Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip firewall address-list
- add list="private-lokal" address=0.0.0.0/8
- add list="private-lokal" address=10.0.0.0/8
- add list="private-lokal" address=100.64.0.0/10
- add list="private-lokal" address=127.0.0.0/8
- add list="private-lokal" address=169.254.0.0/16
- add list="private-lokal" address=172.16.0.0/12
- add list="private-lokal" address=192.0.0.0/24
- add list="private-lokal" address=192.0.2.0/24
- add list="private-lokal" address=192.168.0.0/16
- add list="private-lokal" address=198.18.0.0/15
- add list="private-lokal" address=198.51.100.0/24
- add list="private-lokal" address=203.0.113.0/24
- add list="private-lokal" address=224.0.0.0/3
- /ip firewall address-list
- add address=garena.co.id list=games
- add address=gemscool.co.id list=games
- add address=lytogame.com list=games
- add address=megaxus.co.id list=games
- add address=steampowered.com list=games
- add address=118.98.0.0/17 list=ggc-telkom
- add address=118.97.0.0/16 list=ggc-telkom
- /ip firewall layer7-protocol
- add name=torrent regexp="^.+(Torrent|torrent)"
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291-8299,8030-8039,2222,22,5900-5911,1701-1723,8123,1194,8012,8123 protocol=tcp
- add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291-8299,8030-8039,2222,22,5900-5911,1701-1723,8123,1194,8012,8123 protocol=udp
- add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
- add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
- add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1
- /ip firewall mangle
- add action=mark-connection chain=prerouting comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=yes \
- src-address-list=private-lokal
- add action=accept chain=prerouting comment=private-lokal connection-mark=private-lokal dst-address-list=private-lokal src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=vip dst-address-list=!private-lokal new-connection-mark=vip passthrough=yes protocol=icmp \
- src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=dns dst-address-list=!private-lokal dst-port=53,5353,123,1194 new-connection-mark=vip passthrough=yes \
- protocol=tcp src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=dns dst-address-list=!private-lokal dst-port=53,5353,123,1194 new-connection-mark=vip passthrough=yes \
- protocol=udp src-address-list=private-lokal
- add action=accept chain=prerouting comment=vip connection-mark=vip
- add action=mark-connection chain=prerouting comment=jump1 dst-address-list=!private-lokal dst-port=\
- !21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 layer7-protocol=!torrent new-connection-mark=jump1 passthrough=yes protocol=tcp \
- src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=jump1 dst-address-list=!private-lokal dst-port=\
- !21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 layer7-protocol=!torrent new-connection-mark=jump1 passthrough=yes protocol=udp \
- src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=jump11 connection-mark=jump1 dst-address-list=!private-lokal dst-port=\
- !8030-8039,2222,5900-5911,1701-1723,8123,1194,8012,8123,8728 layer7-protocol=!torrent new-connection-mark=jump11 passthrough=yes protocol=tcp \
- src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=jump11 connection-mark=jump1 dst-address-list=!private-lokal dst-port=\
- !8030-8039,2222,5900-5911,1701-1723,8123,1194,8012,8123,8728 layer7-protocol=!torrent new-connection-mark=jump11 passthrough=yes protocol=udp \
- src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=games connection-mark=jump11 dst-address-list=!private-lokal dst-port=!53,5353,5938,8291,12671-12675 \
- layer7-protocol=!torrent new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=games connection-mark=jump11 dst-address-list=!private-lokal dst-port=!53,5353,5938,8291,12671-12675 \
- layer7-protocol=!torrent new-connection-mark=games passthrough=yes protocol=udp src-address-list=private-lokal
- add action=add-dst-to-address-list address-list=games address-list-timeout=10m1s chain=prerouting comment=games connection-mark=games dst-address-list=\
- !private-lokal src-address-list=private-lokal
- add action=accept chain=prerouting comment=games connection-mark=games
- add action=mark-connection chain=prerouting comment=ggc-redirector content=googlevideo.com dst-address-list=ggc-telkom new-connection-mark=ggc-redirector \
- passthrough=yes src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=ggc-redirector content=youtube.com dst-address-list=ggc-telkom new-connection-mark=ggc-redirector \
- passthrough=yes src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=ggc-redirector content=gvt1.com dst-address-list=ggc-telkom new-connection-mark=ggc-redirector \
- passthrough=yes src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=ggc-redirector content=windows dst-address-list=ggc-telkom new-connection-mark=ggc-redirector \
- passthrough=yes src-address-list=private-lokal
- add action=mark-connection chain=prerouting comment=ggc-redirector content=cdn dst-address-list=ggc-telkom new-connection-mark=ggc-redirector passthrough=yes \
- src-address-list=private-lokal
- add action=accept chain=prerouting comment=ggc-redirector connection-mark=ggc-redirector
- add action=mark-connection chain=prerouting comment=all-trafik dst-address-list=!private-lokal new-connection-mark=all-trafik passthrough=yes \
- src-address-list=private-lokal
- add action=accept chain=prerouting comment=all-trafik connection-mark=all-trafik
- add action=jump chain=forward in-interface=ether1 jump-target=qos-down
- add action=mark-packet chain=qos-down comment=vip-down connection-mark=vip new-packet-mark=vip-down passthrough=no
- add action=mark-packet chain=qos-down comment=games-down connection-mark=games new-packet-mark=games-down passthrough=no
- add action=mark-packet chain=qos-down comment=patch-games-down connection-mark=all-trafik new-packet-mark=patch-games-down passthrough=no src-address-list=\
- games
- add action=mark-packet chain=qos-down comment=ggc-telkom-down connection-mark=ggc-redirector new-packet-mark=ggc-telkom-down passthrough=no
- add action=mark-packet chain=qos-down comment=browsing-down connection-bytes=0-1000000 connection-mark=all-trafik new-packet-mark=browsing-down passthrough=\
- no
- add action=mark-packet chain=qos-down comment=low-down connection-bytes=1000001-10000000 connection-mark=all-trafik new-packet-mark=low-down passthrough=no
- add action=mark-packet chain=qos-down comment=midle-down connection-bytes=10000001-50000000 connection-mark=all-trafik new-packet-mark=midle-down \
- passthrough=no
- add action=mark-packet chain=qos-down comment=high-down connection-bytes=50000001-0 connection-mark=all-trafik new-packet-mark=high-down passthrough=no
- add action=mark-packet chain=qos-down comment=unknown-down connection-mark=all-trafik new-packet-mark=unknown-down passthrough=no
- add action=mark-packet chain=qos-down comment=unknown-down new-packet-mark=unknown-down passthrough=no
- add action=return chain=qos-down
- add action=jump chain=forward jump-target=qos-up out-interface=ether1
- add action=mark-packet chain=qos-up comment=vip-up connection-mark=vip new-packet-mark=vip-up passthrough=no
- add action=mark-packet chain=qos-up comment=games-up connection-mark=games new-packet-mark=games-up passthrough=no
- add action=mark-packet chain=qos-up comment=patch-games-up connection-mark=all-trafik dst-address-list=games new-packet-mark=patch-games-up passthrough=no
- add action=mark-packet chain=qos-up comment=ggc-telkom-up connection-mark=ggc-redirector new-packet-mark=ggc-telkom-up passthrough=no
- add action=mark-packet chain=qos-up comment=browsing-up connection-bytes=0-1000000 connection-mark=all-trafik new-packet-mark=browsing-up passthrough=no
- add action=mark-packet chain=qos-up comment=low-up connection-bytes=1000001-10000000 connection-mark=all-trafik new-packet-mark=low-up passthrough=no
- add action=mark-packet chain=qos-up comment=midle-up connection-bytes=10000001-50000000 connection-mark=all-trafik new-packet-mark=midle-up passthrough=no
- add action=mark-packet chain=qos-up comment=high-up connection-bytes=50000001-0 connection-mark=all-trafik new-packet-mark=high-up passthrough=no
- add action=mark-packet chain=qos-up comment=unknown-up connection-mark=all-trafik new-packet-mark=unknown-up passthrough=no
- add action=mark-packet chain=qos-up comment=unknown-up new-packet-mark=unknown-up passthrough=no
- add action=return chain=qos-up
- /queue tree
- add max-limit=100M name=INCOMING parent=global queue=default
- add limit-at=10M max-limit=10M name=A.1.PAKET-TRAFIK parent=INCOMING queue=default
- add limit-at=64k max-limit=10M name=A.1.1.VIP packet-mark=vip-down parent=A.1.PAKET-TRAFIK priority=1 queue=default
- add limit-at=1M max-limit=10M name=A.1.2.GAMES-ONLINE packet-mark=games-down parent=A.1.PAKET-TRAFIK priority=2 queue=default
- add limit-at=500k max-limit=10M name=A.1.3.PATCH-GAMES packet-mark=patch-games-down parent=A.1.PAKET-TRAFIK priority=3 queue=pcq-download-default
- add limit-at=8M max-limit=8M name=A.1.4.NORMAL parent=A.1.PAKET-TRAFIK queue=default
- add limit-at=500k max-limit=8M name=A.1.4.1.BROWSING packet-mark=browsing-down parent=A.1.4.NORMAL priority=4 queue=pcq-download-default
- add limit-at=500k max-limit=8M name=A.1.4.2.LOW packet-mark=low-down parent=A.1.4.NORMAL priority=5 queue=pcq-download-default
- add limit-at=500k max-limit=8M name=A.1.4.3.MIDLE packet-mark=midle-down parent=A.1.4.NORMAL priority=6 queue=pcq-download-default
- add limit-at=500k max-limit=8M name=A.1.4.4.HIGH packet-mark=high-down parent=A.1.4.NORMAL priority=7 queue=pcq-download-default
- add limit-at=500k max-limit=8M name=A.1.4.5.UNKNWON packet-mark=unknown-down parent=A.1.4.NORMAL priority=7 queue=pcq-download-default
- add limit-at=8M max-limit=10M name=A.2.GGC-TELKOM packet-mark=ggc-telkom-down parent=INCOMING queue=pcq-download-default
- add max-limit=100M name=OUTGOING parent=global queue=default
- add limit-at=2M max-limit=2M name=B.1.PAKET-TRAFIK parent=OUTGOING queue=default
- add limit-at=64k max-limit=2M name=B.1.1.VIP packet-mark=vip-up parent=B.1.PAKET-TRAFIK priority=1 queue=default
- add limit-at=500k max-limit=2M name=B.1.2.GAMES-ONLINE packet-mark=games-up parent=B.1.PAKET-TRAFIK priority=2 queue=default
- add limit-at=250k max-limit=2M name=B.1.3.PATCH-GAMES packet-mark=patch-games-up parent=B.1.PAKET-TRAFIK priority=3 queue=pcq-upload-default
- add limit-at=1500k max-limit=1500k name=B.1.4.NORMAL parent=B.1.PAKET-TRAFIK queue=default
- add limit-at=200k max-limit=1500k name=B.1.4.1.BROWSING packet-mark=browsing-up parent=B.1.4.NORMAL priority=4 queue=pcq-upload-default
- add limit-at=200k max-limit=1500k name=B.1.4.2.LOW packet-mark=low-up parent=B.1.4.NORMAL priority=5 queue=pcq-upload-default
- add limit-at=200k max-limit=1500k name=B.1.4.3.MIDLE packet-mark=midle-up parent=B.1.4.NORMAL priority=6 queue=pcq-upload-default
- add limit-at=200k max-limit=1500k name=B.1.4.4.HIGH packet-mark=high-up parent=B.1.4.NORMAL priority=7 queue=pcq-upload-default
- add limit-at=200k max-limit=1500k name=B.1.4.5.UNKNWON packet-mark=unknown-up parent=B.1.4.NORMAL priority=7 queue=pcq-upload-default
- add limit-at=1M max-limit=1500k name=B.2.GGC-TELKOM packet-mark=ggc-telkom-up parent=OUTGOING queue=pcq-upload-default
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement