Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- note :
- ether1 adalah dari internet
- /ip fi fi
- add action=accept chain=input comment=\
- "defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment=vpn dst-port=1723 in-interface=ether1 \
- protocol=tcp src-address-list=nice
- add action=drop chain=input comment="defconf: drop all not coming from LAN" \
- in-interface=ether1
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=ether1
- /ip firewall filter
- add chain=input comment="default configuration" protocol=icmp
- add chain=input comment="default configuration" connection-state=\
- established,related
- add chain=input dst-port=8291 in-interface=ether1 protocol=tcp
- add chain=forward dst-port=8291 in-interface=ether1 protocol=tcp
- add action=drop chain=input comment="default configuration" in-interface=\
- ether1
- add chain=forward comment="default configuration" connection-state=\
- established,related
- add action=drop chain=forward comment="default configuration" connection-state=\
- invalid
- add action=drop chain=forward comment="default configuration" \
- connection-nat-state=!dstnat connection-state=new in-interface=\
- ether1
- :local nama "WAN";
- :local target "10.0.0.0/8";
- :local interfaceID [/ip address find interface=$nama];
- :local currIP [/ip address get $interfaceID address];
- :local ip currIP;
- :if (!($currIP in $target)) do= {
- :log info "ip public sudah ok ($currIP)";
- } \
- else={
- :while ($currIP in $target) do={
- :log warning "disconnect ip"
- /interface disable $nama;
- :delay 10;
- :log warning "reconnect ip public";
- /interface enable $nama;
- :delay 10;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement