Setting Bypass Hit Squid,Mangle Game,Queue Tree,Browsing Terbaru di Mikrotik
Friday, August 30, 2013
Edit
Berikut setting mikrotik lengkap di gabung dengan proxy external terbaru saya dengan bandwidth contoh 2 MB.
Tujuan :
1.Squid (Saya Limit 80 MB) supaya lancard proxy tidak rusak.
2.Bandwidth otomatis bagi rata (brapa dapat dari internet otomatis di bagi rata ke client)
3.Limit Extention(download zip,rar,exe,youtube,dll) di limit..tapi jika udah pernah di download otomatis tidak akan terlimit,langsung menuju limit Squid Hit yaitu 80 MB.
4.ICMP (Internet Control Messege Protocol),ini untuk mengamankan ping yang besar..prioritas utama.
5.Port seluruh game yang ada di mangle dan di lemparkan ke tree untuk di prioritaskan yang teratas (ada dua pembagian game yaitu game facebook dan game online).
6.Blok Virus,Anti Netcut.
Ok langsung saja scripts nya...di Mainkan di “New Terminal” winbox=
1. Set jam supaya tidak berubah ubah (NTP client)
/system ntp client \
set enabled=yes mode=unicast \
primary-ntp=152.118.24.8 \
secondary-ntp=202.169.224.16
Kemudian di halaman utama winbox buka system kemudian clock dan sesuaikan waktu tanggal sekarang.
2. System Note
Ini scripts gunanya nanti jika buka “New Terminal” akan nongol Note nya=
/system note \
set note=http://routerosmikrotik.blogspot.com \
show-at-login=yes
3. NAT Transparent Proxy dan Local Masquerade
Sebelum lanjut ke scripts di bawah dan scripts seterusnya ganti nama interface anda yang mengarah ke modem yaitu=public dan yang mengarah ke client yaitu=local dan yang mengarah ke proxy yaitu=proxy supaya sinkron dengan sripts di bawah dan scripts seterusnya, sebelum copas scripts di bawah pastikan ip nya sesuaikan dengan ip interface yang mengarah ke proxy.
/ip firewall nat add action=dst-nat \
chain=dstnat comment="TRANSPARENT PROXY" \
disabled=no dst-port=80 in-interface=local \
protocol=tcp src-address=!192.168.254.0/24 \
to-addresses=192.168.254.2 to-ports=3128
/ip firewall nat add action=masquerade chain=srcnat \
comment=MASQUERADE disabled=no
4. Ip Firewall L7 Untuk limit extention terbaru :
/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie
/
5. Ip Firewall Filter Drop Virus,Anti Netcut :
/ip firewall filter
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward \
connection-state=invalid disabled=no
add action=drop chain=virus disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1433-1434 protocol=tcp
add action=drop chain=virus \
disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=445 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=65506 protocol=tcp
add action=jump chain=forward \
disabled=no jump-target=virus
add action=drop chain=input \
connection-state=invalid disabled=no
add action=accept chain=input \
disabled=no protocol=udp
add action=accept chain=input \
disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input \
disabled=no protocol=icmp
add action=accept chain=input \
disabled=no dst-port=21 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=22 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no \
dst-port=1723 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 \
protocol=tcp src-address-list=knock
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=61.213.183.1-61.213.183.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=67.195.134.1-67.195.134.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=68.142.233.1-68.142.233.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=68.180.217.1-68.180.217.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=203.84.204.1-203.84.204.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=69.63.176.1-69.63.176.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=69.63.181.1-69.63.181.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=63.245.209.1-63.245.209.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=63.245.213.1-63.245.213.254/
6. Ip Firewall Mangle
A.Ini Scripts Mangle Squid Hit,DSCP=12 untuk me Loss kan proxy dari limit client,Di queue tree saya buat 80 MB Posisi di mangle paling di letakkan paling atas=
/ip firewall mangle \
add action=mark-packet chain=postrouting \
comment="SQUID PROXY HIT" disabled=no dscp=12 \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com sphp" passthrough=no
B. Ini Scripts mangle untuk menstabilkan ping jika koneksi padat dan DNS :
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=ICMP \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
passthrough=yes protocol=icmp
/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
new-packet-mark="www.wirelessrouterp\
roxy.blogspot.com ip" passthrough=yes
/ip firewall mangle \
add action=change-dscp chain=prerouting \
new-dscp=1 packet-mark="www.wirelessrou\
terproxy.blogspot.com ip"
/ip firewall mangle \
add action=mark-connection chain=prerouting \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
comment=DNS dst-port=53 \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port=53 \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com dp" passthrough=yes
/ip firewall mangle \
add action=change-dscp chain=prerouting \
disabled=no new-dscp=1 packet-mark="www.wi\
relessrouterproxy.blogspot.com dp"
C. Ini Di bawah Scripts mangle Untuk pembagian otomatis bandwidth browsing Upload dan Download, Sesuaikan network yang kolom bewarna merah dengan network local client anda :
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP dst-port=80 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpd" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpu" \
passthrough=no src-address=192.168.25.0/24
D. Ini Di bawah Scripts untuk Game Online dan Game facebook Upload dan download nya, Sesuaikan network yang kolom bewarna merah dengan network local client anda :
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,53\
40-5352,6000-6001,6000-6152,7777" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11\
041,10402,11031,12011,12110,13413,15000-15\
002,15001,15002" \
new-connection-mark="www\
.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-1890\
9,19000,19101,22100,27780,29000,29200,3910\
0,39110,39220,39190,49100" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="ww\
w.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,940\
1,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="w\
ww.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=udp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterproxy.blog\
spot.com gopd" passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gopu" \
passthrough=no src-address=192.168.25.0/24
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="www.wirelessro\
uterproxy.blogspot.com gfc" passthrough=yes \
protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" disabled=no \
dst-address=192.168.25.0/24 new-packet-mark="w\
ww.wirelessrouterproxy.blogspot.com gfpd" \
passthrough=no
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gfpu"\
passthrough=no src-address=192.168.25.0/24
E. Ini di bawah scripts mangle untuk limit Mivo TV :
/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="MIVO TV" dst-port=1935 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com mtc" passthrough=yes protocol=tcp
/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blogsp\
ot.com mtc" disabled=no \
new-packet-mark="MIVO TV" passthrough=no
F. Ini Di bawah Scripts mangle untuk Limit extention (yang download rar,zip,exe,dll ) akan di limit dan jika udah pernah di download tidak akan masuk limit mangle ini, otomatis ke Ip Firewall Mangle Squid Hit,DSCP=12 :
/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no/
7. Queue Type
/queue type \
add kind=pcq name="PROXY DOWN" \
pcq-classifier=dst-address
/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port
/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port
/queue type \
add kind=pfifo name=PING pfifo-limit=64
8. Queue Tree
A. Ini Di bawah Scripts Queue tree untuk Squid Hit limit 80 MB :
/queue tree \
add max-limit=80000000 name="1.PROXY HIT" \
packet-mark="www.wirelessrouterproxy.blogspot.c\
om sphp" parent=local priority=2 \
queue="PROXY DOWN"
B. Di bawah ini Scripts Queue tree untuk GAME DOWN, yang nantinya child child adalahGAME ONLINE DOWN dan GAME FACEBOOK DOWN:
/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2
C. Di bawah ini Scripts Queue tree untuk GAME UPLOAD , yang nantinya child child adalah GAME ONLINE UPLOAD dan GAME FACEBOOK UPLOAD :
/queue tree \
add max-limit=2000000 \
name="3.GAME UPLOAD" \
parent=public priority=2
D. Di bawah ini adalah Scripts BROWSING UPLOAD, perhatikan tulisan yang berwarna merah,itu adalah max limit uploadnya, silahkan isi 60% dari bandwidth upload anda, bandwidth upload saya adalah 512000 (512KB) dan di max limit tersebut saya isi 300000 (300KB) karna sisanya untuk game:
/queue tree \
add max-limit=300000 \
name="4.BROWSING UPLOAD" \
packet-mark="www.wirelessrouterpr\
oxy.blogspot.com hpu" parent=proxy \
priority=4 queue=UP
E. Di bawah ini adalah Scripts ALL HTTP DOWN, yang nantinya child child nya adalah BROWSING DOWN, LIMIT EXTENTION, perhatikan tulisan yang berwarna merah, itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8MB) karna sisanya untuk game dan ping, silahkan sesuaikan isinya dengan kapasitas download bandwidth anda :
/queue tree \
add max-limit=1800000 \
name="5.ALL HTTP DOWN" \
parent=global-out priority=2
F. Di bawah ini adalah Scripts PING untuk download, untuk melosskan ping dari koneksi yang penuh priority=1, tidak ada perubahan untuk max limit ini :
/queue tree
add limit-at=8000 max-limit=30000 \
name=6.PING1 packet-mark="www.wirelessrouterpr\
oxy.blogspot.com ip" parent=global-out priority=1 \
queue=PING
G. Di bawah ini adalah Scripts PING untuk upload ,untuk melosskan ping dari koneksi yang penuh priority=1, tidak ada perubahan untuk max limit ini :
/queue tree \
add limit-at=8000 max-limit=30000 \
name=7.PING2 packet-mark="www.wirelessrouter\
proxy.blogspot.com ip" parent=public priority=1 \
queue=PING
H. Di bawah ini adalah Scripts DNS down, priority=1, tidak ada perubahan untuk max limit ini:
/queue tree \
add limit-at=8000 max-limit=30000 \
name=8.DNS1 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp" parent=global-out priority=1 \
queue=PING
I. Di bawah ini adalah Scripts DNS up, priority=1, tidak ada perubahan untuk max limit ini:
/queue tree \
add limit-at=8000 max-limit=30000 \
name=9.DNS2 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp" parent=public \
priority=1 queue=PING
J. Di bawah ini adalah scripts GAME ONLINE DOWN yang parentnya adalah GAME DOWN,limit terendah saya isi 512000(512KB) dan limit tertinggi adalah 2000000 (2MB), perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda.
/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN
K. Di bawah ini adalah scripts GAME FACEBOOK DOWN yang parentnya adalah GAME DOWN, limit tertinggi adalah 512000 (512KB), perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda.
/queue tree \
add max-limit=512000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN
L. Di bawah ini adalah scripts GAME ONLINE UPLOAD yang parentnya adalah GAME UPLOAD,limit terendah saya isi 512000 (512KB) dan limit tertinggi adalah 2000000 (2MB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda.
/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopu" \
parent="3.GAME UPLOAD" priority=2 queue=UP
M.Di bawah ini adalah Scripts GAME FACEBOOK UPLOAD yang parentnya adalah GAME UPLOAD,limit tertinggi adalah 256000 (256KB), perhatikan tulisan yang bewarna merah di bawah, sesuaikan dengan bandwidth anda.
/queue tree \
add limit-at=0 max-limit=256000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP
N. Di bawah ini adalah Scripts BROWSING DOWN yang parentnya adalah HTT DOWN, perhatikan tulisan yang berwarna merah, itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8 MB) karna sisanya untuk game dan ping, silahkan sesuaikan isinya dengan kapasitas download bandwidth anda.
/queue tree \
add max-limit=1800000 \
name="1.BROWSING DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com hpd" \
parent="5.ALL HTTP DOWN" \
priority=3 queue=DOWN
O. Di bawah ini adalah scripts LIMIT EXTENTION yang parentnya adalah HTTP DOWNyang nantinya child child nya adalah file extention yaitu zip,rar,exe,youtube,porn dll,di bandwidth 2 MB perhatikan tulisan yang warna merah di bawah saya isi max limtinya 1000000 (1MB) bagi rata seluruh file extention tersebut,silahkan sesuaikan dengan bandwidth anda,recomendasi saya 50% dari total download bandwidth.
/queue tree \
add max-limit=1000000 \
name="4.LIMIT EXTENTION" \
parent="5.ALL HTTP DOWN" priority=5
P.Di bawah ini adalah LIMIT EXTENTION zip, rar, exe, youtube, porn dll, parentnya adalah LIMIT EXTENTION termasuk di dalamnya Mivo TV.
/queue tree
add name=YOUTUBE \
parent="4.LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="4.LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="4.LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
/
Setelah Di setting jangan lupa Mikrotiknya di Restart..
sumber : www.wirelessrouterproxy.blogspot.com