API tools faq
paste
dreamrider

ROS Mangles

dreamrider
Jul 29th, 2012
78
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.15 KB
raw download clone embed print report
  1. /ip firewall mangle
  2. add action=jump chain=prerouting comment="Common P2P-Blocking" disabled=no \
  3. dst-address-list=!dns-externt jump-target=p2p-service p2p=all-p2p
  4. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  5. jump-target=p2p-service layer7-protocol=BITTORRENT
  6. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  7. jump-target=p2p-service layer7-protocol=DIRECTCONNECT
  8. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  9. jump-target=p2p-service layer7-protocol=GNUTELLA
  10. add action=add-dst-to-address-list address-list=p2p-users-ext \
  11. address-list-timeout=10m chain=prerouting comment=\
  12. "UDP-Bittorrent blocking" disabled=no dst-address-list=!dns-externt \
  13. dst-port=1024-65535 packet-size=62-500 protocol=udp src-address-list=\
  14. p2p-users src-port=!53
  15. add action=add-src-to-address-list address-list=p2p-users-ext \
  16. address-list-timeout=10m chain=prerouting disabled=no dst-address-list=\
  17. p2p-users dst-port=1024-65535 packet-size=62-500 protocol=udp \
  18. src-address-list=!dns-externt src-port=!53
  19. add action=add-dst-to-address-list address-list=p2p-users-ext \
  20. address-list-timeout=10m chain=prerouting comment="TCP-Tracker blocking" \
  21. connection-type=!ftp disabled=no dst-address-list=!dns-externt dst-port=\
  22. 1024-65535 packet-size=100-500 protocol=tcp src-address-list=p2p-users \
  23. src-port=1024-65535 tcp-flags=psh,ack
  24. add action=add-src-to-address-list address-list=p2p-users-ext \
  25. address-list-timeout=10m chain=prerouting connection-type=!ftp disabled=\
  26. no dst-address-list=p2p-users dst-port=1024-65535 packet-size=100-500 \
  27. protocol=tcp src-address-list=!dns-externt src-port=1024-65535 tcp-flags=\
  28. psh,ack
  29. add action=jump chain=prerouting connection-state=new disabled=no dst-port=\
  30. 443 jump-target=tcp-services protocol=tcp
  31. add action=jump chain=prerouting connection-state=new disabled=no \
  32. dst-address-list=!dns-externt dst-port=!443 jump-target=p2p-service \
  33. layer7-protocol=HTTPS protocol=tcp
  34. add action=jump chain=prerouting connection-state=new disabled=no \
  35. jump-target=tcp-services protocol=tcp
  36. add action=jump chain=prerouting connection-state=new disabled=no \
  37. jump-target=udp-services protocol=udp
  38. add action=jump chain=prerouting connection-state=new disabled=no \
  39. jump-target=other-services
  40. add action=add-src-to-address-list address-list=p2p-users \
  41. address-list-timeout=2m chain=p2p-service disabled=no src-address-list=\
  42. local-addr
  43. add action=mark-connection chain=p2p-service disabled=no new-connection-mark=\
  44. p2p passthrough=no
  45. add action=mark-connection chain=tcp-services disabled=no dst-port=20-21 \
  46. new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535
  47. add action=mark-connection chain=tcp-services disabled=no dst-port=22 \
  48. new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535
  49. add action=mark-connection chain=tcp-services disabled=no dst-port=23 \
  50. new-connection-mark=telnet passthrough=no protocol=tcp src-port=\
  51. 1024-65535
  52. add action=mark-connection chain=tcp-services disabled=no dst-port=25 \
  53. new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535
  54. add action=mark-connection chain=tcp-services disabled=no dst-port=53 \
  55. new-connection-mark=dns passthrough=no protocol=tcp src-port=53
  56. add action=mark-connection chain=tcp-services disabled=no dst-port=53 \
  57. new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535
  58. add action=mark-connection chain=tcp-services disabled=no dst-port=80 \
  59. new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
  60. add action=mark-connection chain=tcp-services disabled=no dst-port=110 \
  61. new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535
  62. add action=mark-connection chain=tcp-services disabled=no dst-port=113 \
  63. new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535
  64. add action=mark-connection chain=tcp-services disabled=no dst-port=119 \
  65. new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535
  66. add action=mark-connection chain=tcp-services disabled=no dst-port=137-139 \
  67. new-connection-mark=netbios passthrough=no protocol=tcp src-port=\
  68. 1024-65535
  69. add action=mark-connection chain=tcp-services disabled=no dst-port=143 \
  70. new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535
  71. add action=mark-connection chain=tcp-services disabled=no dst-port=161-162 \
  72. new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535
  73. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  74. spotify dst-port=443 new-connection-mark=spotify passthrough=no protocol=\
  75. tcp src-port=1024-65535
  76. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  77. !spotify dst-port=443 new-connection-mark=https passthrough=no protocol=\
  78. tcp src-port=1024-65535
  79. add action=mark-connection chain=tcp-services disabled=no dst-port=445 \
  80. new-connection-mark=ms-ds passthrough=no protocol=tcp src-port=1024-65535
  81. add action=mark-connection chain=tcp-services disabled=no dst-port=465 \
  82. new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535
  83. add action=mark-connection chain=tcp-services disabled=no dst-port=990 \
  84. new-connection-mark=ftps passthrough=no protocol=tcp src-port=1024-65535
  85. add action=mark-connection chain=tcp-services disabled=no dst-port=993 \
  86. new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535
  87. add action=mark-connection chain=tcp-services disabled=no dst-port=995 \
  88. new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535
  89. add action=mark-connection chain=tcp-services disabled=no dst-port=1080 \
  90. new-connection-mark=socks passthrough=no protocol=tcp src-port=1024-65535
  91. add action=mark-connection chain=tcp-services disabled=no dst-port=1723 \
  92. new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535
  93. add action=mark-connection chain=tcp-services disabled=no dst-port=1863 \
  94. new-connection-mark=msn passthrough=no protocol=tcp src-port=1024-65535
  95. add action=mark-connection chain=tcp-services disabled=no dst-port=2379 \
  96. new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535
  97. add action=mark-connection chain=tcp-services disabled=no dst-port=3128 \
  98. new-connection-mark=squid-proxy passthrough=no protocol=tcp src-port=\
  99. 1024-65535
  100. add action=mark-connection chain=tcp-services disabled=no dst-port=3389 \
  101. new-connection-mark=win-ts passthrough=no protocol=tcp src-port=\
  102. 1024-65535
  103. add action=mark-connection chain=tcp-services disabled=no dst-port=3845 \
  104. new-connection-mark=smartpass passthrough=no protocol=tcp src-port=\
  105. 1024-65535
  106. add action=mark-connection chain=tcp-services disabled=no dst-port=4070 \
  107. new-connection-mark=spotify passthrough=no protocol=tcp src-port=\
  108. 1024-65535
  109. add action=mark-connection chain=tcp-services disabled=no dst-port=2000-3000 \
  110. new-connection-mark=bwtest passthrough=no protocol=tcp src-port=\
  111. 1024-65535
  112. add action=mark-connection chain=tcp-services disabled=no dst-port=4242-4243 \
  113. new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535
  114. add action=mark-connection chain=tcp-services disabled=no dst-port=1024-65535 \
  115. new-connection-mark=overnet passthrough=no protocol=tcp src-port=\
  116. 4661-4662
  117. add action=mark-connection chain=tcp-services disabled=no dst-port=1024-65535 \
  118. new-connection-mark=emule passthrough=no protocol=tcp src-port=4711
  119. add action=mark-connection chain=tcp-services disabled=no dst-port=5900-5901 \
  120. new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535
  121. add action=mark-connection chain=tcp-services disabled=no dst-port=6667-6669 \
  122. new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535
  123. add action=mark-connection chain=tcp-services disabled=no dst-port=8080 \
  124. new-connection-mark=http-proxy passthrough=no protocol=tcp src-port=\
  125. 1024-65535
  126. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  127. local-addr dst-port=8291 new-connection-mark=winbox passthrough=no \
  128. protocol=tcp src-port=1024-65535
  129. add action=mark-connection chain=tcp-services disabled=no dst-port=\
  130. 42041-42052 new-connection-mark=voddler passthrough=no protocol=tcp \
  131. src-port=1024-65535
  132. add action=mark-connection chain=tcp-services disabled=no dst-port=\
  133. 55536-55663 new-connection-mark=ftp-passive passthrough=no protocol=tcp \
  134. src-port=1024-65535
  135. add action=mark-connection chain=tcp-services disabled=no \
  136. new-connection-mark=other-tcp passthrough=no protocol=tcp
  137. add action=mark-connection chain=udp-services disabled=no dst-port=53 \
  138. new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
  139. add action=mark-connection chain=udp-services disabled=no dst-port=67 \
  140. new-connection-mark=dhcp passthrough=no protocol=udp src-port=67-68
  141. add action=mark-connection chain=udp-services disabled=no dst-port=123 \
  142. new-connection-mark=ntp passthrough=no protocol=udp src-port=123
  143. add action=mark-connection chain=udp-services disabled=no dst-port=123 \
  144. new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
  145. add action=mark-connection chain=udp-services disabled=no dst-port=137-139 \
  146. new-connection-mark=netbios passthrough=no protocol=udp src-port=\
  147. 1024-65535
  148. add action=mark-connection chain=udp-services disabled=no dst-port=161-162 \
  149. new-connection-mark=snmp passthrough=no protocol=udp src-port=1024-65535
  150. add action=mark-connection chain=udp-services disabled=no dst-port=514 \
  151. new-connection-mark=syslog passthrough=no protocol=udp src-port=\
  152. 1024-65535
  153. add action=mark-connection chain=udp-services disabled=no dst-port=1701 \
  154. new-connection-mark=l2tp passthrough=no protocol=udp src-port=1024-65535
  155. add action=mark-connection chain=udp-services disabled=no dst-port=3544 \
  156. new-connection-mark=ms-ipv6 passthrough=no protocol=udp src-port=\
  157. 1024-65535
  158. add action=mark-connection chain=udp-services disabled=no dst-port=4665 \
  159. new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
  160. add action=mark-connection chain=udp-services disabled=no dst-port=4672 \
  161. new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
  162. add action=mark-connection chain=udp-services disabled=no dst-port=2000-3000 \
  163. new-connection-mark=bwtest passthrough=no protocol=udp src-port=\
  164. 1024-65535
  165. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  166. new-connection-mark=emule passthrough=no protocol=udp src-port=4672
  167. add action=mark-connection chain=udp-services disabled=no dst-port=12053 \
  168. new-connection-mark=overnet passthrough=no protocol=udp src-port=\
  169. 1024-65535
  170. add action=mark-connection chain=udp-services disabled=no dst-port=20561 \
  171. new-connection-mark=mac-winbox passthrough=no protocol=udp src-port=\
  172. 1024-65535
  173. add action=mark-connection chain=udp-services disabled=no dst-port=\
  174. 42041-42052 new-connection-mark=voddler passthrough=no protocol=udp \
  175. src-port=1024-65535
  176. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  177. new-connection-mark=overnet passthrough=no protocol=udp src-port=12053
  178. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  179. new-connection-mark=skype passthrough=no protocol=udp src-port=36725
  180. add action=mark-connection chain=forward disabled=no layer7-protocol=\
  181. skypetoskype new-connection-mark=skype passthrough=no
  182. add action=mark-connection chain=udp-services disabled=no \
  183. new-connection-mark=other-udp passthrough=no protocol=udp
  184. add action=mark-connection chain=other-services disabled=no icmp-options=\
  185. 8:0-255 new-connection-mark=ping passthrough=no protocol=icmp
  186. add action=mark-connection chain=other-services disabled=no \
  187. new-connection-mark=gre passthrough=no protocol=gre
  188. add action=mark-connection chain=other-services disabled=no \
  189. new-connection-mark=igmp passthrough=no protocol=igmp
  190. add action=mark-connection chain=other-services disabled=no \
  191. new-connection-mark=other passthrough=no
RAW Paste Data
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!