If you found a router that's having botnet attacks on port 53 (DNS), you can use this script to mitigate the attack:
/ip firewall filter
add chain=input in-interface=pppoe-out1-ISP protocol=udp dst-port=53 action=drop
add chain=input in-interface=pppoe-out1-ISP protocol=tcp dst-port=53...
Log in to the MikroTik interface, either Winbox or Webfig, then navigate to:
IP > Hotspot > User Profiles > Profile > Shared Users
This is set to 1 as default, you can either directly increase the numerical value here or click the triangle at the end of the line to remove the restriction for...
This is an updated tutorial from my previous RouterOS v6.43 L2TP/IPsec tutorial.
In RouterOS v6.44 there were major changes where they removed "main-l2tp" exchange-mode from the /ip ipsec peer.
But this means configuring L2TP/IPsec is even more simpler, just follow through my guide down below...
So you want to have your MikroTik router rebooted every day at 6 a.m. in the morning before the business start to prevent possible random issues from happening?
Go to MikroTik Winbox, open a New Terminal and enter this one line simple command:
/system scheduler add name="reboot-6am"...
Here we will be configuring a dial-in VPN using L2TP with IPsec.
In this example, we will be using 192.168.7.0/24 for the L2TP clients and for the LAN.
The configuration will detail the following:
Enable L2TP server
Create a DHCP pool
Create an L2TP profile
Create a sample user
If you restore a MikroTik backup to another device, you will most likely have some duplicate MAC addresses on your network, this is because MikroTik configuration tends to restore along with the MAC address information.
If you want to restore the interface's default MAC address, open a New...
Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load.
Fasttrack allows all packages that have the state Established...
Easy Guide on how to setup MikroTik Site-to-Site IPsec Tunnel
If one of MikroTik’s WAN IP address is dynamic, set up the router as the initiator (i.e. dial-out)
If you are working from WAN, don’t forget to enable Safe Mode.
Let’s go to Winbox -> IP -> IPsec -> Proposals, and this is the...
This is a brief guide on how to implement an L2TP/IPSec VPN server on Mikrotik RouterOS and use it as a gateway.
Change these to fit your setup:
This router’s local IP address: 172.31.1.1/20
WAN connection is PPPoE with the name ether1-GTW.
If you use PPPoE, use the name of your PPPoE...
To stop SSH, Telnet and FTP attacks on your router, follow the following advise:
This configuration allows only 10 FTP login incorrect answers per minute.
in /ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute...