├── queue ├── README.md └── queue-type.rsc ├── blocking ├── README.ID.md ├── README.md ├── youtube.rsc └── tiktok.rsc ├── scripts ├── README.md └── vlan-finder.rsc ├── interface ├── README.md └── detect-internet.rsc ├── multi-wan ├── pcc-traffic-priority │ ├── README.md │ └── ip-firewall-mangle.rsc ├── README.md └── simple-failover-dhcp.rsc ├── README.ID.md ├── scheduler ├── README.md └── auto-update.rsc ├── README.md ├── mqtt ├── README.md ├── ups-to-mqtt.rsc └── hex-poe-via-mqtt.rsc └── LICENSE /queue/README.md: -------------------------------------------------------------------------------- 1 | # Queueing 2 | -------------------------------------------------------------------------------- /blocking/README.ID.md: -------------------------------------------------------------------------------- 1 | # Blokir Layanan -------------------------------------------------------------------------------- /scripts/README.md: -------------------------------------------------------------------------------- 1 | # Useful for /system script 2 | -------------------------------------------------------------------------------- /interface/README.md: -------------------------------------------------------------------------------- 1 | # Interface and stuff 2 | 3 | ## Detect Internet 4 | 5 | Proper detect internet setup 6 | -------------------------------------------------------------------------------- /multi-wan/pcc-traffic-priority/README.md: -------------------------------------------------------------------------------- 1 | # PCC Load Balance with Traffic Priority 2 | 3 | - [IP/Firewall/Mangle](ip-firewall-mangle.rsc) 4 | -------------------------------------------------------------------------------- /README.ID.md: -------------------------------------------------------------------------------- 1 | # ros-scripts 2 | 3 | Koleksi script RouterOS 4 | 5 | [Download ZIP](https://github.com/hexatester/ros-scripts/archive/refs/heads/main.zip) 6 | -------------------------------------------------------------------------------- /multi-wan/README.md: -------------------------------------------------------------------------------- 1 | # Multiple WAN or Multiple ISP 2 | 3 | ## Simple Failover With Detect Internet 4 | 5 | > Script: `simple-failover-dhcp.rsc` 6 | 7 | Failover with detect-internet for dhcp-client 8 | -------------------------------------------------------------------------------- /scheduler/README.md: -------------------------------------------------------------------------------- 1 | # Useful for /system scheduler 2 | 3 | ## Auto Update 4 | 5 | > Script: `auto-update.rsc` 6 | 7 | Scheduler that will update the os to the latest routeros version, check for update everyday at 3:00 AM 8 | -------------------------------------------------------------------------------- /blocking/README.md: -------------------------------------------------------------------------------- 1 | # Blocking things 2 | 3 | To block specific clients create address-list and set `src-address-list` to the firewall raw rule. 4 | To block at specific time on winbox set time on extra tab to the firewall raw rule. 5 | All LAN devices should be using routeros as dns server. 6 | 7 | - Block YouTube 8 | - Block TikTok 9 | -------------------------------------------------------------------------------- /blocking/youtube.rsc: -------------------------------------------------------------------------------- 1 | /ip/firewall/raw 2 | add chain=prerouting dst-address-list=youtube action=drop comment="drop: youtube" 3 | 4 | /ip/firewall/address-list 5 | add list=youtube address=www.youtube.com comment="drop: youtube" 6 | 7 | /ip/dns/static 8 | add address-list=youtube forward-to=1.1.1.1 match-subdomain=yes name=googlevideo.com type=FWD comment="drop: youtube" 9 | -------------------------------------------------------------------------------- /queue/queue-type.rsc: -------------------------------------------------------------------------------- 1 | /queue type 2 | add kind=fq-codel name=fq-codel-default 3 | add cake-memlimit=32.0MiB kind=cake name=cake-default 4 | add cake-diffserv=diffserv4 cake-flowmode=dual-dsthost cake-memlimit=32.0MiB cake-nat=yes kind=cake name=cake-download 5 | add cake-diffserv=diffserv4 cake-flowmode=srchost cake-memlimit=32.0MiB cake-nat=yes kind=cake name=cake-upload 6 | add kind=sfq name=sfq-default 7 | add kind=red name=red-default -------------------------------------------------------------------------------- /scheduler/auto-update.rsc: -------------------------------------------------------------------------------- 1 | 2 | /system scheduler 3 | add interval=1d name=AutoUpdate on-event="/system package update check-for-updates\ 4 | \n:if ([/system package update get installed-version] != [/system package update g\ 5 | et latest-version]) do={\ 6 | \n/system package update install\ 7 | \n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ 8 | start-date=2024-01-01 start-time=03:00:00 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ros-scripts 2 | 3 | Curated RouterOS scripts (mainly RouterOS v7) 4 | 5 | [Bahasa Indonesia](/README.ID.md) 6 | 7 | [Download as ZIP](https://github.com/hexatester/ros-scripts/archive/refs/heads/main.zip) 8 | 9 | Collections 10 | 11 | - [Interface](/interface/README.md) 12 | - [Blocking Services](/blocking/README.md) 13 | - [MQTT](/mqtt/README.md) 14 | - [Multi WAN](/multi-wan/README.md) 15 | - [Scheduler](/scheduler/README.md) 16 | -------------------------------------------------------------------------------- /blocking/tiktok.rsc: -------------------------------------------------------------------------------- 1 | /ip/firewall/raw 2 | add chain=prerouting dst-address-list=tiktok action=drop comment="drop: tiktok" 3 | 4 | /ip/firewall/address-list 5 | add list=tiktok address=www.tiktok.com comment="drop: tiktok" 6 | 7 | /ip/dns/static 8 | add address-list=tiktok forward-to=1.1.1.1 match-subdomain=yes name=tiktokcdn.com type=FWD comment="drop: tiktok" 9 | add address-list=tiktok forward-to=1.1.1.1 match-subdomain=yes name=tiktokv.com type=FWD comment="drop: tiktok" 10 | -------------------------------------------------------------------------------- /interface/detect-internet.rsc: -------------------------------------------------------------------------------- 1 | # Proper detect internet setup 2 | 3 | /interface list 4 | add name=LAN 5 | add name=WAN 6 | add name=Internet 7 | add name=Uplink 8 | 9 | # Change the ether1 to interface of ISP side 10 | /interface list member 11 | add interface=ether1 list=Uplink 12 | # add interface=PPPoE-Client list=Uplink 13 | 14 | /interface detect-internet 15 | set detect-interface-list=Uplink internet-interface-list=Internet lan-interface-list=LAN wan-interface-list=WAN 16 | 17 | # Get detect internet status with scripting example bellow 18 | # :if ([/interface/detect-internet/state/get ether1 state]="internet") do={} 19 | -------------------------------------------------------------------------------- /mqtt/README.md: -------------------------------------------------------------------------------- 1 | # MQTT Scripts 2 | 3 | > Requirements: IoT Package Instaled & a MQTT Broker 4 | 5 | ## PoE Control with MQTT 6 | 7 | > Note: MQTT Broker name IoT 8 | > Example simple poe control via mqtt for hEX PoE `hex-poe-via-mqtt.rsc` 9 | 10 | Subscribe topic `mikrotik/poe/HEXPOE/ether5` to get poe info, possible value `on` `off` `auto-on`. 11 | To set poe-out send mqtt with topic `mikrotik/poe/HEXPOE/ether5/set` and possible value `on` `off` `auto-on` 12 | 13 | ## UPS info to MQTT 14 | 15 | > Note: MQTT Broker name IoT and rename UPS name 16 | > Script: `ups-to-mqtt.rsc` 17 | 18 | Send mqtt topic with UPS info as the data 19 | -------------------------------------------------------------------------------- /mqtt/ups-to-mqtt.rsc: -------------------------------------------------------------------------------- 1 | # Dont forget to install UPS package 2 | # Pleas change UPS name 3 | /system scheduler 4 | add interval=30s name=UPS-MQTT on-event=":local RUNTIMELEFT\ 5 | \n:local batteryCharge\ 6 | \n:local batteryVoltage\ 7 | \n:local pwrLoad\ 8 | \n:local runtime\ 9 | \n\ 10 | \n/system/ups/monitor MyUPS once do={\ 11 | \n:set runtime \$\"runtime-left\"\ 12 | \n:set batteryCharge \$\"battery-charge\"\ 13 | \n:set batteryVoltage \$\"battery-voltage\"\ 14 | \n:set pwrLoad \$load\ 15 | \n}\ 16 | \n:local message \"{\\\"load\\\":\$pwrLoad,\\\"charge\\\":\$batteryCharge,\\\"voltage\\\":\$batteryVoltage,\\\"runtime\\\":\\\"\$runtime\\\"}\"\ 17 | \n/iot mqtt publish broker=\"IoT\" topic=\"ups/MyUPS/status\" message=\$message" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup -------------------------------------------------------------------------------- /scripts/vlan-finder.rsc: -------------------------------------------------------------------------------- 1 | # Use this as a script to find switch access port's vlan id from trunk port 2 | # Not tested 3 | 4 | # Interface to the trunk port 5 | :local interface "ether1" 6 | 7 | # Device with ip gateway as address on access port 8 | :local gateway "192.168.1.1" 9 | 10 | # address of vlan interface must be the same subnet with gateway address 11 | :local address "192.168.1.2/24" 12 | 13 | # start vlan 14 | :local vlanid (1) 15 | :local endvlan (4094) 16 | 17 | # set up vlan interface 18 | /interface vlan 19 | remove vlanfinder 20 | add name=vlanfinder vlan-id=$vlanid interface=$interface 21 | 22 | # add address to vlan interface 23 | /ip address add address=$address interface=vlanfinder 24 | 25 | :while ( $vlanid<=$endvlan ) do={ 26 | 27 | :if ([:tobool [/tool/ping 10.255.255.222 count=1]]) do={ 28 | :log info "Found vlan-id=$vlanid" 29 | } else={ 30 | :log debug "No result vlan-id=$vlanid" 31 | }; 32 | 33 | :set vlanid ($vlanid + 1) 34 | /interface vlan set vlanfinder vlan-id=$vlanid 35 | :delay 500ms 36 | }; -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Habib Rohman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /multi-wan/simple-failover-dhcp.rsc: -------------------------------------------------------------------------------- 1 | # Internet failover multiple dhcp client using detect-Internet 2 | # First set up detect Internet with interface/detect-interface.rsc 3 | 4 | # Example 5 | # dhcp client on ether1 with default route distance = 1 (as main) 6 | # dhcp client on ether2 with default route distance = 2 (as backup) 7 | 8 | # This scheduler will change the default route distance based on detect-internet every 2 minutes 9 | # Only works with dhcp-client 10 | # Without firewall mangle/ routing table config 11 | 12 | /system scheduler 13 | add interval=2m name=Detnet on-event=":foreach \$dhcpclient in=[/ip dhcp-client find status=bound] do={\r\ 14 | \n:local interface [/ip dhcp-client get \$dhcpclient interface]\r\ 15 | \n:if ([/interface/detect-internet/state/get \$interface state]=\"internet\") do={\r\ 16 | \n/ip dhcp-client set [find interface=\$interface add-default-route=no] add-default-route=yes\r\ 17 | \n} else={\r\ 18 | \n/ip dhcp-client set [find interface=\$interface add-default-route=yes] add-default-route=no\r\ 19 | \n}\r\ 20 | \n};" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup 21 | -------------------------------------------------------------------------------- /mqtt/hex-poe-via-mqtt.rsc: -------------------------------------------------------------------------------- 1 | # Exported from hEX PoE 2 | # Please ajust accordingly 3 | # DONT forget to execute script MQTT-PoE with scheduler 4 | # /system script run MQTT-PoE 5 | 6 | /system script 7 | add dont-require-permissions=no name=MQTT-PoE owner=tik-script policy=read,write,test,sniff,sensitive source="# Required packages: iot\r\ 8 | \n\r\ 9 | \n################################ Configuration ################################\r\ 10 | \n# Name of an existing MQTT broker that should be used for publishing\r\ 11 | \n:local broker \"IoT\"\r\ 12 | \n\r\ 13 | \n# MQTT topic where the message should be published\r\ 14 | \n:local topic \"mikrotik/poe/HEXPOE\"\r\ 15 | \n\r\ 16 | \n\r\ 17 | \n#################################### MQTT #####################################\r\ 18 | \n/iot mqtt\r\ 19 | \npublish broker=\$broker topic=\"\$topic/ether2\" message=[/interface ethernet get ether2 poe-out ]\r\ 20 | \npublish broker=\$broker topic=\"\$topic/ether3\" message=[/interface ethernet get ether3 poe-out ]\r\ 21 | \npublish broker=\$broker topic=\"\$topic/ether4\" message=[/interface ethernet get ether4 poe-out ]\r\ 22 | \npublish broker=\$broker topic=\"\$topic/ether5\" message=[/interface ethernet get ether5 poe-out ]" 23 | 24 | # Subscribe to mqtt topic for setting poe-out 25 | /iot mqtt subscriptions 26 | add broker=IoT on-message=":if ([/interface/ethernet/get ether2 poe-out]!=\$msgData) do={\r\ 27 | \n/interface/ethernet/set ether2 poe-out=\$msgData\r\ 28 | \n}\r\ 29 | \n/iot mqtt publish broker=IoT topic=\"mikrotik/poe/HEXPOE/ether2\" message=[/interface ethernet get ether2 poe-out ]" topic=mikrotik/poe/HEXPOE/ether2/set 30 | add broker=IoT on-message=":if ([/interface/ethernet/get ether3 poe-out]!=\$msgData) do={\r\ 31 | \n/interface/ethernet/set ether3 poe-out=\$msgData\r\ 32 | \n}\r\ 33 | \n/iot mqtt publish broker=IoT topic=\"mikrotik/poe/HEXPOE/ether3\" message=[/interface ethernet get ether3 poe-out ]" topic=mikrotik/poe/HEXPOE/ether3/set 34 | add broker=IoT on-message=":if ([/interface/ethernet/get ether4 poe-out]!=\$msgData) do={\r\ 35 | \n/interface/ethernet/set ether4 poe-out=\$msgData\r\ 36 | \n}\r\ 37 | \n/iot mqtt publish broker=IoT topic=\"mikrotik/poe/HEXPOE/ether4\" message=[/interface ethernet get ether4 poe-out ]" topic=mikrotik/poe/HEXPOE/ether4/set 38 | add broker=IoT on-message=":if ([/interface/ethernet/get ether5 poe-out]!=\$msgData) do={\r\ 39 | \n/interface/ethernet/set ether5 poe-out=\$msgData\r\ 40 | \n}\r\ 41 | \n/iot mqtt publish broker=IoT topic=\"mikrotik/poe/HEXPOE/ether5\" message=[/interface ethernet get ether5 poe-out ]" topic=mikrotik/poe/HEXPOE/ether5/set 42 | -------------------------------------------------------------------------------- /multi-wan/pcc-traffic-priority/ip-firewall-mangle.rsc: -------------------------------------------------------------------------------- 1 | /ip firewall mangle 2 | add action=accept chain=prerouting comment=DAC dst-address-list=rfc1918 src-address-list=rfc1918 3 | add action=accept chain=forward dst-address-list=rfc1918 src-address-list=rfc1918 4 | 5 | 6 | add action=mark-connection chain=input comment="LB Input Sticky" connection-mark=no-mark in-interface=ISP1Interface new-connection-mark=ISP1-IN passthrough=no 7 | add action=mark-connection chain=input connection-mark=no-mark in-interface=ISP2Interface new-connection-mark=ISP2-IN passthrough=no 8 | 9 | add action=mark-routing chain=output connection-mark=ISP1-IN new-routing-mark=ISP1 passthrough=no 10 | add action=mark-routing chain=output connection-mark=ISP2-IN new-routing-mark=ISP2 passthrough=no 11 | 12 | 13 | add action=mark-connection chain=prerouting comment="LB LAN Marking" connection-mark=no-mark in-interface=ISP1Interface new-connection-mark=ISP1 passthrough=yes 14 | add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ISP2Interface new-connection-mark=ISP2 passthrough=yes 15 | 16 | add action=mark-connection chain=prerouting comment="LB PCC Mark Connection" connection-mark=no-mark src-address-list=rfc1918 dst-address-list=!rfc1918 hotspot=auth new-connection-mark=ISP1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 17 | add action=mark-connection chain=prerouting connection-mark=no-mark src-address-list=rfc1918 dst-address-list=!rfc1918 hotspot=auth new-connection-mark=ISP2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 18 | 19 | 20 | add action=mark-routing chain=prerouting comment="LB Mark Routing ISP1" connection-mark=ISP1 in-interface-list=LAN new-routing-mark=ISP1 passthrough=no 21 | add action=mark-routing chain=prerouting connection-mark="ISP1 ICMP" in-interface-list=LAN new-routing-mark=ISP1 passthrough=no 22 | add action=mark-routing chain=prerouting connection-mark="ISP1 Light" in-interface-list=LAN new-routing-mark=ISP1 passthrough=no 23 | add action=mark-routing chain=prerouting connection-mark="ISP1 Heavy" in-interface-list=LAN new-routing-mark=ISP1 passthrough=no 24 | 25 | add action=mark-routing chain=prerouting comment="LB Mark Routing ISP2" connection-mark=ISP2 in-interface-list=LAN new-routing-mark=ISP2 passthrough=no 26 | add action=mark-routing chain=prerouting connection-mark="ISP2 ICMP" in-interface-list=LAN new-routing-mark=ISP2 passthrough=no 27 | add action=mark-routing chain=prerouting connection-mark="ISP2 Light" in-interface-list=LAN new-routing-mark=ISP2 passthrough=no 28 | add action=mark-routing chain=prerouting connection-mark="ISP2 Heavy" in-interface-list=LAN new-routing-mark=ISP2 passthrough=no 29 | 30 | 31 | add action=jump chain=forward comment="LB Mark Connection ISP1" connection-mark=ISP1 jump-target=ISP1 32 | add action=jump chain=forward connection-mark="ISP1 Light" jump-target=ISP1 33 | add action=mark-connection chain=ISP1 new-connection-mark="ISP1 ICMP" passthrough=no protocol=icmp 34 | add action=mark-connection chain=ISP1 connection-rate=0-64k new-connection-mark="ISP1 Light" passthrough=yes protocol=tcp 35 | add action=mark-connection chain=ISP1 connection-rate=0-64k new-connection-mark="ISP1 Light" passthrough=yes protocol=udp 36 | add action=mark-connection chain=ISP1 connection-rate=64k-100M new-connection-mark=ISP1 passthrough=yes protocol=tcp 37 | add action=mark-connection chain=ISP1 connection-rate=64k-100M new-connection-mark=ISP1 passthrough=yes protocol=udp 38 | add action=mark-connection chain=ISP1 connection-bytes=500000-0 connection-rate=200k-100M new-connection-mark="ISP1 Heavy" passthrough=yes protocol=tcp 39 | add action=mark-connection chain=ISP1 connection-bytes=500000-0 connection-rate=200k-100M new-connection-mark="ISP1 Heavy" passthrough=yes protocol=udp 40 | add action=return chain=ISP1 41 | 42 | add action=jump chain=forward comment="LB Mark Connection ISP2" connection-mark=ISP2 jump-target=ISP2 43 | add action=jump chain=forward connection-mark="ISP2 Light" jump-target=ISP2 44 | add action=mark-connection chain=ISP2 new-connection-mark="ISP2 ICMP" passthrough=no protocol=icmp 45 | add action=mark-connection chain=ISP2 connection-rate=0-64k new-connection-mark="ISP2 Light" passthrough=yes protocol=tcp 46 | add action=mark-connection chain=ISP2 connection-rate=0-64k new-connection-mark="ISP2 Light" passthrough=yes protocol=udp 47 | add action=mark-connection chain=ISP2 connection-rate=64k-100M new-connection-mark=ISP2 passthrough=yes protocol=tcp 48 | add action=mark-connection chain=ISP2 connection-rate=64k-100M new-connection-mark=ISP2 passthrough=yes protocol=udp 49 | add action=mark-connection chain=ISP2 connection-bytes=500000-0 connection-rate=200k-100M new-connection-mark="ISP2 Heavy" passthrough=yes protocol=tcp 50 | add action=mark-connection chain=ISP2 connection-bytes=500000-0 connection-rate=200k-100M new-connection-mark="ISP2 Heavy" passthrough=yes protocol=udp 51 | add action=return chain=ISP2 52 | 53 | 54 | add action=mark-packet chain=forward comment="LB Mark Packet ISP1" connection-mark="ISP1 ICMP" new-packet-mark="ISP1 ICMP" passthrough=yes 55 | add action=mark-packet chain=forward connection-mark="ISP1 Light" new-packet-mark="ISP1 Light" passthrough=yes 56 | add action=mark-packet chain=forward connection-mark=ISP1 new-packet-mark=ISP1 passthrough=yes 57 | add action=mark-packet chain=forward connection-mark="ISP1 Heavy" new-packet-mark="ISP1 Heavy" passthrough=yes 58 | 59 | add action=mark-packet chain=forward comment="LB Mark Packet ISP2" connection-mark="ISP2 ICMP" new-packet-mark="ISP2 ICMP" passthrough=yes 60 | add action=mark-packet chain=forward connection-mark="ISP2 Light" new-packet-mark="ISP2 Light" passthrough=yes 61 | add action=mark-packet chain=forward connection-mark=ISP2 new-packet-mark=ISP2 passthrough=yes 62 | add action=mark-packet chain=forward connection-mark="ISP2 Heavy" new-packet-mark="ISP2 Heavy" passthrough=yes 63 | --------------------------------------------------------------------------------