Best and simplest Mikrotik Firewall rules

Don’t forget to update your Mikrotik firmware to 6.41.1 or higher! Current stable and secure firmware is 6.47.10.
Simple Mikrotik Firewall configuration:

In Mikrotik terminal go to Firewall Filter:

/ip firewall filter

For increase the speed of router fist rule should be:

add chain=forward action=fasttrack-connection connection-state=established,related

Allow Established and Related connections for forward and input chains:

add chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
add chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""

Drop invalid connections for forward and input chains only from WAN interfaces:

add chain=forward action=drop connection-state=invalid in-interface-list=WAN log=no log-prefix=""
add chain=input action=drop connection-state=invalid in-interface-list=WAN log=no log-prefix=""

Allow ICMP ping from WAN only width 128 bits packets:

add chain=input action=accept protocol=icmp in-interface-list=WAN packet-size=0-128 log=no log-prefix=""

Allow remote control by Winbox or SSH only from IP addresses from AccessList:

add chain=input action=accept protocol=tcp src-address-list=AccessList in-interface-list=WAN dst-port=8291,22 log=no log-prefix=""

In IP -> Firewall -> Address List create new address list width name AccessList and add there all IP addresses you want to use for remote connection to your router.

Allow OpenVPN connections:

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=1194 log=no log-prefix=""

Allow PPTP VPN connections:

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=1723 log=no log-prefix=""
add chain=input action=accept protocol=gre log=no

Allow SSTP VPN connection (443 port,
change port if yout SSTP server run on other port):

add chain=input action=accept protocol=tcp in-interface-list=WAN dst-port=443 log=no log-prefix=""

Allow L2TP IPsec VPN connection:

add action=accept chain=input in-interface-list=WAN protocol=ipsec-esp comment="allow L2TP VPN (ipsec-esp)"
add action=accept chain=input dst-port=500,1701,4500 in-interface-list=WAN protocol=udp comment="allow L2TP VPN (500,4500,1701/udp)"

Drop all other connections to Mikrotik and to local network:

add chain=input action=drop in-interface-list=WAN log=no log-prefix=""
add chain=forward action=drop connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""

In IP -> Services menu enable only SSH and Winbox services, for more security you can change default Winbox and SSH ports:

It is all you need to secure your home or office router and network.

Don’t forget to update your Mikrotik firmware to 6.41.1 or higher! Current stable and secure firmware is 6.48.6. For more stability use firmware from “long term” channel.

How to auto start program in Linux with root privilegies

To run some script or program when computer start in linux – copy this program to /etc/init.d directory. Change permissions to 755.

For example let’s create simple bash script “ntpsync“that sync system clock with NTP server in Internet:

service ntp stop
ntpdate time.nist.gov
service ntp start

Copy this sctipt to /etc/init.d, create symbolic link to /etc/rc3.d:

ln -s /etc/init.d/ntpsync /etc/rc3.d/ntpsync

Rc3 level – Мulti-user regime width network support.

That’s all, on next startup Linux will run this script, and automatically sync system clock with NTP server from Internet.

Python Lesson 2 (Variables and types)

Python is completely object oriented, and not “statically typed”. You do not need to declare variables before using them, or declare their type. Every variable in Python is an object.

Numbers

Python supports two types of numbers – integers(whole numbers) and floating point numbers(decimals).

myint = 7
print(myint) # Print integer 7

myfloat = 7.0
print(myfloat) # Print float 7.0

myfloat = float(7)
print(myfloat) # Print float 7.0

Strings

Strings are defined either with a single quote or a double quotes.

mystring = 'hello'
print(mystring)

mystring = "hello"
print(mystring)

Assignment of variables

first = sec = third = 1 # All three variables will be assigned 1
first, sec, third = "Hi", 75, 23.1 # Variables will be assigned in turn

To assign variable value from keyboard use command:

# String from keyboard will be assigned to variable first_var
first_var = input("Enter text: ") 

Change type of variable:

int_var = int(input("Enter integer number: "))
float_var = float(input("Enter float number: "))
str_var = str(input("Enter integer number: "))

float_var = float(int_var) # Convert int to float
int_var = int(float_var) + int(float_var) # Convert float to int
str_var = str(25) # Convert number 25 to string

If you try to convert string to number you will get error.

You can do arithmetic operations width variables

# Assign integer value 10 to variable int_var
int_var = int(5.0) + int(5.0) 

# Add 2 to int_var
int_var += 2

# Multiply string
str_var = 'Test'
str_var *= 5 # assing string 'TestTestTestTestTest'

Python Lesson 1 (Hello World):

Python is a very simple language, and has a very straightforward syntax. The simplest directive in Python is the “print” directive. In our first lesson we create script hello.py that write phrase “Hello World“.

print("Hello World\n")

Symbol \n used to set cursor on new line. That’s all it is let’s start our script:

python3 hello.py

And we will see phrase “Hello World” on our display.

Download video from YouTube and convert it to mp3 in Linux

To download video from YouTube you can use some site in Internet, but many of them have ads, viruses and don’t do what you need.

But you can use simple program youtube-dl. It is free, open source, work in console and can download video, audio from YouTube in one click.

To install youtube-dl use simple commands:

1. Install python:

sudo apt install python3
sudo ln -s /usr/bin/python3 /usr/local/bin/python

2. Install youtube-dl:

sudo wget https://yt-dl.org/downloads/latest/youtube-dl -O /usr/local/bin/youtube-dl
sudo chmod a+rx /usr/local/bin/youtube-dl

How to use youtube-dl:

To get all supported formats from YouTube video use command:

youtube-dl -F https://www.youtube.com/watch?v=QpqdtB4ssX0

Thic sommand show you all video formats and id’s

To download some format use flag -f and ID from previous command:

youtube-dl -f 18 https://www.youtube.com/watch?v=QpqdtB4ssX0

That’s all, video starts download. You can use it in terminal and don’t need to open suspicious sites.

You can also download playlists of video from YouTube the same way.

Convert video to mp3 audio.

And you can convert video to mp3 using program ffmpeg. To install ffmpeg use command:

sudo apt install ffmpeg

To convert video to mp3 use command:

ffmpeg -i video.mp4 -acodec libmp3lame audio.mp3

How to Enable Auto Login in Windows 10

To enable automatic login in Windows 10 use program netplwiz. Open Run command line (Win+R) and enter command netplwiz:

In next window uncheck option “User must enter a user name and password to use this computer.”

Enter password from your Windows 10 account and reboot computer.

Configure thumbnails for video files in nextcloud

Nextcloud use ffmpeg to generate thumbnails from video files, so you need to install ffmpeg on your server first:

sudo apt install ffmpeg

Now configure nextcloud. Open configuration file /config/config.php and add this lines:

'enable_previews' => true,
'enabledPreviewProviders' => array (
        0 => 'OC\\Preview\\Image',
        1 => 'OC\\Preview\\Movie',
        2 => 'OC\\Preview\\TXT',
),

That’s all, it is very simple 😉

How to Install NGINX and PHP 7.4 on Debian 10

Step 1: Install Nginx

Firstly install the prerequisites:

sudo apt install curl gnupg2 ca-certificates lsb-release

Then we need to add the Nginx mainline package to our repository so that when we run apt install nginx, we will download the mainline version instead of the old stable version.

echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" 
    | sudo tee /etc/apt/sources.list.d/nginx.list

Next we need to download the signing key so that we can verify its authenticity

curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -

If it prints out OK! then you are good to go!

Now update package repositories and install Nginx:

sudo apt update
sudo apt install nginx

That’s it! You have now installed the latest release of Nginx on Debian 10. You should now start it!

sudo systemctl start nginx.service

And Don’t forget to make it automatically start on system boot as well.

sudo systemctl enable nginx.service

Step 2: Install PHP 7.4

To install PHP 7.4 we need to add repository. Since PHP 7.4 didn’t come with Debian 10 it is required to add the following repository. Write this commands:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php

Update package repositories:

sudo apt update

And now install PHP 7.4:

sudo apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip php7.4-soap php7.4-imap

It is recommended to raise the memory limit to improve the overall performance. Your PHP configuration is located in /etc/php/7.4/fpm/php.ini.

sudo vim /etc/php/7.4/fpm/php.ini

Replace it with memory_limit = 256 and save document with :wq command. How to edit files in text editor Vim you can read here: How to exit Vim? And other required commands.

Step 3: Configure Nginx

Add nginx to www-data group

sudo usermod -a -G www-data nginx

Change owner of directory to www-data

sudo chown -R www-data /usr/share/nginx/html

Go into your default.conf file

sudo vim /etc/nginx/conf.d/default.conf

Replace your existing configuration file with the one below

server {
    listen       80;
    server_name  localhost;

    root   /usr/share/nginx/html;
    index  index.php index.html index.htm;

   location / {
    if ($request_uri ~ ^/(.*)\.html$) {
        return 302 /$1;
        }
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
        location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

}

Restart Nginx server:

service nginx restart

Now you can cteate test file fith information about PHP version:

nano /usr/share/nginx/html/phpinfo.php
phpinfo();

In Web-browser write IP address of server:
http://192.168.1.1/phpinfo.php

That’s all Nginx Server with PHP 7.4 installed.

Change default Grub 2 theme

Different themes for Grub 2 boot loader you can find on Gnome-Look website: https://www.gnome-look.org/browse?cat=109&ord=latest

To change Grub them use three simple steps:

1. Copy folder with theme into Grub themes directory:

/boot/grub/themes

2. Edit Grub configuration file /etc/default/grub and write there GRUB_THEME parameter:

GRUB_THEME=/boot/grub/themes/theme_folder/theme.txt

3. Update Grub configuration:

update-grub

Best three Grub themes:

1. Vimix

2. Tela

3. CyberRe