Beruflich Dokumente
Kultur Dokumente
set interface
interface set 0 name=public
interface set 1 name=local
interface set 2 name=proxy
2. alamat interface
ip address add address=192.168.10.2 netmask=255.255.255.0 interface=public
ip address add address=192.168.1.254 netmask=255.255.255.0 interface=local
ip address add address=192.168.100.254 netmask=255.255.255.0 interface=proxy
5. set gateway
ip route add gateway=192.168.10.1
6. firewal nat
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 ininterface=local protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP
LOCAL"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 ininterface=proxy protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP
PROXY"
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=53 ininterface=proxy protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP
PROXY"
8. security
dst-port=149 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS"
disabled=no dst-port=1034 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK BackOriffice"
disabled=no dst-port=3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="BLOK DHCP" disabled=no
dst-port=67-68 protocol=tcp
/ip firewall filter add action=drop chain=tcp comment="TOLAK P2P" disabled=no
p2p=all-p2p
/ip firewall filter add action=drop chain=udp comment="TOLAK TFTP" disabled=no
dst-port=69 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper"
disabled=no dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK PRC portmapper"
disabled=no dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp comment="TOLAK NETBUS"
disabled=no dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp comment="BLOK NBT" disabled=no
dst-port=137-139 protocol=udp
/ip firewall filter add action=drop chain=udp comment="BLOK NFS" disabled=no
dst-port=149 protocol=udp
/ip firewall filter add action=drop chain=udp comment="TOLAK BackOriffice"
disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
9. address list
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
firewall
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
layer7-protocol
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
name="EXE" regexp="\\.(exe)"
name="RAR" regexp="\\.(rar)"
name="7z" regexp="\\.(7z)"
name="CAB" regexp="\\.(cab)"
name="ASF" regexp="\\.(asf)"
name="MOV" regexp="\\.(mov)"
name="WMV" regexp="\\.(wmv)"
name="MPG" regexp="\\.(mpg)"
name="MPEG" regexp="\\.(mpeg)"
name="MKV" regexp="\\.(mkv)"
name="ZIP" regexp="\\.(zip)"
name="AVI" regexp="\\.(avi)"
name="FLV" regexp="\\.(flv)"
name="WAV" regexp="\\.(wav)"
name="RM" regexp="\\.(rm)"
name="MP3" regexp="\\.(mp3)"
name="MP4" regexp="\\.(mp4)"
name="RAM" regexp="\\.(ram)"
name="RMVB" regexp="\\.(rmvb)"
name="DAT" regexp="\\.(dat)"
name="DAA" regexp="\\.(daa)"
name="ISO" regexp="\\.(iso)"
name="NRG" regexp="\\.(nrg)"
name="BIN" regexp="\\.(bin)"
name="VCD" regexp="\\.(vcd)"
Kemudian Mangle ICMP Paket, Mangle game paket dan Mangle browsing
paket
/ip firewall mangle add action=mark-packet chain=postrouting connectionmark="ICMP KONEKSI" disabled=no new-packet-mark="ICMP PAKET"
passthrough=no comment="ICMP PAKET"
/ip firewall mangle add action=mark-packet chain=forward comment="SEMUA
GAME DIPAKETKAN" connection-mark="GAME KONEKSI" disabled=no new-packetmark="GAME PAKET" passthrough=no
/ip firewall mangle add action=mark-connection new-connection-mark="GAME
KONEKSI" chain=prerouting protocol=udp connection-mark="SEMUA KONEKSI
MASUK" comment="GAME CLIENT"
/ip firewall mangle add action=mark-packet chain=forward comment="BROWSING
PAKET" connection-bytes=0-131072 connection-mark="BROWSING KONEKSI"
disabled=no new-packet-mark="BROWSING PAKET" passthrough=no protocol=tcp
@. Kemudian Mangle Files Ectention seperti iso, rar, mp3, zip, exe, dll.
@. Kemudian setting Queues Tree, ICMP Priority, Queues Squid Hit Priority,
Queues Limit file Ectention Priority, Queues tree semua upload priority,
total download priority, Game download priority, Browsing paket priority,
Queues tree total download client serta Queues tree client.
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limitat=0 max-limit=0 name="ICMP PING" packet-mark="ICMP PAKET" parent=globalout priority=1 queue="default"
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-