changed Files: config_hex.grote.lan.rsc
x Signed-off-by: oxidized <michael.grote@posteo.de>
This commit is contained in:
parent
d47d4d78ea
commit
4e4aadc257
2 changed files with 7 additions and 100 deletions
|
@ -1,4 +1,4 @@
|
||||||
# 2023-07-21 18:44:51 by RouterOS 7.10
|
# 2023-07-21 18:48:06 by RouterOS 7.10
|
||||||
# software id = NPZE-DVQU
|
# software id = NPZE-DVQU
|
||||||
#
|
#
|
||||||
# model = RB750Gr3
|
# model = RB750Gr3
|
||||||
|
@ -73,102 +73,3 @@ add interface=ether2
|
||||||
/ip firewall address-list
|
/ip firewall address-list
|
||||||
add address=192.168.2.0/24 list=subnet2
|
add address=192.168.2.0/24 list=subnet2
|
||||||
add address=192.168.2.0/24 list=mgmt_access
|
add address=192.168.2.0/24 list=mgmt_access
|
||||||
add address=192.168.3.0/24 list=subnet3
|
|
||||||
add address=10.25.25.0/24 list=subnet2525
|
|
||||||
add address=10.25.26.0/24 list=mgmt_access
|
|
||||||
add address=10.25.26.0/24 list=subnet2526
|
|
||||||
add address=192.168.3.0/24 list=mgmt_access
|
|
||||||
add address=10.25.27.0/24 list=subnet2527
|
|
||||||
add address=10.25.27.0/24 list=mgmt_access
|
|
||||||
add address=192.168.2.43 list=snmp_server
|
|
||||||
/ip firewall filter
|
|
||||||
add action=accept chain=input connection-state=established,related \
|
|
||||||
log-prefix="Allow established, related: "
|
|
||||||
add action=drop chain=input connection-state=invalid log-prefix=\
|
|
||||||
"Drop invalid:"
|
|
||||||
add action=accept chain=input in-interface=wireguard_s2s_hex log-prefix=\
|
|
||||||
"Allow OSPF: " protocol=ospf
|
|
||||||
add action=accept chain=input icmp-options=!5:0-255 log-prefix="Allow ICMP: " \
|
|
||||||
protocol=icmp
|
|
||||||
add action=accept chain=input dst-port=13232,13233 in-interface=ether2 \
|
|
||||||
log-prefix="Allow Wireguard: " protocol=udp
|
|
||||||
add action=accept chain=input dst-port=22,8291 log-prefix=\
|
|
||||||
"Allow ssh+winbox: " protocol=tcp src-address-list=mgmt_access
|
|
||||||
add action=drop chain=input log-prefix="INPUT: Drop anything not allowed: "
|
|
||||||
add action=fasttrack-connection chain=forward connection-state=\
|
|
||||||
established,related hw-offload=yes log-prefix="FastTrack Connection: "
|
|
||||||
add action=accept chain=forward connection-state=established,related \
|
|
||||||
log-prefix="Allow established, related: "
|
|
||||||
add action=drop chain=forward connection-state=invalid log-prefix=\
|
|
||||||
"Drop invalid:"
|
|
||||||
add action=accept chain=forward dst-address-list=subnet3 log-prefix=\
|
|
||||||
"Allow SN2 -> SN3: " src-address-list=subnet2
|
|
||||||
add action=accept chain=forward dst-address-list=subnet3 log-prefix=\
|
|
||||||
"Allow SN2526 -> SN3: " src-address-list=subnet2526
|
|
||||||
add action=accept chain=forward dst-address-list=subnet3 log-prefix=\
|
|
||||||
"Allow SN2525 -> SN3: " src-address-list=subnet2525
|
|
||||||
add action=accept chain=forward in-interface=wireguard_clients log-prefix=\
|
|
||||||
"Allow WG-Clients-> Ether2: " out-interface=ether2 src-address-list=\
|
|
||||||
subnet2527
|
|
||||||
add action=drop chain=forward disabled=yes log=yes log-prefix=\
|
|
||||||
"FORWARD: Drop anything not allowed: "
|
|
||||||
/ip firewall nat
|
|
||||||
add action=masquerade chain=srcnat log-prefix="NAT: Alles von SN2" \
|
|
||||||
out-interface=!wireguard_s2s_hex
|
|
||||||
/ip service
|
|
||||||
set telnet disabled=yes
|
|
||||||
set ftp disabled=yes
|
|
||||||
set www disabled=yes
|
|
||||||
set ssh address=192.168.2.0/24,192.168.3.0/24,10.25.26.0/24
|
|
||||||
set api disabled=yes
|
|
||||||
set winbox address=192.168.2.0/24,192.168.3.0/24,10.25.26.0/24
|
|
||||||
set api-ssl disabled=yes
|
|
||||||
/ip ssh
|
|
||||||
set strong-crypto=yes
|
|
||||||
/routing ospf interface-template
|
|
||||||
add area=ospf-area-1 disabled=no interfaces=wireguard_s2s_hex networks=\
|
|
||||||
10.25.26.0/30 type=ptmp
|
|
||||||
/routing ospf static-neighbor
|
|
||||||
add address=10.25.26.1%wireguard_s2s_hex area=ospf-area-1 disabled=no
|
|
||||||
/snmp
|
|
||||||
set contact="mgrote <michael.grote@posteo.de>" location="S\FCdstra\DFe" \
|
|
||||||
trap-community=librenms-v3 trap-generators=temp-exception,interfaces \
|
|
||||||
trap-version=3
|
|
||||||
/system clock
|
|
||||||
set time-zone-name=Europe/Berlin
|
|
||||||
/system identity
|
|
||||||
set name=hex
|
|
||||||
/system logging
|
|
||||||
add disabled=yes topics=ospf
|
|
||||||
/system note
|
|
||||||
set show-at-login=no
|
|
||||||
/system ntp client
|
|
||||||
set enabled=yes
|
|
||||||
/system ntp client servers
|
|
||||||
add address=0.de.pool.ntp.org
|
|
||||||
/system routerboard settings
|
|
||||||
set silent-boot=yes
|
|
||||||
/system watchdog
|
|
||||||
set automatic-supout=no ping-timeout=5m watch-address=10.25.26.1
|
|
||||||
/tool bandwidth-server
|
|
||||||
set enabled=no
|
|
||||||
/tool mac-server
|
|
||||||
set allowed-interface-list=none
|
|
||||||
/tool mac-server mac-winbox
|
|
||||||
set allowed-interface-list=winbox-access
|
|
||||||
/tool mac-server ping
|
|
||||||
set enabled=no
|
|
||||||
/tool netwatch
|
|
||||||
add disabled=no down-script="# set variables\r\
|
|
||||||
\n:local wginterface wireguard_s2s_hex\r\
|
|
||||||
\n# Valid characters in variable names are letters and digits. If variable\
|
|
||||||
\_name contains any other character, then variable name should be put in d\
|
|
||||||
ouble quotes.\r\
|
|
||||||
\n\r\
|
|
||||||
\n:log error \"wireguard-tunnel down: \$wginterface\"\r\
|
|
||||||
\n/interface/wireguard/disable \$wginterface\r\
|
|
||||||
\n:delay 20s\r\
|
|
||||||
\n/interface/wireguard/enable \$wginterface\r\
|
|
||||||
\n:log info \"Restart wireguard-tunnel: \$wginterface\"\r\
|
|
||||||
\nping 192.168.2.1\r\
|
|
||||||
\n" host=192.168.2.1 interval=30s timeout=1s type=simple
|
|
||||||
|
|
6
x
6
x
|
@ -3,9 +3,15 @@
|
||||||
# setze Variable
|
# setze Variable
|
||||||
devices="rb5009.grote.lan,/home/mg/oxidized-selfmade/neu
|
devices="rb5009.grote.lan,/home/mg/oxidized-selfmade/neu
|
||||||
hex.grote.lan,/ssh/keys/hex"
|
hex.grote.lan,/ssh/keys/hex"
|
||||||
|
|
||||||
|
# teste auf dependencies
|
||||||
GIT_REPO_PATH=/home/mg/oxidized-selfmade
|
GIT_REPO_PATH=/home/mg/oxidized-selfmade
|
||||||
GIT_REPO_BRANCH=master
|
GIT_REPO_BRANCH=master
|
||||||
|
GIT_USERNAME=oxidized
|
||||||
|
GIT_USER_MAIL=michael.grote@posteo.de
|
||||||
if [ -d "$GIT_REPO_PATH" ]; then
|
if [ -d "$GIT_REPO_PATH" ]; then
|
||||||
|
git config --global user.email "$GIT_USER_MAIL"
|
||||||
|
git config --global user.name "$GIT_USERNAME"
|
||||||
cd "$GIT_REPO_PATH"
|
cd "$GIT_REPO_PATH"
|
||||||
if [ -d ".git" ]; then
|
if [ -d ".git" ]; then
|
||||||
git pull origin $GIT_REPO_BRANCH
|
git pull origin $GIT_REPO_BRANCH
|
||||||
|
|
Loading…
Reference in a new issue