自用RouterOS系统设置命令,包括DoH证书以及常用防火墙设置。
前言
自用RouterOS系统设置命令,包括DoH证书以及常用防火墙设置。
DNS设置
使用阿里云DoH Dns地址 https://dns.alidns.com/dns-query
证书导入
以下是证书导入代码
1
2
3
4
5
6
|
/tool fetch url="https://secure.globalsign.net/cacert/Root-R5.crt"
/tool fetch url="https://secure.globalsign.com/cacert/gseccovsslca2018.crt"
/certificate import file-name=Root-R5.crt
/certificate import file-name=gseccovsslca2018.crt
|
静态地址解析
RouterOS.Lan
dns.alidns.com
防火墙设置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
/interface list
add name=WAN comment="defconf: Connect To Global"
add name=LAN comment="defconf: Local Bridge"
add name=ONU comment="onuconf: Access To ONU"
/interface list member
add interface=pppoe-out1 list=WAN comment="defconf: Connect To Global"
add interface=bridge1 list=LAN comment="defconf: Local Bridge"
add interface=ether2 list=ONU comment="onuconf: Access To ONU"
/ip firewall address-list
add address=192.168.1.1 comment="onuconf: ONU Address" list=onu_ipv4
add address=172.16.1.0/24 comment="lanconf: Local Address" list=local_subnet_ipv4
add address=172.16.1.1 comment="lanconf: Local DNS Address" list=local_dns_ipv4
/ip firewall nat
add action=endpoint-independent-nat chain=srcnat protocol=udp place-before=0 comment=FullCone-Nat
add action=endpoint-independent-nat chain=dstnat protocol=udp place-before=0 comment=FullCone-Nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=ONU src-address-list=local_subnet_ipv4 dst-address-list=onu_ipv4 comment="onuconf: Access To ONU"
/ip firewall mangle
add action=change-mss chain=forward comment="defconf: Fix IPv4 MSS For WAN" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
add action=accept chain=prerouting src-address-list=local_subnet_ipv4 dst-address-list=onu_ipv4 comment="onuconf: Access To ONU"
|