clock + ntp client
/system ntp client set enabled=yes primary-ntp=203.160.128.2 secondary-ntp=202.169.224.16 mode=unicast/system clock set date=feb/21/2013 time=15:09:00 time-zone-name=Asia/Jakarta
limit bandwith simple queue
/queue simpleadd name=client1 target-address=192.168.2.2 max-limit=170000/333000
add name=client2 target-address=192.168.2.3 max-limit=170000/333000
Limit Bandwidth Queues tree
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=client1 passthrough=yes src-address=192.168.2.2
add chain=prerouting action=mark-packet new-packet-mark=client1-con passthrough=no connection-mark=client1
add chain=prerouting action=mark-connection new-connection-mark=client2 passthrough=yes src-address=192.168.2.3
add chain=prerouting action=mark-packet new-packet-mark=client2-con passthrough=no connection-mark=client2
add chain=prerouting action=mark-connection new-connection-mark=client3 passthrough=yes src-address=192.168.2.4
add chain=prerouting action=mark-packet new-packet-mark=client3-con passthrough=no connection-mark=client3
LALU SETTING QUEUE TREE NYA
/queue tree
add name="client1-down" parent=LAN packet-mark=client1-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client1-up" parent=WAN packet-mark=client1-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client2-down" parent=LAN packet-mark=client2-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client2-up" parent=WAN packet-mark=client2-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client3-down" parent=LAN packet-mark=client3-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client3-up" parent=WAN packet-mark=client3-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
add chain=prerouting action=mark-packet new-packet-mark=client1-con passthrough=no connection-mark=client1
add chain=prerouting action=mark-connection new-connection-mark=client2 passthrough=yes src-address=192.168.2.3
add chain=prerouting action=mark-packet new-packet-mark=client2-con passthrough=no connection-mark=client2
add chain=prerouting action=mark-connection new-connection-mark=client3 passthrough=yes src-address=192.168.2.4
add chain=prerouting action=mark-packet new-packet-mark=client3-con passthrough=no connection-mark=client3
LALU SETTING QUEUE TREE NYA
/queue tree
add name="client1-down" parent=LAN packet-mark=client1-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client1-up" parent=WAN packet-mark=client1-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client2-down" parent=LAN packet-mark=client2-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client2-up" parent=WAN packet-mark=client2-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client3-down" parent=LAN packet-mark=client3-con limit-at=0 queue=default priority=8 max-limit=333000 burst-limit=0 burst-threshold=0 burst-time=0s
add name="client3-up" parent=WAN packet-mark=client3-con limit-at=0 queue=default priority=8 max-limit=170000 burst-limit=0 burst-threshold=0 burst-time=0s
Mengamankan dari login coba-coba
/ip firewall filteradd chain=input in-interface=wan1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
add chain=input in-interface=wan2 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
add chain=output action=accept protocol=tcp dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp address-list=blacklist address-list-timeout=23h
Limit bandwith siang malam
/queue simple#name="Siang" target-addresses=192.169.1.0/24 dst-addresses=0.0.0.0/0 interface=<ether-x> parent=none direction=both priority=8 queue=default-small/default-small limit-at=512k/512k max-limit=1M/1M total-queue=default-small
#name="Malam" target-addresses=192.169.1.0/24 dst-addresses=0.0.0.0/0 interface=<ether-x> parent=none direction=both priority=8 queue=default-small/default-small limit-at=1M/1M max-limit=2M/2M total-queue=default-small
/system script
#name="Siang" source=/queue simple enable Siang; /queue simple disable Malam
#name="Malam" source=/queue simple enable Malam; /queue simple disable Siang
/system scheduler
#name="Siang" on-event=Siang start-date=feb/22/2013 start-time=06:00:00 interval=1d
#name="Malam" on-event=Malam start-date=feb/22/2013 start-time=18:00:00 interval=1d
Cara memisahkan koneksi antara Browsing, Download, Upload
/ip firewall mangle
chain=forward action=mark-connection new-connection-mark=download passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection-bytes=128000-4294967295
chain=forward action=mark-packet new-packet-mark=download passthrough=no protocol=tcp in-interface=wan out-interface=lan connection-mark=download
chain=forward action=mark-connection new-connection-mark=upload passthrough=yes protocol=tcp in-interface=wan out-interface=wan connection-bytes=64000-4294967295
chain=forward action=mark-packet new-packet-mark=upload passthrough=no protocol=tcp in-interface=lan out-interface=wan connection-mark=upload
chain=forward action=mark-connection new-connection-mark=browse passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection-bytes=0-128000
chain=forward action=mark-packet new-packet-mark=browse passthrough=no protocol=tcp in-interface=wan out-interface=lan connection-mark=browse
Cara memisahkan koneksi antara Download,Upload,Browsing dan Game Online
/ip firewall mangle
add chain=forward action=mark-connection new-connection-mark=download passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection-bytes=128000-4294967295
add chain=forward action=mark-packet new-packet-mark=download passthrough=no protocol=tcp in-interface=wan out-interface=lan connection-mark=download
add chain=forward action=mark-connection new-connection-mark=upload passthrough=yes protocol=tcp in-interface=wan out-interface=wan connection-bytes=64000-4294967295
add chain=forward action=mark-packet new-packet-mark=upload passthrough=no protocol=tcp in-interface=lan out-interface=wan connection-mark=upload
add chain=forward action=mark-connection new-connection-mark=browse protocol=tcp in-interface=wan out-interface=lan connection-bytes=0-128000
add chain=forward action=mark-packet new-packet-mark=browse passthrough=no protocol=tcp in-interface=lan out-interface=wan connection-mark=browse
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.mp3
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.zip
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.rar
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.7z
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.flv
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.mp4
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.exe
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.iso
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.nrg
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.avi
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.3gp
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.mov
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.mpeg
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.mpg
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.wav
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.aac
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.001
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.002
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.003
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.004
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.005
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan content=.006
add chain=forward action=mark-connection new-connection-mark=koneksi-idm passthrough=yes in-interface=lan
add chain=forward action=mark-connection new-connection-mark=Atl passthrough=yes protocol=tcp dst-port=4300 comment="atlantica"
add chain=forward action=mark-packet new-packet-mark=Atlantica passthrough=no connection-mark=Atl
add chain=forward action=mark-connection new-connection-mark=Ayd passthrough=yes protocol=tcp dst-port=18901-18909 comment="Ayodance"
add chain=forward action=mark-packet new-packet-mark=Ayodance passthrough=no connection-mark=Ayd
add chain=forward action=mark-connection new-connection-mark=CF passthrough=yes protocol=tcp dst-port=10009,13008,16666,28012 comment="CrossFire"
add chain=forward action=mark-connection new-connection-mark=CF passthrough=yes protocol=udp dst-port=12020-12080,13000-13080
add chain=forward action=mark-packet new-packet-mark=CrossFire passthrough=no connection-mark=CF
add chain=forward action=mark-connection new-connection-mark=LN passthrough=yes protocol=tcp dst-port=15000-15002 comment="Luna"
add chain=forward action=mark-packet new-packet-mark=Luna passthrough=no connection-mark=LN
add chain=forward action=mark-connection new-connection-mark=lostsaga protocol=tcp src-address-list="" dst-port=14009-14010 comment="Lostsaga"
add chain=forward action=mark-connection new-connection-mark=lostsaga passthrough=yes protocol=udp dst-port=14009-14010
add chain=forward action=mark-packet new-packet-mark=pkt_lostsaga passthrough=no connection-mark=lostsaga
add chain=postrouting action=mark-packet new-packet-mark=Gemscool_Up passthrough=no dst-address=203.89.146.0/23 out-interface=wan comment="mangle_pb_dan_game_online"
add chain=forward action=mark-packet new-packet-mark=Gemscool_Down protocol=tcp src-address=203.89.146.0/23 in-interface=wan out-interface=lan src-port=!80,443
add chain=forward action=mark-packet new-packet-mark=Gemscool_Down passthrough=no protocol=udp src-address=203.89.146.0/23 in-interface=wan out-interface=lan
add chain=forward action=mark-connection new-connection-mark=PB protocol=tcp dst-port=39100,39110,39220,39190,49100
add chain=forward action=mark-connection new-connection-mark=PB passthrough=yes protocol=udp dst-port=40000-40010
add chain=forward action=mark-packet new-packet-mark=PointBlank passthrough=no connection-mark=PB
add chain=forward action=mark-connection new-connection-mark=Rhn passthrough=yes protocol=tcp dst-port=22100 comment="Rohan"
add chain=forward action=mark-packet new-packet-mark=Rohan passthrough=no connection-mark=Rhn
add chain=prerouting action=mark-connection new-connection-mark=poker passthrough=yes connection-state=new protocol=tcp dst-port=9339 comment="Poker"
add chain=prerouting action=mark-packet new-packet-mark=poker1 passthrough=no connection-mark=poker
add chain=postrouting action=mark-connection new-connection-mark=HTTP passthrough=yes protocol=tcp dst-address-list=!Lokal dst-port=80,21 comment="lokal"
add chain=postrouting action=mark-packet new-packet-mark=pkt_browse passthrough=no protocol=tcp connection-mark=HTTP connection-bytes=0-192000
add chain=postrouting action=mark-packet new-packet-mark=pkt_download passthrough=no protocol=tcp connection-mark=HTTP connection-bytes=193000-4294967295
add chain=prerouting action=mark-connection new-connection-mark=Browse&Download passthrough=yes protocol=tcp in-interface=wan1 src-port=80,21 comment="HTTP_CONN"
add chain=prerouting action=mark-packet new-packet-mark=pkt_browsing passthrough=no protocol=tcp in-interface=wan1 connection-mark=Browse&Download connection-bytes=0-196000
add chain=prerouting action=mark-packet new-packet-mark=pkt_download passthrough=no protocol=tcp in-interface=wan1 connection-mark=Browse&Download connection-bytes=197000-4000000000
BLOKIR SITUS
facebook/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content="facebook" action=drop comment="Blokir Situs Facebook";
/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content="twitter" action=drop comment="Blokir Situs twitter";
youtube
/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content="youtube" action=drop comment="Blokir Situs youtube";
MENGGUNAKAN WEB PROXY
/ip web-proxy web proxy setting v enable apply ok
add dst-host=*.facebook.com;*.twitter.com action=deny
MENGGUNAKAN LAYER 7 PROTOCOL
/ip firewall layer 7 protocol add name:denied action=drop/reject regexp=^.+(facebook|twitter|youtube).*$ apply ok
address list add name=nama user address=ip user
filter rule add advanced dst address list=nama user layer 7 protocol=denied action=drop/reject comment="..."
ATAU
/ip firewall mangleadd action=add-dst-to-address-list address-list=facebook\ address-list-timeout=1m chain=prerouting comment="" content=facebook.com\ disabled=no
/ip firewall filter
add action=drop chain=forward comment="drop facebook" disabled=no \ dst-address-list=facebook
0 komentar:
Posting Komentar