High Battery usage with 6.47 stable (2024)

# jul/03/2020 06:50:06 by RouterOS 6.46.6# software id = YE7D-V6K7## model = RBD52G-5HacD2HnD# serial number = /caps-man channeladd band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \ frequency=2412 name=channel_1-6-11add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX \ frequency=5180 name=channel_5G reselect-interval=1h/caps-man datapathadd local-forwarding=yes name=datapathGuest vlan-id=20 vlan-mode=use-tagadd client-to-client-forwarding=yes local-forwarding=yes name=datapathLAN/interface bridgeadd comment="Guest LAN" disabled=yes name=bridgeGuest pvid=20 vlan-filtering=\ yesadd admin-mac=74:4D:28:C1:A5:B5 auto-mac=no comment=defconf name=bridgeLAN/interface ethernetset [ find default-name=ether1 ] comment=Izzi name=ether1-WAN1set [ find default-name=ether2 ] comment="RBcAPGi-5acD2nD Pasillo" name=\ ether2-CAPsMANset [ find default-name=ether3 ] comment=LAN name=ether3-LANset [ find default-name=ether4 ] comment="Libre vLAN20"set [ find default-name=ether5 ] comment=Telnor name=ether5-WAN2/interface wirelessset [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ antenna-gain=20 band=2ghz-g/n channel-width=20/40mhz-XX country=\ "united states" distance=indoors frequency=auto installation=indoor mode=\ ap-bridge multicast-helper=full name=wlan2GHz ssid=MikroTik \ wireless-protocol=802.11 wmm-support=enabled# managed by CAPsMAN# channel: 5180/20-Ceee/ac(20dBm), SSID: RECGV, local forwardingset [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \ antenna-gain=10 band=5ghz-n/ac channel-width=20/40/80mhz-XXXX disabled=no \ distance=indoors hw-protection-mode=rts-cts hw-retries=4 installation=\ indoor mode=ap-bridge multicast-helper=full name=wlan5GHz ssid=RECGV \ wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled/interface vlanadd interface=bridgeLAN name=vlan20 vlan-id=20/caps-man ratesadd basic=12Mbps name="GN Only" supported=\ 12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps/caps-man securityadd authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \ group-encryption=aes-ccm group-key-update=1h name="RECGV WiFi"add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \ group-encryption=aes-ccm group-key-update=1h name="RECGV Guest"add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \ group-encryption=aes-ccm group-key-update=1h name="MEDIA WiFi"/caps-man configurationadd channel=channel_5G country="united states3" datapath=datapathLAN \ datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \ disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\ any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\ default name=MyHomeWifiAC rx-chains=0,1 security="RECGV WiFi" ssid=RECGV \ tx-chains=0,1add channel=channel_5G country="united states3" datapath=datapathLAN \ disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\ any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \ name=xxMyHomeWifiAC_5 rx-chains=0,1 security="RECGV WiFi" ssid=RECGV_5G \ tx-chains=0,1add channel=channel_1-6-11 country=mexico datapath=datapathLAN \ datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \ disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\ any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\ default name=MyHomeWifi rates="GN Only" rx-chains=0,1 security=\ "RECGV WiFi" ssid=RECGV tx-chains=0,1add channel=channel_1-6-11 country=mexico datapath=datapathGuest \ datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \ distance=indoors frame-lifetime=0ms guard-interval=any \ hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\ default name=MyGuestWiFi rates="GN Only" rx-chains=0,1 security=\ "RECGV Guest" ssid=RECGV_Guest tx-chains=0,1add channel=channel_5G country="united states3" datapath=datapathGuest \ datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \ distance=indoors frame-lifetime=0ms guard-interval=any \ hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\ default name=MyGuestWiFiAC rx-chains=0,1 security="RECGV Guest" ssid=\ RECGV_Guest tx-chains=0,1add channel=channel_1-6-11 country=mexico datapath=datapathLAN \ disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\ any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \ keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \ name=xxMyHomeWifi_2.4 rates="GN Only" rx-chains=0,1 security="RECGV WiFi" \ ssid=RECGV_2G tx-chains=0,1/caps-man interfaceadd configuration=MyHomeWifi disabled=no l2mtu=1600 mac-address=\ 64:D1:54:F7:B2:CF master-interface=none name="2.4-cAP ac" radio-mac=\ 64:D1:54:F7:B2:CF radio-name=64D154F7B2CFadd configuration=MyGuestWiFi disabled=no l2mtu=1600 mac-address=\ 66:D1:54:F7:B2:CF master-interface="2.4-cAP ac" name="2.4-cAP ac Guest" \ radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2CFadd configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\ 64:D1:54:F7:B2:D0 master-interface=none name="5.0-cAP ac" radio-mac=\ 64:D1:54:F7:B2:D0 radio-name=64D154F7B2D0add configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\ 66:D1:54:F7:B2:D0 master-interface="5.0-cAP ac" name="5.0-cAP ac Guest" \ radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2D0add configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\ 74:4D:28:C1:A5:BA master-interface=none name="5.0-hAP ac^2" radio-mac=\ 74:4D:28:C1:A5:BA radio-name=744D28C1A5BAadd configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\ 76:4D:28:C1:A5:BA master-interface="5.0-hAP ac^2" name=\ "5.0-hAP ac^2 Guest" radio-mac=00:00:00:00:00:00 radio-name=764D28C1A5BA/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment=defconf name=WAN2add comment=AllWAN name=WANAlladd comment=WLAN name=WLAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\ dynamic-keys supplicant-identity=MikroTik/ip firewall layer7-protocoladd name=Youtube regexp=\ "^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"add name=Facebook regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.co\ m|fbcdn.net|fb.com|tfbnw.net).*\$"add name=Netflix regexp=\ "^.+(netflix|nflxext|nflximg|nflxsearch|nflxso|nflxvideo).*\$"add name=youtube1 regexp="^.+(youtube).*\$"add name=facebook1 regexp="^.+(facebook).*\$"add name=whatsapp1 regexp="^.+(whatsapp).*\$"add name=netflix1 regexp="^.+(netflix).*\$"/ip hotspot profileset [ find default=yes ] html-directory=flash/hotspot/ip ipsec proposalset [ find default=yes ] enc-algorithms=aes-128-cbc pfs-group=none/ip pooladd name=dhcp ranges=192.168.0.150-192.168.0.220add name=poolGuest ranges=192.168.20.100-192.168.20.150/ip dhcp-serveradd address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\ defconfadd address-pool=poolGuest disabled=no interface=vlan20 lease-time=2h name=\ guestDHCP/ppp profileadd name=profileTelnor on-down=":do {\r\ \n/ip firewall address-list remove [find where list=WAN2-ADDR]\r\ \n}" on-up=":do {\r\ \n/ip firewall address-list add list=WAN2-ADDR address=\$\"local-address\"\ \r\ \n}" remote-address=8.8.4.4add change-tcp-mss=yes name=openvpn use-compression=no use-encryption=yes \ use-mpls=noadd change-tcp-mss=yes name=profileTorguard on-down=":do {\r\ \n/ip firewall address-list remove [find where list=VPN-ADDR]\r\ \n}" on-up=":do {\r\ \n/ip firewall address-list add list=VPN-ADDR address=\$\"local-address\"\ \r\ \n}"/interface pppoe-clientadd add-default-route=yes comment=Telnor default-route-distance=2 disabled=no \ interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \ use-peer-dns=yes user=gisselam@prodigy.net.mx/interface l2tp-clientadd comment=VPN connect-to=98.153.62.16 disabled=no name=TorGuard profile=\ profileTorguard use-ipsec=yes user=recgaxiola@gmail.com/queue simpleadd burst-limit=2M/5M burst-threshold=1M/5M burst-time=2s/2s limit-at=1M/5M \ max-limit=1M/5M name=queueGuest target=192.168.20.0/24add burst-limit=1M/5M burst-threshold=1M/5M burst-time=1s/1s limit-at=1M/5M \ max-limit=1M/5M name=queueGuestE3000 target=192.168.0.5/32add burst-limit=512k/4M burst-threshold=512k/4M burst-time=1s/1s disabled=yes \ limit-at=512k/4M max-limit=512k/4M name=queue1 target=192.168.0.0/24/queue treeadd disabled=yes limit-at=100M max-limit=100M name=Root parent=globaladd disabled=yes limit-at=2M max-limit=10M name=icmp packet-mark=icmp_packet \ parent=Root priority=1add disabled=yes limit-at=40M max-limit=100M name=web packet-mark=web_packet \ parent=Root priority=5add disabled=yes limit-at=20M max-limit=100M name=quic packet-mark=\ quic_packet parent=Root priority=5add disabled=yes limit-at=38M max-limit=100M name=resto packet-mark=\ resto_packet parent=Rootadd disabled=yes name=DESCARGA parent=bridgeLAN priority=1add disabled=yes name=Dns packet-mark=Dns_Dow_Pk parent=DESCARGA priority=1add disabled=yes name=Icmp packet-mark=Icmp_Pk_Down parent=DESCARGA priority=\ 1add disabled=yes name="Juegos Dow" parent=DESCARGA priority=2add disabled=yes name=Dota packet-mark=Dota2_Dow_pk parent="Juegos Dow" \ priority=1add disabled=yes name=Fornite packet-mark=fornite_Dow_pk parent="Juegos Dow" \ priority=2add disabled=yes name=Lol packet-mark=LoL_Dow_PK parent="Juegos Dow" \ priority=1add disabled=yes name=Wolftem packet-mark=Wolftem_Dow_Pk parent="Juegos Dow" \ priority=2add disabled=yes name="Paginas Down" parent=DESCARGA priority=4add disabled=yes name=Http packet-mark=Http_Pk_Down parent="Paginas Down" \ priority=3add disabled=yes name=Https packet-mark=Https_Pk_Down parent="Paginas Down" \ priority=4add disabled=yes name=Netflix packet-mark=Netflix_Pk_Down parent=\ "Paginas Down" priority=4add disabled=yes name=YouTube packet-mark=YouTube_Pk_Down parent=\ "Paginas Down" priority=4add disabled=yes name=Facebook packet-mark=Facebook_Pk_Down parent=\ "Paginas Down" priority=2add disabled=yes name="Zxtras Dow" parent=DESCARGA priority=2add disabled=yes name=Wasaap packet-mark=Wasaap_Dow_Pk parent="Zxtras Dow" \ priority=1add disabled=yes name=Correo packet-mark=Correo_Dow_Pk parent="Zxtras Dow" \ priority=2add disabled=yes name="PLAY PS3" packet-mark=PlayStation_Dow_Pk parent=\ "Zxtras Dow" priority=3add disabled=yes name=Xbox packet-mark=Xbox_Dow_pk parent="Zxtras Dow" \ priority=3add disabled=yes name=SUBIDA parent=ether1-WAN1 priority=1add disabled=yes name="Dns up" packet-mark=Dns_Udp_Pk parent=SUBIDA priority=\ 1add disabled=yes name="Icmp up" packet-mark=Icmp_Pk_Up parent=SUBIDA \ priority=1add disabled=yes name="Juegos Up" parent=SUBIDA priority=2add disabled=yes name="Dota up" packet-mark=dota2_Udp_Pqt parent="Juegos Up" \ priority=1add disabled=yes name=Fortine packet-mark=fornite_Udp_pk parent="Juegos Up" \ priority=2add disabled=yes name="Lol up" packet-mark=LoL_UP_pk parent="Juegos Up" \ priority=1add disabled=yes name="Wolftem up" packet-mark=Wolftem_Udp_pk parent=\ "Juegos Up" priority=2add disabled=yes name="Paginas Up" parent=SUBIDA priority=4add disabled=yes name="Facebook up" packet-mark=Facebook_Pk_Up parent=\ "Paginas Up" priority=2add disabled=yes name="Http Up" packet-mark=Http_Pk_Up parent="Paginas Up" \ priority=3add disabled=yes name="Https Up" packet-mark=Https_Pk_Up parent="Paginas Up" \ priority=4add disabled=yes name="Netflix Up" packet-mark=Netflix_Pk_Up parent=\ "Paginas Up" priority=4add disabled=yes name="YouTube Up" packet-mark=YouTube_Pk_Up parent=\ "Paginas Up" priority=4add disabled=yes name="Zxtras UP" parent=SUBIDA priority=2add disabled=yes name="PLAY PS3 up" packet-mark=Playstation_Up_Pk parent=\ "Zxtras UP" priority=3add disabled=yes name="Wasaap up" packet-mark=Wasasp_Up_Pk parent="Zxtras UP" \ priority=1add disabled=yes name="Xbox up" packet-mark=Xbox_Up_pk parent="Zxtras UP" \ priority=3/queue typeadd kind=pcq name=WEBadd kind=pcq name=YOUTUBE pcq-classifier=dst-address pcq-dst-address6-mask=64 \ pcq-src-address6-mask=64 pcq-total-limit=5000KiB/system logging actionset 3 remote=192.168.0.4add disk-file-count=31 disk-file-name=disk1/logs/log disk-lines-per-file=4096 \ name=disk1 target=diskadd disk-file-count=31 disk-file-name=disk1/logs/snmplog disk-lines-per-file=\ 4096 name=snmpdisk target=disk/user groupset full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff,sensitive,api,romon,dude,tikapp"add name=sniffer policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!\ test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"/caps-man access-listadd action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \ disabled=no interface="5.0-cAP ac" mac-address=00:F6:20:90:AB:F0 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \ disabled=no interface="5.0-hAP ac^2" mac-address=00:F6:20:90:AB:F0 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \ disabled=no interface="5.0-cAP ac" mac-address=F0:5C:77:4D:44:BD \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \ disabled=no interface="5.0-hAP ac^2" mac-address=F0:5C:77:4D:44:BD \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Nest Hub Cocina" disabled=no interface="5.0-cAP ac" mac-address=\ 1C:F2:9A:0C:76:F4 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Nest Hub Cocina" disabled=no interface="5.0-hAP ac^2" \ mac-address=1C:F2:9A:0C:76:F4 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \ disabled=no interface="5.0-cAP ac" mac-address=48:D6:D5:14:48:60 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \ disabled=no interface="5.0-hAP ac^2" mac-address=48:D6:D5:14:48:60 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \ disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:3E:67:B2 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \ disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:3E:67:B2 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Hector" disabled=no interface="5.0-cAP ac" mac-address=\ D4:F5:47:21:0A:E0 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Hector" disabled=no interface="5.0-hAP ac^2" \ mac-address=D4:F5:47:21:0A:E0 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \ disabled=no interface="5.0-cAP ac" mac-address=A4:77:33:2F:1F:86 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \ disabled=no interface="5.0-hAP ac^2" mac-address=A4:77:33:2F:1F:86 \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Alex" disabled=no interface="5.0-cAP ac" mac-address=\ D4:F5:47:0D:C3:27 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Alex" disabled=no interface="5.0-hAP ac^2" mac-address=\ D4:F5:47:0D:C3:27 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Papas" disabled=no interface="5.0-cAP ac" mac-address=\ D4:F5:47:17:4E:9F ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment=\ "Google Home Mini Papas" disabled=no interface="5.0-hAP ac^2" \ mac-address=D4:F5:47:17:4E:9F ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \ disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:46:94:EC \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \ disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:46:94:EC \ ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Galaxy S10" \ disabled=yes interface="2.4-cAP ac" mac-address=A8:DB:03:10:E7:3D \ signal-range=-70..120 ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="Galaxy S20" \ disabled=yes interface="2.4-cAP ac" mac-address=8C:B8:4A:F7:7C:A3 \ signal-range=-70..120 ssid-regexp=""add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=\ yes disabled=no interface=any signal-range=-86..120 ssid-regexp=""add action=reject allow-signal-out-of-range=10s disabled=no interface=any \ signal-range=-120..-87 ssid-regexp=""add comment="Ipad Hector" mac-address=F0:76:6F:73:A7:7Cadd comment="LG G6" mac-address=A8:B8:6E:81:B8:59add comment="Alex PC" mac-address=54:E6:FC:86:56:10add comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54add comment="Foco Hector" mac-address=60:01:94:ED:E1:23add comment="Foco Alex" mac-address=D8:F1:5B:98:92:63add comment="Foco Papas" mac-address=CC:50:E3:65:0C:09add comment=Roku mac-address=B8:A1:75:D4:E8:B4/caps-man managerset enabled=yes package-path=/disk1/caps-man manager interfaceset [ find default=yes ] forbid=yesadd disabled=no interface=bridgeLANadd disabled=no interface=bridgeGuest/caps-man provisioningadd action=create-enabled hw-supported-modes=g master-configuration=\ MyHomeWifi name-format=prefix-identity name-prefix=2.4 \ slave-configurations=MyGuestWiFiadd action=create-enabled hw-supported-modes=ac master-configuration=\ MyHomeWifiAC name-format=prefix-identity name-prefix=5.0 \ slave-configurations=MyGuestWiFiAC/interface bridge portadd bridge=bridgeLAN comment=defconf interface=ether2-CAPsMANadd bridge=bridgeLAN comment=defconf interface=ether3-LANadd bridge=bridgeLAN comment=defconf interface=ether4add bridge=bridgeLAN interface=wlan2GHz/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset detect-interface-list=all wan-interface-list=all/interface list memberadd comment=defconf interface=bridgeLAN list=LANadd comment=defconf interface=ether1-WAN1 list=WANadd comment=defconf interface=pppoe-Telnor list=WAN2add interface=pppoe-Telnor list=WANAlladd interface=TorGuard list=WANAlladd interface=ether1-WAN1 list=WANAlladd interface=vlan20 list=LANadd interface=bridgeGuest list=LANadd interface=ether5-WAN2 list=WANAll/interface pptp-server serverset authentication=chap,mschap1,mschap2 enabled=yes/interface wireless access-listadd interface=wlan5GHz vlan-mode=no-tag/interface wireless cap# set bridge=bridgeLAN caps-man-addresses=127.0.0.1 enabled=yes interfaces=\ wlan5GHz/ip accountingset threshold=2560/ip accounting web-accessset accessible-via-web=yes address=192.168.0.0/24/ip addressadd address=192.168.0.1/24 interface=ether3-LAN network=192.168.0.0add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0/ip cloudset ddns-enabled=yes ddns-update-interval=5m/ip dhcp-clientadd comment=defconf disabled=no interface=ether1-WAN1 script=":if (\$bound=1) \ do={ \r\ \n /ip firewall address-list add list=WAN1-ADDR address=\$\"lease-addres\ s\"\r\ \n} else={\r\ \n /ip firewall address-list remove [find where list=WAN1-ADDR]\r\ \n}"/ip dhcp-server leaseadd address=192.168.0.47 comment="Chromecast 3 Papas" mac-address=\ 7C:D9:5C:46:94:EC server=defconfadd address=192.168.0.41 comment=Roku mac-address=B8:A1:75:D4:E8:B4 server=\ defconfadd address=192.168.0.33 client-id=1:e0:d5:5e:12:c8:d6 comment="Hector PC" \ mac-address=E0:D5:5E:12:C8:D6 server=defconfadd address=192.168.0.46 comment="Chromecast 2 Cocina" mac-address=\ 48:D6:D5:14:48:60 server=defconfadd address=192.168.0.45 comment="Chromecast 1 Alex" mac-address=\ A4:77:33:2F:1F:86 server=defconfadd address=192.168.0.34 client-id=1:54:e6:fc:86:56:10 comment="Alex PC" \ mac-address=54:E6:FC:86:56:10 server=defconfadd address=192.168.0.24 comment="Nintendo Switch" mac-address=\ 58:2F:40:C3:29:D2 server=defconfadd address=192.168.0.29 client-id=1:e8:61:7e:53:19:7d comment="PS4 WiFi" \ mac-address=E8:61:7E:53:19:7D server=defconfadd address=192.168.0.55 comment="Foco Papas" mac-address=CC:50:E3:65:0C:09 \ server=defconfadd address=192.168.0.57 comment="Foco Hector" mac-address=60:01:94:ED:E1:23 \ server=defconfadd address=192.168.0.58 comment="Foco Alex" mac-address=D8:F1:5B:98:92:63 \ server=defconfadd address=192.168.0.56 comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54 \ server=defconfadd address=192.168.0.150 comment=DHCP mac-address=12:34:56:78:90:12 server=\ defconfadd address=192.168.0.11 client-id=1:0:30:67:53:22:f2 comment=LibreELEC \ mac-address=00:30:67:53:22:F2 server=defconfadd address=192.168.0.28 client-id=1:70:9e:29:c0:fa:49 comment="PS4 LAN" \ mac-address=70:9E:29:C0:FA:49 server=defconfadd address=192.168.0.26 client-id=1:0:1d:d8:af:d0:8b comment="Xbox 360" \ mac-address=00:1D:D8:AF:D0:8B server=defconfadd address=192.168.0.25 client-id=1:cc:7e:e7:df:99:b4 comment="TV Panasonic" \ mac-address=CC:7E:E7:DF:99:B4 server=defconfadd address=192.168.0.27 client-id=1:0:1f:a7:4e:d2:eb comment="PS3 LAN" \ mac-address=00:1F:A7:4E:D2:EB server=defconfadd address=192.168.0.53 comment="Google Home Sala " mac-address=\ 00:F6:20:90:AB:F0 server=defconfadd address=192.168.0.48 comment="Chromecast 3 Hector" mac-address=\ 7C:D9:5C:3E:67:B2 server=defconfadd address=192.168.0.51 comment="Google Home Mini Hector" mac-address=\ D4:F5:47:21:0A:E0 server=defconfadd address=192.168.0.54 comment="Google Nest Hub Cocina" mac-address=\ 1C:F2:9A:0C:76:F4 server=defconfadd address=192.168.0.52 comment="Google Home Mini Alex" mac-address=\ D4:F5:47:0D:C3:27 server=defconfadd address=192.168.0.49 comment="Chromecast 3 Sala" mac-address=\ F0:5C:77:4D:44:BD server=defconfadd address=192.168.0.50 comment="Google Home Mini Papas" mac-address=\ D4:F5:47:17:4E:9F server=defconfadd address=192.168.0.35 client-id=1:30:9c:23:b3:7d:cd comment="Gissela PC" \ mac-address=30:9C:23:B3:7D:CD server=defconfadd address=192.168.0.13 client-id=1:b8:27:eb:f4:83:65 comment=\ "LibreELEC Pi 3" mac-address=B8:27:EB:F4:83:65 server=defconfadd address=192.168.0.14 client-id=1:b8:27:eb:a1:d6:30 mac-address=\ B8:27:EB:A1:D6:30 server=defconfadd address=192.168.0.6 comment="ESXi Server" mac-address=1C:87:2C:43:BE:E2 \ server=defconfadd address=192.168.0.36 client-id=1:8:21:ef:c5:2f:18 comment=\ "Galaxy Tab S2 Alex" mac-address=08:21:EF:C5:2F:18 server=defconfadd address=192.168.0.37 client-id=1:f0:76:6f:73:a7:7c comment="Ipad Hector" \ mac-address=F0:76:6F:73:A7:7C server=defconfadd address=192.168.20.99 comment=GuestWiFi mac-address=12:12:12:12:12:12add address=192.168.0.124 client-id=1:2c:27:d7:88:9c:e2 comment="HP Printer" \ mac-address=2C:27:D7:88:9C:E2 server=defconfadd address=192.168.0.122 client-id=1:30:7:4d:6b:7d:1b comment="Galaxy S8" \ mac-address=30:07:4D:6B:7D:1B server=defconfadd address=192.168.0.125 client-id=1:d0:13:fd:54:bc:47 comment=\ "LG G4 Hector" mac-address=D0:13:FD:54:BC:47 server=defconfadd address=192.168.0.128 client-id=1:a8:db:3:10:e7:3d comment="Galaxy S10" \ mac-address=A8:DB:03:10:E7:3D server=defconfadd address=192.168.0.9 client-id=1:0:c:29:43:22:30 comment=pfSense disabled=\ yes mac-address=00:0C:29:43:22:30 server=defconfadd address=192.168.0.30 client-id=1:4:d4:c4:53:46:52 comment="Roberto PC" \ mac-address=04:D4:C4:53:46:52 server=defconfadd address=192.168.0.17 client-id=\ ff:bc:9a:4a:2d:0:2:0:0:ab:11:53:2:ee:36:52:a7:b:e1 comment=\ "Splunk Linux Server" disabled=yes mac-address=00:0C:29:0F:B3:C4 server=\ defconfadd address=192.168.0.120 client-id=1:8c:b8:4a:f7:7c:a3 comment="Galaxy S20" \ mac-address=8C:B8:4A:F7:7C:A3 server=defconfadd address=192.168.0.12 client-id=1:72:1d:1b:c4:a:7a comment=Win7v \ mac-address=72:1D:1B:C4:0A:7A server=defconfadd address=192.168.0.38 client-id=1:40:25:c2:37:da:d8 comment="Laptop Giss" \ mac-address=40:25:C2:37:DA:D8 server=defconfadd address=192.168.0.19 client-id=1:0:c:29:8b:48:25 mac-address=\ 00:0C:29:8B:48:25 server=defconfadd address=192.168.0.18 client-id=\ ff:bc:9a:4a:2d:0:2:0:0:ab:11:fb:6c:72:a1:c8:3e:cc:2d comment=\ "No-Ip Server" mac-address=00:0C:29:A9:AB:81 server=defconfadd address=192.168.0.5 client-id=1:68:7f:74:a2:74:5d comment=E3000 \ mac-address=68:7F:74:A2:74:5D server=defconfadd address=192.168.0.8 client-id=\ ff:bc:9a:4a:2d:0:2:0:0:ab:11:d2:7a:93:3f:d1:69:c0:48 comment=pihole \ mac-address=00:0C:29:A4:3C:9E server=defconfadd address=192.168.0.121 client-id=1:a8:b8:6e:81:b8:59 comment="LG G6" \ mac-address=A8:B8:6E:81:B8:59 server=defconfadd address=192.168.0.7 comment="Ubuntu Proxy" mac-address=00:0C:29:C8:4A:C4add address=192.168.0.15 client-id=1:0:c:29:6b:35:bd mac-address=\ 00:0C:29:6B:35:BD server=defconf/ip dhcp-server networkadd address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24add address=192.168.20.0/24 gateway=192.168.20.1 netmask=24/ip dnsset allow-remote-requests=yes servers=104.223.91.210,104.223.91.210/ip dns staticadd address=192.168.0.1 comment=defconf name=router.lanadd address=192.168.0.19 disabled=yes name=robslamp.servehttp.comadd address=192.168.0.19 name=pendejerto.no-ip.org/ip firewall address-listadd address=192.168.0.30 comment=Roberto disabled=yes list=TorGuargListadd address=192.168.0.41 comment=Roku list=TorGuargListadd address=192.168.0.8 comment=PiHole list=NoPiHoleadd address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\ TelnorListadd address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\ TorGuargListadd address=192.168.0.30 comment=Roberto disabled=yes list=TelnorListadd address=192.168.0.28 comment=PS4 disabled=yes list=TelnorListadd address=192.168.0.6 comment="ESXi Server" list=TelnorListadd address=192.168.0.18 comment="No-Ip Server" list=TelnorListadd address=192.168.0.8 comment=UbuntuPiHole disabled=yes list=TelnorListadd address=192.168.0.41 comment=Roku disabled=yes list=NoPiHoleadd address=192.168.20.0/24 comment="Guest SSID" list=GuestSSID-NoNetflixadd address=192.168.0.30 comment=Roberto disabled=yes list=RestrictedAccessadd address=192.168.0.19 comment=WS2019 disabled=yes list=TorGuargListadd address=192.168.0.19 comment=WS2019 list=TelnorListadd address=192.168.0.45-192.168.0.60 list=GoogleLANadd address=192.168.0.0/24 list=RobsLANadd address=192.168.20.0/24 comment="Guest SSID" disabled=yes list=\ RestrictedAccessadd address=192.168.0.7 comment="Ubuntu Proxy" list=TelnorListadd address=b4a10a10b227.sn.mynetname.net list=MyPublicIPadd address=10.65.142.112 list=WAN1-ADDRadd address=10.1.2.2 list=VPN-ADDRadd address=192.168.0.15 comment="IIS Server" list=TelnorListadd address=201.143.246.54 list=WAN2-ADDR/ip firewall filteradd action=drop chain=forward comment=Attack log-prefix="BlackList - " \ src-address-list=BlackListadd action=reject chain=forward comment="Drop incoming DNS traffic" dst-port=\ 53 in-interface-list=WANAll protocol=tcp reject-with=\ icmp-network-unreachableadd action=reject chain=forward dst-port=53 in-interface-list=WANAll \ protocol=udp reject-with=icmp-network-unreachableadd action=drop chain=forward comment="Drop Internet" disabled=yes \ in-interface-list=LAN out-interface-list=WANAll src-address-list=\ BanInternetadd action=accept chain=forward disabled=yes in-interface-list=LAN \ out-interface-list=WANAlladd action=drop chain=forward comment="Separar Redes" dst-address=\ !192.168.0.8 in-interface=vlan20 out-interface=bridgeLAN src-address=\ !192.168.0.8add action=drop chain=forward dst-address=!192.168.0.8 in-interface=bridgeLAN \ out-interface=vlan20 src-address=!192.168.0.8add action=drop chain=input disabled=yes dst-address=!192.168.0.8 \ dst-address-list=RobsLAN log=yes log-prefix="drop 20-0: " src-address=\ !192.168.0.8 src-address-list=GuestSSID-NoNetflixadd action=reject chain=forward comment=\ "Drop Internet by MAC -- 44:87:FC:53:32:92" disabled=yes dst-address=\ !192.168.0.0/24 reject-with=icmp-network-unreachable src-mac-address=\ 44:87:FC:53:32:92add action=drop chain=forward comment="Block Facebook" dst-port=80,443 \ log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \ tls-host=*.facebook.comadd action=drop chain=forward layer7-protocol=Facebook log-prefix="BF2 - " \ src-address-list=RestrictedAccessadd action=drop chain=forward comment="Block YouTube" dst-port=80,443 \ log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \ tls-host=*.youtube.comadd action=drop chain=forward layer7-protocol=Youtube log-prefix="BF2 - " \ src-address-list=RestrictedAccessadd action=drop chain=forward comment="Block Netflix" dst-port=80,443 \ log-prefix="BF1 - " protocol=tcp src-address-list=GuestSSID-NoNetflix \ tls-host=*.netflix.comadd action=drop chain=forward layer7-protocol=Netflix log-prefix="BF2 - " \ src-address-list=GuestSSID-NoNetflixadd action=drop chain=forward comment="Restrict Facebook" disabled=yes \ log-prefix="RF1 - " packet-mark=Facebook_Pk_Up src-address-list=\ RestrictedAccessadd action=drop chain=forward disabled=yes log-prefix="RF1 - " packet-mark=\ Facebook_Pk_Down src-address-list=RestrictedAccessadd action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\ Facebook_Pk_Up src-address-list=RestrictedAccessadd action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\ Facebook_Pk_Down src-address-list=RestrictedAccessadd action=drop chain=forward comment="Restrict YouTube" disabled=yes \ packet-mark=YouTube_Pk_Up src-address-list=RestrictedAccessadd action=drop chain=forward disabled=yes packet-mark=YouTube_Pk_Down \ src-address-list=RestrictedAccessadd action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Up \ src-address-list=RestrictedAccessadd action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Down \ src-address-list=RestrictedAccessadd action=drop chain=forward comment="Restrict Netflix" disabled=yes \ packet-mark=Netflix_Pk_Up src-address-list=GuestSSID-NoNetflixadd action=drop chain=forward disabled=yes packet-mark=Netflix_Pk_Down \ src-address-list=GuestSSID-NoNetflixadd action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\ Netflix_Pk_Up src-address-list=GuestSSID-NoNetflixadd action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\ Netflix_Pk_Down src-address-list=GuestSSID-NoNetflixadd action=accept chain=input comment="CAPs to CAPsMAN" dst-port=5246,5247 \ protocol=udp src-address=127.0.0.1add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input comment="ICMP from Chromecast into Router" \ in-interface=bridgeLAN log-prefix=Accept_Chromecast_ICMP_ protocol=icmpadd action=accept chain=icmp_chain comment="ICMP on Chromecast" dst-address=\ 8.8.8.8 in-interface=bridgeLAN log-prefix=Accept_ICMP_Chromecast \ protocol=icmpadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid log-prefix="defconf: drop invalid "add action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input dst-address-type=local src-address-type=localadd action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN log-prefix="drop: "add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=accept chain=forward comment="Fasttrack Disable RestrictedAccess" \ src-address-list=RestrictedAccessadd action=accept chain=forward dst-address-list=RestrictedAccessadd action=accept chain=forward comment="Fasttrack Disable TelnorList" \ connection-mark=Telnor_Conn disabled=yesadd action=accept chain=forward disabled=yes routing-mark=TelnorWANadd action=accept chain=forward comment="Fasttrack Disable TelnorList" \ src-address-list=TelnorListadd action=accept chain=forward connection-state=established,related \ dst-address-list=TelnorListadd action=accept chain=forward comment="Fasttrack Disable VPNList" \ src-address-list=TorGuargListadd action=accept chain=forward connection-state=established,related \ dst-address-list=TorGuargListadd action=accept chain=forward comment="Fasttrack Disable GuestWiFi" \ src-address-list=GuestSSID-NoNetflixadd action=accept chain=forward connection-state=established,related \ dst-address-list=GuestSSID-NoNetflixadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,relatedadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid log-prefix="defconf: drop invalid "add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN log-prefix=\ "defconf: drop all from WAN not DSTNATed "add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN2 log-prefix=\ "defconf: drop all from WAN not DSTNATed 2 "/ip firewall mangleadd action=accept chain=prerouting comment="Izzi WAN" disabled=yes \ dst-address-list=WAN1-ADDR in-interface=bridgeLANadd action=mark-connection chain=prerouting connection-mark=no-mark disabled=\ yes in-interface=ether1-WAN1 new-connection-mark=Izzi_Conn passthrough=\ yesadd action=mark-connection chain=prerouting connection-mark=no-mark disabled=\ yes dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\ Izzi_Conn passthrough=yes src-address-list=!TelnorListadd action=mark-routing chain=prerouting connection-mark=Izzi_Conn disabled=\ yes dst-address-type="" in-interface=bridgeLAN new-routing-mark=IzziWAN \ passthrough=yes src-address-list=!TelnorListadd action=mark-routing chain=output connection-mark=Izzi_Conn disabled=yes \ new-routing-mark=IzziWAN passthrough=yes src-address-list=!TelnorListadd action=mark-routing chain=prerouting comment=Telnor disabled=yes \ new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorListadd action=accept chain=prerouting comment="Telnor metodo 2" \ dst-address-list=WAN2-ADDR in-interface=bridgeLANadd action=mark-connection chain=prerouting connection-mark=no-mark \ in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=yesadd action=mark-connection chain=prerouting connection-mark=no-mark \ dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\ Telnor_Conn passthrough=yes src-address-list=TelnorListadd action=mark-routing chain=prerouting connection-mark=Telnor_Conn \ dst-address-type="" in-interface=bridgeLAN new-routing-mark=TelnorWAN \ passthrough=yes src-address-list=TelnorListadd action=mark-routing chain=output connection-mark=Telnor_Conn \ new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorListadd action=mark-routing chain=prerouting comment=TorGuard new-routing-mark=\ VPN passthrough=yes src-address-list=TorGuargListadd action=mark-connection chain=prerouting comment=Telnor disabled=yes \ in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=noadd action=mark-connection chain=prerouting disabled=yes in-interface=\ bridgeLAN new-connection-mark=Telnor_Conn passthrough=yes \ src-address-list=TelnorListadd action=mark-routing chain=prerouting connection-mark=Telnor_Conn \ disabled=yes new-routing-mark=TelnorWAN passthrough=yes src-address-list=\ TelnorListadd action=mark-routing chain=output connection-mark=Telnor_Conn disabled=yes \ new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorListadd action=mark-connection chain=prerouting comment=TorGuard \ connection-state=new disabled=yes in-interface-list=LAN \ new-connection-mark=VPN_Conn passthrough=yes src-address-list=\ TorGuargListadd action=mark-routing chain=prerouting connection-mark=VPN_Conn disabled=\ yes new-routing-mark=VPN passthrough=no src-address-list=TorGuargListadd action=set-priority chain=postrouting comment="Set priority for WMM" \ new-priority=from-dscp-high-3-bits passthrough=yesadd action=mark-connection chain=prerouting comment="QoS Icmp" disabled=yes \ new-connection-mark=Icmp_Conn_Down passthrough=yes protocol=icmpadd action=mark-packet chain=prerouting connection-mark=Icmp_Conn_Down \ disabled=yes new-packet-mark=Icmp_Pk_Down passthrough=noadd action=mark-connection chain=postrouting disabled=yes \ new-connection-mark=Icmp_Conn_Up passthrough=yes protocol=icmpadd action=mark-packet chain=postrouting connection-mark=Icmp_Conn_Up \ disabled=yes new-packet-mark=Icmp_Pk_Up passthrough=noadd action=mark-connection chain=prerouting comment="QoS Dns" disabled=yes \ dst-port=53 new-connection-mark=Dns_Udp_conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=Dns_Udp_conn \ disabled=yes new-packet-mark=Dns_Udp_Pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=53 \ new-connection-mark=Dns_Dow_Conn passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Dns_Dow_Conn \ disabled=yes new-packet-mark=Dns_Dow_Pk passthrough=noadd action=mark-connection chain=prerouting comment="QoS Dota" disabled=yes \ dst-port=27014-27050,27036,27037,8291 new-connection-mark=Dota2_Dow_conn \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Dota2_Dow_conn \ disabled=yes new-packet-mark=Dota2_Dow_pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 1500,3005,3101,20561,27017-27062,20561,4380,28960,27067 \ new-connection-mark=dota2_udp_conn passthrough=yes protocol=udpadd action=mark-packet chain=postrouting connection-mark=dota2_udp_conn \ disabled=yes new-packet-mark=dota2_Udp_Pqt passthrough=noadd action=mark-connection chain=prerouting comment="QoS fornite" disabled=\ yes dst-port=\ 5060,45724,6250,137,138,9008,33234,9008,7862,7862,9012,45762,138 \ new-connection-mark=Fornite_udp_conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=Fornite_udp_conn \ disabled=yes new-packet-mark=fornite_Udp_pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 5222,5795-5847,1935,3478-3480,3074,6667,12400,28910,29901,29920 \ new-connection-mark=Fornite_Dow_conn passthrough=yes protocol=tcpadd action=mark-packet chain=postrouting connection-mark=Fornite_Dow_conn \ disabled=yes new-packet-mark=fornite_Dow_pk passthrough=noadd action=mark-connection chain=prerouting comment="QoS wolftem" disabled=\ yes dst-port="307,10,30711,30712,30713,30714,30715,30716,30717,30718,30719\ ,30720,30721,30722" new-connection-mark=woltem_dow_Conn passthrough=yes \ protocol=tcpadd action=mark-packet chain=prerouting connection-mark=woltem_dow_Conn \ disabled=yes new-packet-mark=Wolftem_Dow_Pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 40707-40718,20001 new-connection-mark=Wolftem_Udp_conn passthrough=yes \ protocol=udpadd action=mark-packet chain=postrouting connection-mark=Wolftem_Udp_conn \ disabled=yes new-packet-mark=Wolftem_Udp_pk passthrough=noadd action=mark-connection chain=prerouting comment="QoS LoL" disabled=yes \ dst-port=2099,5223,5222,8393,8400,8088 new-connection-mark=LoL_Dow_conn \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=LoL_Dow_conn \ disabled=yes new-packet-mark=LoL_Dow_PK passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 5000,8088,10004 new-connection-mark=LoL_Up_Pk passthrough=yes protocol=\ udpadd action=mark-packet chain=postrouting connection-mark=LoL_Up_Pk disabled=\ yes new-packet-mark=LoL_UP_pk passthrough=noadd action=mark-packet chain=forward connection-mark=Propaganda_conn \ disabled=yes new-packet-mark=propagandas passthrough=noadd action=mark-connection chain=prerouting comment=HttpS_QoS disabled=yes \ dst-port=443 new-connection-mark=Htpps_Conn_Down passthrough=yes \ protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Htpps_Conn_Down \ disabled=yes new-packet-mark=Https_Pk_Down passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=443 \ new-connection-mark=Https_Conn_Up passthrough=yes protocol=udpadd action=mark-packet chain=postrouting connection-mark=Https_Conn_Up \ disabled=yes new-packet-mark=Https_Pk_Up passthrough=noadd action=mark-connection chain=prerouting comment=Http_QoS disabled=yes \ dst-port=80,8080,9000 new-connection-mark=Http_Conn_Down passthrough=yes \ protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Http_Conn_Down \ disabled=yes new-packet-mark=Http_Pk_Down passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 80,8080,9000 new-connection-mark=Http_Conn_Up passthrough=yes protocol=\ udpadd action=mark-packet chain=postrouting connection-mark=Http_Conn_Up \ disabled=yes new-packet-mark=Http_Pk_Up passthrough=noadd action=mark-connection chain=prerouting comment=correo disabled=yes \ dst-port=110,995,143,993,25,465,587 new-connection-mark=correo_Dow_Conn \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=correo_Dow_Conn \ disabled=yes new-packet-mark=Correo_Dow_Pk passthrough=noadd action=mark-connection chain=prerouting comment="QoS wassapp" disabled=\ yes dst-port=5222-5228,5242 new-connection-mark=Wasapp_Dow_Conn \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Wasapp_Dow_Conn \ disabled=yes new-packet-mark=Wasaap_Dow_Pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 5222,5223,5228,5242,53,3478 new-connection-mark=Wassapp_Udp_pk \ passthrough=yes protocol=udpadd action=mark-packet chain=postrouting connection-mark=Wassapp_Udp_pk \ disabled=yes new-packet-mark=Wasasp_Up_Pk passthrough=noadd action=mark-connection chain=prerouting comment="play station" disabled=\ yes dst-port=80,443,5223,10070 new-connection-mark=PlayS4_Dow_conn \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=PlayS4_Dow_conn \ disabled=yes new-packet-mark=PlayStation_Dow_Pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 3478,3479,3658,10070 new-connection-mark=PlayStation_Up_conn passthrough=\ yes protocol=udpadd action=mark-packet chain=postrouting connection-mark=PlayStation_Up_conn \ disabled=yes new-packet-mark=Playstation_Up_Pk passthrough=no protocol=\ udpadd action=mark-connection chain=prerouting comment="QoS xbox" disabled=yes \ dst-port=3070-3073 new-connection-mark=Xbox_dow_conn passthrough=yes \ protocol=tcpadd action=mark-packet chain=prerouting connection-mark=Xbox_dow_conn \ disabled=yes new-packet-mark=Xbox_Dow_pk passthrough=noadd action=mark-connection chain=postrouting disabled=yes dst-port=\ 88,3074,53,500,3544,4500 new-connection-mark=Xbox_UP_conn passthrough=yes \ protocol=udpadd action=mark-packet chain=postrouting connection-mark=Xbox_UP_conn \ disabled=yes new-packet-mark=Xbox_Up_pk passthrough=noadd action=mark-connection chain=forward comment=netflix disabled=yes \ dst-port=22,53,80,33001,179,443 layer7-protocol=Netflix \ new-connection-mark=Netflix_Conn_Down passthrough=yes protocol=tcpadd action=mark-packet chain=forward connection-mark=Netflix_Conn_Down \ disabled=yes new-packet-mark=Netflix_Pk_Down passthrough=noadd action=mark-connection chain=forward disabled=yes dst-port=33001,53,123 \ layer7-protocol=Netflix new-connection-mark=Netflix_Conn_Up passthrough=\ yes protocol=udpadd action=mark-packet chain=forward connection-mark=Netflix_Conn_Up \ disabled=yes new-packet-mark=Netflix_Pk_Up passthrough=noadd action=mark-connection chain=forward comment="QoS YouTube" disabled=yes \ in-interface-list=WANAll layer7-protocol=Youtube new-connection-mark=\ YouTube_Conn_Down passthrough=yesadd action=mark-packet chain=forward connection-mark=YouTube_Conn_Down \ disabled=yes new-packet-mark=YouTube_Pk_Down passthrough=noadd action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \ layer7-protocol=Youtube new-connection-mark=YouTube_Conn_Up passthrough=\ yesadd action=mark-packet chain=forward connection-mark=YouTube_Conn_Up \ disabled=yes new-packet-mark=YouTube_Pk_Up passthrough=noadd action=mark-connection chain=forward comment="QoS Facebook" disabled=yes \ in-interface-list=WANAll layer7-protocol=Facebook new-connection-mark=\ Facebook_Conn_Down passthrough=yesadd action=mark-packet chain=forward connection-mark=Facebook_Conn_Down \ disabled=yes new-packet-mark=Facebook_Pk_Down passthrough=noadd action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \ layer7-protocol=Facebook new-connection-mark=Facebook_Conn_Up \ passthrough=yesadd action=mark-packet chain=forward connection-mark=Facebook_Conn_Up \ disabled=yes new-packet-mark=Facebook_Pk_Up passthrough=noadd action=add-dst-to-address-list address-list=Streaming_users \ address-list-timeout=12h chain=prerouting comment=ReRoute \ connection-mark=no-mark content=netflix disabled=yes dst-port=53 \ in-interface-list=LAN protocol=udpadd action=mark-connection chain=prerouting connection-mark=no-mark disabled=\ yes dst-address-list=Streaming_users in-interface-list=LAN \ new-connection-mark=markStreamers passthrough=yesadd action=mark-routing chain=prerouting connection-mark=markStreamers \ disabled=yes new-routing-mark=routeStreamers passthrough=noadd action=mark-connection chain=prerouting comment=Facebook connection-mark=\ no-mark content=facebook disabled=yes dst-port=53 new-connection-mark=\ facebook_conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=FACEBOOK_CONN \ disabled=yes new-packet-mark=FACEBOOK_PACKET passthrough=yesadd action=mark-connection chain=prerouting comment=YouTube connection-mark=\ no-mark content=youtube disabled=yes dst-port=53 new-connection-mark=\ youtube_conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=YOUTUBE_CONN \ disabled=yes new-packet-mark=YOUTUBE_PACKET passthrough=yesadd action=mark-connection chain=prerouting comment=Netflix connection-mark=\ no-mark content=netflix disabled=yes dst-port=53 new-connection-mark=\ netflix_conn passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=NETFLIX_CONN \ disabled=yes new-packet-mark=NETFLIX_PACKET passthrough=yesadd action=mark-connection chain=forward comment="Marcado ICMP" \ connection-mark=no-mark disabled=yes new-connection-mark=icmp_conn \ passthrough=yes protocol=icmpadd action=mark-packet chain=forward connection-mark=icmp_conn disabled=yes \ new-packet-mark=icmp_packet passthrough=noadd action=mark-connection chain=forward comment=\ "Marcado WEB HTTP HTTPS con TCP" connection-mark=no-mark disabled=yes \ dst-port=80,443 new-connection-mark=web_conn passthrough=yes protocol=tcpadd action=mark-packet chain=forward connection-mark=web_conn disabled=yes \ new-packet-mark=web_packet passthrough=noadd action=mark-connection chain=forward comment="Marcado Trafico QUIC" \ connection-mark=no-mark disabled=yes new-connection-mark=quic_conn \ passthrough=yes protocol=udpadd action=mark-packet chain=forward connection-mark=quic_conn disabled=yes \ new-packet-mark=quic_packet passthrough=noadd action=mark-connection chain=forward comment="Marcado Resto Trafico" \ connection-mark=no-mark disabled=yes new-connection-mark=resto_conn \ passthrough=yesadd action=mark-packet chain=forward connection-mark=resto_conn disabled=yes \ new-packet-mark=resto_packet passthrough=noadd action=mark-connection chain=forward comment="Mark IPsec" disabled=yes \ ipsec-policy=in,ipsec new-connection-mark=ipsec passthrough=yesadd action=mark-connection chain=forward disabled=yes ipsec-policy=out,ipsec \ new-connection-mark=ipsec passthrough=yesadd action=mark-connection chain=forward comment="Test Facebook" content=\ facebook disabled=yes dst-port=53 in-interface=bridgeLAN \ new-connection-mark=FACEBOOK_CONN_Down passthrough=yes protocol=udpadd action=mark-packet chain=forward connection-mark=FACEBOOK_CONN_Down \ disabled=yes new-packet-mark=FACEBOOK_PACKET_Down passthrough=yes/ip firewall natadd action=masquerade chain=srcnat comment="Hairpin NAT Masq" dst-address=\ 192.168.0.0/24 src-address=192.168.0.0/24add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yesadd action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface=ether1-WAN1add action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface=pppoe-Telnoradd action=masquerade chain=srcnat comment="TorGuard OpenVPN" out-interface=\ TorGuardadd action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \ out-interface-list=WANAlladd action=masquerade chain=srcnat comment="defconf: masquerade" src-address=\ 192.168.20.0/24add action=dst-nat chain=dstnat comment="UbuntuProxy SSH" dst-address-list=\ WAN2-ADDR dst-port=22 log-prefix="SSH: " protocol=tcp to-addresses=\ 192.168.0.7 to-ports=22add action=dst-nat chain=dstnat comment=WinServer dst-address-list=WAN2-ADDR \ dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.0.15 \ to-ports=443add action=dst-nat chain=dstnat dst-address-list=WAN2-ADDR dst-address-type=\ "" dst-port=80 protocol=tcp to-addresses=192.168.0.15 to-ports=80add action=dst-nat chain=dstnat comment=Pi-Hole disabled=yes \ dst-address-list=!NoPiHole dst-port=53 protocol=udp src-address-list=\ !NoPiHole to-addresses=192.168.0.8add action=dst-nat chain=dstnat disabled=yes dst-address-list=!NoPiHole \ dst-port=53 protocol=tcp src-address-list=!NoPiHole to-addresses=\ 192.168.0.8add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \ dst-port=53 protocol=udp src-address=192.168.0.0/24add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \ dst-port=53 protocol=tcp src-address=192.168.0.0/24add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \ dst-port=53 protocol=udp src-address=192.168.20.0/24add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \ dst-port=53 protocol=tcp src-address=192.168.20.0/24add action=dst-nat chain=dstnat comment=ESXi disabled=yes dst-address-type=\ local dst-port=440 protocol=tcp to-addresses=192.168.0.6 to-ports=443add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\ 902 protocol=tcp to-addresses=192.168.0.6 to-ports=902add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\ 903 protocol=tcp to-addresses=192.168.0.6 to-ports=903add action=dst-nat chain=dstnat comment="UbuntuProxy Webmin" disabled=yes \ dst-address-list=WAN2-ADDR dst-address-type="" dst-port=10000 protocol=\ tcp to-addresses=192.168.0.7 to-ports=10000add action=dst-nat chain=dstnat comment="WS2019 Prtg" disabled=yes \ dst-address-list=WAN2-ADDR dst-address-type="" dst-port=450 protocol=tcp \ to-addresses=192.168.0.19 to-ports=443add action=dst-nat chain=dstnat comment=Proxmox disabled=yes \ dst-address-type=local dst-port=8006 protocol=tcp to-addresses=\ 192.168.0.6 to-ports=8006add action=dst-nat chain=dstnat comment="Redirect DNS" disabled=yes dst-port=\ 53 protocol=tcp to-addresses=192.168.0.250 to-ports=53add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp \ to-addresses=192.168.0.250 to-ports=53add action=dst-nat chain=dstnat comment=Win10v disabled=yes dst-address-type=\ local dst-port=8080 in-interface=TorGuard protocol=tcp to-addresses=\ 192.168.0.118 to-ports=8080add action=dst-nat chain=dstnat comment=VPN disabled=yes dst-address-type=\ local dst-port=1194 protocol=udp to-addresses=192.168.0.17 to-ports=1194/ip routeadd check-gateway=ping distance=1 gateway=pppoe-Telnor routing-mark=TelnorWANadd check-gateway=ping distance=1 gateway=TorGuard routing-mark=VPN scope=255add check-gateway=ping disabled=yes distance=1 gateway=10.65.128.1 \ routing-mark=IzziWAN scope=255add check-gateway=ping distance=2 gateway=8.8.4.4/ip traffic-flowset enabled=yes interfaces=ether1-WAN1,pppoe-Telnor,TorGuard/ip traffic-flow targetadd dst-address=192.168.0.19 port=1234 version=ipfix/ip upnpset allow-disable-external-interface=yes enabled=yes/ip upnp interfacesadd interface=bridgeLAN type=internaladd interface=ether1-WAN1 type=externaladd interface=ether5-WAN2 type=external/snmpset contact=RobsGax enabled=yes location="Home hAP ac2" trap-version=2/system clockset time-zone-autodetect=no time-zone-name=America/Los_Angeles/system identityset name="hAP ac^2"/system loggingset 3 action=memoryadd topics=wireless,debugadd action=disk1 topics=criticaladd action=disk1 topics=erroradd action=disk1 topics=infoadd action=disk1 topics=warningadd action=disk1 topics=wireless,debugadd topics=e-mail,debugadd action=disk1 topics=e-mail,debugadd action=disk1 topics=caps,debugadd topics=caps,debugadd action=snmpdisk disabled=yes topics=snmpadd action=remote disabled=yes prefix=MikroTik topics=dhcpadd action=remote disabled=yes/system scheduleradd interval=30m name=sched_NoIp_1 on-event="/system script run NO_IP_1" \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=aug/31/2019 start-time=15:00:00add interval=1d name="Firmware Updater" on-event=\ "/system script run BackupAndUpdate;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=jan/21/2020 start-time=06:50:00add disabled=yes interval=5m name="Data to Splunk" on-event=\ Data_to_Splunk_using_Syslog policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=feb/28/2020 start-time=08:25:01add interval=30m name=sched_NoIp_2 on-event="/system script run NO_IP_2" \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=aug/31/2019 start-time=15:00:00/system scriptadd dont-require-permissions=no name=No_IP_1 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ ---------------------------------------------------SCRIPT INFORMATION-----\ -----------------------------------------------\r\ \n#\r\ \n# Script: Marthur's No-IP.com Dynamic DNS Update Script\r\ \n# Version: 1.0\r\ \n# Updated: 07/30/2018\r\ \n# Created: 10/21/2017\r\ \n# Author: Marthur Jones\r\ \n# Website: https://www.marthur.com\r\ \n#\r\ \n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \ Service. It is to be scheduled/ran on a Mikrotik \r\ \n# router as replacement for No-IP's Dynamic Update Client for Windows. T\ here are many versions of this script. However, \r\ \n# I've made my own modifications to the original script that was created\ \_on March 13, 2012 by riverron and published on\r\ \n# the MikroTik Wiki here:\r\ \n#\r\ \n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\ \r\ \n#\r\ \n# - Changed the scope of the variable that stores the previous IP addres\ s from global to local. The local variable's value \r\ \n# (IP address) is now assigned via MikroTik's DNS resolution. The scri\ pt compares the previous IP with the current IP \r\ \n# that is assigned to the WAN interface, if the IP addresses do not ma\ tch, the script will update the No-IP hostname\r\ \n# with the IP assigned to the WAN interface.\r\ \n#\r\ \n# - Added variable to define the log destination path that the script pu\ lls from No-IP.com after a DDNS IP update.\r\ \n#\r\ \n# - Made variable name changes.\r\ \n#\r\ \n#-----------------------------------------------TESTED USING THE FOLLOWI\ NG------------------------------------------------\r\ \n#\r\ \n# Hardware: CCR1009-7G-1C-1S+\r\ \n# Firmware: v3.41\r\ \n# RouterOS: v6.40.4\r\ \n#\r\ \n#----------------------------------------------MODIFY THIS SECTION AS NE\ EDED----------------------------------------------\r\ \n\r\ \n# No-IP account credentials.\r\ \n:local noipUsername \"@\"\r\ \n:local noipPassword \"\"\r\ \n\r\ \n# Set the hostname or label of network to be updated.\r\ \n# Hostnames with spaces are unsupported. Replace the value in the quotat\ ions below with your host names.\r\ \n# To specify multiple hosts, separate them with commas.\r\ \n:local noipHostname \"pendejerto.no-ip.org\"\r\ \n\r\ \n# The interface name with the assigned dynamic IP address (usually the W\ AN interface).\r\ \n:local wanInterface \"ether1\"\r\ \n\r\ \n# Log destination\r\ \n:local logDestination \"/disk1/logs/\"\r\ \n\r\ \n#-----------------------------------------------------------------------\ --------------------------------------------------\r\ \n\r\ \n:log warning message=\"START: No-IP DDNS Update\"\r\ \n\r\ \n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\ \n\r\ \n# Get the previous IP via DNS resolution.\r\ \n :local previousIP [:resolve \"\$noipHostname\"]\r\ \n\r\ \n# Get the current IP on the WAN interface.\r\ \n :local currentIP [/ip address get [find interface=\"\$wanInterface\"\ \_disabled=no] address]\r\ \n\r\ \n# Strip net mask from IP address.\r\ \n :for i from=([:len \$currentIP] - 1) to=0 do={\r\ \n :if ([:pick \$currentIP \$i] = \"/\") do={\r\ \n :set currentIP [:pick \$currentIP 0 \$i]\r\ \n }\r\ \n }\r\ \n\r\ \n :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\ \"\r\ \n \r\ \n :if (\$currentIP != \$previousIP) do={\r\ \n :log info \"No-IP: Current IP \$currentIP is not equal to previo\ us IP, update needed\"\r\ \n\r\ \n# The update URL. The \"\\3F\" is hex for question mark (\?). This\ \_is required since \? is a special character in the command.\r\ \n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\ rentIP\"\r\ \n :local noipHostnames\r\ \n :set noipHostnames [:toarray \$noipHostname]\r\ \n :foreach hostname in=\$noipHostnames do={\r\ \n :log info \"No-IP: Sending update for \$hostname\"\r\ \n /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\ ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \ \"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\ \n :log info \"No-IP: Host \$hostname updated on No-IP with IP \ \$currentIP\"\r\ \n }\r\ \n } else={\r\ \n :log info \"No-IP: Previous IP \$previousIP is equal to current \ IP, no update needed\"\r\ \n }\r\ \n\r\ \n} else={\r\ \n :log info \"No-IP: \$wanInterface is not currently running, unable t\ o verify and/or update IP.\"\r\ \n }\r\ \n \r\ \n:log warning message=\"END: No-IP DDNS Update\""add dont-require-permissions=no name=No_IP_2 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ ---------------------------------------------------SCRIPT INFORMATION-----\ -----------------------------------------------\r\ \n#\r\ \n# Script: Marthur's No-IP.com Dynamic DNS Update Script\r\ \n# Version: 1.0\r\ \n# Updated: 07/30/2018\r\ \n# Created: 10/21/2017\r\ \n# Author: Marthur Jones\r\ \n# Website: https://www.marthur.com\r\ \n#\r\ \n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \ Service. It is to be scheduled/ran on a Mikrotik \r\ \n# router as replacement for No-IP's Dynamic Update Client for Windows. T\ here are many versions of this script. However, \r\ \n# I've made my own modifications to the original script that was created\ \_on March 13, 2012 by riverron and published on\r\ \n# the MikroTik Wiki here:\r\ \n#\r\ \n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\ \r\ \n#\r\ \n# - Changed the scope of the variable that stores the previous IP addres\ s from global to local. The local variable's value \r\ \n# (IP address) is now assigned via MikroTik's DNS resolution. The scri\ pt compares the previous IP with the current IP \r\ \n# that is assigned to the WAN interface, if the IP addresses do not ma\ tch, the script will update the No-IP hostname\r\ \n# with the IP assigned to the WAN interface.\r\ \n#\r\ \n# - Added variable to define the log destination path that the script pu\ lls from No-IP.com after a DDNS IP update.\r\ \n#\r\ \n# - Made variable name changes.\r\ \n#\r\ \n#-----------------------------------------------TESTED USING THE FOLLOWI\ NG------------------------------------------------\r\ \n#\r\ \n# Hardware: CCR1009-7G-1C-1S+\r\ \n# Firmware: v3.41\r\ \n# RouterOS: v6.40.4\r\ \n#\r\ \n#----------------------------------------------MODIFY THIS SECTION AS NE\ EDED----------------------------------------------\r\ \n\r\ \n# No-IP account credentials.\r\ \n:local noipUsername \"@\"\r\ \n:local noipPassword \"\"\r\ \n\r\ \n# Set the hostname or label of network to be updated.\r\ \n# Hostnames with spaces are unsupported. Replace the value in the quotat\ ions below with your host names.\r\ \n# To specify multiple hosts, separate them with commas.\r\ \n:local noipHostname \"robslamp.servehttp.com\"\r\ \n\r\ \n# The interface name with the assigned dynamic IP address (usually the W\ AN interface).\r\ \n:local wanInterface \"ether1\"\r\ \n\r\ \n# Log destination\r\ \n:local logDestination \"/disk1/logs/\"\r\ \n\r\ \n#-----------------------------------------------------------------------\ --------------------------------------------------\r\ \n\r\ \n:log warning message=\"START: No-IP DDNS Update\"\r\ \n\r\ \n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\ \n\r\ \n# Get the previous IP via DNS resolution.\r\ \n :local previousIP [:resolve \"\$noipHostname\"]\r\ \n\r\ \n# Get the current IP on the WAN interface.\r\ \n :local currentIP [/ip address get [find interface=\"\$wanInterface\"\ \_disabled=no] address]\r\ \n\r\ \n# Strip net mask from IP address.\r\ \n :for i from=([:len \$currentIP] - 1) to=0 do={\r\ \n :if ([:pick \$currentIP \$i] = \"/\") do={\r\ \n :set currentIP [:pick \$currentIP 0 \$i]\r\ \n }\r\ \n }\r\ \n\r\ \n :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\ \"\r\ \n \r\ \n :if (\$currentIP != \$previousIP) do={\r\ \n :log info \"No-IP: Current IP \$currentIP is not equal to previo\ us IP, update needed\"\r\ \n\r\ \n# The update URL. The \"\\3F\" is hex for question mark (\?). This\ \_is required since \? is a special character in the command.\r\ \n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\ rentIP\"\r\ \n :local noipHostnames\r\ \n :set noipHostnames [:toarray \$noipHostname]\r\ \n :foreach hostname in=\$noipHostnames do={\r\ \n :log info \"No-IP: Sending update for \$hostname\"\r\ \n /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\ ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \ \"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\ \n :log info \"No-IP: Host \$hostname updated on No-IP with IP \ \$currentIP\"\r\ \n }\r\ \n } else={\r\ \n :log info \"No-IP: Previous IP \$previousIP is equal to current \ IP, no update needed\"\r\ \n }\r\ \n\r\ \n} else={\r\ \n :log info \"No-IP: \$wanInterface is not currently running, unable t\ o verify and/or update IP.\"\r\ \n }\r\ \n \r\ \n:log warning message=\"END: No-IP DDNS Update\""add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_Script name: BackupAndUpdate\r\ \n#\r\ \n#----------SCRIPT INFORMATION-------------------------------------------\ --------\r\ \n#\r\ \n# Script: Mikrotik RouterOS automatic backup & update\r\ \n# Version: 20.04.17\r\ \n# Created: 07/08/2018\r\ \n# Updated: 17/04/2020\r\ \n# Author: Alexander Tebiev\r\ \n# Website: https://github.com/beeyev\r\ \n# You can contact me by e-mail at tebiev@mail.com\r\ \n#\r\ \n# IMPORTANT!\r\ \n# Minimum supported RouterOS version is v6.43.7\r\ \n#\r\ \n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\ --------\r\ \n## Notification e-mail\r\ \n## (Make sure you have configurated Email settings in Tools -> Email)\r\ \n:local emailAddress \"recgaxiola@gmail.com\";\r\ \n\r\ \n## Script mode, possible values: backup, osupdate, osnotify.\r\ \n# backup \t- \tOnly backup will be performed. (default value, if none pr\ ovided)\r\ \n#\r\ \n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\ le.\r\ \n#\t\t\t\tIt will also create backups before and after update process.\r\ \n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\ \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\ \_backups every time when it runs.\r\ \n#\r\ \n# osnotify \t- \tThe script will send email notification only (without b\ ackups) if a new RouterOS is available.\r\ \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\ \_backups every time when it runs.\r\ \n:local scriptMode \"osnotify\";\r\ \n\r\ \n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\ fy`\r\ \n# Set `true` if you want the script to perform backup every time it's fi\ red, whatever script mode is set.\r\ \n:local forceBackup true;\r\ \n\r\ \n## Backup encryption password, no encryption if no password.\r\ \n:local backupPassword \"\"\r\ \n\r\ \n## If true, passwords will be included in exported config.\r\ \n:local sensetiveDataInConfig false;\r\ \n\r\ \n## Update channel. Possible values: stable, long-term, testing, developm\ ent\r\ \n:local updateChannel \"stable\";\r\ \n\r\ \n## Install only patch versions of RouterOS updates.\r\ \n## Works only if you set scriptMode to \"osupdate\"\r\ \n## Means that new update will be installed only if MAJOR and MINOR versi\ on numbers remained the same as currently installed RouterOS.\r\ \n## Example: v6.43.6 => major.minor.PATCH\r\ \n## Script will send information if new version is greater than just patc\ h.\r\ \n:local installOnlyPatchUpdates\tfalse;\r\ \n\r\ \n##----------------------------------------------------------------------\ --------------------##\r\ \n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\ \_YOU ARE DOING !!!! #\r\ \n##----------------------------------------------------------------------\ --------------------##\r\ \n\r\ \n#Script messages prefix\r\ \n:local SMP \"Bkp&Upd:\"\r\ \n\r\ \n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \ update\\\" started.\";\r\ \n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\ \";\r\ \n\r\ \n#Check proper email config\r\ \n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \ or [:len [/tool e-mail get from]] = 0) do={\r\ \n\t:log error (\"\$SMP Email configuration is not correct, please check T\ ools -> Email. Script stopped.\"); \r\ \n\t:error \"\$SMP bye!\";\r\ \n}\r\ \n\r\ \n#Check if proper identity name is set\r\ \nif ([:len [/system identity get name]] = 0 or [/system identity get name\ ] = \"MikroTik\") do={\r\ \n\t:log warning (\"\$SMP Please set identity name of your device (System \ -> Identity), keep it short and informative.\"); \r\ \n};\r\ \n\r\ \n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\ \n# Function converts standard mikrotik build versions to the number.\r\ \n# Possible arguments: paramOsVer\r\ \n# Example:\r\ \n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\ rrent-RouterOS]];\r\ \n# result will be: 64301, because current RouterOS version is: 6.43.1\r\ \n:global buGlobalFuncGetOsVerNum do={\r\ \n\t:local osVer \$paramOsVer;\r\ \n\t:local osVerNum;\r\ \n\t:local osVerMicroPart;\r\ \n\t:local zro 0;\r\ \n\t:local tmp;\r\ \n\t\r\ \n\t# Replace word `beta` with dot\r\ \n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\ \n\t:if (\$isBetaPos > 1) do={\r\ \n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\ \$isBetaPos + 4) [:len \$osVer]]);\r\ \n\t}\r\ \n\t\r\ \n\t:local dotPos1 [:find \$osVer \".\" 0];\r\ \n\r\ \n\t:if (\$dotPos1 > 0) do={ \r\ \n\r\ \n\t\t# AA\r\ \n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\ \n\t\t\r\ \n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\ \n\t\t\t\t#Taking minor version, everything after first dot\r\ \n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\ 1) [:len \$osVer]];}\r\ \n\t\t#Taking minor version, everything between first and second dots\r\ \n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \ \$dotPos2];}\r\ \n\t\t\r\ \n\t\t# AA 0B\r\ \n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\ }\r\ \n\t\t# AA BB\r\ \n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\ \n\t\t\r\ \n\t\t:if (\$dotPos2 > 0) do={ \r\ \n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\ \n\t\t\t# AA BB 0C\r\ \n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\ }\r\ \n\t\t\t# AA BB CC\r\ \n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\ \n\t\t} else={\r\ \n\t\t\t# AA BB 00\r\ \n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\ \n\t\t}\r\ \n\t} else={\r\ \n\t\t# AA 00 00\r\ \n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\ \n\t}\r\ \n\r\ \n\t:return \$osVerNum;\r\ \n}\r\ \n\r\ \n# Function creates backups (system and config) and returns array with na\ mes\r\ \n# Possible arguments: \r\ \n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\ \n#\t`backupPassword`\t\t| string \t|\r\ \n#\t`sensetiveDataInConfig`\t| boolean \t|\r\ \n# Example:\r\ \n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\ \n:global buGlobalFuncCreateBackups do={\r\ \n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\ as fired.\"); \r\ \n\t\r\ \n\t:local backupFileSys \"\$backupName.backup\";\r\ \n\t:local backupFileConfig \"\$backupName.rsc\";\r\ \n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\ \n\r\ \n\t## Make system backup\r\ \n\t:if ([:len \$backupPassword] = 0) do={\r\ \n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\ \n\t} else={\r\ \n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\ \n\t}\r\ \n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\ \n\r\ \n\t## Export config file\r\ \n\t:if (\$sensetiveDataInConfig = true) do={\r\ \n\t\t/export compact file=\$backupName;\r\ \n\t} else={\r\ \n\t\t/export compact hide-sensitive file=\$backupName;\r\ \n\t}\r\ \n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \ \r\ \n\r\ \n\t#Delay after creating backups\r\ \n\t:delay 5s;\t\r\ \n\t:return \$backupNames;\r\ \n}\r\ \n\r\ \n:global buGlobalVarUpdateStep;\r\ \n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\ \n\r\ \n#Current date time in format: 2020jan15-221324 \r\ \n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\ \_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\ pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \ . [:pick [/system clock get time] 6 8]);\r\ \n\r\ \n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\ on];\r\ \n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\ viceOsVerInst];\r\ \n:local deviceOsVerAvail \t\t\"\";\r\ \n:local deviceOsVerAvailNum \t\t0;\r\ \n:local deviceRbModel\t\t\t[/system routerboard get model];\r\ \n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\ \n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\ \r\ \n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\ \r\ \n:local deviceIdentityName \t\t[/system identity get name];\r\ \n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\ \n:local deviceUpdateChannel \t\t[/system package update get channel];\r\ \n\r\ \n:local isOsUpdateAvailable \tfalse;\r\ \n:local isOsNeedsToBeUpdated\tfalse;\r\ \n\r\ \n:local isSendEmailRequired\ttrue;\r\ \n\r\ \n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\ \r\ \n:local mailBody \t \t\t\"\";\r\ \n\r\ \n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\ ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\ : \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\ stem package update get channel]) \$[/system resource get build-time] \\r\ \\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\ stem resource get uptime]\";\r\ \n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\ kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\ ackup-and-update\";\r\ \n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\ om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\ \n\r\ \n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\ bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\ \n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\ \n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\ \n\r\ \n:local backupNameFinal\t\t\$backupName;\r\ \n:local mailAttachments\t\t[:toarray \"\"];\r\ \n\r\ \n:local updateStep \$buGlobalVarUpdateStep;\r\ \n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\ {}\r\ \n:if ([:len \$updateStep] = 0) do={\r\ \n\t:set updateStep 1;\r\ \n}\r\ \n\r\ \n\r\ \n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\ ending email with backups,\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 1) do={\r\ \n\t:log info (\"\$SMP Performing the first step.\"); \r\ \n\r\ \n\t# Checking for new RouterOS version\r\ \n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\ \n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\ \_is: \$deviceOsVerInst\");\r\ \n\t\t/system package update set channel=\$updateChannel;\r\ \n\t\t/system package update check-for-updates;\r\ \n\t\t:delay 5s;\r\ \n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\ \n\r\ \n\t\t# If there is a problem getting information about available RouterOS\ \_from server\r\ \n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\ \n\t\t\t:log warning (\"\$SMP There is a problem getting information about\ \_new RouterOS from server.\");\r\ \n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\ terOS!\")\r\ \n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\ uldn't get any information about new RouterOS from server! \\r\\nWatch add\ itional information in device logs.\")\r\ \n\t\t} else={\r\ \n\t\t\t#Get numeric version of OS\r\ \n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\ eviceOsVerAvail];\r\ \n\r\ \n\t\t\t# Checking if OS on server is greater than installed one.\r\ \n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\ \n\t\t\t\t:set isOsUpdateAvailable true;\r\ \n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\ \");\r\ \n\t\t\t} else={\r\ \n\t\t\t\t:set isSendEmailRequired false;\r\ \n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\ \n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\ \n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\ \r\ \n\t\t\t}\r\ \n\t\t};\r\ \n\t} else={\r\ \n\t\t:set scriptMode \"backup\";\r\ \n\t};\r\ \n\r\ \n\tif (\$forceBackup = true) do={\r\ \n\t\t# In this case the script will always send email, because it has to \ create backups\r\ \n\t\t:set isSendEmailRequired true;\r\ \n\t}\r\ \n\r\ \n\t# if new OS version is available to install\r\ \n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\ {\r\ \n\t\t# If we only need to notify about new available version\r\ \n\t\tif (\$scriptMode = \"osnotify\") do={\r\ \n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \ v.\$deviceOsVerAvail.\")\r\ \n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\ e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\ \")\r\ \n\t\t}\r\ \n\r\ \n\t\t# if we need to initiate RouterOs update process\r\ \n\t\tif (\$scriptMode = \"osupdate\") do={\r\ \n\t\t\t:set isOsNeedsToBeUpdated true;\r\ \n\t\t\t# if we need to install only patch updates\r\ \n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\ \n\t\t\t\t#Check if Major and Minor builds are the same.\r\ \n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\ 2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\ ={\r\ \n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\ vailable.\"); \r\ \n\t\t\t\t} else={\r\ \n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\ ware is available. You need to update it manually.\");\r\ \n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\ eOsVerAvail needs to be installed manually.\");\r\ \n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \ version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \ \\r\\nYou chose to automatically install only patch updates, so this major\ \_update you need to install manually. \\r\\n\$changelogUrl\");\r\ \n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\ \n\t\t\t\t}\r\ \n\t\t\t}\r\ \n\r\ \n\t\t\t#Check again, because this variable could be changed during checki\ ng for installing only patch updats\r\ \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\ viceOsVerInst -> v.\$deviceOsVerAvail\");\r\ \n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\ e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\ \n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \ to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\ il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \ information will be sent when update process is completed. \\r\\nIf you ha\ ve not received second email in the next 5 minutes, then probably somethin\ g went wrong. (Check your device logs)\");\r\ \n\t\t\t\t#!! There is more code connected to this part and first step at \ the end of the script.\r\ \n\t\t\t}\r\ \n\t\t\r\ \n\t\t}\r\ \n\t}\r\ \n\r\ \n\t## Checking If the script needs to create a backup\r\ \n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\ ;\r\ \n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\ BeUpdated = true) do={\r\ \n\t\t:log info (\"\$SMP Creating system backups.\");\r\ \n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\ \n\t\t};\r\ \n\t\tif (\$scriptMode != \"backup\") do={\r\ \n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\ \n\t\t};\r\ \n\r\ \n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\ \n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\ ached to this email.\");\r\ \n\r\ \n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\ pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\ veDataInConfig];\r\ \n\t} else={\r\ \n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\ \n\t}\r\ \n\r\ \n\t# Combine fisrst step email\r\ \n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\ );\r\ \n}\r\ \n\r\ \n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 2) do={\r\ \n\t:log info (\"\$SMP Performing the second step.\"); \r\ \n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\ re\r\ \n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\ \n\t\t:set isSendEmailRequired false;\r\ \n\t\t:delay 10s;\r\ \n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\ rrentFw to v.\$deviceRbUpgradeFw\";\r\ \n\t\t## Start the upgrading process\r\ \n\t\t/system routerboard upgrade;\r\ \n\t\t## Wait until the upgrade is completed\r\ \n\t\t:delay 5s;\r\ \n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\ o reboot in a moment!\";\r\ \n\t\t## Set scheduled task to send final report on the next boot, task wi\ ll be deleted when is is done. (That is why you should keep original scrip\ t name)\r\ \n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\ \":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\ lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\ ate;\" start-time=startup interval=0;\r\ \n\t\t## Reboot system to boot with new firmware\r\ \n\t\t/system reboot;\r\ \n\t} else={\r\ \n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\ ate, skipping this step.\";\r\ \n\t\t:set updateStep 3;\r\ \n\t};\r\ \n}\r\ \n\r\ \n## \tSTEP THREE: Last step (after second reboot) sending final report\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 3) do={\r\ \n\t:log info (\"\$SMP Performing the third step.\"); \r\ \n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\ leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\ \$deviceRbCurrentFw.\";\r\ \n\t## Small delay in case mikrotik needs some time to initialize connecti\ ons\r\ \n\t:log info \"\$SMP The final email with report and backups of upgraded \ system will be sent in a minute.\";\r\ \n\t:delay 1m;\r\ \n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\ ew version: v.\$deviceOsVerInst!\");\r\ \n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\ pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\ are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\ e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\ fo \$mailBodyCopyright\";\r\ \n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\ ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\ iveDataInConfig];\r\ \n}\r\ \n\r\ \n# Remove functions from global environment to keep it fresh and clean.\r\ \n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\ r={}\r\ \n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\ ror={}\r\ \n\r\ \n##\r\ \n## SENDING EMAIL\r\ \n##\r\ \n# Trying to send email with backups in attachment.\r\ \n\r\ \n:if (\$isSendEmailRequired = true) do={\r\ \n\t:log info \"\$SMP Sending email message, it will take around half a mi\ nute...\";\r\ \n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\ mailBody file=\$mailAttachments;} on-error={\r\ \n\t\t:delay 5s;\r\ \n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\ \_last-status]). Going to try it again in a while.\"\r\ \n\r\ \n\t\t:delay 5m;\r\ \n\r\ \n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\ \$mailBody file=\$mailAttachments;} on-error={\r\ \n\t\t\t:delay 5s;\r\ \n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\ et last-status]) for the second time.\"\r\ \n\r\ \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\ \n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\ ocess due to inability to send backups to email.\"\r\ \n\t\t\t}\r\ \n\t\t}\r\ \n\t}\r\ \n\r\ \n\t:delay 30s;\r\ \n\t\r\ \n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\ \_\"succeeded\") do={\r\ \n\t\t:log info \"\$SMP File system cleanup.\"\r\ \n\t\t/file remove \$mailAttachments; \r\ \n\t\t:delay 2s;\r\ \n\t}\r\ \n\t\r\ \n}\r\ \n\r\ \n\r\ \n# Fire RouterOs update process\r\ \nif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\r\ \n\t## Set scheduled task to upgrade routerboard firmware on the next boot\ , task will be deleted when upgrade is done. (That is why you should keep \ original script name)\r\ \n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\ y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\ alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\ -time=startup interval=0;\r\ \n \r\ \n :log info \"\$SMP everything is ready to install new RouterOS, going \ to reboot in a moment!\"\r\ \n\t## command is reincarnation of the \"upgrade\" command - doing exactly\ \_the same but under a different name\r\ \n\t/system package update install;\r\ \n}\r\ \n\r\ \n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\ \\\" completed it's job.\\r\\n\";"add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="# Collect information from Mikrotik RouterOS\r\ \n# v 3.2 Jotne 2019\r\ \n# ----------------------------------\r\ \n\r\ \n\r\ \n# What data to collect. Set to false to skip the section \r\ \n# ----------------------------------\r\ \n:local SystemResource true\r\ \n:local SystemInformation true\r\ \n:local SystemHealth true\r\ \n:local TrafficData true\r\ \n:local uPnP true\r\ \n:local Wireless true\r\ \n:local AddressLists true\r\ \n:local DHCP true\r\ \n:local Neighbor true\r\ \n:local InterfaceData true\r\ \n\r\ \n# Interface to get data from (using regex)\r\ \n:local IF \"ether.*\"\r\ \n# Example\r\ \n# \"ether.*\" All ethernet interfaces\r\ \n# \"^ether[1-5]\\\$\" Only ethernet 1 to 5\r\ \n# \".*\" All interfaces (Briges/VLAN/pptp/Ether ++)\r\ \n# \"ether(1|2)\\\$\" interface ethernet 1 and 2 (/\$ needed to prevent \ ether11 etc)\r\ \n\r\ \n\r\ \n\r\ \n# Collect system resource\r\ \n# ----------------------------------\r\ \nif (\$SystemResource) do={\r\ \n\t:local cpuload ([/system resource get cpu-load])\r\ \n\t:local freemem ([/system resource get free-memory]/1048576)\r\ \n\t:local totmem ([/system resource get total-memory]/1048576)\r\ \n\t:local freehddspace ([/system resource get free-hdd-space]/1048576)\r\ \n\t:local totalhddspace ([/system resource get total-hdd-space]/1048576)\ \r\ \n\t:local up ([/system resource get uptime])\r\ \n\t:log info message=\"script=resource free_memory=\$freemem MB total_mem\ ory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhd\ dspace MB cpu_load=\$cpuload uptime=\$up\"\r\ \n}\r\ \n\r\ \n\r\ \n# Get traffic data (accounting data)\r\ \n# ----------------------------------\r\ \nif (\$TrafficData) do={\r\ \n# Test if fasttrack is enabled and give warning\r\ \n\t:if ([/ip firewall filter find where (action=fasttrack-connection && !\ disabled)] != \"\") do={\r\ \n\t\t:log info message=(\"script=traffic,fasttrack=1\")\r\ \n\t} else={\r\ \n\t\t:log info message=(\"script=traffic,fasttrack=0\")\r\ \n\t}\r\ \n# Test if accounting is enabled and if yes, get data\r\ \n\tif ([/ip accounting get enabled]=yes) do={\r\ \n\t\t/ip accounting snapshot take\r\ \n# Get uncounted data\r\ \n\t\t/ip accounting uncounted {\r\ \n\t\t\t:log info message=(\"script=uncounted,bytes=\".[get bytes].\",pack\ ets=\".[get packets])}\r\ \n# Send data to loggin server\r\ \n\t\tforeach logline in=[/ip accounting snapshot find] do={\r\ \n\t\t\t:local output \"\$[/ip accounting snapshot print as-value from=\$l\ ogline]\"\r\ \n\t\t\t:set ( \"\$output\"->\"script\" ) \"traffic\"\r\ \n\t\t\t:log info message=\"\$output\"\r\ \n\t\t}\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Get interface data\r\ \n# ----------------------------------\r\ \nif (\$InterfaceData) do={\r\ \n\t:foreach interface in=[/interface find where name~\"\$IF\"] do={\r\ \n\t\t:delay 100ms\r\ \n\t\t:local iname [/interface get \$interface name]\r\ \n\t\t:local monitor [/interface monitor-traffic \$interface as-value once\ ]\r\ \n\t\t:local speedRX (\$monitor->\"rx-bits-per-second\")\r\ \n\t\t:local speedTX (\$monitor->\"tx-bits-per-second\")\r\ \n\t\t:log info message=\"script=monitor interface=\$iname RX=\$speedRX bp\ s TX=\$speedTX bps\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Finding dynmaic lines used in uPnP\r\ \n# ----------------------------------\r\ \nif (\$uPnP) do={\r\ \n\t:foreach logline in=[/ip firewall nat find dynamic=yes] do={\r\ \n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\ \r\ \n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\ \n\t\t:log info message=\"\$output\" \r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Collect system information\r\ \n# ----------------------------------\r\ \nif (\$SystemInformation) do={\r\ \n\t:local version ([/system resource get version])\r\ \n\t:local board ([/system resource get board-name])\r\ \n\t:local model ([/system routerboard get model]);\r\ \n\t:local serial ([/system routerboard get serial-number])\r\ \n\t:local identity ([/system identity get name])\r\ \n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-nam\ e=\\\"\$board\\\" model=\\\"\$model\\\" serial=\$serial identity=\\\"\$ide\ ntity\\\"\"\r\ \n}\r\ \n\r\ \n\r\ \n# Collect system health\r\ \n# ----------------------------------\r\ \nif (\$SystemHealth) do={\r\ \n\t:if (([/system health get]~\"state=disabled\" || [/system health get]=\ \"\")=false) do={\r\ \n\t\t:local voltage ([/system health get voltage]/10)\r\ \n\t\t:local temperature ([/system health get temperature])\r\ \n\t\t:log info message=\"script=health voltage=\$voltage V temperature=\$\ temperature C\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Sends wireless client data to log server\r\ \n# ----------------------------------\r\ \nif (\$Wireless) do={\r\ \n\t:do {\r\ \n\t\t:if ([:len [/interface wireless find ]]>0) do={\r\ \n\t\t\t:foreach logline in=[/interface wireless registration-table find] \ do={\r\ \n\t\t\t\t:local output \"\$[/interface wireless registration-table print \ \_as-value from=\$logline]\"\r\ \n\t\t\t\t:set ( \"\$output\"->\"script\" ) \"wifi\"\r\ \n\t\t\t\t:log info message=\"\$output\"\r\ \n\t\t\t}\r\ \n\t\t}\r\ \n\t} on-error={}\r\ \n}\r\ \n\r\ \n\r\ \n# Count IP in address-lists\r\ \n#----------------------------------\r\ \nif (\$AddressLists) do={\r\ \n\t:local array [ :toarray \"\" ]\r\ \n\t:local addrcntdyn [:toarray \"\"] \r\ \n\t:local addrcntstat [:toarray \"\"] \r\ \n\t:local test\r\ \n\t:foreach id in=[/ip firewall address-list find] do={\r\ \n\t\t:local rec [/ip firewall address-list get \$id]\r\ \n\t\t:local listname (\$rec->\"list\")\r\ \n\t\t:local listdynamic (\$rec->\"dynamic\")\r\ \n\t\t:set ( \$array->\$listname ) 1\r\ \n\t\tif (\$listdynamic = true) do={\r\ \n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\ \n\t\t} else={\r\ \n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\ \n\t}\r\ \n\t:foreach k,v in=\$array do={\r\ \n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$ad\ drcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\ \n}\r\ \n\r\ \n\r\ \n# Get MNDP (CDP) Neighbors\r\ \n# ----------------------------------\r\ \nif (\$Neighbor) do={\r\ \n\t:foreach neighborID in=[/ip neighbor find] do={\r\ \n\t\t:local nb [/ip neighbor get \$neighborID]\r\ \n\t\t:foreach key,value in=\$nb do={\r\ \n\t\t\t:local newline [:find \$value \"\\n\"]\r\ \n\t\t\t:if ([\$newline]>0) do={\r\ \n\t\t\t\t:set \$value [:pick \$value 0 \$newline]\r\ \n\t\t\t}\r\ \n\t\t\t:set ( \"\$nb\"->\"\$key\" ) \"\\\"\$value\\\"\"\r\ \n\t\t}\r\ \n\t\t:set ( \"\$nb\"->\"script\" ) \"\\\"neighbor\\\"\"\r\ \n\t\t:log info message=\"\$nb\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Collect DHCP Pool information\r\ \n# ----------------------------------\r\ \nif (\$DHCP) do={\r\ \n\t/ip pool {\r\ \n\t\t:local poolname\r\ \n\t\t:local pooladdresses\r\ \n\t\t:local poolused\r\ \n\t\t:local minaddress\r\ \n\t\t:local maxaddress\r\ \n\t\t:local findindex\r\ \n\r\ \n# Iterate through IP Pools\r\ \n\t\t:foreach pool in=[find] do={\r\ \n\t\t\t:set poolname [get \$pool name]\r\ \n\t\t\t:set pooladdresses 0\r\ \n\t\t\t:set poolused 0\r\ \n\r\ \n# Iterate through current pool's IP ranges\r\ \n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\ \n\r\ \n# Get min and max addresses\r\ \n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\ \n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\ \n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\ \n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:le\ n [:tostr \$range]]]\r\ \n\t\t\t\t} else={\r\ \n\t\t\t\t\t:set minaddress [:tostr \$range]\r\ \n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\ \n\t\t\t\t}\r\ \n\r\ \n# Calculate number of ip in one range\r\ \n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\ \n\r\ \n# /foreach range\r\ \n\t\t\t}\r\ \n\r\ \n# Test if pools is used in DHCP or VPN and show leases used\r\ \n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\ \r\ \n\t\t\t:if ([:len \$dname] = 0) do={\r\ \n# No DHCP server found, assume VPN\r\ \n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\ \n\t\t\t} else={\r\ \n# DHCP server found, count leases\r\ \n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poo\ lname] name]\r\ \n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$d\ name]]}\r\ \n\r\ \n# Send data\r\ \n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused t\ otal=\$pooladdresses\")\r\ \n\r\ \n# /foreach pool\r\ \n\t\t}\r\ \n# /ip pool\r\ \n\t}\r\ \n}\r\ \n"add dont-require-permissions=no name=RegList owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local maccaps\r\ \n:local macdhcp\r\ \n:local name\r\ \n:foreach i in=[/caps-man registration-table find ] do={\r\ \n\t:set maccaps ( [/caps-man registration-table get value-name=mac-addres\ s number=\$i])\r\ \n\t:foreach j in=[/ip dhcp-server lease find ] do={\r\ \n\t\t:set macdhcp ( [/ip dhcp-server lease get value-name=mac-address num\ ber=\$j])\r\ \n\t\t:set name [/ip dhcp-server lease get [find where mac-address=\$macdh\ cp] comment ] \r\ \n\t\t:if (\$maccaps = \$macdhcp ) do={\r\ \n\t\t/caps-man access-list disable [find mac-address=\$macdhcp]\r\ \n\t\t/caps-man access-list add mac-address=\$macdhcp comment=\$name\r\ \n\t\t}\r\ \n\t\t}\t\r\ \n\t}\r\ \n/caps-man access-list remove [find where disabled]"/tool e-mailset address= from="" port= start-tls=yes \ user=/tool graphing interfaceadd/tool graphing queueadd/tool graphing resourceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool snifferset filter-interface=all filter-ip-address=192.168.0.120/32 streaming-server=\ 192.168.0.3

# jul/03/2020 06:51:06 by RouterOS 6.46.6# software id = WATD-YHFU## model = RouterBOARD cAP Gi-5acD2nD# serial number = /interface bridgeadd admin-mac=64:D1:54:F7:B2:CD auto-mac=no comment=defconf name=bridgeLocal/interface listadd name=WANadd name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTikadd authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \ management-protection=allowed mode=dynamic-keys name=wlan \ supplicant-identity=""add authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \ management-protection=allowed mode=dynamic-keys name=wlan_guest \ supplicant-identity=""/interface wireless# managed by CAPsMAN# channel: 2412/20/gn(28dBm), SSID: RECGV, local forwardingset [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ band=2ghz-g/n country=mexico disabled=no frequency=2462 \ hw-protection-mode=rts-cts hw-retries=4 installation=indoor mode=\ ap-bridge multicast-helper=full security-profile=wlan ssid=RECGV \ wmm-support=enabled wps-mode=disabled# managed by CAPsMAN# channel: 5180/20-Ceee/ac(28dBm), SSID: RECGV, local forwardingset [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \ antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=\ mexico disabled=no mode=ap-bridge security-profile=wlan ssid=RECGV \ wmm-support=enabled/ip hotspot profileset [ find default=yes ] html-directory=flash/hotspot/user groupset full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff,sensitive,api,romon,dude,tikapp"/interface bridge portadd bridge=bridgeLocal comment=defconf interface=ether1add bridge=bridgeLocal interface=ether2/interface detect-internetset detect-interface-list=LAN/interface list memberadd interface=ether1 list=LANadd interface=ether2 list=LANadd interface=wlan2 list=LANadd interface=wlan1 list=LAN/interface wireless access-listadd vlan-mode=no-tag/interface wireless cap# set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \ interfaces=wlan1,wlan2/ip addressadd address=192.168.0.2/24 interface=bridgeLocal network=192.168.0.0/ip dhcp-clientadd comment=defconf interface=bridgeLocal/ip dnsset allow-remote-requests=yes servers=192.168.0.1/ip firewall filteradd action=accept chain=input comment="ICMP from Chromecast into Router" \ disabled=yes in-interface=bridgeLocal protocol=icmpadd action=accept chain=icmp_chain comment="ICMP on Chromecast" disabled=yes \ dst-address=8.8.8.8 in-interface=bridgeLocal protocol=icmpadd action=accept chain=input comment="defconf: accept ICMP" disabled=yes \ protocol=icmpadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked disabled=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked disabled=yesadd action=drop chain=forward disabled=yes log=yes log-prefix="drop "/ip firewall mangleadd action=set-priority chain=postrouting comment="Set priority for WMM" \ new-priority=from-dscp-high-3-bits passthrough=yes/ip routeadd distance=1 gateway=192.168.0.1/ip traffic-flowset cache-entries=32k/ip traffic-flow targetadd dst-address=192.168.0.19 port=1234 version=ipfix/ip upnpset allow-disable-external-interface=yes enabled=yes show-dummy-rule=no/ip upnp interfacesadd interface=bridgeLocal type=internaladd interface=ether1 type=internal/snmpset contact=RobsGax enabled=yes location="Home cAP ac"/system clockset time-zone-autodetect=no time-zone-name=America/Los_Angeles/system identityset name="cAP ac"/system ledsadd interface=bridgeLocal leds=user-led type=interface-status/system loggingadd topics=caps,debugadd topics=wireless,debugadd topics=e-mail,debug/system routerboard mode-buttonset enabled=yes on-event=dark-mode/system scheduleradd interval=1d name="Firmware Updater" on-event=\ "/system script run BackupAndUpdate;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=jan/21/2020 start-time=06:51:00add interval=1d name=ledsOn on-event="/system script run ledOn;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=feb/02/2020 start-time=06:30:00add interval=1d name=ledsOff on-event="/system script run ledOff;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=feb/01/2020 start-time=21:00:00/system scriptadd dont-require-permissions=no name=dark-mode owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \ :if ([system leds settings get all-leds-off] = \"never\") do={\r\ \n /system leds settings set all-leds-off=immediate \r\ \n } else={\r\ \n /system leds settings set all-leds-off=never \r\ \n } "add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_Script name: BackupAndUpdate\r\ \n#\r\ \n#----------SCRIPT INFORMATION-------------------------------------------\ --------\r\ \n#\r\ \n# Script: Mikrotik RouterOS automatic backup & update\r\ \n# Version: 20.04.17\r\ \n# Created: 07/08/2018\r\ \n# Updated: 17/04/2020\r\ \n# Author: Alexander Tebiev\r\ \n# Website: https://github.com/beeyev\r\ \n# You can contact me by e-mail at tebiev@mail.com\r\ \n#\r\ \n# IMPORTANT!\r\ \n# Minimum supported RouterOS version is v6.43.7\r\ \n#\r\ \n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\ --------\r\ \n## Notification e-mail\r\ \n## (Make sure you have configurated Email settings in Tools -> Email)\r\ \n:local emailAddress \"recgaxiola@gmail.com\";\r\ \n\r\ \n## Script mode, possible values: backup, osupdate, osnotify.\r\ \n# backup \t- \tOnly backup will be performed. (default value, if none pr\ ovided)\r\ \n#\r\ \n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\ le.\r\ \n#\t\t\t\tIt will also create backups before and after update process.\r\ \n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\ \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\ \_backups every time when it runs.\r\ \n#\r\ \n# osnotify \t- \tThe script will send email notification only (without b\ ackups) if a new RouterOS is available.\r\ \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\ \_backups every time when it runs.\r\ \n:local scriptMode \"osnotify\";\r\ \n\r\ \n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\ fy`\r\ \n# Set `true` if you want the script to perform backup every time it's fi\ red, whatever script mode is set.\r\ \n:local forceBackup true;\r\ \n\r\ \n## Backup encryption password, no encryption if no password.\r\ \n:local backupPassword \"\"\r\ \n\r\ \n## If true, passwords will be included in exported config.\r\ \n:local sensetiveDataInConfig false;\r\ \n\r\ \n## Update channel. Possible values: stable, long-term, testing, developm\ ent\r\ \n:local updateChannel \"stable\";\r\ \n\r\ \n## Install only patch versions of RouterOS updates.\r\ \n## Works only if you set scriptMode to \"osupdate\"\r\ \n## Means that new update will be installed only if MAJOR and MINOR versi\ on numbers remained the same as currently installed RouterOS.\r\ \n## Example: v6.43.6 => major.minor.PATCH\r\ \n## Script will send information if new version is greater than just patc\ h.\r\ \n:local installOnlyPatchUpdates\tfalse;\r\ \n\r\ \n##----------------------------------------------------------------------\ --------------------##\r\ \n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\ \_YOU ARE DOING !!!! #\r\ \n##----------------------------------------------------------------------\ --------------------##\r\ \n\r\ \n#Script messages prefix\r\ \n:local SMP \"Bkp&Upd:\"\r\ \n\r\ \n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \ update\\\" started.\";\r\ \n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\ \";\r\ \n\r\ \n#Check proper email config\r\ \n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \ or [:len [/tool e-mail get from]] = 0) do={\r\ \n\t:log error (\"\$SMP Email configuration is not correct, please check T\ ools -> Email. Script stopped.\"); \r\ \n\t:error \"\$SMP bye!\";\r\ \n}\r\ \n\r\ \n#Check if proper identity name is set\r\ \nif ([:len [/system identity get name]] = 0 or [/system identity get name\ ] = \"MikroTik\") do={\r\ \n\t:log warning (\"\$SMP Please set identity name of your device (System \ -> Identity), keep it short and informative.\"); \r\ \n};\r\ \n\r\ \n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\ \n# Function converts standard mikrotik build versions to the number.\r\ \n# Possible arguments: paramOsVer\r\ \n# Example:\r\ \n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\ rrent-RouterOS]];\r\ \n# result will be: 64301, because current RouterOS version is: 6.43.1\r\ \n:global buGlobalFuncGetOsVerNum do={\r\ \n\t:local osVer \$paramOsVer;\r\ \n\t:local osVerNum;\r\ \n\t:local osVerMicroPart;\r\ \n\t:local zro 0;\r\ \n\t:local tmp;\r\ \n\t\r\ \n\t# Replace word `beta` with dot\r\ \n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\ \n\t:if (\$isBetaPos > 1) do={\r\ \n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\ \$isBetaPos + 4) [:len \$osVer]]);\r\ \n\t}\r\ \n\t\r\ \n\t:local dotPos1 [:find \$osVer \".\" 0];\r\ \n\r\ \n\t:if (\$dotPos1 > 0) do={ \r\ \n\r\ \n\t\t# AA\r\ \n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\ \n\t\t\r\ \n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\ \n\t\t\t\t#Taking minor version, everything after first dot\r\ \n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\ 1) [:len \$osVer]];}\r\ \n\t\t#Taking minor version, everything between first and second dots\r\ \n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \ \$dotPos2];}\r\ \n\t\t\r\ \n\t\t# AA 0B\r\ \n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\ }\r\ \n\t\t# AA BB\r\ \n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\ \n\t\t\r\ \n\t\t:if (\$dotPos2 > 0) do={ \r\ \n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\ \n\t\t\t# AA BB 0C\r\ \n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\ }\r\ \n\t\t\t# AA BB CC\r\ \n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\ \n\t\t} else={\r\ \n\t\t\t# AA BB 00\r\ \n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\ \n\t\t}\r\ \n\t} else={\r\ \n\t\t# AA 00 00\r\ \n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\ \n\t}\r\ \n\r\ \n\t:return \$osVerNum;\r\ \n}\r\ \n\r\ \n# Function creates backups (system and config) and returns array with na\ mes\r\ \n# Possible arguments: \r\ \n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\ \n#\t`backupPassword`\t\t| string \t|\r\ \n#\t`sensetiveDataInConfig`\t| boolean \t|\r\ \n# Example:\r\ \n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\ \n:global buGlobalFuncCreateBackups do={\r\ \n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\ as fired.\"); \r\ \n\t\r\ \n\t:local backupFileSys \"\$backupName.backup\";\r\ \n\t:local backupFileConfig \"\$backupName.rsc\";\r\ \n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\ \n\r\ \n\t## Make system backup\r\ \n\t:if ([:len \$backupPassword] = 0) do={\r\ \n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\ \n\t} else={\r\ \n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\ \n\t}\r\ \n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\ \n\r\ \n\t## Export config file\r\ \n\t:if (\$sensetiveDataInConfig = true) do={\r\ \n\t\t/export compact file=\$backupName;\r\ \n\t} else={\r\ \n\t\t/export compact hide-sensitive file=\$backupName;\r\ \n\t}\r\ \n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \ \r\ \n\r\ \n\t#Delay after creating backups\r\ \n\t:delay 5s;\t\r\ \n\t:return \$backupNames;\r\ \n}\r\ \n\r\ \n:global buGlobalVarUpdateStep;\r\ \n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\ \n\r\ \n#Current date time in format: 2020jan15-221324 \r\ \n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\ \_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\ pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \ . [:pick [/system clock get time] 6 8]);\r\ \n\r\ \n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\ on];\r\ \n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\ viceOsVerInst];\r\ \n:local deviceOsVerAvail \t\t\"\";\r\ \n:local deviceOsVerAvailNum \t\t0;\r\ \n:local deviceRbModel\t\t\t[/system routerboard get model];\r\ \n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\ \n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\ \r\ \n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\ \r\ \n:local deviceIdentityName \t\t[/system identity get name];\r\ \n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\ \n:local deviceUpdateChannel \t\t[/system package update get channel];\r\ \n\r\ \n:local isOsUpdateAvailable \tfalse;\r\ \n:local isOsNeedsToBeUpdated\tfalse;\r\ \n\r\ \n:local isSendEmailRequired\ttrue;\r\ \n\r\ \n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\ \r\ \n:local mailBody \t \t\t\"\";\r\ \n\r\ \n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\ ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\ : \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\ stem package update get channel]) \$[/system resource get build-time] \\r\ \\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\ stem resource get uptime]\";\r\ \n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\ kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\ ackup-and-update\";\r\ \n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\ om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\ \n\r\ \n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\ bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\ \n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\ \n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\ \n\r\ \n:local backupNameFinal\t\t\$backupName;\r\ \n:local mailAttachments\t\t[:toarray \"\"];\r\ \n\r\ \n:local updateStep \$buGlobalVarUpdateStep;\r\ \n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\ {}\r\ \n:if ([:len \$updateStep] = 0) do={\r\ \n\t:set updateStep 1;\r\ \n}\r\ \n\r\ \n\r\ \n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\ ending email with backups,\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 1) do={\r\ \n\t:log info (\"\$SMP Performing the first step.\"); \r\ \n\r\ \n\t# Checking for new RouterOS version\r\ \n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\ \n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\ \_is: \$deviceOsVerInst\");\r\ \n\t\t/system package update set channel=\$updateChannel;\r\ \n\t\t/system package update check-for-updates;\r\ \n\t\t:delay 5s;\r\ \n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\ \n\r\ \n\t\t# If there is a problem getting information about available RouterOS\ \_from server\r\ \n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\ \n\t\t\t:log warning (\"\$SMP There is a problem getting information about\ \_new RouterOS from server.\");\r\ \n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\ terOS!\")\r\ \n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\ uldn't get any information about new RouterOS from server! \\r\\nWatch add\ itional information in device logs.\")\r\ \n\t\t} else={\r\ \n\t\t\t#Get numeric version of OS\r\ \n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\ eviceOsVerAvail];\r\ \n\r\ \n\t\t\t# Checking if OS on server is greater than installed one.\r\ \n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\ \n\t\t\t\t:set isOsUpdateAvailable true;\r\ \n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\ \");\r\ \n\t\t\t} else={\r\ \n\t\t\t\t:set isSendEmailRequired false;\r\ \n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\ \n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\ \n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\ \r\ \n\t\t\t}\r\ \n\t\t};\r\ \n\t} else={\r\ \n\t\t:set scriptMode \"backup\";\r\ \n\t};\r\ \n\r\ \n\tif (\$forceBackup = true) do={\r\ \n\t\t# In this case the script will always send email, because it has to \ create backups\r\ \n\t\t:set isSendEmailRequired true;\r\ \n\t}\r\ \n\r\ \n\t# if new OS version is available to install\r\ \n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\ {\r\ \n\t\t# If we only need to notify about new available version\r\ \n\t\tif (\$scriptMode = \"osnotify\") do={\r\ \n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \ v.\$deviceOsVerAvail.\")\r\ \n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\ e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\ \")\r\ \n\t\t}\r\ \n\r\ \n\t\t# if we need to initiate RouterOs update process\r\ \n\t\tif (\$scriptMode = \"osupdate\") do={\r\ \n\t\t\t:set isOsNeedsToBeUpdated true;\r\ \n\t\t\t# if we need to install only patch updates\r\ \n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\ \n\t\t\t\t#Check if Major and Minor builds are the same.\r\ \n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\ 2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\ ={\r\ \n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\ vailable.\"); \r\ \n\t\t\t\t} else={\r\ \n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\ ware is available. You need to update it manually.\");\r\ \n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\ eOsVerAvail needs to be installed manually.\");\r\ \n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \ version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \ \\r\\nYou chose to automatically install only patch updates, so this major\ \_update you need to install manually. \\r\\n\$changelogUrl\");\r\ \n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\ \n\t\t\t\t}\r\ \n\t\t\t}\r\ \n\r\ \n\t\t\t#Check again, because this variable could be changed during checki\ ng for installing only patch updats\r\ \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\ viceOsVerInst -> v.\$deviceOsVerAvail\");\r\ \n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\ e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\ \n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \ to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\ il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \ information will be sent when update process is completed. \\r\\nIf you ha\ ve not received second email in the next 5 minutes, then probably somethin\ g went wrong. (Check your device logs)\");\r\ \n\t\t\t\t#!! There is more code connected to this part and first step at \ the end of the script.\r\ \n\t\t\t}\r\ \n\t\t\r\ \n\t\t}\r\ \n\t}\r\ \n\r\ \n\t## Checking If the script needs to create a backup\r\ \n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\ ;\r\ \n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\ BeUpdated = true) do={\r\ \n\t\t:log info (\"\$SMP Creating system backups.\");\r\ \n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\ \n\t\t};\r\ \n\t\tif (\$scriptMode != \"backup\") do={\r\ \n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\ \n\t\t};\r\ \n\r\ \n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\ \n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\ ached to this email.\");\r\ \n\r\ \n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\ pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\ veDataInConfig];\r\ \n\t} else={\r\ \n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\ \n\t}\r\ \n\r\ \n\t# Combine fisrst step email\r\ \n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\ );\r\ \n}\r\ \n\r\ \n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 2) do={\r\ \n\t:log info (\"\$SMP Performing the second step.\"); \r\ \n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\ re\r\ \n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\ \n\t\t:set isSendEmailRequired false;\r\ \n\t\t:delay 10s;\r\ \n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\ rrentFw to v.\$deviceRbUpgradeFw\";\r\ \n\t\t## Start the upgrading process\r\ \n\t\t/system routerboard upgrade;\r\ \n\t\t## Wait until the upgrade is completed\r\ \n\t\t:delay 5s;\r\ \n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\ o reboot in a moment!\";\r\ \n\t\t## Set scheduled task to send final report on the next boot, task wi\ ll be deleted when is is done. (That is why you should keep original scrip\ t name)\r\ \n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\ \":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\ lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\ ate;\" start-time=startup interval=0;\r\ \n\t\t## Reboot system to boot with new firmware\r\ \n\t\t/system reboot;\r\ \n\t} else={\r\ \n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\ ate, skipping this step.\";\r\ \n\t\t:set updateStep 3;\r\ \n\t};\r\ \n}\r\ \n\r\ \n## \tSTEP THREE: Last step (after second reboot) sending final report\r\ \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\ te device and if new RouterOs is available.\r\ \n:if (\$updateStep = 3) do={\r\ \n\t:log info (\"\$SMP Performing the third step.\"); \r\ \n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\ leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\ \$deviceRbCurrentFw.\";\r\ \n\t## Small delay in case mikrotik needs some time to initialize connecti\ ons\r\ \n\t:log info \"\$SMP The final email with report and backups of upgraded \ system will be sent in a minute.\";\r\ \n\t:delay 1m;\r\ \n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\ ew version: v.\$deviceOsVerInst!\");\r\ \n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\ pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\ are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\ e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\ fo \$mailBodyCopyright\";\r\ \n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\ ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\ iveDataInConfig];\r\ \n}\r\ \n\r\ \n# Remove functions from global environment to keep it fresh and clean.\r\ \n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\ r={}\r\ \n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\ ror={}\r\ \n\r\ \n##\r\ \n## SENDING EMAIL\r\ \n##\r\ \n# Trying to send email with backups in attachment.\r\ \n\r\ \n:if (\$isSendEmailRequired = true) do={\r\ \n\t:log info \"\$SMP Sending email message, it will take around half a mi\ nute...\";\r\ \n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\ mailBody file=\$mailAttachments;} on-error={\r\ \n\t\t:delay 5s;\r\ \n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\ \_last-status]). Going to try it again in a while.\"\r\ \n\r\ \n\t\t:delay 5m;\r\ \n\r\ \n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\ \$mailBody file=\$mailAttachments;} on-error={\r\ \n\t\t\t:delay 5s;\r\ \n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\ et last-status]) for the second time.\"\r\ \n\r\ \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\ \n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\ ocess due to inability to send backups to email.\"\r\ \n\t\t\t}\r\ \n\t\t}\r\ \n\t}\r\ \n\r\ \n\t:delay 30s;\r\ \n\t\r\ \n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\ \_\"succeeded\") do={\r\ \n\t\t:log info \"\$SMP File system cleanup.\"\r\ \n\t\t/file remove \$mailAttachments; \r\ \n\t\t:delay 2s;\r\ \n\t}\r\ \n\t\r\ \n}\r\ \n\r\ \n\r\ \n# Fire RouterOs update process\r\ \nif (\$isOsNeedsToBeUpdated = true) do={\r\ \n\r\ \n\t## Set scheduled task to upgrade routerboard firmware on the next boot\ , task will be deleted when upgrade is done. (That is why you should keep \ original script name)\r\ \n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\ y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\ alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\ -time=startup interval=0;\r\ \n \r\ \n :log info \"\$SMP everything is ready to install new RouterOS, going \ to reboot in a moment!\"\r\ \n\t## command is reincarnation of the \"upgrade\" command - doing exactly\ \_the same but under a different name\r\ \n\t/system package update install;\r\ \n}\r\ \n\r\ \n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\ \\\" completed it's job.\\r\\n\";"add dont-require-permissions=no name=ledOn owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\ system leds settings set all-leds-off=never;\r\ \n:log info (\"Leds On\");"add dont-require-permissions=no name=ledOff owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\ system leds settings set all-leds-off=immediate;\r\ \n:log info (\"Leds Off\");"/tool e-mailset address=s from="R" port= start-tls=yes \ user=