SHARE
TWEET

Untitled

BerandaTeknik Nov 6th, 2018 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /interface ethernet
  2. set [ find default-name=ether1 ] disabled=yes
  3. set [ find default-name=ether2 ] name=ether2-indhi2
  4. set [ find default-name=ether3 ] name=ether3-indhi3
  5. set [ find default-name=ether4 ] disabled=yes
  6. set [ find default-name=ether5 ] name=ether5-lan
  7. /interface pppoe-client
  8. add disabled=no interface=ether2-indhi2 max-mru=1480 max-mtu=1480 mrru=1600 \
  9.     name=J-Browsing password=password user=indihome1@telkom.net
  10. add disabled=no interface=ether3-indhi3 max-mru=1480 max-mtu=1480 mrru=1600 \
  11.     name=J-Games password=password user=indihome2@telkom.net
  12. /ip neighbor discovery
  13. set ether5-lan discover=no
  14. /ip firewall layer7-protocol
  15. add name=Youtube regexp="^.+(c.youtube.com|googlevideo.com|cdn.dailymotion.com\
  16.     |metacafe.com|mccont.com).*\$"
  17. add name=Video_download regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-\
  18.     9][0-9][\\x09-\\x0d -~]*(content-type: video)"
  19. add name=Download regexp="^.*get.+\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|\
  20.     mkv|avi|flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mp\
  21.     e|qt|raw|wma|ogg|doc|deb|tar|bzip|gzip|gzip2|0[0-9][0-9]).*\$"
  22. add name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi\
  23.     |mp4|3gp|rmvb|mp3|img|mov).*\$"
  24. add name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
  25. add name=youtube regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9]\
  26.     [\\x09-\\x0d -~]*(content-type: video)"
  27. add name=torrent regexp="^(\\x13bittorrent protocol|bnt-manager|[Ii][Nn][Ff][O\
  28.     o]_[Hh][Aa][Ss][Hh]|[Bb]it[Tt]orrent)|d1:ad2:id20:|\\x08'7P\\)[RP]"
  29. add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
  30.     rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\
  31.     unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\
  32.     |fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
  33. /queue tree
  34. add max-limit=10M name="A.B/W MNGMN" packet-mark=KONEKSISPEEDY-01 parent=\
  35.     global queue=default
  36. add max-limit=10M name="B.LIMITER PER KLIENT" parent=global queue=default
  37. add limit-at=256k max-limit=10M name=PRIO1 packet-mark=PRIO1 parent=\
  38.     "A.B/W MNGMN" queue=default
  39. add limit-at=256k max-limit=10M name=PRIO2 packet-mark=PRIO2 parent=\
  40.     "A.B/W MNGMN" queue=default
  41. add limit-at=256k max-limit=10M name=PRIO3 packet-mark=PRIO3 parent=\
  42.     "A.B/W MNGMN" queue=default
  43. add limit-at=256k max-limit=10M name=PRIO4 packet-mark=PRIO4 parent=\
  44.     "A.B/W MNGMN" queue=default
  45. add limit-at=512k max-limit=10M name=PRIO5 packet-mark=PRIO5 parent=\
  46.     "A.B/W MNGMN" queue=default
  47. add limit-at=512k max-limit=10M name=PRIO6 packet-mark=PRIO6 parent=\
  48.     "A.B/W MNGMN" queue=default
  49. add limit-at=512k max-limit=10M name=PRIO7 packet-mark=PRIO7 parent=\
  50.     "A.B/W MNGMN" queue=default
  51. add limit-at=512k max-limit=10M name=PRIO8 packet-mark=PRIO8 parent=\
  52.     "A.B/W MNGMN" queue=default
  53. add limit-at=96k max-limit=1200k name=Klient.001 packet-mark=Klient.001 \
  54.     parent="B.LIMITER PER KLIENT" queue=default
  55. add limit-at=96k max-limit=1200k name=Klient.002 packet-mark=Klient.002 \
  56.     parent="B.LIMITER PER KLIENT" queue=default
  57. add limit-at=96k max-limit=1200k name=Klient.003 packet-mark=Klient.003 \
  58.     parent="B.LIMITER PER KLIENT" queue=default
  59. add limit-at=96k max-limit=1200k name=Klient.004 packet-mark=Klient.004 \
  60.     parent="B.LIMITER PER KLIENT" queue=default
  61. add limit-at=96k max-limit=1200k name=Klient.005 packet-mark=Klient.005 \
  62.     parent="B.LIMITER PER KLIENT" queue=default
  63. add limit-at=96k max-limit=1200k name=Klient.006 packet-mark=Klient.006 \
  64.     parent="B.LIMITER PER KLIENT" queue=default
  65. add limit-at=96k max-limit=1200k name=Klient.007 packet-mark=Klient.007 \
  66.     parent="B.LIMITER PER KLIENT" queue=default
  67. add limit-at=96k max-limit=1200k name=Klient.008 packet-mark=Klient.008 \
  68.     parent="B.LIMITER PER KLIENT" queue=default
  69. add limit-at=96k max-limit=1200k name=Klient.009 packet-mark=Klient.009 \
  70.     parent="B.LIMITER PER KLIENT" queue=default
  71. add limit-at=96k max-limit=1200k name=Klient.010 packet-mark=Klient.010 \
  72.     parent="B.LIMITER PER KLIENT" queue=default
  73. add limit-at=96k max-limit=1200k name=Klient.011 packet-mark=Klient.011 \
  74.     parent="B.LIMITER PER KLIENT" queue=default
  75. add limit-at=96k max-limit=1200k name=Klient.012 packet-mark=Klient.012 \
  76.     parent="B.LIMITER PER KLIENT" queue=default
  77. add limit-at=96k max-limit=1200k name=Klient.013 packet-mark=Klient.013 \
  78.     parent="B.LIMITER PER KLIENT" queue=default
  79. add limit-at=96k max-limit=1200k name=Klient.014 packet-mark=Klient.014 \
  80.     parent="B.LIMITER PER KLIENT" queue=default
  81. add limit-at=96k max-limit=1200k name=Klient.0111 packet-mark=Klient.0111 \
  82.     parent="B.LIMITER PER KLIENT" queue=default
  83. add limit-at=96k max-limit=1200k name=Klient.0122 packet-mark=Klient.0122 \
  84.     parent="B.LIMITER PER KLIENT" queue=default
  85. /ip address
  86. add address=192.168.100.1/24 interface=ether5-lan network=192.168.100.0
  87. add address=192.168.11.2/24 interface=ether2-indhi2 network=192.168.11.0
  88. add address=192.168.22.2/24 interface=ether3-indhi3 network=192.168.22.0
  89. /ip cloud
  90. set ddns-enabled=yes
  91. /ip dns
  92. set allow-remote-requests=yes servers=208.67.222.222
  93. /ip firewall address-list
  94. add address=192.168.0.0/16 list=rfc-1819
  95. /ip firewall filter
  96. add action=add-src-to-address-list address-list=ip_torrent \
  97.     address-list-timeout=10m chain=forward comment="Drop Torrent" p2p=all-p2p \
  98.     src-address-list=!rfc-1918
  99. add action=add-src-to-address-list address-list=ip_torrent \
  100.     address-list-timeout=10m chain=forward layer7-protocol=torrent \
  101.     src-address-list=!rfc-1918
  102. add action=add-src-to-address-list address-list=ip_torrent \
  103.     address-list-timeout=10m chain=forward layer7-protocol=torrentsites \
  104.     src-address-list=!rfc-1918
  105. add action=drop chain=input comment=\
  106.     "drop all traffic brute force attack sources" disabled=yes \
  107.     src-address-list=sshblacklist
  108. add action=add-src-to-address-list address-list=sshblacklist \
  109.     address-list-timeout=1h chain=input comment=\
  110.     "add new failed sshdarkgreylist to sshblacklist" connection-state=new \
  111.     disabled=yes dst-port=22 protocol=tcp src-address-list=sshdarkgreylist
  112. add action=add-src-to-address-list address-list=sshdarkgreylist \
  113.     address-list-timeout=1m chain=input comment=\
  114.     "add new failed sshgreylist to sshdarkgreylist" connection-state=new \
  115.     disabled=yes dst-port=22 protocol=tcp src-address-list=sshgreylist
  116. add action=add-src-to-address-list address-list=sshgreylist \
  117.     address-list-timeout=1m chain=input comment=\
  118.     "add new failed sshlightgreylist to sshgreylist" connection-state=new \
  119.     disabled=yes dst-port=22 protocol=tcp src-address-list=sshlightgreylist
  120. add action=add-src-to-address-list address-list=sshlightgreylist \
  121.     address-list-timeout=1m chain=input comment=\
  122.     "new connections to sshlightgreylist" connection-state=new disabled=yes \
  123.     dst-port=22 protocol=tcp
  124. /ip firewall mangle
  125. add action=mark-connection chain=input comment=input in-interface=J-Browsing \
  126.     new-connection-mark=wan2_conn
  127. # J-Games not ready
  128. add action=mark-connection chain=input in-interface=J-Games \
  129.     new-connection-mark=wan3_conn
  130. add action=mark-routing chain=output comment="-----> Output" connection-mark=\
  131.     wan2_conn new-routing-mark=to_wan2
  132. add action=mark-routing chain=output connection-mark=wan3_conn \
  133.     new-routing-mark=to_wan3
  134. add action=mark-routing chain=prerouting comment="-----> Jalur Games" \
  135.     dst-address-list=!ip_torrent dst-port=\
  136.     !80,443,1935,8010,5000,53,81,9100,9200,8080,21001,22001,3128,22,8001 \
  137.     in-interface=ether5-lan new-routing-mark=to_game passthrough=no protocol=\
  138.     tcp
  139. add action=mark-routing chain=prerouting dst-address-list=!ip_torrent \
  140.     dst-port=\
  141.     !80,443,1935,8010,5000,53,81,9100,9200,8080,21001,22001,3128,22,8001 \
  142.     in-interface=ether5-lan new-routing-mark=to_game passthrough=no protocol=\
  143.     udp
  144. add action=mark-connection chain=forward comment="Koneksi Klient" \
  145.     new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=\
  146.     !icmp
  147. add action=mark-connection chain=forward dst-port=\
  148.     80,443,1935,182,5000,9100,9200,81,3128,22,8001,8080,8010,21001,22001 \
  149.     new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=tcp
  150. add action=mark-connection chain=forward dst-port=\
  151.     80,443,1935,182,5000,9100,9200,81,3128,22,8001,8080,8010,21001,22001 \
  152.     new-connection-mark=KONEKSIFIBER-01 out-interface=J-Browsing protocol=udp
  153. add action=mark-packet chain=forward connection-mark=KONEKSIFIBER-01 \
  154.     new-packet-mark=KONEKSISPEEDY-01
  155. add action=mark-packet chain=forward connection-bytes=1-128000 \
  156.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO1 protocol=tcp
  157. add action=mark-packet chain=forward connection-bytes=128000-256000 \
  158.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO2 protocol=tcp
  159. add action=mark-packet chain=forward connection-bytes=256000-512000 \
  160.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO3 protocol=tcp
  161. add action=mark-packet chain=forward connection-bytes=512000-1000000 \
  162.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO4 protocol=tcp
  163. add action=mark-packet chain=forward connection-bytes=1000000-3000000 \
  164.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO5 protocol=tcp
  165. add action=mark-packet chain=forward connection-bytes=3000000-5000000 \
  166.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO6 protocol=tcp
  167. add action=mark-packet chain=forward connection-bytes=5000000-10000000 \
  168.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO7 protocol=tcp
  169. add action=mark-packet chain=forward connection-bytes=10000000-0 \
  170.     connection-mark=KONEKSIFIBER-01 new-packet-mark=PRIO8 protocol=tcp
  171. add action=mark-packet chain=forward comment="LIMITER CLIENT" \
  172.     connection-mark=KONEKSIFIBER-01 dst-address=192.168.100.101 \
  173.     new-packet-mark=Klient.001
  174. add action=mark-packet chain=forward comment=Klient.002 connection-mark=\
  175.     KONEKSIFIBER-01 dst-address=192.168.100.102 new-packet-mark=Klient.002
  176. add action=mark-packet chain=forward comment=Klient.003 connection-mark=\
  177.     KONEKSIFIBER-01 dst-address=192.168.100.103 new-packet-mark=Klient.003
  178. add action=mark-packet chain=forward comment=Klient.004 connection-mark=\
  179.     KONEKSIFIBER-01 dst-address=192.168.100.104 new-packet-mark=Klient.004
  180. add action=mark-packet chain=forward comment=Klient.005 connection-mark=\
  181.     KONEKSIFIBER-01 dst-address=192.168.100.105 new-packet-mark=Klient.005
  182. add action=mark-packet chain=forward comment=Klient.006 connection-mark=\
  183.     KONEKSIFIBER-01 dst-address=192.168.100.106 new-packet-mark=Klient.006
  184. add action=mark-packet chain=forward comment=Klient.007 connection-mark=\
  185.     KONEKSIFIBER-01 dst-address=192.168.100.107 new-packet-mark=Klient.007
  186. add action=mark-packet chain=forward comment=Klient.008 connection-mark=\
  187.     KONEKSIFIBER-01 dst-address=192.168.100.108 new-packet-mark=Klient.008
  188. add action=mark-packet chain=forward comment=Klient.009 connection-mark=\
  189.     KONEKSIFIBER-01 dst-address=192.168.100.109 new-packet-mark=Klient.009
  190. add action=mark-packet chain=forward comment=Klient.010 connection-mark=\
  191.     KONEKSIFIBER-01 dst-address=192.168.100.110 new-packet-mark=Klient.010
  192. add action=mark-packet chain=forward comment=Klient.011 connection-mark=\
  193.     KONEKSIFIBER-01 dst-address=192.168.100.111 new-packet-mark=Klient.011
  194. add action=mark-packet chain=forward comment=Klient.012 connection-mark=\
  195.     KONEKSIFIBER-01 dst-address=192.168.100.112 new-packet-mark=Klient.012
  196. add action=mark-packet chain=forward comment=Klient.013 connection-mark=\
  197.     KONEKSIFIBER-01 dst-address=192.168.100.113 new-packet-mark=Klient.013
  198. add action=mark-packet chain=forward comment=Klient.014 connection-mark=\
  199.     KONEKSIFIBER-01 dst-address=192.168.100.114 new-packet-mark=Klient.014
  200. add action=mark-packet chain=forward comment=Klient.011 connection-mark=\
  201.     KONEKSIFIBER-01 dst-address=192.168.100.99 new-packet-mark=Klient.0111
  202. add action=mark-packet chain=forward comment=Klient.012 connection-mark=\
  203.     KONEKSIFIBER-01 dst-address=192.168.100.88 new-packet-mark=Klient.0122
  204. /ip firewall nat
  205. add action=masquerade chain=srcnat out-interface=J-Browsing
  206. # J-Games not ready
  207. add action=masquerade chain=srcnat dst-port=\
  208.     !80,443,1935,5000,182,90,81,9100,9200,8080,21001,22001,3128,22,8001 \
  209.     out-interface=J-Games protocol=tcp
  210. add action=masquerade chain=srcnat src-address=192.168.100.0/24
  211. add action=dst-nat chain=dstnat dst-port=50,5000 in-interface=J-Browsing \
  212.     protocol=tcp to-addresses=192.168.100.200 to-ports=5000
  213. /ip firewall service-port
  214. set ftp disabled=yes
  215. set tftp disabled=yes
  216. set irc disabled=yes
  217. set h323 disabled=yes
  218. set sip disabled=yes
  219. set pptp disabled=yes
  220. /ip route
  221. add distance=1 gateway=J-Browsing routing-mark=to_wan2
  222. add distance=1 gateway=J-Games routing-mark=to_game
  223. add check-gateway=ping distance=1 gateway=J-Browsing
  224. /ip route rule
  225. add dst-address=128.199.255.21/32 table=to_game
  226. /ip service
  227. set telnet disabled=yes
  228. set ftp disabled=yes
  229. set www disabled=yes
  230. set ssh disabled=yes
  231. set api disabled=yes
  232. set api-ssl disabled=yes
  233. /system clock
  234. set time-zone-name=Asia/Jakarta
  235. /system ntp client
  236. set enabled=yes primary-ntp=202.162.32.12 secondary-ntp=36.86.63.180
  237. /system script
  238. add name=script1 owner=admin policy=\
  239.     ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":log wa\
  240.     rning \"Start Backup MikroTik Router . . . \"\r\
  241.     \n:global backupfile configbackup\r\
  242.     \n:global mikrotikexport mtexport_backup\r\
  243.     \n:global sub1 ([/system identity get name])\r\
  244.     \n:global sub2 ([/system clock get time])\r\
  245.     \n:global sub3 ([/system clock get date])\r\
  246.     \n:log warning \"Creating a new backup file. . . \"\r\
  247.     \n/system backup save name=\$backupfile\r\
  248.     \n/export file=\$mikrotikexport\r\
  249.     \n:log warning \"Pause backup process for 10 seconds so that it can comple\
  250.     te the backup, if the system is busy \85 \"\r\
  251.     \n:delay 10s"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top