Indice   FAQ  
Iscriviti  Login
Indice RouterOS RouterOS

VPN L2Tp Collegamento mancato

Tutto su questo sistema operativo linux based - Configurazioni, dubbi, problematiche &....
Rispondi al messaggio

Re: VPN L2Tp Collegamento mancato

Messaggioda radiation » ven 22 set 2017, 21:30

Non servono regole di firewall per far entrare la VPN nel router. Al router arriva già tutto. Disabilita tutte quelle regole.
Andrea
Avatar utente
radiation
Staff rosIT
Staff rosIT
 
Messaggi: 486
Iscritto il: mer 11 dic 2013, 20:00
Uso routerOS dalla Versione: v3.x
Certificazioni Mikrotik: MTCNA, MTCWE
Preferred Training Centre: Nimwave
Top

VPN L2Tp Collegamento mancato

Messaggioda routermaniak » ven 22 set 2017, 21:59

Le ho disabilitate ma non cambia nulla ... il cell non si collega!! E i log sempre uguali. Mi parlavi di un possibile nat che blocca la vpn in quanto il tunnel arriva alla rb con ip del router tim? che intendi dire?


Inviato dal mio iPhone utilizzando Tapatalk
routermaniak
Mikrotik-User 4° Liv
Mikrotik-User 4° Liv
 
Messaggi: 218
Iscritto il: mer 5 giu 2013, 15:33
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda radiation » ven 22 set 2017, 22:07

Manda la conf. Altrimenti è un po’ difficile capire
Andrea
Avatar utente
radiation
Staff rosIT
Staff rosIT
 
Messaggi: 486
Iscritto il: mer 11 dic 2013, 20:00
Uso routerOS dalla Versione: v3.x
Certificazioni Mikrotik: MTCNA, MTCWE
Preferred Training Centre: Nimwave
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda routermaniak » ven 22 set 2017, 22:12

radiation ha scritto:Manda la conf. Altrimenti è un po’ difficile capire


Parli della conf della vpn e NAT ? posso fare screen shot ? come estrappolo solo la conf della vpn?
routermaniak
Mikrotik-User 4° Liv
Mikrotik-User 4° Liv
 
Messaggi: 218
Iscritto il: mer 5 giu 2013, 15:33
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda radiation » sab 23 set 2017, 9:13

Fai un export di tutto ....
Andrea
Avatar utente
radiation
Staff rosIT
Staff rosIT
 
Messaggi: 486
Iscritto il: mer 11 dic 2013, 20:00
Uso routerOS dalla Versione: v3.x
Certificazioni Mikrotik: MTCNA, MTCWE
Preferred Training Centre: Nimwave
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda routermaniak » sab 23 set 2017, 11:51

radiation ha scritto:Fai un export di tutto ....



Codice: Seleziona tutto
# sep/23/2017 11:16:36 by RouterOS 6.40.3
# software id =
#
# model = 2011UiAS
# serial number =
/interface bridge
add arp=proxy-arp fast-forward=no mtu=1500 name=bridge_LAN
/interface ethernet
set [ find default-name=ether10 ] arp=proxy-arp comment=WanVs_TIM
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1,md5 pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=10.0.2.101-10.0.2.254
add name=pool-vpn ranges=10.0.2.95-10.0.2.99
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
    interface=bridge_LAN lease-time=3d name=dhcp1
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,8.8.4.4 local-address=10.0.2.1 \
    name=vpn-profile remote-address=pool-vpn use-encryption=yes use-ipv6=\
    default
set *FFFFFFFE use-compression=no use-ipv6=no use-mpls=no
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge_LAN interface=ether2
add bridge=bridge_LAN interface=ether3
add bridge=bridge_LAN interface=ether4
add bridge=bridge_LAN interface=ether5
add bridge=bridge_LAN interface=ether6
add bridge=bridge_LAN interface=ether7
add bridge=bridge_LAN interface=ether8
add bridge=bridge_LAN interface=ether9
add bridge=bridge_LAN interface=sfp1
add bridge=bridge_LAN interface=ether1
/ipv6 settings
set max-neighbor-entries=1024
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=vpn-profile enabled=yes \
    ipsec-secret=Viaisola71bis use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2
/ip address
add address=10.0.2.1/24 interface=bridge_LAN network=10.0.2.0
add address=192.168.1.50/24 interface=ether10 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=10.0.2.112 client-id=1:0:15:c0:36:f6:6a mac-address=\
    00:15:C0:36:F6:6A server=dhcp1
add address=10.0.2.104 client-id=1:0:1d:ec:d:12:3f mac-address=\
    00:1D:EC:0D:12:3F server=dhcp1
/ip dhcp-server network
add address=10.0.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.2.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.0.2.0/24 list=Home_lan
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
    \_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    disabled=yes list=bogons
add address=10.0.2.0/24 list=smb-allow
add address=1.10.16.0/20 comment=SpamHaus list=blacklist
add address=1.32.128.0/18 comment=SpamHaus list=blacklist
add address=5.8.37.0/24 comment=SpamHaus list=blacklist
add address=5.34.242.0/23 comment=SpamHaus list=blacklist
add address=5.101.218.0/24 comment=SpamHaus list=blacklist
add address=5.101.221.0/24 comment=SpamHaus list=blacklist
add address=5.134.128.0/19 comment=SpamHaus list=blacklist
add address=5.157.0.0/18 comment=SpamHaus list=blacklist
add address=14.4.0.0/14 comment=SpamHaus list=blacklist
add address=23.226.48.0/20 comment=SpamHaus list=blacklist
add address=23.246.128.0/18 comment=SpamHaus list=blacklist
add address=23.251.224.0/19 comment=SpamHaus list=blacklist
add address=24.51.0.0/19 comment=SpamHaus list=blacklist
add address=24.233.0.0/19 comment=SpamHaus list=blacklist
add address=27.126.160.0/20 comment=SpamHaus list=blacklist
add address=31.11.43.0/24 comment=SpamHaus list=blacklist
add address=31.184.238.0/24 comment=SpamHaus list=blacklist
add address=31.222.200.0/21 comment=SpamHaus list=blacklist
add address=36.0.8.0/21 comment=SpamHaus list=blacklist
add address=36.37.48.0/20 comment=SpamHaus list=blacklist
add address=36.93.0.0/16 comment=SpamHaus list=blacklist
add address=36.116.0.0/16 comment=SpamHaus list=blacklist
add address=36.119.0.0/16 comment=SpamHaus list=blacklist
add address=36.255.212.0/22 comment=SpamHaus list=blacklist
add address=37.18.42.0/24 comment=SpamHaus list=blacklist
add address=37.139.49.0/24 comment=SpamHaus list=blacklist
add address=37.148.216.0/21 comment=SpamHaus list=blacklist
add address=37.230.212.0/23 comment=SpamHaus list=blacklist
add address=37.246.0.0/16 comment=SpamHaus list=blacklist
add address=41.242.132.0/22 comment=SpamHaus list=blacklist
add address=42.0.32.0/19 comment=SpamHaus list=blacklist
add address=42.1.56.0/22 comment=SpamHaus list=blacklist
add address=42.1.128.0/17 comment=SpamHaus list=blacklist
add address=42.52.0.0/14 comment=SpamHaus list=blacklist
add address=42.83.80.0/22 comment=SpamHaus list=blacklist
add address=42.96.0.0/18 comment=SpamHaus list=blacklist
add address=42.123.36.0/22 comment=SpamHaus list=blacklist
add address=42.128.0.0/12 comment=SpamHaus list=blacklist
add address=42.160.0.0/12 comment=SpamHaus list=blacklist
add address=42.194.8.0/22 comment=SpamHaus list=blacklist
add address=42.194.12.0/22 comment=SpamHaus list=blacklist
add address=42.194.128.0/17 comment=SpamHaus list=blacklist
add address=42.208.0.0/12 comment=SpamHaus list=blacklist
add address=43.229.52.0/22 comment=SpamHaus list=blacklist
add address=43.236.0.0/16 comment=SpamHaus list=blacklist
add address=43.250.116.0/22 comment=SpamHaus list=blacklist
add address=43.252.80.0/22 comment=SpamHaus list=blacklist
add address=43.252.152.0/22 comment=SpamHaus list=blacklist
add address=43.252.180.0/22 comment=SpamHaus list=blacklist
add address=45.4.128.0/22 comment=SpamHaus list=blacklist
add address=45.4.136.0/22 comment=SpamHaus list=blacklist
add address=45.64.88.0/22 comment=SpamHaus list=blacklist
add address=45.114.224.0/22 comment=SpamHaus list=blacklist
add address=45.117.208.0/22 comment=SpamHaus list=blacklist
add address=45.121.204.0/22 comment=SpamHaus list=blacklist
add address=45.127.36.0/22 comment=SpamHaus list=blacklist
add address=46.29.248.0/22 comment=SpamHaus list=blacklist
add address=46.29.248.0/21 comment=SpamHaus list=blacklist
add address=46.151.48.0/21 comment=SpamHaus list=blacklist
add address=46.232.192.0/21 comment=SpamHaus list=blacklist
add address=46.243.140.0/24 comment=SpamHaus list=blacklist
add address=46.243.142.0/24 comment=SpamHaus list=blacklist
add address=46.243.173.0/24 comment=SpamHaus list=blacklist
add address=49.8.0.0/14 comment=SpamHaus list=blacklist
add address=49.238.64.0/18 comment=SpamHaus list=blacklist
add address=59.254.0.0/15 comment=SpamHaus list=blacklist
add address=60.233.0.0/16 comment=SpamHaus list=blacklist
add address=61.11.224.0/19 comment=SpamHaus list=blacklist
add address=61.13.128.0/17 comment=SpamHaus list=blacklist
add address=61.14.224.0/22 comment=SpamHaus list=blacklist
add address=61.45.251.0/24 comment=SpamHaus list=blacklist
add address=66.98.112.0/20 comment=SpamHaus list=blacklist
add address=66.231.64.0/20 comment=SpamHaus list=blacklist
add address=67.213.112.0/20 comment=SpamHaus list=blacklist
add address=67.213.136.0/21 comment=SpamHaus list=blacklist
add address=67.219.208.0/20 comment=SpamHaus list=blacklist
add address=67.220.224.0/19 comment=SpamHaus list=blacklist
add address=69.26.160.0/19 comment=SpamHaus list=blacklist
add address=69.169.224.0/20 comment=SpamHaus list=blacklist
add address=74.118.60.0/22 comment=SpamHaus list=blacklist
add address=74.122.56.0/21 comment=SpamHaus list=blacklist
add address=79.110.17.0/24 comment=SpamHaus list=blacklist
add address=79.110.18.0/24 comment=SpamHaus list=blacklist
add address=79.110.19.0/24 comment=SpamHaus list=blacklist
add address=79.110.25.0/24 comment=SpamHaus list=blacklist
add address=79.173.104.0/21 comment=SpamHaus list=blacklist
add address=83.175.0.0/18 comment=SpamHaus list=blacklist
add address=84.238.160.0/22 comment=SpamHaus list=blacklist
add address=85.93.5.0/24 comment=SpamHaus list=blacklist
add address=85.121.39.0/24 comment=SpamHaus list=blacklist
add address=86.55.40.0/23 comment=SpamHaus list=blacklist
add address=86.55.42.0/23 comment=SpamHaus list=blacklist
add address=91.194.254.0/23 comment=SpamHaus list=blacklist
add address=91.200.12.0/22 comment=SpamHaus list=blacklist
add address=91.200.248.0/22 comment=SpamHaus list=blacklist
add address=91.207.4.0/22 comment=SpamHaus list=blacklist
add address=91.209.12.0/24 comment=SpamHaus list=blacklist
add address=91.212.104.0/24 comment=SpamHaus list=blacklist
add address=91.212.124.0/24 comment=SpamHaus list=blacklist
add address=91.213.126.0/24 comment=SpamHaus list=blacklist
add address=91.217.10.0/23 comment=SpamHaus list=blacklist
add address=91.220.62.0/24 comment=SpamHaus list=blacklist
add address=91.220.101.0/24 comment=SpamHaus list=blacklist
add address=91.220.163.0/24 comment=SpamHaus list=blacklist
add address=91.224.160.0/23 comment=SpamHaus list=blacklist
add address=91.225.216.0/22 comment=SpamHaus list=blacklist
add address=91.230.252.0/23 comment=SpamHaus list=blacklist
add address=91.234.36.0/24 comment=SpamHaus list=blacklist
add address=91.235.2.0/24 comment=SpamHaus list=blacklist
add address=91.236.74.0/23 comment=SpamHaus list=blacklist
add address=91.238.82.0/24 comment=SpamHaus list=blacklist
add address=91.240.165.0/24 comment=SpamHaus list=blacklist
add address=93.179.89.0/24 comment=SpamHaus list=blacklist
add address=93.179.90.0/24 comment=SpamHaus list=blacklist
add address=93.179.91.0/24 comment=SpamHaus list=blacklist
add address=95.216.0.0/15 comment=SpamHaus list=blacklist
add address=101.192.0.0/14 comment=SpamHaus list=blacklist
add address=101.202.0.0/16 comment=SpamHaus list=blacklist
add address=101.203.128.0/19 comment=SpamHaus list=blacklist
add address=101.248.0.0/15 comment=SpamHaus list=blacklist
add address=101.252.0.0/15 comment=SpamHaus list=blacklist
add address=103.2.44.0/22 comment=SpamHaus list=blacklist
add address=103.16.76.0/24 comment=SpamHaus list=blacklist
add address=103.23.8.0/22 comment=SpamHaus list=blacklist
add address=103.36.64.0/22 comment=SpamHaus list=blacklist
add address=103.57.248.0/22 comment=SpamHaus list=blacklist
add address=103.63.0.0/22 comment=SpamHaus list=blacklist
add address=103.65.204.0/22 comment=SpamHaus list=blacklist
add address=103.68.212.0/22 comment=SpamHaus list=blacklist
add address=103.69.212.0/22 comment=SpamHaus list=blacklist
add address=103.194.8.0/22 comment=SpamHaus list=blacklist
add address=103.197.8.0/22 comment=SpamHaus list=blacklist
add address=103.205.84.0/22 comment=SpamHaus list=blacklist
add address=103.207.160.0/22 comment=SpamHaus list=blacklist
add address=103.210.12.0/22 comment=SpamHaus list=blacklist
add address=103.215.80.0/22 comment=SpamHaus list=blacklist
add address=103.227.4.0/22 comment=SpamHaus list=blacklist
add address=103.228.8.0/22 comment=SpamHaus list=blacklist
add address=103.229.36.0/22 comment=SpamHaus list=blacklist
add address=103.229.40.0/22 comment=SpamHaus list=blacklist
add address=103.230.144.0/22 comment=SpamHaus list=blacklist
add address=103.231.84.0/22 comment=SpamHaus list=blacklist
add address=103.232.136.0/22 comment=SpamHaus list=blacklist
add address=103.232.172.0/22 comment=SpamHaus list=blacklist
add address=103.236.32.0/22 comment=SpamHaus list=blacklist
add address=103.239.56.0/22 comment=SpamHaus list=blacklist
add address=104.36.184.0/22 comment=SpamHaus list=blacklist
add address=104.153.96.0/21 comment=SpamHaus list=blacklist
add address=104.153.112.0/21 comment=SpamHaus list=blacklist
add address=104.153.244.0/22 comment=SpamHaus list=blacklist
add address=104.160.224.0/19 comment=SpamHaus list=blacklist
add address=104.218.224.0/22 comment=SpamHaus list=blacklist
add address=104.219.88.0/21 comment=SpamHaus list=blacklist
add address=104.244.88.0/21 comment=SpamHaus list=blacklist
add address=104.245.40.0/21 comment=SpamHaus list=blacklist
add address=104.245.188.0/22 comment=SpamHaus list=blacklist
add address=104.245.248.0/21 comment=SpamHaus list=blacklist
add address=104.255.56.0/21 comment=SpamHaus list=blacklist
add address=108.166.224.0/19 comment=SpamHaus list=blacklist
add address=110.172.64.0/18 comment=SpamHaus list=blacklist
add address=114.118.0.0/17 comment=SpamHaus list=blacklist
add address=115.166.136.0/22 comment=SpamHaus list=blacklist
add address=116.78.0.0/15 comment=SpamHaus list=blacklist
add address=116.119.0.0/17 comment=SpamHaus list=blacklist
add address=116.128.0.0/10 comment=SpamHaus list=blacklist
add address=116.144.0.0/15 comment=SpamHaus list=blacklist
add address=116.146.0.0/15 comment=SpamHaus list=blacklist
add address=116.197.156.0/22 comment=SpamHaus list=blacklist
add address=116.206.16.0/22 comment=SpamHaus list=blacklist
add address=117.58.0.0/17 comment=SpamHaus list=blacklist
add address=117.120.64.0/18 comment=SpamHaus list=blacklist
add address=119.42.52.0/22 comment=SpamHaus list=blacklist
add address=119.58.0.0/16 comment=SpamHaus list=blacklist
add address=119.232.0.0/16 comment=SpamHaus list=blacklist
add address=120.48.0.0/15 comment=SpamHaus list=blacklist
add address=121.46.124.0/22 comment=SpamHaus list=blacklist
add address=121.100.128.0/18 comment=SpamHaus list=blacklist
add address=122.129.0.0/18 comment=SpamHaus list=blacklist
add address=123.136.80.0/20 comment=SpamHaus list=blacklist
add address=123.249.0.0/16 comment=SpamHaus list=blacklist
add address=124.68.0.0/15 comment=SpamHaus list=blacklist
add address=124.70.0.0/15 comment=SpamHaus list=blacklist
add address=124.157.0.0/18 comment=SpamHaus list=blacklist
add address=124.242.0.0/16 comment=SpamHaus list=blacklist
add address=125.31.192.0/18 comment=SpamHaus list=blacklist
add address=125.58.0.0/18 comment=SpamHaus list=blacklist
add address=125.169.0.0/16 comment=SpamHaus list=blacklist
add address=128.13.0.0/16 comment=SpamHaus list=blacklist
add address=128.85.0.0/16 comment=SpamHaus list=blacklist
add address=128.94.0.0/16 comment=SpamHaus list=blacklist
add address=128.168.0.0/16 comment=SpamHaus list=blacklist
add address=128.188.0.0/16 comment=SpamHaus list=blacklist
add address=130.148.0.0/16 comment=SpamHaus list=blacklist
add address=130.196.0.0/16 comment=SpamHaus list=blacklist
add address=130.222.0.0/16 comment=SpamHaus list=blacklist
add address=131.72.208.0/22 comment=SpamHaus list=blacklist
add address=131.108.16.0/22 comment=SpamHaus list=blacklist
add address=131.108.232.0/22 comment=SpamHaus list=blacklist
add address=131.200.0.0/16 comment=SpamHaus list=blacklist
add address=134.18.0.0/16 comment=SpamHaus list=blacklist
add address=134.22.0.0/16 comment=SpamHaus list=blacklist
add address=134.23.0.0/16 comment=SpamHaus list=blacklist
add address=134.33.0.0/16 comment=SpamHaus list=blacklist
add address=134.62.0.0/15 comment=SpamHaus list=blacklist
add address=134.127.0.0/16 comment=SpamHaus list=blacklist
add address=134.172.0.0/16 comment=SpamHaus list=blacklist
add address=134.209.0.0/16 comment=SpamHaus list=blacklist
add address=136.230.0.0/16 comment=SpamHaus list=blacklist
add address=137.19.0.0/16 comment=SpamHaus list=blacklist
add address=137.33.0.0/16 comment=SpamHaus list=blacklist
add address=137.55.0.0/16 comment=SpamHaus list=blacklist
add address=137.76.0.0/16 comment=SpamHaus list=blacklist
add address=137.105.0.0/16 comment=SpamHaus list=blacklist
add address=137.171.0.0/16 comment=SpamHaus list=blacklist
add address=137.218.0.0/16 comment=SpamHaus list=blacklist
add address=138.31.0.0/16 comment=SpamHaus list=blacklist
add address=138.36.92.0/22 comment=SpamHaus list=blacklist
add address=138.36.136.0/22 comment=SpamHaus list=blacklist
add address=138.36.148.0/22 comment=SpamHaus list=blacklist
add address=138.43.0.0/16 comment=SpamHaus list=blacklist
add address=138.52.0.0/16 comment=SpamHaus list=blacklist
add address=138.59.4.0/22 comment=SpamHaus list=blacklist
add address=138.59.204.0/22 comment=SpamHaus list=blacklist
add address=138.94.120.0/22 comment=SpamHaus list=blacklist
add address=138.94.144.0/22 comment=SpamHaus list=blacklist
add address=138.94.216.0/22 comment=SpamHaus list=blacklist
add address=138.97.156.0/22 comment=SpamHaus list=blacklist
add address=138.125.0.0/16 comment=SpamHaus list=blacklist
add address=138.185.116.0/22 comment=SpamHaus list=blacklist
add address=138.186.208.0/22 comment=SpamHaus list=blacklist
add address=138.200.0.0/16 comment=SpamHaus list=blacklist
add address=138.216.0.0/16 comment=SpamHaus list=blacklist
add address=138.228.0.0/16 comment=SpamHaus list=blacklist
add address=138.249.0.0/16 comment=SpamHaus list=blacklist
add address=139.45.0.0/16 comment=SpamHaus list=blacklist
add address=139.136.0.0/16 comment=SpamHaus list=blacklist
add address=139.188.0.0/16 comment=SpamHaus list=blacklist
add address=140.143.128.0/17 comment=SpamHaus list=blacklist
add address=140.167.0.0/16 comment=SpamHaus list=blacklist
add address=141.94.0.0/15 comment=SpamHaus list=blacklist
add address=141.101.132.0/24 comment=SpamHaus list=blacklist
add address=141.101.201.0/24 comment=SpamHaus list=blacklist
add address=141.136.22.0/24 comment=SpamHaus list=blacklist
add address=141.136.27.0/24 comment=SpamHaus list=blacklist
add address=141.178.0.0/16 comment=SpamHaus list=blacklist
add address=141.253.0.0/16 comment=SpamHaus list=blacklist
add address=142.4.160.0/19 comment=SpamHaus list=blacklist
add address=142.102.0.0/16 comment=SpamHaus list=blacklist
add address=143.0.236.0/22 comment=SpamHaus list=blacklist
add address=143.49.0.0/16 comment=SpamHaus list=blacklist
add address=143.64.0.0/16 comment=SpamHaus list=blacklist
add address=143.135.0.0/16 comment=SpamHaus list=blacklist
add address=144.207.0.0/16 comment=SpamHaus list=blacklist
add address=145.231.0.0/16 comment=SpamHaus list=blacklist
add address=146.3.0.0/16 comment=SpamHaus list=blacklist
add address=146.183.0.0/16 comment=SpamHaus list=blacklist
add address=147.7.0.0/16 comment=SpamHaus list=blacklist
add address=147.16.0.0/14 comment=SpamHaus list=blacklist
add address=147.119.0.0/16 comment=SpamHaus list=blacklist
add address=148.111.0.0/16 comment=SpamHaus list=blacklist
add address=148.148.0.0/16 comment=SpamHaus list=blacklist
add address=148.154.0.0/16 comment=SpamHaus list=blacklist
add address=148.178.0.0/16 comment=SpamHaus list=blacklist
add address=148.185.0.0/16 comment=SpamHaus list=blacklist
add address=148.248.0.0/16 comment=SpamHaus list=blacklist
add address=149.109.0.0/16 comment=SpamHaus list=blacklist
add address=149.114.0.0/16 comment=SpamHaus list=blacklist
add address=149.118.0.0/16 comment=SpamHaus list=blacklist
add address=149.143.64.0/18 comment=SpamHaus list=blacklist
add address=150.10.0.0/16 comment=SpamHaus list=blacklist
add address=150.22.128.0/17 comment=SpamHaus list=blacklist
add address=150.25.0.0/16 comment=SpamHaus list=blacklist
add address=150.40.0.0/16 comment=SpamHaus list=blacklist
add address=150.107.106.0/23 comment=SpamHaus list=blacklist
add address=150.107.220.0/22 comment=SpamHaus list=blacklist
add address=150.121.0.0/16 comment=SpamHaus list=blacklist
add address=150.126.0.0/16 comment=SpamHaus list=blacklist
add address=150.129.136.0/22 comment=SpamHaus list=blacklist
add address=150.129.212.0/22 comment=SpamHaus list=blacklist
add address=150.129.228.0/22 comment=SpamHaus list=blacklist
add address=150.141.0.0/16 comment=SpamHaus list=blacklist
add address=150.242.36.0/22 comment=SpamHaus list=blacklist
add address=150.242.100.0/22 comment=SpamHaus list=blacklist
add address=150.242.120.0/22 comment=SpamHaus list=blacklist
add address=150.242.144.0/22 comment=SpamHaus list=blacklist
add address=151.123.0.0/16 comment=SpamHaus list=blacklist
add address=151.192.0.0/16 comment=SpamHaus list=blacklist
add address=151.212.0.0/16 comment=SpamHaus list=blacklist
add address=151.237.176.0/20 comment=SpamHaus list=blacklist
add address=151.237.184.0/22 comment=SpamHaus list=blacklist
add address=152.109.0.0/16 comment=SpamHaus list=blacklist
add address=152.136.0.0/16 comment=SpamHaus list=blacklist
add address=152.147.0.0/16 comment=SpamHaus list=blacklist
add address=153.14.0.0/16 comment=SpamHaus list=blacklist
add address=153.52.0.0/14 comment=SpamHaus list=blacklist
add address=153.93.0.0/16 comment=SpamHaus list=blacklist
add address=155.11.0.0/16 comment=SpamHaus list=blacklist
add address=155.40.0.0/16 comment=SpamHaus list=blacklist
add address=155.66.0.0/16 comment=SpamHaus list=blacklist
add address=155.73.0.0/16 comment=SpamHaus list=blacklist
add address=155.108.0.0/16 comment=SpamHaus list=blacklist
add address=155.204.0.0/16 comment=SpamHaus list=blacklist
add address=155.249.0.0/16 comment=SpamHaus list=blacklist
add address=157.115.0.0/16 comment=SpamHaus list=blacklist
add address=157.162.0.0/16 comment=SpamHaus list=blacklist
add address=157.186.0.0/16 comment=SpamHaus list=blacklist
add address=157.195.0.0/16 comment=SpamHaus list=blacklist
add address=157.231.0.0/16 comment=SpamHaus list=blacklist
add address=157.232.0.0/16 comment=SpamHaus list=blacklist
add address=158.54.0.0/16 comment=SpamHaus list=blacklist
add address=158.90.0.0/17 comment=SpamHaus list=blacklist
add address=158.249.0.0/16 comment=SpamHaus list=blacklist
add address=159.65.0.0/16 comment=SpamHaus list=blacklist
add address=159.80.0.0/16 comment=SpamHaus list=blacklist
add address=159.85.0.0/16 comment=SpamHaus list=blacklist
add address=159.111.0.0/16 comment=SpamHaus list=blacklist
add address=159.151.0.0/16 comment=SpamHaus list=blacklist
add address=159.174.0.0/16 comment=SpamHaus list=blacklist
add address=159.219.0.0/16 comment=SpamHaus list=blacklist
add address=159.223.0.0/16 comment=SpamHaus list=blacklist
add address=159.229.0.0/16 comment=SpamHaus list=blacklist
add address=160.14.0.0/16 comment=SpamHaus list=blacklist
add address=160.21.0.0/16 comment=SpamHaus list=blacklist
add address=160.117.0.0/16 comment=SpamHaus list=blacklist
add address=160.180.0.0/16 comment=SpamHaus list=blacklist
add address=160.181.0.0/16 comment=SpamHaus list=blacklist
add address=160.200.0.0/16 comment=SpamHaus list=blacklist
add address=160.235.0.0/16 comment=SpamHaus list=blacklist
add address=160.240.0.0/16 comment=SpamHaus list=blacklist
add address=160.255.0.0/16 comment=SpamHaus list=blacklist
add address=161.0.0.0/19 comment=SpamHaus list=blacklist
add address=161.0.68.0/22 comment=SpamHaus list=blacklist
add address=161.66.0.0/16 comment=SpamHaus list=blacklist
add address=161.70.0.0/16 comment=SpamHaus list=blacklist
add address=161.71.0.0/16 comment=SpamHaus list=blacklist
add address=161.189.0.0/16 comment=SpamHaus list=blacklist
add address=161.232.0.0/16 comment=SpamHaus list=blacklist
add address=162.208.124.0/22 comment=SpamHaus list=blacklist
add address=162.212.188.0/22 comment=SpamHaus list=blacklist
add address=162.213.128.0/22 comment=SpamHaus list=blacklist
add address=162.213.232.0/22 comment=SpamHaus list=blacklist
add address=162.219.32.0/21 comment=SpamHaus list=blacklist
add address=162.222.148.0/22 comment=SpamHaus list=blacklist
add address=162.245.124.0/22 comment=SpamHaus list=blacklist
add address=162.254.72.0/21 comment=SpamHaus list=blacklist
add address=163.47.19.0/24 comment=SpamHaus list=blacklist
add address=163.50.0.0/16 comment=SpamHaus list=blacklist
add address=163.53.247.0/24 comment=SpamHaus list=blacklist
add address=163.59.0.0/16 comment=SpamHaus list=blacklist
add address=163.250.0.0/16 comment=SpamHaus list=blacklist
add address=163.254.0.0/16 comment=SpamHaus list=blacklist
add address=164.6.0.0/16 comment=SpamHaus list=blacklist
add address=164.60.0.0/16 comment=SpamHaus list=blacklist
add address=164.79.0.0/16 comment=SpamHaus list=blacklist
add address=164.137.0.0/16 comment=SpamHaus list=blacklist
add address=165.102.0.0/16 comment=SpamHaus list=blacklist
add address=165.192.0.0/16 comment=SpamHaus list=blacklist
add address=165.205.0.0/16 comment=SpamHaus list=blacklist
add address=165.209.0.0/16 comment=SpamHaus list=blacklist
add address=166.117.0.0/16 comment=SpamHaus list=blacklist
add address=167.74.0.0/18 comment=SpamHaus list=blacklist
add address=167.87.0.0/16 comment=SpamHaus list=blacklist
add address=167.97.0.0/16 comment=SpamHaus list=blacklist
add address=167.103.0.0/16 comment=SpamHaus list=blacklist
add address=167.158.0.0/16 comment=SpamHaus list=blacklist
add address=167.162.0.0/16 comment=SpamHaus list=blacklist
add address=167.175.0.0/16 comment=SpamHaus list=blacklist
add address=167.224.0.0/19 comment=SpamHaus list=blacklist
add address=168.64.0.0/16 comment=SpamHaus list=blacklist
add address=168.90.108.0/22 comment=SpamHaus list=blacklist
add address=168.129.0.0/16 comment=SpamHaus list=blacklist
add address=168.181.52.0/22 comment=SpamHaus list=blacklist
add address=170.67.0.0/16 comment=SpamHaus list=blacklist
add address=170.113.0.0/16 comment=SpamHaus list=blacklist
add address=170.114.0.0/16 comment=SpamHaus list=blacklist
add address=170.120.0.0/16 comment=SpamHaus list=blacklist
add address=170.179.0.0/16 comment=SpamHaus list=blacklist
add address=170.244.40.0/22 comment=SpamHaus list=blacklist
add address=171.22.0.0/16 comment=SpamHaus list=blacklist
add address=171.25.0.0/17 comment=SpamHaus list=blacklist
add address=171.26.0.0/16 comment=SpamHaus list=blacklist
add address=172.96.16.0/22 comment=SpamHaus list=blacklist
add address=172.103.40.0/21 comment=SpamHaus list=blacklist
add address=172.103.64.0/18 comment=SpamHaus list=blacklist
add address=173.228.160.0/19 comment=SpamHaus list=blacklist
add address=173.246.160.0/19 comment=SpamHaus list=blacklist
add address=175.103.64.0/18 comment=SpamHaus list=blacklist
add address=176.61.136.0/22 comment=SpamHaus list=blacklist
add address=176.61.136.0/21 comment=SpamHaus list=blacklist
add address=176.65.128.0/19 comment=SpamHaus list=blacklist
add address=176.97.116.0/22 comment=SpamHaus list=blacklist
add address=177.36.16.0/20 comment=SpamHaus list=blacklist
add address=177.74.160.0/20 comment=SpamHaus list=blacklist
add address=177.91.0.0/22 comment=SpamHaus list=blacklist
add address=177.234.136.0/21 comment=SpamHaus list=blacklist
add address=178.16.80.0/20 comment=SpamHaus list=blacklist
add address=178.216.48.0/21 comment=SpamHaus list=blacklist
add address=179.42.64.0/19 comment=SpamHaus list=blacklist
add address=180.178.192.0/18 comment=SpamHaus list=blacklist
add address=180.236.0.0/14 comment=SpamHaus list=blacklist
add address=181.118.32.0/19 comment=SpamHaus list=blacklist
add address=184.169.64.0/19 comment=SpamHaus list=blacklist
add address=184.170.208.0/20 comment=SpamHaus list=blacklist
add address=185.2.32.0/24 comment=SpamHaus list=blacklist
add address=185.3.132.0/22 comment=SpamHaus list=blacklist
add address=185.16.40.0/22 comment=SpamHaus list=blacklist
add address=185.35.136.0/22 comment=SpamHaus list=blacklist
add address=185.46.84.0/22 comment=SpamHaus list=blacklist
add address=185.50.250.0/24 comment=SpamHaus list=blacklist
add address=185.50.251.0/24 comment=SpamHaus list=blacklist
add address=185.64.20.0/22 comment=SpamHaus list=blacklist
add address=185.68.156.0/22 comment=SpamHaus list=blacklist
add address=185.72.68.0/22 comment=SpamHaus list=blacklist
add address=185.93.185.0/24 comment=SpamHaus list=blacklist
add address=185.93.187.0/24 comment=SpamHaus list=blacklist
add address=185.103.72.0/22 comment=SpamHaus list=blacklist
add address=185.106.94.0/24 comment=SpamHaus list=blacklist
add address=185.127.24.0/22 comment=SpamHaus list=blacklist
add address=185.129.148.0/23 comment=SpamHaus list=blacklist
add address=185.132.4.0/22 comment=SpamHaus list=blacklist
add address=185.133.20.0/22 comment=SpamHaus list=blacklist
add address=185.134.20.0/22 comment=SpamHaus list=blacklist
add address=185.135.184.0/22 comment=SpamHaus list=blacklist
add address=185.137.219.0/24 comment=SpamHaus list=blacklist
add address=185.141.188.0/22 comment=SpamHaus list=blacklist
add address=185.146.20.0/22 comment=SpamHaus list=blacklist
add address=185.146.28.0/22 comment=SpamHaus list=blacklist
add address=185.147.140.0/22 comment=SpamHaus list=blacklist
add address=185.147.156.0/22 comment=SpamHaus list=blacklist
add address=185.148.44.0/22 comment=SpamHaus list=blacklist
add address=185.148.128.0/22 comment=SpamHaus list=blacklist
add address=185.149.112.0/22 comment=SpamHaus list=blacklist
add address=185.150.84.0/22 comment=SpamHaus list=blacklist
add address=185.151.48.0/22 comment=SpamHaus list=blacklist
add address=185.151.60.0/22 comment=SpamHaus list=blacklist
add address=185.152.36.0/22 comment=SpamHaus list=blacklist
add address=185.152.248.0/22 comment=SpamHaus list=blacklist
add address=185.154.20.0/22 comment=SpamHaus list=blacklist
add address=185.155.52.0/22 comment=SpamHaus list=blacklist
add address=185.156.88.0/21 comment=SpamHaus list=blacklist
add address=185.156.92.0/22 comment=SpamHaus list=blacklist
add address=185.159.36.0/22 comment=SpamHaus list=blacklist
add address=185.159.37.0/24 comment=SpamHaus list=blacklist
add address=185.159.68.0/22 comment=SpamHaus list=blacklist
add address=185.167.116.0/22 comment=SpamHaus list=blacklist
add address=185.171.120.0/22 comment=SpamHaus list=blacklist
add address=185.173.44.0/22 comment=SpamHaus list=blacklist
add address=185.175.140.0/22 comment=SpamHaus list=blacklist
add address=185.180.124.0/22 comment=SpamHaus list=blacklist
add address=185.184.192.0/22 comment=SpamHaus list=blacklist
add address=185.187.212.0/22 comment=SpamHaus list=blacklist
add address=185.187.236.0/22 comment=SpamHaus list=blacklist
add address=185.193.88.0/22 comment=SpamHaus list=blacklist
add address=185.195.160.0/22 comment=SpamHaus list=blacklist
add address=185.197.120.0/22 comment=SpamHaus list=blacklist
add address=185.198.212.0/22 comment=SpamHaus list=blacklist
add address=185.202.88.0/22 comment=SpamHaus list=blacklist
add address=185.204.236.0/22 comment=SpamHaus list=blacklist
add address=185.205.68.0/22 comment=SpamHaus list=blacklist
add address=185.208.128.0/22 comment=SpamHaus list=blacklist
add address=186.1.128.0/19 comment=SpamHaus list=blacklist
add address=186.65.112.0/20 comment=SpamHaus list=blacklist
add address=186.96.96.0/19 comment=SpamHaus list=blacklist
add address=188.72.96.0/24 comment=SpamHaus list=blacklist
add address=188.72.126.0/24 comment=SpamHaus list=blacklist
add address=188.72.127.0/24 comment=SpamHaus list=blacklist
add address=188.172.160.0/19 comment=SpamHaus list=blacklist
add address=188.239.128.0/18 comment=SpamHaus list=blacklist
add address=188.247.135.0/24 comment=SpamHaus list=blacklist
add address=188.247.230.0/24 comment=SpamHaus list=blacklist
add address=189.213.128.0/17 comment=SpamHaus list=blacklist
add address=190.2.208.0/21 comment=SpamHaus list=blacklist
add address=190.9.48.0/21 comment=SpamHaus list=blacklist
add address=190.99.80.0/21 comment=SpamHaus list=blacklist
add address=190.123.208.0/20 comment=SpamHaus list=blacklist
add address=192.5.103.0/24 comment=SpamHaus list=blacklist
add address=192.12.131.0/24 comment=SpamHaus list=blacklist
add address=192.22.0.0/16 comment=SpamHaus list=blacklist
add address=192.26.25.0/24 comment=SpamHaus list=blacklist
add address=192.31.212.0/23 comment=SpamHaus list=blacklist
add address=192.40.29.0/24 comment=SpamHaus list=blacklist
add address=192.43.153.0/24 comment=SpamHaus list=blacklist
add address=192.43.154.0/23 comment=SpamHaus list=blacklist
add address=192.43.156.0/22 comment=SpamHaus list=blacklist
add address=192.43.160.0/24 comment=SpamHaus list=blacklist
add address=192.43.175.0/24 comment=SpamHaus list=blacklist
add address=192.43.176.0/21 comment=SpamHaus list=blacklist
add address=192.43.184.0/24 comment=SpamHaus list=blacklist
add address=192.46.192.0/18 comment=SpamHaus list=blacklist
add address=192.54.110.0/24 comment=SpamHaus list=blacklist
add address=192.67.16.0/24 comment=SpamHaus list=blacklist
add address=192.67.160.0/22 comment=SpamHaus list=blacklist
add address=192.86.85.0/24 comment=SpamHaus list=blacklist
add address=192.88.74.0/24 comment=SpamHaus list=blacklist
add address=192.100.142.0/24 comment=SpamHaus list=blacklist
add address=192.101.44.0/24 comment=SpamHaus list=blacklist
add address=192.101.181.0/24 comment=SpamHaus list=blacklist
add address=192.101.200.0/21 comment=SpamHaus list=blacklist
add address=192.101.240.0/21 comment=SpamHaus list=blacklist
add address=192.101.248.0/23 comment=SpamHaus list=blacklist
add address=192.125.0.0/17 comment=SpamHaus list=blacklist
add address=192.133.3.0/24 comment=SpamHaus list=blacklist
add address=192.135.255.0/24 comment=SpamHaus list=blacklist
add address=192.152.194.0/24 comment=SpamHaus list=blacklist
add address=192.154.11.0/24 comment=SpamHaus list=blacklist
add address=192.158.51.0/24 comment=SpamHaus list=blacklist
add address=192.160.44.0/24 comment=SpamHaus list=blacklist
add address=192.190.49.0/24 comment=SpamHaus list=blacklist
add address=192.190.97.0/24 comment=SpamHaus list=blacklist
add address=192.195.150.0/24 comment=SpamHaus list=blacklist
add address=192.197.87.0/24 comment=SpamHaus list=blacklist
add address=192.203.252.0/24 comment=SpamHaus list=blacklist
add address=192.206.114.0/24 comment=SpamHaus list=blacklist
add address=192.206.183.0/24 comment=SpamHaus list=blacklist
add address=192.219.120.0/21 comment=SpamHaus list=blacklist
add address=192.219.128.0/18 comment=SpamHaus list=blacklist
add address=192.219.192.0/20 comment=SpamHaus list=blacklist
add address=192.219.208.0/21 comment=SpamHaus list=blacklist
add address=192.225.96.0/20 comment=SpamHaus list=blacklist
add address=192.226.16.0/20 comment=SpamHaus list=blacklist
add address=192.229.32.0/19 comment=SpamHaus list=blacklist
add address=192.231.66.0/24 comment=SpamHaus list=blacklist
add address=192.234.189.0/24 comment=SpamHaus list=blacklist
add address=192.245.101.0/24 comment=SpamHaus list=blacklist
add address=193.9.158.0/24 comment=SpamHaus list=blacklist
add address=193.25.48.0/20 comment=SpamHaus list=blacklist
add address=193.26.64.0/19 comment=SpamHaus list=blacklist
add address=193.107.16.0/22 comment=SpamHaus list=blacklist
add address=193.138.244.0/22 comment=SpamHaus list=blacklist
add address=193.139.0.0/16 comment=SpamHaus list=blacklist
add address=193.177.64.0/18 comment=SpamHaus list=blacklist
add address=193.243.0.0/17 comment=SpamHaus list=blacklist
add address=194.1.152.0/24 comment=SpamHaus list=blacklist
add address=194.29.185.0/24 comment=SpamHaus list=blacklist
add address=195.182.57.0/24 comment=SpamHaus list=blacklist
add address=195.190.13.0/24 comment=SpamHaus list=blacklist
add address=195.191.56.0/23 comment=SpamHaus list=blacklist
add address=195.191.102.0/23 comment=SpamHaus list=blacklist
add address=195.225.176.0/22 comment=SpamHaus list=blacklist
add address=196.1.109.0/24 comment=SpamHaus list=blacklist
add address=196.42.128.0/17 comment=SpamHaus list=blacklist
add address=196.61.240.0/20 comment=SpamHaus list=blacklist
add address=196.63.0.0/16 comment=SpamHaus list=blacklist
add address=196.164.0.0/15 comment=SpamHaus list=blacklist
add address=196.193.0.0/16 comment=SpamHaus list=blacklist
add address=196.196.0.0/16 comment=SpamHaus list=blacklist
add address=196.197.0.0/16 comment=SpamHaus list=blacklist
add address=196.198.0.0/16 comment=SpamHaus list=blacklist
add address=196.199.0.0/16 comment=SpamHaus list=blacklist
add address=196.240.0.0/15 comment=SpamHaus list=blacklist
add address=196.242.0.0/15 comment=SpamHaus list=blacklist
add address=196.244.0.0/15 comment=SpamHaus list=blacklist
add address=196.247.0.0/16 comment=SpamHaus list=blacklist
add address=197.154.0.0/16 comment=SpamHaus list=blacklist
add address=197.159.80.0/21 comment=SpamHaus list=blacklist
add address=198.13.0.0/20 comment=SpamHaus list=blacklist
add address=198.14.128.0/19 comment=SpamHaus list=blacklist
add address=198.14.160.0/19 comment=SpamHaus list=blacklist
add address=198.20.16.0/20 comment=SpamHaus list=blacklist
add address=198.44.192.0/20 comment=SpamHaus list=blacklist
add address=198.45.32.0/20 comment=SpamHaus list=blacklist
add address=198.45.64.0/19 comment=SpamHaus list=blacklist
add address=198.56.64.0/18 comment=SpamHaus list=blacklist
add address=198.57.64.0/20 comment=SpamHaus list=blacklist
add address=198.62.70.0/24 comment=SpamHaus list=blacklist
add address=198.62.76.0/24 comment=SpamHaus list=blacklist
add address=198.96.224.0/20 comment=SpamHaus list=blacklist
add address=198.99.117.0/24 comment=SpamHaus list=blacklist
add address=198.102.222.0/24 comment=SpamHaus list=blacklist
add address=198.148.212.0/24 comment=SpamHaus list=blacklist
add address=198.151.16.0/20 comment=SpamHaus list=blacklist
add address=198.151.64.0/18 comment=SpamHaus list=blacklist
add address=198.151.152.0/22 comment=SpamHaus list=blacklist
add address=198.160.205.0/24 comment=SpamHaus list=blacklist
add address=198.169.201.0/24 comment=SpamHaus list=blacklist
add address=198.177.175.0/24 comment=SpamHaus list=blacklist
add address=198.177.176.0/22 comment=SpamHaus list=blacklist
add address=198.177.180.0/24 comment=SpamHaus list=blacklist
add address=198.177.214.0/24 comment=SpamHaus list=blacklist
add address=198.178.64.0/19 comment=SpamHaus list=blacklist
add address=198.179.22.0/24 comment=SpamHaus list=blacklist
add address=198.181.64.0/19 comment=SpamHaus list=blacklist
add address=198.181.96.0/20 comment=SpamHaus list=blacklist
add address=198.183.32.0/19 comment=SpamHaus list=blacklist
add address=198.184.193.0/24 comment=SpamHaus list=blacklist
add address=198.184.208.0/24 comment=SpamHaus list=blacklist
add address=198.186.25.0/24 comment=SpamHaus list=blacklist
add address=198.186.208.0/24 comment=SpamHaus list=blacklist
add address=198.187.64.0/18 comment=SpamHaus list=blacklist
add address=198.187.192.0/24 comment=SpamHaus list=blacklist
add address=198.190.173.0/24 comment=SpamHaus list=blacklist
add address=198.199.212.0/24 comment=SpamHaus list=blacklist
add address=198.202.237.0/24 comment=SpamHaus list=blacklist
add address=198.204.0.0/21 comment=SpamHaus list=blacklist
add address=198.206.140.0/24 comment=SpamHaus list=blacklist
add address=198.212.132.0/24 comment=SpamHaus list=blacklist
add address=199.5.152.0/23 comment=SpamHaus list=blacklist
add address=199.5.229.0/24 comment=SpamHaus list=blacklist
add address=199.10.64.0/24 comment=SpamHaus list=blacklist
add address=199.26.137.0/24 comment=SpamHaus list=blacklist
add address=199.26.207.0/24 comment=SpamHaus list=blacklist
add address=199.26.251.0/24 comment=SpamHaus list=blacklist
add address=199.33.222.0/24 comment=SpamHaus list=blacklist
add address=199.34.128.0/18 comment=SpamHaus list=blacklist
add address=199.46.32.0/19 comment=SpamHaus list=blacklist
add address=199.58.248.0/21 comment=SpamHaus list=blacklist
add address=199.60.102.0/24 comment=SpamHaus list=blacklist
add address=199.71.56.0/21 comment=SpamHaus list=blacklist
add address=199.71.192.0/20 comment=SpamHaus list=blacklist
add address=199.84.55.0/24 comment=SpamHaus list=blacklist
add address=199.84.56.0/22 comment=SpamHaus list=blacklist
add address=199.84.60.0/24 comment=SpamHaus list=blacklist
add address=199.84.64.0/19 comment=SpamHaus list=blacklist
add address=199.87.208.0/21 comment=SpamHaus list=blacklist
add address=199.88.32.0/20 comment=SpamHaus list=blacklist
add address=199.88.48.0/22 comment=SpamHaus list=blacklist
add address=199.89.16.0/20 comment=SpamHaus list=blacklist
add address=199.89.198.0/24 comment=SpamHaus list=blacklist
add address=199.120.163.0/24 comment=SpamHaus list=blacklist
add address=199.165.32.0/19 comment=SpamHaus list=blacklist
add address=199.166.200.0/22 comment=SpamHaus list=blacklist
add address=199.184.82.0/24 comment=SpamHaus list=blacklist
add address=199.185.192.0/20 comment=SpamHaus list=blacklist
add address=199.196.192.0/19 comment=SpamHaus list=blacklist
add address=199.198.160.0/20 comment=SpamHaus list=blacklist
add address=199.198.176.0/21 comment=SpamHaus list=blacklist
add address=199.198.184.0/23 comment=SpamHaus list=blacklist
add address=199.198.188.0/22 comment=SpamHaus list=blacklist
add address=199.200.64.0/19 comment=SpamHaus list=blacklist
add address=199.212.96.0/20 comment=SpamHaus list=blacklist
add address=199.223.0.0/20 comment=SpamHaus list=blacklist
add address=199.230.64.0/19 comment=SpamHaus list=blacklist
add address=199.230.96.0/21 comment=SpamHaus list=blacklist
add address=199.233.85.0/24 comment=SpamHaus list=blacklist
add address=199.233.96.0/24 comment=SpamHaus list=blacklist
add address=199.241.64.0/19 comment=SpamHaus list=blacklist
add address=199.244.56.0/21 comment=SpamHaus list=blacklist
add address=199.245.138.0/24 comment=SpamHaus list=blacklist
add address=199.246.137.0/24 comment=SpamHaus list=blacklist
add address=199.246.213.0/24 comment=SpamHaus list=blacklist
add address=199.246.215.0/24 comment=SpamHaus list=blacklist
add address=199.248.64.0/18 comment=SpamHaus list=blacklist
add address=199.249.64.0/19 comment=SpamHaus list=blacklist
add address=199.253.32.0/20 comment=SpamHaus list=blacklist
add address=199.253.48.0/21 comment=SpamHaus list=blacklist
add address=199.253.224.0/20 comment=SpamHaus list=blacklist
add address=199.254.32.0/20 comment=SpamHaus list=blacklist
add address=200.0.60.0/23 comment=SpamHaus list=blacklist
add address=200.3.128.0/20 comment=SpamHaus list=blacklist
add address=200.22.0.0/16 comment=SpamHaus list=blacklist
add address=200.71.124.0/22 comment=SpamHaus list=blacklist
add address=200.189.44.0/22 comment=SpamHaus list=blacklist
add address=201.148.168.0/22 comment=SpamHaus list=blacklist
add address=201.169.0.0/16 comment=SpamHaus list=blacklist
add address=202.0.192.0/18 comment=SpamHaus list=blacklist
add address=202.20.32.0/19 comment=SpamHaus list=blacklist
add address=202.21.64.0/19 comment=SpamHaus list=blacklist
add address=202.27.96.0/23 comment=SpamHaus list=blacklist
add address=202.27.98.0/24 comment=SpamHaus list=blacklist
add address=202.27.99.0/24 comment=SpamHaus list=blacklist
add address=202.27.100.0/22 comment=SpamHaus list=blacklist
add address=202.27.120.0/22 comment=SpamHaus list=blacklist
add address=202.27.161.0/24 comment=SpamHaus list=blacklist
add address=202.27.162.0/23 comment=SpamHaus list=blacklist
add address=202.27.164.0/22 comment=SpamHaus list=blacklist
add address=202.27.168.0/24 comment=SpamHaus list=blacklist
add address=202.39.112.0/20 comment=SpamHaus list=blacklist
add address=202.40.32.0/19 comment=SpamHaus list=blacklist
add address=202.40.64.0/18 comment=SpamHaus list=blacklist
add address=202.68.0.0/18 comment=SpamHaus list=blacklist
add address=202.86.0.0/22 comment=SpamHaus list=blacklist
add address=202.148.32.0/20 comment=SpamHaus list=blacklist
add address=202.148.176.0/20 comment=SpamHaus list=blacklist
add address=202.183.0.0/19 comment=SpamHaus list=blacklist
add address=202.189.80.0/20 comment=SpamHaus list=blacklist
add address=203.2.200.0/22 comment=SpamHaus list=blacklist
add address=203.9.0.0/19 comment=SpamHaus list=blacklist
add address=203.31.88.0/23 comment=SpamHaus list=blacklist
add address=203.34.70.0/23 comment=SpamHaus list=blacklist
add address=203.34.71.0/24 comment=SpamHaus list=blacklist
add address=203.34.252.0/23 comment=SpamHaus list=blacklist
add address=203.86.252.0/22 comment=SpamHaus list=blacklist
add address=203.148.80.0/22 comment=SpamHaus list=blacklist
add address=203.149.92.0/22 comment=SpamHaus list=blacklist
add address=203.169.0.0/22 comment=SpamHaus list=blacklist
add address=203.189.112.0/22 comment=SpamHaus list=blacklist
add address=203.191.64.0/18 comment=SpamHaus list=blacklist
add address=204.19.38.0/23 comment=SpamHaus list=blacklist
add address=204.44.32.0/20 comment=SpamHaus list=blacklist
add address=204.44.192.0/20 comment=SpamHaus list=blacklist
add address=204.44.224.0/20 comment=SpamHaus list=blacklist
add address=204.48.16.0/20 comment=SpamHaus list=blacklist
add address=204.52.255.0/24 comment=SpamHaus list=blacklist
add address=204.57.16.0/20 comment=SpamHaus list=blacklist
add address=204.75.147.0/24 comment=SpamHaus list=blacklist
add address=204.75.228.0/24 comment=SpamHaus list=blacklist
add address=204.80.198.0/24 comment=SpamHaus list=blacklist
add address=204.86.16.0/20 comment=SpamHaus list=blacklist
add address=204.87.199.0/24 comment=SpamHaus list=blacklist
add address=204.89.224.0/24 comment=SpamHaus list=blacklist
add address=204.106.128.0/18 comment=SpamHaus list=blacklist
add address=204.106.192.0/19 comment=SpamHaus list=blacklist
add address=204.107.208.0/24 comment=SpamHaus list=blacklist
add address=204.126.244.0/23 comment=SpamHaus list=blacklist
add address=204.128.151.0/24 comment=SpamHaus list=blacklist
add address=204.128.180.0/24 comment=SpamHaus list=blacklist
add address=204.130.16.0/20 comment=SpamHaus list=blacklist
add address=204.130.167.0/24 comment=SpamHaus list=blacklist
add address=204.147.64.0/21 comment=SpamHaus list=blacklist
add address=204.187.155.0/24 comment=SpamHaus list=blacklist
add address=204.187.156.0/22 comment=SpamHaus list=blacklist
add address=204.187.160.0/19 comment=SpamHaus list=blacklist
add address=204.187.192.0/19 comment=SpamHaus list=blacklist
add address=204.187.224.0/20 comment=SpamHaus list=blacklist
add address=204.187.240.0/21 comment=SpamHaus list=blacklist
add address=204.187.248.0/22 comment=SpamHaus list=blacklist
add address=204.187.252.0/23 comment=SpamHaus list=blacklist
add address=204.187.254.0/24 comment=SpamHaus list=blacklist
add address=204.194.64.0/21 comment=SpamHaus list=blacklist
add address=204.194.184.0/21 comment=SpamHaus list=blacklist
add address=204.225.16.0/20 comment=SpamHaus list=blacklist
add address=204.225.159.0/24 comment=SpamHaus list=blacklist
add address=204.225.210.0/24 comment=SpamHaus list=blacklist
add address=204.232.0.0/18 comment=SpamHaus list=blacklist
add address=204.238.137.0/24 comment=SpamHaus list=blacklist
add address=204.238.170.0/24 comment=SpamHaus list=blacklist
add address=204.238.183.0/24 comment=SpamHaus list=blacklist
add address=205.137.0.0/20 comment=SpamHaus list=blacklist
add address=205.142.104.0/22 comment=SpamHaus list=blacklist
add address=205.144.0.0/20 comment=SpamHaus list=blacklist
add address=205.144.176.0/20 comment=SpamHaus list=blacklist
add address=205.148.128.0/18 comment=SpamHaus list=blacklist
add address=205.148.192.0/18 comment=SpamHaus list=blacklist
add address=205.151.128.0/19 comment=SpamHaus list=blacklist
add address=205.159.45.0/24 comment=SpamHaus list=blacklist
add address=205.159.174.0/24 comment=SpamHaus list=blacklist
add address=205.159.180.0/24 comment=SpamHaus list=blacklist
add address=205.166.77.0/24 comment=SpamHaus list=blacklist
add address=205.166.84.0/24 comment=SpamHaus list=blacklist
add address=205.166.130.0/24 comment=SpamHaus list=blacklist
add address=205.166.168.0/24 comment=SpamHaus list=blacklist
add address=205.166.211.0/24 comment=SpamHaus list=blacklist
add address=205.172.176.0/22 comment=SpamHaus list=blacklist
add address=205.172.244.0/22 comment=SpamHaus list=blacklist
add address=205.175.160.0/19 comment=SpamHaus list=blacklist
add address=205.189.71.0/24 comment=SpamHaus list=blacklist
add address=205.189.72.0/23 comment=SpamHaus list=blacklist
add address=205.203.0.0/19 comment=SpamHaus list=blacklist
add address=205.203.224.0/19 comment=SpamHaus list=blacklist
add address=205.207.134.0/24 comment=SpamHaus list=blacklist
add address=205.210.107.0/24 comment=SpamHaus list=blacklist
add address=205.210.139.0/24 comment=SpamHaus list=blacklist
add address=205.210.171.0/24 comment=SpamHaus list=blacklist
add address=205.210.172.0/22 comment=SpamHaus list=blacklist
add address=205.214.96.0/19 comment=SpamHaus list=blacklist
add address=205.214.128.0/19 comment=SpamHaus list=blacklist
add address=205.233.224.0/20 comment=SpamHaus list=blacklist
add address=205.236.185.0/24 comment=SpamHaus list=blacklist
add address=205.236.189.0/24 comment=SpamHaus list=blacklist
add address=205.237.88.0/21 comment=SpamHaus list=blacklist
add address=206.41.160.0/19 comment=SpamHaus list=blacklist
add address=206.51.29.0/24 comment=SpamHaus list=blacklist
add address=206.81.0.0/19 comment=SpamHaus list=blacklist
add address=206.130.4.0/23 comment=SpamHaus list=blacklist
add address=206.130.188.0/24 comment=SpamHaus list=blacklist
add address=206.143.128.0/17 comment=SpamHaus list=blacklist
add address=206.189.0.0/16 comment=SpamHaus list=blacklist
add address=206.195.224.0/19 comment=SpamHaus list=blacklist
add address=206.197.28.0/24 comment=SpamHaus list=blacklist
add address=206.197.29.0/24 comment=SpamHaus list=blacklist
add address=206.197.77.0/24 comment=SpamHaus list=blacklist
add address=206.197.165.0/24 comment=SpamHaus list=blacklist
add address=206.203.64.0/18 comment=SpamHaus list=blacklist
add address=206.209.80.0/20 comment=SpamHaus list=blacklist
add address=206.224.160.0/19 comment=SpamHaus list=blacklist
add address=206.226.0.0/19 comment=SpamHaus list=blacklist
add address=206.226.32.0/19 comment=SpamHaus list=blacklist
add address=206.227.64.0/18 comment=SpamHaus list=blacklist
add address=207.22.192.0/18 comment=SpamHaus list=blacklist
add address=207.32.128.0/19 comment=SpamHaus list=blacklist
add address=207.32.208.0/20 comment=SpamHaus list=blacklist
add address=207.45.224.0/20 comment=SpamHaus list=blacklist
add address=207.110.64.0/18 comment=SpamHaus list=blacklist
add address=207.110.96.0/19 comment=SpamHaus list=blacklist
add address=207.110.128.0/18 comment=SpamHaus list=blacklist
add address=207.177.128.0/18 comment=SpamHaus list=blacklist
add address=207.178.64.0/19 comment=SpamHaus list=blacklist
add address=207.183.192.0/19 comment=SpamHaus list=blacklist
add address=207.226.192.0/20 comment=SpamHaus list=blacklist
add address=207.234.0.0/17 comment=SpamHaus list=blacklist
add address=208.93.4.0/22 comment=SpamHaus list=blacklist
add address=208.117.88.0/22 comment=SpamHaus list=blacklist
add address=208.117.92.0/24 comment=SpamHaus list=blacklist
add address=209.51.32.0/20 comment=SpamHaus list=blacklist
add address=209.54.160.0/19 comment=SpamHaus list=blacklist
add address=209.66.128.0/19 comment=SpamHaus list=blacklist
add address=209.95.192.0/19 comment=SpamHaus list=blacklist
add address=209.97.128.0/18 comment=SpamHaus list=blacklist
add address=209.99.128.0/18 comment=SpamHaus list=blacklist
add address=209.145.0.0/19 comment=SpamHaus list=blacklist
add address=209.182.64.0/19 comment=SpamHaus list=blacklist
add address=209.229.0.0/16 comment=SpamHaus list=blacklist
add address=209.242.192.0/19 comment=SpamHaus list=blacklist
add address=212.92.127.0/24 comment=SpamHaus list=blacklist
add address=216.47.96.0/20 comment=SpamHaus list=blacklist
add address=216.152.240.0/20 comment=SpamHaus list=blacklist
add address=216.183.208.0/20 comment=SpamHaus list=blacklist
add address=220.154.0.0/16 comment=SpamHaus list=blacklist
add address=221.132.192.0/18 comment=SpamHaus list=blacklist
add address=223.0.0.0/15 comment=SpamHaus list=blacklist
add address=223.169.0.0/16 comment=SpamHaus list=blacklist
add address=223.173.0.0/16 comment=SpamHaus list=blacklist
add address=223.201.0.0/16 comment=SpamHaus list=blacklist
add address=223.254.0.0/16 comment=SpamHaus list=blacklist
add address=77.72.82.0/24 comment=DShield list=blacklist
add address=5.188.10.0/24 comment=DShield list=blacklist
add address=5.188.62.0/24 comment=DShield list=blacklist
add address=5.188.203.0/24 comment=DShield list=blacklist
add address=80.82.70.0/24 comment=DShield list=blacklist
add address=84.53.198.0/24 comment=DShield list=blacklist
add address=212.3.130.0/24 comment=DShield list=blacklist
add address=94.74.81.0/24 comment=DShield list=blacklist
add address=80.82.77.0/24 comment=DShield list=blacklist
add address=45.55.21.0/24 comment=DShield list=blacklist
add address=93.174.93.0/24 comment=DShield list=blacklist
add address=196.52.43.0/24 comment=DShield list=blacklist
add address=141.212.122.0/24 comment=DShield list=blacklist
add address=191.96.249.0/24 comment=DShield list=blacklist
add address=158.85.81.0/24 comment=DShield list=blacklist
add address=71.6.146.0/24 comment=DShield list=blacklist
add address=168.1.128.0/24 comment=DShield list=blacklist
add address=185.129.148.0/24 comment=DShield list=blacklist
add address=85.113.214.0/24 comment=DShield list=blacklist
add address=169.54.233.0/24 comment=DShield list=blacklist
/ip firewall filter
add action=accept chain=input comment="VPN L2TP UDP 500" disabled=yes \
    dst-port=500 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP UDP 1701" disabled=yes \
    dst-port=1701 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP 4500" disabled=yes dst-port=\
    4500 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP ESP" disabled=yes \
    in-interface=ether10 protocol=ipsec-esp
add action=accept chain=input comment="VPN L2TP AH" disabled=yes \
    in-interface=ether10 protocol=ipsec-ah
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
    src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
    connection-state="" protocol=tcp
add action=accept chain=input comment="Accept to related connections" \
    connection-state="" protocol=tcp
add action=accept chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yes
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
    icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
    3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
add action=accept chain=forward comment="allow established connections" \
    connection-state=""
add action=accept chain=forward comment="allow related connections" \
    connection-state=""
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=""
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
    protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
    protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=\
    tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=\
    tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 \
    protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
    protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=\
    tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=\
    tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
    65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
    virus
add action=accept chain=forward comment="Allow HTTP" dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow SMTP" dst-port=25 protocol=tcp
add action=accept chain=forward comment="allow TCP" protocol=tcp
add action=accept chain=forward comment="allow ping" protocol=icmp
add action=accept chain=forward comment="allow udp" protocol=udp
add action=drop chain=forward comment="drop everything else"
add action=add-src-to-address-list address-list=blocked-addr \
    address-list-timeout=1d chain=input connection-limit=32,32 protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
    src-address-list=blocked-addr
add action=jump chain=forward comment="SYN Flood protect" connection-state="" \
    jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state="" limit=400,5:packet \
    protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state="" protocol=tcp tcp-flags=\
    syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
    src-address-list="port scanners"
add action=drop chain=forward comment="\"BLOCK SPAMMERS OR INFECTED USERS\"" \
    dst-port=25 protocol=tcp src-address-list=spammers
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=1w3d chain=forward comment=\
    "\"Detect and add-list SMTP virus or spammers\"" connection-limit=30,32 \
    dst-port=25 limit=50,5:packet protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment="Drop Address List" src-address-list=\
    blacklist
add action=accept chain=input comment=smb1 disabled=yes dst-port=137-138 \
    protocol=udp src-address-list=smb-allow
add action=accept chain=input comment=smb2 disabled=yes dst-port=137,139 \
    protocol=tcp src-address-list=smb-allow
add action=accept chain=input comment=FTP-Rb disabled=yes dst-port=2121 \
    protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether10 src-address=\
    10.0.2.0/24
add action=dst-nat chain=dstnat comment=Garden_Cam dst-port=8081 log=yes \
    protocol=tcp to-addresses=10.0.2.14 to-ports=8081
add action=dst-nat chain=dstnat comment=SSH_Rasp dst-port=22 log=yes \
    protocol=tcp to-addresses=10.0.2.100 to-ports=22
add action=dst-nat chain=dstnat comment=FTP-Rasp dst-port=21 log=yes \
    protocol=tcp to-addresses=10.0.2.100 to-ports=21
add action=dst-nat chain=dstnat comment=Passive-Range-RaspFTP dst-port=\
    49152-65534 log=yes protocol=tcp to-addresses=10.0.2.100 to-ports=\
    49152-65534
add action=dst-nat chain=dstnat comment=FTP-Rb disabled=yes dst-port=2121 \
    log=yes protocol=tcp to-addresses=10.0.2.1 to-ports=2121
add action=dst-nat chain=dstnat comment=Webmin disabled=yes dst-port=10000 \
    protocol=tcp to-addresses=10.0.2.100 to-ports=10000
add action=dst-nat chain=dstnat comment=Cups_Print-Server disabled=yes \
    dst-port=631 protocol=tcp to-addresses=10.0.2.100 to-ports=631
add action=dst-nat chain=dstnat comment=Sane-RaspScan disabled=yes dst-port=\
    6566 protocol=tcp to-addresses=10.0.2.100 to-ports=6566
add action=dst-nat chain=dstnat comment=AccesPoint disabled=yes dst-port=80 \
    log=yes protocol=tcp to-addresses=10.0.2.12
/ip firewall service-port
set ftp ports=2121
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-128,3des \
    exchange-mode=main-l2tp generate-policy=port-override nat-traversal=no \
    secret=XXXXXXXXX
/ip ipsec policy
set 0 disabled=yes
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp port=2121
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no interfaces=bridge_LAN,ether10
/ip smb shares
add directory=/disk1 max-sessions=1 name=share1
/ppp secret
add name=XXXXXXXX password=XXXXXXX profile=vpn-profile service=\
    l2tp
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge_LAN disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
/system logging
add disabled=yes topics=debug
/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/system scheduler
add comment="Download openbl list" interval=1w name=DownloadBegoneList \
    on-event=Download_openbl policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=01:05:00
add comment="Apply openbl List" interval=1w name=InstallBegoneList on-event=\
    Replace_openbl policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=01:15:00
add comment="Download spamnaus list" interval=1w name=DownloadSpamhausList \
    on-event=Download_spamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:02:00
add comment="Apply spamnaus List" interval=1w name=InstallSpamhausList \
    on-event=Replace_spamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:12:00
add comment="Download dshield list" interval=1w name=DownloadDShieldList \
    on-event=Download_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:42:00
add comment="Apply dshield List" interval=1w name=InstallDShieldList \
    on-event=Replace_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:52:00
/system script
add name=Download_openbl owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\
    \n"
add name=Replace_openbl owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"OpenBL\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=openbl.rsc;\
    \n:log info \"Removal old openbl and add new\";\
    \n"
add name=Download_spamhaus owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\
    \n"
add name=Replace_spamhaus owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"SpamHaus\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=spamhaus.rsc;\
    \n:log info \"Removal old openbl and add new\";\
    \n"
add name=Download_dshield owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\
    \n"
add name=Replace_dshield owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"DShield\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=dshield.rsc;\
    \n:log info \"Removal old dshield and add new\";\
    \n"
/tool romon port
add
/tool user-manager database
set db-path=user-manager1



Ho un forte dubbio xo che possa centrare questo:
Non hai i permessi necessari per visualizzare i file allegati in questo messaggio.
routermaniak
Mikrotik-User 4° Liv
Mikrotik-User 4° Liv
 
Messaggi: 218
Iscritto il: mer 5 giu 2013, 15:33
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda radiation » sab 23 set 2017, 16:51

Ora sono in giro e non riesco a guardare bene. Il problema che vedi nel DDNS è normale in quanto la connessione non è attestata direttamente al Mikrotik e lui vede l'IP del modem.

Per la VPN prova a usare queste impostazioni:

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1,md5 pfs-group=none

/ip pool
add name=vpn ranges=192.168.89.2-192.168.89.255

/ppp profile
add change-tcp-mss=yes local-address=192.168.89.1 name=profile-vpn \
remote-address=vpn use-encryption=yes

/interface l2tp-server server
set default-profile=profile-vpn enabled=yes ipsec-secret=123456578

/ip ipsec peer
add enc-algorithm=aes-256,aes-192,aes-128,3des exchange-mode=main-l2tp \
generate-policy=port-override passive=yes secret=12345678

/ppp secret
add name=UTENTE password=PASSWORD profile=profile-vpn

Per gli eventuali log:

/system logging
add disabled=yes topics=l2tp
add topics=ipsec,debug,!packet
Andrea
Avatar utente
radiation
Staff rosIT
Staff rosIT
 
Messaggi: 486
Iscritto il: mer 11 dic 2013, 20:00
Uso routerOS dalla Versione: v3.x
Certificazioni Mikrotik: MTCNA, MTCWE
Preferred Training Centre: Nimwave
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda routermaniak » sab 23 set 2017, 22:04

Ciao ho cancellato il setup della vpn l2tp....e applicato il tuo. il log è cambiato tantissimo ed è assai lungo (non so come fare per copiarlo dalla finestra del log)... però ancora nessun collegamento da iphone!
routermaniak
Mikrotik-User 4° Liv
Mikrotik-User 4° Liv
 
Messaggi: 218
Iscritto il: mer 5 giu 2013, 15:33
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda radiation » sab 23 set 2017, 22:08

Ma hai copiato il mio esempio?

Hai abituato anche i log della vpn?
Andrea
Avatar utente
radiation
Staff rosIT
Staff rosIT
 
Messaggi: 486
Iscritto il: mer 11 dic 2013, 20:00
Uso routerOS dalla Versione: v3.x
Certificazioni Mikrotik: MTCNA, MTCWE
Preferred Training Centre: Nimwave
Top

Re: VPN L2Tp Collegamento mancato

Messaggioda routermaniak » sab 23 set 2017, 22:14

ho applicato il mio esempio cambiando l'ip pool con la mia subnet... si i log vpn li ho abilitati, ma dove li recupero? cliccando su log e provando a fare connessione viene fuori una marea di roba
routermaniak
Mikrotik-User 4° Liv
Mikrotik-User 4° Liv
 
Messaggi: 218
Iscritto il: mer 5 giu 2013, 15:33
Top

PrecedenteProssimo
Rispondi al messaggio

Torna a RouterOS

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Privacy Terms of use
Powered by phpBB © 2002, 2005, 2007 phpBB Group
MikroTik is a registered trademark of MikroTikls corporation
Hai bisogno di aiuto? Contattaci!

cron