0% menganggap dokumen ini bermanfaat (0 suara)

172 tayangan35 halaman

Setting Mikrotik

Setting Mikrotik manual

Diunggah oleh

Amran

Hak Cipta

Kami menangani hak cipta konten dengan serius. Jika Anda merasa konten ini milik Anda, ajukan klaim di sini.

Format Tersedia

Unduh sebagai DOCX, PDF, TXT atau baca online di Scribd

0% menganggap dokumen ini bermanfaat (0 suara)

172 tayangan35 halaman

Setting Mikrotik

Setting Mikrotik manual

Diunggah oleh

Amran

Hak Cipta

Kami menangani hak cipta konten dengan serius. Jika Anda merasa konten ini milik Anda, ajukan klaim di sini.

Format Tersedia

Unduh sebagai DOCX, PDF, TXT atau baca online di Scribd

Anda di halaman 1/ 35

SETTING MIKROTIK

Disini saya berikan sedikit command setting untuk firewall, pengaturan Gateway, DHCP_server,
Filter Rules anti virus, anti DDOS, anti netcut dan anti porno, Penggunakan mangle dan Queue
tree, tutorial ini langsung saya arahkan untuk menangani bandwidth limiter dengan pola pcq-
download dan upload. hasilnya akan terlihat seperti ini :

Limit diatas bisa anda ubah2 sesuai bandwidth internet anda, caranya langsung klik 2x pada
limiter di queue tree nya. oke, langsung aja....

# Bandwidth management by jinho.diaz with mikrotik RouterOs v. 5.18

# firewall sangat kuat, susah ditembus
# Script ini dapat berfungsi dengan baik pada mikrotik RouterOS versi 5.18 keatas
# Script ini tidak disarankan untuk mikrotik dengan speed processor dibawah 680 Mhz dan
memory kurang dari 128 MB
# WAN terdapat pada interface ether1-gateway mengarah ke speedy dengan gateway
192.168.1.1
# Lan terdapat pada interface ether2-local-master dengan gateway 192.168.2.254 mengarah ke
client
# mengandung anti netcut, anti porno, anti proxy luar negeri, anti hotspot shield
# mengandung anti vpn luar negeri, anti ultrasurf, anti freedom, anti scan winbox oleh user
# mengandung anti virus, anti ARP, nuke dan anti brute force attack
# limit IDM dan downloader sejenis, limit youtube dan streaming
# limit server akamai yang dapat anda atur sendiri pada queue tree
# script ini tidak menggunakan proxy internal, tetapi anda dapat menambahkannya sendiri
# pastikan anda didampingi oleh staff yang ahli untuk menghindari kesalahan penggunaaan
script.
# script ini dapat langsung anda pastekan satu persatu atau sekaligus pada new terminal consol
winbox-
# dengan tanpa membuang tanda pagar (#)

# beri nama pada interface ethernet anda

/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-local-master

# tandai setiap paket masuk dengan layer7-protocol

/ip firewall layer7-protocol
add name=download regexp="\\.(exe|rar|zip|7z|cab|asf|pdf|wav|mp3|ram|msu|msi|n\
up|vdf|rmvb|daa|iso|nrg|bin|vcd|mp2|qt|raw|ogg|doc|xls|ppt|xlxs|mov|wmv|mp\
g|mpeg|mkv|avi|flv|rm|mp4|dat|3gp|mpe|wma|docx|pptx|deb|flv2|tar|bzip|gzip\
|webm|gzip2).*\$"
add name=google regexp="google.com|google.co.id|yahoo.com|yahoo.co.id|yahoo|go\
ogle|bing|msn|wordpress|blogspot|blogger|web.id|co.id|net.id|go.id|hotmail\
|twitter"
add name=youtube regexp=o-o|youtube.com|webm
add name=http-video regexp="mivo.tv|mivotv|imediabiz|imedia|porn|video|stream|\
movie|live|0\\.9|.tv|.0|video|mov|wmv|mpg|mpeg|mkv|avi|flv|rm|mp4|dat|3gp|\
mpe|wma|xhamster|xnxx|fuck|flv2|indostar-tv|nontontv.tv"
add name=bittorent regexp="^(\13bittorrent protocol|azver1\$|get /scrape\\\?in\
fo_hash=)|d1:ad2:id20:|87P\\)[RP]"
add name=torrent-wws regexp="^.*(get|GET).+(torrent|info_hash|thepiratebay|iso\
hunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitn\
ova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=torrent-www regexp="^.+(torrent|thepiratebay|isohunt|entertane|demono\
id|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|\
fulldls|btbot|fenopy|gpirate|commonbits).*\$"

# menentukan ip range untuk user

/ip pool
add name=default-dhcp ranges=192.168.1.1-192.168.1.253
add name=dhcp_pool1 ranges=192.168.1.1-192.168.1.253
add name=dhcp_pool2 ranges=192.168.1.1-192.168.1.253
add name=dhcp_pool3 ranges=192.168.2.1-192.168.2.253

# tentukan DHCP-server
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=ether1-gateway lease-time=1d \
name=dhcp1
add add-arp=yes address-pool=dhcp_pool3 authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=ether2-local-master \
lease-time=1d name=dhcp_server

# atur bandwidth management

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=384k name=3.DOWNLOAD packet-mark="" parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.Limited packet-mark=users parent=3.DOWNLOAD \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1792k name=1.BROWSING packet-mark="" parent=global-out \
priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name=6.TUBE-TV packet-mark=users parent=global-out \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.KONEKSI packet-mark="" parent=global-total priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=768k name="4.LIVE VIDEO" packet-mark="" parent=global-in \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=5.GAME packet-mark="" parent=global-out priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=768k name=7.Chat packet-mark=users parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=768k name="8. Bittorent" packet-mark=packet-bittorent parent=\
global-out priority=8

# tentukan jenis limit untuk queue tree

/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=PCQ_download pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=PCQ_upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=pcq-download2 pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=15s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pfifo name=PING pfifo-limit=64
add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=768k \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=torrent pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=128k \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=akamai pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=384k pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=limit pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=384k pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
set 14 kind=none name=only-hardware-queue
set 15 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 16 kind=pfifo name=default-small pfifo-limit=10

# pengaturan bandwidth managemen untuk limit ekstensi

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=5.1.Game-Online packet-mark=online parent=5.GAME \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="5.2.Game FB" packet-mark=gamefb parent=5.GAME priority=\
2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.2.Hit packet-mark=hit parent=3.1.Limited priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.1.IDM packet-mark=idm parent=3.1.Limited priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=4.1.youtube packet-mark=stream-idm parent="4.LIVE VIDEO" \
priority=8 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1536k name="1.1.http brows" packet-mark=google parent=\
1.BROWSING priority=3 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.1.ping-out packet-mark="paket ip" parent=2.KONEKSI \
priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.2.ping-in packet-mark="paket dp" parent=2.KONEKSI \
priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.1.Tube Stream" packet-mark=users parent=6.TUBE-TV \
priority=8 queue=pcq-download2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=6.2.Mivo.TV packet-mark=paket-mtc parent=6.TUBE-TV \
priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="7.1. Camfrog" packet-mark=camfrog parent=7.Chat \
priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=wws packet-mark=packet-wws parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=www packet-mark=packet-www parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=port packet-mark=packet-port parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=allp2p packet-mark=packet-allp2p parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=1.2.akamai packet-mark=akamai parent=1.BROWSING \
priority=8 queue=akamai

# menentukan ip address untuk tiap interface ethernet

/ip address
add address=192.168.2.254/24 comment="default configuration" disabled=no \
interface=ether2-local-master network=192.168.2.0
add address=192.168.1.6/24 disabled=no interface=ether1-gateway network=\
192.168.1.0

# menentukan dhcp client

/ip dhcp-client
add add-default-route=yes comment="default configuration" \
default-route-distance=1 disabled=no interface=ether1-gateway \
use-peer-dns=yes use-peer-ntp=yes
# menentukan dhcp server untuk jaringan lokal, pastikan nanti user menggunakan ip obtain
/ip dhcp-server network
add address=192.168.1.0/24 dhcp-option="" dns-server="" gateway=192.168.1.1 \
ntp-server="" wins-server=""
add address=192.168.2.0/24 comment="default configuration" dhcp-option="" \
dns-server="" gateway=192.168.2.254 ntp-server="" wins-server=""

# menentukan dns yang digunakan

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=203.130.193.74,203.130.206.250

# menentukan dns static yang digunakan

/ip dns static
add address=208.67.222.222 disabled=no name=router ttl=1d

# menentukan ip address yang dilarang masuk, ini akan otomatis bertambah setiap diakses
sebuah situs yang dilarang
/ip firewall address-list
add address=65.49.0.0/17 disabled=no list=UltraSurfServers
add address=204.107.140.0/24 disabled=no list=UltraSurfServers
add address=94.231.80.100 disabled=no list=your-freedom
add address=85.214.22.104 disabled=no list=your-freedom
add address=94.126.16.7 disabled=no list=your-freedom
add address=85.214.151.156 disabled=no list=your-freedom
add address=85.214.149.36 disabled=no list=your-freedom
add address=85.214.45.166 disabled=no list=your-freedom
add address=85.214.149.43 disabled=no list=your-freedom
add address=83.170.96.78 disabled=no list=your-freedom
add address=193.37.152.232 disabled=no list=your-freedom
add address=80.74.137.161 disabled=no list=your-freedom
add address=193.164.133.62 disabled=no list=your-freedom
add address=95.143.192.144 disabled=no list=your-freedom
add address=208.53.158.27 disabled=no list=your-freedom
add address=85.214.149.35 disabled=no list=your-freedom
add address=76.73.125.131 disabled=no list=your-freedom
add address=77.92.78.225 disabled=no list=your-freedom
add address=81.169.130.185 disabled=no list=your-freedom
add address=217.150.244.92 disabled=no list=your-freedom
add address=83.170.105.81 disabled=no list=your-freedom
add address=123.108.109.9 disabled=no list=your-freedom
add address=85.214.143.29 disabled=no list=your-freedom
add address=85.214.116.165 disabled=no list=your-freedom
add address=67.212.67.75 disabled=no list=your-freedom
add address=67.159.5.116 disabled=no list=your-freedom
add address=202.160.120.226 disabled=no list=your-freedom
add address=184.154.54.0/24 disabled=no list=Blokir
add address=217.114.211.0/24 disabled=no list=Blokir
add address=173.213.96.0/24 disabled=no list=Blokir
add address=193.200.150.0/24 disabled=no list=Blokir
add address=74.50.123.0/24 disabled=no list=Blokir
add address=85.17.200.0/24 disabled=no list=Blokir
add address=199.59.163.0/24 disabled=no list=Blokir
add address=176.9.204.0/24 disabled=no list=Blokir
add address=204.45.137.0/24 disabled=no list=Blokir

# menentukan filter untuk setiap lalu lintas internet

/ip firewall filter
add action=drop chain=forward comment="Drop Proxy luar negeri" disabled=no \
dst-address-list=proxys protocol=tcp
add action=drop chain=forward disabled=no dst-address-list=proxys protocol=\
udp
add action=drop chain=forward comment="Drop anonymox" disabled=no \
dst-address-list=anonymox protocol=tcp
add action=drop chain=forward disabled=no dst-address-list=anonymox protocol=\
udp
add action=drop chain=forward comment="Drop VPN Luar Negeri" disabled=no \
dst-address-list=Blokir protocol=tcp
add action=drop chain=forward disabled=no dst-address-list=Blokir protocol=\
udp
add action=drop chain=forward comment="Drop Hotspotshield" disabled=no \
dst-port=5345,5938,5245,3398,3451,5265,1755,5050,5396 protocol=tcp
add action=drop chain=forward disabled=no dst-port=\
5345,5938,5245,3398,3451,5265,1755,5050,5396 protocol=udp
add action=drop chain=forward disabled=no dst-port=\
10000-10010,9000,3211,15000-15010,1935,5231,800,989 protocol=tcp
add action=drop chain=forward disabled=no dst-port=\
10000-10010,9000,3211,15000-15010,1935,5231,800,989 protocol=udp
add action=drop chain=forward comment="Block UltraSurf" disabled=no protocol=\
tcp src-address-list=UltraSurfUsers
add action=drop chain=forward comment="Block Your-Freedom" disabled=no \
protocol=tcp src-address-list=yourfreedomuser
add action=drop chain=input comment=\
"ANTI BRUTE FORCE - block ssh brute forcers" disabled=no dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input comment=\
"add ssh brute forcers ip to blacklist" connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input comment=\
"add ssh brute forcers ip to stage3" connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input comment=\
"add ssh brute forcers ip to stage2" connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input comment=\
"add ssh brute forcers ip to stage1" connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address=!192.168.2.254
add action=drop chain=forward comment="drop ssh brute downstream" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=accept chain=input comment=\
"Virus Scan, BruteForce, DDOS & anti Netcut, jangan di non aktifkan" \
disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=udp
add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward disabled=no jump-target=virus
add action=drop chain=input connection-state=invalid disabled=no
add action=accept chain=input disabled=no protocol=udp
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=accept chain=input disabled=no dst-port=21 protocol=tcp
add action=accept chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment=port-scanner disabled=no \
protocol=tcp psd=21,3s,3,1 src-address=!192.168.2.254
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment=SYN/FIN disabled=no protocol=\
tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment=SYN/RST disabled=no protocol=\
tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment=FIN/PSH/URG disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port-scanners \
address-list-timeout=2w chain=input comment=NMAP disabled=no protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment=ANTI-NETCUT disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
add action=accept chain=output comment="Login Failure Winbox Mikrotik" \
content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m \
protocol=tcp src-address=!192.168.2.254

# untuk menandai setiap paket data yang masuk pada lalu lintas internet
/ip firewall mangle
add action=add-src-to-address-list address-list=yourfreedomuser \
address-list-timeout=5m chain=prerouting comment="block user freedom" \
disabled=no dst-address-list=your-freedom protocol=tcp
add action=add-src-to-address-list address-list=UltraSurfUsers \
address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\
no dst-address-list=UltraSurfServers protocol=tcp
add action=mark-connection chain=prerouting comment="limit akamai" disabled=\
no dst-address-list=akamai new-connection-mark=akamai passthrough=yes \
protocol=tcp src-address=!192.168.2.254
add action=mark-packet chain=prerouting connection-mark=akamai disabled=no \
new-packet-mark=akamai passthrough=no
add action=mark-packet chain=postrouting comment=HIT disabled=no dscp=12 \
new-packet-mark=hit passthrough=no
add action=mark-packet chain=postrouting content=X-Cache:HIT disabled=no \
new-packet-mark=hit passthrough=no
add action=mark-connection chain=prerouting comment=GAME disabled=no \
dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="10402,11011-\
11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19\
000" new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
00-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark=GAMEONLINE passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 new-connection-mark=GAMEONLINE \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=GAMEONLINE disabled=\
no new-packet-mark=online passthrough=no
add action=mark-connection chain=prerouting content=facebook.com disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=fbcdn.net disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=facebook.net disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=zynga.com disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=\
static.ak.connect.facebook.com disabled=no new-connection-mark=fb_game \
passthrough=yes
add action=mark-connection chain=prerouting content=\
statics.poker.static.zynga.com disabled=no new-connection-mark=fb_game \
passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-port=9339,843 \
new-connection-mark=fb_game passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fb_game disabled=no \
new-packet-mark=gamefb passthrough=no
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
users-con passthrough=yes src-address=!192.168.2.254 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=users-con disabled=no \
new-packet-mark=users passthrough=yes
add action=mark-connection chain=prerouting comment=IDM disabled=no \
layer7-protocol=download new-connection-mark=idm passthrough=yes \
src-address=!192.168.2.254 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=idm disabled=no \
new-packet-mark=idm passthrough=no
add action=mark-connection chain=prerouting comment=Browsing disabled=no \
layer7-protocol=google new-connection-mark=google passthrough=yes \
src-address=!192.168.2.254 src-address-list=!IP
add action=mark-packet chain=forward connection-mark=google disabled=no \
new-packet-mark=google passthrough=no src-address=!192.168.2.254
add action=mark-connection chain=prerouting disabled=no layer7-protocol=\
youtube new-connection-mark=stream-idm passthrough=yes src-address=\
!192.168.2.254 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=stream-idm disabled=\
no new-packet-mark=stream-idm passthrough=no
add action=mark-connection chain=prerouting comment=ICMP disabled=no \
new-connection-mark="paket ic" passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark="paket ic" disabled=\
no new-packet-mark="paket ip" passthrough=yes
add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
"paket ip" passthrough=yes
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
53 new-connection-mark="paket dc" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
new-connection-mark="paket dc" passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark="paket dc" disabled=\
no new-packet-mark="paket dp" passthrough=yes
add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
"paket dp" passthrough=yes
add action=mark-connection chain=prerouting comment="MIVO TV" disabled=no \
layer7-protocol=http-video new-connection-mark=paket-mtc passthrough=yes \
src-address=!192.168.2.254 src-address-list=!IP
add action=mark-packet chain=forward connection-mark=paket-mtc disabled=no \
new-packet-mark=paket-mtc passthrough=no
add action=mark-connection chain=prerouting comment=Camfrog disabled=no \
dst-port=2779,6667 new-connection-mark=camfrog passthrough=yes protocol=\
tcp
add action=mark-packet chain=prerouting connection-mark=camfrog disabled=no \
new-packet-mark=camfrog passthrough=no
add action=mark-connection chain=forward comment=bittorent disabled=no \
layer7-protocol=bittorent new-connection-mark=bittorent-limit \
passthrough=yes
add action=mark-packet chain=forward connection-mark=bittorent-limit \
disabled=no new-packet-mark=packet-bittorent passthrough=no
add action=mark-connection chain=forward comment=torrent-wws disabled=no \
layer7-protocol=torrent-wws new-connection-mark=wws-limit passthrough=yes
add action=mark-packet chain=forward connection-mark=wws-limit disabled=no \
new-packet-mark=packet-wws passthrough=no
add action=mark-connection chain=forward comment=torrent-www disabled=no \
layer7-protocol=torrent-www new-connection-mark=www-limit passthrough=yes
add action=mark-packet chain=forward connection-mark=www-limit disabled=no \
new-packet-mark=packet-www passthrough=no
add action=mark-connection chain=forward comment=torrent-allp2p disabled=no \
new-connection-mark=allp2p-limit p2p=all-p2p passthrough=yes
add action=mark-packet chain=forward connection-mark=allp2p-limit disabled=no \
new-packet-mark=packet-allp2p passthrough=no
add action=mark-connection chain=forward comment=torrent-port disabled=no \
new-connection-mark=port-limit passthrough=yes protocol=tcp src-port=\
58561,58045,14948,58008,58816,59097
add action=mark-packet chain=forward connection-mark=port-limit disabled=no \
new-packet-mark=packet-port passthrough=no

# setting nat untuk menghubungkan gateway user ke internet

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway src-address=192.168.2.0/24

# setting redirect untuk mengarahkan user menggunakan DNS nawala anti porno, nonaktifkan
bila tidak diperlukan
add action=redirect chain=dstnat comment=\
"Redirect ke Port 53 untuk nawala anti porno project" disabled=no \
dst-port=53 protocol=tcp src-address=192.168.2.0/24 to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp \
src-address=192.168.2.0/24 to-ports=53

# setting disable untuk menghindari scan winbox oleh user

/ip neighbor discovery
set ether1-gateway disabled=yes
set ether2-local-master disabled=yes

# setting route antar gateway

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 \
target-scope=10

# setting queue untuk tiap interface

/queue interface
set ether1-gateway queue=ethernet-default
set ether2-local-master queue=ethernet-default

# pengaturan waktu sesuai zona indonesia

/system clock
set time-zone-name=Asia/Jakarta

# pengaturan default waktu mikrotik sesuai parameter pabrik

/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00

# pengaturan welcome text untuk consol terminal, bisa diganti dengan identitas anda
/system note
set note="M" show-at-login=yes

# pengaturan ntp client dengan server lokal / indonesia

/system ntp client
set enabled=yes mode=unicast primary-ntp=202.71.109.130 secondary-ntp=\
65.55.21.23

# pengaturan ntp client dengan server lokal / indonesia

/system ntp server
set broadcast=no broadcast-addresses="" enabled=yes manycast=yes multicast=no

# menentukan jadwal eksekusi script flush cache DNS

/system scheduler
add disabled=no interval=30m name="cache flush" on-event=cacheflush policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \
start-time=startup

# menentukan jadwal eksekusi script penggantian DNS otomatis

/system scheduler
add disabled=no interval=1d name=dnschange on-event=dnschange policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-time=startup

# menentukan jadwal eksekusi script anti netcut 1

/system scheduler
add disabled=no interval=1d name=antinetcut1 on-event=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

# menentukan jadwal eksekusi script anti netcut 2

/system scheduler
add disabled=no interval=1d name=antinetcut2 on-event=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

# menentukan jadwal eksekusi script membuat ARP otomatis untuk anti spoofing
/system scheduler
add disabled=no interval=20m name=leases on-event=lease policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/25/2013 start-time=04:58:44

# menentukan jadwal eksekusi script pengaturan zona waktu

/system scheduler
add disabled=no interval=6h name=ntp on-event=ntp policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/25/2013 start-time=06:57:11

# menentukan jadwal eksekusi script pengaturan zona waktu

/system scheduler
add disabled=no interval=6h name=ntp2 on-event=ntp2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/25/2013 start-time=06:57:32
# menentukan jadwal eksekusi script menandai paket akamai
/system scheduler
add disabled=no interval=15m name=akamai on-event=akamai policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

# menentukan jadwal eksekusi script menandai paket anonymous

/system scheduler
add disabled=no interval=11m name=anonymox on-event=anonymox policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

# menentukan jadwal eksekusi script menandai server proxy luar negeri

/system scheduler
add disabled=no interval=12m name=proxi on-event=proxi policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

# script untuk refresh dns agar tidak kepenuhan buffernya

/system script
add name=cacheflush policy=ftp,reboot,read,write,policy,test,winbox,password \
source="/ip dns cache flush"

# script untuk memastikan mikrotik menggunakan dns yg kita tentukan setiap terjadi reboot
/system script
add name=dnschange policy=ftp,reboot,read,write,policy,test,winbox,password \
source="/ip dns set servers=203.130.193.74,203.130.206.250 allow-remote-re\
quests=yes"

# script anti netcut 1

/system script
add name=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local hosts [/ip dhcp-server lease find]\r\
\n:local pcname \"X\"\r\
\n:local pcnum 0\r\
\n:global hacklist \"\"\r\
\n:foreach h in \$hosts do={\r\
\n:local host [/ip dhcp-server lease get \$h host-name]\r\
\n:if ([:len \$host] >0) do {\r\
\n:set pcname (\$pcname . \",\" . \$host)\r\
\n:set pcnum (\$pcnum + 1)\r\
\n}\r\
\n}\r\
\n:foreach h in \$pcname do={\r\
\n:local hh 0\r\
\n:if (!([:find \$hacklist \$h]>=0)) do={\r\
\n:foreach k in \$pcname do={ :if (\$k=\$h) do={:set hh (\$hh + 1) } }\r\
\n:if (\$hh>2) do={\r\
\n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h)}\
\_else={:set hacklist \$h}\r\
\n}\r\
\n}\r\
\n}\r\
\n:local timer [:pick [/system clock get time] 3 5]\r\
\n:if ((\$switch > 0) || (\$timer >= \"58\")) do={\r\
\n:log warning (\"New Hacklist: \" . \$hacklist)"

# script anti netcut 2

/system script
add name=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="# use global hacklist variable\r\
\n#:log info (\$hacklist)\r\
\n:foreach host in \$hacklist do={\r\
\n:foreach i in= [/ip dhcp-server lease find host-name \$host] do={\r\
\n:local ipnum [/ip dhcp-server lease get \$i address]\r\
\n:local unum [/ip hotspot active find address \$ipnum]\r\
\n:if ([:len \$unum] >0) do {\r\
\n:local usr [/ip hotspot active get \$unum user]\r\
\n:log warning (\$host . \" \" . \$ipnum . \" \" . \$usr)\r\
\n#next line kick them out right now, could also check pppoe\r\
\n/ip hotspot active remove \$unum\r\
\n#other stuff can do now with the identified IP and USER\r\
\n}\r\
\n}\r\
\n}"

# script penentuan zona waktu

/system script
add name=ntp policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/system ntp client set enabled=yes mode=unicast primary-ntp=202.71\
.109.130 secondary-ntp=65.55.21.23\r\
\n"

# script penentuan zona waktu

/system script
add name=ntp2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/system clock set time-zone-name=Asia/Jakarta"

# script untuk mengubah arp dinamic menjadi static untuk menghindari spoofing oleh netcut
/system script
add name=lease policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/ip dhcp-server lease make-static [/ip dhcp-server lease find]"

# script untuk menandai setiap paket yang berasal dari server akamai
/system script
add name=akamai policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":foreach i in=[/ip dns cache find] do={\r\
\n:local bNew \"true\";\r\
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
\n# :put \$cacheName;\r\
\n\r\
\n:if ([:find \$cacheName \"akamai\"] != 0) do={\r\
\n\r\
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
\n# :put \$tmpAddress;\r\
\n\r\
\n# if address list is empty do not check\r\
\n:if ( [/ip firewall address-list find ] = \"\") do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=akamai comment=\
\$cacheName;\r\
\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\
\r\
\n:set bNew \"false\";\r\
\n}\r\
\n}\r\
\n:if ( \$bNew = \"true\" ) do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=akamai comment=\
\$cacheName;\r\
\n}\r\
\n}\r\
\n}\r\
\n}\r\
\n}"

# script untuk menandai setiap paket yang berasal dari server anonymous
/system script
add name=anonymox policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":foreach i in=[/ip dns cache find] do={\r\
\n:local bNew \"true\";\r\
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
\n# :put \$cacheName;\r\
\n\r\
\n:if ([:find \$cacheName \"anony\"] != 0) do={\r\
\n\r\
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
\n# :put \$tmpAddress;\r\
\n\r\
\n# if address list is empty do not check\r\
\n:if ( [/ip firewall address-list find ] = \"\") do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=anonymox comment\
=\$cacheName;\r\
\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\
\r\
\n:set bNew \"false\";\r\
\n}\r\
\n}\r\
\n:if ( \$bNew = \"true\" ) do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=anonymox comment\
=\$cacheName;\r\
\n}\r\
\n}\r\
\n}\r\
\n}\r\
\n}"

# script untuk menandai setiap paket yang berasal dari server proxy luar negeri
/system script
add name=proxi policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":foreach i in=[/ip dns cache find] do={\r\
\n:local bNew \"true\";\r\
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
\n# :put \$cacheName;\r\
\n\r\
\n:if (([:find \$cacheName \"proxy\"] != 0) || ([:find \$cacheName \"proxi\
\"] != 0)) do={\r\
\n\r\
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
\n# :put \$tmpAddress;\r\
\n\r\
\n# if address list is empty do not check\r\
\n:if ( [/ip firewall address-list find ] = \"\") do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=proxys comment=\
\$cacheName;\r\
\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\
\r\
\n:set bNew \"false\";\r\
\n}\r\
\n}\r\
\n:if ( \$bNew = \"true\" ) do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\
\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=proxys comment=\
\$cacheName;\r\
\n}\r\
\n}\r\
\n}\r\
\n}"

# pastikan untuk tidak mengubah apapun sebelum anda memahaminya benar-benar untuk
menghindari kesalahan
# Yups, semua sudah selesai, restart mikrotik anda.
# Anda dapat mendownload script diatas : disini atau disini

# Nb : seluruh tutorial tersebut sudah saya buktikan sendiri, jika ada tambahan, silahkan
komentar dan saran2nya, maaf bila tidak disertakan gambar.

# Created & modified by jinho at bagan batu, no more really secure, but need more time to make
it broken. enjoy :)
PCC LOADBALANCE 2 SPEEDY + BANDWIDTH MANAGEMENT MIKROTIK
RB750

# BACA KETERANGAN DENGAN TELITI SEBELUM MENGGUNAKAN SCRIPT INI !!!

# PCC Loadbalancing + Bandwidth management mikrotik v 5.x
# Scripting by jinho diaz
# Very simple but More Powerfull !!

# modem pertama (bwidth 2 mbps) : IP 192.168.5.1, pada ether2-master-local

# modem kedua (bwidht 1 mbps) : IP 192.168.4.1, pada ether3-slave-local
# LAN : IP 192.168.1.1 pada ether1-gateway

# Menggunakan PPPoE mikrotik untuk dial speedy agar resource modem -

# tetap stabil dan jarang down -

# pastikan anda mengganti username dan password speedy anda (ditandai dengan xxxxxx) -
# di bagian interface pppoe-client pada script ini.

# Script ini sudah di uji menggunakan 2 line speedy yang gateway-nya sama maupun tidak.
# Script ini tetap stabil pada Routerboard mikrotik RB750 versi 5.4 dengan CPU 400 mhz

/interface ethernet
set 0 arp=enabled name=ether1-gateway
set 1 arp=enabled master-port=none name=ether2-master-local
set 2 arp=enabled master-port=none name=ether3-slave-local
set 3 arp=enabled master-port=none name=ether4-slave-local
set 4 arp=enabled master-port=none name=ether5-slave-local

/ip firewall layer7-protocol

add name=download regexp="\\.(exe|rar|zip|7z|cab|asf|pdf|wav|mp3|ram|msu|msi|n\
up|vdf|rmvb|daa|iso|nrg|bin|vcd|mp2|qt|raw|ogg|doc|xls|ppt|xlxs|mov|wmv|mp\
g|mpeg|mkv|avi|flv|rm|mp4|dat|3gp|mpe|wma|docx|pptx|deb|flv2|tar|bzip|gzip\
|webm|gzip2).*\$"
add name=google regexp="google.com|google.co.id|yahoo.com|yahoo.co.id|yahoo|go\
ogle|bing|msn|wordpress|blogspot|blogger|web.id|co.id|net.id|go.id|hotmail\
|twitter"
add name=youtube regexp=o-o|youtube.com|webm
add name=http-video regexp="mivo.tv|mivotv|imediabiz|imedia|porn|video|stream|\
movie|live|0\\.9|.tv|.0|video|mov|wmv|mpg|mpeg|mkv|avi|flv|rm|mp4|dat|3gp|\
mpe|wma|xhamster|xnxx|fuck|flv2|indostar-tv|nontontv.tv"
add name=bittorent regexp="^(\13bittorrent protocol|azver1\$|get /scrape\\\?in\
fo_hash=)|d1:ad2:id20:|87P\\)[RP]"
add name=torrent-wws regexp="^.*(get|GET).+(torrent|info_hash|thepiratebay|iso\
hunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitn\
ova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=torrent-www regexp="^.+(torrent|thepiratebay|isohunt|entertane|demono\
id|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|\
fulldls|btbot|fenopy|gpirate|commonbits).*\$"

/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254

/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether1-gateway lease-time=3d name=dhcp1

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether2-master-local max-mru=1480 \
max-mtu=1480 mrru=disabled name=PPPoE-1 password=xxxxxxxx profile=\
default service-name="" use-peer-dns=yes [email protected]
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether3-slave-local max-mru=1480 \
max-mtu=1480 mrru=disabled name=PPPoE-2 password=xxxxxxxxx profile=\
default service-name="" use-peer-dns=yes [email protected]

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.DOWNLOAD parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.Limited packet-mark=users parent=3.DOWNLOAD \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=1.BROWSING parent=global-out priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=6.TUBE-TV packet-mark=users parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.KONEKSI parent=global-total priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="4.LIVE VIDEO" parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=5.GAME parent=global-out priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=7.Chat packet-mark=users parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="8. Bittorent" packet-mark=packet-bittorent parent=\
global-out priority=8

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=PCQ_download pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=PCQ_upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=pcq-download2 pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=15s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pfifo name=PING pfifo-limit=64
add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=torrent pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=128k \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=limited pcq-burst-rate=0 pcq-burst-threshold=256k \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=akamai pcq-burst-rate=0 pcq-burst-threshold=256k \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=5.1.Game-Online packet-mark=online parent=5.GAME \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="5.2.Game FB" packet-mark=gamefb parent=5.GAME priority=\
2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.2.Hit packet-mark=hit parent=3.1.Limited priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=3.1.1.IDM packet-mark=idm parent=3.1.Limited priority=8 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=4.1.youtube packet-mark=stream-idm parent="4.LIVE VIDEO" \
priority=8 queue=DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="1.1.http brows" packet-mark=google parent=1.BROWSING \
priority=3 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.1.ping-out packet-mark="paket ip" parent=2.KONEKSI \
priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2.2.ping-in packet-mark="paket dp" parent=2.KONEKSI \
priority=1 queue=PING
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.1.Tube Stream" packet-mark=users parent=6.TUBE-TV \
priority=8 queue=pcq-download2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=6.2.Mivo.TV packet-mark=paket-mtc parent=6.TUBE-TV \
priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="7.1. Camfrog" packet-mark=camfrog parent=7.Chat \
priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=wws packet-mark=packet-wws parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=www packet-mark=packet-www parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=port packet-mark=packet-port parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=allp2p packet-mark=packet-allp2p parent="8. Bittorent" \
priority=8 queue=torrent
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=1.2.akamai packet-mark=akamai parent=1.BROWSING \
priority=8 queue=akamai

/ip address
add address=192.168.1.1/24 disabled=no interface=ether1-gateway network=192.168.1.0
add address=192.168.5.2/24 disabled=no interface=ether2-master-local network=192.168.5.0
add address=192.168.4.2/24 disabled=no interface=ether3-slave-local network=192.168.4.0

/ip dhcp-server network

add address=192.168.1.0/24 gateway=192.168.1.1

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=203.130.193.74,203.130.206.250

/ip firewall filter

add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
protocol=tcp
add action=accept chain=input comment=\
"default configuration (anti netcut, defaultnya accept)" disabled=no \
protocol=udp
add action=accept chain=input disabled=no protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=forward comment=";;Block W32.Kido Conficker" disabled=\
no protocol=udp src-port=135-139
add action=drop chain=forward disabled=no dst-port=135-139 protocol=udp
add action=drop chain=forward disabled=no protocol=udp src-port=445
add action=drop chain=forward disabled=no dst-port=445 protocol=udp
add action=drop chain=forward disabled=no protocol=tcp src-port=135-139
add action=drop chain=forward disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=forward disabled=no protocol=tcp src-port=445
add action=drop chain=forward disabled=no dst-port=445 protocol=tcp
add action=drop chain=forward disabled=no dst-port=4691 protocol=tcp
add action=drop chain=forward disabled=no dst-port=5933 protocol=tcp
add action=drop chain=forward comment="Block LLMNR" disabled=no dst-port=5355 \
protocol=udp
add action=drop chain=forward disabled=no dst-port=4647 protocol=udp
add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
src-port=25
add action=drop chain=forward disabled=no dst-port=25 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Jinho.diaz Load Balancing" \
connection-state=new disabled=no dst-port=80 in-interface=ether1-gateway \
new-connection-mark=LB1 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 protocol=tcp src-address=192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=LB1 disabled=no \
in-interface=ether1-gateway new-routing-mark=Route1 passthrough=no \
src-address=192.168.1.0/24
add action=mark-connection chain=prerouting connection-state=new disabled=no \
dst-port=80 in-interface=ether1-gateway new-connection-mark=LB2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
protocol=tcp src-address=192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=LB2 disabled=no \
in-interface=ether1-gateway new-routing-mark=Route2 passthrough=no \
src-address=192.168.1.0/24
add action=mark-packet chain=postrouting comment=HIT disabled=no dscp=12 \
new-packet-mark=hit passthrough=no
add action=mark-packet chain=postrouting content=X-Cache:HIT disabled=no \
new-packet-mark=hit passthrough=no
add action=mark-connection chain=prerouting comment=GAME disabled=no \
dst-port=1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6152,7777 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
7341-7350,7451,8085,9600,9601-9602,9300,9376-9377,9400,9700,10001-10011 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port="10402,11011-\
11041,12011,12110,13008,13413,15000-15002,16402-16502,16666,18901-18909,19\
000" new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
19101,22100,27780,28012,29000,29200,39100,39110,39220,39190,40000,49100 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
new-connection-mark=GAMEONLINE passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
00-6152,7777-7977,8001,9401,9600-9602,12020-12080,30000,40000-40010" \
new-connection-mark=GAMEONLINE passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
42051-42052,11100-11125,11440-11460 new-connection-mark=GAMEONLINE \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=GAMEONLINE disabled=\
no new-packet-mark=online passthrough=no
add action=mark-connection chain=prerouting content=facebook.com disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=fbcdn.net disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=facebook.net disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=zynga.com disabled=no \
new-connection-mark=fb_game passthrough=yes
add action=mark-connection chain=prerouting content=\
static.ak.connect.facebook.com disabled=no new-connection-mark=fb_game \
passthrough=yes
add action=mark-connection chain=prerouting content=\
statics.poker.static.zynga.com disabled=no new-connection-mark=fb_game \
passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-port=9339,843 \
new-connection-mark=fb_game passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=fb_game disabled=no \
new-packet-mark=gamefb passthrough=no
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
users-con passthrough=yes src-address=!192.168.1.1 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=users-con disabled=no \
new-packet-mark=users passthrough=yes
add action=mark-connection chain=prerouting comment=IDM disabled=no \
layer7-protocol=download new-connection-mark=idm passthrough=yes \
src-address=!192.168.1.1 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=idm disabled=no \
new-packet-mark=idm passthrough=no
add action=mark-connection chain=prerouting comment=Browsing disabled=no \
layer7-protocol=google new-connection-mark=google passthrough=yes \
src-address=!192.168.1.1 src-address-list=!IP
add action=mark-packet chain=forward connection-mark=google disabled=no \
new-packet-mark=google passthrough=no src-address=!192.168.1.1
add action=mark-connection chain=prerouting disabled=no layer7-protocol=\
youtube new-connection-mark=stream-idm passthrough=yes src-address=\
!192.168.1.1 src-address-list=!IP
add action=mark-packet chain=prerouting connection-mark=stream-idm disabled=\
no new-packet-mark=stream-idm passthrough=no
add action=mark-connection chain=prerouting comment=ICMP disabled=no \
new-connection-mark="paket ic" passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark="paket ic" disabled=\
no new-packet-mark="paket ip" passthrough=yes
add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
"paket ip"
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
53 new-connection-mark="paket dc" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
new-connection-mark="paket dc" passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark="paket dc" disabled=\
no new-packet-mark="paket dp" passthrough=yes
add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
"paket dp"
add action=mark-connection chain=prerouting comment="MIVO TV" disabled=no \
layer7-protocol=http-video new-connection-mark=paket-mtc passthrough=yes \
src-address=!192.168.1.1 src-address-list=!IP
add action=mark-packet chain=forward connection-mark=paket-mtc disabled=no \
new-packet-mark=paket-mtc passthrough=no
add action=mark-connection chain=prerouting comment=Camfrog disabled=no \
dst-port=2779,6667 new-connection-mark=camfrog passthrough=yes protocol=\
tcp
add action=mark-packet chain=prerouting connection-mark=camfrog disabled=no \
new-packet-mark=camfrog passthrough=no
add action=mark-connection chain=forward comment=bittorent disabled=no \
layer7-protocol=bittorent new-connection-mark=bittorent-limit \
passthrough=yes
add action=mark-packet chain=forward connection-mark=bittorent-limit \
disabled=no new-packet-mark=packet-bittorent passthrough=no
add action=mark-connection chain=forward comment=torrent-wws disabled=no \
layer7-protocol=torrent-wws new-connection-mark=wws-limit passthrough=yes
add action=mark-packet chain=forward connection-mark=wws-limit disabled=no \
new-packet-mark=packet-wws passthrough=no
add action=mark-connection chain=forward comment=torrent-www disabled=no \
layer7-protocol=torrent-www new-connection-mark=www-limit passthrough=yes
add action=mark-packet chain=forward connection-mark=www-limit disabled=no \
new-packet-mark=packet-www passthrough=no
add action=mark-connection chain=forward comment=torrent-allp2p disabled=no \
new-connection-mark=allp2p-limit p2p=all-p2p passthrough=yes
add action=mark-packet chain=forward connection-mark=allp2p-limit disabled=no \
new-packet-mark=packet-allp2p passthrough=no
add action=mark-connection chain=forward comment=torrent-port disabled=no \
new-connection-mark=port-limit passthrough=yes protocol=tcp src-port=\
58561,58045,14948,58008,58816,59097
add action=mark-packet chain=forward connection-mark=port-limit disabled=no \
new-packet-mark=packet-port passthrough=no

/ip firewall nat

add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24

/ip route
add check-gateway=arp disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
PPPoE-1 routing-mark=Route1 scope=255 target-scope=10
add check-gateway=arp disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
PPPoE-1 routing-mark=Route1 scope=255 target-scope=10
add check-gateway=arp disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
PPPoE-2 routing-mark=Route2 scope=255 target-scope=10
add check-gateway=arp disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
PPPoE-2 routing-mark=Route2 scope=255 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-1 scope=255 \
target-scope=10

/system clock
set time-zone-name=Asia/Jakarta

/system ntp client

set enabled=yes mode=unicast primary-ntp=202.71.109.130 secondary-ntp=\
65.55.21.23
/system scheduler
add disabled=no interval=15m name="cache flush" on-event=cacheflush policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \
start-time=startup
add disabled=no interval=1d name=antinetcut1 on-event=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup
add disabled=no interval=1d name=antinetcut2 on-event=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup
add disabled=no interval=6h name=ntp on-event=ntp policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/25/2013 start-time=06:57:11
add disabled=no interval=6h name=ntp2 on-event=ntp2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/25/2013 start-time=06:57:32
add disabled=no interval=1d name=dnschange on-event=dnschange policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-time=startup

/system script
add name=cacheflush policy=ftp,reboot,read,write,policy,test,winbox,password \
source="/ip dns cache flush"
add name=antinetcut1 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":local hosts [/ip dhcp-server lease find]\r\
\n:local pcname \"X\"\r\
\n:local pcnum 0\r\
\n:global hacklist \"\"\r\
\n:foreach h in \$hosts do={\r\
\n:local host [/ip dhcp-server lease get \$h host-name]\r\
\n:if ([:len \$host] >0) do {\r\
\n:set pcname (\$pcname . \",\" . \$host)\r\
\n:set pcnum (\$pcnum + 1)\r\
\n}\r\
\n}\r\
\n:foreach h in \$pcname do={\r\
\n:local hh 0\r\
\n:if (!([:find \$hacklist \$h]>=0)) do={\r\
\n:foreach k in \$pcname do={ :if (\$k=\$h) do={:set hh (\$hh + 1) } }\r\
\n:if (\$hh>2) do={\r\
\n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h)}\
\_else={:set hacklist \$h}\r\
\n}\r\
\n}\r\
\n}\r\
\n:local timer [:pick [/system clock get time] 3 5]\r\
\n:if ((\$switch > 0) || (\$timer >= \"58\")) do={\r\
\n:log warning (\"New Hacklist: \" . \$hacklist)"
add name=antinetcut2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="# use global hacklist variable\r\
\n#:log info (\$hacklist)\r\
\n:foreach host in \$hacklist do={\r\
\n:foreach i in= [/ip dhcp-server lease find host-name \$host] do={\r\
\n:local ipnum [/ip dhcp-server lease get \$i address]\r\
\n:local unum [/ip hotspot active find address \$ipnum]\r\
\n:if ([:len \$unum] >0) do {\r\
\n:local usr [/ip hotspot active get \$unum user]\r\
\n:log warning (\$host . \" \" . \$ipnum . \" \" . \$usr)\r\
\n#next line kick them out right now, could also check pppoe\r\
\n/ip hotspot active remove \$unum\r\
\n#other stuff can do now with the identified IP and USER\r\
\n}\r\
\n}\r\
\n}"
add name=ntp policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/system ntp client set enabled=yes mode=unicast primary-ntp=202.71\
.109.130 secondary-ntp=65.55.21.23\r\
\n"
add name=ntp2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/system clock set time-zone-name=Asia/Jakarta"
add name=dnschange policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/ip dns set servers=203.130.193.74,203.130.206.250 allow-remote-re\
quests=yes"

Anda mungkin juga menyukai

Setting Mikrotik Untuk Game Online Campur Browsing
Belum ada peringkat
Setting Mikrotik Untuk Game Online Campur Browsing
17 halaman
Tutorial Mikrotik PDF
Belum ada peringkat
Tutorial Mikrotik PDF
120 halaman
Ppt02 - Pengenalan MikroTik Router
Belum ada peringkat
Ppt02 - Pengenalan MikroTik Router
28 halaman
User Management Dan Blokir Situs Lengkap
Belum ada peringkat
User Management Dan Blokir Situs Lengkap
27 halaman
Mtcume Des 2012
100% (3)
Mtcume Des 2012
245 halaman
Scipt Isp Khusus Game
Belum ada peringkat
Scipt Isp Khusus Game
14 halaman
Mtctce 2017R1
Belum ada peringkat
Mtctce 2017R1
178 halaman
Tutorial Setting Mikrotik Squid Proxy External Cyber Cow)
0% (1)
Tutorial Setting Mikrotik Squid Proxy External Cyber Cow)
21 halaman
Setting Mikrotik
Belum ada peringkat
Setting Mikrotik
39 halaman
Pre Mtcna Rev2015
Belum ada peringkat
Pre Mtcna Rev2015
389 halaman
Script v1
Belum ada peringkat
Script v1
12 halaman
Tutorial Sederhana Mikrotik Speedy
100% (11)
Tutorial Sederhana Mikrotik Speedy
32 halaman
Mahir Administrasi Server Dan Router Dengan Linux Ubuntu Server 12 04 LTS
Belum ada peringkat
Mahir Administrasi Server Dan Router Dengan Linux Ubuntu Server 12 04 LTS
224 halaman
WDS Bridge HWMP
Belum ada peringkat
WDS Bridge HWMP
59 halaman
Pengenalan Mikrotik
Belum ada peringkat
Pengenalan Mikrotik
15 halaman
Job Sheet Instal & Konfigurasi Debian
Belum ada peringkat
Job Sheet Instal & Konfigurasi Debian
40 halaman
MTCRE RouterCOid Agutustus 2016 Full
100% (1)
MTCRE RouterCOid Agutustus 2016 Full
108 halaman
Asasxeeewqq 122
Belum ada peringkat
Asasxeeewqq 122
25 halaman
Tutorial Membuat Jaringan Lan Dan Hotspot Dengan Mikroti1
100% (1)
Tutorial Membuat Jaringan Lan Dan Hotspot Dengan Mikroti1
76 halaman
4.14 Mengkonfigurasi Manajemen Bandwidth
Belum ada peringkat
4.14 Mengkonfigurasi Manajemen Bandwidth
16 halaman
Cara Copy Script Mikrotik
Belum ada peringkat
Cara Copy Script Mikrotik
1 halaman
Filekuy
Belum ada peringkat
Filekuy
16 halaman
Mangle
Belum ada peringkat
Mangle
15 halaman
Perintah Dasar
100% (1)
Perintah Dasar
6 halaman
Tutorial Router Alfa
Belum ada peringkat
Tutorial Router Alfa
19 halaman
Laporan Manajemen Bandwidth
Belum ada peringkat
Laporan Manajemen Bandwidth
9 halaman
Cara Setting MikroTik RB750
Belum ada peringkat
Cara Setting MikroTik RB750
36 halaman
Bandwidth Mikrotik
Belum ada peringkat
Bandwidth Mikrotik
30 halaman
Soal LKS - Day 2 Ind
Belum ada peringkat
Soal LKS - Day 2 Ind
7 halaman
Konfigurasi Firewall Pada Mikrotik
Belum ada peringkat
Konfigurasi Firewall Pada Mikrotik
11 halaman
DNS Server
Belum ada peringkat
DNS Server
36 halaman
Setting Mikrotik Untuk Warnet 1 Mbps Speedy
Belum ada peringkat
Setting Mikrotik Untuk Warnet 1 Mbps Speedy
4 halaman
Langkah Instalasi Webmin, DNS, Web Server
Belum ada peringkat
Langkah Instalasi Webmin, DNS, Web Server
8 halaman
4 Tehnik Cara Blokir Situs Di MikroTik
Belum ada peringkat
4 Tehnik Cara Blokir Situs Di MikroTik
11 halaman
Setting Mikrotik PPPoE Sebagai Gateway
Belum ada peringkat
Setting Mikrotik PPPoE Sebagai Gateway
13 halaman
Ebook Mikrotik
Belum ada peringkat
Ebook Mikrotik
2 halaman
Konfigurasi Firewall Pada Router Konfigurasi Firewall Pada Mikrotik Router
Belum ada peringkat
Konfigurasi Firewall Pada Router Konfigurasi Firewall Pada Mikrotik Router
4 halaman
Game Port Mikrotik
100% (1)
Game Port Mikrotik
3 halaman
Radius Server and Mikrotik
Belum ada peringkat
Radius Server and Mikrotik
13 halaman
Tutorial DHCP Relay
Belum ada peringkat
Tutorial DHCP Relay
6 halaman
BGP-Peer, Memisahkan Routing Dan Bandwidth Management: Kategori
Belum ada peringkat
BGP-Peer, Memisahkan Routing Dan Bandwidth Management: Kategori
8 halaman
Mengamankan Mikrotik Dari Virus
Belum ada peringkat
Mengamankan Mikrotik Dari Virus
6 halaman
Setting Mikrotik Vlan and Wifi Voucher
Belum ada peringkat
Setting Mikrotik Vlan and Wifi Voucher
11 halaman
Cara Limit Youtube Video Streaming Dengan Layer7 Protocol Mikrotik
Belum ada peringkat
Cara Limit Youtube Video Streaming Dengan Layer7 Protocol Mikrotik
1 halaman
36626cara Setting MikroTik Sebagai DHCP Server
Belum ada peringkat
36626cara Setting MikroTik Sebagai DHCP Server
17 halaman
Membuat DNS Master, Slave, Mail, Web Server Beda Komputer
Belum ada peringkat
Membuat DNS Master, Slave, Mail, Web Server Beda Komputer
6 halaman
Cara Membagi Bandwidth Otomatis Sama Rata Di MikroTik RB 750
100% (1)
Cara Membagi Bandwidth Otomatis Sama Rata Di MikroTik RB 750
29 halaman
99-MTCTCE-LAB Session PDF
Belum ada peringkat
99-MTCTCE-LAB Session PDF
8 halaman
Setting Mikrotik Lengkap
Belum ada peringkat
Setting Mikrotik Lengkap
23 halaman
Setting Mikrotik Browsing
Belum ada peringkat
Setting Mikrotik Browsing
6 halaman
Tutorial Bandwidth Mikrotik - Limited Download, Unlimited Browsing Menggunakan Layer 7 - Kumpulan Tutorial Mikrotik Indonesia
Belum ada peringkat
Tutorial Bandwidth Mikrotik - Limited Download, Unlimited Browsing Menggunakan Layer 7 - Kumpulan Tutorial Mikrotik Indonesia
14 halaman
Cara Setting Mikrotik Dengan ISP Speedy
Belum ada peringkat
Cara Setting Mikrotik Dengan ISP Speedy
16 halaman
Konfigurasi Queue Tree Secara Outomatis
Belum ada peringkat
Konfigurasi Queue Tree Secara Outomatis
2 halaman
Settingan Terbaik Mikrotik Untuk Warnet
Belum ada peringkat
Settingan Terbaik Mikrotik Untuk Warnet
8 halaman
Instalasi Dan Konfigurasi Mikrotik CHR Pada Proxmox Ve 5.1
Belum ada peringkat
Instalasi Dan Konfigurasi Mikrotik CHR Pada Proxmox Ve 5.1
5 halaman
Sistem Scheduler Di Mikrotik Dan Contoh Penggunaannya
Belum ada peringkat
Sistem Scheduler Di Mikrotik Dan Contoh Penggunaannya
3 halaman
Bypass LAN Dari Simple Queue Mikrotik
Belum ada peringkat
Bypass LAN Dari Simple Queue Mikrotik
4 halaman
Setting Mikrotik SDSL Speedy
Belum ada peringkat
Setting Mikrotik SDSL Speedy
2 halaman
Cara Setting MikroTik Untuk Warnet Game Online
Belum ada peringkat
Cara Setting MikroTik Untuk Warnet Game Online
5 halaman
Step by Step Konfigurasi Mikrotik Router For Speedy Connection
Belum ada peringkat
Step by Step Konfigurasi Mikrotik Router For Speedy Connection
2 halaman