API tools faq
paste
Advertisement
INTIMEDIA

3 ISP LITE

INTIMEDIA
Nov 15th, 2021
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.17 KB | None | 0 0
raw download clone embed print report
  1. ###############################################
  2. # 3 ISP Lite MikroTik Script
  3. # Created by: Pejuang GSM
  4. # https://web.facebook.com/groups/PejuangGSM/
  5. # Last Update: 30 September 2021
  6. ###############################################
  7.  
  8. # CLEAR SETTING
  9. /queue simple remove [find];
  10. /queue tree remove [find];
  11. /queue type remove [find kind=pcq];
  12. /ip firewall filter remove [find];
  13. /ip firewall mangle remove [find];
  14. /ip firewall raw remove [find];
  15. /ip firewall address-list remove [find];
  16. /ip firewall layer7 remove [find];
  17. /
  18.  
  19. # IP ROUTES
  20. /ip route add check-gateway=ping distance=1 gateway=192.168.8.1
  21. /ip route add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=ICMP
  22. /ip route add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=Routing-Game
  23. /ip route add check-gateway=ping distance=1 gateway=192.168.10.1 routing-mark=Routing-Sosmed
  24. /
  25.  
  26. # ADDRESS LIST
  27. /ip firewall address-list add address=192.168.0.0/16 list=LOKAL
  28. /ip firewall address-list add address=172.16.0.0/12 list=LOKAL
  29. /ip firewall address-list add address=10.0.0.0/8 list=LOKAL
  30. /ip firewall address-list add address=64.15.126.0/24 list=IP-YOUTUBE
  31. /ip firewall address-list add address=64.15.123.0/24 list=IP-YOUTUBE
  32. /ip firewall address-list add address=64.15.119.0/24 list=IP-YOUTUBE
  33. /ip firewall address-list add address=64.15.118.0/24 list=IP-YOUTUBE
  34. /ip firewall address-list add address=64.15.115.0/24 list=IP-YOUTUBE
  35. /ip firewall address-list add address=64.15.114.0/24 list=IP-YOUTUBE
  36. /ip firewall address-list add address=64.15.112.0/20 list=IP-YOUTUBE
  37. /ip firewall address-list add address=216.73.80.0/20 list=IP-YOUTUBE
  38. /ip firewall address-list add address=208.65.152.0/22 list=IP-YOUTUBE
  39. /ip firewall address-list add address=208.117.254.0/24 list=IP-YOUTUBE
  40. /ip firewall address-list add address=208.117.252.0/24 list=IP-YOUTUBE
  41. /ip firewall address-list add address=208.117.250.0/24 list=IP-YOUTUBE
  42. /ip firewall address-list add address=208.117.246.0/24 list=IP-YOUTUBE
  43. /ip firewall address-list add address=208.117.240.0/24 list=IP-YOUTUBE
  44. /ip firewall address-list add address=208.117.238.0/24 list=IP-YOUTUBE
  45. /ip firewall address-list add address=208.117.234.0/24 list=IP-YOUTUBE
  46. /ip firewall address-list add address=208.117.226.0/24 list=IP-YOUTUBE
  47. /ip firewall address-list add address=208.117.225.0/24 list=IP-YOUTUBE
  48. /ip firewall address-list add address=208.117.224.0/19 list=IP-YOUTUBE
  49. /ip firewall address-list add address=172.110.32.0/21 list=IP-YOUTUBE
  50. /ip firewall address-list add address=136.22.133.0/24 list=IP-YOUTUBE
  51. /ip firewall address-list add address=136.22.132.0/24 list=IP-YOUTUBE
  52. /ip firewall address-list add address=136.22.131.0/24 list=IP-YOUTUBE
  53. /ip firewall address-list add address=136.22.130.0/24 list=IP-YOUTUBE
  54. /ip firewall address-list add address=104.237.191.0/24 list=IP-YOUTUBE
  55. /ip firewall address-list add address=104.237.190.0/24 list=IP-YOUTUBE
  56. /ip firewall address-list add address=104.237.175.0/24 list=IP-YOUTUBE
  57. /ip firewall address-list add address=104.237.172.0/24 list=IP-YOUTUBE
  58. /ip firewall address-list add address=104.237.171.0/24 list=IP-YOUTUBE
  59. /ip firewall address-list add address=104.237.170.0/24 list=IP-YOUTUBE
  60. /ip firewall address-list add address=104.237.169.0/24 list=IP-YOUTUBE
  61. /ip firewall address-list add address=104.237.168.0/24 list=IP-YOUTUBE
  62. /ip firewall address-list add address=104.237.167.0/24 list=IP-YOUTUBE
  63. /ip firewall address-list add address=104.237.164.0/24 list=IP-YOUTUBE
  64. /ip firewall address-list add address=104.237.162.0/24 list=IP-YOUTUBE
  65. /ip firewall address-list add address=104.237.160.0/19 list=IP-YOUTUBE
  66. /ip firewall address-list add address=192.168.2.254 comment="IP Yang diperbolehkan untuk mengakses Modem atau Access Point" list=IP-ADMIN
  67. /
  68.  
  69. # DHCP CLIENT, DNS, SNTP & SCHEDULER
  70. /ip dhcp-client add disabled=no interface=ether1
  71. /ip dhcp-client add add-default-route=no disabled=no interface=ether2
  72. /ip dhcp-client add add-default-route=no disabled=no interface=ether3
  73. /ip dns set servers=9.9.9.9,1.1.1.1,203.130.196.6,222.124.204.34
  74. /ip dns set allow-remote-requests=yes cache-max-ttl=1d
  75. /ip pool add name=PPPOE ranges=192.168.4.2-192.168.4.254
  76. /system ntp client set enabled=yes primary-ntp=202.65.114.202 secondary-ntp=212.26.18.41 server-dns-names=asia.pool.ntp.org
  77. /system scheduler add interval=1m name=autoremovehs on-event="/queue simple remove [ find name ~\"hs-<\" ]\r\
  78. \n/queue simple move [find name=\"-> GLOBAL CONNECTION\"] [:pick [find] 0]" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=feb/21/1993 start-time=10:43:00
  79. /system scheduler add name=datetime-startup on-event="/sys scr run datetime" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
  80. /system scheduler add interval=5m name=datetime on-event=":local date [/sys clock get date]; \r\
  81. \n:local time [/sys clock get time]; \r\
  82. \n/sys scr set source=\"/sys clock set date=\$date time=\$time\" [find where name=datetime];" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=feb/21/1993 start-time=16:44:58
  83. /system scheduler add interval=3h name=FlushDNSCache on-event="/ip dns cache flush" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=feb/21/1993 start-time=20:04:00
  84. /system script add dont-require-permissions=no name=datetime owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/sys clock set date=jan/24/2021 time=05:19:58"
  85. /
  86.  
  87. # INTERFACE, NAT, FILTER & LAYER7
  88. /interface list add name=WAN
  89. /interface list add name=LAN
  90. /interface list member add interface=ether1 list=WAN
  91. /interface list member add interface=ether2 list=WAN
  92. /interface list member add interface=ether3 list=WAN
  93. /interface list member add interface=ether5 list=LAN
  94. /interface list member add interface=bridge list=LAN
  95. /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
  96. /ip firewall nat add action=masquerade chain=srcnat src-address-list=LOKAL
  97. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
  98. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether2
  99. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether3
  100. /ip firewall layer7-protocol add name=YOUTUBE regexp="^.+(youtube.com|googlevideo.com).*\$"
  101. /ip firewall filter add action=reject chain=input comment="Anti Winbox Exploit" content=user.dat reject-with=icmp-network-unreachable
  102. /ip firewall filter add action=drop chain=input content=user.dat
  103. /ip firewall filter add action=drop chain=forward comment="Block Akses Client Ke Modem/AP (Kecuali IP-ADMIN yang ada di Firewall -> Address Lists)" dst-address-list=LOKAL dst-port=80 protocol=tcp src-address-list=!IP-ADMIN
  104. /ip firewall filter add action=add-dst-to-address-list address-list=IP-YOUTUBE address-list-timeout=30s chain=forward comment="Tangkap IP Youtube" dst-address-list=!IP-UMUM layer7-protocol=YOUTUBE src-address-list=LOKAL
  105. /ip firewall filter add action=accept chain=input comment="Allow Established, Related Connections" connection-state=established,related
  106. /ip firewall filter add action=accept chain=forward connection-state=established,related
  107. /ip firewall filter add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
  108. /ip firewall filter add action=drop chain=forward connection-state=invalid
  109. /
  110.  
  111. # MANGLE
  112. /ip firewall mangle add action=accept chain=prerouting comment="[ Copyright \A9 3 ISP Unlimited Lite Script Proudly Presents for Pejuang GSM ]" dst-address-list=LOKAL src-address-list=LOKAL
  113. /ip firewall mangle add action=accept chain=postrouting dst-address-list=LOKAL src-address-list=LOKAL
  114. /ip firewall mangle add action=accept chain=forward dst-address-list=LOKAL src-address-list=LOKAL
  115. /ip firewall mangle add action=accept chain=input dst-address-list=LOKAL src-address-list=LOKAL
  116. /ip firewall mangle add action=accept chain=output dst-address-list=LOKAL src-address-list=LOKAL
  117. /ip firewall mangle add action=change-ttl chain=prerouting comment=TTL in-interface-list=WAN new-ttl=set:128 passthrough=yes
  118. /ip firewall mangle add action=change-ttl chain=postrouting new-ttl=set:1 out-interface-list=LAN passthrough=yes
  119. /ip firewall mangle add action=mark-connection chain=prerouting comment=DNS dst-port=53,5353,853,5938,6568,7070,2112,8291 new-connection-mark="KONEKSI DNS" passthrough=yes protocol=tcp
  120. /ip firewall mangle add action=mark-connection chain=prerouting dst-port=53,5353,853,5938,6568,7070,2112,8291 new-connection-mark="KONEKSI DNS" passthrough=yes protocol=udp
  121. /ip firewall mangle add action=mark-packet chain=prerouting connection-mark="KONEKSI DNS" new-packet-mark="DNS DOWNLOAD" passthrough=no
  122. /ip firewall mangle add action=mark-packet chain=postrouting connection-mark="KONEKSI DNS" new-packet-mark="DNS UPLOAD" passthrough=no
  123. /ip firewall mangle add action=mark-connection chain=forward comment=ICMP new-connection-mark="KONEKSI ICMP" passthrough=yes protocol=icmp
  124. /ip firewall mangle add action=change-dscp chain=forward connection-mark="KONEKSI ICMP" new-dscp=16 passthrough=yes
  125. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI ICMP" dst-address-list=LOKAL in-interface-list=WAN new-packet-mark="ICMP DOWNLOAD" passthrough=yes src-address-list=!LOKAL
  126. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI ICMP" dst-address-list=!LOKAL new-packet-mark="ICMP UPLOAD" out-interface-list=WAN passthrough=yes src-address-list=LOKAL
  127. /ip firewall mangle add action=add-dst-to-address-list address-list=IP-GAME address-list-timeout=1m chain=forward comment=RANDOM connection-mark="!KONEKSI UMUM" dst-address-list=!IP-CHAT dst-port=!0-1023,1194,1723,1935,2083,3478,5050-5061,6666,8777,8000-8081,35915,39397 protocol=tcp src-address-list=LOKAL
  128. /ip firewall mangle add action=add-dst-to-address-list address-list=IP-GAME address-list-timeout=1m chain=forward connection-mark="!KONEKSI UMUM" dst-address-list=!IP-CHAT dst-port=!0-1023,1701,1900,3478,5060,5061,5222,5288,5353 protocol=udp src-address-list=LOKAL
  129. /ip firewall mangle add action=mark-connection chain=forward comment=GAME dst-address-list=IP-GAME new-connection-mark="KONEKSI GAME" passthrough=yes src-address-list=LOKAL
  130. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI GAME" dst-address-list=LOKAL in-interface-list=WAN new-packet-mark="GAME DOWNLOAD" passthrough=yes src-address-list=IP-GAME
  131. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI GAME" dst-address-list=IP-GAME new-packet-mark="GAME UPLOAD" out-interface-list=WAN passthrough=yes src-address-list=LOKAL
  132. /ip firewall mangle add action=mark-connection chain=forward comment=HIGH connection-bytes=500000-0 connection-mark="KONEKSI GAME" connection-rate=250k-1G new-connection-mark="KONEKSI HIGH" passthrough=yes
  133. /ip firewall mangle add action=mark-connection chain=forward connection-mark="KONEKSI HIGH" connection-rate=0-250k new-connection-mark="KONEKSI GAME" passthrough=yes
  134. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI HIGH" in-interface-list=WAN new-packet-mark="HIGH DOWNLOAD" passthrough=yes
  135. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI HIGH" new-packet-mark="HIGH UPLOAD" out-interface-list=WAN passthrough=yes
  136. /ip firewall mangle add action=add-dst-to-address-list address-list=IP-UMUM address-list-timeout=40s chain=forward connection-bytes=1M-0 connection-mark="KONEKSI HIGH" connection-rate=3M-1G dst-address-list=!LOKAL src-address-list=LOKAL
  137. /ip firewall mangle add action=mark-connection chain=forward comment=UMUM connection-mark="!KONEKSI GAME" dst-address-list=!IP-GAME dst-port=0-1023,1701,1900,3478,5060,5061,5222,5288,5353 new-connection-mark="KONEKSI UMUM" passthrough=yes protocol=tcp src-address-list=LOKAL
  138. /ip firewall mangle add action=mark-connection chain=forward connection-mark="!KONEKSI GAME" dst-address-list=!IP-GAME dst-port=0-1023,1701,1900,3478,5060,5061,5222,5288,5353 new-connection-mark="KONEKSI UMUM" passthrough=yes protocol=udp src-address-list=LOKAL
  139. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI UMUM" dst-address-list=LOKAL in-interface-list=WAN new-packet-mark="UMUM DOWNLOAD" passthrough=yes src-address-list=!IP-GAME
  140. /ip firewall mangle add action=mark-packet chain=forward connection-mark="KONEKSI UMUM" dst-address-list=!IP-GAME new-packet-mark="UMUM UPLOAD" out-interface-list=WAN passthrough=yes src-address-list=LOKAL
  141. /ip firewall mangle add action=mark-routing chain=prerouting comment=ROUTING dst-address-list=!LOKAL new-routing-mark=ICMP passthrough=yes protocol=icmp src-address-list=LOKAL
  142. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-GAME new-routing-mark=Routing-Game passthrough=yes src-address-list=LOKAL
  143. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-UMUM new-routing-mark=main passthrough=yes src-address-list=LOKAL
  144. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-CHAT new-routing-mark=Routing-Sosmed passthrough=yes src-address-list=LOKAL
  145. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-SOSMED new-routing-mark=Routing-Sosmed passthrough=yes src-address-list=LOKAL
  146. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-YOUTUBE new-routing-mark=Routing-Sosmed passthrough=yes src-address-list=LOKAL
  147. /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=IP-SPEEDTEST new-routing-mark=main passthrough=yes src-address-list=LOKAL
  148. /
  149.  
  150. # SIMPLE QUEUE
  151. /queue type add kind=pcq name=pcq-download-big pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-limit=512KiB pcq-src-address6-mask=64 pcq-total-limit=256000KiB
  152. /queue type add kind=pcq name=pcq-upload-big pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-limit=512KiB pcq-src-address6-mask=64 pcq-total-limit=256000KiB
  153. /queue type add kind=pcq name=pcq-download-small pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-limit=256KiB pcq-src-address6-mask=64 pcq-total-limit=128000KiB
  154. /queue type add kind=pcq name=pcq-upload-small pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-limit=256KiB pcq-src-address6-mask=64 pcq-total-limit=128000KiB
  155. /queue simple add comment="[ Copyright \A9 3 ISP Unlimited Lite Script Proudly Presents for Pejuang GSM ]" name="-> GLOBAL CONNECTION" queue=default/default target=192.168.2.0/24,192.168.3.0/24,192.168.4.0/24
  156. /queue simple add name="1. GAME" packet-marks="GAME UPLOAD,GAME DOWNLOAD,DNS UPLOAD,DNS DOWNLOAD,ICMP UPLOAD,ICMP DOWNLOAD" parent="-> GLOBAL CONNECTION" priority=1/1 queue=pcq-upload-small/pcq-download-small target=192.168.2.0/24,192.168.3.0/24,192.168.4.0/24
  157. /queue simple add name="2. ALL CONNECTION" parent="-> GLOBAL CONNECTION" queue=default/default target=192.168.2.0/24,192.168.3.0/24,192.168.4.0/24
  158. /queue simple add name="CLIENT DHCP" parent="2. ALL CONNECTION" queue=default/default target=192.168.2.0/24
  159. /queue simple add name="CLIENT HOTSPOT" parent="2. ALL CONNECTION" queue=default/default target=192.168.3.0/24
  160. /queue simple add name="CLIENT RUMAHAN & PPPOE" parent="2. ALL CONNECTION" queue=default/default target=192.168.4.0/24
  161. /queue simple add name="PC Pribadi" parent="CLIENT DHCP" queue=default/default target=192.168.2.254/32
  162. /ip hotspot user profile { set [find] parent="CLIENT HOTSPOT" transparent-proxy=no insert-queue-before=bottom address-pool=none }
  163. /ppp profile { set [find] parent="CLIENT RUMAHAN & PPPOE" insert-queue-before=bottom }
  164. /
  165.  
  166. # QUEUE TREE
  167. /queue tree add comment="[ Copyright \A9 3 ISP Unlimited Lite Script Proudly Presents for Pejuang GSM ]" name="-> GLOBAL CONNECTION" parent=global queue=default
  168. /queue tree add name="INBOUND PACKET" parent="-> GLOBAL CONNECTION" queue=default
  169. /queue tree add name="OUTBOND PACKET" parent="-> GLOBAL CONNECTION" queue=default
  170. /queue tree add max-limit=5M name="1. Game Download" packet-mark="GAME DOWNLOAD" parent="INBOUND PACKET" priority=1 queue=pcq-download-small
  171. /queue tree add max-limit=5M name="1. Game Upload" packet-mark="GAME UPLOAD" parent="OUTBOND PACKET" priority=1 queue=pcq-upload-small
  172. /queue tree add name="2. DNS [53] Download" packet-mark="DNS DOWNLOAD" parent="INBOUND PACKET" priority=1 queue=pcq-download-small
  173. /queue tree add name="2. DNS [53] Upload" packet-mark="DNS UPLOAD" parent="OUTBOND PACKET" priority=1 queue=pcq-upload-small
  174. /queue tree add name="3. ICMP [ping] Download" packet-mark="ICMP DOWNLOAD" parent="INBOUND PACKET" priority=1 queue=pcq-download-small
  175. /queue tree add name="3. ICMP [ping] Upload" packet-mark="ICMP UPLOAD" parent="OUTBOND PACKET" priority=1 queue=pcq-upload-small
  176. /queue tree add name="4. All Download" parent="INBOUND PACKET" queue=default
  177. /queue tree add name="4. All Upload" parent="OUTBOND PACKET" queue=default
  178. /queue tree add name="1. Umum Download" packet-mark="UMUM DOWNLOAD" parent="4. All Download" priority=3 queue=pcq-download-big
  179. /queue tree add name="1. Umum Upload" packet-mark="UMUM UPLOAD" parent="4. All Upload" priority=3 queue=pcq-upload-big
  180. /queue tree add name="2. High Download" packet-mark="HIGH DOWNLOAD" parent="4. All Download" priority=6 queue=pcq-download-big
  181. /queue tree add name="2. High Upload" packet-mark="HIGH UPLOAD" parent="4. All Upload" priority=6 queue=pcq-upload-big
  182. /interface bridge set protocol-mode=none 0
  183. /
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!