#              model: RB760iGS
#      serial-number: A8150AA85C29
#      firmware-type: mt7621L
#   current-firmware: 6.46.8
#   installed-version: 6.46.8
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# 
# software id = 6IDL-7IPU
#
# model = RB760iGS
# serial number = A8150AA85C29
/interface bridge
add name=REDE
add name=loopback
/interface ethernet
set [ find default-name=ether1 ] comment=LINK
set [ find default-name=ether2 ] comment="REDE-INTERNA(SW)"
set [ find default-name=ether3 ] comment=UniFi-CT-1
set [ find default-name=ether4 ] comment=RELOGIO-PONTO
set [ find default-name=ether5 ] comment=RB-CT-2
/interface vlan
add interface=ether1 name="TESTE VLAN 221" vlan-id=221
add interface=ether1 name=VLAN-203-CT vlan-id=203
/ip firewall layer7-protocol
add name=Block-Sites regexp="^.+(facebook.com|youtube.com|instagram.com|netflix.com|twitter.com|amazon.com|primevideo.com|amazon.com.br).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=100.96.126.2-100.96.126.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=REDE lease-time=1h name=dhcp1
/ipv6 pool
add name=POOL-IPV6 prefix=2804:2994:e001::/48 prefix-length=64
/routing ospf area
add area-id=0.0.0.80 name=DHCP
/routing ospf instance
set [ find default=yes ] router-id=10.0.8.30
/routing ospf-v3 instance
set [ find default=yes ] router-id=10.0.8.30
/snmp community
set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=REDE interface=ether3
add bridge=REDE interface=ether5
add bridge=REDE interface=ether2
add bridge=REDE interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=10.0.8.30/30 interface=VLAN-203-CT network=10.0.8.28
add address=143.0.252.83 interface=loopback network=143.0.252.83
add address=100.96.126.1/24 comment=REDE-INTERNA interface=REDE network=100.96.126.0
add address=10.0.8.150/30 interface="TESTE VLAN 221" network=10.0.8.148
/ip dhcp-server lease
add address=100.96.126.248 comment=RELOGIO-DE-PONTO-CT mac-address=08:14:14:DB:FF:CA server=dhcp1
add address=100.96.126.81 client-id=1:0:b:82:be:f0:a comment=TELEFONE-1006 mac-address=00:0B:82:BE:F0:0A server=dhcp1
add address=100.96.126.74 client-id=1:0:b:82:94:50:94 comment=TELEFONE-1025 mac-address=00:0B:82:94:50:94 server=dhcp1
add address=100.96.126.73 client-id=1:0:b:82:be:f5:52 comment=TELEFONE-1027 mac-address=00:0B:82:BE:F5:52 server=dhcp1
add address=100.96.126.65 client-id=1:0:b:82:90:b1:16 comment=TELEFONE-1023 mac-address=00:0B:82:90:B1:16 server=dhcp1
add address=100.96.126.47 client-id=1:0:b:82:90:b5:ed comment=TELEFONE-1021 mac-address=00:0B:82:90:B5:ED server=dhcp1
add address=100.96.126.116 client-id=1:0:b:82:a4:f6:9d comment=TELEFONE-1004 mac-address=00:0B:82:A4:F6:9D server=dhcp1
add address=100.96.126.110 client-id=1:0:b:82:a5:ab:48 comment=TELEFONE-OP-1200 mac-address=00:0B:82:A5:AB:48 server=dhcp1
add address=100.96.126.137 client-id=1:0:b:82:a5:ab:46 comment=TELEFONE-1203 mac-address=00:0B:82:A5:AB:46 server=dhcp1
add address=100.96.126.146 client-id=1:0:b:82:be:f5:48 comment=TELEFONE-1007 mac-address=00:0B:82:BE:F5:48 server=dhcp1
add address=100.96.126.9 client-id=1:0:b:82:be:f5:59 comment=TELEFONE-1024 mac-address=00:0B:82:BE:F5:59 server=dhcp1
add address=100.96.126.38 client-id=1:0:b:82:90:b1:17 comment=TELEFONE-1020 mac-address=00:0B:82:90:B1:17 server=dhcp1
add address=100.96.126.40 client-id=1:0:b:82:a4:f7:52 comment=TELEFONE-1202 mac-address=00:0B:82:A4:F7:52 server=dhcp1
add address=100.96.126.91 client-id=1:c0:74:ad:d:60:58 comment=TELEFONE-VENDAS-1103 mac-address=C0:74:AD:0D:60:58 server=dhcp1
add address=100.96.126.145 client-id=1:0:b:82:be:f5:46 comment=TELEFONE-1102 mac-address=00:0B:82:BE:F5:46 server=dhcp1
add address=100.96.126.36 client-id=1:f4:b5:20:13:f0:2b comment="PC-2 Suporte" mac-address=F4:B5:20:13:F0:2B server=dhcp1
add address=100.96.126.250 client-id=1:70:85:c2:6a:47:83 comment="PC-1 Suporte." mac-address=70:85:C2:6A:47:83 server=dhcp1
add address=100.96.126.249 client-id=1:70:85:c2:33:5b:52 comment="PC-6 Suporte." mac-address=70:85:C2:33:5B:52 server=dhcp1
add address=100.96.126.3 client-id=1:20:25:64:2b:b8:71 mac-address=20:25:64:2B:B8:71 server=dhcp1
add address=100.96.126.8 client-id=1:70:85:c2:33:5b:50 comment="PC-3 Suporte." mac-address=70:85:C2:33:5B:50 server=dhcp1
add address=100.96.126.20 client-id=1:0:e0:4c:36:37:c4 mac-address=00:E0:4C:36:37:C4 server=dhcp1
add address=100.96.126.55 client-id=1:94:e9:79:b4:20:cf mac-address=94:E9:79:B4:20:CF server=dhcp1
add address=100.96.126.70 client-id=1:5c:c9:d3:3a:bc:9b mac-address=5C:C9:D3:3A:BC:9B server=dhcp1
add address=100.96.126.26 client-id=1:f4:b5:20:13:f2:2b mac-address=F4:B5:20:13:F2:2B server=dhcp1
add address=100.96.126.23 client-id=1:70:85:c2:6a:44:19 mac-address=70:85:C2:6A:44:19 server=dhcp1
add address=100.96.126.30 client-id=1:0:1c:25:46:ba:67 mac-address=00:1C:25:46:BA:67 server=dhcp1
add address=100.96.126.34 client-id=1:5c:c9:d3:56:76:8c mac-address=5C:C9:D3:56:76:8C server=dhcp1
add address=100.96.126.46 client-id=1:70:85:c2:6a:49:84 mac-address=70:85:C2:6A:49:84 server=dhcp1
add address=100.96.126.29 client-id=1:64:1c:67:7b:6:50 mac-address=64:1C:67:7B:06:50 server=dhcp1
add address=100.96.126.141 client-id=1:5c:c9:d3:56:4c:7a mac-address=5C:C9:D3:56:4C:7A server=dhcp1
add address=100.96.126.103 client-id=1:bc:5f:f4:c0:48:7b comment="PC-5 Suporte." mac-address=BC:5F:F4:C0:48:7B server=dhcp1
add address=100.96.126.15 client-id=1:70:85:c2:33:5b:66 comment="PC-7 Suporte." mac-address=70:85:C2:33:5B:66 server=dhcp1
add address=100.96.126.10 client-id=1:50:a6:7f:e:33:4f mac-address=50:A6:7F:0E:33:4F server=dhcp1
add address=100.96.126.16 client-id=1:32:35:1b:d6:eb:de mac-address=32:35:1B:D6:EB:DE server=dhcp1
add address=100.96.126.246 client-id=1:70:85:c2:33:57:e3 mac-address=70:85:C2:33:57:E3 server=dhcp1
add address=100.96.126.93 client-id=1:10:78:d2:2d:84:d3 mac-address=10:78:D2:2D:84:D3 server=dhcp1
add address=100.96.126.35 client-id=1:1c:39:47:db:ee:b2 mac-address=1C:39:47:DB:EE:B2 server=dhcp1
add address=100.96.126.111 client-id=1:4e:2e:18:5:f7:a4 mac-address=4E:2E:18:05:F7:A4 server=dhcp1
add address=100.96.126.51 client-id=1:8a:a6:9d:c0:2f:ef mac-address=8A:A6:9D:C0:2F:EF server=dhcp1
add address=100.96.126.57 client-id=1:c0:74:ad:d:65:b4 comment=TELEFONE-falta mac-address=C0:74:AD:0D:65:B4 server=dhcp1
add address=100.96.126.82 comment=IMPRESSSORA-OP mac-address=DC:4A:3E:2C:AA:11 server=dhcp1
add address=100.96.126.142 client-id=1:c0:74:ad:43:25:92 mac-address=C0:74:AD:43:25:92 server=dhcp1
add address=100.96.126.179 client-id=1:c0:74:ad:43:25:64 comment=TELEFONE-1100 mac-address=C0:74:AD:43:25:64 server=dhcp1
add address=100.96.126.80 client-id=1:c0:74:ad:43:25:81 comment=TELEFONE mac-address=C0:74:AD:43:25:81 server=dhcp1
add address=100.96.126.71 client-id=1:c0:74:ad:43:25:82 comment=TELEFONE mac-address=C0:74:AD:43:25:82 server=dhcp1
/ip dhcp-server network
add address=100.96.126.0/24 gateway=100.96.126.1
/ip dns
set servers=143.0.252.10,143.0.252.20,2804:2994:77::10,2804:2994:77::20
/ip firewall address-list
add address=100.96.126.250 disabled=yes list=IP-Block
add address=100.96.126.55 disabled=yes list=IP-Block
add address=100.96.126.53 disabled=yes list=IP-Block
add address=100.96.126.1 disabled=yes list=IP-Block
add address=100.96.126.36 disabled=yes list=IP-Block
add address=100.96.126.249 disabled=yes list=IP-Block
add address=100.96.126.70 disabled=yes list=IP-Block
add address=100.96.126.26 disabled=yes list=IP-Block
add address=100.96.126.141 disabled=yes list=IP-Block
add address=100.96.126.29 disabled=yes list=IP-Block
add address=100.96.126.8 disabled=yes list=IP-Block
add address=100.96.126.34 disabled=yes list=IP-Block
add address=100.96.126.3 disabled=yes list=IP-Block
add address=100.96.126.20 disabled=yes list=IP-Block
add address=100.96.126.46 disabled=yes list=IP-Block
add address=100.96.126.11 disabled=yes list=IP-Block
add address=100.96.126.103 disabled=yes list=IP-Block
add address=100.96.126.15 disabled=yes list=IP-Block
add address=100.96.126.10 disabled=yes list=IP-Block
add address=100.96.126.16 disabled=yes list=IP-Block
add address=100.96.126.111 disabled=yes list=IP-Block
add address=100.96.126.93 disabled=yes list=IP-Block
add address=100.96.126.35 disabled=yes list=IP-Block
add address=100.96.126.246 disabled=yes list=IP-Block
add address=100.96.126.51 disabled=yes list=IP-Block
add address=100.96.126.11 disabled=yes list="Teste IP"
add address=100.96.126.250 disabled=yes list="Teste IP"
add address=143.0.252.0/22 disabled=yes list="Exc Block"
add address=tp-link.com disabled=yes list="Exc Block"
add address=google.com disabled=yes list="Exc Block"
add address=docs.google.com disabled=yes list="Exc Block"
add address=10.0.0.0/8 disabled=yes list="Exc Block"
add address=172.16.0.0/12 disabled=yes list="Exc Block"
add address=192.168.0.0/16 disabled=yes list="Exc Block"
add address=169.254.0.0/16 disabled=yes list="Exc Block"
add address=web.whatsapp.com disabled=yes list="Exc Block"
add address=api.whatsapp.com disabled=yes list="Exc Block"
add address=web.telegram.org disabled=yes list="Exc Block"
add address=telegram.org disabled=yes list="Exc Block"
add address=sistema.smartisp.com.br disabled=yes list="Exc Block"
add address=desktop.telegram.org disabled=yes list="Exc Block"
add address=95.161.64.0/20 disabled=yes list="Exc Block"
add address=91.108.8.0/22 disabled=yes list="Exc Block"
add address=91.108.56.0/22 disabled=yes list="Exc Block"
add address=91.108.4.0/22 disabled=yes list="Exc Block"
add address=149.154.164.0/22 disabled=yes list="Exc Block"
add address=149.154.160.0/22 disabled=yes list="Exc Block"
add address=31.13.64.51 disabled=yes list="Exc Block"
add address=31.13.65.49 disabled=yes list="Exc Block"
add address=anydesk.com disabled=yes list="Exc Block"
add address=boot-01.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-a9fa3480.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-ca111041.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-5c3e138c.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-c9b5be97.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-cde85b05.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-4eedeab0.net.anydesk.com disabled=yes list="Exc Block"
add address=relay-ce59fdb0.net.anydesk.com disabled=yes list="Exc Block"
add address=static.whatsapp.net disabled=yes list="Exc Block"
add address=graph.facebook.com disabled=yes list="Exc Block"
add address=mmg.whatsapp.net disabled=yes list="Exc Block"
add address=v.whatsapp.net disabled=yes list="Exc Block"
add address=g.whatsapp.net disabled=yes list="Exc Block"
add address=core.telegram.org disabled=yes list="Exc Block"
add address=macos.telegram.org disabled=yes list="Exc Block"
add address=venus.web.telegram.org disabled=yes list="Exc Block"
add address=venus-1.web.telegram.org disabled=yes list="Exc Block"
add address=flora.web.telegram.org disabled=yes list="Exc Block"
add address=flora-1.web.telegram.org disabled=yes list="Exc Block"
add address=vesta.web.telegram.org disabled=yes list="Exc Block"
add address=vesta-1.web.telegram.org disabled=yes list="Exc Block"
add address=pluto.web.telegram.org disabled=yes list="Exc Block"
add address=pluto-1.web.telegram.org disabled=yes list="Exc Block"
add address=aurora.web.telegram.org disabled=yes list="Exc Block"
add address=aurora-1.web.telegram.org disabled=yes list="Exc Block"
add address=100.96.126.36 disabled=yes list="Teste IP"
add address=149.154.175.54 disabled=yes list="Exc Block"
add address=149.154.175.52 disabled=yes list="Exc Block"
add address=100.96.126.246 disabled=yes list="Teste IP"
add address=100.96.126.245 disabled=yes list=IP-Block
/ip firewall filter
add action=drop chain=forward disabled=yes packet-mark=youtube_packet src-address-list=IP-Block
add action=drop chain=input disabled=yes packet-mark=youtube_packet src-address-list=IP-Block
add action=reject chain=forward disabled=yes layer7-protocol=Block-Sites reject-with=icmp-port-unreachable src-address-list=IP-Block
add action=drop chain=forward comment="Block VPN" disabled=yes dst-port=500 protocol=udp src-address-list=IP-Block
add action=drop chain=forward comment="Block VPN" disabled=yes protocol=gre src-address-list=IP-Block
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-port=53 layer7-protocol=Block-Sites new-connection-mark=youtube_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=youtube_conn disabled=yes new-packet-mark=youtube_packet passthrough=no
/ip firewall nat
add action=same chain=srcnat comment=REDE-INTERNA same-not-by-dst=no src-address=100.96.126.0/24 to-addresses=143.0.252.83
add action=masquerade chain=srcnat comment=REDE-INTERNA src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment=RELOGIO-DE-PONTO-CT dst-address=143.0.252.83 dst-port=3000 protocol=tcp to-addresses=100.96.126.248
add action=dst-nat chain=dstnat comment=TELEFONE dst-address=143.0.252.83 dst-port=8080 protocol=tcp to-addresses=100.96.126.40 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-address=143.0.252.83 dst-port=443 log=yes log-prefix=UNIFI protocol=tcp to-addresses=100.96.126.235
/ip firewall raw
add action=drop chain=output disabled=yes packet-mark=youtube_packet src-address-list=IP-Block
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=205.164.78.0/23,143.0.252.0/22,143.0.252.58/32 port=2277
set api disabled=yes
set winbox address=143.0.252.0/22,100.96.126.0/24,205.164.78.0/23
set api-ssl disabled=yes
/ipv6 address
add address=::cafe comment=REDE-INTERNA from-pool=POOL-IPV6 interface=REDE
add address=2804:2994:e001:ffff:ffff:ffff:ffff:ffff/48 advertise=no comment=loopback interface=loopback
/ipv6 firewall address-list
add address=facebook.com list=Site-Block
add address=star.facebook.com list=Site-Block
add address=www.instagram.com list=Site-Block
add address=i.instagram.com list=Site-Block
add address=www.youtube.com list=Site-Block
add address=youtubei.googleapis.com list=Site-Block
add address=www.facebook.com disabled=yes list=Site-Block
add address=cx.atdmt.com disabled=yes list=Site-Block
add address=scontent.fgyn1-1.fna.fbcdn.net disabled=yes list=Site-Block
add address=static.xx.fbcdn.net disabled=yes list=Site-Block
add address=netflix.com list=Site-Block
add address=ichnaea-web.netflix.com list=Site-Block
add address=ae.nflximg.net list=Site-Block
add address=www.netflix.com list=Site-Block
add address=twitter.com list=Site-Block
add address=media.netflix.com list=Site-Block
add address=primevideo.com list=Site-Block
add address=amazon.com list=Site-Block
add address=amazon.com.br list=Site-Block
add address=youtu.be list=Site-Block
add address=i.ytimg.com list=Site-Block
add address=yt3.ggpht.com list=Site-Block
add address=g8.net.br list=Site-Block
add address=cdninstagram.com list=Site-Block
add address=googlevideo.com list=Site-Block
add address=m.facebook.com list=Site-Block
add address=gru14s05-in-f10.1e100.net list=Site-Block
add address=gru06s53-in-f14.1e100.net list=Site-Block
/ipv6 firewall filter
add action=reject chain=forward dst-address-list=Site-Block reject-with=icmp-no-route
add action=drop chain=forward disabled=yes log=yes src-mac-address=70:BB:E9:A8:B2:3D
/ipv6 nd
set [ find default=yes ] other-configuration=yes
/routing filter
add action=discard chain=ospf-in prefix-length=1-32
/routing ospf area range
add area=DHCP range=100.96.126.0/24
/routing ospf interface
add interface=VLAN-203-CT network-type=point-to-point
add interface="TESTE VLAN 221" network-type=point-to-point
add passive=yes
/routing ospf network
add area=backbone network=10.0.8.28/30
add area=backbone network=143.0.252.83/32
add area=DHCP comment=DHCP disabled=yes network=100.96.126.0/24
add area=backbone network=10.0.8.148/30
/routing ospf-v3 interface
add area=backbone interface=VLAN-203-CT network-type=point-to-point
add area=backbone interface=loopback
add area=backbone passive=yes
/snmp
set enabled=yes
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=SE77E-CT
/system ntp client
set enabled=yes primary-ntp=143.0.252.51 secondary-ntp=143.0.252.51
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool romon
set enabled=yes secrets=@a7net@#