/system script
#CREATE DOWNLOAD BLACKLIST SCRIPT
add comment=Firewall name=Blacklist_SquidBlacklist_Download_drop.bogons.rsc policy=read,test source=”:log warning \”START – Download bogons list (sbl-bogons.rsc) updates.\”;\r\
\n/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/sbl-bogons.rsc dst-path=/disk1/blacklists/sbl-bogons.rsc\r\
\n:log warning \”END – Download bogons list (sbl-bogons.rsc) updates.\”;”

#CREATE IMPORT BLACKLIST SCRIPT
add comment=Firewall name=Blacklist_SquidBlacklist_Import_drop.bogons.rsc policy=read,write source=”:log warning \”START – Import blacklist (sbl-bogons.rsc) update.\”;\r\
\nimport /disk1/blacklists/sbl-bogons.rsc\r\
\n:log warning \”END – Import blacklist (sbl-bogons.rsc) update.\”;”

/system scheduler
#CREATE DOWNLOAD BLACKLISTS SCHEDULER
add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Download_drop.bogons.rsc on-event=”/system script run Blacklist_SquidBlacklist_Download_drop.bogons.rsc” policy=read,write start-date=jan/01/2017 start-time=02:00:00 disabled=yes

#CREATE IMPORT BLACKLISTS SCHEDULER
add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Import_Import_drop.bogons.rsc on-event=”/system script run Blacklist_SquidBlacklist_Import_drop.bogons.rsc” policy=read,write start-date=jan/01/2017 start-time=02:15:00 disabled=yes

/ip firewall filter
#CREATE DROP RULES FOR BLACKLISTS
add action=drop chain=forward src-address-list=”sbl bogons” log=yes log-prefix=”BL_sbl blocklist.de” comment=”Squild Blacklist: SBL Bogons.”

If you need help with your Mikrotik router go to wisp.net.au for all the latest gear and knowledge.

Author: 6 months ago

CR328-4C-20S-4S+RM Mikrotik latest managable switch

After success with the release of the new POE switches both RM and desktop versions, Mikrotik has released latest managed switch.

The CRS328-4C-20S-4s+RM is the solution that will be able to connect all 3 major connections:

  1. Ethernet
  2. SFP
  3. SFP+

For the ethernet you will need to use S-RJ01 modules, but still, it is all in one solution for the price that is just superb!

Buy online CRS-328-4C-20S-4s+RM

Author: 7 months ago

Mikrotik with 2 WAN connections:

  1. DSL for standard web browsing, etc
  2. LTE for voip

Firstly create the Address list with the IP addresses of voip devices, then make NAT for them via the LTE connection:

/ip firewall nat

add action=masquerade chain=srcnat out-interface=LTE src-address-list=SIP-LTE

/ip firewall mangle
add action=accept chain=prerouting in-interface=LTE
add action=accept chain=prerouting in-interface=dsl

add action=mark-packet chain=prerouting comment=”SIP via LTE packet” \
new-packet-mark=SIP_packet passthrough=yes src-address-list=SIP-LTE
add action=mark-connection chain=prerouting comment=”SIP via LTE connection” \
new-connection-mark=SIP-conn packet-mark=SIP_packet passthrough=yes \
src-address-list=SIP-LTE
add action=mark-routing chain=prerouting comment=”SIP via LTE route” \
connection-mark=SIP-conn new-routing-mark=SIP-LTE passthrough=no \
src-address-list=SIP-LTE

/ip route
add distance=1 gateway=192.168.36.254 routing-mark=SIP-LTE scope=255

Author: 8 months ago

UC-CK cannot log in fix

Cloud key recovery – mondogb with 0 bytes size files isn’t starting

This can be confirmed by sshing into the CloudKey and running the following command:

ls -l /usr/bin/sudo

 

This should return output similar or identical to the following if the same root cause:

-rwxr-xr-x 1 root root 106820 Jan 10 2016 /usr/bin/sudo

If it doesn’t look like it, run:

root@UniFi-CloudKey:~# chmod u+s /usr/bin/sudo
root@UniFi-CloudKey:~# ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 106820 Jan 10  2016 /usr/bin/sudo

More troubleshooting can be done by observing log:

tail -f /srv/unifi/logs/server.log

Check size of the ace (database files) at:

/srv/unifi/data/db

If they have 0 bytes, erase all ace*

  1. Navigate to /usr/lib/unifi/data
  2. Edit the file ‘system.properties’
  3. Add this line:

 

unifi.db.extraargs=--logappend --logpath logs/mongod.log
reboot, check the log of mongodb
If you see this:
DBException 10446: mmap: can't map area of size 0 file: /usr/lib/unifi/data/db/ace_stat.3
Then hopefully you have backup as you will need to reset UC-CK to defaults then apply the backup.

Last resort: renaming all the local.# zero length files and the _stat files, then renaming the mongod.lock
file (even though I rebooted the CK after the other steps the lock file remained).  
Once I renamed the mongod.lock file I was able to access more options on the CK
Author: 9 months ago

Mikrotik POE switch CRS328-24P-4S+RM

The latest Mikrotik poe switch is CRS328-24P-4S+RM. Can be booted with RouterOS or SwitchOS.

CRS328-24P-4S+RM is a 28 independent port switch, it has 24 Gigabit Ethernet ports, which offer different power output optionsPassive PoE, low voltage PoE, 802.3af/at (Type 1 “PoE” / Type 2 “PoE+”) with auto-sensing. The four SFP+ ports provide up to 10 Gbps connectivity options via either optical fiber or Ethernet modules (not included).

Last but not least, CRS328-24p-4s+RM is Rack Mountable

mikrotik poe switch

mikrotik poe switch

Price: $615 inc GST !!!

Author: 9 months ago

New way to match websites in RouterOS’s firewall

Since most of the internet now uses https, it has become much harder to filter specific web content. For this
reason, RouterOS 6.41 introduces a new firewall matcher which allows you to block https websites (TLS traffic)
based on the TLS SNI extension, called “TLS-HOST”. The new parameter supports glob-style patterns, which
should be enough for whatever you’re trying to match.
For example, to block example.com, you would use a rule like this:
/ip firewall filter add chain=forward dst-port=443 protocol=tcp tls-host=*.example.com action=reject

Author: 10 months ago

The latest update to Windows 10 has added transparency in terms of data collection by allowing its users to see what type of information and data is being sent to Microsoft for analysis. The new Windows Diagnostic Data Viewer makes it more convenient for users to see what data Microsoft is gathering, although it doesn’t do much in actually helping users completely stop Microsoft’s data collection in the first place.

To stop data collection completely you are going to need an Enterprise edition of Windows 10 which is readily only available if you’re activating it through Microsoft’s volume licensing program which is designed for businesses, not just regular privacy conscious users.

Author: 10 months ago

As google promised last year, they have release an update for Chrome that introduces a stronger pop-up blocker that protects against sneaky tactics that lead users to unwanted content through hidden redirects. These abusive experiences that users complained about where often used by shadier sections of the web where the ads or parts of the page included fake site warnings and error messages and “close” button that redirected that page.

Google has also stated that from Feburary 15, Chrome will remove ads that don’t comply with standards overseen by the coalition for better ads.

Chrome 64 also contains 53 various security fixes, and also bring some of Google’s fixes for the Spectre attack that can be used against browsers. Google has also detailed that they will be adding more mitigations in the future.

 

 

 

 

 

Author: 10 months ago

Preorders have opened up for Apple’s HomePod smart speaker, more than a year behind the Google Home, and over Three years after Amazon launched their Echo smart speaker.

The HomePod comes with Siri built into the speaker, users can create reminders, set timers, play music through Apple Music, stream podcasts and send messages.

Apple needs to be in the smart speaker market because these devices are becoming a key gateway to subscription services like music, can connect with smart home gadgets, and facilitate other activities like shopping and playing games. A lot of that used to be done through the smartphone, with one in three smart speaker purchasers reporting they were spending less time on their smartphone. HomePod will help Apple sell Apple Music and also keep Siri, its digital assistant, relevant: the smart speaker won’t replace the smartphone, but it’s still a category where Apple needs to perform well.

Launching late into a new market seems like a strange business decision, but Apple have done this various times before, allowing their competitors to establish the market and make mistake and then come in with a premium product that fixes the problems that its competitors were unable to resolve.

Apple faces a tough battle to break into a market with established companies offering cheaper products. But if it can convince enough people that it can do a better job of protecting privacy than its rivals, then it could still capture the premium and privacy-conscious segment of the smart home market.

 

Author: 10 months ago

It only took various different lawsuits and a lot of hate for Apple to finally give into the people and allow for users to disable the performance throttling that was slowing down older iPhones for increased battery life and stability.

This news was revealed in an interview between Apple CEO Tim Cook and ABC News, during which Cook said that in addition to being able to disable the throttling, Apple will also for the first time provide stats and info about the current health of a user’s iPhone battery.

While there wasn’t any specific release date announced for these features, they will be available for testing in the developer release iOS next month, going public some time after that.

It was mentioned that disabling the performance throttling is something that apple does not recommend, due to old degraded batteries having a chance of randomly forcing your phone to shutdown and shorter battery life. Although now the choice is up to the user.

Author: 10 months ago