dreamrider

ROS Mangles

Jul 29th, 2012
78
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /ip firewall mangle
  2. add action=jump chain=prerouting comment="Common P2P-Blocking" disabled=no \
  3. dst-address-list=!dns-externt jump-target=p2p-service p2p=all-p2p
  4. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  5. jump-target=p2p-service layer7-protocol=BITTORRENT
  6. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  7. jump-target=p2p-service layer7-protocol=DIRECTCONNECT
  8. add action=jump chain=prerouting disabled=no dst-address-list=!dns-externt \
  9. jump-target=p2p-service layer7-protocol=GNUTELLA
  10. add action=add-dst-to-address-list address-list=p2p-users-ext \
  11. address-list-timeout=10m chain=prerouting comment=\
  12. "UDP-Bittorrent blocking" disabled=no dst-address-list=!dns-externt \
  13. dst-port=1024-65535 packet-size=62-500 protocol=udp src-address-list=\
  14. p2p-users src-port=!53
  15. add action=add-src-to-address-list address-list=p2p-users-ext \
  16. address-list-timeout=10m chain=prerouting disabled=no dst-address-list=\
  17. p2p-users dst-port=1024-65535 packet-size=62-500 protocol=udp \
  18. src-address-list=!dns-externt src-port=!53
  19. add action=add-dst-to-address-list address-list=p2p-users-ext \
  20. address-list-timeout=10m chain=prerouting comment="TCP-Tracker blocking" \
  21. connection-type=!ftp disabled=no dst-address-list=!dns-externt dst-port=\
  22. 1024-65535 packet-size=100-500 protocol=tcp src-address-list=p2p-users \
  23. src-port=1024-65535 tcp-flags=psh,ack
  24. add action=add-src-to-address-list address-list=p2p-users-ext \
  25. address-list-timeout=10m chain=prerouting connection-type=!ftp disabled=\
  26. no dst-address-list=p2p-users dst-port=1024-65535 packet-size=100-500 \
  27. protocol=tcp src-address-list=!dns-externt src-port=1024-65535 tcp-flags=\
  28. psh,ack
  29. add action=jump chain=prerouting connection-state=new disabled=no dst-port=\
  30. 443 jump-target=tcp-services protocol=tcp
  31. add action=jump chain=prerouting connection-state=new disabled=no \
  32. dst-address-list=!dns-externt dst-port=!443 jump-target=p2p-service \
  33. layer7-protocol=HTTPS protocol=tcp
  34. add action=jump chain=prerouting connection-state=new disabled=no \
  35. jump-target=tcp-services protocol=tcp
  36. add action=jump chain=prerouting connection-state=new disabled=no \
  37. jump-target=udp-services protocol=udp
  38. add action=jump chain=prerouting connection-state=new disabled=no \
  39. jump-target=other-services
  40. add action=add-src-to-address-list address-list=p2p-users \
  41. address-list-timeout=2m chain=p2p-service disabled=no src-address-list=\
  42. local-addr
  43. add action=mark-connection chain=p2p-service disabled=no new-connection-mark=\
  44. p2p passthrough=no
  45. add action=mark-connection chain=tcp-services disabled=no dst-port=20-21 \
  46. new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535
  47. add action=mark-connection chain=tcp-services disabled=no dst-port=22 \
  48. new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535
  49. add action=mark-connection chain=tcp-services disabled=no dst-port=23 \
  50. new-connection-mark=telnet passthrough=no protocol=tcp src-port=\
  51. 1024-65535
  52. add action=mark-connection chain=tcp-services disabled=no dst-port=25 \
  53. new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535
  54. add action=mark-connection chain=tcp-services disabled=no dst-port=53 \
  55. new-connection-mark=dns passthrough=no protocol=tcp src-port=53
  56. add action=mark-connection chain=tcp-services disabled=no dst-port=53 \
  57. new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535
  58. add action=mark-connection chain=tcp-services disabled=no dst-port=80 \
  59. new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
  60. add action=mark-connection chain=tcp-services disabled=no dst-port=110 \
  61. new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535
  62. add action=mark-connection chain=tcp-services disabled=no dst-port=113 \
  63. new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535
  64. add action=mark-connection chain=tcp-services disabled=no dst-port=119 \
  65. new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535
  66. add action=mark-connection chain=tcp-services disabled=no dst-port=137-139 \
  67. new-connection-mark=netbios passthrough=no protocol=tcp src-port=\
  68. 1024-65535
  69. add action=mark-connection chain=tcp-services disabled=no dst-port=143 \
  70. new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535
  71. add action=mark-connection chain=tcp-services disabled=no dst-port=161-162 \
  72. new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535
  73. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  74. spotify dst-port=443 new-connection-mark=spotify passthrough=no protocol=\
  75. tcp src-port=1024-65535
  76. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  77. !spotify dst-port=443 new-connection-mark=https passthrough=no protocol=\
  78. tcp src-port=1024-65535
  79. add action=mark-connection chain=tcp-services disabled=no dst-port=445 \
  80. new-connection-mark=ms-ds passthrough=no protocol=tcp src-port=1024-65535
  81. add action=mark-connection chain=tcp-services disabled=no dst-port=465 \
  82. new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535
  83. add action=mark-connection chain=tcp-services disabled=no dst-port=990 \
  84. new-connection-mark=ftps passthrough=no protocol=tcp src-port=1024-65535
  85. add action=mark-connection chain=tcp-services disabled=no dst-port=993 \
  86. new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535
  87. add action=mark-connection chain=tcp-services disabled=no dst-port=995 \
  88. new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535
  89. add action=mark-connection chain=tcp-services disabled=no dst-port=1080 \
  90. new-connection-mark=socks passthrough=no protocol=tcp src-port=1024-65535
  91. add action=mark-connection chain=tcp-services disabled=no dst-port=1723 \
  92. new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535
  93. add action=mark-connection chain=tcp-services disabled=no dst-port=1863 \
  94. new-connection-mark=msn passthrough=no protocol=tcp src-port=1024-65535
  95. add action=mark-connection chain=tcp-services disabled=no dst-port=2379 \
  96. new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535
  97. add action=mark-connection chain=tcp-services disabled=no dst-port=3128 \
  98. new-connection-mark=squid-proxy passthrough=no protocol=tcp src-port=\
  99. 1024-65535
  100. add action=mark-connection chain=tcp-services disabled=no dst-port=3389 \
  101. new-connection-mark=win-ts passthrough=no protocol=tcp src-port=\
  102. 1024-65535
  103. add action=mark-connection chain=tcp-services disabled=no dst-port=3845 \
  104. new-connection-mark=smartpass passthrough=no protocol=tcp src-port=\
  105. 1024-65535
  106. add action=mark-connection chain=tcp-services disabled=no dst-port=4070 \
  107. new-connection-mark=spotify passthrough=no protocol=tcp src-port=\
  108. 1024-65535
  109. add action=mark-connection chain=tcp-services disabled=no dst-port=2000-3000 \
  110. new-connection-mark=bwtest passthrough=no protocol=tcp src-port=\
  111. 1024-65535
  112. add action=mark-connection chain=tcp-services disabled=no dst-port=4242-4243 \
  113. new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535
  114. add action=mark-connection chain=tcp-services disabled=no dst-port=1024-65535 \
  115. new-connection-mark=overnet passthrough=no protocol=tcp src-port=\
  116. 4661-4662
  117. add action=mark-connection chain=tcp-services disabled=no dst-port=1024-65535 \
  118. new-connection-mark=emule passthrough=no protocol=tcp src-port=4711
  119. add action=mark-connection chain=tcp-services disabled=no dst-port=5900-5901 \
  120. new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535
  121. add action=mark-connection chain=tcp-services disabled=no dst-port=6667-6669 \
  122. new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535
  123. add action=mark-connection chain=tcp-services disabled=no dst-port=8080 \
  124. new-connection-mark=http-proxy passthrough=no protocol=tcp src-port=\
  125. 1024-65535
  126. add action=mark-connection chain=tcp-services disabled=no dst-address-list=\
  127. local-addr dst-port=8291 new-connection-mark=winbox passthrough=no \
  128. protocol=tcp src-port=1024-65535
  129. add action=mark-connection chain=tcp-services disabled=no dst-port=\
  130. 42041-42052 new-connection-mark=voddler passthrough=no protocol=tcp \
  131. src-port=1024-65535
  132. add action=mark-connection chain=tcp-services disabled=no dst-port=\
  133. 55536-55663 new-connection-mark=ftp-passive passthrough=no protocol=tcp \
  134. src-port=1024-65535
  135. add action=mark-connection chain=tcp-services disabled=no \
  136. new-connection-mark=other-tcp passthrough=no protocol=tcp
  137. add action=mark-connection chain=udp-services disabled=no dst-port=53 \
  138. new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
  139. add action=mark-connection chain=udp-services disabled=no dst-port=67 \
  140. new-connection-mark=dhcp passthrough=no protocol=udp src-port=67-68
  141. add action=mark-connection chain=udp-services disabled=no dst-port=123 \
  142. new-connection-mark=ntp passthrough=no protocol=udp src-port=123
  143. add action=mark-connection chain=udp-services disabled=no dst-port=123 \
  144. new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
  145. add action=mark-connection chain=udp-services disabled=no dst-port=137-139 \
  146. new-connection-mark=netbios passthrough=no protocol=udp src-port=\
  147. 1024-65535
  148. add action=mark-connection chain=udp-services disabled=no dst-port=161-162 \
  149. new-connection-mark=snmp passthrough=no protocol=udp src-port=1024-65535
  150. add action=mark-connection chain=udp-services disabled=no dst-port=514 \
  151. new-connection-mark=syslog passthrough=no protocol=udp src-port=\
  152. 1024-65535
  153. add action=mark-connection chain=udp-services disabled=no dst-port=1701 \
  154. new-connection-mark=l2tp passthrough=no protocol=udp src-port=1024-65535
  155. add action=mark-connection chain=udp-services disabled=no dst-port=3544 \
  156. new-connection-mark=ms-ipv6 passthrough=no protocol=udp src-port=\
  157. 1024-65535
  158. add action=mark-connection chain=udp-services disabled=no dst-port=4665 \
  159. new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
  160. add action=mark-connection chain=udp-services disabled=no dst-port=4672 \
  161. new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
  162. add action=mark-connection chain=udp-services disabled=no dst-port=2000-3000 \
  163. new-connection-mark=bwtest passthrough=no protocol=udp src-port=\
  164. 1024-65535
  165. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  166. new-connection-mark=emule passthrough=no protocol=udp src-port=4672
  167. add action=mark-connection chain=udp-services disabled=no dst-port=12053 \
  168. new-connection-mark=overnet passthrough=no protocol=udp src-port=\
  169. 1024-65535
  170. add action=mark-connection chain=udp-services disabled=no dst-port=20561 \
  171. new-connection-mark=mac-winbox passthrough=no protocol=udp src-port=\
  172. 1024-65535
  173. add action=mark-connection chain=udp-services disabled=no dst-port=\
  174. 42041-42052 new-connection-mark=voddler passthrough=no protocol=udp \
  175. src-port=1024-65535
  176. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  177. new-connection-mark=overnet passthrough=no protocol=udp src-port=12053
  178. add action=mark-connection chain=udp-services disabled=no dst-port=1024-65535 \
  179. new-connection-mark=skype passthrough=no protocol=udp src-port=36725
  180. add action=mark-connection chain=forward disabled=no layer7-protocol=\
  181. skypetoskype new-connection-mark=skype passthrough=no
  182. add action=mark-connection chain=udp-services disabled=no \
  183. new-connection-mark=other-udp passthrough=no protocol=udp
  184. add action=mark-connection chain=other-services disabled=no icmp-options=\
  185. 8:0-255 new-connection-mark=ping passthrough=no protocol=icmp
  186. add action=mark-connection chain=other-services disabled=no \
  187. new-connection-mark=gre passthrough=no protocol=gre
  188. add action=mark-connection chain=other-services disabled=no \
  189. new-connection-mark=igmp passthrough=no protocol=igmp
  190. add action=mark-connection chain=other-services disabled=no \
  191. new-connection-mark=other passthrough=no
RAW Paste Data