firewal mikrotik sapu jagad

1. note :
2. ether1 adalah dari internet
3.  
4. /ip fi fi
5. add action=accept chain=input comment=\
6. "defconf: accept established,related,untracked" connection-state=\
7. established,related,untracked
8. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
9. invalid
10. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
11. add action=accept chain=input comment=vpn dst-port=1723 in-interface=ether1 \
12. protocol=tcp src-address-list=nice
13. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
14. in-interface=ether1
15. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
16. ipsec-policy=in,ipsec
17. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
18. ipsec-policy=out,ipsec
19. add action=accept chain=forward comment=\
20. "defconf: accept established,related, untracked" connection-state=\
21. established,related,untracked
22. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
23. invalid
24. add action=drop chain=forward comment=\
25. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
26. connection-state=new in-interface=ether1
27.  
28. /ip firewall filter
29. add chain=input comment="default configuration" protocol=icmp
30. add chain=input comment="default configuration" connection-state=\
31. established,related
32. add chain=input dst-port=8291 in-interface=ether1 protocol=tcp
33. add chain=forward dst-port=8291 in-interface=ether1 protocol=tcp
34. add action=drop chain=input comment="default configuration" in-interface=\
35. ether1
36. add chain=forward comment="default configuration" connection-state=\
37. established,related
38. add action=drop chain=forward comment="default configuration" connection-state=\
39. invalid
40. add action=drop chain=forward comment="default configuration" \
41. connection-nat-state=!dstnat connection-state=new in-interface=\
42. ether1
43.  
44. :local nama "WAN";
45. :local target "10.0.0.0/8";
46. :local interfaceID [/ip address find interface=$nama];
47. :local currIP [/ip address get $interfaceID address];
48. :local ip currIP;
49. :if (!($currIP in $target)) do= {
50. :log info "ip public sudah ok ($currIP)";
51. } \
52. else={
53. :while ($currIP in $target) do={
54. :log warning "disconnect ip"
55. /interface disable $nama;
56. :delay 10;
57. :log warning "reconnect ip public";
58. /interface enable $nama;
59. :delay 10;
60. }
61. }