scrip

scrip
Posted on Februari 15, 2012 by doreng007
facebook
/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content=”facebook” action=drop comment=”Blokir Situs Facebook”;twitter
/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content=”twitter” action=drop comment=”Blokir Situs twitter”;

youtube
/ip firewall filter add chain=forward src-address=0.0.0.0/0 protocol=tcp \ dst-port=80 content=”youtube” action=drop comment=”Blokir Situs youtube”;

WEB PROXY
ip web proxy web proxy setting v enable apply ok
add dst host=*.facebook.com;*.twitter.com action=deny apply ok

LAYER 7 PROTOCOL
ip firewall layer 7 protocol add name:denied action=drop/reject regexp=^.+(facebook|twitter|youtube).*$ app ok
address list add name=nama user address=ip user
filter rule add advanced dst address list=nama user layer 7 protocol=denied action=drop/reject comment=… apply ok

FIREWALL PROXY SEJAJAR DENGAN ROUTER

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=p2p passthrough=no connection-mark=p2p-conn
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=other_conn passthrough=yes

/ip firewall nat add chain=dst-nat to-address=ip pc proxy to-ports=8000 protocol=tcp src-address=!ip pc proxy src-address-list=warnet in-interface=lan dst-port=80
/ip firewall nat add chain=dstnat action=dst-nat to-address=ip pc proxy to-ports=8000

/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.pdf address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.exe address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.zip address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.rar address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.tar address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.mov address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.3gp address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.mp3 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.mp4 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.mkv address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.avi address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.mpeg address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.flv address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.001 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.002 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.003 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.004 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.005 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.006 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.007 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.008 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.009 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.010 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.011 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.012 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.013 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.014 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.015 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.016 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.017 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.018 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.019 address-list=download
/ip firewall filter add chain=forward action=add-dst-to-address-list protocol=tcp src-address=ip pusat(192.168.88.0/25) content=*.020 address-list=download

–> FIREWALL

add chain=forward action=mark-connection new-connection mark=download passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection–bytes=128000-4294967295
add chain=forward action=mark-packet new-packet-mark=download passthrough=no protocol=tcp in-interface=wan out-interface=lan connection-mark=download
add chain=forward action=mark-connection new-connection-mark=upload passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection-bytes=64000-4294967295
add chain=forward action=mark-packet new-packet-mark=upload passthrough=no protocol=tcp in-interface=lan out-interface=wan connection-mark=upload
add chain=forward action=mark-connection new-connection-mark=browse passthrough=yes protocol=tcp in-interface=wan out-interface=lan connection-bytes=0-128000
add chain=forward action=mark-packet new-packet-mark=browse passthrough=no protocol=tcp in-interface=wan out-interface=lan connection-mark=browse

LOAD BALANCING FAIL OVER

merubah ether eth1=wan1 eth2=wan2 eth3=lan

set ip, misal: wan1=10.10.10.5/29 wan2=10.10.11.5/29 lan=192.168.10.1/28
/ip address add

set gateway
/ip route add gateway=10.10.10.1 apply ok
/ip route add gateway=10.10.11.1 apply ok
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=255 target=10 routing-mark=odd comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=10.10.11.1 scope=255 target=10 routing-mark=even comment=”…”disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=255 target=10 comment=”…”disabled=no

/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=10,1 action=mark-connection new-connection-mark=odd passthrough=yes comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new=routing-mark=odd passthrough=no comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=11,1 action=mark-connection new-connection-mark=even passthrough=yes comment=”..” disabled=no
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment=”..” disabled=no

/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.10.1
/ip firewall nat add chain=src-nat to-address=10.10.10.5 to-ports=0-65535 protocol=tcp connection-mark=even
/ip firewall nat add chain=src-nat to-address=10.10.10.5 to-ports=0-65535 protocol=tcp connection-mark=odd
/ip firewall nat add chain=src-nat out-interface=10.10.10.5 action=masquerade

/ip firewall filter add chain=input action=drop protocol=tcp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=input action=drop protocol=udp in-interface=lan dst-port=135-139,445
/ip firewall filter add chain=forward action=drop protocol=tcp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop protocol=udp in-interface=lan dst-port=25,135,137-139,445,593,1025,4691,5933
/ip firewall filter add chain=forward action=drop p2p=bit-torrent
/ip firewall filter add chain=forward action=accept connection-state=established
/ip firewall filter add chain=forward action=accept connection-state=related
/ip firewall filter add chain=forward action=drop connection-state=invalid

LOAD BALANCING TIPE PCC

/ip address add address=192.168.10.5/30 interface=wan1
/ip address add address=192.168.20.5/30 interface=wan2
/ip address add address=192.168.1.1/28 interface=lan

/ip dns set allow-remote-request=yes primary-dns=180.131.144.144 secondary-dns=180.131.145.145

/ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.20.1 distance=2 check-gateway=ping

/ip firewall nat add action=masquerade chain=src-nat out-interface=wan1
/ip firewall nat add action=masquerade chain=src-nat out-interface=wan2

/ip firewall address-list add address=192.168.10.0/30 list=local
/ip firewall address-list add address=192.168.10.0/30 list=local
/ip firewall address-list add address=192.168.10.0/30 list=local

/ip firewall mangle add action=accept chain=prerouting dst-address-list=local in-interface=lan comment=”trafik lokal”
/ip firewall mangle add action=accept chain=output dst-address-list=local

==========================================================================

TAMBAHAN UNTUK FIREWALL MANGLE

/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wan1 new-connection-mark=con-from-isp1 passthrough=yes comment=”trafik dari isp1″
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wan2 new-connection-mark=con-from-isp2 passthrough=yes comment=”trafik dari isp2″
/ip firewall mangle add action=mark-connection chain=output comment=dns dst-address=125.160.2.34 dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp comment=”trafik dns telkom speedy”
/ip firewall mangle add action=mark-connection chain=output dst-address=202.134.1.10 dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp
/ip firewall mangle add action=mark-routing chain=output connection-mark=dns

/ip route add check gateway=ping dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=route-to-isp1 distance=1
/ip route add check gateway=ping dst-address=0.0.0.0/0 gateway=192.168.20.1 routing-mark=route-to-isp1 distance=2
/ip route add check gateway=ping dst-address=0.0.0.0/0 gateway=192.168.20.1 routing-mark=route-to-isp2 distance=1
/ip route add check gateway=ping dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=route-to-isp2 distance=2

Iklan

Posted on Februari 17, 2012, in Uncategorized. Bookmark the permalink. Tinggalkan komentar.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

%d blogger menyukai ini: