Thursday, May 3, 2012

Mencegah multi access di Client mikrotik

Buat anda penyedia layanan hot-spot atau sharing internet dengan Mikrotik, yang menghendaki agar client hanya dapat mengakses dari dengan 1 pc secara bersamaan, mungkin cara ini bisa membantu.

/ip firewall mangle add action=change-ttl dst-address=xxx.xxx.xxx.xxx/24 chain=forward new-ttl=set:1

xxx.xxx.xxx.xxx : di sesuaikan dengan ip address jaringan local anda.
Posted on 7:49 PM / 0 comments / Read More
Posted by Chai at 7:49 PM 0 comments
Labels:

Monday, April 30, 2012

Tutorial Setting Squid Proxy External, Hit, Queues Tree serta Mangle di Mikrotik

Topology Jaringan Saya Seperti Ini


Dalam sebuah jaringan internet seperti diwarnet-warnet itu sangat cocok dengan menggunakan Server proxy apalagi warnet yang khususnya Game online, Server proxy ini sangat mendukung untuk kelancaran jaringan anda, yang mana nantinya didalam server anda akan mendukung squid proxy, Hit, Queues tree dan Mangle pada mikrotik anda, berikut tutornya.


Sebelumnya saya akan menerapkan IP address dari beberapa jaringan saya :
IP Address Ehter1 untuk koneksi dari modem : 192.168.0.254
IP Address Ether2 untuk koneksi local : 192.168.20.1
IP Address Ether3 ke Proxy : 192.168.21.1
dan
IP Address External Proxy : 192.168.21.2

Sebelum memulai tutorialnya jangan lupa untuk menyesuaikan "nama interface" Routerboar mikrotik anda serta menyesuaikan IP address tutorial ini dengan ip address jaringan anda, disini kita akan membahasa masalah hit squid proxy, pembagian bandwith download serta upload dan juga tentang Ping untuk Game Online dan Browsing.

Langsung saja kepermasalahan, untuk permulaan ada dapat mengeset interface lan anda lewat "new terminal" di Mikrotik, berikut nama interface di mikrotik saya,

@. Set Interface Mikrotik

interface set 0 name=public
interface set 1 name=local
interface set 2 name=proxy

Maka hasilnya dapat anda lihat seperti gambar dibawah ini


@. Kemudian set IP Address pada tiap-tiap interface (ketik di new terminal)

ip address add address=192.168.0.254 netmask=255.255.255.0 interface=public
ip address add address=192.168.20.1 netmask=255.255.255.0 interface=local
ip address add address=192.168.21.1 netmask=255.255.255.0 interface=proxy


@. Kemudian set range jaringan local anda

ip pool add name=pool ranges=192.168.20.2-192.168.20.254


@. Set DNS jaringan anda

ip dns set servers=203.130.208.18 allow-remote-requested=yes


@. Setting Gateway sesuai dengan gateway jaringan anda (dari ISP)

ip route add gateway=192.168.0.1


@ Kemudian Setting IP Firewall Nat di Mikrotik, disini diterapkan juga Nat untuk Redirect Proxy Squid dengan menggunakan port 3128,

Bila mana pada Firewall nat ada terdapat IP address dan nama interface, maka sesuaikan dengan IP address dan nama interface mikrotik anda, berikut perintahnya :

/ip firewall nat add chain=srcnat out-interface=public src-address=192.168.20.0/24 action=masquerade src-address-list="REGISTRASI IP CLIENT" comment="LOCAL NAT MASQUERADE"

/ip firewall nat add chain=srcnat out-interface=public src-address=192.168.21.0/24 action=masquerade src-address-list="REGISTRASI IP PROXY" comment="PROXY NAT MASQUERADE"

/ip firewall nat add chain=dstnat src-address=!192.168.21.0/24 protocol=tcp dst-port=80 in-interface=local src-address-list="REGISTRASI IP PROXY" action=dst-nat to-address=192.168.21.2 to-ports=3128 comment="REDIRECT KE PROXY"

/ip firewall nat add action=dst-nat chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" disabled=no dst-port=53 in-interface=local protocol=udp to-ports=53

/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"

/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"

/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 in-interface=proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"

Maka hasilnya anda dapat lihat pada gambar dibawah ini


@. Security atau keamanan Mikrotik

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER1" address-list-timeout=2w chain=input comment="PORT SCANNER2 KE ADDRESS LIST " disabled=no protocol=tcp psd=21,3s,3,1

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER2" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER3" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER4" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER5" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER6" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

/ip firewall filter add action=add-src-to-address-list address-list="PORT SCANNER7" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

/ip firewall filter add action=drop chain=input comment="BLOK PORT SCANNER" disabled=no src-address-list="PORT SCANNER1"

/ip firewall filter add action=accept chain=input comment="IZINKAN MENDIRIKAN KONEKSI" connection-state=established disabled=no

/ip firewall filter add action=accept chain=input comment="IZINKAN KONEKSI TERKAIT" connection-state=related disabled=no

/ip firewall filter add action=accept chain=input comment="IZINKAN PING LOCAL" disabled=no protocol=icmp src-address-list="REGISTRASI IP CLIENT"

/ip firewall filter add action=accept chain=input comment="IZINKAN PING PROXY" disabled=no protocol=icmp src-address-list="REGISTRASI IP PROXY"

/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI LOCAL" disabled=no src-address-list="REGISTRASI IP CLIENT"

/ip firewall filter add action=accept chain=input comment="IZINKAN INPUT DARI PROXY" disabled=no src-address-list="REGISTRASI IP PROXY"

/ip firewall filter add action=jump chain=forward comment="FILTER PAKET YANG JELEK" disabled=no jump-target=tcp protocol=tcp

/ip firewall filter add action=jump chain=forward disabled=no jump-target=udp protocol=udp

/ip firewall filter add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp

/ip firewall filter add action=drop chain=tcp comment="TOLAK SMTP" disabled=no dst-port=25 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK RPC2portmapper" disabled=no dst-port=135 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK NBT" disabled=no dst-port=137-139 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK CIFS" disabled=no dst-port=445 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK NFS" disabled=no dst-port=2049 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=20034 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no dst-port=67-68 protocol=tcp

/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no p2p=all-p2p

/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no dst-port=69 protocol=udp

/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=111 protocol=udp

/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper" disabled=no dst-port=135 protocol=udp

/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS" disabled=no dst-port=12345-12346 protocol=tcp

/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no dst-port=137-139 protocol=udp

/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no dst-port=2049 protocol=udp

/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice" disabled=no dst-port=3133 protocol=udp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no

/ip firewall filter add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no src-address-list="REGISTRASI IP CLIENT"

/ip firewall filter add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no src-address-list="REGISTRASI IP PROXY"


@. Membuat Address List jaringan local yang dapat konek ke internet, sesuaikan dengan ip address local anda

/ip firewall address-list add address=192.168.21.2 comment="SQUID PROXY EXTERNAL" disabled=no list=" REGISTRASI IP PROXY"

/ip firewall address-list add address=192.168.20.2 comment="CLIENT1" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.3 comment="CLIENT2" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.4 comment="CLIENT3" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.5 comment="CLIENT4" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.6 comment="CLIENT5" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.7 comment="CLIENT6" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.8 comment="CLIENT7" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.9 comment="CLIENT8" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.10 comment="CLIENT9" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.11 comment="CLIENT10" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.12 comment="CLIENT11" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.13 comment="CLIENT12" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.14 comment="CLIENT13" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.15 comment="CLIENT14" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.16 comment="CLIENT15" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.17 comment="CLIENT16" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.18 comment="CLIENT17" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.19 comment="CLIENT18" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.20 comment="CLIENT19" disabled=no list="REGISTRASI IP CLIENT"

/ip firewall address-list add address=192.168.20.21 comment="CLIENT20" disabled=no list="REGISTRASI IP CLIENT"

@. Kemudian setting Upload dan Donwload Youtube serta files ectention di Layar7 Protocols.

/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"

/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"


@. Setting Firewall Mangle

Berikut perintah Firewall Mangle untuk Squid Hit Proxy, Mangle untuk squid koneksi dan Mangle untuk squid paket

/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PROXY HIT" disabled=no dscp=12 new-packet-mark="PROXY HIT" passthrough=no

/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING SQUID" disabled=no dst-address-list="!REGISTRASI IP CLIENT" dst-port=80,443 new-connection-mark="SQUID KONEKSI" passthrough=yes protocol=tcp src-address-list="REGISTRASI IP PROXY"

/ip firewall mangle add action=mark-packet chain=forward comment="SQUID PAKET" connection-mark="SQUID KONEKSI" disabled=no new-packet-mark="SQUID PAKET" passthrough=no

Kemudian Mangle untuk semua koneksi masuk dan keluar, Mangle Browsing dari semua koneksi masuk dan Mangle ICMP

/ip firewall mangle add action=mark-connection chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no dst-address-list="!REGISTRASI IP CLIENT" in-interface=local new-connection-mark="SEMUA KONEKSI MASUK" passthrough=yes

/ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark="SEMUA KONEKSI KELUAR" out-interface=local passthrough=yes src-address-list="!REGISTRASI IP CLIENT" comment="SEMUA KONEKSI KELUAR"

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark="SEMUA PAKET MASUK" passthrough=yes connection-mark="SEMUA KONEKSI MASUK" comment="SEMUA PAKET MASUK"

/ip firewall mangle add chain=forward action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" comment="SEMUA PAKET KELUAR"

/ip firewall mangle add action=mark-connection chain=prerouting comment="BROWSING CLIENT" connection-mark="SEMUA KONEKSI MASUK" disabled=no new-connection-mark="BROWSING KONEKSI" passthrough=yes protocol=tcp

/ip firewall mangle add action=mark-connection chain=postrouting disabled=no dscp=1 new-connection-mark="ICMP KONEKSI" passthrough=yes comment="ICMP KOMEKSI"


@. Mangle untuk game online seperti RF-Online, Pointblank dll,

/ip firewall mangle add action=mark-connection chain=prerouting comment="POINT BLANK" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

/ip firewall mangle add action=mark-connection chain=prerouting comment="POKER" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="RF ONLINE" connection-mark="SEMUA KONEKSI MASUK" disabled=no dst-port=10001,10002,10003,10004,10005,10006,10007 new-connection-mark="GAME KONEKSI" passthrough=yes protocol=udp

Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing paket

/ip firewall mangle add action=mark-packet chain=postrouting connection-mark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET" passthrough=no comment="ICMP PAKET"

/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" passthrough=no

/ip firewall mangle add action=mark-connection new-connection-mark="GAME KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI MASUK" comment="GAME CLIENT"

/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI" disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp


@. Setting Change DSCP ICMP dan port 53

/ip firewall mangle add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=no new-dscp=1 protocol=icmp

/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=udp

/ip firewall mangle add action=change-dscp chain=postrouting disabled=no dst-port=53 new-dscp=1 protocol=tcp


@. Kemudian Mangle Files Ectention seperti iso, rar, mp3, zip, exe, dll.


/ip firewall mangle add action=mark-connection chain=forward comment="EXTENTION KONEKSI" disabled=no out-interface=local new-connection-mark="EXTENTION KONEKSI" passthrough=yes

/ip firewall mangle add action=mark-packet chain=forward comment="YOUTUBE MARK" layer7-protocol=YOUTUBE disabled=no new-packet-mark="YOUTUBE" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="WMV MARK" layer7-protocol=WMV disabled=no new-packet-mark="WMV" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="EXE MARK" layer7-protocol=EXE disabled=no new-packet-mark="EXE" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="ZIP MARK" layer7-protocol=ZIP new-packet-mark="ZIP" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="RAR MARK" layer7-protocol=RAR new-packet-mark="RAR" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="MPG MARK" layer7-protocol=MPG new-packet-mark="MPG" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="MPEG MARK" layer7-protocol=MPEG new-packet-mark="MPEG" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="MP3 MARK" layer7-protocol=MP3 new-packet-mark="MP3" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="MOV MARK" layer7-protocol=MOV new-packet-mark="MOV" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="ISO MARK" disabled=no layer7-protocol=ISO new-packet-mark="ISO" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="MKV MARK" layer7-protocol=MKV new-packet-mark="MKV" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="FLV MARK" layer7-protocol=FLV new-packet-mark="FLV" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="AVI MARK" layer7-protocol=AVI new-packet-mark="AVI" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="CAB MARK" layer7-protocol=CAB new-packet-mark="CAB" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="ASF MARK" layer7-protocol=ASF new-packet-mark="ASF" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="WAV MARK" layer7-protocol=WAV new-packet-mark="WAV" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="RM MARK" layer7-protocol=RM new-packet-mark="RM" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="RAM MARK" layer7-protocol=RAM new-packet-mark="RAM" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="RMVB MARK" layer7-protocol=RMVB new-packet-mark="RMVB" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="DAT MARK" layer7-protocol=DAT new-packet-mark="DAT" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="DAA MARK" layer7-protocol=DAA new-packet-mark="DAA" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="NRG MARK" layer7-protocol=NRG new-packet-mark="NRG" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="BIN MARK" layer7-protocol=BIN new-packet-mark="BIN" passthrough=no

/ip firewall mangle add action=mark-packet chain=forward comment="VCD MARK" VCD new-packet-mark="VCD" passthrough=no


@. Setting Mangle Paket pada client, sesuaikan dengan IP Address Client anda

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT1" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.2 new-packet-mark="CLIENT1" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT2" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.3 new-packet-mark="CLIENT2" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT3" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.4 new-packet-mark="CLIENT3" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT4" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.5 new-packet-mark="CLIENT4" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT5" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.6 new-packet-mark="CLIENT5" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT6" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.7 new-packet-mark="CLIENT6" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT7" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.8 new-packet-mark="CLIENT7" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT8" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.9 new-packet-mark="CLIENT8" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT9" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.10 new-packet-mark="CLIENT9" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT10" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.11 new-packet-mark="CLIENT10" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT11" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.12 new-packet-mark="CLIENT11" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT12" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.13 new-packet-mark="CLIENT12" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT13" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.30.14 new-packet-mark="CLIENT13" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT14" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.15 new-packet-mark="CLIENT14" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT15" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.16 new-packet-mark="CLIENT15" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT16" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.17 new-packet-mark="CLIENT16" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT17" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.18 new-packet-mark="CLIENT17" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT18" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.19 new-packet-mark="CLIENT18" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT19" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.20 new-packet-mark="CLIENT19" passthrough=no protocol=tcp

/ip firewall mangle add action=mark-packet chain=forward comment="CLIENT20" connection-mark="SEMUA KONEKSI KELUAR" disabled=no dst-address=192.168.20.21 new-packet-mark="CLIENT20" passthrough=no protocol=tcp


@. Kemudian setting Queues Tree, ICMP Priority, Queues Squid Hit Priority, Queues Limit file Ectention Priority, Queues tree semua upload priority, total download priority, Game download priority, Browsing paket priority, Queues tree total download client serta Queues tree client.

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=global-out priority=1 queue="default"

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="SQUID HIT" packet-mark="PROXY HIT" parent=local priority=2 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="LIMIT FILE EXTENTION" parent=global-out priority=3

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256000 name="YOUTUBE" packet-mark="YOUTUBE" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP3" packet-mark="MP3" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MP4" packet-mark="MP4" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WMV" packet-mark="WMV" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128000 name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" priority=3 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL UPLOAD+++" packet-mark="SEMUA PAKET MASUK" parent=public priority=4 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" parent=global-out priority=5

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="GAME DOWNLOAD" packet-mark="GAME PAKET" parent="+++TOTAL DOWNLOAD+++" priority=6 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="BROWSING PAKET" packet-mark="BROWSING PAKET" parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" parent="+++TOTAL DOWNLOAD+++" priority=8 packet-mark="SEMUA PAKET KELUAR"

Setting Queues Per Client

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT1" packet-mark="CLIENT1" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT2" packet-mark="CLIENT2" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT3" packet-mark="CLIENT3" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT4" packet-mark="CLIENT4" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT5" packet-mark="CLIENT5" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT6" packet-mark="CLIENT6" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT7" packet-mark="CLIENT7" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT8" packet-mark="CLIENT8" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT9" packet-mark="CLIENT9" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT10" packet-mark="CLIENT10" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT11" packet-mark="CLIENT11" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT12" packet-mark="CLIENT12" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT13" packet-mark="CLIENT13" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT14" packet-mark="CLIENT14" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT15" packet-mark="CLIENT15" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT16" packet-mark="CLIENT16" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT17" packet-mark="CLIENT17" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT18" packet-mark="CLIENT18" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT19" packet-mark="CLIENT19" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="CLIENT20" packet-mark="CLIENT20" parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default


Note:
Tulisan yang berwarna Merah, sesuaikan dengan IP Publik Jaringan anda
Kemudian tulisan yang berwarna hijau, sesuaikan dengan IP Local anda
Tulisan yang berwarna kuning, sesuaikan dengan IP Server Proxy anda
Posted on 10:08 PM / 0 comments / Read More
Posted by Chai at 10:08 PM 0 comments
Labels:

Limit DDOS, Port Scanner, Netcut Pada Mikrotik

Mikrotik adalah salah satu router yang handal, dan faktor sistem keamanan sangatlah penting terutama untuk jaringan besar, saya akan mengshare pengalaman saya dalam menyetting mikrotik agar tidak bisa di sniffing, DDOS, dan netcut tidak dapat berfungsi dalam jaringan mikrotik kita.
Ketikkan perintah berikut dalam terminal mikrotik:

Letaknya di:
/ip firewall filter

add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s chain=input comment="" disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS-address-list-timeout=15m chain=input comment="" disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="port-scanners-to-list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp comment="FIN/PSH/URG-Scan"
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
comment="ALL/ALL-Scan"
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment="NMAP-NULL-Scan" disabled=no protocol=tcp
add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="NMAP-FIN-Stealth-Scan" disabled=no protocol=tcp
add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=192.168.0.1/27
Posted on 8:14 PM / 0 comments / Read More
Posted by Chai at 8:14 PM 0 comments
Labels:

Setting Bypass Hit Squid,Mangle Game,Queue Tree,Browsing Terbaru di Mikrotik


Berikut setting mikrotik lengkap
di gabung dengan proxy external terbaru saya dengan bandwidth contoh 2 MB.

Tujuan=
1.Squid  (Saya Limit 80 MB) supaya lancard proxy tidak rusak.
2.Bandwidth otomatis bagi rata (brapa dapat dari internet otomatis di bagi rata ke client)
3.Limit Extention(download zip,rar,exe,youtube,dll) di limit..tapi jika udah pernah di download otomatis tidak akan terlimit,langsung menuju limit Squid Hit yaitu 80 MB.
4.ICMP (Internet Control Messege Protocol),ini untuk mengamankan ping yang besar..prioritas utama.
5.Port seluruh game yang ada di mangle dan di lemparkan ke tree untuk di prioritaskan yang teratas (ada dua pembagian game yaitu game facebook dan game online).
6.Blok Virus,Anti Netcut.





Ok langsung saja scripts nya...di Mainkan di “New Terminal” winbox=

1.Set jam supaya tidak berubah ubah (NTP client)

/system ntp client \set enabled=yes mode=unicast \ primary-ntp=152.118.24.8 \secondary-ntp=202.169.224.16

Kemudian di halaman utama winbox buka system kemudian clock dan sesuaikan waktu tanggal sekarang.

2.System Note

Ini scripts gunanya nanti jika buka “New Terminal” akan nongol Note nya=

/system note \set note=http://routerosmikrotik.blogspot.com \show-at-login=yes

3.NAT Transparent Proxy dan Local Masquerade

Sebelum lanjut ke scripts di bawah dan scripts seterusnya ganti nama interface anda yang mengarah ke modem yaitu=public dan yang mengarah ke client yaitu=local dan yang mengarah ke proxy yaitu=proxy supaya sinkron dengan sripts di bawah dan scripts seterusnya,sebelum copas scripts di bawah pastikan ip nya sesuaikan dengan ip interface yang mengarah ke proxy=

/ip firewall nat add action=dst-nat \chain=dstnat comment="TRANSPARENT PROXY" \disabled=no dst-port=80 in-interface=local \protocol=tcp src-address=!192.168.254.0/24 \
to-addresses=192.168.254.2 to-ports=3128

/ip firewall nat add action=masquerade chain=srcnat \comment=MASQUERADE disabled=no \out-interface=public

4.Ip Firewall L7 Untuk limit extention terbaru=

/ip firewall layer7-protocol
add name="YOUTUBE DOWNLOAD" \
regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
    ][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=EXE regexp="\\.(exe)"
add name=RAR regexp="\\.(rar)"
add name=ZIP regexp="\\.(zip)"
add name=7z regexp="\\.(7z)"
add name=WMV regexp="\\.(wmv)"
add name=MPG regexp="\\.(mpg)"
add name=MPEG regexp="\\.(mpeg)"
add name=AVI regexp="\\.(avi)"
add name=FLV regexp="\\.(flv)"
add name=WAV regexp="\\.(wav)"
add name=MP3 regexp="\\.(mp3)"
add name=MP4 regexp="\\.(mp4)"
add name=ISO regexp="\\.(iso)"
add name=3GP regexp="\\.(3gp)"
add name=MOV regexp="\\.(mov)"
add name=MKV regexp="\\.(mkv)"
add name="YOUTUBE STREAMING" regexp=youtube
add name=PORN regexp=porn
add name=TUBE regexp=tube
add name=VIDEO regexp=video
add name=MOVIE regexp=movie
/

5.Ip Firewall Filter Drop Virus,Anti Netcut=

/ip firewall filter
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward \
connection-state=invalid disabled=no
add action=drop chain=virus disabled=no \
dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1433-1434 protocol=tcp
add action=drop chain=virus \
disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=445 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no \
dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no \
dst-port=65506 protocol=tcp
add action=jump chain=forward \
disabled=no jump-target=virus
add action=drop chain=input \
connection-state=invalid disabled=no
add action=accept chain=input \
disabled=no protocol=udp
add action=accept chain=input \
disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input \
disabled=no protocol=icmp
add action=accept chain=input \
disabled=no dst-port=21 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=22 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=23 protocol=tcp
add action=accept chain=input \
disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no \
dst-port=1723 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list \
address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 \
protocol=tcp src-address-list=knock
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list \
address-list="port scanners" \
address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=61.213.183.1-61.213.183.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=67.195.134.1-67.195.134.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=68.142.233.1-68.142.233.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=68.180.217.1-68.180.217.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=203.84.204.1-203.84.204.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no \
dst-port=0-65535 protocol=tcp \
src-address=69.63.176.1-69.63.176.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=69.63.181.1-69.63.181.254
add action=accept chain=input \
comment="ANTI NETCUT" \
disabled=no dst-port=0-65535 protocol=tcp \
src-address=63.245.209.1-63.245.209.254
add action=accept chain=input \
comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp \
src-address=63.245.213.1-63.245.213.254
/

6.Ip Firewall Mangle

A.Ini Scripts Mangle Squid Hit,DSCP=12 untuk me Loss kan proxy dari limit client,Di queue tree saya buat 80 MB Posisi di mangle paling di letakkan paling atas=

/ip firewall mangle \
add action=mark-packet chain=postrouting \
comment="SQUID PROXY HIT" disabled=no dscp=12 \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com sphp" passthrough=no

B.Ini Scripts mangle untuk menstabilkan ping jika koneksi padat dan DNS=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=ICMP \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
passthrough=yes protocol=icmp

/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com ic" \
new-packet-mark="www.wirelessrouterp\
roxy.blogspot.com ip" passthrough=yes

/ip firewall mangle \
add action=change-dscp chain=prerouting \
new-dscp=1 packet-mark="www.wirelessrou\
terproxy.blogspot.com ip"

/ip firewall mangle \
add action=mark-connection chain=prerouting \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
comment=DNS dst-port=53 \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port=53 \
new-connection-mark="www.wirelessrouter\
proxy.blogspot.com dc"  \
passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-packet chain=prerouting \
connection-mark="www.wirelessrouter\
proxy.blogspot.com dc" \
new-packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  passthrough=yes

/ip firewall mangle \
add action=change-dscp chain=prerouting \
disabled=no new-dscp=1 packet-mark="www.wi\
relessrouterproxy.blogspot.com dp"

C.Ini Di bawah Scripts mangle Untuk pembagian otomatis bandwidth browsing Upload dan Download,Sesuaikan network yang kolom bewarna merah dengan network local client anda=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment=HTTP  dst-port=80 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpd" passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterpro\
xy.blogspot.com hc" disabled=no \
new-packet-mark="www.wirelessrouterpro\
xy.blogspot.com hpu" \
passthrough=no src-address=192.168.25.0/24

D.Ini Di bawah Scripts untuk Game Online dan Game facebook Upload dan download nya,Sesuaikan network yang kolom bewarna merah dengan network local client anda=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME ONLINE" dst-port=\
"1818,2001,3010,4300,5105,5121,5126,5171,53\
40-5352,6000-6001,6000-6152,7777" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="7341-7350,74\
51,8085,9600,9601-9602,9300,9400,9700,93\
76-9377,10001-10011,40000" \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="10009,13008,16666,28012,11011-11\
041,10402,11031,12011,12110,13413,15000-15\
002,15001,15002" \
new-connection-mark="www\
.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
disabled=no dst-port="16402-16502,18901-1890\
9,19000,19101,22100,27780,29000,29200,3910\
0,39110,39220,39190,49100" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="ww\
w.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port="1293,1479,6100-6152,7777-7977,940\
1,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=42051-42052,11100-11125,11440-11460 \
new-connection-mark="www.wirelessrouterprox\
y.blogspot.com goc" passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-connection chain=prerouting \
dst-port=14009-14010 new-connection-mark="w\
ww.wirelessrouterproxy.blogspot.com goc" \
passthrough=yes protocol=udp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" dst-address=192.168.25.0/24 \
new-packet-mark="www.wirelessrouterproxy.blog\
spot.com gopd" passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com goc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gopu" \
passthrough=no src-address=192.168.25.0/24

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="GAME FACEBOOK" dst-port=843,9339 \
new-connection-mark="www.wirelessro\
uterproxy.blogspot.com gfc" passthrough=yes \
protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" disabled=no \
dst-address=192.168.25.0/24 new-packet-mark="w\
ww.wirelessrouterproxy.blogspot.com gfpd" \
passthrough=no

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blog\
spot.com gfc" new-packet-mark="www.wirelessro\
uterproxy.blogspot.com gfpu"\
passthrough=no src-address=192.168.25.0/24

E.Ini di bawah scripts mangle untuk limit Mivo TV=

/ip firewall mangle \
add action=mark-connection chain=prerouting \
comment="MIVO TV" dst-port=1935 \
new-connection-mark="www.wirelessrouterpro\
xy.blogspot.com mtc" passthrough=yes protocol=tcp

/ip firewall mangle \
add action=mark-packet chain=forward \
connection-mark="www.wirelessrouterproxy.blogsp\
ot.com mtc" disabled=no \
new-packet-mark="MIVO TV" passthrough=no

F.Ini Di bawah Scripts mangle untuk Limit extention (yang download rar,zip,exe,dll ) akan di limit dan jika udah pernah di download tidak akan masuk limit mangle ini,otomatis ke Ip Firewall Mangle Squid Hit,DSCP=12 =

/ip firewall mangle
add action=mark-packet chain=forward \
comment="LIMIT EXTENTION" disabled=no \
layer7-protocol="YOUTUBE DOWNLOAD" \
new-packet-mark="YOUTUBE DOWNLOAD" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol="YOUTUBE STREAMING" \
new-packet-mark="YOUTUBE STREAMING" \
passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=TUBE \
new-packet-mark=PORN1 passthrough=no
add action=mark-packet chain=forward disabled=no \
layer7-protocol=PORN \
new-packet-mark=PORN2 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=VIDEO \
new-packet-mark=PORN3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOVIE \
new-packet-mark=PORN4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MKV \
new-packet-mark=MKV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP3 \
new-packet-mark=MP3 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MP4 \
new-packet-mark=MP4 passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ZIP \
new-packet-mark=ZIP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=EXE \
new-packet-mark=EXE passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=FLV \
new-packet-mark=FLV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MOV \
new-packet-mark=MOV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPEG \
new-packet-mark=MPEG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=MPG \
new-packet-mark=MPG passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=RAR \
new-packet-mark=RAR passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WAV \
new-packet-mark=WAV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=WMV \
new-packet-mark=WMV passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=ISO \
new-packet-mark=3GP passthrough=no
add action=mark-packet chain=forward \
disabled=no layer7-protocol=7z \
new-packet-mark=7z passthrough=no
/

7.Queue Type

/queue type \
add kind=pcq name="PROXY DOWN" \
pcq-classifier=dst-address

/queue type \
add kind=pcq name=DOWN \
pcq-classifier=dst-address,dst-port

/queue type \
add kind=pcq name=UP \
pcq-classifier=src-address,src-port

/queue type \
add kind=pfifo name=PING pfifo-limit=64

8.Queue Tree

A.Ini Di bawah Scripts Queue tree untuk Squid Hit limit 80 MB=

/queue tree \
add max-limit=80000000 name="1.PROXY HIT" \
packet-mark="www.wirelessrouterproxy.blogspot.c\
om sphp" parent=local priority=2 \
queue="PROXY DOWN"

B.Di bawah ini Scripts Queue tree untuk GAME DOWN,yang nantinya child child adalah GAME ONLINE DOWN dan GAME FACEBOOK DOWN=

/queue tree \
add name="2.GAME DOWN" \
parent=global-out priority=2

C. Di bawah ini Scripts Queue tree untuk GAME UPLOAD ,yang nantinya child child adalah GAME ONLINE UPLOAD dan GAME FACEBOOK UPLOAD =

/queue tree \
add max-limit=2000000 \
name="3.GAME UPLOAD" \
parent=public priority=2

D.Di bawah ini adalah Scripts BROWSING UPLOAD,perhatikan tulisan yang berwarna merah,itu adalah max limit uploadnya,silahkan isi 60% dari bandwidth upload anda,bandwidth upload saya adalah 512000 (512KB) dan di max limit tersebut saya isi 300000 (300KB) karna sisanya untuk game=

/queue tree \
add max-limit=300000 \
name="4.BROWSING UPLOAD" \
packet-mark="www.wirelessrouterpr\
oxy.blogspot.com hpu" parent=proxy \
priority=4 queue=UP

E.Di bawah ini adalah Scripts ALL HTTP DOWN,yang nantinya child child nya adalah BROWSING DOWN,LIMIT EXTENTION , perhatikan tulisan yang berwarna merah,itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8 MB)  karna sisanya untuk game dan ping,silahkan sesuaikan isinya dengan kapasitas download bandwidth anda=

/queue tree \
add max-limit=1800000 \
name="5.ALL HTTP DOWN" \
parent=global-out priority=2

F.Di bawah ini adalah Scripts PING untuk download ,untuk melosskan ping dari koneksi yang penuh priority=1,tidak ada perubahan untuk max limit ini=

/queue tree
add limit-at=8000 max-limit=30000 \
name=6.PING1 packet-mark="www.wirelessrouterpr\
oxy.blogspot.com ip" parent=global-out priority=1 \
queue=PING

G. Di bawah ini adalah Scripts PING untuk upload ,untuk melosskan ping dari koneksi yang penuh priority=1,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=7.PING2 packet-mark="www.wirelessrouter\
proxy.blogspot.com ip" parent=public priority=1 \
queue=PING

H.Di bawah ini adalah Scripts DNS down , priority=1 ,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=8.DNS1 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  parent=global-out priority=1 \
queue=PING

I.Di bawah ini adalah Scripts DNS up , priority=1 ,tidak ada perubahan untuk max limit ini=

/queue tree \
add limit-at=8000 max-limit=30000 \
name=9.DNS2 packet-mark="www.wirelessrouter\
proxy.blogspot.com dp"  parent=public \
priority=1 queue=PING


J.Di bawah ini adalah scripts GAME ONLINE DOWN yang parentnya adalah GAME DOWN,limit terendah saya isi 512000(512KB) dan limit tertinggi adalah 2000000 (2MB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopd" \
parent="2.GAME DOWN" priority=2 queue=DOWN

K.Di bawah ini adalah scripts GAME FACEBOOK DOWN yang parentnya adalah GAME DOWN, limit tertinggi adalah 512000 (512KB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add max-limit=512000 \
name="2.GAME FACEBOOK DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpd" \
parent="2.GAME DOWN" priority=3 queue=DOWN

L.Di bawah ini adalah scripts GAME ONLINE UPLOAD yang parentnya adalah GAME UPLOAD,limit terendah saya isi 512000 (512KB) dan limit tertinggi adalah 2000000 (2MB),perhatikan tulisan bewarna merah di bawah dan sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=512000 max-limit=2000000 \
name="1.GAME ONLINE UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gopu" \
parent="3.GAME UPLOAD" priority=2 queue=UP

M.Di bawah ini adalah Scripts GAME FACEBOOK UPLOAD yang parentnya adalah GAME UPLOAD,limit tertinggi adalah 256000 (256KB),perhatikan tulisan yang bewarna merah di bawah,sesuaikan dengan bandwidth anda=

/queue tree \
add limit-at=0 max-limit=256000 \
name="2.GAME FACEBOOK UPLOAD" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com gfpu" \
parent="3.GAME UPLOAD" priority=3 queue=UP


N.Di bawah ini adalah Scripts BROWSING DOWN yang parentnya adalah HTT DOWN, perhatikan tulisan yang berwarna merah,itu adalah max limit seluruh downloadnya di bandwidth 2 MB saya isi 1800000 (1,8 MB)  karna sisanya untuk game dan ping,silahkan sesuaikan isinya dengan kapasitas download bandwidth anda=

/queue tree \
add max-limit=1800000 \
name="1.BROWSING DOWN" \
packet-mark="www.wirelessrouter\
proxy.blogspot.com hpd" \
parent="5.ALL HTTP DOWN" \
priority=3 queue=DOWN

O.Di bawah ini adalah scripts LIMIT EXTENTION yang parentnya adalah HTTP DOWN yang nantinya child child nya adalah file extention yaitu zip,rar,exe,youtube,porn dll,di bandwidth 2 MB perhatikan tulisan yang warna merah di bawah saya isi max limtinya 1000000 (1MB) bagi rata seluruh file extention tersebut,silahkan sesuaikan dengan bandwidth anda,recomendasi saya 50% dari total download bandwidth=

/queue tree \
add max-limit=1000000 \
name="4.LIMIT EXTENTION" \
parent="5.ALL HTTP DOWN" priority=5

P.Di bawah ini adalah LIMIT EXTENTION zip,rar,exe,youtube,porn dll,parentnya dalah LIMIT EXTENTION ternasuk di dalamnya Mivo TV=

/queue tree
add name=YOUTUBE \
parent="4.LIMIT EXTENTION" priority=5
add name="YOUTUBE STREAMING" \
packet-mark="YOUTUBE STREAMING" \
parent=YOUTUBE priority=5 queue=DOWN
add name=MKV packet-mark=MKV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP3 packet-mark=MP3 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MP4 packet-mark=MP4 \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ZIP packet-mark=ZIP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=EXE packet-mark=EXE \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=ISO packet-mark=ISO \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=AVI packet-mark=AVI \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MOV packet-mark=MOV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPEG packet-mark=MPEG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=MPG packet-mark=MPG \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=RAR packet-mark=RAR \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WAV packet-mark=WAV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=WMV packet-mark=WMV \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=3GP packet-mark=3GP \
parent="4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=7z packet-mark=7z \
parent="4.LIMIT EXTENTION" priority=5 \
queue=DOWN
add name="YOUTUBE DOWNLOAD" \
packet-mark="YOUTUBE DOWNLOAD" \
parent=YOUTUBE priority=5 queue=DOWN
add name=PORN \
parent="4.LIMIT EXTENTION" priority=5
add name=PORN1 \
packet-mark=PORN1 parent=PORN \
priority=5 queue=DOWN
add name=PORN2 packet-mark=PORN2 \
parent=PORN priority=5 queue=DOWN
add name=PORN3 packet-mark=PORN3 \
parent=PORN priority=5 queue=DOWN
add name="MIVO TV" \
packet-mark="MIVO TV" parent=\
"4.LIMIT EXTENTION" \
priority=5 queue=DOWN
add name=PORN4 packet-mark=PORN4 \
parent=PORN priority=5 queue=DOWN
/

Setelah Di setting jangan lupa Mikrotiknya di Restart..
Posted on 8:03 PM / 0 comments / Read More
Posted by Chai at 8:03 PM 0 comments
Labels:
Subscribe to: Comments (Atom)
 
Copyright © 2011. RT RW Net Bengkulu . All Rights Reserved
Home | Company Info | Contact Us | Privacy policy | Term of use | Widget | Site map
Design by Herdiansyah . Published by Borneo Templates