcp_pool0 disabled=no interface=bridge1-LAn \
    name=dhcp1
    /port
    set 0 name=serial0
    /queue tree
    add max-limit=50M name=down parent=bridge1-LAn
    add limit-at=50M max-limit=55M name=down_plan_50m_gr1 parent=\
    down
    add name=up parent=ether1_Wan
    add limit-at=50M max-limit=55M name=up_plan_50m_gr1 parent=up
    add limit-at=1M max-limit=55M name=down_plan_50M_gr1_correo \
    packet-mark=pk_plan_50m_gr1_correo parent=down_plan_50m_gr1 \
    queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_http/s \
    packet-mark=pk_plan_50m_gr1_http/s parent=down_plan_50m_gr1 \
    priority=2 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=\
    down_plan_50M_gr1_redes_sociales packet-mark=\
    pk_plan_50m_gr1_redes_sociales parent=down_plan_50m_gr1 \
    priority=2 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_resto \
    packet-mark=pk_plan_50m_gr1_resto parent=down_plan_50m_gr1 \
    priority=6 queue=pcq-download-default
    add limit-at=6M max-limit=55M name=down_plan_50M_gr1_videos \
    packet-mark=pk_plan_50m_gr1_videos parent=down_plan_50m_gr1 \
    priority=1 queue=pcq-download-default
    add limit-at=1M max-limit=55M name=down_plan_50M_gr1_voip \
    packet-mark=pk_plan_50m_gr1_voip parent=down_plan_50m_gr1 \
    queue=pcq-download-default
    add limit-at=1M max-limit=55M name=up_plan_50M_gr1_correo \
    packet-mark=pk_plan_50m_gr1_correo parent=up_plan_50m_gr1 \
    queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_http/s \
    packet-mark=pk_plan_50m_gr1_http/s parent=up_plan_50m_gr1 \
    priority=2 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=\
    up_plan_50M_gr1_redes_sociales packet-mark=\
    pk_plan_50m_gr1_redes_sociales parent=up_plan_50m_gr1 \
    priority=2 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_resto \
    packet-mark=pk_plan_50m_gr1_resto parent=up_plan_50m_gr1 \
    priority=6 queue=pcq-upload-default
    add limit-at=6M max-limit=55M name=up_plan_50M_gr1_videos \
    packet-mark=pk_plan_50m_gr1_videos parent=up_plan_50m_gr1 \
    priority=1 queue=pcq-upload-default
    add limit-at=1M max-limit=55M name=up_plan_50M_gr1_voip \
    packet-mark=pk_plan_50m_gr1_voip parent=up_plan_50m_gr1 \
    queue=pcq-upload-default
    /system logging action
    set 1 disk-file-name=log
    /interface bridge port
    add bridge=bridge1-LAn interface=ether3
    add bridge=bridge1-LAn interface=ether4
    add bridge=bridge1-LAn interface=ether5
    add bridge=bridge1-LAn interface=ether2
    /ip address
    add address=192.168.5.1/24 interface=bridge1-LAn network=\
    192.168.5.0
    add address=192.168.1.100/24 interface=ether1_Wan network=\
    192.168.1.0
    /ip dhcp-server network
    add address=192.168.5.0/24 gateway=192.168.5.1
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
    /ip firewall address-list
    add address=192.168.5.254 list=plan_50m_gr1
    add address=192.168.5.253 comment="Bolqueo De Facebook" list=\
    "Bolqueo De Facebook"
    add address=192.168.5.0/24 list=Redes_Privadas
    add address=192.168.1.0/24 list=Redes_Privadas
    add address=192.168.5.100 list=plan_50m_gr1
    add address=192.168.5.101 list=plan_50m_gr1
    add address=192.168.5.102 list=plan_50m_gr1
    /ip firewall filter
    add action=drop chain=forward comment="Bolqueo De Facebook" \
    layer7-protocol="Redes Sociales"
    add action=accept chain=input comment=\
    "input - permitir trafico establecido & relacionado" \
    connection-state=established,related
    add action=drop chain=input comment=\
    "input - denegar trafico invalido" connection-state=invalid
    add action=accept chain=input comment="Permitir puertos API" \
    dst-port=8728 protocol=tcp
    add action=accept chain=input comment="Permitir puertos WWW" \
    dst-port=8082 protocol=tcp
    add action=accept chain=input dst-port=8728 protocol=udp
    add action=accept chain=input comment=\
    "input-Permitir ovpn (1194)" dst-port=1194 protocol=udp
    add action=accept chain=input dst-port=1194 protocol=tcp
    add action=drop chain=input comment=\
    "input - denegar escaneo de puertos" protocol=tcp psd=\
    10,3s,3,1
    add action=accept chain=input comment=\
    "input - permitir puerto 8291 (winbox desde la wan)" \
    dst-port=8291 protocol=tcp
    add action=tarpit chain=input comment="input - denegar direccione\
    s que se encuentran en black_list" connection-limit=3,32 \
    protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment=\
    "input - detectar direccion IP de atacante DoS" \
    connection-limit=10,32 protocol=tcp
    add action=jump chain=input comment=\
    "input - salto a los chains de icmp" jump-target=icmp \
    protocol=icmp
    add action=accept chain=input comment="input - permitir trafico d\
    e administracion desde el address-list \"administracion\"" \
    src-address-list=Redes_Privadas
    add action=accept chain=input comment="input - permitir trafico d\
    e administracion desde el address-list \"administracion\"" \
    dst-port=5960 protocol=tcp
    add action=drop chain=input comment=\
    "input - denegar el resto de trafico"
    add action=accept chain=icmp comment=\
    "chain icmp - trafico icmp permitido" icmp-options=0:0 \
    limit=5,5:packet protocol=icmp
    add action=accept chain=icmp icmp-options=8:0 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=11:0 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=3:3 limit=5,5:packet \
    protocol=icmp
    add action=accept chain=icmp icmp-options=3:4 limit=5,5:packet \
    protocol=icmp
    add action=drop chain=icmp protocol=icmp
    add action=accept chain=forward comment=\
    "forward - permitr trafico establecido & relacionado" \
    connection-state=established,related
    add action=accept chain=forward comment=\
    "Permitir trafico privado" src-address-list=Redes_Privadas
    add action=drop chain=forward comment=\
    "forward - denegar trafico invalido" connection-state=\
    invalid
    add action=jump chain=forward comment=\
    "forward - salto a los chains de icmp" jump-target=icmp \
    protocol=icmp
    add action=accept chain=forward comment=\
    "forward - permitir puerto 3389 (escritorio remoto)" \
    dst-port=3389 protocol=tcp
    add action=drop chain=forward comment=\
    "forward - descartar todo lo demas"
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment=\
    "PLAN 50m gr1" new-connection-mark=conn_plan_50m_gr1 \
    passthrough=yes src-address-list=plan_50m_gr1
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=\
    pk_plan_50m_gr1_redes_sociales passthrough=no \
    src-address-list="redes sociales"
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 dst-address-list="redes sociales" \
    new-packet-mark=pk_plan_50m_gr1_redes_sociales passthrough=\
    no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol="Redes Sociales" \
    new-packet-mark=pk_plan_50m_gr1_redes_sociales passthrough=\
    no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_videos \
    passthrough=no src-address-list=videos
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 dst-address-list=videos new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol=MarcadoN new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 layer7-protocol=MarcadoY new-packet-mark=\
    pk_plan_50m_gr1_videos passthrough=no
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_voip \
    passthrough=no port=10000-20000 protocol=udp
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_correo \
    passthrough=no port=25,110,993,995,587,465,143 protocol=tcp \
    routing-mark=""
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_http/s \
    passthrough=no port=80,443 protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=\
    conn_plan_50m_gr1 new-packet-mark=pk_plan_50m_gr1_resto \
    passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat comment=Enmascaramiento \
    out-interface=ether1_Wan
    add action=redirect chain=dstnat comment=\
    "Servidor DNS Transparente" dst-port=53 protocol=udp \
    to-ports=53
    /ip route
    add distance=1 gateway=192.168.1.1
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /system clock
    set time-zone-name=America/Bogota
    /system resource irq rps
    set ether2 disabled=no
    set ether3 disabled=no
    set ether4 disabled=no
    set ether5 disabled=no
    /system scheduler
    add comment="Reinicio 24 Horas" interval=1d name=\
    "Reinicio 24 Horas" on-event="/system reboot" policy="ftp,reb\
    oot,read,write,policy,test,password,sniff,sensitive,romon" \
    start-date=feb/17/2021 start-time=04:00:00
    [admin@MikroTik] >

    You might also like