AVISO BLOQUEIO PPOE

Vou tentar ajudar,,, acho que foi essa gambiarra aqui rsrsrs

Lembrando que as paginas já devem estar prontas em OPÇOES->PAGINAS DE AVISO no MK-Auth e a conexao com a chave SSH funcionando certinho com o mikrotik. De quebra vai uma regra para envio de backup do Mikrotik diariamente ;)

MUDAR SOMENTE ONDE ESTA EM NEGRITO E ADICIONAR NO MIKROTIK

/ip firewall filter
add action=drop chain=forward comment=CORTE dst-port=!53 protocol=udp \
src-address-list=pgcorte
add action=drop chain=forward comment=CORTE dst-port=!80,85,443,445 protocol=\
tcp src-address-list=pgcorte

/ip firewall nat
add action=dst-nat chain=dstnat comment=CORTE_HTTPS dst-address=!IPRADIUS \
dst-port=443 protocol=tcp src-address-list=pgcorte to-addresses=\
IPRADIUS to-ports=445
add action=dst-nat chain=dstnat comment=CORTE_HTTP dst-address=!IPRADIUS \
dst-port=80 protocol=tcp src-address-list=pgcorte to-addresses=\
IPRADIUS to-ports=85

/system script
add name=backup owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\
\_lastbackup\r\
\n:local emailaddress \"SEU EMAIL\"\r\
\n:local sysname [/system identity get name]\r\
\n:local outfile (\$sysname . \"-\" . ([:pick [/system clock get date] 4 6\
] . \"-\" . [:pick [/system clock get date] 0 3] . \"-\" . [:pick [/system\
\_clock get date] 7 11]))\r\
\n\r\
\n:if ([:typeof \$lastbackup] != \"nothing\" && \$lastbackup != (\$outfile\
\_. \".rsc\")) do={\r\
\n :if ([:len [/file find name=\$lastbackup]] > 0) do={ \r\
\n :log warning \"Excluindo \$lastbackup\"\r\
\n /file remove \$lastbackup\r\
\n }\r\
\n}\r\
\n\r\
\n/export file=\$outfile compact\r\
\n/tool e-mail send subject=\"\$outfile Backup Diario\" file=(\$outfile . \
\".rsc\") to=\"\$emailaddress\"\r\
\n:log warning \"Backup di\E1rio enviado \$outfile\"\r\
\n:global lastbackup (\$outfile . \".rsc\")"
add name=ler_pgaviso owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:global IPMKAUTH \"IP RADIUS\";\r\
\n:global KEY \"key_api\";\r\
\n:global RAMAL \"todos\";\r\
\n:global done \"\";\r\
\n/tool fetch mode=http url=\"https://\$IPMKAUTH/mkt/pgaviso.php\\\?key=\$\
KEY&ramal=\$RAMAL\" src-path=mkt_pgaviso.php dst-path=mkt_pgaviso.rsc;\r\
\n:set done \"true\";\r\
\n\r\
\n:if ( [/file find name=mkt_pgaviso.rsc] != \"\" ) do={\r\
\n :log warning \"Importando PgAviso\";\r\
\n /import mkt_pgaviso.rsc;\r\
\n /file remove mkt_pgaviso.rsc;\r\
\n}\r\
\n"
add name=ler_pgcorte owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:global IPMKAUTH \"IP RADIUS\"; \r\
\n:global KEY \"key_api\";\r\
\n:global RAMAL \"todos\";\r\
\n:global done \"\";\r\
\n/tool fetch mode=http url=\"https://\$IPMKAUTH/mkt/pgcorte.php\\\?key=\$\
KEY&ramal=\$RAMAL\" src-path=mkt_pgcorte.php dst-path=mkt_pgcorte.rsc;\r\
\n:set done \"true\";\r\
\n\r\
\n:if ( [/file find name=mkt_pgcorte.rsc] != \"\" ) do={\r\
\n :log warning \"Importando PgCorte\";\r\
\n /import mkt_pgcorte.rsc;\r\
\n /file remove mkt_pgcorte.rsc;\r\
\n}\r\
\n"
add name=rm_pgaviso owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:foreach ip in=[/ip firewall address-list find list=\"pgaviso\"] do={\r\
\n /ip firewall address-list remove \$ip;\r\
\n}"

/system scheduler
add interval=12h name=sched_backup on-event=backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jul/06/2015 start-time=07:00:00
add interval=30m name=ler_pgaviso on-event=":execute script=ler_pgaviso;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:26:27
add interval=30m name=ler_pgcorte on-event=":execute script=ler_pgcorte;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:27:13
add interval=30s name=rm_pgaviso on-event=":execute script=rm_pgaviso;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:27:28

Bom,,, acho que é isso... apos tudo funcionar e voce bloquear alguem no mk-auth será adicionado uma regra no address-list bloqueando o cliente e sendo removida automaticamente quando desbloquear

Minha gambiarra é essa,,, nao me lembro se faltou alguma coisa

Espero que ajude!

Respostas

A Galdino Julho 29, 2017 21:21

Vou tentar ajudar,,, acho que foi essa gambiarra aqui rsrsrs

Lembrando que as paginas já devem estar prontas em OPÇOES->PAGINAS DE AVISO no MK-Auth e a conexao com a chave SSH funcionando certinho com o mikrotik. De quebra vai uma regra para envio de backup do Mikrotik diariamente ;)

MUDAR SOMENTE ONDE ESTA EM NEGRITO E ADICIONAR NO MIKROTIK

/ip firewall filter
add action=drop chain=forward comment=CORTE dst-port=!53 protocol=udp \
src-address-list=pgcorte
add action=drop chain=forward comment=CORTE dst-port=!80,85,443,445 protocol=\
tcp src-address-list=pgcorte

/ip firewall nat
add action=dst-nat chain=dstnat comment=CORTE_HTTPS dst-address=!IPRADIUS \
dst-port=443 protocol=tcp src-address-list=pgcorte to-addresses=\
IPRADIUS to-ports=445
add action=dst-nat chain=dstnat comment=CORTE_HTTP dst-address=!IPRADIUS \
dst-port=80 protocol=tcp src-address-list=pgcorte to-addresses=\
IPRADIUS to-ports=85

/system script
add name=backup owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\
\_lastbackup\r\
\n:local emailaddress \"SEU EMAIL\"\r\
\n:local sysname [/system identity get name]\r\
\n:local outfile (\$sysname . \"-\" . ([:pick [/system clock get date] 4 6\
] . \"-\" . [:pick [/system clock get date] 0 3] . \"-\" . [:pick [/system\
\_clock get date] 7 11]))\r\
\n\r\
\n:if ([:typeof \$lastbackup] != \"nothing\" && \$lastbackup != (\$outfile\
\_. \".rsc\")) do={\r\
\n :if ([:len [/file find name=\$lastbackup]] > 0) do={ \r\
\n :log warning \"Excluindo \$lastbackup\"\r\
\n /file remove \$lastbackup\r\
\n }\r\
\n}\r\
\n\r\
\n/export file=\$outfile compact\r\
\n/tool e-mail send subject=\"\$outfile Backup Diario\" file=(\$outfile . \
\".rsc\") to=\"\$emailaddress\"\r\
\n:log warning \"Backup di\E1rio enviado \$outfile\"\r\
\n:global lastbackup (\$outfile . \".rsc\")"
add name=ler_pgaviso owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:global IPMKAUTH \"IP RADIUS\";\r\
\n:global KEY \"key_api\";\r\
\n:global RAMAL \"todos\";\r\
\n:global done \"\";\r\
\n/tool fetch mode=http url=\"https://\$IPMKAUTH/mkt/pgaviso.php\\\?key=\$\
KEY&ramal=\$RAMAL\" src-path=mkt_pgaviso.php dst-path=mkt_pgaviso.rsc;\r\
\n:set done \"true\";\r\
\n\r\
\n:if ( [/file find name=mkt_pgaviso.rsc] != \"\" ) do={\r\
\n :log warning \"Importando PgAviso\";\r\
\n /import mkt_pgaviso.rsc;\r\
\n /file remove mkt_pgaviso.rsc;\r\
\n}\r\
\n"
add name=ler_pgcorte owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:global IPMKAUTH \"IP RADIUS\"; \r\
\n:global KEY \"key_api\";\r\
\n:global RAMAL \"todos\";\r\
\n:global done \"\";\r\
\n/tool fetch mode=http url=\"https://\$IPMKAUTH/mkt/pgcorte.php\\\?key=\$\
KEY&ramal=\$RAMAL\" src-path=mkt_pgcorte.php dst-path=mkt_pgcorte.rsc;\r\
\n:set done \"true\";\r\
\n\r\
\n:if ( [/file find name=mkt_pgcorte.rsc] != \"\" ) do={\r\
\n :log warning \"Importando PgCorte\";\r\
\n /import mkt_pgcorte.rsc;\r\
\n /file remove mkt_pgcorte.rsc;\r\
\n}\r\
\n"
add name=rm_pgaviso owner=LOGINUSER policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
===============================\r\
\n:foreach ip in=[/ip firewall address-list find list=\"pgaviso\"] do={\r\
\n /ip firewall address-list remove \$ip;\r\
\n}"

/system scheduler
add interval=12h name=sched_backup on-event=backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jul/06/2015 start-time=07:00:00
add interval=30m name=ler_pgaviso on-event=":execute script=ler_pgaviso;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:26:27
add interval=30m name=ler_pgcorte on-event=":execute script=ler_pgcorte;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:27:13
add interval=30s name=rm_pgaviso on-event=":execute script=rm_pgaviso;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jul/26/2017 start-time=17:27:28

Bom,,, acho que é isso... apos tudo funcionar e voce bloquear alguem no mk-auth será adicionado uma regra no address-list bloqueando o cliente e sendo removida automaticamente quando desbloquear

Minha gambiarra é essa,,, nao me lembro se faltou alguma coisa

Espero que ajude!
Aldir Valões Julho 29, 2017 20:18

Lembra qual o post que viu? para que eu tente resolver :)

Abraço

A Galdino disse:

Estava com o mesmo problema e consegui resolver com as dicas de outros topicos aqui do forum...

Importante lembrar que tem que adicionar regras no mikrotik tambem.
Renan Alves Julho 29, 2017 19:41

ou seja, é algumas gambiarras! rsrsrsrs.... eu não tive paciência pra fazer! hehehehehe
A Galdino Julho 28, 2017 16:25

Estava com o mesmo problema e consegui resolver com as dicas de outros topicos aqui do forum...

Importante lembrar que tem que adicionar regras no mikrotik tambem.

This reply was deleted.