Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface ethernet
- set [ find default-name=ether1 ] disabled=yes
- set [ find default-name=ether2 ] name=ether2-indhi2
- set [ find default-name=ether3 ] name=ether3-indhi3
- set [ find default-name=ether4 ] disabled=yes
- set [ find default-name=ether5 ] name=ether5-lan
- /interface pppoe-client
- add disabled=no interface=ether2-indhi2 max-mru=1480 max-mtu=1480 mrru=1600 \
- name=J-Browsing password=password user=indihome1@telkom.net
- add disabled=no interface=ether3-indhi3 max-mru=1480 max-mtu=1480 mrru=1600 \
- name=J-Games password=password user=indihome2@telkom.net
- /ip neighbor discovery
- set ether5-lan discover=no
- /ip firewall layer7-protocol
- add name=Youtube regexp="^.+(c.youtube.com|googlevideo.com|cdn.dailymotion.com\
- |metacafe.com|mccont.com).*\$"
- add name=Video_download regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-\
- 9][0-9][\\x09-\\x0d -~]*(content-type: video)"
- add name=Download regexp="^.*get.+\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|\
- mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mp\
- e|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*\$"
- add name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi\
- |mp4|3gp|rmvb|mp3|img|mov).*\$"
- add name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
- add name=youtube regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9]\
- [\\x09-\\x0d -~]*(content-type: video)"
- add name=torrent regexp="^(\\x13bittorrent protocol|bnt-manager|[Ii][Nn][Ff][O\
- o]_[Hh][Aa][Ss][Hh]|[Bb]it[Tt]orrent)|d1:ad2:id20:|\\x08'7P\\)[RP]"
- add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
- rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\
- unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\
- |fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
- /queue tree
- add max-limit=10M name="A.B/W MNGMN" packet-mark=KONEKSISPEEDY-01 parent=\
- global queue=default
- add max-limit=10M name="B.LIMITER PER KLIENT" parent=global queue=default
- add limit-at=256k max-limit=10M name=PRIO1 packet-mark=PRIO1 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=256k max-limit=10M name=PRIO2 packet-mark=PRIO2 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=256k max-limit=10M name=PRIO3 packet-mark=PRIO3 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=256k max-limit=10M name=PRIO4 packet-mark=PRIO4 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=512k max-limit=10M name=PRIO5 packet-mark=PRIO5 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=512k max-limit=10M name=PRIO6 packet-mark=PRIO6 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=512k max-limit=10M name=PRIO7 packet-mark=PRIO7 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=512k max-limit=10M name=PRIO8 packet-mark=PRIO8 parent=\
- "A.B/W MNGMN" queue=default
- add limit-at=96k max-limit=1200k name=Klient.001 packet-mark=Klient.001 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.002 packet-mark=Klient.002 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.003 packet-mark=Klient.003 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.004 packet-mark=Klient.004 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.005 packet-mark=Klient.005 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.006 packet-mark=Klient.006 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.007 packet-mark=Klient.007 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.008 packet-mark=Klient.008 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.009 packet-mark=Klient.009 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.010 packet-mark=Klient.010 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.011 packet-mark=Klient.011 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.012 packet-mark=Klient.012 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.013 packet-mark=Klient.013 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.014 packet-mark=Klient.014 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.0111 packet-mark=Klient.0111 \
- parent="B.LIMITER PER KLIENT" queue=default
- add limit-at=96k max-limit=1200k name=Klient.0122 packet-mark=Klient.0122 \
- parent="B.LIMITER PER KLIENT" queue=default
- /ip address
- add address=192.168.100.1/24 interface=ether5-lan network=192.168.100.0
- add address=192.168.11.2/24 interface=ether2-indhi2 network=192.168.11.0
- add address=192.168.22.2/24 interface=ether3-indhi3 network=192.168.22.0
- /ip cloud
- set ddns-enabled=yes
- /ip dns
- set allow-remote-requests=yes servers=208.67.222.222
- /ip firewall address-list
- add address=192.168.0.0/16 list=rfc-1819
- /ip firewall filter
- add action=add-src-to-address-list address-list=ip_torrent \
- address-list-timeout=10m chain=forward comment="Drop Torrent" p2p=all-p2p \
- src-address-list=!rfc-1918
- add action=add-src-to-address-list address-list=ip_torrent \
- address-list-timeout=10m chain=forward layer7-protocol=torrent \
- src-address-list=!rfc-1918
- add action=add-src-to-address-list address-list=ip_torrent \
- address-list-timeout=10m chain=forward layer7-protocol=torrentsites \
- src-address-list=!rfc-1918
- add action=drop chain=input comment=\
- "drop all traffic brute force attack sources" disabled=yes \
- src-address-list=sshblacklist
- add action=add-src-to-address-list address-list=sshblacklist \
- address-list-timeout=1h chain=input comment=\
- "add new failed sshdarkgreylist to sshblacklist" connection-state=new \
- disabled=yes dst-port=22 protocol=tcp src-address-list=sshdarkgreylist
- add action=add-src-to-address-list address-list=sshdarkgreylist \
- address-list-timeout=1m chain=input comment=\
- "add new failed sshgreylist to sshdarkgreylist" connection-state=new \
- disabled=yes dst-port=22 protocol=tcp src-address-list=sshgreylist
- add action=add-src-to-address-list address-list=sshgreylist \
- address-list-timeout=1m chain=input comment=\
- "add new failed sshlightgreylist to sshgreylist" connection-state=new \
- disabled=yes dst-port=22 protocol=tcp src-address-list=sshlightgreylist
- add action=add-src-to-address-list address-list=sshlightgreylist \
- address-list-timeout=1m chain=input comment=\
- "new connections to sshlightgreylist" connection-state=new disabled=yes \
- dst-port=22 protocol=tcp
- /ip firewall mangle
- add action=mark-connection chain=input comment=input in-interface=J-Browsing \
- new-connection-mark=wan2_conn
- # J-Games not ready
- add action=mark-connection chain=input in-interface=J-Games \
- new-connection-mark=wan3_conn
- add action=mark-routing chain=output comment="-----> Output" connection-mark=\
- wan2_conn new-routing-mark=to_wan2
- add action=mark-routing chain=output connection-mark=wan3_conn \
- new-routing-mark=to_wan3
- add action=mark-routing chain=prerouting comment="-----> Jalur Games" \
- dst-address-list=!ip_torrent dst-port=\
- !80,443,1935,8010,5000,53,81,9100,9200,8080,21001,22001,3128,22,8001 \
- in-interface=ether5-lan new-routing-mark=to_game passthrough=no protocol=\
- tcp
- add action=mark-routing chain=prerouting dst-address-list=!ip_torrent \
- dst-port=\
- !80,443,1935,8010,5000,53,81,9100,9200,8080,21001,22001,3128,22,8001 \
- in-interface=ether5-lan new-routing-mark=to_game passthrough=no protocol=\
- udp
- add action=mark-connection chain=forward comment="Koneksi Klient" \
- new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=\
- !icmp
- add action=mark-connection chain=forward dst-port=\
- 80,443,1935,182,5000,9100,9200,81,3128,22,8001,8080,8010,21001,22001 \
- new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=tcp
- add action=mark-connection chain=forward dst-port=\
- 80,443,1935,182,5000,9100,9200,81,3128,22,8001,8080,8010,21001,22001 \
- new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=udp
- add action=mark-packet chain=forward connection-mark=KONEKSIFIBER-01 \
- new-packet-mark=KONEKSISPEEDY-01
- add action=mark-packet chain=forward connection-bytes=1-128000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO1 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=128000-256000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO2 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=256000-512000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO3 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=512000-1000000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO4 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=1000000-3000000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO5 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=3000000-5000000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO6 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=5000000-10000000 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO7 protocol=tcp
- add action=mark-packet chain=forward connection-bytes=10000000-0 \
- connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO8 protocol=tcp
- add action=mark-packet chain=forward comment="LIMITER CLIENT" \
- connection-mark=KONEKSIFIBER-01 dst-address=192.168.100.101 \
- new-packet-mark=Klient.001
- add action=mark-packet chain=forward comment=Klient.002 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.102 new-packet-mark=Klient.002
- add action=mark-packet chain=forward comment=Klient.003 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.103 new-packet-mark=Klient.003
- add action=mark-packet chain=forward comment=Klient.004 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.104 new-packet-mark=Klient.004
- add action=mark-packet chain=forward comment=Klient.005 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.105 new-packet-mark=Klient.005
- add action=mark-packet chain=forward comment=Klient.006 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.106 new-packet-mark=Klient.006
- add action=mark-packet chain=forward comment=Klient.007 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.107 new-packet-mark=Klient.007
- add action=mark-packet chain=forward comment=Klient.008 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.108 new-packet-mark=Klient.008
- add action=mark-packet chain=forward comment=Klient.009 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.109 new-packet-mark=Klient.009
- add action=mark-packet chain=forward comment=Klient.010 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.110 new-packet-mark=Klient.010
- add action=mark-packet chain=forward comment=Klient.011 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.111 new-packet-mark=Klient.011
- add action=mark-packet chain=forward comment=Klient.012 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.112 new-packet-mark=Klient.012
- add action=mark-packet chain=forward comment=Klient.013 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.113 new-packet-mark=Klient.013
- add action=mark-packet chain=forward comment=Klient.014 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.114 new-packet-mark=Klient.014
- add action=mark-packet chain=forward comment=Klient.011 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.99 new-packet-mark=Klient.0111
- add action=mark-packet chain=forward comment=Klient.012 connection-mark=\
- KONEKSIFIBER-01 dst-address=192.168.100.88 new-packet-mark=Klient.0122
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface=J-Browsing
- # J-Games not ready
- add action=masquerade chain=srcnat dst-port=\
- !80,443,1935,5000,182,90,81,9100,9200,8080,21001,22001,3128,22,8001 \
- out-interface=J-Games protocol=tcp
- add action=masquerade chain=srcnat src-address=192.168.100.0/24
- add action=dst-nat chain=dstnat dst-port=50,5000 in-interface=J-Browsing \
- protocol=tcp to-addresses=192.168.100.200 to-ports=5000
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes
- set pptp disabled=yes
- /ip route
- add distance=1 gateway=J-Browsing routing-mark=to_wan2
- add distance=1 gateway=J-Games routing-mark=to_game
- add check-gateway=ping distance=1 gateway=J-Browsing
- /ip route rule
- add dst-address=128.199.255.21/32 table=to_game
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-name=Asia/Jakarta
- /system ntp client
- set enabled=yes primary-ntp=202.162.32.12 secondary-ntp=36.86.63.180
- /system script
- add name=script1 owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log wa\
- rning \"Start Backup MikroTik Router . . . \"\r\
- \n:global backupfile configbackup\r\
- \n:global mikrotikexport mtexport_backup\r\
- \n:global sub1 ([/system identity get name])\r\
- \n:global sub2 ([/system clock get time])\r\
- \n:global sub3 ([/system clock get date])\r\
- \n:log warning \"Creating a new backup file. . . \"\r\
- \n/system backup save name=\$backupfile\r\
- \n/export file=\$mikrotikexport\r\
- \n:log warning \"Pause backup process for 10 seconds so that it can comple\
- te the backup, if the system is busy \85 \"\r\
- \n:delay 10s"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement