Sekedar Corat-Coret Catatan Harian

# jun/09/2011 18:28:38 by RouterOS 4.11

/ip pool
add name=dhcp_pool1 ranges=172.16.0.51-172.16.0.100

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=download pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=http pcq-classifier=dst-address pcq-limit=50 pcq-rate=1000000 pcq-total-limit=2000
add kind=pcq name=game pcq-classifier=src-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=upload pcq-classifier=src-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10

# rata
/queue simple
add burst-limit=4M/4M burst-threshold=1536k/1536k burst-time=9s/9s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=2M/2M max-limit=3M/3M name=all parent=none priority=1 queue=ethernet-default/ethernet-default target-addresses=192.168.10.0/25 total-queue=ethernet-default

add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=1M/1M name=internasional packet-marks=koneksi-internasional parent=none priority=8 queue=default-small/default-small target-addresses=192.168.10.0/25 total-queue=default-small

add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=1M/1M name=iix packet-marks=koneksi-iix parent=none priority=8 queue=default-small/default-small target-addresses=192.168.10.0/25 total-queue=default-small

# /user
/queue simple
add burst-limit=2M/2M burst-threshold=1M/2M burst-time=9s/9s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=2M/2M max-limit=2M/2M name=billing parent=all priority=1 queue=ethernet-default/ethernet-default target-addresses=192.168.10.90/32 total-queue=ethernet-default

add burst-limit=512k/512k burst-threshold=192k/192k burst-time=9s/9s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=256k/256k max-limit=256k/256k name=client-01 parent=all priority=1 queue=ethernet-default/ethernet-default target-addresses=192.168.10.91/32 total-queue=ethernet-default

add burst-limit=3M/3M burst-threshold=1536k/1536k burst-time=9s/9s comment="" direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=2M/2M max-limit=2M/2M name=hotspot parent=none priority=1 queue=ethernet-default/ethernet-default target-addresses=172.16.0.0/24 total-queue=ethernet-default

# penambahan rata

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=2M name=browse packet-mark=http-pkt parent=main-browse priority=8 queue=http
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name=game packet-mark=game-pkt parent=global-total priority=3 queue=game
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name=poker packet-mark=poker parent=global-out priority=3 queue=game
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=256k name=download packet-mark=download-pkt parent=global-out priority=8 queue=download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name=upload packet-mark=upload parent=main-upload priority=8 queue=upload

# rule rata

/ip firewall mangle
add action=mark-connection chain=prerouting comment= mark-connection-semua-trafik disabled=yes new-connection-mark=koneksi-semua-trafik passthrough=yes src-address=192.168.10.0/25
add action=mark-connection chain=prerouting comment=mark-connection-koneksi-internasional connection-mark=koneksi-semua-trafik disabled=yes dst-address-list=nice new-connection-mark=koneksi-internasional passthrough=yes src-address=192.168.10.0/25
add action=mark-packet chain=prerouting comment=mark-packet-koneksi-internasional connection-mark=koneksi-internasional disabled=yes new-packet-mark=koneksi-internasional passthrough=no
add action=mark-packet chain=prerouting comment=mark-packet-koneksi-iix disabled=yes new-packet-mark=koneksi-iix passthrough=yes
add action=mark-connection chain=game comment=pointblank disabled=yes dst-address=203.89.146.0/23 dst-port=39190 new-connection-mark=game passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="" disabled=yes dst-address=203.89.146.0/23 dst-port=40000-40010 new-connection-mark=game passthrough=yes protocol=udp
add action=mark-packet chain=game comment="" connection-mark=game disabled=yes new-packet-mark=game-pkt passthrough=no
add action=jump chain=prerouting comment="" disabled=yes jump-target=game
add action=mark-connection chain=forward comment=poker disabled=yes dst-address-list=load-poker new-connection-mark=poker-con passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="" content=statics.poker.static.zynga.com disabled=yes new-connection-mark=poker-con passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=poker-con disabled=yes new-packet-mark=poker passthrough=no
add action=mark-connection chain=forward comment=browse connection-bytes=0-262146 connection-mark=!game disabled=yes in-interface=ether1 new-connection-mark=http out-interface=ether2 packet-mark=!game-pkt passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=http disabled=yes new-packet-mark=http-pkt passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=upload disabled=yes in-interface=ether2 new-packet-mark=upload packet-mark=!icmp-pkt passthrough=no protocol=tcp src-address=192.168.10.0/25
add action=mark-connection chain=forward comment=limit-download connection-bytes=262146-4294967295 connection-mark=!poker-con disabled=yes in-interface=ether1 new-connection-mark=download out-interface=ether2 packet-mark=!game-pkt passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-mark=download disabled=yes new-packet-mark=download-pkt packet-mark=!game-pkt passthrough=no


/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=192.168.10.0/25
add action=masquerade chain=srcnat comment="" disabled=no src-address=172.16.0.0/24

/ ip firewall filter
add action=accept chain=forward comment="allow established connections" connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" connection-state=related disabled=no
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 in-interface=public protocol=tcp src-address-list=FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH Brute Forcers" disabled=no dst-port=22-23 in-interface=public protocol=tcp src-address-list=IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 in-interface=public protocol=tcp src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 in-interface=public protocol=tcp src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 in-interface=public protocol=tcp src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 in-interface=public protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no in-interface=public src-address-list=port_scanners add action=add-src-to-address-list address-list=port_scanners address-list-timeout=12h chain=input comment="" disabled=no in-interface=public protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="" disabled=no in-interface=public protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment="Allow limited pings" disabled=no in-interface=public limit=50/5s,2 protocol=icmp
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=udp src-port=445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139
add action=drop chain=forward comment="" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=445
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=4691 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=5933 protocol=tcp
add action=drop chain=forward comment="Blok LLMNR" disabled=no dst-port=5355 protocol=udp
add action=drop chain=forward comment="" disabled=no dst-port=4647 protocol=udp
add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp src-port=25
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=7777 protocol=tcp
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid disabled=no

/system identity
set name=KuMPrunG

/system note
set note="Using nice.rsc from www.mikrotik.co.id, 6 January 2011 12:18:07 WIB,\
\_883 lines." show-at-login=yes

/system ntp client
set enabled=yes mode=unicast primary-ntp=180.131.144.144 secondary-ntp=181.131.145.145

/system scheduler
add comment=update-nice disabled=no interval=1d name=update-nice-rsc on-event=":if ([:len [/file find name=nice.rsc]] > 0) do={ /file remove nice.rsc }; /tool fetch address=ixp.mikrotik.co.id path=/download/nice.rsc; /import nice.rsc" start-date=jan/06/2011 start-time=13:00:00

/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=no enabled=no max-sessions=100

• 
• 
• 
• 
•