game dan browsing speedy queuee tree

1. # jul/19/2017 00:30:53 by RouterOS 6.39.2
2. # software id = hendrauyee
3. #
4. /interface pppoe-client
5. add add-default-route=yes disabled=no interface=wan keepalive-timeout=60 \
6. max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=XXXXXXX \
7. user=111816XXXXXX@telkom.net
8. /ip firewall layer7-protocol
9. add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
10. add name=extension regexp="\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi\
11. |flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|ra\
12. w|wma|ogg|doc|deb|tar|bzip|gzip|gzip2)"
13. add name=bittorrent regexp="^(bittorrent protocol|azver1\$|get /scrape\\\\\?in\
14. fo_hash=)|d1:ad2:id20:|87P\\)[RP]"
15. add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
16. rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\
17. unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\
18. |fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
19. add name=yt-video-audio regexp=\
20. "r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
21. add name=idm regexp="get /.*(user-agent: mozilla/4.0|range: bytes=)"
22. add name=layer7-bittorrent-exp regexp="^(\\x13bittorrent protocol|azver\\x01\$\
23. |get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet\
24. /|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
25. add name=2-idm regexp="get /.*range: bytes"
26. add name=streaming
27.  
28. /ip pool
29. add name=dhcp ranges=192.168.1.1-192.168.1.129
30. add name=vpn ranges=192.168.89.2-192.168.89.255
31. add name=hs-pool-8 ranges=192.168.1.2-192.168.1.254
32. add name=dhcp_pool1 ranges=\
33. 192.168.1.1-192.168.1.129,192.168.1.131-192.168.1.254
34. add name=dhcp_pool2 ranges=192.168.2.2-192.168.2.254
35. add name=dhcp_pool3 ranges=192.168.1.3-192.168.1.8
36. /ip dhcp-server
37. add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no name=\
38. dhcp2
39. add address-pool=dhcp_pool3 authoritative=after-2sec-delay interface=lan \
40. name=dhcp1
41. /port
42. set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
43. stop-bits=1
44.  
45. /queue type
46. add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=\
47. 64 pcq-src-address6-mask=64
48. add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 \
49. pcq-src-address6-mask=64
50. /queue tree
51. add name="Global Traffic" parent=global queue=default
52. add max-limit=4M name=Download parent="Global Traffic" queue=down_pcq
53. add max-limit=1M name=Upload parent="Global Traffic"
54. add limit-at=512k max-limit=4M name="1. Game" packet-mark=games_down parent=\
55. Download priority=1 queue=down_pcq
56. add limit-at=64k max-limit=4M name="2. Icmp" packet-mark=icmp_down parent=\
57. Download priority=1 queue=down_pcq
58. add limit-at=64k max-limit=4M name="3. Dns" packet-mark=dns_down parent=\
59. Download priority=1 queue=down_pcq
60. add max-limit=4M name="5. Download Traffic" parent=Download queue=default
61. add max-limit=4M name="1. Small Browsing" packet-mark=small_browsing_down \
62. parent="5. Download Traffic" priority=5 queue=down_pcq
63. add max-limit=4M name="2. Heavy Browsing" packet-mark=heavy_browsing_down \
64. parent="5. Download Traffic" priority=7 queue=down_pcq
65. add limit-at=512k max-limit=4M name="4. Remote" packet-mark=remote_down \
66. parent=Download priority=3 queue=down_pcq
67. add max-limit=4M name="3. YouTube" packet-mark=youtube_down parent=\
68. "5. Download Traffic" priority=7 queue=down_pcq
69. add max-limit=4M name="4. Extensi" packet-mark=extensi_down parent=\
70. "5. Download Traffic" queue=down_pcq
71. add limit-at=256k max-limit=1M name="1. game" packet-mark=games_up parent=\
72. Upload priority=1 queue=up_pcq
73. add limit-at=32k max-limit=1M name="2. icmp" packet-mark=icmp_up parent=\
74. Upload priority=1 queue=up_pcq
75. add limit-at=32k max-limit=1M name="3. dns" packet-mark=dns_up parent=Upload \
76. priority=1 queue=up_pcq
77. add limit-at=256k max-limit=1M name="4. remote" packet-mark=remote_up parent=\
78. Upload priority=3 queue=up_pcq
79. add max-limit=1M name="5. Upload Traffic" parent=Upload queue=default
80. add max-limit=1M name="1. small browsing" packet-mark=small_browsing_up \
81. parent="5. Upload Traffic" priority=5 queue=up_pcq
82. add max-limit=1M name="2. heavy browsing" packet-mark=heavy_browsing_up \
83. parent="5. Upload Traffic" priority=7 queue=up_pcq
84. add max-limit=1M name="3. youtube" packet-mark=youtube_up parent=\
85. "5. Upload Traffic" priority=7 queue=up_pcq
86. add max-limit=1M name="4. extensi" packet-mark=extensi_up parent=\
87. "5. Upload Traffic" queue=up_pcq
88. /system logging action
89. set 1 disk-file-name=log
90. /interface l2tp-server server
91. set ipsec-secret=s0l3h4h use-ipsec=yes
92. /interface sstp-server server
93. set default-profile=default-encryption
94. /ip address
95. add address=192.168.1.130/24 interface=lan network=192.168.1.0
96. /ip cloud
97. set ddns-enabled=yes
98. /ip dhcp-server network
99. add address=192.168.1.0/24 gateway=192.168.1.130
100. add address=192.168.2.0/24 gateway=192.168.2.1
101. /ip dns
102. set allow-remote-requests=yes cache-size=2024KiB max-udp-packet-size=512 \
103. servers=8.8.8.8,8.8.4.4
104. /ip dns static
105. add address=216.239.38.120 name=forcesafesearch.google.com
106. add address=216.239.38.120 name=www.google.co.id
107. add address=216.239.38.120 name=www.google.com
108. add address=216.239.38.120 name=google.com
109. add address=216.239.38.120 name=google.co.id
110. add address=216.239.38.120 disabled=yes name=www.youtube.com
111. add address=216.239.38.120 disabled=yes name=youtube.com
112. add address=216.239.32.20 disabled=yes name=www.google.com
113. add address=216.239.32.20 disabled=yes name=www.google.co.id
114. /ip firewall address-list
115. add address=192.168.0.0/16 list=private_IPv4
116. add address=172.16.0.0/12 list=private_IPv4
117. add address=10.0.0.0/8 list=private_IPv4
118. add address=192.168.1.0/24 list=lan
119. /ip firewall filter
120. add action=passthrough chain=unused-hs-chain comment=\
121. "place hotspot rules here" disabled=yes
122. add action=drop chain=forward dst-address=176.9.204.144/28
123. add action=accept chain=input comment="allow l2tp" disabled=yes dst-port=1701 \
124. protocol=udp
125. add action=accept chain=input comment="allow pptp" disabled=yes dst-port=1723 \
126. protocol=tcp
127. add action=accept chain=input comment="allow sstp" disabled=yes dst-port=443 \
128. protocol=tcp
129. add action=reject chain=forward comment=openvpn disabled=yes dst-address=\
130. 103.229.161.0/24 dst-port=1194 protocol=tcp reject-with=tcp-reset
131. add action=drop chain=input comment="drop ftp brute forcers" disabled=yes \
132. dst-port=21 protocol=tcp src-address-list=ftp_blacklist
133. add action=accept chain=output content="530 Login incorrect" disabled=yes \
134. dst-limit=1/1m,9,dst-address/1m protocol=tcp
135. add action=add-dst-to-address-list address-list=ftp_blacklist \
136. address-list-timeout=3h chain=output content="530 Login incorrect" \
137. disabled=yes protocol=tcp
138. add action=drop chain=input comment="drop ssh brute forcers" disabled=yes \
139. dst-port=22 protocol=tcp src-address-list=ssh_blacklist
140. add action=add-src-to-address-list address-list=ssh_blacklist \
141. address-list-timeout=1w3d chain=input connection-state=new disabled=yes \
142. dst-port=22 protocol=tcp src-address-list=ssh_stage3
143. add action=add-src-to-address-list address-list=ssh_stage3 \
144. address-list-timeout=1m chain=input connection-state=new disabled=yes \
145. dst-port=22 protocol=tcp src-address-list=ssh_stage2
146. add action=add-src-to-address-list address-list=ssh_stage2 \
147. address-list-timeout=1m chain=input connection-state=new disabled=yes \
148. dst-port=22 protocol=tcp src-address-list=ssh_stage1
149. add action=add-src-to-address-list address-list=ssh_stage1 \
150. address-list-timeout=1m chain=input connection-state=new disabled=yes \
151. dst-port=22 protocol=tcp
152. add action=accept chain=forward disabled=yes
153. add action=drop chain=forward disabled=yes layer7-protocol=*2
154. add action=drop chain=forward disabled=yes layer7-protocol=*4
155. add action=drop chain=forward disabled=yes layer7-protocol=*3
156. add action=drop chain=forward disabled=yes in-interface=*8 src-mac-address=\
157. 64:CC:2E:D7:DD:A7
158. add action=drop chain=forward disabled=yes in-interface=*8 src-mac-address=\
159. 54:8C:A0:7F:14:6F
160. add action=drop chain=forward disabled=yes in-interface=lan src-mac-address=\
161. 24:FD:52:DD:78:39
162. add action=drop chain=forward disabled=yes dst-address=0.0.0.0/0 \
163. dst-address-list=!klien src-address=0.0.0.0/0
164. add action=drop chain=input comment="wannacry sempak" dst-port=\
165. 135-139,445,3389 protocol=tcp
166. add action=drop chain=input dst-port=135-139,445,3389 protocol=udp
167. add action=drop chain=forward dst-port=135-139,445,3389 protocol=tcp
168. add action=drop chain=forward dst-port=135-139,445,3389 protocol=udp
169. /ip firewall mangle
170. add action=accept chain=prerouting comment="Bypass Local Traffic" \
171. dst-address-list=private_IPv4 src-address-list=private_IPv4
172. add action=accept chain=forward dst-address-list=private_IPv4 \
173. src-address-list=private_IPv4
174. add action=mark-connection chain=forward comment="Games Traffic" dst-port=\
175. 39190-39200 new-connection-mark=games passthrough=yes protocol=tcp \
176. src-address-list=private_IPv4
177. add action=mark-connection chain=forward dst-port=40000-40010 \
178. new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
179. private_IPv4
180. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-1 dst-port=\
181. 4300,39311,14300-14440 new-connection-mark=games passthrough=yes \
182. protocol=tcp src-address-list=private_IPv4
183. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-2 dst-port=\
184. 7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
185. new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
186. private_IPv4
187. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-3 dst-port="\
188. 10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18\
189. 901-18909,19000" new-connection-mark=games passthrough=yes protocol=tcp
190. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-4 dst-port=\
191. 19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
192. new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
193. private_IPv4
194. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-5 dst-port=\
195. 28901-28910,14009-14010,9015,40300-40404,36567,36936 new-connection-mark=\
196. games passthrough=yes protocol=tcp src-address-list=private_IPv4
197. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-6 dst-port=\
198. 8890,843,9339,8000,4000,8001,8012,29001-29915 new-connection-mark=games \
199. passthrough=yes protocol=tcp src-address-list=private_IPv4
200. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-7 dst-port=\
201. 9330-9340,10500-10515,30100-30110,27014-27050 new-connection-mark=games \
202. passthrough=yes protocol=tcp src-address-list=private_IPv4
203. add action=mark-connection chain=forward comment=Koneksi-Game-TCP-8 dst-port=\
204. 40021,40124,64705,56516,64710,6213-6225,5222-5280,5220-5230 \
205. new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
206. private_IPv4
207. add action=mark-connection chain=forward comment=Koneksi-Game-UDP-1 dst-port=\
208. 6100-6152,7777,9401,9600-9602,12020-12080,30000,40000-40010 \
209. new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
210. private_IPv4
211. add action=mark-connection chain=forward comment=Koneksi-Game-UDP-2 dst-port="\
212. 42051-42052,11100-11125,11440-11460,27017-27019,14009-14010,27000-27050,43\
213. 80,3478,4379" new-connection-mark=games passthrough=yes protocol=udp \
214. src-address-list=private_IPv4
215. add action=mark-packet chain=forward connection-mark=games in-interface=\
216. pppoe-out1 new-packet-mark=games_down passthrough=no
217. add action=mark-packet chain=forward connection-mark=games in-interface=lan \
218. new-packet-mark=games_up passthrough=no
219. add action=mark-connection chain=forward comment="ICMP Traffic" \
220. new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=\
221. private_IPv4
222. add action=mark-packet chain=forward connection-mark=icmp in-interface=\
223. pppoe-out1 new-packet-mark=icmp_down passthrough=no protocol=icmp
224. add action=mark-packet chain=forward connection-mark=icmp in-interface=lan \
225. new-packet-mark=icmp_up passthrough=no protocol=icmp
226. add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 \
227. new-connection-mark=dns passthrough=yes protocol=udp src-address-list=\
228. private_IPv4
229. add action=mark-packet chain=forward connection-mark=dns in-interface=\
230. pppoe-out1 new-packet-mark=dns_down passthrough=no protocol=udp
231. add action=mark-packet chain=forward connection-mark=dns in-interface=lan \
232. new-packet-mark=dns_up passthrough=no protocol=udp
233. add action=mark-connection chain=forward comment="Remote Traffic" dst-port=\
234. 22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=\
235. tcp src-address-list=private_IPv4
236. add action=mark-packet chain=forward connection-mark=remote in-interface=\
237. pppoe-out1 new-packet-mark=remote_down passthrough=no
238. add action=mark-packet chain=forward connection-mark=remote in-interface=lan \
239. new-packet-mark=remote_up passthrough=no
240. add action=mark-connection chain=forward comment="YouTube Traffic" \
241. layer7-protocol=youtube new-connection-mark=youtube passthrough=yes \
242. src-address-list=private_IPv4
243. add action=mark-packet chain=forward connection-mark=youtube in-interface=\
244. pppoe-out1 new-packet-mark=youtube_down passthrough=no
245. add action=mark-packet chain=forward connection-mark=youtube in-interface=lan \
246. new-packet-mark=youtube_up passthrough=no
247. add action=mark-connection chain=forward comment="Extension Layer7" \
248. layer7-protocol=youtube new-connection-mark=extensi passthrough=yes
249. add action=mark-connection chain=forward layer7-protocol=youtube \
250. new-connection-mark=extensi passthrough=yes
251. add action=mark-connection chain=forward layer7-protocol=youtube \
252. new-connection-mark=extensi passthrough=yes
253. add action=mark-packet chain=forward connection-mark=extensi in-interface=\
254. pppoe-out1 new-packet-mark=extensi_down passthrough=no
255. add action=mark-packet chain=forward connection-mark=extensi in-interface=lan \
256. new-packet-mark=extensi_up passthrough=no
257. add action=mark-connection chain=forward comment="Browsing Traffic" \
258. connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=\
259. yes src-address-list=private_IPv4
260. add action=mark-connection chain=forward comment="Heavy Traffic" \
261. connection-bytes=1024000-0 connection-mark=browsing connection-rate=\
262. 256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=\
263. tcp
264. add action=mark-connection chain=forward connection-bytes=1024000-0 \
265. connection-mark=browsing connection-rate=256k-102400k \
266. new-connection-mark=heavy_traffic passthrough=yes protocol=udp
267. add action=mark-packet chain=forward connection-mark=heavy_traffic \
268. in-interface=pppoe-out1 new-packet-mark=heavy_browsing_down passthrough=\
269. no
270. add action=mark-packet chain=forward connection-mark=heavy_traffic \
271. in-interface=lan new-packet-mark=heavy_browsing_up passthrough=no
272. add action=mark-packet chain=forward connection-mark=browsing in-interface=\
273. pppoe-out1 new-packet-mark=small_browsing_down passthrough=no
274. add action=mark-packet chain=forward connection-mark=browsing in-interface=\
275. lan new-packet-mark=small_browsing_up passthrough=no
276. /ip firewall nat
277. add action=masquerade chain=srcnat out-interface=all-ppp
278. add action=masquerade chain=srcnat out-interface=wan