SHARE
TWEET

dns-sehat-indonesia

punces Jan 9th, 2017 (edited) 4,059 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #DNS SEHAT INDONESA
  2. #AUTO SWITCH KE DNS-OPEN JIKA DNS SEHAT LINK DOWN
  3. #COPY DAN PASTE KE TERMINAL WINBOX
  4.  
  5. /ip firewall address-list
  6. add address=10.0.0.0/8 list=private-lokal
  7. add address=172.16.0.0/12 list=private-lokal
  8. add address=192.168.0.0/16 list=private-lokal
  9.  
  10. /ip firewall filter
  11. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
  12. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
  13.  
  14. /ip dns
  15. set allow-remote-requests=no servers=103.80.80.248,103.80.80.249
  16.  
  17. /ip firewall nat
  18. add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=yes dst-port=53,5353 nth=4,1 protocol=tcp to-addresses=208.67.222.222 to-ports=5353
  19. add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=yes dst-port=53,5353 nth=2,1 protocol=tcp to-addresses=208.67.220.220 to-ports=5353
  20. add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=yes dst-port=53,5353 nth=3,1 protocol=udp to-addresses=208.67.222.222 to-ports=5353
  21. add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=yes dst-port=53,5353 nth=1,1 protocol=udp to-addresses=208.67.220.220 to-ports=5353
  22.  
  23. add action=dst-nat chain=dstnat comment=dns-block src-address-list=private-lokal disabled=no dst-port=53,5353 nth=4,1 protocol=tcp to-addresses=103.80.80.248 to-ports=5353
  24. add action=dst-nat chain=dstnat comment=dns-block src-address-list=private-lokal disabled=no dst-port=53,5353 nth=2,1 protocol=tcp to-addresses=103.80.80.249 to-ports=5353
  25. add action=dst-nat chain=dstnat comment=dns-block src-address-list=private-lokal disabled=no dst-port=53,5353 nth=3,1 protocol=udp to-addresses=103.80.80.248 to-ports=5353
  26. add action=dst-nat chain=dstnat comment=dns-block src-address-list=private-lokal disabled=no dst-port=53,5353 nth=1,1 protocol=udp to-addresses=103.80.80.249 to-ports=5353
  27.  
  28.  
  29. /tool netwatch
  30. add down-script="/ip firewall nat enable [find to-addresses=208.67.222.222 comment=dns-open]\r\
  31.     \n/ip firewall nat enable [find to-addresses=208.67.220.220 comment=dns-open]" host=103.80.80.248 up-script=\
  32.     "/ip firewall nat disable [find to-addresses=208.67.222.222 comment=dns-open]\r\
  33.     \n/ip firewall nat disable [find to-addresses=208.67.220.220 comment=dns-open]"
  34. add down-script="/ip firewall nat enable [find to-addresses=208.67.222.222 comment=dns-open]\r\
  35.     \n/ip firewall nat enable [find to-addresses=208.67.220.220 comment=dns-open]" host=103.80.80.249 up-script=\
  36.     "/ip firewall nat disable [find to-addresses=208.67.222.222 comment=dns-open]\r\
  37.     \n/ip firewall nat disable [find to-addresses=208.67.220.220 comment=dns-open]"
RAW Paste Data
Top