/system script
add comment=Firewall name=Blacklist_SquidBlacklist_Download_drop.bogons.rsc policy=read,test source=”:log warning \”START – Download bogons list (sbl-bogons.rsc) updates.\”;\r\
\n/tool fetch mode=http src-path=/downloads/sbl-bogons.rsc dst-path=/disk1/blacklists/sbl-bogons.rsc\r\
\n:log warning \”END – Download bogons list (sbl-bogons.rsc) updates.\”;”

add comment=Firewall name=Blacklist_SquidBlacklist_Import_drop.bogons.rsc policy=read,write source=”:log warning \”START – Import blacklist (sbl-bogons.rsc) update.\”;\r\
\nimport /disk1/blacklists/sbl-bogons.rsc\r\
\n:log warning \”END – Import blacklist (sbl-bogons.rsc) update.\”;”

/system scheduler
add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Download_drop.bogons.rsc on-event=”/system script run Blacklist_SquidBlacklist_Download_drop.bogons.rsc” policy=read,write start-date=jan/01/2017 start-time=02:00:00 disabled=yes

add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Import_Import_drop.bogons.rsc on-event=”/system script run Blacklist_SquidBlacklist_Import_drop.bogons.rsc” policy=read,write start-date=jan/01/2017 start-time=02:15:00 disabled=yes

/ip firewall filter
add action=drop chain=forward src-address-list=”sbl bogons” log=yes log-prefix=”BL_sbl” comment=”Squild Blacklist: SBL Bogons.”

CR328-4C-20S-4S+RM Mikrotik latest managable switch

After success with the release of the new POE switches both RM and desktop versions, Mikrotik has released latest managed switch.

The CRS328-4C-20S-4s+RM is the solution that will be able to connect all 3 major connections:

  1. Ethernet
  2. SFP
  3. SFP+

For the ethernet you will need to use S-RJ01 modules, but still, it is all in one solution for the price that is just superb!

Mikrotik with 2 WAN connections:

  1. DSL for standard web browsing, etc
  2. LTE for voip

Firstly create the Address list with the IP addresses of voip devices, then make NAT for them via the LTE connection:

/ip firewall nat

add action=masquerade chain=srcnat out-interface=LTE src-address-list=SIP-LTE

/ip firewall mangle
add action=accept chain=prerouting in-interface=LTE
add action=accept chain=prerouting in-interface=dsl

add action=mark-packet chain=prerouting comment=”SIP via LTE packet” \
new-packet-mark=SIP_packet passthrough=yes src-address-list=SIP-LTE
add action=mark-connection chain=prerouting comment=”SIP via LTE connection” \
new-connection-mark=SIP-conn packet-mark=SIP_packet passthrough=yes \
add action=mark-routing chain=prerouting comment=”SIP via LTE route” \
connection-mark=SIP-conn new-routing-mark=SIP-LTE passthrough=no \

/ip route
add distance=1 gateway= routing-mark=SIP-LTE scope=255

Mikrotik POE switch CRS328-24P-4S+RM

The latest Mikrotik poe switch is CRS328-24P-4S+RM. Can be booted with RouterOS or SwitchOS.

CRS328-24P-4S+RM is a 28 independent port switch, it has 24 Gigabit Ethernet ports, which offer different power output optionsPassive PoE, low voltage PoE, 802.3af/at (Type 1 “PoE” / Type 2 “PoE+”) with auto-sensing. The four SFP+ ports provide up to 10 Gbps connectivity options via either optical fiber or Ethernet modules (not included).

Last but not least, CRS328-24p-4s+RM is Rack Mountable

mikrotik poe switch

Price: $615 inc GST !!!

New way to match websites in RouterOS’s firewall

Since most of the internet now uses https, it has become much harder to filter specific web content. For this
reason, RouterOS 6.41 introduces a new firewall matcher which allows you to block https websites (TLS traffic)
based on the TLS SNI extension, called “TLS-HOST”. The new parameter supports glob-style patterns, which
should be enough for whatever you’re trying to match.
For example, to block, you would use a rule like this:
/ip firewall filter add chain=forward dst-port=443 protocol=tcp tls-host=* action=reject

Mikrotik Product Catalog 2017

MikroTik provides routing, switching and wireless equipment for all possible uses – from the customer location, up to high end data centres.

We have an extensive network of trained consultants, training centres and distributors in almost every country of the world.

Established in Europe in 1996, we have 21 years of experience in networking and wireless installations.

Our in-house developed RouterOS software now supports most common and many special features and we are constantly adding new customer requested features.Build wireless links across seas, internet exchanges between countries, and secure tunnels between banks.

MikroTik can do it all.

All routers and switches you can find in Mikrotik Product Catalog 2017.

Why MikroTik?

• Best price/performance
• Millions of RouterOS powered devices currently routing the world
• Twenty one years of developing networking software and hardware
• Over 70’000 RouterOS trained and certified network engineers
• More than 5000 training classes in the last year
• World wide network of certified consultants
• Offering products that support simple CPEs to complex enterprise networks
• Thousands of pages of documentation, examples, application notes, and guides

MikroTik is a router software and hardware manufacturer, that offers the most user friendly, up to carrier-class routing and network management solutions.

Our products are used by ISPs, individual users and companies for building data network infrastructures all across the world. There are millions of installations worldwide going back as far as 1996!

Our mission is to make existing Internet technologies faster, more powerful, and affordable to wider range of users.

• Based in Europe

• 180 employees

• Established in 1996

• 21st anniversary this year

• RouterOS in 1997

• RouterBOARD in 2002

• First MUM Prague, Czech Republic in 2006 M


Power unit off. Connect ethernet cable to ether1. Press reset button and hold it. Power ON the unit. Hold the button until SFP light will go OFF.

Meantime in the netinstall window you will see that new unit has poped up. You can select it and the flash it with either .rsc file or new image (or both)

netinstall rb962

