# 2024-04-27 15:58:00 by RouterOS 7.11.3

#
# model = RB4011iGS+

/interface bridge
add dhcp-snooping=yes name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=Main-WAN
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes default-route-distance=10 disabled=no interface=\
ether1 name=pppoe-out1 user=zahidmoh
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool8 ranges=192.168.101.2-192.168.103.254
/ip dhcp-server
add address-pool=dhcp_pool8 interface=bridge1 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set *0 change-tcp-mss=default only-one=yes use-ipv6=no
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.110.1 name=profile1 \
only-one=no use-ipv6=no
/routing table
add disabled=no fib name=Whatsapp+imo
/interface bridge filter
add action=drop chain=input comment="sheikh upperwala" disabled=yes \
in-bridge=bridge1 src-mac-address=54:AF:97:95:13:3E/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN protocol=cdp,mndp
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no forward=no
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge1 list=LAN
/interface pppoe-server server
add authentication=pap default-profile=profile1 disabled=no interface=bridge1 \
one-session-per-host=yes service-name=service1
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=149.102.246.2 endpoint-port=\
51820 interface=wireguard1 public-key=\
"li+thkAD7s6IZDgUoiKw4YSjM/U1q203PuthMzIJIU0="
/ip address
add address=192.168.100.1/22 interface=bridge1 network=192.168.100.0
add address=10.69.38.90 interface=wireguard1 network=10.69.38.90
/ip dhcp-client
add disabled=yes interface=ether1
/ip dhcp-server alert
add disabled=no interface=bridge1 on-alert=\
"/IP dhcp-server set authoritative=yes" valid-server=78:9A:18:E1:3C:01
/ip dhcp-server network
add address=192.168.100.0/22 dns-server=8.8.8.8,8.8.4.4,100.64.0.7 gateway=\
192.168.100.1
/ip dns
set servers=8.8.8.8,8.8.4.4,100.64.0.7
/ip firewall address-list
add address=192.168.102.0/24 list=out
add address=192.168.110.128/25 list=out
add address=www.xvideos.com list=vpnlist
add address=45.83.223.0/24 comment=www.mullvad.net list=vpnlist
add address=www.pornhub.com list=vpnlist
add address=www.mullvad.net list=vpnlist
add address=whatismyipaddress.com list=vpnlist
/ip firewall filter
add action=drop chain=forward comment=black disabled=yes src-mac-address=\
98:DA:C4:8B:A1:10
add action=drop chain=forward comment=mohsinrouter disabled=yes \
src-mac-address=40:ED:00:4B:47:35
add action=drop chain=forward comment="new netwala " disabled=yes \
src-mac-address=1C:3B:F3:C3:A1:DD
add action=drop chain=forward comment=naeem disabled=yes src-mac-address=\
78:98:E8:6E:B7:C4
add action=drop chain=forward comment="afzal endwala" disabled=yes \
src-mac-address=9C:53:22:04:49:2A
add action=drop chain=forward comment="new connection upper wala" disabled=\
yes src-mac-address=48:22:54:55:C8:C7
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=vpnlist \
new-routing-mark=Whatsapp+imo passthrough=no
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=tcp src-address=\
192.168.110.2-192.168.110.127
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=udp src-address=\
192.168.110.2-192.168.110.127
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=udp src-address-list=out
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=tcp src-address-list=out
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=udp src-address=\
192.168.101.2-192.168.101.254
add action=mark-routing chain=prerouting dst-port=\
3478,34784,45395,50318,59234,5222,4244,5223,5228 new-routing-mark=\
Whatsapp+imo passthrough=yes protocol=tcp src-address=\
192.168.101.2-192.168.101.254
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=vpnlist out-interface=\
wireguard1
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat comment=naeem disabled=yes dst-address=\
94.59.97.14 dst-port=1987 protocol=tcp to-addresses=192.168.100.8 \
to-ports=8081
add action=dst-nat chain=dstnat comment="mohsin ka router" disabled=yes \
dst-address=2.50.125.173 dst-port=1988 protocol=tcp to-addresses=\
192.168.100.21 to-ports=443
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard1 pref-src=\
"" routing-table=Whatsapp+imo scope=30 suppress-hw-offload=yes \
target-scope=10
add disabled=no distance=5 dst-address=45.83.223.209/32 gateway=wireguard1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=yes \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set port=443 version=5
/ppp secret
add name=zahid profile=profile1 remote-address=192.168.110.131 service=pppoe
add name=fathy profile=profile1 remote-address=192.168.110.133 service=pppoe
add name=mohsin profile=profile1 remote-address=192.168.110.134 service=pppoe
add name=bilal profile=profile1 remote-address=192.168.110.132 service=pppoe
add name=naeem2 profile=profile1 remote-address=192.168.110.139 service=pppoe
add name=saddiq profile=profile1 remote-address=192.168.110.137 service=pppoe
add name=afzal profile=profile1 remote-address=192.168.110.130 service=pppoe
add name=naeem profile=profile1 remote-address=192.168.110.135 service=pppoe
add name=sheikh profile=profile1 remote-address=192.168.110.138 service=pppoe
add name=ravi profile=profile1 remote-address=192.168.110.136 service=pppoe
add name=asghar profile=profile1 remote-address=192.168.110.129 service=pppoe
add name=newnet profile=profile1 remote-address=192.168.110.140 service=pppoe
/system clock
set time-zone-name=Asia/Dubai
/system identity
set name=Asus
/system note
set note="PPP\r\
\nwith whatapp\r\
\n192.68.110.128---192.168.110-254\r\
\nwithout whatapp\r\
\n192.168.110.2-192.168.110.127\r\
\n\r\
\nDHCP whatapp\r\
\n192.168.102.2----192.168.102.254\r\
\n\r\
\nwithout Whatapp\r\
\n192.168.101.2-----192.168.101.254"
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
I have issue to open porn sites through wireguard on laptop porn sites are open but on mobile porn sites is not opening