Selasa, 23 Oktober 2012

Radius Server Is Not Responding


Radius Server Is Not Responding

Untuk pengguna Mikrotik dengan feature HotSopt dan User Manager, pasti pernah mengalami info Radius Server Is Not Responding ketika masuk ke dalam login page. Ada beberapa penyebab dari Info Error ini yaitu:
  1. IP Routers pada user manager belum ter isi untuk ip 127.0.0.1 . Syntax : / radius add service=hotspot address=127.0.0.1 secret=123456
  2. Upgrade OS Versi Routerboard anda, untuk melihat versi OS Router anda bisa di cek dengan cara: System-> Packages
  3. Jika masih, reset router mikrotik anda. Kemudian ulangi langkah-langkah penyetingan HotSpot anda.
Diposting oleh di Tidak ada komentar:

Kamis, 18 Oktober 2012

Windows Lusca Proxy

Sistem Caching Lusca For Windows
Sesuai dengan permintaan agan2 dan sista2 tentang sistem caching… ni ane kasih yang lusca for windows..

Topologi :
Stand alone
Modem – pc proxy – hub
Modem – pc proxy – hub – akses point
Modem – 3G router – pc proxy – hub
Modem – 3G router – pc proxy – hub – akses point

1. Pertama download dulu Strawberry Perl ma Lusca For Windows.. nang ngisor iki (di bawah ini) hehehe
http://strawberryperl.com/
http://www.wupload.com/file/2660671912/Lusca_for_ComStuff_V2.2b_rev1.rar
https://hotfile.com/dl/150328055/b7bf36c/Lusca_for_ComStuff_V2.2b_rev1.rar.html
2. Install kedua software tersebut.. install strawberry pearl kemudian Lusca for windows…

3. setelah selesai edit squid.conf.. klik start - lusca proxy for comstuff – configuration - edit squid.conf

4. Beri  tanda ( # ) sebelum
acl jshack url_regex -i "C:/squid/etc/jshack.block"
deny_info http://adspit.net/lusca/hack.js jshack
http_access deny jshack
acl popads url_regex -i "C:/squid/etc/popads.block"
deny_info http://adspit.net/popkiller.html popads
http_access deny popads
acl advertise url_regex -i "C:/squid/etc/ads.block"
deny_info http://adspit.net/fill.png advertise http_access deny advertise

5. Hilangka tanda ( # ) sebelum
Dns_nameserver 127.0.0.1

6. Hilangkan Tanda ( # ) sebelum
storeurl_rewrite_program C:/strawberry/perl/bin/perl.exe C:/squid/etc/storeurl.pl
storeurl_rewrite_children 2 storeurl_rewrite_concurrency 99

7. Kemudian save

8.  Klik start – Lusca For Windows – klik apply squid lusca configuration

9. kalo ada berarti konfigurasinya sukses.. kalo blum coba force unisntall lalu ulang dari awal


Untuk stand alone kita tinggal setting di browser…

1. Mozilla Firefox
1. masuk ke tools => options => advanced => tab network => setting
2. pilih manual proxy configuration
3. set HTTP proxy 127.0.0.1 port 8000 => centang pilihan use this proxy server for all protocols
4. ok
Agar tidak ikut tercache oleh Firefox
- masuk ke tools => options => privasy => pilih never remember history => ok
2. Opera
  1. buka Preferences melalui Tools => Preferences
  2. pilih tab Advanced lalu lihat di bagian Network
  3. klik Proxy Servers ...
  4. pada jendela baru yang muncul, isi HTTP dengan 127.0.0.1 dan PORT 8000
  5. hapus 127.0.0.1 (jika ada) pada bagian Do Not Use Proxy On Adresses Below
3. Safari / IE / Chrome
  1. buka Control Panel => Internet Options tab Connections
  2. klik Lan Settings lalu klik Advanced
  3. pada jendela baru yang muncul, isi HTTP dengan 127.0.0.1 dan PORT 8000
  4. hapus 127.0.0.1 (jika ada) pada bagian Do Not Use Proxy Server for Adresses Begining With

Untuk stand alone cukup sampai di sini

Yang di share butuh software tambahan Softperpect bandwidth manager…

  1. Download Softperpect Bandwidth manager
http://www.mediafire.com/?07vwy6funmhezh3
2. Restart PC
3. Masukkan SN-nya ( hidup bajakan :ngakak )
4. Jalankan Softperfect Bandwidth Manager.
5 . Langsung klik ok. Jgn perdulikan yg lain
6. Klik Tools => Port Mapping => New Mapping 
Name: squid_port ( nama Terserah ) 
7. Redirect to Local Port: 8000 (sesuaikan dengan port squid yang Anda gunakan), lalu OK 
8. Klik Rules => Add Rule  
9.Tab General 
-          Rule Name : transparent_proxy ( Nama terserah )
-          Direction: Both
-          Transfer Rate Limit: Unlimited (dilimit ok.. di los juga ok )
-          Protocol: TCP and UDP
-          Apply Rule on Interface: LAN (pilih interface yang terhubung langsung ke switch/hub atau client)

10.  Tab Source
-          Source Address is: Whole IP Range From 192.168.0.1 To 192.168.0.253 (sesuaikan dengan kondisi jaringan Anda)
-          Source Port is: Any

11.  Tab Destination
-          Destination Address is: Any IP Address
-          Destination Port is: Single Port 80

12.  Tab Advanced
-          Contreng Process through the following mapping
-          Lalu pilih squid_port

13.  Klik ok

ni Post tambahannya Unbound DNS


Sekarang tinggal di coba di client masing2 tanpa merubah apapun…

Ane dah coba setting dengan cara ini berkali2 dan sukses di warnet ane…

Kalo sukses jgn lupa di share hasil speedtest-nya.. n cendol-nya..
Kalo masih bingung gak perlu sungkan hub ane…
Ane bantu sebisa ane…
Happy Caching……… 
Diposting oleh di Tidak ada komentar:

Kamis, 11 Oktober 2012

Me-remote Mikrotik yang ber-IP Dinamis


Me-remote Mikrotik yang ber-IP Dinamis

19MAR2012Leave a Comment
by rumahmikrotik
Terkadang kita dibingungkan saat akan me-remote mikrotik yang mempunyai ip publik yang dinamis. Untuk mengatasi nya kita perlu membuat akun ke website yang menyediakan fasilitas DDNS. Untuk tutor kali ini kita akan menggunakanChangeIP yang menyediakan free ddns.
Pertama kita mendaftar ke ChangeIP dan menambah satu domain pada account kita.
Setelah kita punya account dan domain di ChangeIP, langkah selanjutnya adalah membuat script agar mikrotik kita mengupdate ip  :
/system script
add name=DDNS policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=”# Dynamic DNS for ChangeIP.com behind NAT\r\
\n# Modified by Jorge Amaral, officelan.pt\r\
\n# For support send mail to support at offficelan dot pt\r\
\n#\r\
\n# The original script was written by \”webasdf\” on the Mikrotik forums,\
\_i just modified it to work with ChangeIP.com\r\
\n#\r\
\n# Here is where you need to set your definitions\r\
\n:local user \”vUSER\”\r\
\n:local pass \”vPASSWORD\”\r\
\n:local host \”vDOMAIN\”\r\
\n##############\r\
\n##############\r\
\n:global lastwanip;\r\
\n:if ([ :typeof \$lastwanip ] = \”nothing\” ) do={ :global lastwanip 0.0.\
0.0 };\r\
\n:local wanip [:resolve \$host];\r\
\n:if ( \$wanip != \$lastwanip ) do={\r\
\n\t/tool fetch mode=http address=\”checkip.dyndns.org\” src-path=\”/\” ds\
t-path=\”/dyndns.checkip.html\”\r\
\n\t:local result [/file get dyndns.checkip.html contents]\r\
\n\t:local resultLen [:len \$result]\r\
\n\t:local startLoc [:find \$result \": \" -1]\r\
\n\t:set startLoc (\$startLoc + 2)\r\
\n\t:local endLoc [:find \$result \"</body>\" -1]\r\
\n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n\t:set lastwanip \$currentIP;\r\
\n\t:put [/tool dns-update name=\$host address=\$currentIP key-name=\$user\
\_key=\$pass ]\r\
\n}”
Ganti :
vUSER dengan UserName account ChangeIP anda
vPASSWORD dengan Password account ChangeIP anda
vDOMAIN dengan domain yang sudah anda daftarkan di ChangeIP. (ex: me.MyNetAV.NET)
Setelah kita buat script untuk meng-update ip dinamis, langkah selanjutnya adalah membuat jadwal seberapa sering script kita akan kita eksekusi. Sebagai contoh saya akan buat scheduler untuk setiap 15 menit mengeksekusi script DDNS yang sudah kita buat.
/system scheduler
add disabled=no interval=15m name=UpdateDDNS on-event=DDNS policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2002 start-time=00:00:00
Setelah scheduler kita buat, maka pada saat router Mikrotik anda berubah ip publik nya akan terupdate maksimal 15 menit setelahnya.
Untuk mengakses router mikrotik anda bisa anda masukkan alamat vDOMAIN anda yang sudah anda daftarkan di ChangeIP.
Diposting oleh di Tidak ada komentar:

Senin, 08 Oktober 2012

Speedy ‎2 line + External proxy untuk game online 30 client


/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
    l2mtu=1526 mac-address=00:0C:42:85:A4:13 mtu=1500 name=Public1 speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:14 \
    master-port=none mtu=1500 name=Public2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:15 \
    master-port=none mtu=1500 name=Proxy speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:16 \
    master-port=none mtu=1500 name=Local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:85:A4:17 \
    master-port=none mtu=1500 name=ether5 speed=100Mbps

/ip firewall layer7-protocol
add comment="" name=EXE regexp="^.*get.+\\.exe.*\$"
add comment="" name=RAR regexp="^.*get.+\\.rar.*\$"
add comment="" name=ZIP regexp="^.*get.+\\.zip.*\$"
add comment="" name=7z regexp="^.*get.+\\.7z.*\$"
add comment="" name=FLV regexp="^.*get.+\\.flv.*\$"
add comment="" name=WMV regexp="^.*get.+\\.wmv.*\$"
add comment="" name=MP3 regexp="^.*get.+\\.mp3.*\$"
add comment="" name=MP4 regexp="^.*get.+\\.mp4.*\$"
add comment="" name=3GP regexp="^.*get.+\\.3gp.*\$"


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1G name="A. INBOUND" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=2048k name="A5. DOWNLOAD" parent="A. INBOUND" priority=8

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
add kind=pcq name=pcq_down pcq-classifier=dst-address,dst-port pcq-limit=50 \
    pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1G name="A1. PROXY HIT" packet-mark=proxy-hit parent=\
    "A. INBOUND" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=100M name="A2. GAMES" packet-mark=games_pkt parent="A. INBOUND" \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1024k name="A3. BROWSING" packet-mark=http_pkt parent=\
    "A. INBOUND" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name="A4. A/V STREAM" packet-mark=stream_pkt parent=\
    "A. INBOUND" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH01 packet-mark=ApisTECH01.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH02 packet-mark=ApisTECH02.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH03 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH04 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH05 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH06 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH07 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH08 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH09 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH010 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH011 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH012 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH013 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH014 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH015 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH016 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH017 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH018 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH019 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH020 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH021 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH022 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH023 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH024 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH025 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH026 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH027 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH028 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH029 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=ApisTECH030 packet-mark=ApisTECH03.d_pkt parent=\
    "A5. DOWNLOAD" priority=8 queue=pcq_down


/ip address
add address=192.168.11.2/30 broadcast=192.168.11.3 comment="" disabled=no \
    interface=Public1 network=192.168.11.0
add address=192.168.22.2/30 broadcast=192.168.22.3 comment="" disabled=no \
    interface=Public2 network=192.168.22.0
add address=192.168.3.30/30 broadcast=192.168.3.31 comment="" disabled=no \
    interface=Proxy network=192.168.3.28
add address=192.168.2.30/27 broadcast=192.168.2.31 comment="" disabled=no \
    interface=Local network=192.168.2.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=192.168.3.29

/ip firewall address-list
add address=192.168.2.0/27 comment="" disabled=no list=LocalNET
add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET
add address=172.22.10.0/28 comment="" disabled=no list=HotspotNET
add address=192.168.11.1 comment="" disabled=no list=Transparent
add address=192.168.22.1 comment="" disabled=no list=Transparent
add address=192.168.3.29 comment="" disabled=no list=Transparent
add address=192.168.2.30 comment="" disabled=no list=Gateway
add address=172.22.10.1 comment="" disabled=no list=Gateway
add address=63.251.101.0/25 comment="" disabled=no list=GAMES
add address=74.114.8.0/21 comment="" disabled=no list=GAMES
add address=192.168.2.1 comment="" disabled=no list=Local
add address=192.168.2.2 comment="" disabled=no list=Local
add address=192.168.2.3 comment="" disabled=no list=Local
add address=192.168.2.4 comment="" disabled=no list=Local
add address=192.168.2.5 comment="" disabled=no list=Local
add address=192.168.2.6 comment="" disabled=no list=Local
add address=192.168.2.7 comment="" disabled=no list=Local
add address=192.168.2.8 comment="" disabled=no list=Local
add address=192.168.2.9 comment="" disabled=no list=Local
add address=192.168.2.10 comment="" disabled=no list=Local
add address=192.168.2.11 comment="" disabled=no list=Local
add address=192.168.2.12 comment="" disabled=no list=Local
add address=192.168.2.13 comment="" disabled=no list=Local
add address=192.168.2.14 comment="" disabled=no list=Local
add address=192.168.2.15 comment="" disabled=no list=Local
add address=192.168.2.16 comment="" disabled=no list=Local
add address=192.168.2.17 comment="" disabled=no list=Local
add address=192.168.2.18 comment="" disabled=no list=Local
add address=192.168.2.19 comment="" disabled=no list=Local
add address=192.168.2.20 comment="" disabled=no list=Local
add address=192.168.2.21 comment="" disabled=no list=Local
add address=192.168.2.22 comment="" disabled=no list=Local
add address=192.168.2.23 comment="" disabled=no list=Local
add address=192.168.2.24 comment="" disabled=no list=Local
add address=192.168.2.25 comment="" disabled=no list=Local
add address=192.168.2.26 comment="" disabled=no list=Local
add address=192.168.2.27 comment="" disabled=no list=Local
add address=192.168.2.28 comment="" disabled=no list=Local
add address=192.168.2.29 comment="" disabled=no list=Local


/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="Port scanners to list " \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="NMAP FIN Stealth scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=1w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no \
    src-address-list="port scanners"
add action=accept chain=input comment="Allow Input from LOOPBACK" disabled=no \
    src-address=127.0.0.1
add action=accept chain=input comment="Allow Input from LOCAL Network" \
    disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=input comment="Allow Input from PROXY Network" \
    disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
add action=jump chain=forward comment="Packet Filtering" disabled=no \
    jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
    protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
    protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
    protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
    111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
    135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137,138,139 \
    protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
    protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
    12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
    protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
    31337 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
    protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
    135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137,138,139 \
    protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
    protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
    31337 protocol=udp
add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
    icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=tarpit chain=forward comment="Limit Download Conn" \
    connection-limit=10,32 connection-mark=download_conn disabled=no \
    in-interface=Local protocol=tcp src-address-list=Local
add action=tarpit chain=forward comment="Limit Streaming Conn" \
    connection-limit=5,32 connection-mark=streaming_conn disabled=no \
    in-interface=Local protocol=tcp src-address-list=Local
add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
    disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=forward comment="Allow Forward from PROXY Network" \
    disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=forward comment="Allow Forward from PUBLIC1 Network" \
    disabled=no in-interface=Public1 src-address-list=Transparent
add action=accept chain=forward comment="Allow Forward from PUBLIC2 Network" \
    disabled=no in-interface=Public2 src-address-list=Transparent
add action=drop chain=forward comment="Drop everything else" disabled=no


/ip firewall mangle
add action=mark-packet chain=postrouting comment="MARK PROXY-HIT" disabled=no \
    dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-connection chain=prerouting comment="PROXY CONNMARK" \
    connection-state=new disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new \
    disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new \
    disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_1 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_2 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    proxy.pppoe_3 disabled=no in-interface=Proxy new-connection-mark=\
    proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="PROXY PCC" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_1 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_2 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy \
    new-connection-mark=proxy.pppoe_3 passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="PROXY ROUTE" \
    connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    proxy.pppoe_2 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    proxy.pppoe_3 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" \
    connection-state=new disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_1 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 \
    protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" \
    connection-mark=local.pppoe_1 disabled=no in-interface=Local \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" \
    connection-state=new disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
    disabled=no in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_1 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_1 \
    passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_2 \
    passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=!Transparent dst-address-type=!local dst-port=\
    !80,81,8080,3128 in-interface=Local new-connection-mark=local.pppoe_3 \
    passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 \
    protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=Local new-connection-mark=\
    local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 \
    protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" \
    connection-mark=local.pppoe_1 disabled=no in-interface=Local \
    new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
    local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="MARK LOCAL-IN CONN" \
    disabled=no dst-address-list=!Gateway in-interface=Local \
    new-connection-mark=all.pre_conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
    all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-connection chain=forward comment="MARK LOCAL-OUT CONN" \
    disabled=no new-connection-mark=all.post_conn out-interface=Local \
    passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn \
    disabled=no new-packet-mark=all.post_pkt passthrough=yes
add action=mark-connection chain=prerouting comment="MARK HTTP/S CONN" \
    connection-mark=all.pre_conn disabled=no dst-port=80,443 \
    new-connection-mark=browsing_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 7z" \
    connection-mark=browsing_conn disabled=no layer7-protocol=7z \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn EXE" \
    connection-mark=browsing_conn disabled=no layer7-protocol=EXE \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn RAR" \
    connection-mark=browsing_conn disabled=no layer7-protocol=RAR \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn ZIP" \
    connection-mark=browsing_conn disabled=no layer7-protocol=ZIP \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP3" \
    connection-mark=browsing_conn disabled=no layer7-protocol=MP3 \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn WMV" \
    connection-mark=browsing_conn disabled=no layer7-protocol=WMV \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 3GP" \
    connection-mark=browsing_conn disabled=no layer7-protocol=3GP \
    new-connection-mark=download_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn FLV" \
    connection-mark=browsing_conn disabled=no layer7-protocol=FLV \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP4" \
    connection-mark=browsing_conn disabled=no layer7-protocol=MP4 \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn Youtube" \
    connection-mark=browsing_conn content=videoplayback disabled=no \
    new-connection-mark=streaming_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=BROWSING connection-mark=\
    browsing_conn disabled=no new-connection-mark=http_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-131072 \
    connection-mark=http_conn disabled=no new-packet-mark=http_pkt \
    passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=GAMES connection-mark=\
    all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes \
    protocol=tcp src-address-list=GAMES src-port=9339,843,39190
add action=mark-connection chain=forward comment="" connection-mark=\
    all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes \
    protocol=udp src-address-list=GAMES src-port=40000-40010
add action=mark-packet chain=forward comment="" connection-mark=games_conn \
    disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=forward comment="A/V STREAM" \
    connection-mark=all.post_conn disabled=no new-connection-mark=stream_conn \
    passthrough=yes protocol=tcp src-port=554,8000,88,1935
add action=mark-packet chain=forward comment="" connection-mark=stream_conn \
    disabled=no new-packet-mark=stream_pkt passthrough=no
add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=\
    131072-0 connection-mark=all.post_conn disabled=no dst-address=\
    192.168.2.1 new-packet-mark=ApisTECH01.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.2 \
    new-packet-mark=ApisTECH02.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.3 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.4 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.5 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.6 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.7 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.8 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.9 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.10 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.11 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.12 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.13 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.14 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.15 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.16 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.17 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.18 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.19 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.20 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.21 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.22 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.23 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.24 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.25 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.26 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.27 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.28 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.29 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 \
    connection-mark=all.post_conn disabled=no dst-address=192.168.2.30 \
    new-packet-mark=ApisTECH03.d_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-128 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    53,123 new-packet-mark=pppoe1.time_critical_pkt packet-mark=\
    pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    22,8291 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
    packet-size=0-256 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=\
    pppoe1.critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=\
    pppoe1.critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=\
    udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt \
    passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=443 new-packet-mark=pppoe1.high_prio_pkt \
    packet-mark=pppoe1.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no \
    new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=80 new-packet-mark=pppoe1.low_prio_pkt packet-mark=\
    pppoe1.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    110,995,143,993,25,20,21,69 new-packet-mark=pppoe1.low_prio_pkt \
    packet-mark=pppoe1.out_pkt packet-size=0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no \
    new-packet-mark=pppoe1.bulk_pkt packet-mark=pppoe1.out_pkt passthrough=no
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-128 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    53,123 new-packet-mark=pppoe2.time_critical_pkt packet-mark=\
    pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-96 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=97-128 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    22,8291 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
    packet-size=0-256 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=\
    pppoe2.critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
    dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=\
    pppoe2.critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=\
    udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=129-256 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt \
    passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=443 new-packet-mark=pppoe2.high_prio_pkt \
    packet-mark=pppoe2.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no \
    new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt \
    packet-size=257-512 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 \
    disabled=no dst-port=80 new-packet-mark=pppoe2.low_prio_pkt packet-mark=\
    pppoe2.out_pkt passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=\
    110,995,143,993,25,20,21,69 new-packet-mark=pppoe2.low_prio_pkt \
    packet-mark=pppoe2.out_pkt packet-size=0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no \
    new-packet-mark=pppoe2.bulk_pkt packet-mark=pppoe2.out_pkt passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
    dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.3.29 \
    to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
    in-interface=Local protocol=tcp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT LOCAL PROXY" disabled=no \
    dst-address-list=!Transparent dst-port=80,81,8080,3128 in-interface=Local \
    protocol=tcp to-addresses=192.168.3.29 to-ports=3128
add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no \
    dst-address-list=Gateway dst-port=22,81,10000 in-interface=Local \
    protocol=tcp to-addresses=192.168.3.29
add action=masquerade chain=srcnat comment="MASQUERADE MODEM1" disabled=no \
    out-interface=Public1
add action=masquerade chain=srcnat comment="MASQUERADE MODEM2" disabled=no \
    out-interface=Public2

/queue interface
set Public1 queue=ethernet-default
set Public2 queue=ethernet-default
set Proxy queue=ethernet-default
set Local queue=ethernet-default
set ether5 queue=ethernet-default

Diposting oleh di 1 komentar:

Minggu, 07 Oktober 2012

Setting Bypass Hit Squid,Mangle Game,Queue Tree,Browsing Terbaru di Mikrotik


/interface set 0 name=public \
;/interface set 1 name=local \
;/interface set 2 name=proxy

/system ntp client \
set enabled=yes mode=unicast \
primary-ntp=152.118.24.8 \
secondary-ntp=202.169.224.16

/system note \
set note=pancabralink \
show-at-login=yes

/ip firewall nat add action=dst-nat \
chain=dstnat comment="TRANSPARENT PROXY" \
disabled=no dst-port=80 in-interface=local \
protocol=tcp src-address=!192.168.3.0/24 \
to-addresses=192.168.3.100 to-ports=3128
/ip firewall nat add action=masquerade chain=srcnat \
comment=MASQUERADE disabled=no

/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
    ][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie

/ip firewall filter
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward \
connection-state=invalid disabled=no
add action=drop chain=virus disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1433-1434 protocol=tcp
add action=drop chain=virus \
disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=445 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=65506 protocol=tcp
add action=jump chain=forward \
disabled=no jump-target=virus
add action=drop chain=input \
connection-state=invalid disabled=no
add action=accept chain=input \
disabled=no protocol=udp
add action=accept chain=input \
disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input \
disabled=no protocol=icmp
add action=accept chain=input \
disabled=no dst-port=21 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=22 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no \
dst-port=1723 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 \
protocol=tcp src-address-list=knock
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=61.213.183.1-61.213.183.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=67.195.134.1-67.195.134.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=68.142.233.1-68.142.233.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=68.180.217.1-68.180.217.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=203.84.204.1-203.84.204.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=69.63.176.1-69.63.176.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=69.63.181.1-69.63.181.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=63.245.209.1-63.245.209.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=63.245.213.1-63.245.213.254

/ip firewall mangle
add action=mark-packet chain=postrouting comment="SQUID PROXY HIT" \
dscp=12 new-packet-mark="PancaHit" passthrough=no

/ip firewall mangle
add action=mark-connection chain=prerouting comment=ICMP \
new-connection-mark="ICMP" passthrough=yes protocol=\
icmp
add action=change-dscp chain=prerouting connection-mark=\
"ICMP" new-dscp=1 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"ICMP" new-packet-mark=\
"ICMP" passthrough=no
add action=mark-connection chain=prerouting comment=DNS dst-port=\
53 new-connection-mark="DNS" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting dst-port=53 \
new-connection-mark="DNS" passthrough=yes protocol=\
udp
add action=change-dscp chain=prerouting connection-mark=\
"DNS" new-dscp=1 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"DNS" new-packet-mark=\
"DNS" passthrough=no

/ip firewall mangle
add action=mark-connection chain=prerouting comment="GAME ONLINE" disabled=no \
dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
new-connection-mark="GAME OL" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
new-connection-mark="GAME OL" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
new-connection-mark="GAME OL" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="10009,13008,\
16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15\
002" new-connection-mark="GAME OL" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="16402-16502,\
18901-18909,19000,19101,22100,27780,29000,29200,39100,39110,39220,39190,49\
100" new-connection-mark="GAME OL" passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
14009-14010,14300,14301,14403,7000,14500 new-connection-mark=\
"GAME OL" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
00-6152,7777-7977,9401,9600-9602,12020-12080,20000,40000-40010" \
new-connection-mark="GAME OL" passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 new-connection-mark=\
"GAME OL" passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark="GAME OL" passthrough=yes \
protocol=udp
add action=mark-packet chain=prerouting connection-mark=\
"GAME OL" disabled=no new-packet-mark=\
"GAME OL" passthrough=no
add action=mark-connection chain=prerouting comment="GAME FACEBOOK" disabled=\
no dst-port=843,9339 new-connection-mark="GAME FB" \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=\
"GAME FB" disabled=no new-packet-mark=\
"GAME FB" passthrough=no

/ip firewall mangle
add action=mark-connection chain=prerouting comment=DLL disabled=no dst-port=\
1935 new-connection-mark="TV ONLINE" passthrough=yes \
protocol=tcp
add action=mark-packet chain=forward connection-mark=\
"TV ONLINE" disabled=no new-packet-mark=\
"TV ONLINE" passthrough=no

/ip firewall mangle
add action=mark-connection chain=postrouting comment=HTTPS disabled=no \
dst-port=443 new-connection-mark="HTTPS" passthrough=\
yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=\
"HTTPS" disabled=no new-packet-mark=\
"HTTPS" passthrough=no

/ip firewall mangle
add action=mark-connection chain=forward comment="LIMIT EXTENTION" disabled=\
no layer7-protocol="YOUTUBE DOWNLOAD" new-connection-mark=\
"YOUTUBE DOWNLOAD" passthrough=yes
add action=mark-packet chain=forward connection-mark="YOUTUBE DOWNLOAD" \
disabled=no new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=\
"YOUTUBE STREAMING" new-connection-mark="YOUTUBE STREAMING" passthrough=\
yes
add action=mark-packet chain=forward connection-mark="YOUTUBE STREAMING" \
disabled=no new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=TUBE \
new-connection-mark=PORN1 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN1 disabled=no \
new-packet-mark=PORN1 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=PORN \
new-connection-mark=PORN2 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN2 disabled=no \
new-packet-mark=PORN2 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=VIDEO \
new-connection-mark=PORN3 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN3 disabled=no \
new-packet-mark=PORN3 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MOVIE \
new-connection-mark=PORN4 passthrough=yes
add action=mark-packet chain=forward connection-mark=PORN4 disabled=no \
new-packet-mark=PORN4 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MKV \
new-connection-mark=MKV passthrough=yes
add action=mark-packet chain=forward connection-mark=MKV disabled=no \
new-packet-mark=MKV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MP3 \
new-connection-mark=MP3 passthrough=yes
add action=mark-packet chain=forward connection-mark=MP3 disabled=no \
new-packet-mark=MP3 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MP4 \
new-connection-mark=MP4 passthrough=yes
add action=mark-packet chain=forward connection-mark=MP4 disabled=no \
new-packet-mark=MP4 passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=ZIP \
new-connection-mark=ZIP passthrough=yes
add action=mark-packet chain=forward connection-mark=ZIP disabled=no \
new-packet-mark=ZIP passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=EXE \
new-connection-mark=EXE passthrough=yes
add action=mark-packet chain=forward connection-mark=EXE disabled=no \
new-packet-mark=EXE passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=FLV \
new-connection-mark=FLV passthrough=yes
add action=mark-packet chain=forward connection-mark=FLV disabled=no \
new-packet-mark=FLV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=ISO \
new-connection-mark=ISO passthrough=yes
add action=mark-packet chain=forward connection-mark=ISO disabled=no \
new-packet-mark=ISO passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MOV \
new-connection-mark=MOV passthrough=yes
add action=mark-packet chain=forward connection-mark=MOV disabled=no \
new-packet-mark=MOV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MPEG \
new-connection-mark=MPEG passthrough=yes
add action=mark-packet chain=forward connection-mark=MPEG disabled=no \
new-packet-mark=MPEG passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=MPG \
new-connection-mark=MPG passthrough=yes
add action=mark-packet chain=forward connection-mark=MPG disabled=no \
new-packet-mark=MPG passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=WAV \
new-connection-mark=WAV passthrough=yes
add action=mark-packet chain=forward connection-mark=WAV disabled=no \
new-packet-mark=WAV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=RAR \
new-connection-mark=RAR passthrough=yes
add action=mark-packet chain=forward connection-mark=RAR disabled=no \
new-packet-mark=RAR passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=WMV \
new-connection-mark=WMV passthrough=yes
add action=mark-packet chain=forward connection-mark=WMV disabled=no \
new-packet-mark=WMV passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=3GP \
new-connection-mark=3GP passthrough=yes
add action=mark-packet chain=forward connection-mark=3GP disabled=no \
new-packet-mark=3GP passthrough=no
add action=mark-connection chain=forward disabled=no layer7-protocol=7z \
new-connection-mark=7z passthrough=yes
add action=mark-packet chain=forward connection-mark=7z disabled=no \
new-packet-mark=7z passthrough=no

/ip firewall mangle
add action=mark-connection chain=prerouting comment=HTTP disabled=no \
dst-port=80 in-interface=proxy new-connection-mark=\
"HTTP" passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=\
"HTTP" disabled=no dst-address=192.168.3.0/24 \
new-packet-mark="HTTP DN" passthrough=no
add action=mark-packet chain=postrouting connection-mark=\
"HTTP" disabled=no new-packet-mark=\
"HTTP UP" passthrough=no src-address=\
192.168.3.0/24

/queue type
add kind=pcq name="PROXY DOWN" pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=\
src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
5s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=UP pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,src-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=512
add kind=pfifo name=PING pfifo-limit=64
add kind=pcq name=DLL pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address,dst-address,src-port,dst-port \
pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=HTTPS pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=\
src-address,dst-address,src-port,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1700k name="4.ALL DOWN" packet-mark="" parent=global-out \
priority=3

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1000k name="D.LIMIT EXTENTION" packet-mark="" parent=\
"4.ALL DOWN" priority=4

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=YOUTUBE packet-mark="" parent="D.LIMIT EXTENTION" \
priority=4

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN packet-mark="" parent="D.LIMIT EXTENTION" priority=\
4

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=2M name=3.GAME packet-mark="" parent=global-out priority=2

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=A.BROWSING packet-mark="HTTP DN" \
parent="4.ALL DOWN" priority=3 queue=DOWN

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=300k name="2.BROWSING UPLOAD" packet-mark=\
"HTTP UP" parent=global-out priority=2 queue=UP

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE STREAMING" packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MKV packet-mark=MKV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP3 packet-mark=MP3 parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MP4 packet-mark=MP4 parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ZIP packet-mark=ZIP parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=EXE packet-mark=EXE parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ISO packet-mark=ISO parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=AVI packet-mark=AVI parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MOV packet-mark=MOV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPEG packet-mark=MPEG parent="D.LIMIT EXTENTION" \
priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=MPG packet-mark=MPG parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=RAR packet-mark=RAR parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WAV packet-mark=WAV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=WMV packet-mark=WMV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3GP packet-mark=3GP parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=7z packet-mark=7z parent="D.LIMIT EXTENTION" priority=4 \
queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="YOUTUBE DOWNLOAD" packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=4 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN1 packet-mark=PORN1 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN2 packet-mark=PORN2 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN3 packet-mark=PORN3 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PORN4 packet-mark=PORN4 parent=PORN priority=4 queue=\
DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=FLV packet-mark=FLV parent="D.LIMIT EXTENTION" priority=\
4 queue=DOWN

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=80M \
max-limit=80M name="1.PROXY HIT" packet-mark=\
"Panca_Hit" parent=local priority=2 queue="PROXY DOWN"

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="A.GAME ONLINE" packet-mark="GAME OL" \
parent=3.GAME priority=2 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="B.GAME FACEBOOK" packet-mark=\
"GAME FB" parent=3.GAME priority=2 queue=DOWN

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2M name=C.HTTPS packet-mark="HTTPS" parent=\
"4.ALL DOWN" priority=2 queue=HTTPS

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=E.DLL packet-mark="TV ONLINE" parent=\
"4.ALL DOWN" priority=8 queue=DLL

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=4.ICMP packet-mark="ICMP" \
parent=global-out priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=6.DNS packet-mark="DNS" parent=\
global-out priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=5.ICMP packet-mark="ICMP" \
parent=public priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
max-limit=100M name=7.DNS packet-mark="DNS" parent=\
public priority=1 queue=PING


Sumber ; http://www.wirelessrouterproxy.com/2012/08/cara-setting-bypass-hit-squidmangle.html

Diposting oleh di 1 komentar:
Langganan: Komentar (Atom)