belajar mangle

1. /interface ethernet
2. set [ find default-name=ether4 ] name=Cctv
3. set [ find default-name=ether2 ] arp=proxy-arp name=Hotspot
4. set [ find default-name=ether3 ] name=Lan
5. set [ find default-name=ether5 ] name=Modem_Browser
6. set [ find default-name=ether1 ] name=Radio
7.  
8. /ip firewall layer7-protocol
9. add name=video_fb regexp="video-sin[0-9]+-[0-9]+\\.[a-z]+\\.fbcdn\\.net"
10. /ip pool
11. add name=expired-pppoe ranges=192.168.168.9,192.168.168.10-192.168.168.20
12. add name=ppp-remot ranges=10.10.99.20-10.10.99.254
13. add name=bulanan ranges=192.168.73.150,192.168.73.151-192.168.73.254
14. add name=Key ranges=192.168.73.5,192.168.73.7
15. add name=ppoe_hotspot ranges=192.168.73.10,192.168.73.11-192.168.73.50
16. add name=hotspot ranges=192.168.99.50,192.168.99.51-192.168.99.254
17. add name=expired ranges=192.168.168.51,192.168.168.52-192.168.168.254
18. add name=Cctv ranges=172.191.191.3,172.191.191.4-172.191.191.254
19. /ip dhcp-server
20. add add-arp=yes address-pool=hotspot disabled=no interface=Hotspot \
21. lease-time=3h name=dhcp1
22. add address-pool=Cctv disabled=no interface=Cctv lease-time=1d10m name=Cctv
23. /ppp profile
24. add local-address=10.10.99.1 name=vpn_remot remote-address=ppp-remot
25.  
26. /queue simple
27. add max-limit=5M/30M name="0. HIT PROXY" packet-marks=HIT priority=1/1 \
28. target=""
29. add max-limit=5M/27M name="1. Global" packet-marks=\
30. icmp_pkt,Game_pkt,up_pkt,down_pkt,ggc_pkt target=192.168.0.0/16
31. add max-limit=512k/1M name="0. ICMP" packet-marks=icmp_pkt parent="1. Global" \
32. priority=1/1 target=192.168.0.0/16,172.16.0.0/12
33. add limit-at=128k/1M max-limit=3M/5M name="1. Game" packet-marks=Game_pkt \
34. parent="1. Global" priority=1/1 target=192.168.0.0/16
35. /queue type
36. add kind=pcq name=Download pcq-classifier=dst-address pcq-rate=256k
37. add kind=pcq name=Http pcq-classifier=dst-address pcq-rate=1M
38. add kind=pcq name=Game pcq-classifier=\
39. src-address,dst-address,src-port,dst-port
40. add kind=pcq name=Upload pcq-classifier=src-address
41. add kind=pcq name=PCQ_Limit_Video pcq-classifier=dst-address pcq-rate=64k
42. add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=\
43. 64 pcq-src-address6-mask=64
44. add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 \
45. pcq-src-address6-mask=64
46. add kind=pcq name="2 Mbs-down_pcq" pcq-classifier=dst-address \
47. pcq-dst-address6-mask=64 pcq-rate=2M pcq-src-address6-mask=64
48. add kind=pcq name=512k-up_pcq pcq-classifier=src-address \
49. pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
50. /queue simple
51. add max-limit=4M/25M name="3. Download / Upload" packet-marks=\
52. up_pkt,down_pkt,ggc_pkt parent="1. Global" queue=up_pcq/down_pcq target=\
53. 192.168.0.0/16
54. add limit-at=64/64 max-limit=2M/21M name="1. Warnet" parent=\
55. "3. Download / Upload" target=192.168.7.0/24
56. add max-limit=1M/17M name="0. Billing" parent="1. Warnet" target=\
57. 192.168.7.10/32
58. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
59. 384k/768k name="1. PC-Client" parent="1. Warnet" target=192.168.7.21/32
60. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
61. 384k/768k name="2. PC-Client" parent="1. Warnet" target=192.168.7.22/32
62. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
63. 384k/768k name="3. PC-Client" parent="1. Warnet" target=192.168.7.23/32
64. add burst-limit=0/10M burst-threshold=0/2M burst-time=0s/5s max-limit=\
65. 384k/768k name="4. PC-Client" parent="1. Warnet" target=192.168.7.24/32
66. add burst-limit=0/10M burst-threshold=0/2M burst-time=0s/5s max-limit=\
67. 384k/768k name="5. PC-Client" parent="1. Warnet" target=192.168.7.25/32
68. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
69. 384k/768k name="10. PC-Client" parent="1. Warnet" target=192.168.7.30/32
70. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
71. 384k/768k name="6. PC-Client" parent="1. Warnet" target=192.168.7.26/32
72. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
73. 384k/768k name="7. PC-Client" parent="1. Warnet" target=192.168.7.27/32
74. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
75. 384k/768k name="8. PC-Client" parent="1. Warnet" target=192.168.7.28/32
76. add burst-limit=0/5M burst-threshold=0/2M burst-time=0s/5s max-limit=\
77. 384k/768k name="9. PC-Client" parent="1. Warnet" target=192.168.7.29/32
78. add limit-at=64/64 max-limit=3M/23M name="2. Hotspot" parent=\
79. "3. Download / Upload" target=192.168.0.0/16
80. add limit-at=64/64 max-limit=1M/7M name="1. bulanan" parent="2. Hotspot" \
81. priority=3/3 target=192.168.73.0/24
82. add limit-at=64/64 max-limit=3M/21M name="2. Vouceran" parent="2. Hotspot" \
83. target=192.168.99.0/24
84. add limit-at=64/64 max-limit=512k/1500k name="1. Key" parent="1. bulanan" \
85. priority=1/1 queue=up_pcq/down_pcq target=\
86. 192.168.73.5/32,192.168.73.7/32,192.168.73.8/32
87.  
88. /ip firewall mangle
89. add action=mark-connection chain=input connection-mark=no-mark in-interface=\
90. Modem_Browser new-connection-mark=modemUSB_conn
91. add action=mark-routing chain=output connection-mark=modemUSB_conn \
92. new-routing-mark=via_browsing
93. add action=mark-connection chain=input connection-mark=no-mark in-interface=\
94. pppoe-out1 new-connection-mark=pppoe_conn passthrough=yes
95. add action=mark-routing chain=output connection-mark=pppoe_conn \
96. new-routing-mark=via_radio passthrough=yes
97. add action=mark-packet chain=forward comment="HIT PROXY" dscp=12 \
98. new-packet-mark=HIT passthrough=no
99.  
100. add chain=prerouting comment="Bypass Local Paket" dst-address-list=PRIVATE_IP \
101. src-address-list=PRIVATE_IP
102. add chain=forward dst-address-list=PRIVATE_IP src-address-list=PRIVATE_IP
103. add chain=output dst-address-list=PRIVATE_IP src-address-list=PRIVATE_IP
104.  
105. add action=mark-connection chain=prerouting comment="Game Conn" dst-port=\
106. 27000-28998,9100-9200,8230-8250,8110-8120,14300-15512,14000-14010 \
107. new-connection-mark=game_conn passthrough=yes protocol=tcp src-address=\
108. 192.168.7.0/24
109. add action=mark-connection chain=prerouting dst-port=\
110. 39190-39200,49001-49190,9080-9081 new-connection-mark=game_conn \
111. passthrough=yes protocol=tcp src-address=192.168.7.0/24
112. add action=mark-connection chain=prerouting dst-port="27000-28998,3478-4380,28\
113. 010-28200,39000,15000-15500,14000-14010,40000-40010,24010-24160" \
114. new-connection-mark=game_conn passthrough=yes protocol=udp src-address=\
115. 192.168.7.0/24
116. add action=jump chain=prerouting connection-rate=0-325k jump-target=jumpgames \
117. port=!21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 \
118. protocol=tcp src-address=192.168.0.0/16
119. add action=jump chain=prerouting connection-rate=0-325k jump-target=jumpgames \
120. port=!21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 \
121. protocol=udp src-address=192.168.0.0/16
122. add action=mark-connection chain=jumpgames connection-rate=0-325k \
123. new-connection-mark=game_conn passthrough=yes port="!53,5353,5938,8291,126\
124. 71-12675,123,7282,40003,3478,8181,8383,1080,1194,1468" protocol=tcp \
125. src-address=192.168.0.0/16
126. add action=mark-connection chain=jumpgames connection-rate=0-325k \
127. new-connection-mark=game_conn passthrough=yes port="!53,5353,5938,8291,126\
128. 71-12675,123,7282,40003,3478,8181,8383,1080,1194,1468" protocol=udp \
129. src-address=192.168.0.0/16
130. add action=return chain=jumpgames src-address=192.168.0.0/16
131. add action=mark-routing chain=prerouting connection-mark=game_conn \
132. in-interface=Lan new-routing-mark=game_route passthrough=yes
133. add action=mark-routing chain=prerouting connection-mark=game_conn \
134. in-interface=Hotspot new-routing-mark=game_route passthrough=yes
135. add action=mark-packet chain=prerouting connection-mark=game_conn \
136. new-packet-mark=Game_pkt passthrough=no
137. add action=change-dscp chain=postrouting comment=ICMP new-dscp=1 passthrough=\
138. yes protocol=icmp
139. add action=change-dscp chain=postrouting dst-port=53 new-dscp=1 passthrough=\
140. yes protocol=udp
141. add action=change-dscp chain=postrouting dst-port=53 new-dscp=1 passthrough=\
142. yes protocol=tcp
143. add action=mark-connection chain=postrouting dscp=1 new-connection-mark=\
144. icmp_conn passthrough=yes
145. add action=mark-packet chain=postrouting connection-mark=icmp_conn \
146. new-packet-mark=icmp_pkt passthrough=no
147. add action=jump chain=prerouting comment=Lb dst-address-list=!PRIVATE_IP \
148. in-interface=Lan jump-target=LoadBalance src-address=192.168.7.0/24
149. add action=jump chain=prerouting dst-address-list=!PRIVATE_IP in-interface=\
150. Hotspot jump-target=LoadBalance src-address=192.168.99.0/24
151. add action=jump chain=prerouting dst-address-list=!PRIVATE_IP in-interface=\
152. Hotspot jump-target=LoadBalance src-address=192.168.73.0/24
153. add action=mark-connection chain=LoadBalance new-connection-mark=local_con1 \
154. passthrough=yes per-connection-classifier=both-addresses:3/0
155. add action=mark-connection chain=LoadBalance new-connection-mark=local_con1 \
156. passthrough=yes per-connection-classifier=both-addresses:3/1
157. add action=mark-connection chain=LoadBalance new-connection-mark=local_con2 \
158. passthrough=yes per-connection-classifier=both-addresses:3/2
159. add action=mark-routing chain=LoadBalance connection-mark=local_con1 \
160. new-routing-mark=via_browsing passthrough=yes
161. add action=mark-routing chain=LoadBalance connection-mark=local_con2 \
162. new-routing-mark=via_radio passthrough=yes
163. add action=mark-connection chain=LoadBalance dst-port=80,8080 \
164. new-connection-mark=local_con11 passthrough=yes \
165. per-connection-classifier=src-address-and-port:3/0 protocol=tcp
166. add action=mark-connection chain=LoadBalance dst-port=80,8080 \
167. new-connection-mark=local_con11 passthrough=yes \
168. per-connection-classifier=src-address-and-port:3/1 protocol=tcp
169. add action=mark-connection chain=LoadBalance dst-port=80,8080 \
170. new-connection-mark=local_con22 passthrough=yes \
171. per-connection-classifier=src-address-and-port:3/2 protocol=tcp
172. add action=mark-routing chain=LoadBalance connection-mark=local_con11 \
173. new-routing-mark=via_browsing passthrough=yes
174. add action=mark-routing chain=LoadBalance connection-mark=local_con22 \
175. new-routing-mark=via_radio passthrough=yes
176. add action=mark-connection chain=prerouting comment=Koneksi-GGC dst-address=\
177. !192.168.0.0/16 dst-address-list=ggc-telkom new-connection-mark=ggc_conn \
178. passthrough=yes src-address=192.168.0.0/16 time=\
179. 8h-22h,sun,mon,tue,wed,thu,fri,sat
180. add action=mark-packet chain=prerouting comment=Koneksi-GGC connection-mark=\
181. ggc_conn new-packet-mark=ggc_pkt passthrough=no time=\
182. 8h-22h,sun,mon,tue,wed,thu,fri,sat
183. add action=mark-routing chain=prerouting comment=Unlimited disabled=yes \
184. dst-address=!192.168.73.0/24 dst-port=443 new-routing-mark=via_radio \
185. passthrough=yes protocol=tcp src-address=192.168.73.0/24 time=\
186. 23h-7h,sun,mon,tue,wed,thu,fri,sat
187. add action=mark-routing chain=prerouting comment=pptp-vpnbook \
188. dst-address-list=speedtest new-routing-mark=pptp-vpnbook passthrough=no \
189. src-address-list=PRIVATE_IP
190. add action=mark-connection chain=prerouting comment="Global Conn" \
191. dst-address-list=!PRIVATE_IP new-connection-mark=Global_conn \
192. src-address-list=PRIVATE_IP
193. add action=mark-packet chain=prerouting connection-mark=Global_conn \
194. in-interface=Modem_Browser new-packet-mark=down_pkt passthrough=no
195. add action=mark-packet chain=prerouting connection-mark=Global_conn \
196. in-interface=pppoe-out1 new-packet-mark=down_pkt passthrough=no
197. add action=mark-packet chain=prerouting connection-mark=Global_conn \
198. in-interface=all-ppp new-packet-mark=up_pkt passthrough=no
199. add action=mark-packet chain=prerouting connection-mark=Global_conn \
200. in-interface=Lan new-packet-mark=up_pkt passthrough=no
201. add action=mark-packet chain=prerouting connection-mark=Global_conn \
202. in-interface=Hotspot new-packet-mark=up_pkt passthrough=no