Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jul/19/2017 00:30:53 by RouterOS 6.39.2
- # software id = hendrauyee
- #
- /interface pppoe-client
- add add-default-route=yes disabled=no interface=wan keepalive-timeout=60 \
- max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=XXXXXXX \
- user=111816XXXXXX@telkom.net
- /ip firewall layer7-protocol
- add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
- add name=extension regexp="\\.(exe|rar|zip|7z|cab|asf|mov|wmv|mpg|mpeg|mkv|avi\
- |flv|pdf|wav|rm|mp3|mp4|ram|rmvb|dat|daa|iso|nrg|bin|vcd|mp2|3gp|mpe|qt|ra\
- w|wma|ogg|doc|deb|tar|bzip|gzip|gzip2)"
- add name=bittorrent regexp="^(bittorrent protocol|azver1\$|get /scrape\\\\\?in\
- fo_hash=)|d1:ad2:id20:|87P\\)[RP]"
- add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
- rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\
- unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\
- |fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
- add name=yt-video-audio regexp=\
- "r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
- add name=idm regexp="get /.*(user-agent: mozilla/4.0|range: bytes=)"
- add name=layer7-bittorrent-exp regexp="^(\\x13bittorrent protocol|azver\\x01\$\
- |get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet\
- /|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
- add name=2-idm regexp="get /.*range: bytes"
- add name=streaming
- /ip pool
- add name=dhcp ranges=192.168.1.1-192.168.1.129
- add name=vpn ranges=192.168.89.2-192.168.89.255
- add name=hs-pool-8 ranges=192.168.1.2-192.168.1.254
- add name=dhcp_pool1 ranges=\
- 192.168.1.1-192.168.1.129,192.168.1.131-192.168.1.254
- add name=dhcp_pool2 ranges=192.168.2.2-192.168.2.254
- add name=dhcp_pool3 ranges=192.168.1.3-192.168.1.8
- /ip dhcp-server
- add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no name=\
- dhcp2
- add address-pool=dhcp_pool3 authoritative=after-2sec-delay interface=lan \
- name=dhcp1
- /port
- set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
- stop-bits=1
- /queue type
- add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=\
- 64 pcq-src-address6-mask=64
- add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 \
- pcq-src-address6-mask=64
- /queue tree
- add name="Global Traffic" parent=global queue=default
- add max-limit=4M name=Download parent="Global Traffic" queue=down_pcq
- add max-limit=1M name=Upload parent="Global Traffic"
- add limit-at=512k max-limit=4M name="1. Game" packet-mark=games_down parent=\
- Download priority=1 queue=down_pcq
- add limit-at=64k max-limit=4M name="2. Icmp" packet-mark=icmp_down parent=\
- Download priority=1 queue=down_pcq
- add limit-at=64k max-limit=4M name="3. Dns" packet-mark=dns_down parent=\
- Download priority=1 queue=down_pcq
- add max-limit=4M name="5. Download Traffic" parent=Download queue=default
- add max-limit=4M name="1. Small Browsing" packet-mark=small_browsing_down \
- parent="5. Download Traffic" priority=5 queue=down_pcq
- add max-limit=4M name="2. Heavy Browsing" packet-mark=heavy_browsing_down \
- parent="5. Download Traffic" priority=7 queue=down_pcq
- add limit-at=512k max-limit=4M name="4. Remote" packet-mark=remote_down \
- parent=Download priority=3 queue=down_pcq
- add max-limit=4M name="3. YouTube" packet-mark=youtube_down parent=\
- "5. Download Traffic" priority=7 queue=down_pcq
- add max-limit=4M name="4. Extensi" packet-mark=extensi_down parent=\
- "5. Download Traffic" queue=down_pcq
- add limit-at=256k max-limit=1M name="1. game" packet-mark=games_up parent=\
- Upload priority=1 queue=up_pcq
- add limit-at=32k max-limit=1M name="2. icmp" packet-mark=icmp_up parent=\
- Upload priority=1 queue=up_pcq
- add limit-at=32k max-limit=1M name="3. dns" packet-mark=dns_up parent=Upload \
- priority=1 queue=up_pcq
- add limit-at=256k max-limit=1M name="4. remote" packet-mark=remote_up parent=\
- Upload priority=3 queue=up_pcq
- add max-limit=1M name="5. Upload Traffic" parent=Upload queue=default
- add max-limit=1M name="1. small browsing" packet-mark=small_browsing_up \
- parent="5. Upload Traffic" priority=5 queue=up_pcq
- add max-limit=1M name="2. heavy browsing" packet-mark=heavy_browsing_up \
- parent="5. Upload Traffic" priority=7 queue=up_pcq
- add max-limit=1M name="3. youtube" packet-mark=youtube_up parent=\
- "5. Upload Traffic" priority=7 queue=up_pcq
- add max-limit=1M name="4. extensi" packet-mark=extensi_up parent=\
- "5. Upload Traffic" queue=up_pcq
- /system logging action
- set 1 disk-file-name=log
- /interface l2tp-server server
- set ipsec-secret=s0l3h4h use-ipsec=yes
- /interface sstp-server server
- set default-profile=default-encryption
- /ip address
- add address=192.168.1.130/24 interface=lan network=192.168.1.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-server network
- add address=192.168.1.0/24 gateway=192.168.1.130
- add address=192.168.2.0/24 gateway=192.168.2.1
- /ip dns
- set allow-remote-requests=yes cache-size=2024KiB max-udp-packet-size=512 \
- servers=8.8.8.8,8.8.4.4
- /ip dns static
- add address=216.239.38.120 name=forcesafesearch.google.com
- add address=216.239.38.120 name=www.google.co.id
- add address=216.239.38.120 name=www.google.com
- add address=216.239.38.120 name=google.com
- add address=216.239.38.120 name=google.co.id
- add address=216.239.38.120 disabled=yes name=www.youtube.com
- add address=216.239.38.120 disabled=yes name=youtube.com
- add address=216.239.32.20 disabled=yes name=www.google.com
- add address=216.239.32.20 disabled=yes name=www.google.co.id
- /ip firewall address-list
- add address=192.168.0.0/16 list=private_IPv4
- add address=172.16.0.0/12 list=private_IPv4
- add address=10.0.0.0/8 list=private_IPv4
- add address=192.168.1.0/24 list=lan
- /ip firewall filter
- add action=passthrough chain=unused-hs-chain comment=\
- "place hotspot rules here" disabled=yes
- add action=drop chain=forward dst-address=176.9.204.144/28
- add action=accept chain=input comment="allow l2tp" disabled=yes dst-port=1701 \
- protocol=udp
- add action=accept chain=input comment="allow pptp" disabled=yes dst-port=1723 \
- protocol=tcp
- add action=accept chain=input comment="allow sstp" disabled=yes dst-port=443 \
- protocol=tcp
- add action=reject chain=forward comment=openvpn disabled=yes dst-address=\
- 103.229.161.0/24 dst-port=1194 protocol=tcp reject-with=tcp-reset
- add action=drop chain=input comment="drop ftp brute forcers" disabled=yes \
- dst-port=21 protocol=tcp src-address-list=ftp_blacklist
- add action=accept chain=output content="530 Login incorrect" disabled=yes \
- dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=ftp_blacklist \
- address-list-timeout=3h chain=output content="530 Login incorrect" \
- disabled=yes protocol=tcp
- add action=drop chain=input comment="drop ssh brute forcers" disabled=yes \
- dst-port=22 protocol=tcp src-address-list=ssh_blacklist
- add action=add-src-to-address-list address-list=ssh_blacklist \
- address-list-timeout=1w3d chain=input connection-state=new disabled=yes \
- dst-port=22 protocol=tcp src-address-list=ssh_stage3
- add action=add-src-to-address-list address-list=ssh_stage3 \
- address-list-timeout=1m chain=input connection-state=new disabled=yes \
- dst-port=22 protocol=tcp src-address-list=ssh_stage2
- add action=add-src-to-address-list address-list=ssh_stage2 \
- address-list-timeout=1m chain=input connection-state=new disabled=yes \
- dst-port=22 protocol=tcp src-address-list=ssh_stage1
- add action=add-src-to-address-list address-list=ssh_stage1 \
- address-list-timeout=1m chain=input connection-state=new disabled=yes \
- dst-port=22 protocol=tcp
- add action=accept chain=forward disabled=yes
- add action=drop chain=forward disabled=yes layer7-protocol=*2
- add action=drop chain=forward disabled=yes layer7-protocol=*4
- add action=drop chain=forward disabled=yes layer7-protocol=*3
- add action=drop chain=forward disabled=yes in-interface=*8 src-mac-address=\
- 64:CC:2E:D7:DD:A7
- add action=drop chain=forward disabled=yes in-interface=*8 src-mac-address=\
- 54:8C:A0:7F:14:6F
- add action=drop chain=forward disabled=yes in-interface=lan src-mac-address=\
- 24:FD:52:DD:78:39
- add action=drop chain=forward disabled=yes dst-address=0.0.0.0/0 \
- dst-address-list=!klien src-address=0.0.0.0/0
- add action=drop chain=input comment="wannacry sempak" dst-port=\
- 135-139,445,3389 protocol=tcp
- add action=drop chain=input dst-port=135-139,445,3389 protocol=udp
- add action=drop chain=forward dst-port=135-139,445,3389 protocol=tcp
- add action=drop chain=forward dst-port=135-139,445,3389 protocol=udp
- /ip firewall mangle
- add action=accept chain=prerouting comment="Bypass Local Traffic" \
- dst-address-list=private_IPv4 src-address-list=private_IPv4
- add action=accept chain=forward dst-address-list=private_IPv4 \
- src-address-list=private_IPv4
- add action=mark-connection chain=forward comment="Games Traffic" dst-port=\
- 39190-39200 new-connection-mark=games passthrough=yes protocol=tcp \
- src-address-list=private_IPv4
- add action=mark-connection chain=forward dst-port=40000-40010 \
- new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
- private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-1 dst-port=\
- 4300,39311,14300-14440 new-connection-mark=games passthrough=yes \
- protocol=tcp src-address-list=private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-2 dst-port=\
- 7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
- new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
- private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-3 dst-port="\
- 10402,11011-11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18\
- 901-18909,19000" new-connection-mark=games passthrough=yes protocol=tcp
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-4 dst-port=\
- 19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
- new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
- private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-5 dst-port=\
- 28901-28910,14009-14010,9015,40300-40404,36567,36936 new-connection-mark=\
- games passthrough=yes protocol=tcp src-address-list=private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-6 dst-port=\
- 8890,843,9339,8000,4000,8001,8012,29001-29915 new-connection-mark=games \
- passthrough=yes protocol=tcp src-address-list=private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-7 dst-port=\
- 9330-9340,10500-10515,30100-30110,27014-27050 new-connection-mark=games \
- passthrough=yes protocol=tcp src-address-list=private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-TCP-8 dst-port=\
- 40021,40124,64705,56516,64710,6213-6225,5222-5280,5220-5230 \
- new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
- private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-UDP-1 dst-port=\
- 6100-6152,7777,9401,9600-9602,12020-12080,30000,40000-40010 \
- new-connection-mark=games passthrough=yes protocol=udp src-address-list=\
- private_IPv4
- add action=mark-connection chain=forward comment=Koneksi-Game-UDP-2 dst-port="\
- 42051-42052,11100-11125,11440-11460,27017-27019,14009-14010,27000-27050,43\
- 80,3478,4379" new-connection-mark=games passthrough=yes protocol=udp \
- src-address-list=private_IPv4
- add action=mark-packet chain=forward connection-mark=games in-interface=\
- pppoe-out1 new-packet-mark=games_down passthrough=no
- add action=mark-packet chain=forward connection-mark=games in-interface=lan \
- new-packet-mark=games_up passthrough=no
- add action=mark-connection chain=forward comment="ICMP Traffic" \
- new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=\
- private_IPv4
- add action=mark-packet chain=forward connection-mark=icmp in-interface=\
- pppoe-out1 new-packet-mark=icmp_down passthrough=no protocol=icmp
- add action=mark-packet chain=forward connection-mark=icmp in-interface=lan \
- new-packet-mark=icmp_up passthrough=no protocol=icmp
- add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 \
- new-connection-mark=dns passthrough=yes protocol=udp src-address-list=\
- private_IPv4
- add action=mark-packet chain=forward connection-mark=dns in-interface=\
- pppoe-out1 new-packet-mark=dns_down passthrough=no protocol=udp
- add action=mark-packet chain=forward connection-mark=dns in-interface=lan \
- new-packet-mark=dns_up passthrough=no protocol=udp
- add action=mark-connection chain=forward comment="Remote Traffic" dst-port=\
- 22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=\
- tcp src-address-list=private_IPv4
- add action=mark-packet chain=forward connection-mark=remote in-interface=\
- pppoe-out1 new-packet-mark=remote_down passthrough=no
- add action=mark-packet chain=forward connection-mark=remote in-interface=lan \
- new-packet-mark=remote_up passthrough=no
- add action=mark-connection chain=forward comment="YouTube Traffic" \
- layer7-protocol=youtube new-connection-mark=youtube passthrough=yes \
- src-address-list=private_IPv4
- add action=mark-packet chain=forward connection-mark=youtube in-interface=\
- pppoe-out1 new-packet-mark=youtube_down passthrough=no
- add action=mark-packet chain=forward connection-mark=youtube in-interface=lan \
- new-packet-mark=youtube_up passthrough=no
- add action=mark-connection chain=forward comment="Extension Layer7" \
- layer7-protocol=youtube new-connection-mark=extensi passthrough=yes
- add action=mark-connection chain=forward layer7-protocol=youtube \
- new-connection-mark=extensi passthrough=yes
- add action=mark-connection chain=forward layer7-protocol=youtube \
- new-connection-mark=extensi passthrough=yes
- add action=mark-packet chain=forward connection-mark=extensi in-interface=\
- pppoe-out1 new-packet-mark=extensi_down passthrough=no
- add action=mark-packet chain=forward connection-mark=extensi in-interface=lan \
- new-packet-mark=extensi_up passthrough=no
- add action=mark-connection chain=forward comment="Browsing Traffic" \
- connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=\
- yes src-address-list=private_IPv4
- add action=mark-connection chain=forward comment="Heavy Traffic" \
- connection-bytes=1024000-0 connection-mark=browsing connection-rate=\
- 256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=\
- tcp
- add action=mark-connection chain=forward connection-bytes=1024000-0 \
- connection-mark=browsing connection-rate=256k-102400k \
- new-connection-mark=heavy_traffic passthrough=yes protocol=udp
- add action=mark-packet chain=forward connection-mark=heavy_traffic \
- in-interface=pppoe-out1 new-packet-mark=heavy_browsing_down passthrough=\
- no
- add action=mark-packet chain=forward connection-mark=heavy_traffic \
- in-interface=lan new-packet-mark=heavy_browsing_up passthrough=no
- add action=mark-packet chain=forward connection-mark=browsing in-interface=\
- pppoe-out1 new-packet-mark=small_browsing_down passthrough=no
- add action=mark-packet chain=forward connection-mark=browsing in-interface=\
- lan new-packet-mark=small_browsing_up passthrough=no
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface=all-ppp
- add action=masquerade chain=srcnat out-interface=wan
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement