Take it if you need .(If you are on Linode,remember to change the settings as below pic shows.)
Code: Select all
#!/bin/bash
# Downloading the MikroTik image
wget https://download.mikrotik.com/routeros/7.11.2/chr-7.11.2.img.zip -O chr.img.zip
# Unzipping the image
gunzip -c chr.img.zip > chr.img
# Mounting the image
mount -o loop,offset=33571840 chr.img /mnt
# Determining the primary network interface and gateway
INTERFACE=$(ip route | grep default | awk '{print $5}')
ADDRESS=$(ip addr show $INTERFACE | grep global | cut -d' ' -f 6 | head -n 1)
GATEWAY=$(ip route list | grep default | cut -d' ' -f 3)
# Determining the primary disk device
DISK_DEVICE=$(fdisk -l | grep "^Disk /dev" | grep -v "^Disk /dev/loop" | cut -d' ' -f2 | tr -d ':')
# Creating the autorun script with MikroTik commands
cat > /mnt/rw/autorun.scr <<EOF
/ip dns/set servers=8.8.8.8
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
/ip firewall filter add action=reject chain=input dst-port=53 in-interface=ether1 protocol=tcp reject-with=icmp-host-unreachable
/ip firewall filter add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 protocol=tcp src-address-list=Winbox_blacklist
/ip firewall filter add action=add-src-to-address-list address-list=Winbox_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=Winbox_stage3
/ip firewall filter add action=add-src-to-address-list address-list=Winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=Winbox_stage2
/ip firewall filter add action=add-src-to-address-list address-list=Winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=Winbox_stage1
/ip firewall filter add action=add-src-to-address-list address-list=Winbox_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=8291 protocol=tcp
/ip address add address=$ADDRESS interface=[/interface ethernet find where name=ether1]
/ip route add gateway=$GATEWAY
EOF
# Unmounting the image
umount /mnt
# Triggering kernel to dump its caches
echo u > /proc/sysrq-trigger
# Writing the image to the primary disk device
dd if=chr.img bs=1024 of=$DISK_DEVICE
# Syncing file system
echo s > /proc/sysrq-trigger
# Rebooting
echo b > /proc/sysrq-trigger