ax3:
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_30
add address-pool=dhcp_pool_40 interface="vlan40 [PROXMOX]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_40
add address-pool=dhcp_pool_50 interface="vlan50 [PHONE]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_50
add address-pool=dhcp_pool_60 interface="vlan60 [MOBILE OFFICE]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_60
add address-pool=dhcp_pool_100 interface="vlan100 [HOME]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_100
add address-pool=dhcp_pool_1 interface="vlan1 [DEFAULT]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_1
add address-pool=dhcp_pool_111 interface="vlan111 [MANAGEMENT]" lease-script="
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n
\n
\n
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n
\n /ip dhcp-server\r\
\n
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n
\n\r\
\n
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n
\n /ip dns static remove [find comment=\$token];\r\
\n}" lease-time=10m name=dhcp_111
/ppp profile
add change-tcp-mss=yes dns-server=10.10.200.1 name=vpn
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 interface=*22 name=pppoe-out1 user=0011859567335502844989420001@t-online.de
/interface bridge port
add bridge=br_vlan interface="ether5 [TRUNK ax2]" internal-path-cost=10 path-cost=10 pvid=111
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=no interface="ether3 [MANAGEMENT]" pvid=111
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi1 [5 GHz MASTER]" point-to-point=no pvid=2
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi2 [2.4 GHz MASTER]" point-to-point=no pvid=2
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi3 [HOMETEC 5G] " point-to-point=no pvid=200
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged interface="ether2 [PHONE]" pvid=50
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged interface="ether4 [HOME]" pvid=100
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi4 [HOME 5]" point-to-point=no pvid=100
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=br_vlan tagged=br_vlan vlan-ids=111
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2],wifi3 [HOMETEC 5G] " vlan-ids=200
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2],wifi1 [5 GHz MASTER],wifi2 [2.4 GHz MASTER]" vlan-ids=2
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2],wifi4 [HOME 5]" vlan-ids=100
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2]" vlan-ids=20
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2]" vlan-ids=30
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2]" vlan-ids=40
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2]" vlan-ids=50
add bridge=br_vlan tagged="br_vlan,ether5 [TRUNK ax2]" vlan-ids=60
/interface detect-internet
set detect-interface-list=WAN
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes use-ipsec=yes
/interface list member
add interface="vlan1 [DEFAULT]" list=LAN
add interface="vlan200 [HOMETEC]" list=LAN
add interface="ether1[WAN]" list=WAN
add interface="vlan2 [WLAN]" list=LAN
add interface="vlan20 [PRINTER]" list=LAN
add interface="vlan30 [GUEST]" list=LAN
add interface="vlan40 [PROXMOX]" list=LAN
add interface="vlan100 [HOME]" list=LAN
add interface="vlan50 [PHONE]" list=LAN
add interface="vlan60 [MOBILE OFFICE]" list=LAN
add interface="vlan111 [MANAGEMENT]" list=LAN
/ip address
add address=10.10.200.1/24 interface="vlan200 [HOMETEC]" network=10.10.200.0
add address=10.10.20.1/24 interface="vlan20 [PRINTER]" network=10.10.20.0
add address=10.10.30.1/24 interface="vlan30 [GUEST]" network=10.10.30.0
add address=10.10.40.1/24 interface="vlan40 [PROXMOX]" network=10.10.40.0
add address=10.10.50.1/24 interface="vlan50 [PHONE]" network=10.10.50.0
add address=10.10.60.1/24 interface="vlan60 [MOBILE OFFICE]" network=10.10.60.0
add address=10.10.100.1/24 interface="vlan100 [HOME]" network=10.10.100.0
add address=10.10.1.1/24 interface="vlan1 [DEFAULT]" network=10.10.1.0
add address=10.10.111.1/24 interface="vlan111 [MANAGEMENT]" network=10.10.111.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=10.10.1.1 domain=fasan.home.arpa gateway=10.10.1.1
add address=10.10.20.0/24 dns-server=10.10.20.1 domain=fasan.home.arpa gateway=10.10.20.1
add address=10.10.30.0/24 dns-server=10.10.30.1 domain=fasan.home.arpa gateway=10.10.30.1
add address=10.10.40.0/24 dns-server=10.10.40.1 domain=fasan.home.arpa gateway=10.10.40.1
add address=10.10.50.0/24 dns-server=10.10.50.1 domain=fasan.home.arpa gateway=10.10.50.1
add address=10.10.60.0/24 dns-server=10.10.60.1 domain=fasan.home.arpa gateway=10.10.60.1
add address=10.10.100.0/24 dns-server=10.10.100.1 domain=fasan.home.arpa gateway=10.10.100.1
add address=10.10.111.0/24 dns-server=10.10.111.1 domain=fasan.home.arpa gateway=10.10.111.1
add address=10.10.200.0/24 dns-server=10.10.200.1 domain=fasan.home.arpa gateway=10.10.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.111.10 comment=dhcp2-92:ED:BB:0D:42:59 name=10-10-111-10.fasan.home.arpa ttl=15m
add address=10.10.111.6 comment=dhcp_111-12:D4:47:62:82:10 name=10-10-111-6.fasan.home.arpa ttl=15m
add address=10.10.111.3 comment=dhcp_111-90:B2:E7:03:08:01 name=wiznet030801.fasan.home.arpa ttl=15m
add address=10.10.100.37 comment=dhcp_100-22:6D:E5:2A:E5:ED name=10-10-100-37.fasan.home.arpa ttl=15m
add address=10.10.111.49 comment=dhcp_111-38:C9:86:1A:EA:84 name=imac.fasan.home.arpa ttl=15m
/ip firewall address-list
add address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in IPSec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out IPSec policy" ipsec-policy=out,ipsec
add action=accept chain=input comment="defconf: accept out IPSec policy" dst-port=53,123 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="defconf: accept out IPSec policy" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP after RAW" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=drop chain=input comment="drop all not coming from MANAGEMENT VLAN" in-interface="!vlan111 [MANAGEMENT]"
add action=accept chain=forward comment="defconf: accept all that matches IPSec policy" disabled=yes ipsec-policy=in,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward in-interface=*C out-interface="vlan200 [HOMETEC]"
add action=accept chain=forward in-interface=*C out-interface="vlan100 [HOME]"
add action=accept chain=forward in-interface="vlan200 [HOMETEC]" out-interface=*C
add action=accept chain=forward comment="accept all vlan to WAN udp" in-interface=all-vlan out-interface-list=WAN protocol=udp
add action=accept chain=forward comment="accept all vlan to WAN tcp" in-interface=all-vlan out-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="accept all vlan to WAN icmp" disabled=yes in-interface=all-vlan out-interface-list=WAN protocol=icmp
add action=accept chain=forward dst-port=22,80,443,502 in-interface="vlan200 [HOMETEC]" protocol=tcp
add action=accept chain=forward disabled=yes dst-port=22,80,443,502 in-interface="vlan100 [HOME]" protocol=tcp
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop bad forward IPs" src-address-list=no_forward_ipv4
add action=drop chain=forward comment="defconf: drop bad forward IPs" dst-address-list=no_forward_ipv4
add action=drop chain=forward out-interface="vlan111 [MANAGEMENT]"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Telefon S850A Go" dst-port=49004-49012 protocol=udp to-addresses=10.10.100.101 to-ports=49004-49012
add action=accept chain=srcnat comment="defconf: accept all that matches IPSec policy" ipsec-policy=out,ipsec
/ip firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall"
add action=accept chain=prerouting comment="defconf: accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment="defconf: drop forward to local lan from WAN" dst-address=192.168.88.0/24 in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop local if not from default IP range" in-interface-list=LAN src-address=!192.168.88.0/24
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment="defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment="defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
/ip firewall service-port
set sip disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/ipv6 firewall address-list
add address=fe80::/10 comment="defconf: RFC6890 Linked-Scoped Unicast" list=no_forward_ipv6
add address=ff00::/8 comment="defconf: multicast" list=no_forward_ipv6
add address=::1/128 comment="defconf: RFC6890 lo" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: RFC6890 IPv4 mapped" list=bad_ipv6
add address=2001::/23 comment="defconf: RFC6890" list=bad_ipv6
add address=2001:db8::/32 comment="defconf: RFC6890 documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: RFC6890 orchid" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: RFC6890 Discard-only" list=not_global_ipv6
add address=2001::/32 comment="defconf: RFC6890 TEREDO" list=not_global_ipv6
add address=2001:2::/48 comment="defconf: RFC6890 Benchmark" list=not_global_ipv6
add address=fc00::/7 comment="defconf: RFC6890 Unique-Local" list=not_global_ipv6
add address=::/128 comment="defconf: unspecified" list=bad_dst_ipv6
add address=::/128 comment="defconf: unspecified" list=bad_src_ipv6
add address=ff00::/8 comment="defconf: multicast" list=bad_src_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept IPSec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept IPSec ESP" protocol=ipsec-esp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop bad forward IPs" src-address-list=no_forward_ipv6
add action=drop chain=forward comment="defconf: drop bad forward IPs" dst-address-list=no_forward_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=input comment="drop all not coming from MANAGEMENT VLAN" in-interface=!*C
/ipv6 firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=accept chain=prerouting comment="defconf: RFC4291, section 2.7.1" dst-address=ff02::1:ff00:0/104 icmp-options=135 protocol=icmpv6 src-address=::/128
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_dst_ipv6
add action=drop chain=prerouting comment="defconf: drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv6
add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" jump-target=icmp6 protocol=icmpv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" dst-address=ff00::/8
add action=accept chain=prerouting comment="defconf: accept everything else from WAN" in-interface-list=WAN
add action=accept chain=prerouting comment="defconf: accept everything else from LAN" in-interface-list=LAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=icmp6 comment="defconf: rfc4890 drop ll if hop-limit!=255" dst-address=fe80::/10 hop-limit=not-equal:255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: dst unreachable" icmp-options=1:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: packet too big" icmp-options=2:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: limit exceeded" icmp-options=3:0-1 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: bad header" icmp-options=4:0-2 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile home agent address discovery" icmp-options=144:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile home agent address discovery" icmp-options=145:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile prefix solic" icmp-options=146:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile prefix advert" icmp-options=147:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: echo request limit 5,10" icmp-options=128:0-255 limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: echo reply limit 5,10" icmp-options=129:0-255 limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 router solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=133:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 router advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=134:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 neighbor solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=135:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 neighbor advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=136:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 inverse ND solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=141:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 inverse ND advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=142:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=drop chain=icmp6 comment="defconf: drop other icmp" protocol=icmpv6
/ppp secret
add local-address=10.10.200.1 name=Heating profile=vpn remote-address=10.10.200.150 service=l2tp
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="Mikrotik ax3"
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=ntp0.fau.de
add address=ntp1.fau.de
add address=ntp2.fau.de
add address=ntp3.fau.de
add address=npt0.ewetel.de
add address=ntp1.ewetel.de
[SEadmin@Mikrotik ax3] >