SETTING MIKROTIK 1 LINE SPEEDY+PROXY EKSTERNAL
Wednesday, August 14, 2013
Edit
Modem : 192.168.3.1
IP ADDRESS IN CPU PROXY SERVER :
192.168.27.27
IP ADDRESS MODEM IN MIKROTIK:
192.168.3.2/24
INTERFACE NAME :
ether1 : Modem
ether2 : LAN
ether3 : Proxy
INTERFACE LIST :
/interface
add name="Modem" type="ether" mtu=1500 l2mtu=1524
add name="LAN" type="ether" mtu=1500 l2mtu=1524
add name="Proxy" type="ether" mtu=1500 l2mtu=1524
IP ADDRESS LIST :
/ip addr
add address=192.168.3.2/24 network=192.168.3.0 interface=Modem1 actual-interface=Modem
add address=192.168.1.1/24 network=192.168.1.0 interface=LAN actual-interface=LAN
add address=192.168.27.1/24 network=192.168.27.0 interface=Proxy actual-interface=Proxy
PPP-PPPoE CLIENT :
/interface pppoe-client
add name="pppoe-speedy1" max-mtu=1480 max-mru=1480 mrru=disabled interface=Modem user="*********@telkom.net" \
password="******" profile=default service-name="AnJeLaNeT" ac-name="" add-default-route=yes dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2
********* = ISI DGN USERNAME & PASSWORD SPEEDY ANDA
IP DNS :
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145
Gunakan IP DNS ISP anda (IP DNS terbaik adalah IP DNS dengan loop terpendek yaitu IP DNS ISP di wilayah anda)
IP DHCP SERVER :
DHCP-->DHCP Setup-->DHCP Server Interface=LAN-->NEXT..............FINISH
Gunakan IP openDNS (Jika anda ingin memilah situs2 yang akan di blok) : 208.67.222.222 208.67.220.220
Gunakan IP DNS Nawala (Jika anda ingin otomatis situs2 yang akan di blok terutama situs2 porno) : 180.131.144.144 180.131.145.145
IP FIRWALL NAT :
/ip fi nat
TRANSPARENT PROXY
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=3128 protocol=tcp src-address-list=LAN-NeT \
dst-address-list=!Proxy-NeT in-interface=LAN dst-port=80,81,8081,8080,3128
MASQUERADE
add chain=srcnat action=masquerade out-interface=pppoe-speedy1
add chain=srcnat action=masquerade out-interface=Modem
Transparent DNS
add chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53
add chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53
SSH PROXY OUT REMOTE TO WINsCP
add chain=dstnat action=dst-nat to-addresses=192.168.27.27 to-ports=22 protocol=tcp dst-address="IP PUBLIK" \
dst-port=22 comment="SSH PROXY OUT REMOTE TO WINsCP"
"IP PUBLIK" : Isi dengan IP Publik Internet Speedy anda
IP FIREWALL ADDRESS-LIST
/ip fi addr
add list=LAN-NeT address=192.168.1.0/24
add list=Proxy-NeT address=192.168.27.0/24
Tambahan :
add list=Games address=203.89.146.0/23 comment="Gemscool"
add list=Games address=203.89.147.0/24 comment="Gemscool"
add list=Games address=203.89.146.156 comment="Gemscool"
add list=Games address=203.89.146.158 comment="Gemscool"
add list=Games address=203.89.146.166 comment="Gemscool"
add list=Games address=203.89.147.11 comment="Gemscool"
add list=Games address=203.89.146.99 comment="Gemscool"
add list=Games address=203.89.147.31 comment="Gemscool"
add list=Games address=203.89.146.130 comment="Gemscool"
add list=Games address=202.93.20.0/23 comment="Lytogame"
add list=Games address=202.93.21.0/24 comment="Lytogame"
add list=Games address=202.43.171.0/24 comment="Lytogame"
add list=Games address=202.93.16.0/24 comment="Lytogame"
add list=Games address=202.43.167.72 comment="Lytogame"
add list=Games address=202.93.20.253 comment="Lytogame"
add list=Games address=202.93.17.197 comment="Lytogame"
add list=Games address=117.103.58.198 comment="Lytogame"
add list=Games address=202.93.17.219 comment="Lytogame"
add list=Games address=202.103.21.84 comment="Lytogame"
add list=Games address=202.93.21.250 comment="Lytogame"
add list=Games address=202.93.21.251 comment="Lytogame"
add list=Games address=202.93.21.142 comment="Lytogame"
add list=Games address=202.93.21.244 comment="Lytogame"
add list=Games address=202.93.17.216 comment="Lytogame"
add list=Games address=122.102.49.0/24 comment="Megaxus"
add list=Games address=122.102.51.0/24 comment="Megaxus"
add list=Games address=122.102.53.0/24 comment="Megaxus"
add list=Games address=122.102.51.19 comment="Megaxus"
add list=Games address=122.102.51.17 comment="Megaxus"
add list=Games address=122.102.49.67 comment="Megaxus"
add list=Games address=122.102.49.132 comment="Megaxus"
add list=Games address=122.102.49.202 comment="Megaxus"
add list=Games address=122.102.53.4 comment="Megaxus"
add list=Games address=110.93.12.0/24 comment="Wavegame"
add list=Games address=122.93.12.201 comment="Wavegame"
add list=Games address=122.93.12.251 comment="Wavegame"
add list=Games address=204.160.144.254 comment="Atlantica Nexon"
add list=Games address=8.31.96.209 comment="Atlantica Nexon"
add list=Games address=208.85.111.0/24 comment="Atlantica Nexon"
add list=Games address=202.158.252.194 comment="FIFA Online"
add list=Games address=202.158.252.195 comment="FIFA Online"
add list=Games address=202.70.134.0/24 comment="Cabal Online"
add list=Games address=202.70.134.18 comment="Cabal Online"
add list=Games address=119.110.87.179 comment="IP Fresh-Ragnarok"
add list=Games address=69.175.20.186 comment="IP RF-Commanders"
add list=Games address=174.37.246.56 comment="IP RF-EQG"
add list=Games address=174.132.16.196 comment="IP RF-POA"
add list=Games address=202.162.207.111 comment="IP Dotta-Nusa"
add list=Games address=69.0.145.160 comment="IP Dota"
add list=Games address=72.172.238.49 comment="IP Dotta"
add list=Games address=202.78.197.18 comment="IP Tantra'
add list=Games address=202.78.197.0/24 comment="IP Drif-city"
add list=Games address=122.144.2.0/24 comment="IP IndoGamers"
add list=Games address=180.178.110.0/24 comment="IP X-Shot"
add list=Games address="64.211.145.89"
add list=Games address="64.211.145.91"
add list=Games address="64.211.145.104"
add list=Games address="64.233.181.97"
add list=Games address="64.233.189.113"
add list=Games address="65.54.82.164"
add list=Games address="65.55.162.26"
add list=Games address="66.220.146.25"
add list=Games address="69.63.181.11"
add list=Games address="69.63.181.16"
add list=Games address="69.63.186.30"
add list=Games address="74.125.153.138"
add list=Games address="75.125.122.98"
add list=Games address="116.12.45.2"
add list=Games address="119.110.77.1"
add list=Games address="119.110.77.2"
add list=Games address="119.110.77.3"
add list=Games address="119.110.77.4"
add list=Games address="119.110.77.5"
add list=Games address="119.110.77.6"
add list=Games address="119.110.77.7"
add list=Games address="119.160.200.173"
add list=Games address="119.160.200.166"
add list=Games address="119.160.200.168"
add list=Games address="122.102.49.0/24"
add list=Games address="122.102.48.0/24"
add list=Games address="122.102.50.0/24"
add list=Games address="122.102.51.0/24"
add list=Games address="122.102.52.0/24"
add list=Games address="122.102.53.0/24"
add list=Games address="122.102.54.0/24"
add list=Games address="122.102.55.0/24"
add list=Games address="122.144.2.38"
add list=Games address="122.144.2.132"
add list=Games address="122.144.2.137"
add list=Games address="125.160.17.181"
add list=Games address="125.160.17.182"
add list=Games address="124.195.18.122"
add list=Games address="125.56.199.10"
add list=Games address="125.56.199.16"
add list=Games address="125.56.199.27"
add list=Games address="125.160.173.26"
add list=Games address="125.163.212.218"
add list=Games address="173.194.0.148"
add list=Games address="202.43.161.117"
add list=Games address="202.43.161.120"
add list=Games address="202.43.161.121"
add list=Games address="202.43.167.70"
add list=Games address="202.43.171.131"
add list=Games address="202.43.171.130"
add list=Games address="202.43.171.133"
add list=Games address="202.43.171.134"
add list=Games address="202.57.118.35"
add list=Games address="202.57.118.54"
add list=Games address="202.58.163.204"
add list=Games address="202.67.15.34"
add list=Games address="202.70.134.34"
add list=Games address="202.70.134.35"
add list=Games address="202.70.134.37"
add list=Games address="202.74.73.98"
add list=Games address="202.78.197.83"
add list=Games address="202.78.197.85"
add list=Games address="202.89.208.61"
add list=Games address="202.93.17.0/24"
add list=Games address="202.93.18.0/24"
add list=Games address="202.93.19.0/24"
add list=Games address="202.93.20.0/24"
add list=Games address="202.93.21.0/24"
add list=Games address="202.93.22.0/24"
add list=Games address="202.93.23.0/24"
add list=Games address="202.93.24.0/24"
add list=Games address="202.93.25.0/24"
add list=Games address="202.93.26.0/24"
add list=Games address="202.93.27.0/24"
add list=Games address="202.93.28.0/24"
add list=Games address="202.93.29.0/24"
add list=Games address="202.93.30.0/24"
add list=Games address="202.93.31.0/24"
add list=Games address="202.162.207.111"
add list=Games address="202.138.226.22"
add list=Games address="202.138.226.19"
add list=Games address="202.149.65.139"
add list=Games address="202.149.65.142"
add list=Games address="202.149.65.160"
add list=Games address="202.93.16.0/24"
add list=Games address="203.77.212.20"
add list=Games address="203.89.146.0/24"
add list=Games address="203.89.147.12"
add list=Games address="203.89.147.13"
add list=Games address="204.2.171.27"
add list=Games address="204.2.171.154"
add list=Games address="204.2.171.97"
add list=Games address="204.2.171.112"
add list=Games address="204.117.211.2"
add list=Games address="204.117.211.3"
add list=Games address="204.117.211.4"
add list=Games address="209.190.9.202"
add list=Games address="209.51.218.170"
add list=Games address="211.43.208.219"
add list=Games address="211.233.43.45"
add list=Games address="212.58.226.79"
add list=Load-Poker address=216.252.121.168 comment="Load-Poker"
add list=Load-Poker address=216.252.121.169
add list=Load-Poker address=216.252.121.178
add list=Load-Poker address=208.43.79.19
add list=Load-Poker address=216.252.121.179
add list=Load-Poker address=184.72.247.138
add list=Load-Poker address=208.85.150.85
add list=Load-Poker address=216.227.212.167
add list=Load-Poker address=68.180.219.146
add list=Load-Poker address=67.228.216.164
add list=Load-Poker address=74.114.14.0/24
add list=Load-Poker address=64.71.138.105
add list=Load-Poker address=62.146.56.166
add list=Load-Poker address=184.105.197.12
add list=Load-Poker address=74.114.13.18
add list=Load-Poker address=74.217.68.204
add list=Load-Poker address=208.88.18.6
add list=Load-Poker address=199.9.252.170
add list=Load-Poker address=72.172.239.168
add list=Load-Poker address=74.114.12.233
add list=Load-Poker address=74.114.12.234
add list=Load-Poker address=199.9.252.172
add list=Load-Poker address=174.129.209.171
add list=Load-Poker address=75.126.250.198
add list=Load-Poker address=199.9.252.173
add list=Load-Poker address=68.180.219.144
add list=Load-Poker address=184.73.219.31
add list=Load-Poker address=174.129.56.62
add list=Load-Poker address=98.136.48.240
add list=Load-Poker address=174.129.190.31
add list=Load-Poker address=97.107.132.179
add list=Load-Poker address=64.127.108.169
add list=Load-Poker address=98.136.48.163
add list=Load-Poker address=74.86.119.18
add list=Load-Poker address=98.136.48.213
add list=Load-Poker address=67.228.216.163
add list=Load-Poker address=98.136.48.243
add list=Load-Poker address=98.136.48.234
add list=Load-Poker address=64.127.108.162
add list=Load-Poker address=202.157.174.20
add list=Load-Poker address=219.96.104.162
add list=Load-Poker address=98.136.48.219
add list=Load-Poker address=98.136.48.221
add list=Load-Poker address=98.136.48.220
add list=Load-Poker address=98.136.48.222
add list=Load-Poker address=98.136.48.235
add list=Load-Poker address=98.136.48.167
add list=Load-Poker address=79.125.7.18
add list=Load-Poker address=79.125.9.4
add list=Load-Poker address=218.213.86.12
add list=Load-Poker address=218.213.86.7
add list=Load-Poker address=98.136.48.212
add list=Load-Poker address=98.136.48.209
add list=Load-Poker address=98.136.48.208
add list=Load-Poker address=98.136.48.214
add list=Load-Poker address=98.136.48.241
add list=Load-Poker address=98.136.48.161
add list=Load-Poker address=98.136.48.215
add list=Load-Poker address=98.136.48.216
add list=Load-Poker address=98.136.48.210
add list=Load-Poker address=98.136.48.238
add list=Load-Poker address=202.78.200.35
add list=Load-Poker address=173.231.142.100
add list=Load-Poker address=98.136.48.236
add list=Load-Poker address=67.228.29.180
add list=Load-Poker address=98.136.48.242
add list=Load-Poker address=98.136.48.160
add list=Load-Poker address=98.136.48.165
add list=Load-Poker address=72.172.224.17
add list=Load-Poker address=72.172.224.11
add list=Load-Poker address=98.136.48.211
add list=Load-Poker address=98.136.48.166
add list=Load-Poker address=98.136.48.232
add list=Load-Poker address=98.136.48.239
add list=Load-Poker address=98.136.48.223
add list=Load-Poker address=98.136.48.237
add list=Load-Poker address=98.136.48.217
add list=Load-Poker address=98.136.48.162
add list=Load-Poker address=64.127.108.168
add list=Load-Poker address=209.20.93.211
add list=Load-Poker address=209.20.77.127
add list=Load-Poker address=174.36.242.26
add list=Load-Poker address=174.37.191.94
add list=Load-Poker address=72.172.239.163
add list=Load-Poker address=69.63.181.105
add list=Load-Poker address=64.127.108.165
add list=Load-Poker address=216.67.249.137
add list=Load-Poker address=173.231.142.101
add list=Load-Poker address=184.72.233.87
add list=Load-Poker address=72.172.239.164
add list=Load-Poker address=74.53.7.203
add list=Load-Poker address=184.72.58.19
add list=Load-Poker address=69.164.217.106
add list=Load-Poker address=74.86.120.196
add list=Load-Poker address=212.72.60.32
add list=Load-Poker address=74.53.22.42
add list=Load-Poker address=128.242.240.212
add list=Load-Poker address=128.242.240.148
add list=Load-Poker address=72.35.71.168
add list=Load-Poker address=74.86.120.195
add list=Load-Poker address=67.228.132.167
add list=Load-Poker address=64.236.111.28
add list=Load-Poker address=174.36.242.42
add list=Load-Poker address=72.172.232.90
add list=Load-Poker address=222.124.196.0/24
add list=Load-Poker address=72.37.153.226
add list=Load-Poker address=67.228.132.166
add list=Load-Poker address=67.228.132.169
add list=Load-Poker address=72.172.224.16
add list=Load-Poker address=209.20.84.182
add list=Load-Poker address=67.228.132.170
add list=Load-Poker address=128.242.245.148
add list=Load-Poker address=74.53.7.199
add list=Load-Poker address=72.172.224.13
add list=Load-Poker address=72.172.239.162
add list=Load-Poker address=72.172.224.9
add list=Load-Poker address=208.85.93.166
add list=Load-Poker address=208.85.93.165
add list=Load-Poker address=67.228.132.171
add list=Load-Poker address=75.101.154.77
add list=Load-Poker address=67.228.216.162
add list=Load-Poker address=174.36.242.34
add list=Load-Poker address=184.72.223.245
add list=Load-Poker address=174.120.49.154
add list=Load-Poker address=184.75.160.202
IP FIREWALL MANGLE :
/ip fi ma
PROXY-HIT
add chain=forward action=mark-connection new-connection-mark=HIT-conn passthrough=yes protocol=tcp \
in-interface=Proxy out-interface=LAN src-port=80,81,8081,8080,3128 dscp=12 comment="PROXY-HIT"
add chain=forward action=mark-packet new-packet-mark=PKT-HIT passthrough=no protocol=tcp in-interface=Proxy \
out-interface=LAN src-port=80,81,8081,8080,3128 connection-mark=HIT-conn
CRITICAL
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=icmp
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=udp dst-port=53
add chain=postrouting action=change-dscp new-dscp=1 passthrough=yes protocol=tcp dst-port=53
add chain=postrouting action=mark-connection new-connection-mark=critical-conn \
passthrough=yes dscp=1
add chain=postrouting action=mark-packet new-packet-mark=critical-pkt passthrough=no \
connection-mark=critical-conn
YAHOO
add chain=prerouting action=mark-connection new-connection-mark=yahoo-conn passthrough=yes \
protocol=tcp dst-port=5000-5010,5050,5100,8001,8002
add chain=prerouting action=mark-packet new-packet-mark=yahoo-pkt passthrough=no \
connection-mark=yahoo-conn
FB+GAME
add chain=prerouting action=mark-connection new-connection-mark=fb-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Load-Poker dst-port=843,9339
add chain=prerouting action=mark-packet new-packet-mark=fb-pkt passthrough=no connection-mark=fb-conn
GEMSCOOL
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games \
dst-port=39190,49100,5300,10001,14009-14010,15100,15101,16052,16073 comment="PORT GEMSCOOL"
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
src-address-list=LAN-NeT dst-address-list=Games dst-port=14010,40000-40005
add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn \
LYTOGAME
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games \
dst-port=9110,13008,13413,16666,17730,17745,20570,27780,36430,48871,49309,56527,63919,64507 \
comment="PORT LYTOGAME"
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=12020-12080,13000-13080,17001
add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn
MEGAXUS
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
src-address-list=LAN-NeT dst-address-list=Games dst-port=4403,4410,8401,8406,18900,31719,46113,7777 \
comment="PORT MEGAXUS"
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=21850,21891
add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn
ALL GAME
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=tcp \
dst-port=1818,2001,4062,5340-5352,6000-6152,6214,7341-7350,7451,9376-9377,15001,15002 \
comment="PORT ALL GAME"
add chain=prerouting action=mark-connection new-connection-mark=game-conn passthrough=yes protocol=udp \
dst-port=1949,6100-6152,9600-9602,7777-7977,11100-11125,11440-11460,30000,42051-42052
add chain=prerouting action=mark-packet new-packet-mark=game-pkt passthrough=no connection-mark=game-conn
REALTIME
add chain=prerouting action=mark-connection new-connection-mark=realtime-conn passthrough=yes protocol=tcp \
dst-port=22,179,110,161 comment="REALTIME CONN"
add chain=prerouting action=mark-connection new-connection-mark=realtime-conn passthrough=yes protocol=udp \
dst-port=123
add chain=forward action=mark-packet new-packet-mark=realtime-pkt passthrough=no connection-mark=realtime-conn
CACHE-MISS
add chain=forward action=mark-connection new-connection-mark=HIT-LOSS passthrough=yes protocol=tcp \
in-interface=Proxy out-interface=LAN src-port=3128 packet-mark=no-mark comment="CACHE-MISS"
PROXY-SSH
add chain=prerouting action=mark-connection new-connection-mark=ssh-conn passthrough=yes protocol=tcp \
src-port=22 comment="PROXY-SSH"
add chain=forward action=mark-packet new-packet-mark=ssh-pkt passthrough=no protocol=tcp src-port=22 \
connection-mark=ssh-conn
BW-MANAGEMENT CONN FOR CLIENT :
add chain=prerouting action=mark-connection new-connection-mark=PC-OP passthrough=yes src-address=192.168.1.2 \
comment="BW-MANAGEMENT CONN FOR CLIENT"
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-01 passthrough=yes src-address=192.168.1.3
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-02 passthrough=yes src-address=192.168.1.4
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-03 passthrough=yes src-address=192.168.1.5
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-04 passthrough=yes src-address=192.168.1.6
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-05 passthrough=yes src-address=192.168.1.7
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-06 passthrough=yes src-address=192.168.1.8
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-07 passthrough=yes src-address=192.168.1.9
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-08 passthrough=yes src-address=192.168.1.10
add chain=prerouting action=mark-connection new-connection-mark=CLIENT-09 passthrough=yes src-address=192.168.1.11
BW-MANAGEMENT PACKET FOR CLIENT :
add chain=prerouting action=mark-packet new-packet-mark=PC-OP passthrough=no connection-mark=PC-OP \
comment="BW-MANAGEMENT PACKET FOR CLIENT"
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-01 passthrough=no connection-mark=CLIENT-01
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-02 passthrough=no connection-mark=CLIENT-02
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-03 passthrough=no connection-mark=CLIENT-03
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-04 passthrough=no connection-mark=CLIENT-04
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-05 passthrough=no connection-mark=CLIENT-05
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-06 passthrough=no connection-mark=CLIENT-06
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-07 passthrough=no connection-mark=CLIENT-07
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-08 passthrough=no connection-mark=CLIENT-08
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-09 passthrough=no connection-mark=CLIENT-09
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-10 passthrough=no connection-mark=CLIENT-10
add chain=prerouting action=mark-packet new-packet-mark=CLIENT-11 passthrough=no connection-mark=CLIENT-11
QUEUE TYPE
/que ty
add name="PCQ-1Mbps" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="PCQ-1Mbps-UP" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="HIT" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="Yahoo" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="FBgame" kind=pcq pcq-rate=512k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="GAME" kind=pcq pcq-rate=1024k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 \
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 \
pcq-src-address6-mask=128 pcq-dst-address6-mask=128
add name="critical" kind=pfifo pfifo-limit=50
QUEUE TREE
/que tr
add name="00. HIT" parent=global-out packet-mark=PKT-HIT limit-at=0 queue=HIT \
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
add name="01. YAHOO" parent=global-out packet-mark=yahoo-pkt limit-at=32k \
queue=Yahoo priority=8 max-limit=128k burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. FB+GAME" parent=global-out packet-mark=fb-pkt limit-at=100k \
queue=FBgame priority=5 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. GAME ONLINE" parent=LAN packet-mark=game-pkt limit-at=128k \
queue=GAME priority=1 max-limit=1024k burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. CRITICAL" parent=pppoe-speedy1 packet-mark=critical-pkt \
limit-at=64k queue=critical priority=1 max-limit=256k burst-limit=0 \
burst-threshold=0 burst-time=0s
add name="05. REALTIME" parent=global-out packet-mark=realtime-pkt \
limit-at=64k queue=critical-down priority=4 max-limit=256k burst-limit=0 \
burst-threshold=0 burst-time=0s
add name="06. PROXY SSH" parent=global-out packet-mark=ssh-pkt limit-at=256k \
queue=wireless-default priority=5 max-limit=6144k burst-limit=0 \
burst-threshold=0 burst-time=0s
add name="1. DOWNLINK" parent=global-out limit-at=0 priority=8 max-limit=1024k\
burst-limit=0 burst-threshold=0 burst-time=0s
add name="000. PC-OP" parent="01. DOWNLINK" packet-mark=PC-OP limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="01. CLIENT-01" parent="01. DOWNLINK" packet-mark=CLIENT-01 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. CLIENT-02" parent="01. DOWNLINK" packet-mark=CLIENT-02 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. CLIENT-03" parent="01. DOWNLINK" packet-mark=CLIENT-03 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. CLIENT-04" parent="01. DOWNLINK" packet-mark=CLIENT-04 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="05. CLIENT-05" parent="01. DOWNLINK" packet-mark=CLIENT-05 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="06. CLIENT-06" parent="01. DOWNLINK" packet-mark=CLIENT-06 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="07. CLIENT-07" parent="01. DOWNLINK" packet-mark=CLIENT-07 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="08. CLIENT-08" parent="01. DOWNLINK" packet-mark=CLIENT-08 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="09. CLIENT-09" parent="01. DOWNLINK" packet-mark=CLIENT-09 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="10. CLIENT-10" parent="01. DOWNLINK" packet-mark=CLIENT-10 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="11. CLIENT-11" parent="01. DOWNLINK" packet-mark=CLIENT-11 limit-at=165k queue=PCQ-1Mbps priority=8 max-limit=256k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="2. UPLINK" parent=global-in limit-at=0 priority=8 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="000. PC-OP-up" parent="02. UPLINK" packet-mark=PC-OP limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=200k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="01. CLIENT-01-up" parent="02. UPLINK" packet-mark=CLIENT-01 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="02. CLIENT-02-up" parent="02. UPLINK" packet-mark=CLIENT-02 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="03. CLIENT-03-up" parent="02. UPLINK" packet-mark=CLIENT-03 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="04. CLIENT-04-up" parent="02. UPLINK" packet-mark=CLIENT-04 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="05. CLIENT-05-up" parent="02. UPLINK" packet-mark=CLIENT-05 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="06. CLIENT-06-up" parent="02. UPLINK" packet-mark=CLIENT-06 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="07. CLIENT-07-up" parent="02. UPLINK" packet-mark=CLIENT-07 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="08. CLIENT-08-up" parent="02. UPLINK" packet-mark=CLIENT-08 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="09. CLIENT-09-up" parent="02. UPLINK" packet-mark=CLIENT-09 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="10. CLIENT-10-up" parent="02. UPLINK" packet-mark=CLIENT-10 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
add name="11. CLIENT-11-up" parent="02. UPLINK" packet-mark=CLIENT-11 limit-at=64k queue=PCQ-1Mbps-UP priority=8 max-limit=128k \
burst-limit=0 burst-threshold=0 burst-time=0s
IP FIREWALL FILTER RULES :
/ip fi fi
add chain=forward connection-state=established action=accept comment="ALLOW ESTABILISHED" disabled=no
add chain=forward connection-state=related action=accept comment="ALLOW RELATED" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru" disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot,Gaobot" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=forward protocol=tcp dst-port=995 action=drop comment="WEBMAIL" disabled=no
add chain=forward protocol=tcp dst-port=25 action=drop comment="------------" disabled=no
add chain=forward protocol=tcp dst-port=465 action=drop comment="-----------" disabled=no
add chain=forward protocol=tcp dst-port=587 action=drop comment="-----------" disabled=no
add chain=forward protocol=tcp dst-port=110 action=drop comment="-----------" disabled=no
(PERHATIAN : AKTIFKAN/ENABLE SCRIPT DIBAWAH JIKA ANDA INGIN INTERNET HANYA BISA DI AKSES & DI REMOTE DARI DALAM JARINGAN ANDA SAJA)
add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no
add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=LAN-NeT action=accept comment="FTP" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=LAN-NeT action=accept comment="SSH for secure shell" disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=LAN-NeT action=accept comment="Telnet" disabled=yes
add chain=input protocol=tcp dst-port=80 src-address-list=LAN-NeT action=accept comment="Web" disabled=yes
add chain=input protocol=tcp dst-port=8291 src-address-list=LAN-NeT action=accept comment="winbox" disabled=no
add chain=input protocol=tcp dst-port=25 src-address-list=LAN-NeT action=accept comment="Allow SMTP-Email" disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment="pptp-server" disabled=no
add chain=input src-address-list=LAN-NeT action=accept comment="From LAN-NeT" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no
DROP PORT SCANNER
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
comment="PORT SCANNER" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" \
disabled=no
Scanner-Poker
add chain=forward action=add-dst-to-address-list protocol=tcp dst-address-list=!LAN-NeT address-list=Load-Poker \
address-list-timeout=0s dst-port=843,9339,4530 comment="Scanner-Poker"
add chain=forward action=drop protocol=tcp dst-port=135-138,445
add chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp dst-port=135-138,445
Sumber : http://alazkafirmani.blogspot.com