# model: CCR1016-12S-1S+ # serial-number: 912A0A46D8FF # firmware-type: tilegx # current-firmware: 7.14 # installed-version: 7.14 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U nat rule changed bruna.noc write 2024-08-05 15:38:09 # U address list entry changed bruna.noc write 2024-08-05 15:38:00 # U address changed bruna.noc write 2024-08-05 15:37:39 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U nat rule changed bruna.noc write 2024-08-05 15:28:18 # U ospf-interface-9 changed bruna.noc write 2024-08-05 15:27:01 # U ospf-interface-9 changed bruna.noc write 2024-08-05 15:26:55 # U address changed bruna.noc write 2024-08-05 15:26:54 # U ospf-interface-9 changed bruna.noc write 2024-08-05 15:25:07 # U address changed bruna.noc write 2024-08-05 15:25:06 # U ospf-interface-9 changed bruna.noc write 2024-08-05 15:23:13 # U address changed bruna.noc write 2024-08-05 15:23:12 # U route 10.77.81.0/24 changed bruna.noc write 2024-08-05 15:10:18 # U device changed bruna.noc write 2024-08-05 15:09:29 # U address changed bruna.noc write 2024-08-05 15:07:54 # U route fc00::28/125 changed jeffrey.noc write 2024-08-05 01:55:53 # U route 10.0.0.10 changed jeffrey.noc write 2024-08-05 01:50:53 # U IPv6 address changed jeffrey.noc write 2024-08-05 01:38:10 # U ospf-interface-6 changed jeffrey.noc write 2024-08-05 01:37:59 # U ospf-interface-8 changed jeffrey.noc write 2024-08-05 01:37:59 # U ospf-interface-7 changed jeffrey.noc write 2024-08-05 01:37:59 # U ospf-interface-5 changed jeffrey.noc write 2024-08-05 01:37:59 # U address changed jeffrey.noc write 2024-08-05 01:37:34 # U address changed jeffrey.noc write 2024-08-05 01:37:34 # U address changed jeffrey.noc write 2024-08-05 01:37:34 # # 2024-08-06 02:25:31 by RouterOS 7.14 # software id = 6NLQ-ABHI # # model = CCR1016-12S-1S+ # serial number = 912A0A46D8FF /interface bridge add name=loopback /interface ethernet set [ find default-name=sfp12 ] comment=UniFi set [ find default-name=sfpplus1 ] comment=TRUNK-SW-HW /interface eoip add disabled=yes mac-address=02:23:0D:7A:6B:47 name=eoip-tunnel-usina remote-address=143.0.254.173 tunnel-id=100 /interface vlan add interface=sfpplus1 name=VLAN-10-VMs vlan-id=10 add interface=sfpplus1 name=VLAN-21-CHIP vlan-id=21 add interface=sfpplus1 name=VLAN-30-NVD vlan-id=30 add interface=sfpplus1 name=VLAN-420-SRV-CT vlan-id=420 add interface=sfpplus1 name=VLAN-421-SRV-CT-V6 vlan-id=421 add disabled=yes interface=sfpplus1 name=VLAN-422-SRV-IGRE vlan-id=422 add interface=sfpplus1 name=VLAN-423-SRV-IGRE-V6 vlan-id=423 /interface list add name=WAN /ip pool add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254 /ip dhcp-server add address-pool=dhcp_pool0 interface=sfp12 name=dhcp1 /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 remote-address=dhcp_pool0 /routing ospf instance add disabled=no name=default-v2 redistribute=static router-id=10.0.0.70 add disabled=no name=default-v3 redistribute=static router-id=10.0.0.70 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E /ip settings set rp-filter=strict tcp-syncookies=yes /interface l2tp-server server set enabled=yes ipsec-secret=2938ydsda., use-ipsec=yes /interface list member add interface=VLAN-420-SRV-CT list=WAN add interface=VLAN-422-SRV-IGRE list=WAN /interface pppoe-server server add disabled=no interface= one-session-per-host=yes service-name=service1 /ip address add address=10.7.7.70/30 comment=VLAN-420-SRV-CT interface=VLAN-420-SRV-CT network=10.7.7.68 add address=10.7.7.74/30 comment=VLAN-422-SRV-IGRE interface=VLAN-422-SRV-IGRE network=10.7.7.72 add address=10.0.0.70 comment=loopback interface=loopback network=10.0.0.70 add address=143.0.252.1/26 comment=BLOCO-SRV-VM disabled=yes interface=VLAN-10-VMs network=143.0.252.0 add address=10.7.7.129/28 comment="REDE-VM's" disabled=yes interface=VLAN-10-VMs network=10.7.7.128 add address=10.7.7.97/27 comment="Servidores Privados" disabled=yes interface=VLAN-10-VMs network=10.7.7.96 add address=10.7.7.161/28 comment=SE77E-CT-NVDs-HKV disabled=yes interface=VLAN-30-NVD network=10.7.7.160 add address=10.0.8.73/30 comment=NVD-CT-2 disabled=yes interface=VLAN-30-NVD network=10.0.8.72 add address=10.0.8.69/30 comment=NVD-CT-1 disabled=yes interface=VLAN-30-NVD network=10.0.8.68 add address=10.2.2.1/30 comment=TUNNEL-USINA disabled=yes interface=eoip-tunnel-usina network=10.2.2.0 add address=192.168.1.1/24 comment=UniFi disabled=yes interface=sfp12 network=192.168.1.0 add address=10.7.7.93/30 comment=VLAN-21-CHIP interface=VLAN-21-CHIP network=10.7.7.92 /ip dhcp-server lease add address=192.168.1.254 client-id=1:80:2a:a8:c9:d0:aa comment=UniFi mac-address=80:2A:A8:C9:D0:AA server=dhcp1 /ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 /ip dns set servers=143.0.252.10,143.0.252.20 /ip firewall address-list add address=143.0.252.0/22 comment=AS list=AS-PROVEDOR add address=143.0.252.35 comment=VM-2-SPEEDTEST disabled=yes list=SERVIDORES add address=10.0.0.0/24 comment=LOOPBACK list=AS-PROVEDOR add address=10.7.7.0/24 comment=SRV list=AS-PROVEDOR add address=10.255.7.0/24 comment=REDE-POP list=AS-PROVEDOR add address=10.77.0.0/16 comment=REDE-TORRES list=AS-PROVEDOR add address=15.15.15.0/24 comment=REDE-PTP list=AS-PROVEDOR add address=192.168.5.0/24 comment=REDE-TORRES list=AS-PROVEDOR add address=10.7.0.0/24 comment=REDE-OLT list=AS-PROVEDOR add address=10.0.8.0/22 comment=REDE-VLAN list=AS-PROVEDOR add address=100.64.0.0/10 comment=REDE-CLIENTES list=AS-PROVEDOR add address=143.0.252.18 comment=VM-2-UNMS-UNIFI disabled=yes list=SERVIDORES add address=10.10.10.0/24 comment=VLAN-99-SW list=AS-PROVEDOR add address=10.10.1.0/24 comment=VLAN-98-SW list=AS-PROVEDOR add address=143.0.252.10 comment=NS1 disabled=yes list=SERVIDORES add address=143.0.252.20 comment=NS2 disabled=yes list=SERVIDORES add address=143.0.252.50 comment=Zabbix disabled=yes list=SERVIDORES add address=143.0.252.16 comment=VM1-WEB-MAIL list=SERVIDORES add address=143.0.252.13 comment=IXC list=SERVIDORES add address=143.0.252.40 comment=CDNTV.ORIGIN disabled=yes list=SERVIDORES add address=143.0.252.41 comment=CDNTV.EDGE disabled=yes list=SERVIDORES add address=143.0.252.54 comment=OPASUITE list=SERVIDORES add address=143.0.252.30 comment=NS3 disabled=yes list=SERVIDORES add address=143.0.252.19 comment=UISP disabled=yes list=SERVIDORES add address=192.168.1.0/24 comment=DHCP-UNIFI disabled=yes list=MASCARAR add address=10.7.7.58 comment="NAT Servidores" disabled=yes list=MASCARAR add address=10.0.77.0/24 comment=OSPF-PTP list=AS-PROVEDOR add address=10.255.255.0/24 comment=OSPF-Loopback list=AS-PROVEDOR add address=143.0.252.24 comment=3CX list=SERVIDORES add address=205.164.78.0/23 comment=AS list=AS-PROVEDOR add address=10.0.20.0/24 comment=VLAN-90-GR-SW list=AS-PROVEDOR add address=143.0.252.0/26 comment=SERVIDORES list=BLOCO-ACESSO-REDE add address=143.0.253.15 comment=CASA-JEFFREY list=BLOCO-ACESSO-REDE add address=143.0.255.105 comment=SEDE-TELECOM list=BLOCO-ACESSO-REDE add address=143.0.255.104 comment=SEDE-NOC list=BLOCO-ACESSO-REDE add address=143.0.255.106 comment=SEDE-VPN list=BLOCO-ACESSO-REDE add address=10.0.20.0/29 comment=GERENCIA-SW-BOA list=AS-PROVEDOR add address=205.164.78.131 comment=CASA-BRUNA list=BLOCO-ACESSO-REDE add address=143.0.253.14 comment=CASA-HAYS list=BLOCO-ACESSO-REDE add address=143.0.252.34 comment=ACESSO-SPEEDTEST-IXC list=SERVIDORES add address=10.7.7.0/24 comment=SERVIDORES list=BLOCO-ACESSO-REDE add address=10.7.7.103 comment=DUDE list=MASCARAR add address=172.16.77.0/24 comment=REDE-VPN list=AS-PROVEDOR add address=205.164.78.128 comment=CELIO-CASA list=BLOCO-ACESSO-REDE add address=143.0.252.55 comment=ACS disabled=yes list=SERVIDORES add address=143.0.253.1 comment=fabio list=BLOCO-ACESSO-REDE add address=143.0.252.15 comment=SIMET disabled=yes list=SERVIDORES add address=143.0.252.52 comment=WANGUARD disabled=yes list=SERVIDORES add address=10.7.7.99 comment=OXIDIZED disabled=yes list=MASCARAR add address=143.0.252.1 comment=VPN disabled=yes list=SERVIDORES add address=10.7.7.107 comment=FTP disabled=yes list=MASCARAR add address=143.0.252.28 comment=NUVEM-LG/PHP/SITE disabled=yes list=LIBERANDO-PORTA-80-443 add address=143.0.252.39 comment=ZM disabled=yes list=SERVIDORES add address=143.0.252.22 comment=TICKET list=LIBERANDO-PORTA-80-443 add address=143.0.252.21 comment=LG list=LIBERANDO-PORTA-80-443 add address=38.191.124.0/22 comment=AS list=AS-PROVEDOR add address=143.0.252.0/26 list=IP-SRV add address=10.7.7.0/24 list=IP-SRV add address=10.0.0.0/24 list=IP-SRV add address=143.0.252.50 comment=Zabbix list=LIBERANDO-PORTA-80-443 add address=143.0.252.35 comment=SPEEDTEST list=LIBERANDO-PORTA-80-443 add address=143.0.252.10 comment=NS1 list=LIBERANDO-PORTA-53 add address=143.0.252.20 comment=NS2 list=LIBERANDO-PORTA-53 add address=143.0.252.30 comment=NS3 list=LIBERANDO-PORTA-53 add address=10.7.7.105 comment=AD-LINUX list=MASCARAR add address=143.0.252.15 comment=VM1-WEB-MAIL list=SERVIDORES add address=143.0.252.25 comment=PABX-ERA list=SERVIDORES add address=187.103.161.123 comment=ACESSO-ERA list=BLOCO-ACESSO-REDE add address=187.103.161.121 comment=ACESSO-ERA list=BLOCO-ACESSO-REDE add address=187.103.161.122 comment=ACESSO-ERA list=BLOCO-ACESSO-REDE add address=177.36.137.6 comment=ACESSO-ERA list=BLOCO-ACESSO-REDE add address=143.0.252.25 comment=PABX-ERA list=LIBERANDO-PORTA-80-443 add address=143.0.252.26 comment=OMNI-ERA list=LIBERANDO-PORTA-80-443 add address=143.0.252.26 comment=OMNI-ERA list=SERVIDORES /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes add action=accept chain=input comment="ACEITANDO CONEX\D5ES ESTABELECIDAS E RELACIONADAS" connection-state=established,related add action=accept chain=input comment=ACESSO-REDE dst-address-list=AS-PROVEDOR src-address-list=BLOCO-ACESSO-REDE add action=accept chain=input comment="LIBERAR PORTA NVR" dst-port=37777,31779 protocol=tcp add action=accept chain=input comment=LIBERANDO-L2TP dst-address=143.0.252.1 protocol=l2tp add action=drop chain=input comment=DROP-ATACANTES-PSD src-address-list=atacante-psd add action=add-src-to-address-list address-list=atacante-psd address-list-timeout=4w2d chain=input comment=DETECTA-PSD-TCP protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list=atacante-psd address-list-timeout=4w2d chain=input comment=DETECTA-PSD-UDP protocol=udp psd=21,3s,5,1 add action=accept chain=input comment="ACEITA 50 PACOTES UDP POR SEG" limit=50,5:packet protocol=udp add action=drop chain=input comment="DESCARTA UDP FLOOD" protocol=udp add action=add-src-to-address-list address-list=atacantes-syn-tcp address-list-timeout=1h chain=input comment=ATQ-TCP-SYN-FLOOD connection-limit=15,32 protocol=tcp tcp-flags=syn add action=drop chain=input comment=DROP-ATQ-SYN-FLOOD src-address-list=atacantes-syn-tcp add action=drop chain=input comment=DROP-PACOTES-ICMP-BROADCAST dst-address-type=broadcast protocol=icmp add action=drop chain=input comment=DROP-ICMP protocol=icmp src-address-list=!AS-PROVEDOR add action=drop chain=input comment=DROP-GERAL protocol=udp add action=drop chain=input comment=DROP-GERAL protocol=tcp add action=accept chain=forward comment=ACCEPT-ESTABLISHED/RELATED connection-state=established,related add action=accept chain=forward comment=LIBERANDO-PLESK-AS dst-address=143.0.252.16 dst-port=80,443 protocol=tcp src-address-list=AS-PROVEDOR add action=accept chain=forward comment=LIBERANDO-PLESK-AS dst-address=143.0.252.16 dst-port=80,443 protocol=udp src-address-list=AS-PROVEDOR add action=accept chain=forward comment=BLOCO-SRV dst-address-list=SERVIDORES add action=accept chain=forward comment=LIBERANDO-AS dst-address-list=AS-PROVEDOR src-address-list=AS-PROVEDOR add action=accept chain=forward comment=LIBERANDO-SRV-P/-SRV dst-address-list=IP-SRV src-address-list=IP-SRV add action=accept chain=forward comment="ICMP-SRC REDE ACCEPT established e related" connection-state=established,related protocol=icmp src-address-list=AS-PROVEDOR add action=drop chain=forward comment="DROP ICMP- FORA AS" connection-state=new protocol=icmp src-address-list=!AS-PROVEDOR add action=accept chain=forward comment=ACESSO-REDE dst-address-list=AS-PROVEDOR src-address-list=BLOCO-ACESSO-REDE add action=accept chain=forward comment=LIBERANDO-PORTA-80 dst-address-list=LIBERANDO-PORTA-80-443 dst-port=80,443 protocol=tcp add action=accept chain=forward comment=LIBERANDO-PORTA-80 dst-address-list=LIBERANDO-PORTA-80-443 dst-port=80,443 protocol=udp add action=accept chain=forward comment=LIBERANDO-PORTA-53 dst-address-list=LIBERANDO-PORTA-53 dst-port=53 protocol=udp add action=drop chain=forward comment=DROP-ACESSOS dst-address-list=AS-PROVEDOR dst-port=80,22,23,53,161,162,2277,2377,8077,8291 protocol=tcp src-address-list=!BLOCO-ACESSO-REDE add action=drop chain=forward comment=DROP-ACESSOS dst-address-list=AS-PROVEDOR dst-port=80,22,23,53,161,162,2277,2377,8077,8291 protocol=udp src-address-list=!BLOCO-ACESSO-REDE add action=accept chain=forward comment=ACCEPT-AS dst-address-list=AS-PROVEDOR src-address-list=AS-PROVEDOR add action=drop chain=forward comment=DROP-0-1023 connection-state=new dst-address-list=AS-PROVEDOR dst-port=0-1023 in-interface-list=WAN protocol=tcp src-address-list=!BLOCO-ACESSO-REDE add action=drop chain=forward comment=DROP-0-1023 connection-state=new dst-address-list=AS-PROVEDOR dst-port=0-1023 in-interface-list=WAN protocol=udp src-address-list=!BLOCO-ACESSO-REDE /ip firewall mangle add action=change-mss chain=forward comment="TESTE-UPX https://diag.upx.com/" in-interface=all-vlan new-mss=1400 passthrough=yes protocol=tcp tcp-flags=syn /ip firewall nat add action=dst-nat chain=dstnat comment="NVD-CT-1 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=31777 protocol=tcp to-addresses=10.0.8.70 to-ports=31777 add action=dst-nat chain=dstnat comment="NVD-CT-2 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=31778 protocol=tcp to-addresses=10.0.8.74 to-ports=31778 add action=dst-nat chain=dstnat comment="NVD-CT-4 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=8000 protocol=tcp to-addresses=10.7.7.162 to-ports=8000 add action=dst-nat chain=dstnat comment="NVD-CT-5 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=8001 protocol=tcp to-addresses=10.7.7.163 to-ports=8000 add action=dst-nat chain=dstnat comment="NVD-CT-6 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=8002 protocol=tcp to-addresses=10.7.7.164 to-ports=8000 add action=dst-nat chain=dstnat comment="NVD-CT-7 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=8003 protocol=tcp to-addresses=10.7.7.165 to-ports=8000 add action=dst-nat chain=dstnat comment="NVD-CT-8 (PORT-SERVICE)" disabled=yes dst-address=143.0.252.1 dst-port=8004 protocol=tcp to-addresses=10.7.7.166 to-ports=8000 add action=same chain=srcnat comment=MASCARAR-ADDRESS-LIST disabled=yes same-not-by-dst=no src-address-list=MASCARAR to-addresses=143.0.252.1 /ip route add disabled=yes distance=1 dst-address=10.77.81.0/24 gateway=10.2.2.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=loopback-wanguard disabled=yes distance=1 dst-address=10.0.0.10/32 gateway=143.0.252.52 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ipv6 route add comment=loopback-wanguard disabled=yes distance=1 dst-address=fc00::28/125 gateway=2804:2994:77::52 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=205.164.78.0/23,143.0.252.0/22,10.7.7.99/32 port=2277 set api address=143.0.252.13/32 disabled=yes set winbox address=205.164.78.0/23,143.0.252.0/22,192.168.1.0/24 set api-ssl address=143.0.252.13/32 disabled=yes /ipv6 address add address=fc00::100/125 advertise=no interface=VLAN-421-SRV-CT-V6 add address=2804:2994:77::1 advertise=no comment="REDE-VM's" disabled=yes interface=VLAN-10-VMs /ipv6 nd set [ find default=yes ] other-configuration=yes /ppp secret add name=jeffrey password=77@A7net@#77@# add name=celio password=77@A7net@#77@# /routing ospf interface-template add area=backbone-v2 comment=loopback disabled=no interfaces=loopback networks=10.0.0.70/32 add area=backbone-v2 comment=VLAN-420-SRV-CT disabled=no interfaces=VLAN-420-SRV-CT networks=10.7.7.68/30 type=ptp add area=backbone-v2 comment=VLAN-422-SRV-IGRE disabled=no interfaces=VLAN-422-SRV-IGRE networks=10.7.7.72/30 type=ptp add area=backbone-v3 comment=VLAN-421-SRV-CT-V6 disabled=no interfaces=VLAN-421-SRV-CT-V6 type=ptp add area=backbone-v2 comment="REDE-VM's" disabled=yes interfaces=VLAN-10-VMs networks=10.7.7.128/28 add area=backbone-v3 comment="REDE-VM's" disabled=yes interfaces=VLAN-10-VMs networks=2804:2994:77::/64 add area=backbone-v2 comment="REDE-VM's" disabled=yes interfaces=VLAN-10-VMs networks=143.0.252.0/26 add area=backbone-v2 comment="Servidores Privados" disabled=yes interfaces=VLAN-10-VMs networks=10.7.7.96/27 add area=backbone-v2 comment=SE77E-CT-NVDs disabled=yes interfaces=VLAN-30-NVD add area=backbone-v2 comment=VLAN-21-CHIP disabled=no interfaces=VLAN-21-CHIP networks=10.7.7.92/30 /snmp set contact=SE77E enabled=yes location=CT trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=SE77E-GR-SRV /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=10.7.7.103 /system routerboard settings set auto-upgrade=yes /system watchdog set automatic-supout=no watchdog-timer=no /tool romon set enabled=yes secrets=@a7net@#