/ip firewall mangle

add action=mark-connection chain=input comment=INB_C_1 connection-state=new \

disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=\yes
add action=mark-connection chain=input comment=INB_C_2 connection-state=new \
disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=\yes
add action=mark-connection chain=input comment=INB_C_3 connection-state=new \
disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=\yes
add action=mark-connection chain=input comment=INB_C_4 connection-state=new \
disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=\yes
add action=mark-routing chain=output comment=INB_R_1 connection-mark=\
WAN1_conn connection-state=new disabled=no new-routing-mark=wan1 \
out-interface=WAN1 passthrough=no
add action=mark-routing chain=output comment=INB_R_2 connection-mark=\
WAN2_conn connection-state=new disabled=no new-routing-mark=wan2 \
out-interface=WAN2 passthrough=no
add action=mark-routing chain=output comment=INB_R_3 connection-mark=\
WAN3_conn connection-state=new disabled=no new-routing-mark=wan3 \
out-interface=WAN3 passthrough=no
add action=mark-routing chain=output comment=INB_R_4 connection-mark=\
WAN4_conn connection-state=new disabled=no new-routing-mark=wan4 \
out-interface=WAN4 passthrough=no
add action=mark-connection chain=prerouting comment=EST_C_1 connection-state=\
established disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn \
passthrough=yes protocol=tcp src-port=!80
add action=mark-connection chain=prerouting comment=EST_C_2 connection-state=\
established disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn \
passthrough=yes protocol=tcp src-port=!80
add action=mark-connection chain=prerouting comment=EST_C_3 connection-state=\
established disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn \
passthrough=yes protocol=tcp src-port=!80
add action=mark-connection chain=prerouting comment=EST_C_4 connection-state=\
established disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn \
passthrough=yes protocol=tcp src-port=!80
add action=mark-routing chain=output comment=EST_R_1 connection-mark=\
WAN1_conn connection-state=established disabled=no dst-port=!80 \
new-routing-mark=wan1 passthrough=no protocol=tcp
add action=mark-routing chain=output comment=EST_R_2 connection-mark=\
WAN2_conn connection-state=established disabled=no dst-port=!80 \
new-routing-mark=wan2 passthrough=no protocol=tcp
add action=mark-routing chain=output comment=EST_R_3 connection-mark=\
WAN3_conn connection-state=established disabled=no dst-port=!80 \
new-routing-mark=wan3 passthrough=no protocol=tcp
add action=mark-routing chain=output comment=EST_R_4 connection-mark=\
WAN4_conn connection-state=established disabled=no dst-port=!80 \
new-routing-mark=wan4 passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=PCC_C_1 disabled=no \
dst-address-type=!local dst-port=!80 in-interface=LAN \
new-connection-mark=wan1_pcc_conn passthrough=yes \
per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-connection chain=prerouting comment=PCC_C_2 disabled=no \
dst-address-type=!local dst-port=!80 in-interface=LAN \
new-connection-mark=wan2_pcc_conn passthrough=yes \
per-connection-classifier=both-addresses:4/1 protocol=tcp
add action=mark-connection chain=prerouting comment=PCC_C_3 disabled=no \
dst-address-type=!local dst-port=!80 in-interface=LAN \
new-connection-mark=wan3_pcc_conn passthrough=yes \
per-connection-classifier=both-addresses:4/2 protocol=tcp
add action=mark-connection chain=prerouting comment=PCC_C_4 disabled=no \
dst-address-type=!local dst-port=!80 in-interface=LAN \
 new-connection-mark=wan4_pcc_conn passthrough=yes \
per-connection-classifier=both-addresses:4/3 protocol=tcp
add action=mark-connection chain=prerouting comment=PCC_C_1 disabled=no \
dst-address-type=!local in-interface=LAN new-connection-mark=\
wan1_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:4/0 protocol=udp
add action=mark-connection chain=prerouting comment=PCC_C_2 disabled=no \
dst-address-type=!local in-interface=LAN new-connection-mark=\
wan2_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:4/1 protocol=udp
add action=mark-connection chain=prerouting comment=PCC_C_3 disabled=no \
dst-address-type=!local in-interface=LAN new-connection-mark=\
wan3_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:4/2 protocol=udp
add action=mark-connection chain=prerouting comment=PCC_C_4 disabled=no \
dst-address-type=!local in-interface=LAN new-connection-mark=\
wan4_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:4/3 protocol=udp
add action=mark-routing chain=prerouting comment=PCC_R_1 connection-mark=\
wan1_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan1 \
passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_R_2 connection-mark=\
wan2_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan2 \
passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_R_3 connection-mark=\
wan3_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan3 \
passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_R_4 connection-mark=\
wan4_pcc_conn disabled=no in-interface=LAN new-routing-mark=wan4 \
passthrough=yes
add action=mark-connection chain=prerouting comment=NTH_C_1 connection-state=\
new disabled=no dst-port=80 in-interface=LAN new-connection-mark=nth_wan1 \
nth=4,1 passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=NTH_R_1 connection-mark=\
nth_wan1 disabled=no dst-port=80 in-interface=LAN new-routing-mark=wan1 \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=NTH_C_2 connection-state=\
new disabled=no dst-port=80 in-interface=LAN new-connection-mark=nth_wan2 \
nth=3,1 passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=NTH_R_2 connection-mark=\
nth_wan2 disabled=no dst-port=80 in-interface=LAN new-routing-mark=wan2 \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=NTH_C_3 connection-state=\
new disabled=no dst-port=80 in-interface=LAN new-connection-mark=nth_wan3 \
nth=2,1 passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=NTH_R_3 connection-mark=\
nth_wan3 disabled=no dst-port=80 in-interface=LAN new-routing-mark=wan3 \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=NTH_C_4 connection-state=\
new disabled=no dst-port=80 in-interface=LAN new-connection-mark=nth_wan4 \
nth=1,1 passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=NTH_R_4 connection-mark=\
nth_wan4 disabled=no dst-port=80 in-interface=LAN new-routing-mark=wan4 \
passthrough=no protocol=tcp
add action=mark-connection chain=input disabled=yes in-interface=WAN1 \
new-connection-mark=conex_WAN1 passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=WAN2 \
new-connection-mark=conex_WAN2 passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=WAN3 \
 new-connection-mark=conex_WAN3 passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=WAN4 \
new-connection-mark=conex_WAN4 passthrough=yes
add action=mark-routing chain=output comment="output WAN1" connection-mark=\
conex_WAN1 disabled=yes new-routing-mark=wan1 passthrough=no
add action=mark-routing chain=output comment="output WAN2" connection-mark=\
conex_WAN2 disabled=yes new-routing-mark=wan2 passthrough=no
add action=mark-routing chain=output comment="output WAN3" connection-mark=\
conex_WAN3 disabled=yes new-routing-mark=wan3 passthrough=no
add action=mark-routing chain=output comment="output WAN4" connection-mark=\
conex_WAN4 disabled=yes new-routing-mark=wan4 passthrough=no
add action=mark-connection chain=prerouting comment=PCC1 disabled=yes \
dst-address-type=!local in-interface=LAN new-connection-mark=conex_WAN1 \
passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting comment=PCC2 disabled=yes \
dst-address-type=!local in-interface=LAN new-connection-mark=conex_WAN2 \
passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting comment=PCC3 disabled=yes \
dst-address-type=!local in-interface=LAN new-connection-mark=conex_WAN3 \
passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting comment=PCC4 disabled=yes \
dst-address-type=!local in-interface=LAN new-connection-mark=conex_WAN4 \
passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting comment="R PPC1" connection-mark=\
conex_WAN1 disabled=yes in-interface=LAN new-routing-mark=wan1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="R PCC2" connection-mark=\
conex_WAN2 disabled=yes in-interface=LAN new-routing-mark=wan2 \
passthrough=yes
add action=mark-routing chain=prerouting comment="R PCC3" connection-mark=\
conex_WAN3 disabled=yes in-interface=LAN new-routing-mark=wan3 \
passthrough=yes
add action=mark-routing chain=prerouting comment="R PCC4" connection-mark=\
conex_WAN4 disabled=yes in-interface=LAN new-routing-mark=wan4 \
passthrough=yes

/ip firewall filter

add action=drop chain=input comment="Proteccion VSC contra ataques via SSH"
disabled=yes dst-port=22 protocol=tcp \
src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-
timeout=1w3d chain=input connection-state=new \
disabled=yes dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m
chain=input connection-state=new \
disabled=yes dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m
chain=input connection-state=new \
disabled=yes dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m
chain=input connection-state=new \
disabled=yes dst-port=22 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no
protocol=icmp
add action=accept chain=input comment="default configuration" connection-
state=established disabled=no
add action=accept chain=input comment="default configuration" connection-
state=related disabled=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
add action=masquerade chain=srcnat disabled=no out-interface=WAN3
add action=masquerade chain=srcnat disabled=no out-interface=WAN4

/system script
add name="conexion 2" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=\
"/ip dhcp-client release WAN2"
add name="conexion 1" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/ip dhcp-client release WAN1"
add name="conexion 3" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=\
"/ip dhcp-client release WAN3"
add name="conexion 4" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/ip dhcp-client release WAN4"

add name=failover-WAN1 policy=\

ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:global GA [/ip dhcp-client get WAN1 gateway] \r\r\
\n:global GB [/ip dhcp-client get WAN2 gateway]\r\r\
\n\r\r\
\n:global pingresultA\r\r\
\n:global pingresultB\r\r\
\n\r\r\
\n:if ([:len \$GA] != 0) do={\r\r\
\n :global pingresultA [/ping \$GA interface=WAN1 count=3]\r\r\
\n} else={\r\r\
\n :global pingresultA 0\r\r\
\n}\r\r\
\n#Si WAN1 esta activo:\r\r\
\n:if (\$pingresultA>0) do={\r\r\
\n:local gatewayNuevo [/ip dhcp-client get [find interface=WAN1] gateway]\
\r\r\
\n:local gatewayActivo [/ip route get [find routing-mark=wan1] gateway]\r\
\r\
\n:if (\"\$gatewayNuevo%WAN1\" != \"\$gatewayActivo\") do={\r\r\
\n/ip route set [find routing-mark=wan1] gateway=([/ip dhcp-client get [fi\
nd interface=WAN1] gateway] . \"%WAN1\");\r\r\
\n:log info \"WAN1 activo y se actualiza Gateway\" \r\r\
\n} \r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN1 se cae:\r\r\
\n:if (\$pingresultA=0) do={\r\r\
\n:local status [/ip dhcp-client get [/ip dhcp-client find interface=WAN1]\
\_status ]\r\r\
\n:if (\$status=\"bound\") do={\r\r\
\n/ip dhcp-client set [find interface=WAN1] disabled=yes\r\r\
\n:local d [/ip dhcp-client get [/ip dhcp-client find interface=WAN1] disa\
bled ]\r\r\
 \n:if (\$d=true) do={\r\r\
\n/ip dhcp-client set [find interface=WAN1] disabled=no\r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:local pingresultB [/ping 208.67.220.220 interface=WAN2 count=10]\r\r\
\n:if (\$pingresultB>0) do={ \r\r\
\n:local gatewayNuevoB [/ip dhcp-client get [find interface=WAN2] gateway \
]\r\r\
\n:local gatewayActivoA [/ip route get [find routing-mark=wan1] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoB%WAN2\" != \"\$gatewayActivoA\") do={\r\r\
\n/ip route set [find routing-mark=wan1] gateway=([/ip dhcp-client get [fi\
nd interface=WAN2] gateway ] . \"%WAN2\");\r\r\
\n:log info \"WAN1 inactivo se le asigna el Gateway del WAN2 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultB=0) do={ \r\r\
\n:local pingresultC [/ping 208.67.220.220 interface=WAN3 count=10]\r\r\
\n:if (\$pingresultC>0) do={ \r\r\
\n:local gatewayNuevoC [/ip dhcp-client get [find interface=WAN3] gateway \
]\r\r\
\n :local gatewayActivoA [/ip route get [find routing-mark=wan1] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoC%WAN3\" != \"\$gatewayActivoA\") do={\r\r\
\n/ip route set [find routing-mark=wan1] gateway=([/ip dhcp-client get [fi\
nd interface=WAN3] gateway ] . \"%WAN3\");\r\r\
\n:log info \"WAN1 inactivo se le asigna el Gateway del WAN3 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultC=0) do={\r\r\
\n:local pingresultD [/ping 208.67.220.220 interface=WAN4 count=10]\r\r\
\n:if (\$pingresultD>0) do={ \r\r\
\n:local gatewayNuevoD [/ip dhcp-client get [find interface=WAN4] gateway \
]\r\r\
\n:local gatewayActivoA [/ip route get [find routing-mark=wan1] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoD%WAN4\" != \"\$gatewayActivoA\") do={\r\r\
\n/ip route set [find routing-mark=wan1] gateway=([/ip dhcp-client get [fi\
nd interface=WAN4] gateway ] . \"%WAN4\");\r\r\
\n:log info \"WAN1 inactivo se le asigna el Gateway del WAN4 \"\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}"
add name=failover-WAN2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:global GA [/ip dhcp-client get WAN1 gateway] \r\r\
\n:global GB [/ip dhcp-client get WAN2 gateway]\r\r\
\n\r\r\
\n:global pingresultA\r\r\
\n:global pingresultB\r\r\
\n\r\r\
\n:if ([:len \$GB] != 0) do={\r\r\
\n :global pingresultB [/ping \$GB interface=WAN2 count=3]\r\r\
\n} else={\r\r\
\n :global pingresultB 0\r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN2 esta activo:\r\r\
\n:if (\$pingresultB>0) do={\r\r\
\n:local gatewayNuevo [/ip dhcp-client get [find interface=WAN2] gateway ]\
\r\r\
\n:local gatewayActivo [/ip route get [find routing-mark=wan2] gateway]\r\
\r\
\n:if (\"\$gatewayNuevo%WAN2\" != \"\$gatewayActivo\") do={\r\r\
\n/ip route set [find routing-mark=wan2] gateway=([/ip dhcp-client get [fi\
nd interface=WAN2] gateway ] . \"%WAN2\");\r\r\
\n:log info \"WAN2 activo y se actualiza Gateway\" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN2 se cae:\r\r\
\n:if (\$pingresultB=0) do={ \r\r\
\n:local status [/ip dhcp-client get [/ip dhcp-client find interface=WAN2]\
\_status ]\r\r\
\n:if (\$status=\"bound\") do={\r\r\
\n/ip dhcp-client set [find interface=WAN2] disabled=yes\r\r\
\n:local d [/ip dhcp-client get [/ip dhcp-client find interface=WAN2] disa\
bled ]\r\r\
\n:if (\$d=true) do={\r\r\
\n/ip dhcp-client set [find interface=WAN2] disabled=no\r\r\
\n}\r\r\
\n}\r\r\
\n \r\r\
\n:local pingresultA [/ping 208.67.222.222 interface=WAN1 count=10]\r\r\
\n:if (\$pingresultA>0) do={ \r\r\
\n:local gatewayNuevoA [/ip dhcp-client get [find interface=WAN1] gateway \
]\r\r\
\n:local gatewayActivoB [/ip route get [find routing-mark=wan2] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoA%WAN1\" != \"\$gatewayActivoB\") do={\r\r\
\n/ip route set [find routing-mark=wan2] gateway=([/ip dhcp-client get [fi\
nd interface=WAN1] gateway ] . \"%WAN1\");\r\r\
\n:log info \"WAN2 inactivo se le asigna el Gateway del WAN1 \" \r\r\
\n}\r\r\
\n}\r\r\
\n:if (\$pingresultA=0) do={ \r\r\
\n:local pingresultC [/ping 208.67.222.222 interface=WAN3 count=10]\r\r\
\n:if (\$pingresultC>0) do={ \r\r\
\n:local gatewayNuevoC [/ip dhcp-client get [find interface=WAN3] gateway \
]\r\r\
\n:local gatewayActivoB [/ip route get [find routing-mark=wan2] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoC%WAN3\" != \"\$gatewayActivoB\") do={\r\r\
\n/ip route set [find routing-mark=wan2] gateway=([/ip dhcp-client get [fi\
nd interface=WAN3] gateway ] . \"%WAN3\");\r\r\
\n:log info \"WAN2 inactivo se le asigna el Gateway del WAN3 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultC=0) do={ \r\r\
\n:local pingresultD [/ping 208.67.222.222 interface=WAN4 count=10]\r\r\
\n:if (\$pingresultD>0) do={ \r\r\
\n:local gatewayNuevoD [/ip dhcp-client get [find interface=WAN4] gateway \
 ]\r\r\
\n:local gatewayActivoB [/ip route get [find routing-mark=wan2] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoD%WAN4\" != \"\$gatewayActivoB\") do={\r\r\
\n/ip route set [find routing-mark=wan2] gateway=([/ip dhcp-client get [fi\
nd interface=WAN4] gateway ] . \"%WAN4\");\r\r\
\n:log info \"WAN2 inactivo se le asigna el Gateway del WAN4\"\r\r\
\n\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}"
add name=failover-WAN3 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:global GA [/ip dhcp-client get WAN1 gateway]\r\r\
\n:global GC [/ip dhcp-client get WAN3 gateway]\r\r\
\n\r\r\
\n:global pingresultA\r\r\
\n:global pingresultC\r\r\
\n\r\r\
\n:if ([:len \$GC] != 0) do={\r\r\
\n :global pingresultC [/ping \$GC interface=WAN3 count=3]\r\r\
\n} else={\r\r\
\n :global pingresultC 0\r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN3 esta activo:\r\r\
\n:if (\$pingresultC>0) do={\r\r\
\n:local gatewayNuevo [/ip dhcp-client get [find interface=WAN3] gateway]\
\r\r\
\n:local gatewayActivo [/ip route get [find routing-mark=wan3] gateway]\r\
\r\
\n:if (\"\$gatewayNuevo%WAN3\" != \"\$gatewayActivo\") do={\r\r\
\n/ip route set [find routing-mark=wan3] gateway=([/ip dhcp-client get [fi\
nd interface=WAN3] gateway] . \"%WAN3\");\r\r\
\n:log info \"WAN3 activo y se actualiza Gateway\" \r\r\
\n} \r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN3 se cae:\r\r\
\n:if (\$pingresultC=0) do={ \r\r\
\n:local status [/ip dhcp-client get [/ip dhcp-client find interface=WAN3]\
\_status]\r\r\
\n:if (\$status=\"bound\") do={\r\r\
\n/ip dhcp-client set [find interface=WAN3] disabled=yes\r\r\
\n:local d [/ip dhcp-client get [/ip dhcp-client find interface=WAN3] disa\
bled]\r\r\
\n:if (\$d=true) do={\r\r\
\n/ip dhcp-client set [find interface=WAN3] disabled=no\r\r\
\n}\r\r\
\n}\r\r\
\n \r\r\
\n:local pingresultB [/ping 208.67.222.222 interface=WAN4 count=10]\r\r\
\n:if (\$pingresultB>0) do={ \r\r\
\n:local gatewayNuevoB [/ip dhcp-client get [find interface=WAN4] gateway]\
\r\r\
\n:local gatewayActivoC [/ip route get [find routing-mark=wan3] gateway]\r\
\r\
 \n:if (\"\$gatewayNuevoB%WAN4\" != \"\$gatewayActivoC\") do={\r\r\
\n/ip route set [find routing-mark=wan3] gateway=([/ip dhcp-client get [fi\
nd interface=WAN4] gateway] . \"%WAN4\");\r\r\
\n:log info \"WAN3 inactivo se le asigna el Gateway del WAN4 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultB=0) do={ \r\r\
\n:local pingresultA [/ping 208.67.222.222 interface=WAN1 count=10]\r\r\
\n:if (\$pingresultA>0) do={ \r\r\
\n:local gatewayNuevoA [/ip dhcp-client get [find interface=WAN1] gateway]\
\r\r\
\n:local gatewayActivoC [/ip route get [find routing-mark=wan3] gateway]\r\
\r\
\n:if (\"\$gatewayNuevoA%WAN1\" != \"\$gatewayActivoC\") do={\r\r\
\n/ip route set [find routing-mark=wan3] gateway=([/ip dhcp-client get [fi\
nd interface=WAN1] gateway ] . \"%WAN1\");\r\r\
\n:log info \"WAN3 inactivo se le asigna el Gateway del WAN1 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultA=0) do={ \r\r\
\n:local pingresultD [/ping 208.67.222.222 interface=WAN2 count=10]\r\r\
\n:if (\$pingresultD>0) do={ \r\r\
\n:local gatewayNuevoD [/ip dhcp-client get [find interface=WAN2] gateway \
]\r\r\
\n:local gatewayActivoC [/ip route get [find routing-mark=wan3] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoD%WAN2\" != \"\$gatewayActivoC\") do={\r\r\
\n/ip route set [find routing-mark=wan3] gateway=([/ip dhcp-client get [fi\
nd interface=WAN2] gateway ] . \"%WAN2\");\r\r\
\n:log info \"WAN3 inactivo se le asigna el Gateway del WAN2 \"\r\r\
\n\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}\r\r\
\n}"
add name=failover-WAN4 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:global GA [/ip dhcp-client get WAN1 gateway] \r\r\
\n:global GD [/ip dhcp-client get WAN4 gateway]\r\r\
\n\r\r\
\n:global pingresultA\r\r\
\n:global pingresultD\r\r\
\n\r\r\
\n:if ([:len \$GD] != 0) do={\r\r\
\n :global pingresultD [/ping \$GD interface=WAN4 count=3]\r\r\
\n} else={\r\r\
\n :global pingresultD 0\r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN4 esta activo:\r\r\
\n:if (\$pingresultD>0) do={\r\r\
\n:local gatewayNuevo [/ip dhcp-client get [find interface=WAN4] gateway]\
\r\r\
\n:local gatewayActivo [/ip route get [find routing-mark=wan4] gateway]\r\
\r\
\n:if (\"\$gatewayNuevo%WAN4\" != \"\$gatewayActivo\") do={\r\r\
\n/ip route set [find routing-mark=wan4] gateway=([/ip dhcp-client get [fi\
nd interface=WAN4] gateway ] . \"%WAN4\");\r\r\
\n:log info \"WAN4 activo y se actualiza Gateway\" \r\r\
\n} \r\r\
\n}\r\r\
\n\r\r\
\n#Si WAN4 se cae:\r\r\
\n:if (\$pingresultD=0) do={\r\r\
\n:local status [/ip dhcp-client get [/ip dhcp-client find interface=WAN4]\
\_status ]\r\r\
\n:if (\$status=\"bound\") do={\r\r\
\n/ip dhcp-client set [find interface=WAN4] disabled=yes\r\r\
\n:local d [/ip dhcp-client get [/ip dhcp-client find interface=WAN4] disa\
bled ]\r\r\
\n:if (\$d=true) do={\r\r\
\n/ip dhcp-client set [find interface=WAN4] disabled=no\r\r\
\n}\r\r\
\n}\r\r\
\n \r\r\
\n:local pingresultC [/ping 208.67.222.222 interface=WAN3 count=10]\r\r\
\n:if (\$pingresultC>0) do={ \r\r\
\n:local gatewayNuevoC [/ip dhcp-client get [find interface=WAN3] gateway \
]\r\r\
\n:local gatewayActivoD [/ip route get [find routing-mark=wan4] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoC%WAN3\" != \"\$gatewayActivoD\") do={\r\r\
\n/ip route set [find routing-mark=wan4] gateway=([/ip dhcp-client get [fi\
nd interface=WAN3] gateway ] . \"%WAN3\");\r\r\
\n:log info \"WAN4 inactivo se le asigna el Gateway del WAN3 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultC=0) do={ \r\r\
\n:local pingresultB [/ping 208.67.222.222 interface=WAN2 count=10]\r\r\
\n:if (\$pingresultB>0) do={ \r\r\
\n:local gatewayNuevoB [/ip dhcp-client get [find interface=WAN2] gateway \
]\r\r\
\n :local gatewayActivoD [/ip route get [find routing-mark=wan4] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoB%WAN2\" != \"\$gatewayActivoD\") do={\r\r\
\n/ip route set [find routing-mark=wan4] gateway=([/ip dhcp-client get [fi\
nd interface=WAN2] gateway ] . \"%WAN2\");\r\r\
\n:log info \"WAN4 inactivo se le asigna el Gateway del WAN2 \" \r\r\
\n}\r\r\
\n}\r\r\
\n\r\r\
\n:if (\$pingresultB=0) do={ \r\r\
\n:local pingresultA [/ping 208.67.222.222 interface=WAN1 count=10]\r\r\
\n:if (\$pingresultA>0) do={ \r\r\
\n:local gatewayNuevoA [/ip dhcp-client get [find interface=WAN1] gateway \
]\r\r\
\n :local gatewayActivoD [/ip route get [find routing-mark=wan4] gateway ]\
\r\r\
\n:if (\"\$gatewayNuevoA%WAN1\" != \"\$gatewayActivoD\") do={\r\r\
\n/ip route set [find routing-mark=wan4] gateway=([/ip dhcp-client get [fi\
nd interface=WAN1] gateway ] . \"%WAN1\");\r\r\
\n:log info \"WAN4 inactivo se le asigna el Gateway del WAN1 \"\r\r\
\n\r\r\
\n}\r\r\
 \n}\r\r\
\n}\r\r\
\n}\r\r\
\n}"

/system scheduler
add disabled=no interval=40s name=WAN1-run on-event=\
"/system script run failover-WAN1" policy=\