API tools faq
paste
Advertisement
rootplg3544

CONFIG FIRWALE

rootplg3544
May 9th, 2018
286
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.80 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #
  3. /ip firewall mangle
  4.  
  5. add action=mark-connection chain=prerouting comment="===>PING-LANCAR" \
  6.  
  7. new-connection-mark=icmp-conn passthrough=yes protocol=icmp src-address=\
  8.  
  9. 192.10.10.0/24
  10.  
  11. add action=mark-packet chain=prerouting connection-mark=icmp-conn \
  12.  
  13. new-packet-mark=icmp-p passthrough=no
  14.  
  15. add action=change-dscp chain=prerouting new-dscp=0 packet-mark=icmp-p \
  16.  
  17. passthrough=yes
  18.  
  19. add action=mark-connection chain=prerouting comment="====>DNS" dst-port=53 \
  20.  
  21. new-connection-mark=dns-conn passthrough=yes protocol=tcp src-address=\
  22.  
  23. 192.10.10.0/24
  24.  
  25. add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=\
  26.  
  27. dns-conn passthrough=yes protocol=udp src-address=192.10.10.0/24
  28.  
  29. add action=mark-packet chain=prerouting connection-mark=dns-conn \
  30.  
  31. new-packet-mark=dns-p passthrough=yes
  32.  
  33. add action=change-dscp chain=prerouting new-dscp=0 packet-mark=dns-p \
  34.  
  35. passthrough=yes
  36.  
  37. add action=mark-connection chain=forward comment=Mobile-Legend dst-port=\
  38.  
  39. 30100-30200 new-connection-mark=moba-conn passthrough=yes protocol=tcp \
  40.  
  41. src-address=192.10.10.0/24
  42.  
  43. add action=mark-connection chain=forward dst-port=30091-30099 \
  44.  
  45. new-connection-mark=moba-conn passthrough=yes protocol=udp src-address=\
  46.  
  47. 192.10.10.0/24
  48.  
  49. add action=mark-connection chain=forward dst-port=5001-5009 \
  50.  
  51. new-connection-mark=moba-conn passthrough=yes protocol=udp src-address=\
  52.  
  53. 192.10.10.0/24
  54.  
  55. add action=mark-packet chain=forward connection-mark=moba-conn \
  56.  
  57. new-packet-mark=moba-packet passthrough=no
  58.  
  59. add action=accept chain=input comment="mangel GGC" dst-address-list=\
  60.  
  61. private-lokal src-address-list=private-lokal
  62.  
  63. add action=accept chain=prerouting dst-address-list=private-lokal \
  64.  
  65. src-address-list=private-lokal
  66.  
  67. add action=accept chain=forward dst-address-list=private-lokal \
  68.  
  69. src-address-list=private-lokal
  70.  
  71. add action=accept chain=postrouting dst-address-list=private-lokal \
  72.  
  73. src-address-list=private-lokal
  74.  
  75. add action=accept chain=output dst-address-list=private-lokal \
  76.  
  77. src-address-list=private-lokal
  78.  
  79. add action=mark-connection chain=prerouting comment=icmp-dns \
  80.  
  81. dst-address-list=!private-lokal new-connection-mark=icmp-dns passthrough=\
  82.  
  83. yes protocol=icmp src-address-list=private-lokal
  84.  
  85. add action=mark-connection chain=prerouting dst-address-list=!private-lokal \
  86.  
  87. dst-port=5353,123 new-connection-mark=icmp-dns passthrough=yes protocol=\
  88.  
  89. tcp src-address-list=private-lokal
  90.  
  91. add action=mark-connection chain=prerouting dst-address-list=!private-lokal \
  92.  
  93. dst-port=5353,123 new-connection-mark=icmp-dns passthrough=yes protocol=\
  94.  
  95. udp src-address-list=private-lokal
  96.  
  97. add action=accept chain=prerouting connection-mark=icmp-dns
  98.  
  99. add action=mark-packet chain=forward connection-mark=icmp-dns \
  100.  
  101. new-packet-mark=icmp-dns passthrough=no
  102.  
  103. add action=mark-connection chain=prerouting comment=ggc-telkom \
  104.  
  105. connection-mark=no-mark dst-address-list=ggc-telkom new-connection-mark=\
  106.  
  107. ggc-telkom passthrough=yes src-address-list=private-lokal
  108.  
  109. add action=mark-packet chain=forward connection-mark=ggc-telkom \
  110.  
  111. new-packet-mark=ggc-telkom passthrough=no
  112.  
  113. add action=mark-connection chain=prerouting comment=sosmed connection-mark=\
  114.  
  115. no-mark dst-address-list=sosmed new-connection-mark=sosmed passthrough=\
  116.  
  117. yes src-address-list=private-lokal
  118.  
  119. add action=mark-packet chain=forward connection-mark=sosmed new-packet-mark=\
  120.  
  121. sosmed passthrough=no
  122.  
  123. add action=mark-connection chain=prerouting comment=trafik connection-mark=\
  124.  
  125. no-mark dst-address-list=!private-lokal dst-port=\
  126.  
  127. 5000,5500-7100,9000,9091,3000-3200 new-connection-mark=trafik \
  128.  
  129. passthrough=yes protocol=tcp src-address-list=private-lokal
  130.  
  131. add action=mark-connection chain=prerouting connection-mark=no-mark \
  132.  
  133. dst-address-list=!private-lokal dst-port=\
  134.  
  135. 5000,5500-7100,9000,9091,3000-3200 new-connection-mark=trafik \
  136.  
  137. passthrough=yes protocol=udp src-address-list=private-lokal
  138.  
  139. add action=mark-connection chain=prerouting connection-mark=no-mark \
  140.  
  141. dst-address-list=!private-lokal dst-port=\
  142.  
  143. 0-2000,5050,8777,8000-8099,5353,5938,8291,12671-12675,16800 \
  144.  
  145. new-connection-mark=trafik passthrough=yes protocol=tcp src-address-list=\
  146.  
  147. private-lokal
  148.  
  149. add action=mark-connection chain=prerouting connection-mark=no-mark \
  150.  
  151. dst-address-list=!private-lokal dst-port=\
  152.  
  153. 0-2000,5050,8777,8000-8099,5353,5938,8291,12671-12675,16800 \
  154.  
  155. new-connection-mark=trafik passthrough=yes protocol=udp src-address-list=\
  156.  
  157. private-lokal
  158.  
  159. add action=mark-connection chain=prerouting connection-mark=no-mark \
  160.  
  161. dst-address-list=!private-lokal layer7-protocol=torrent1 \
  162.  
  163. new-connection-mark=trafik passthrough=yes src-address-list=private-lokal
  164.  
  165. add action=mark-connection chain=prerouting connection-mark=no-mark \
  166.  
  167. dst-address-list=!private-lokal layer7-protocol=torrent2 \
  168.  
  169. new-connection-mark=trafik passthrough=yes src-address-list=private-lokal
  170.  
  171. add action=mark-connection chain=prerouting connection-mark=no-mark \
  172.  
  173. dst-address-list=!private-lokal layer7-protocol=torrent3 \
  174.  
  175. new-connection-mark=trafik passthrough=yes src-address-list=private-lokal
  176.  
  177. add action=mark-connection chain=prerouting connection-mark=no-mark \
  178.  
  179. dst-address-list=!private-lokal layer7-protocol=torrent4 \
  180.  
  181. new-connection-mark=trafik passthrough=yes src-address-list=private-lokal
  182.  
  183. add action=mark-connection chain=prerouting comment=high-priority \
  184.  
  185. connection-mark=no-mark dst-address-list=!private-lokal \
  186.  
  187. new-connection-mark=high-priority passthrough=yes src-address-list=\
  188.  
  189. private-lokal
  190.  
  191. add action=accept chain=prerouting connection-mark=high-priority
  192.  
  193. add action=mark-packet chain=forward connection-mark=high-priority \
  194.  
  195. new-packet-mark=high-priority passthrough=no
  196.  
  197. add action=mark-packet chain=forward comment=browsing connection-mark=trafik \
  198.  
  199. connection-rate=0-1M new-packet-mark=browsing passthrough=no
  200.  
  201. add action=mark-packet chain=forward comment=midle-trafik connection-mark=\
  202.  
  203. trafik connection-rate=1000001-3M new-packet-mark=midle-trafik \
  204.  
  205. passthrough=no
  206.  
  207. add action=mark-packet chain=forward comment=high-trafik connection-mark=\
  208.  
  209. trafik connection-rate=3000001-1G new-packet-mark=high-trafik \
  210.  
  211. passthrough=no
  212.  
  213.  
  214.  
  215. /ip firewall raw
  216.  
  217. add action=add-dst-to-address-list address-list=mobile-legend \
  218.  
  219. address-list-timeout=0s chain=prerouting disabled=yes dst-port=\
  220.  
  221. 30100-30110 protocol=tcp
  222.  
  223. add action=add-src-to-address-list address-list=client-on-ml \
  224.  
  225. address-list-timeout=5m chain=prerouting comment=Mobile-Legend \
  226.  
  227. dst-address=161.202.0.0/16 dst-address-list=!private-lokal
  228.  
  229. add action=add-src-to-address-list address-list=client-on-ml \
  230.  
  231. address-list-timeout=5m chain=prerouting dst-address=119.81.0.0/16 \
  232.  
  233. dst-address-list=!private-lokal
  234.  
  235.  
  236. #
  237.  
  238. /queue tree
  239.  
  240. add max-limit=25M name=INCOMING parent=global queue=default
  241.  
  242. add limit-at=64k max-limit=25M name=I.01.ICMP-DNS packet-mark=icmp-dns \
  243.  
  244. parent=INCOMING priority=1 queue=default
  245.  
  246. add limit-at=5M max-limit=25M name=I.02.HIGH-PRIORITY packet-mark=\
  247.  
  248. high-priority parent=INCOMING priority=3 queue=default
  249.  
  250. add limit-at=25M max-limit=25M name=I.03.NORMAL parent=INCOMING queue=default
  251.  
  252. add limit-at=15M max-limit=25M name=I.03.1.SOSMED packet-mark=sosmed parent=\
  253.  
  254. I.03.NORMAL priority=5 queue=pcq-download-default
  255.  
  256. add limit-at=15M max-limit=25M name=I.03.2.BROWSING packet-mark=browsing \
  257.  
  258. parent=I.03.NORMAL priority=5 queue=pcq-download-default
  259.  
  260. add limit-at=10M max-limit=25M name=I.03.3.MIDLE-TRAFIK packet-mark=\
  261.  
  262. midle-trafik parent=I.03.NORMAL priority=7 queue=pcq-download-default
  263.  
  264. add limit-at=15M max-limit=25M name=I.03.4.HIGH-TRAFIK packet-mark=\
  265.  
  266. high-trafik parent=I.03.NORMAL queue=pcq-download-default
  267.  
  268. add limit-at=10M max-limit=25M name=I.04.YOUTUBE-GOOGLE packet-mark=\
  269.  
  270. ggc-telkom parent=INCOMING queue=pcq-download-default
  271.  
  272. add max-limit=10M name=OUTGOING parent=global queue=default
  273.  
  274. add limit-at=64k max-limit=10M name=O.01.ICMP-DNS packet-mark=icmp-dns \
  275.  
  276. parent=OUTGOING priority=1 queue=default
  277.  
  278. add limit-at=3M max-limit=10M name=O.02.HIGH-PRIORITY packet-mark=\
  279.  
  280. high-priority parent=OUTGOING priority=3 queue=default
  281.  
  282. add limit-at=10M max-limit=10M name=O.03.NORMAL parent=OUTGOING queue=default
  283.  
  284. add limit-at=3M max-limit=10M name=O.03.1.SOSMED packet-mark=sosmed parent=\
  285.  
  286. O.03.NORMAL priority=5 queue=pcq-upload-default
  287.  
  288. add limit-at=3M max-limit=10M name=O.03.2.BROWSING packet-mark=browsing \
  289.  
  290. parent=O.03.NORMAL priority=5 queue=pcq-upload-default
  291.  
  292. add limit-at=1M max-limit=10M name=O.03.3.MIDLE-TRAFIK packet-mark=\
  293.  
  294. midle-trafik parent=O.03.NORMAL priority=7 queue=pcq-upload-default
  295.  
  296. add limit-at=3M max-limit=10M name=O.03.4.HIGH-TRAFIK packet-mark=high-trafik \
  297.  
  298. parent=O.03.NORMAL queue=pcq-upload-default
  299.  
  300. add limit-at=3M max-limit=10M name=O.04.YOUTUBE-GOOGLE packet-mark=ggc-telkom \
  301.  
  302. parent=OUTGOING queue=pcq-upload-default
  303.  
  304. add max-limit=25M name=#JAMU-DOWN parent=global priority=1 queue=PING-LANCAR
  305.  
  306. add limit-at=56k max-limit=128k name=dns packet-mark=icmp-p parent=#JAMU-DOWN \
  307.  
  308. priority=1 queue=PING-LANCAR
  309.  
  310. add limit-at=56k max-limit=128k name=ping packet-mark=icmp-p parent=\
  311.  
  312. #JAMU-DOWN priority=1 queue=PING-LANCAR
  313.  
  314. /queue type
  315. add kind=pcq name=PCQ-Download pcq-classifier=dst-address \
  316. pcq-dst-address6-mask=64 pcq-rate=4096k pcq-src-address6-mask=64
  317. add kind=pcq name=PCQ-Upload pcq-classifier=src-address \
  318. pcq-dst-address6-mask=64 pcq-rate=4096k pcq-src-address6-mask=64
  319. add kind=pfifo name=PING-LANCAR pfifo-limit=64
  320. set 9 pcq-rate=1024
  321. config firewall.txt
  322. Masuk
  323. Menampilkan config firewall.txt.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!