Setting Mikrotik 20 Mbps Anti Ngelag Mantap

# sep/21/2019 05:52:49 by RouterOS 6.45.6
# software id = XXXX-XXXX
#
#
# Perhatian Sebelum Copas perhatikan baik2 dahulu Topologinya
# " xxx " perlu disesuaikan

/interface bridge
add arp=reply-only name=bridge-AP
/interface ethernet
set [ find default-name=ether1 ] comment="Connected to Modem" name=\
    ether1-Modem
set [ find default-name=ether2 ] arp=disabled comment="Connected to Hotspot" \
    name=ether2-Lan
/interface list
add name=MODEM
add name=LAN
/ip hotspot profile
set [ find default=yes ] dns-name=xxx.hotspot html-directory=\
    "xxx Hotspot" http-cookie-lifetime=6h
add dns-name=xxx.hotspot html-directory="xxx Hotspot" \
    http-cookie-lifetime=6h name=hsprof1 use-radius=yes
/ip pool
add name=dhcp_pool0 ranges=192.168.88.21-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 disabled=no interface=bridge-AP name=\
    dhcp1
/ip hotspot
add address-pool=dhcp_pool0 addresses-per-mac=1 disabled=no interface=\
    bridge-AP name=hotspot1 profile=hsprof1
/queue type
add kind=pcq name=pcq-upload-bigger pcq-classifier=src-address
add kind=pcq name=pcq-download-bigger pcq-classifier=dst-address
/queue interface
set ether1-Modem queue=ethernet-default
set ether2-Lan queue=ethernet-default
/queue simple
add comment="Indihome 20Mbps ( Kecepatan berbeda settingan disesuaikan aja )" \
    limit-at=4M/20M max-limit=4M/20M name=MAX-SPEED priority=1/1 queue=\
    default-small/default target=bridge-AP total-queue=default
add comment="Browsing Connection" limit-at=1M/2M max-limit=2M/15M name=\
    Max-Bigger packet-marks=Bigger parent=MAX-SPEED priority=2/2 queue=\
    pcq-upload-bigger/pcq-download-bigger target=bridge-AP
add limit-at=256k/512k max-limit=512k/2M name=Zzz-Bigger parent=Max-Bigger \
    target=bridge-AP
add comment="Game Connection" limit-at=2M/5M max-limit=4M/20M name=\
    Max-Default parent=MAX-SPEED priority=1/1 queue=\
    pcq-upload-default/pcq-download-default target=bridge-AP
add limit-at=256k/512k max-limit=512k/2M name=Zzz-Default parent=Max-Default \
    target=bridge-AP
add limit-at=256k/512k max-limit=512k/2M name=ZZZ-SPEED parent=MAX-SPEED \
    queue=default-small/hotspot-default target=bridge-AP
/ip hotspot user profile
set [ find default=yes ] idle-timeout=1h5m insert-queue-before=Zzz-Default \
    keepalive-timeout=5m mac-cookie-timeout=6h on-login=\
    ":put (\",,0,,,noexp,Disable,\")" parent-queue=Max-Default queue-type=\
    default-small rate-limit=512k/2M shared-users=10 transparent-proxy=yes
add idle-timeout=1h5m insert-queue-before=Zzz-Default keepalive-timeout=5m \
    mac-cookie-timeout=6h name=trial on-login=\
    ":put (\",,0,,,noexp,Disable,\")" parent-queue=Max-Default queue-type=\
    default-small rate-limit=512k/2M shared-users=10 transparent-proxy=yes
add idle-timeout=1h5m insert-queue-before=Zzz-Default keepalive-timeout=5m \
    mac-cookie-timeout=6h name=Harian on-login=":put (\",remc,2000,24h,0,,Disa\
    ble,\"); {:local date [ /system clock get date ];:local year [ :pick \$dat\
    e 7 11 ];:local month [ :pick \$date 0 3 ];:local comment [ /ip hotspot us\
    er get [/ip hotspot user find where name=\"\$user\"] comment]; :local ucod\
    e [:pic \$comment 0 2]; :if (\$ucode = \"vc\" or \$ucode = \"up\" or \$com\
    ment = \"\") do={ /sys sch add name=\"\$user\" disable=no start-date=\$dat\
    e interval=\"24h\"; :delay 2s; :local exp [ /sys sch get [ /sys sch find w\
    here name=\"\$user\" ] next-run]; :local getxp [len \$exp]; :if (\$getxp =\
    \_15) do={ :local d [:pic \$exp 0 6]; :local t [:pic \$exp 7 16]; :local s\
    \_(\"/\"); :local exp (\"\$d\$s\$year \$t\"); /ip hotspot user set comment\
    =\$exp [find where name=\"\$user\"];}; :if (\$getxp = 8) do={ /ip hotspot \
    user set comment=\"\$date \$exp\" [find where name=\"\$user\"];}; :if (\$g\
    etxp > 15) do={ /ip hotspot user set comment=\$exp [find where name=\"\$us\
    er\"];}; /sys sch remove [find where name=\"\$user\"]; :local mac \$\"mac-\
    address\"; :local time [/system clock get time ]; /system script add name=\
    \"\$date-|-\$time-|-\$user-|-2000-|-\$address-|-\$mac-|-24h-|-Harian-|-\$c\
    omment\" owner=\"\$month\$year\" source=\$date comment=mikhmon}}" \
    parent-queue=Max-Default queue-type=default-small rate-limit=512k/2m \
    transparent-proxy=yes
add idle-timeout=1h5m insert-queue-before=Zzz-Default keepalive-timeout=5m \
    mac-cookie-timeout=6h name=Mingguan on-login=":put (\",remc,10000,7d,0,,Di\
    sable,\"); {:local date [ /system clock get date ];:local year [ :pick \$d\
    ate 7 11 ];:local month [ :pick \$date 0 3 ];:local comment [ /ip hotspot \
    user get [/ip hotspot user find where name=\"\$user\"] comment]; :local uc\
    ode [:pic \$comment 0 2]; :if (\$ucode = \"vc\" or \$ucode = \"up\" or \$c\
    omment = \"\") do={ /sys sch add name=\"\$user\" disable=no start-date=\$d\
    ate interval=\"7d\"; :delay 2s; :local exp [ /sys sch get [ /sys sch find \
    where name=\"\$user\" ] next-run]; :local getxp [len \$exp]; :if (\$getxp \
    = 15) do={ :local d [:pic \$exp 0 6]; :local t [:pic \$exp 7 16]; :local s\
    \_(\"/\"); :local exp (\"\$d\$s\$year \$t\"); /ip hotspot user set comment\
    =\$exp [find where name=\"\$user\"];}; :if (\$getxp = 8) do={ /ip hotspot \
    user set comment=\"\$date \$exp\" [find where name=\"\$user\"];}; :if (\$g\
    etxp > 15) do={ /ip hotspot user set comment=\$exp [find where name=\"\$us\
    er\"];}; /sys sch remove [find where name=\"\$user\"]; :local mac \$\"mac-\
    address\"; :local time [/system clock get time ]; /system script add name=\
    \"\$date-|-\$time-|-\$user-|-10000-|-\$address-|-\$mac-|-7d-|-Mingguan-|-\
    \$comment\" owner=\"\$month\$year\" source=\$date comment=mikhmon}}" \
    parent-queue=Max-Default queue-type=default-small rate-limit=512k/2m \
    transparent-proxy=yes
add idle-timeout=1h5m insert-queue-before=Zzz-Default keepalive-timeout=5m \
    mac-cookie-timeout=6h name=Bulanan on-login=":put (\",remc,35000,30d,0,,Di\
    sable,\"); {:local date [ /system clock get date ];:local year [ :pick \$d\
    ate 7 11 ];:local month [ :pick \$date 0 3 ];:local comment [ /ip hotspot \
    user get [/ip hotspot user find where name=\"\$user\"] comment]; :local uc\
    ode [:pic \$comment 0 2]; :if (\$ucode = \"vc\" or \$ucode = \"up\" or \$c\
    omment = \"\") do={ /sys sch add name=\"\$user\" disable=no start-date=\$d\
    ate interval=\"30d\"; :delay 2s; :local exp [ /sys sch get [ /sys sch find\
    \_where name=\"\$user\" ] next-run]; :local getxp [len \$exp]; :if (\$getx\
    p = 15) do={ :local d [:pic \$exp 0 6]; :local t [:pic \$exp 7 16]; :local\
    \_s (\"/\"); :local exp (\"\$d\$s\$year \$t\"); /ip hotspot user set comme\
    nt=\$exp [find where name=\"\$user\"];}; :if (\$getxp = 8) do={ /ip hotspo\
    t user set comment=\"\$date \$exp\" [find where name=\"\$user\"];}; :if (\
    \$getxp > 15) do={ /ip hotspot user set comment=\$exp [find where name=\"\
    \$user\"];}; /sys sch remove [find where name=\"\$user\"]; :local mac \$\"\
    mac-address\"; :local time [/system clock get time ]; /system script add n\
    ame=\"\$date-|-\$time-|-\$user-|-35000-|-\$address-|-\$mac-|-30d-|-Bulanan\
    -|-\$comment\" owner=\"\$month\$year\" source=\$date comment=mikhmon}}" \
    parent-queue=Max-Default queue-type=default-small rate-limit=512k/2m \
    transparent-proxy=yes
/system logging action
set 0 memory-lines=1
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-AP interface=ether2-Lan
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add interface=ether1-Modem list=MODEM
add interface=bridge-AP list=LAN
/ip address
add address=192.168.1.2/24 comment="Connected to Modem" interface=\
    ether1-Modem network=192.168.1.0
add address=192.168.88.1/24 comment="Connected to Hotspot" interface=\
    bridge-AP network=192.168.88.0
/ip arp
add address=192.168.88.6 comment=AP interface=bridge-AP mac-address=\
    B0:4E:26:E1:6C:66
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 \
    netmask=32
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 list=private-lokal
add address=10.0.0.0/8 list=private-lokal
add address=100.64.0.0/10 list=private-lokal
add address=127.0.0.0/8 list=private-lokal
add address=169.254.0.0/16 list=private-lokal
add address=172.16.0.0/12 list=private-lokal
add address=192.0.0.0/24 list=private-lokal
add address=192.0.2.0/24 list=private-lokal
add address=192.168.0.0/16 list=private-lokal
add address=198.18.0.0/15 list=private-lokal
add address=198.51.100.0/24 list=private-lokal
add address=203.0.113.0/24 list=private-lokal
add address=224.0.0.0/3 list=private-lokal
add address=118.98.0.0/17 list=ggc-telkom
add address=118.97.0.0/16 list=ggc-telkom
add address=www.arcai.com list=netcut
/ip firewall filter
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=forward comment="Blok Akses Masuk Ke Modem" disabled=\
    yes dst-address=192.168.1.1 dst-port=80 protocol=tcp
add action=drop chain=forward disabled=yes dst-address=192.168.1.1 protocol=\
    icmp
add action=reject chain=input comment="Block Penyebaran Virus Ransomeware" \
    dst-port=139,445,3389 protocol=tcp
add action=reject chain=input dst-port=139,445,3389,20004,7533,5678 protocol=\
    udp
add action=reject chain=forward dst-port=137,138,445,3389 protocol=tcp
add action=reject chain=forward dst-port=137,138 protocol=udp
add action=reject chain=forward comment="Blocking Windows Update" content=\
    update.microsoft.com
add action=reject chain=forward content=download.microsoft.com
add action=reject chain=forward content=download.windowsupdate.com
add action=reject chain=forward content=windowsupdate.com
add action=reject chain=forward content=wustat.windows.com
add action=reject chain=forward content=ntservicepack.microsoft.com
add action=reject chain=forward content=stats.microsoft.com
add action=reject chain=forward content=wustat.windows.com
add action=reject chain=forward content=windowsupdate.microsoft.com
add action=drop chain=forward comment="TORRENT No 2: block outgoing DHT" \
    content=d1:ad2:id20: dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward comment=\
    "TORRENT No 3: block outgoing TCP announce" content="info_hash=" \
    dst-port=2710,80,443,6969,1337,6961,5944,1096,8080,8089 protocol=tcp
add action=drop chain=forward comment=\
    "TORRENT No 4: prohibits download .torrent files. " content=\
    "\r\
    \nContent-Type: application/x-bittorrent" protocol=tcp src-port=80
add action=drop chain=forward comment=\
    "TORRENT No 5: 6771 block LOCAL Broadcast" content="\r\
    \nInfohash:" dst-port=6771 protocol=udp
add action=drop chain=forward comment="Blocking Microsoft Spying" \
    src-address-list=TelemetrySpy
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" \
    src-address-list="port scanners"
add action=accept chain=input comment="Allow Established connections" \
    connection-state=established
add action=accept chain=input comment="Allow Related connections" \
    connection-state=related
add action=drop chain=forward comment="Drop Invalid connections" \
    connection-state=invalid
add action=jump chain=forward comment="Bad packets filtering" jump-target=tcp \
    protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
    tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 \
    protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
    udp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=\
    0:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=3:3 \
    limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=3:4 \
    limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=\
    8:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" icmp-options=\
    11:0-255 limit=5,5:packet protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets"
add action=accept chain=forward comment="Allow Established connections" \
    connection-state=established
add action=drop chain=forward comment=NetCut src-address-list=NetcutUser
/ip firewall mangle
add action=mark-connection chain=prerouting dst-port=80,8080,443 \
    new-connection-mark=Bigger-Connection passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=80,8080,443 \
    new-connection-mark=Bigger-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Bigger-Connection \
    new-packet-mark=Bigger passthrough=no
add action=add-src-to-address-list address-list=NetcutUser \
    address-list-timeout=1h5m chain=prerouting comment="Deteksi Netcut" \
    dst-address-list=netcut dst-port=80 protocol=tcp
add action=change-ttl chain=postrouting comment=\
    "Membatasi sharing koneksi dengan 'Change TTL'" new-ttl=set:1 \
    out-interface=bridge-AP passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.88.0/24
add action=redirect chain=dstnat comment="Block DNS Luar" dst-port=53 \
    protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
/ip firewall raw
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment=Vainglory dst-address-list=\
    !private-lokal dst-port=7000-8020 protocol=tcp src-address-list=\
    private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment=Vainglory content=.superevil.net \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="Mobile Legends" dst-address-list=\
    !private-lokal dst-port=30000-30150 protocol=tcp src-address-list=\
    private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="Mobile Legends" content=\
    .youngjoygame.com dst-address-list=!private-lokal src-address-list=\
    private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="PUBG Mobile" dst-address-list=\
    !private-lokal dst-port=10012,17500 protocol=tcp src-address-list=\
    private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="PUBG Mobile" dst-address-list=\
    !private-lokal dst-port="10491,10010,10013,10612,20002,20001,20000,12235,1\
    3748,13972,13894,11455,10096,10039" protocol=udp src-address-list=\
    private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="PUBG Mobile" content=.igamecj.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment="PUBG Mobile" content=\
    tencentgames.helpshift.com dst-address-list=!private-lokal \
    src-address-list=private-lokal
add action=add-dst-to-address-list address-list=games address-list-timeout=\
    none-dynamic chain=prerouting comment=Garena content=.garenanow.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=ig content=.cdninstagram.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=ig content=.instagram.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=WA content=.whatsapp.net \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=WA content=.whatsapp.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=life360 content=.life360.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=fb content=.facebook.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=fb content=.facebook.net \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=fb content=.fbcdn.net \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=twitter content=.twitter.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=twitter content=.twimg.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\
    none-dynamic chain=prerouting comment=tiktok content=.tiktokv.com \
    dst-address-list=!private-lokal src-address-list=private-lokal
add action=jump chain=prerouting comment="Jump to handle virus from TCP port" \
    jump-target=tcp-virus log=yes protocol=tcp
add action=jump chain=prerouting comment="Jump to handle virus from UDP port" \
    jump-target=udp-virus log=yes protocol=udp
add action=drop chain=tcp-virus comment="Socks D Troie, Death" dst-port=1-2 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Agent 31, Hacker's Paradise, Agent 40421" dst-port=30-31 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=ye swn worms and trojans use this port" dst-port=37 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Deep Throat Fore play" dst-port=41 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=DRAT dst-port=48 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=DRAT dst-port=50 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="DM Setup" dst-port=58-59 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.Evala.Worm dst-port=69-70 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="CDK, Firehotcker" dst-port=79 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Beagle.S RemoconChubo" dst-port=81 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    85-90 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Common Port for phishing scam sit, Hiddenport, NCX" dst-port=99 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="More than 3 kno log=yes wn worms and \
    trojans usethis port , Invisible Identd Deamon, Kazimas" dst-port=113 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Happy99 dst-port=119 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Jammer Killah, Attack Bot, God Msage" dst-port=121 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Password Generator Protocol" \
    dst-port=129 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Farnaz dst-port=133 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    136-138 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=NetTaxi dst-port=142 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Infector 1.3" dst-port=146 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backage dst-port=334 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backage dst-port=411 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "W32.kibuv.b, Breach, Incognito, tcp Wrappers" dst-port=420-421 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Fatal Connections - Hacker's Paradise" dst-port=455-456 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hacker's Paradise" dst-port=456 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Grlogin, RPC backDoor" dst-port=\
    513-514 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.kibuv.worm dst-port=530 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Rasmin, Net666" dst-port=531 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Stealth Spy, Phaze, 7-11 Trojan, Ini-Killer, Phase Zero, Phase-0" \
    dst-port=555 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=559 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Sober worm Variants" dst-port=587 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="W.32.Sasser worm" dst-port=593 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Secret Service" dst-port=605 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Attack FTP, Back Construction, BLA Tr\
    ojan, no log=yeskno log=yesk, satans" dst-port=666 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=SnipperNet dst-port=667 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Dp Trojan" dst-port=669 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=GayOL dst-port=692 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment="BackDoor.Netcrack.B - AimSpy" \
    dst-port=777-778 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=WinHole dst-port=808 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Common Port for phishing scam sit" \
    dst-port=880 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Devil dst-port=901-902 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Dark Shadow" dst-port=911 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    999-1001 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Doly Trojan" dst-port=1011-1016 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.lingosky dst-port=1024-1025 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="NetSpy, Multidropper" dst-port=\
    1033-1035 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Rasmin dst-port=1045 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="/sbin/initd - MiniCommand" dst-port=\
    1049-1050 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="The Thief, AckCmd" dst-port=\
    1053-1054 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Backdoor.Zagaban, WinHole" dst-port=\
    1080-1083 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Xtreme dst-port=1090 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    1111 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Orion dst-port=1150-1151 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Psyber Stream Server" dst-port=1170 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=SoftWAR,Infector dst-port=1207-1208 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Kaos dst-port=1212 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=Backdoor.Sazo dst-port=1218 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    1234 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="VooDoo Doll" dst-port=1245 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Scarab, Project next" dst-port=\
    1255-1256 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Maverick's Matrix" dst-port=1269 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="The Matrix" dst-port=1272 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=NETrojan dst-port=1313 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Millenium Worm" dst-port=1338 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Bo dll" dst-port=1349 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="GoFriller, Backdoor G-1" dst-port=\
    1394 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="remote Storm" dst-port=1441 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=FTP99CMP dst-port=1492 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="FunkProxy " dst-port=1505 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Psyber Streaming server" dst-port=\
    1509 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Remote Hack" dst-port=1568 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Backdoor.Miffice, Bize.Worm" \
    dst-port=1533-1534 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Shivka-Burka, Direct Connection" \
    dst-port=1600 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="ICA Browser" dst-port=1604 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Exploiter dst-port=1703 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Scarab dst-port=1777 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Loxbot.d dst-port=1751 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.NetControle dst-port=1772 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=SpySender dst-port=1807 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    1863 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Fake FTP. WM FTP Server" dst-port=\
    1966-1967 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Shockrave, Bowl" dst-port=1981 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="OpC BO" dst-port=1969 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    1999-2005 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Ripper dst-port=2023 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.korgo.a dst-port=2041 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Backdoor.TJServ - WinHole" dst-port=\
    2080 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Expjan dst-port=2090 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Bugs dst-port=2115 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment="Deep Throat" dst-port=2140 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Illusion Mailer" dst-port=2155 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Nirvana dst-port=2255 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hvl RAT, Dumaru" dst-port=2283 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Xplorer dst-port=2300 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Studio 54" dst-port=2311 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=backdoor.shellbot dst-port=2322 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "backdoor.shellbot, Eyeveg.worm.c, contact" dst-port=2330-2339 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=vbs.shania dst-port=2414 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Beagle.N dst-port=2556 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Striker dst-port=2565 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=WinCrash dst-port=2583 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="The Prayer 1.2 -1.3" dst-port=2716 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Phase Zero" dst-port=2721 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Beagle.J dst-port=2745 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.hllw.deadhat.b dst-port=2766 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=SubSeven dst-port=2773-2774 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Phineas Phucker" dst-port=2801 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Brador.A dst-port=2989 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Remote Shut" dst-port=3000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=WinCrash dst-port=3024 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Wortbot dst-port=3028 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="W32.Mytob.cz@mm, MicroSpy" dst-port=\
    3030-3031 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.korgo.a dst-port=3067 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    3127-3198 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.HLLW.Dax dst-port=3256 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    3332 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=w32.Mytob.kp@MM dst-port=3385 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.mockbot.a.worm dst-port=3410 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Backdoor.Fearic, Terror Trojan" \
    dst-port=3456 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Eclipse 2000" dst-port=3459 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=3547 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Portal of Doom" dst-port=3700 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.helios dst-port=3737 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=PsychWard dst-port=3777 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Eclypse dst-port=3791 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Eclypse dst-port=3801 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=SkyDance,Backdoor.OptixPro.13.C \
    dst-port=4000-4001 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=WinCrash dst-port=4092 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.rcserv dst-port=4128 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Backdoor.Nemog.D - Virtual Hacking Machine" dst-port=4242 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.smokodoor dst-port=4300 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=BoBo dst-port=4321 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=Phatbot dst-port=4387 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    4444 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.mytob.db dst-port=4512 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="File Nail" dst-port=4567 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="ICQ Trojan" dst-port=4590 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Nemog.D dst-port=4646 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Nemog.D dst-port=4661 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Beagle.U dst-port=4751 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.tuxder dst-port=4820 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.Opanki dst-port=4888 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.RaHack dst-port=4899 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Common Port for phishing scam sit" \
    dst-port=4903 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="ICQ Trogen" dst-port=4950 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Sokets de Trois v1./Bubbel, cd00r" \
    dst-port=5000-5002 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Solo,Ootlt dst-port=5010-5011 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="WM Remote Keylogger" dst-port=5025 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Net Metropolitan 1.0" dst-port=\
    5031-5032 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.laphex.client dst-port=5152 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    5190 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Firehotcker dst-port=5321 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Baackage,NetDemon dst-port=5333 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="WC Remote Administration Tool" \
    dst-port=5343 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Blade Runner" dst-port=5400-5402 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Backdoor.DarkSky.B, Backconstruction" dst-port=5418-5419 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Xtcp, Illusion Mailer" dst-port=5512 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="The Flu" dst-port=5534 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port " dst-port=\
    5550-5558 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Robo-Hack dst-port=5569 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.EasyServ dst-port=5588 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="PC Crasher" dst-port=5637-5638 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=WinCrash dst-port=5714 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=WinCrash dst-port=5741-5742 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Portmap Remote Root Linux Exploit" \
    dst-port=5760 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Evivinc dst-port=5800 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Y3K RAT" dst-port=5880 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Y3K RAT" dst-port=5882 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Y3K RAT" dst-port=5888-5889 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=LovGate.ak dst-port=6000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Bad Blood" dst-port=6006 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.mockbot.a.worm dst-port=6129 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Common Port for phishing scam sit" \
    dst-port=6180 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Tilser dst-port=6187 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Secret Service" dst-port=6272 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="The Thing" dst-port=6400 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Nemog.D dst-port=6565 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=backdoor.sdbot.ag dst-port=6631 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="TEMan, Weia-Meia" dst-port=6661 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Netbus Worm, winSATAN, Dark FTP, Schedule Agent" dst-port=6666-6667 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Vampyre, Deep Throat" dst-port=\
    6669-6671 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Sub Seven, Backdoor.G" dst-port=\
    6711-6713 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Mstream attack-handler" dst-port=\
    6723 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Deep Throat" dst-port=6771 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Sub Seven, Backdoor.G, W32/Bagle@MM" \
    dst-port=6776-6777 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=NetSky.U dst-port=6789 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Delta source DarkStar" dst-port=6883 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Shxt Heap " dst-port=6912 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Indoctrination dst-port=6939 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    6969 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Gate Crasher" dst-port=6970 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="w32.mytob.mx@mm, Remote Grab, explo i\
    t translation server, kazimas, remote grab" dst-port=7000-7001 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Unkno log=yes wn Trojan" dst-port=\
    7028 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.Spybot.ycl dst-port=7043 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=SubSeven dst-port=7215 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Net Monitor" dst-port=7300-7308 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.netshadow dst-port=7329 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.phoenix dst-port=7410 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Host Control" dst-port=7424 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="QaZ -Remote Accs Trojan" dst-port=\
    7597 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.GRM dst-port=7614 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Glacier dst-port=7626 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="GodMsaage, Tini" dst-port=7777 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=ICKiller dst-port=7789 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=7823 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="The ReVeNgEr" dst-port=7891 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.kibuv.b dst-port=7955 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Mstream dst-port=7983 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=w32.mytob.lz@mm dst-port=7999-8000 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Ptakks.b dst-port=8012 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="W32.Spybot.pen " dst-port=8076 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Asniffer dst-port=8090 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.PejayBot dst-port=8126 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="BackOrifice 2000" dst-port=8787 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Monator dst-port=8811 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Beagle.B@mm dst-port=8866 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="BackOrifice 2000" dst-port=8879 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.Axatak dst-port=8888-8889 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="BackHack - Rcon, Recon, Xcon" \
    dst-port=8988-8989 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="W32.randex.ccf - netministrator" \
    dst-port=9000 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.nibu.k dst-port=9125 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=InCommand dst-port=9400 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.kibuv.worm dst-port=9604 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.gholame dst-port=9696-9697 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="BackDoor.RC3.B, Portal of Doom" \
    dst-port=9872-9878 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    9898-10002 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=iNi-Killer dst-port=9989 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="W.32.Sasser Worm" dst-port=9996 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="The Prayer" dst-port=9999 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=OpwinTRojan dst-port=10005 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Chee worm" dst-port=10008 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=w32.mytob.jw@mm dst-port=10027 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Portal of Doom" dst-port=10067 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Mydoom.B dst-port=10080 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="backdoor.ranky.o, backdoor.staprew, b\
    ackdoor.tuimer, gift trojan, brainspy, silencer" dst-port=10100-10103 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Acid Shivers" dst-port=10520 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Coma dst-port=10607 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=Ambush dst-port=10666 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Senna Spy" dst-port=11000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Host Control" dst-port=11050-11051 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Progenic Trojan - Secret Agent" \
    dst-port=11223 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" dst-port=\
    11768 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Latinus Server" dst-port=11831 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Satancrew dst-port=12000 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Berbew.j dst-port=12065 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=GJamer dst-port=12076 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hack'99, KeyLogger" dst-port=12223 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Netbus, Ultor's Trojan" dst-port=\
    12345-12346 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Whack-a-Mole dst-port=12361-12363 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=NetBus dst-port=12456 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Whack Job" dst-port=12631 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Eclypse 2000" dst-port=12701 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Mstream attack-handler" dst-port=\
    12754 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Senna Spy" dst-port=13000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=13173 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.Sober.D dst-port=13468 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Kuang2 the Virus" dst-port=13700 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Mitglieder.h dst-port=14247 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Mstream attack-handler" dst-port=\
    15104 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" dst-port=\
    15118 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Cyn dst-port=15432 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Lastdoor dst-port=16322 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Mosucker dst-port=16484 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Backdoor.Haxdoor.D - Stacheldraht" \
    dst-port=16660-16661 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    16959 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Kuang2.B Trojan" dst-port=17300 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.Imav.a dst-port=17940 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Gaster dst-port=19937 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Millennium - AcidkoR" dst-port=\
    20001-20002 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="NetBus 2 Pro" dst-port=20034 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Chupacabra dst-port=20203 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Bla Trojan" dst-port=20331 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Shaft Client to handlers" dst-port=\
    20432-20433 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Adnap dst-port=20480 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Mitglieder.E dst-port=20742 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=W32.dasher.b dst-port=21211 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Exploiter - Kid Terror - Schwndler - Winsp00fer" dst-port=21554 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "Prosiak - Ruler - Donald Dick - RUX The TIc.K" dst-port=22222 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Yet Ano log=yesther Trojan" \
    dst-port=37651 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    39999 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="The Spy" dst-port=40412 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Agent 40421 - Masters Paradise" \
    dst-port=40421-40426 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Master's Paradise" dst-port=43210 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=44280 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=44390 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Delta Source" dst-port=47252 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=47387 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.antilam.20 dst-port=47891 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Sokets de Trois v2." dst-port=50505 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Fore dst-port=50776 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=Backdoor.Cyn dst-port=51234 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.kalel.a@mm dst-port=51435 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Remote Windows Shutdown" dst-port=\
    53001 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="subSeven -Subseven 2.1 Gold" \
    dst-port=54283 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port " dst-port=\
    54320-54321 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "WM Trojan Generator - File manager Trojan" dst-port=55165-55166 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Osirdoor dst-port=56565 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="NetRaider Trojan" dst-port=57341 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=BackDoor.Tron dst-port=58008-58009 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Butt Funnel" dst-port=58339 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=BackDoor.Redkod dst-port=58666 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=BackDoor.DuckToy dst-port=59211 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Deep Throat" dst-port=60000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Trinity dst-port=60001 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Fulamer.25 dst-port=60006 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Xzip 6000068" dst-port=60068 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Connection dst-port=60411 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.mite dst-port=61000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" dst-port=61348 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Telecommando dst-port=61466 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" dst-port=61603 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" dst-port=63485 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Phatbot, W32.hllw.gaobot.dk" \
    dst-port=63808-63809 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Taskmin dst-port=64101 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Amitis.B dst-port=64429 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    65000 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Eclypse dst-port=65390 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Jade dst-port=65421 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment="The Traitor (th3tr41t0r)" dst-port=\
    65432 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Phatbot dst-port=65506 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=/sbin/init dst-port=65534 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Adore Worm/Linux - RC1 Trojan" \
    dst-port=65535 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Cafeini dst-port=51966 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Acid baterry 2000" dst-port=52317 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Enterprise dst-port=50130 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Online Keylogger" dst-port=49301 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Exploiter dst-port=44575 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Prosiak dst-port=44444 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Remote Boot Tool - RBT" dst-port=\
    41666 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Storm dst-port=41337 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Mantis dst-port=37237 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Donald Dick" dst-port=34444 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Son of PsychWard" dst-port=33577 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Son of PsychWard" dst-port=33777 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Peanut Brittle, Project Next" \
    dst-port=32100 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Donald Dick" dst-port=32001 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hack'a'Tack" dst-port=31785 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Intruse dst-port=30947 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Lamers Death" dst-port=30003 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Infector - ErrOr32" dst-port=\
    30000-30001 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=ovasOn dst-port=29369 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=NetTrojan dst-port=29104 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Exploiter dst-port=28678 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Bad Blood - Ramen - Seeker - SubSev e\
    n - SubSeven 2.1 Gold - Subseven 2.14 DefCon8 - SubSeven Muie - Ttfloader" \
    dst-port=27374 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Voicpy dst-port=26681 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Moonpie dst-port=25982 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Moonpie dst-port=25685-25686 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Infector dst-port=24000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=InetSpy dst-port=23777 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Evil FTP - Ugly FTP - Whack Job" \
    dst-port=23456 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Asylum dst-port=23432 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Amanda dst-port=23032 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Logged dst-port=23232 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Girl friend - Kid Error" dst-port=\
    21544 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="VP killer" dst-port=20023 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Mosucker dst-port=20005 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="ICQ Revenge" dst-port=19864 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Nephron dst-port=17777 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Audiodoor dst-port=17593 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Infector dst-port=17569 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=CrazzyNet dst-port=17499-17500 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=KidTerror dst-port=17449 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Mosaic dst-port=17166 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Priority dst-port=16969 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="ICQ Revenge" dst-port=16772 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=CDK dst-port=15858 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment=SubZero dst-port=15382 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Host Control" dst-port=15092 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=NetDemon dst-port=15000 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="PC Invader" dst-port=14500-14503 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Chupacabra dst-port=13473 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hack '99 KeyLogger" dst-port=13223 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=PsychWard dst-port=13013-13014 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Hacker Brasil - HBR" dst-port=13010 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Buttman dst-port=12624 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=BioNet dst-port=12349 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Host Control" dst-port=10528 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Syphilis dst-port=10085-10086 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=DigitalRootbeer dst-port=2600 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Doly Trojan" dst-port=2345 log=yes \
    protocol=tcp
add action=return chain=tcp-virus comment="Back to previous menu" log=yes
add action=drop chain=udp-virus comment="Socks D Troie, Death" dst-port=1 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Netbios - DoS attacks msinit" \
    dst-port=136-139 log=yes protocol=udp
add action=drop chain=udp-virus comment=Infector dst-port=146 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="N0kN0k Trojan" dst-port=666 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=\
    "Maverick's Matrix 1.2-2.0 - remote storm" dst-port=1025 log=yes \
    protocol=udp
add action=drop chain=tcp-virus comment=Backdoor.Simali dst-port=22311 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor-ADM dst-port=22784 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=W32.hllw.nettrash dst-port=\
    23005-23006 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=backdoor.berbew.j dst-port=23232 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Trojan.Framar dst-port=23435 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Donald Dick" dst-port=23476-23477 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=w32.mytob.km@mm dst-port=23523 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Delta Source" dst-port=26274 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.optix.04 dst-port=27379 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Sub-7 2.1" dst-port=27573 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Trin00 DoS Attack" dst-port=27665 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Sdbot.ai dst-port=29147 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.NTHack dst-port=29292 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Latinus Server" dst-port=29559 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="The Unexplained" dst-port=29891 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Antilam.20 dst-port=29999 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment="AOL Trojan" dst-port=30029 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=NetSphere dst-port=30100-30103 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="NetSphere Final" dst-port=30133 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Sockets de Troi" dst-port=30303 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Kuang2 dst-port=30999 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    31335-31339 log=yes protocol=tcp
add action=drop chain=tcp-virus comment=BOWhack dst-port=31666 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Hack'a'Tack" dst-port=31785-31792 \
    log=yes protocol=tcp
add action=drop chain=tcp-virus comment=backdoor.berbew.j dst-port=32121 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Acid Battery" dst-port=32418 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Alets.B dst-port=32440 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="Trinity Trojan" dst-port=33270 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=trojan.lodeight.b dst-port=33322 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment=Prosiak dst-port=33333 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment="Spirit 2001 a" dst-port=33911 log=\
    yes protocol=tcp
add action=drop chain=tcp-virus comment="BigGluck, TN" dst-port=34324 log=yes \
    protocol=tcp
add action=drop chain=udp-virus comment="BackOrifice DLL Comm" dst-port=1349 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="FunkProxy " dst-port=1505 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="ICA Browser" dst-port=1604 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=BackDoor.Fearic dst-port=2000 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Mini Backlash" dst-port=2130 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Deep Throat" dst-port=2140 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=BackDoor.Botex dst-port=2222 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=voicpy dst-port=2339 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=Rat dst-port=2989 log=yes protocol=\
    udp
add action=drop chain=udp-virus comment=\
    "Deep Throat - Foreplay - Mini Backflash" dst-port=3150 log=yes protocol=\
    udp
add action=drop chain=udp-virus comment=Backdoor.Fearic dst-port=3456 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=Eclypse dst-port=3801 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="WityWorm - BlackICE/ISS" dst-port=\
    4000 log=yes protocol=udp
add action=drop chain=udp-virus comment="Remote Shell Trojan" dst-port=5503 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Y3K RAT" dst-port=5882 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Y3K RAT" dst-port=5888 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Mstream Agent-handler" dst-port=6838 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Unkno log=yes wn Trojan" dst-port=\
    7028 log=yes protocol=udp
add action=drop chain=udp-virus comment="Host Control" dst-port=7424 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="MStream handler-agent" dst-port=7983 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="BackOrifice 2000" dst-port=8787 log=\
    yes protocol=udp
add action=drop chain=udp-virus comment="BackOrifice 2000" dst-port=8879 log=\
    yes protocol=udp
add action=drop chain=udp-virus comment="MStream Agent-handler" dst-port=9325 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Portal of Doom" dst-port=10067 log=\
    yes protocol=udp
add action=drop chain=udp-virus comment="Portal of Doom" dst-port=10167 log=\
    yes protocol=udp
add action=drop chain=udp-virus comment="Mstream handler-agent" dst-port=\
    10498 log=yes protocol=udp
add action=drop chain=udp-virus comment=Ambush dst-port=10666 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="DUN Control" dst-port=12623 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Shaft handler to Agent" dst-port=\
    18753 log=yes protocol=udp
add action=drop chain=udp-virus comment="Shaft handler to Agent" dst-port=\
    20433 log=yes protocol=udp
add action=drop chain=udp-virus comment=GirlFriend dst-port=21554 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Donald Dick" dst-port=23476 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Delta Source" dst-port=26274 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Sub-7 2.1" dst-port=27374 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=Trin00/TFN2K dst-port=27444 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="Sub-7 2.1" dst-port=27573 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=NetSphere dst-port=30103 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment=\
    "More than 3 kno log=yes wn worms and trojans use this port" dst-port=\
    31335-31338 log=yes protocol=udp
add action=drop chain=udp-virus comment="Hack`a'Tack" dst-port=31787-31791 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Trin00 for windows" dst-port=34555 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Trin00 for windows" dst-port=35555 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Delta Source" dst-port=47262 log=yes \
    protocol=udp
add action=drop chain=udp-virus comment="OnLine keyLogger" dst-port=49301 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="Back Orifice" dst-port=54320-54321 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="NetRaider Trojan" dst-port=57341 \
    log=yes protocol=udp
add action=drop chain=udp-virus comment="The Traitor - th3tr41t0r" dst-port=\
    65432 log=yes protocol=udp
add action=return chain=udp-virus comment="Back to previous menu" log=yes
add action=return chain=virus comment="Back to previous rul" log=yes
add action=drop chain=tcp-virus comment=Vampire dst-port=1020 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Bla dst-port=1042 log=yes protocol=\
    tcp
add action=drop chain=tcp-virus comment="RAT, Blood Ft Evoltion" dst-port=\
    1095-1099 log=yes protocol=tcp
add action=drop chain=tcp-virus comment="Sub Seven" dst-port=1243 log=yes \
    protocol=tcp
add action=drop chain=tcp-virus comment=Trino dst-port=1524 log=yes \
    log-prefix=yes protocol=tcp
add action=drop chain=tcp-virus comment=backdoor.no dst-port=7740-7749 log=\
    yes log-prefix=yes protocol=tcp
add action=drop chain=tcp-virus comment=Backdoor.Lifefourno dst-port=36183 \
    log=yes log-prefix=yes protocol=tcp
add action=drop chain=udp-virus comment=no dst-port=1200-1201 log=yes \
    log-prefix=yes protocol=udp
/ip hotspot user
add name=xxx password=xxx server=hotspot1
add disabled=yes name=xxx password=xxx profile=trial server=\
    hotspot1
add name=op password=op server=hotspot1
add name=fkk524 password=fkk524 profile=Bulanan server=hotspot1
add name=idv546 password=idv546 profile=Bulanan server=hotspot1
add name=vcs528 password=vcs528 profile=Bulanan server=hotspot1
add name=bgz678 password=bgz678 profile=Bulanan server=hotspot1
add name=rch555 password=rch555 profile=Bulanan server=hotspot1
add name=dah399 password=dah399 profile=Bulanan server=hotspot1
add name=vmu888 password=vmu888 profile=Bulanan server=hotspot1
add name=mfz549 password=mfz549 profile=Bulanan server=hotspot1
add name=bty469 password=bty469 profile=Bulanan server=hotspot1
add name=nep798 password=nep798 profile=Bulanan server=hotspot1
/ip proxy
set cache-administrator=xxx.hotspot max-cache-object-size=20000KiB \
    max-cache-size=80000KiB max-fresh-time=1w
/ip proxy access
add action=deny dst-host=internetpositif.uzone.id redirect-to=google.com
add action=deny dst-host=mercusuar.uzone.id redirect-to=google.com
add action=deny dst-host=welcome.indihome.co.id redirect-to=google.com
add action=deny dst-host=192.168.1.1 redirect-to=google.com
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes
/radius
add address=127.0.0.1 secret=123456 service=hotspot
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Jakarta
/system identity
set name="xxx Hotspot"
/system logging
add action=disk prefix=-> topics=hotspot,info,debug
/system ntp client
set enabled=yes primary-ntp=202.65.114.202 secondary-ntp=212.26.18.41 \
    server-dns-names=asia.pool.ntp.org
/system scheduler
add comment="Monitor Profile Mingguan" interval=2m40s name=Mingguan on-event="\
    :local dateint do={:local montharray ( \"jan\",\"feb\",\"mar\",\"apr\",\"m\
    ay\",\"jun\",\"jul\",\"aug\",\"sep\",\"oct\",\"nov\",\"dec\" );:local days\
    \_[ :pick \$d 4 6 ];:local month [ :pick \$d 0 3 ];:local year [ :pick \$d\
    \_7 11 ];:local monthint ([ :find \$montharray \$month]);:local month (\$m\
    onthint + 1);:if ( [len \$month] = 1) do={:local zero (\"0\");:return [:to\
    num (\"\$year\$zero\$month\$days\")];} else={:return [:tonum (\"\$year\$mo\
    nth\$days\")];}}; :local timeint do={ :local hours [ :pick \$t 0 2 ]; :loc\
    al minutes [ :pick \$t 3 5 ]; :return (\$hours * 60 + \$minutes) ; }; :loc\
    al date [ /system clock get date ]; :local time [ /system clock get time ]\
    ; :local today [\$dateint d=\$date] ; :local curtime [\$timeint t=\$time] \
    ; :foreach i in [ /ip hotspot user find where profile=\"Mingguan\" ] do={ \
    :local comment [ /ip hotspot user get \$i comment]; :local name [ /ip hots\
    pot user get \$i name]; :local gettime [:pic \$comment 12 20]; :if ([:pic \
    \$comment 3] = \"/\" and [:pic \$comment 6] = \"/\") do={:local expd [\$da\
    teint d=\$comment] ; :local expt [\$timeint t=\$gettime] ; :if ((\$expd < \
    \$today and \$expt < \$curtime) or (\$expd < \$today and \$expt > \$curtim\
    e) or (\$expd = \$today and \$expt < \$curtime)) do={ [ /ip hotspot user r\
    emove \$i ]; [ /ip hotspot active remove [find where user=\$name] ];}}}" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=sep/21/2019 start-time=05:34:57
add comment="Monitor Profile Bulanan" interval=2m14s name=Bulanan on-event=":l\
    ocal dateint do={:local montharray ( \"jan\",\"feb\",\"mar\",\"apr\",\"may\
    \",\"jun\",\"jul\",\"aug\",\"sep\",\"oct\",\"nov\",\"dec\" );:local days [\
    \_:pick \$d 4 6 ];:local month [ :pick \$d 0 3 ];:local year [ :pick \$d 7\
    \_11 ];:local monthint ([ :find \$montharray \$month]);:local month (\$mon\
    thint + 1);:if ( [len \$month] = 1) do={:local zero (\"0\");:return [:tonu\
    m (\"\$year\$zero\$month\$days\")];} else={:return [:tonum (\"\$year\$mont\
    h\$days\")];}}; :local timeint do={ :local hours [ :pick \$t 0 2 ]; :local\
    \_minutes [ :pick \$t 3 5 ]; :return (\$hours * 60 + \$minutes) ; }; :loca\
    l date [ /system clock get date ]; :local time [ /system clock get time ];\
    \_:local today [\$dateint d=\$date] ; :local curtime [\$timeint t=\$time] \
    ; :foreach i in [ /ip hotspot user find where profile=\"Bulanan\" ] do={ :\
    local comment [ /ip hotspot user get \$i comment]; :local name [ /ip hotsp\
    ot user get \$i name]; :local gettime [:pic \$comment 12 20]; :if ([:pic \
    \$comment 3] = \"/\" and [:pic \$comment 6] = \"/\") do={:local expd [\$da\
    teint d=\$comment] ; :local expt [\$timeint t=\$gettime] ; :if ((\$expd < \
    \$today and \$expt < \$curtime) or (\$expd < \$today and \$expt > \$curtim\
    e) or (\$expd = \$today and \$expt < \$curtime)) do={ [ /ip hotspot user r\
    emove \$i ]; [ /ip hotspot active remove [find where user=\$name] ];}}}" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=sep/21/2019 start-time=05:41:35
add comment="Monitor Profile Harian" interval=2m27s name=Harian on-event=":loc\
    al dateint do={:local montharray ( \"jan\",\"feb\",\"mar\",\"apr\",\"may\"\
    ,\"jun\",\"jul\",\"aug\",\"sep\",\"oct\",\"nov\",\"dec\" );:local days [ :\
    pick \$d 4 6 ];:local month [ :pick \$d 0 3 ];:local year [ :pick \$d 7 11\
    \_];:local monthint ([ :find \$montharray \$month]);:local month (\$monthi\
    nt + 1);:if ( [len \$month] = 1) do={:local zero (\"0\");:return [:tonum (\
    \"\$year\$zero\$month\$days\")];} else={:return [:tonum (\"\$year\$month\$\
    days\")];}}; :local timeint do={ :local hours [ :pick \$t 0 2 ]; :local mi\
    nutes [ :pick \$t 3 5 ]; :return (\$hours * 60 + \$minutes) ; }; :local da\
    te [ /system clock get date ]; :local time [ /system clock get time ]; :lo\
    cal today [\$dateint d=\$date] ; :local curtime [\$timeint t=\$time] ; :fo\
    reach i in [ /ip hotspot user find where profile=\"Harian\" ] do={ :local \
    comment [ /ip hotspot user get \$i comment]; :local name [ /ip hotspot use\
    r get \$i name]; :local gettime [:pic \$comment 12 20]; :if ([:pic \$comme\
    nt 3] = \"/\" and [:pic \$comment 6] = \"/\") do={:local expd [\$dateint d\
    =\$comment] ; :local expt [\$timeint t=\$gettime] ; :if ((\$expd < \$today\
    \_and \$expt < \$curtime) or (\$expd < \$today and \$expt > \$curtime) or \
    (\$expd = \$today and \$expt < \$curtime)) do={ [ /ip hotspot user remove \
    \$i ]; [ /ip hotspot active remove [find where user=\$name] ];}}}" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=sep/21/2019 start-time=05:38:35
add comment=--AutoBlockNetcut-- interval=10m name=--AutoBlockNetcut-- \
    on-event="local a [/ip firewall address-list get [find list=\"NetcutUser\"\
    ] address]\r\
    \nlocal b [/ip hotspot active get [find address=\$a] mac-address]\r\
    \nif (\$a != \"\") do={[\r\
    \n/ip hotspot ip-binding add mac-address=\"\$b\" address=\"\$a\" type=bloc\
    ked\r\
    \n/ip firewall address-list remove [find address=\"\$a\"]\r\
    \n/system scheduler add name (\$a)  interval=\"01:00:00\" on \"/ip hotspot\
    \_ip-binding remove [find mac-address=\$b]\r\
    \n/system scheduler remove [find name=\$a]\"\r\
    \n]}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=sep/21/2019 start-time=03:14:40
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool netwatch
add down-script="/queue simple remove [find name=hs-<hotspot1>]" host=\
    192.168.88.1 interval=1s up-script=\
    "/queue simple remove [find name=hs-<hotspot1>]"
/tool user-manager database
set db-path=/user-manager
 sep/21/2019 05:52:49 by RouterOS 6.45.6
# software id = XXXX-XXXX

www,nobokep,my,id