/ip firewall mangle add chain=forward src-address=10.10.5.0/24 action=mark-connection new-connection-mark=users-con
/ip firewall mangle add connection-mark=users-con action=mark-packet new-packet-mark=users chain=forward
/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address
/queue tree add parent=ether1 queue=pcq-download packet-mark=users
/queue tree add parent=ether2 queue=pcq-upload packet-mark=users
jgn lupa :
ether1 adalah interface lan
ether2 adalah interface wan
ganti yahh klw emg berbeda dengan settingan tsb diatas
salam
Selasa, 18 Agustus 2015
Senin, 17 Agustus 2015
blokir akses internet bagi pengguna handphone dengan mikrotik
automatisasi blokir ip address berdasarkan hostname dengan script & scheduler di mikrotik
drop (blokir) ip address dari dhcp lease yang tidak diinginkan berdasarkan hostname, disini saya berikan contoh semua yg memakai hp android:
script 1 : melakukan pencarian di filter, jika ip yg dimaksud ada maka akan di hapus terlebih dahulu agar tidak terjadi dupilkasi
:local ipfilter value=[/ip firewall filter find]; :foreach looping in=$ipfilter do={:local komen value=[/ip firewall filter get $looping value-name=comment]; :if ($komen="android") do={/ip firewall filter remove $looping}};
script akan saya namakan : hapus-filter-android
Script 2 : menambahkan ip address pada firewall filter lalu di lakukan drop (blokir) agar android tidak dapat mengakses internet.
:local bnyklease value=[/ip dhcp-server lease find]; :foreach looping in=$bnyklease do={:local namahost value=[:pick [/ip dhcp-server lease get $looping value-name=host-name] 0 7]; :local ipadd1 value=[/ip dhcp-server lease get $looping value-name=active-address]; :if ($namahost="android") do={/ip firewall filter add chain=forward action=drop dst-address=$ipadd1 disabled=no comment=$namahost}};
script akan saya namakan : drop-android
jangan lupa interface namenya (local) disesuaikan dengan interface name dijaringan yahh
jika script diatas sudah dibuat maka kita tinggal membuat schedule atau jadwal untuk mengeksekusi script.
untuk menambahkan 2 script diatas di 1 scheduler maka scriptnya seperti berikut :
/system script run hapus-filter-android
/system script run drop-android
https://www.facebook.com/notes/wong-lawas/automatisasi-blokir-ip-address-berdasarkan-hostname-dengan-script-scheduler-di-m/684255344977928
Jumat, 14 Agustus 2015
blok virus dan gameonline
/ip firewall filter
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="RF indo" disabled=yes
add chain=forward src-address=202.93.20.218 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="Idol street" disabled=yes
add chain=forward src-address=202.93.20.172 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=209.190.9.202 protocol=tcp action=drop comment="RF Poa n Blitz" disabled=yes
add chain=forward src-address=75.125.122.98 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.215 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=209.51.218.170 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.0/24 protocol=tcp action=drop comment="ayodance" disabled=yes
add chain=forward src-address=122.102.49.70 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.71 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.72 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.73 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.74 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.75 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.76 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.77 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.78 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.79 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.80 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.48.0/24 protocol=tcp action=drop comment="Megaxus" disabled=yes
add chain=forward src-address=119.110.77.1 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.2 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.3 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.4 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.5 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.6 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.7 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.50.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.51.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.52.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.53.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.54.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.55.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment="IP LYTO BRO" disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”RF indo” disabled=yes
add chain=forward src-address=202.93.20.218 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”Idol street” disabled=yes
add chain=forward src-address=202.93.20.172 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=209.190.9.202 protocol=tcp action=drop comment=”RF Poa n Blitz” disabled=yes
add chain=forward src-address=75.125.122.98 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.215 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=209.51.218.170 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.0/24 protocol=tcp action=drop comment=”ayodance” disabled=yes
add chain=forward src-address=122.102.49.70 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.71 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.72 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.73 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.74 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.75 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.76 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.77 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.78 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.79 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.80 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.48.0/24 protocol=tcp action=drop comment=”Megaxus” disabled=yes
add chain=forward src-address=119.110.77.1 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.2 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.3 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.4 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.5 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.6 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.7 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.50.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.51.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.52.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.53.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.54.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.55.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment=”IP LYTO BRO” disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment=”IP LYTO BRO” disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="RF indo" disabled=yes
add chain=forward src-address=202.93.20.218 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="Idol street" disabled=yes
add chain=forward src-address=202.93.20.172 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=209.190.9.202 protocol=tcp action=drop comment="RF Poa n Blitz" disabled=yes
add chain=forward src-address=75.125.122.98 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.215 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=209.51.218.170 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.0/24 protocol=tcp action=drop comment="ayodance" disabled=yes
add chain=forward src-address=122.102.49.70 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.71 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.72 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.73 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.74 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.75 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.76 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.77 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.78 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.79 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.49.80 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.48.0/24 protocol=tcp action=drop comment="Megaxus" disabled=yes
add chain=forward src-address=119.110.77.1 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.2 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.3 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.4 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.5 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.6 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=119.110.77.7 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.50.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.51.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.52.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.53.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.54.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=122.102.55.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment="IP LYTO BRO" disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment="" disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”RF indo” disabled=yes
add chain=forward src-address=202.93.20.218 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”Idol street” disabled=yes
add chain=forward src-address=202.93.20.172 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=209.190.9.202 protocol=tcp action=drop comment=”RF Poa n Blitz” disabled=yes
add chain=forward src-address=75.125.122.98 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.215 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=209.51.218.170 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.0/24 protocol=tcp action=drop comment=”ayodance” disabled=yes
add chain=forward src-address=122.102.49.70 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.71 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.72 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.73 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.74 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.75 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.76 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.77 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.78 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.79 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.49.80 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.48.0/24 protocol=tcp action=drop comment=”Megaxus” disabled=yes
add chain=forward src-address=119.110.77.1 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.2 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.3 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.4 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.5 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.6 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=119.110.77.7 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.50.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.51.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.52.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.53.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.54.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=122.102.55.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment=”IP LYTO BRO” disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.16.0/24 protocol=tcp action=drop comment=”IP LYTO BRO” disabled=yes
add chain=forward src-address=202.93.17.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.18.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.19.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.20.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.21.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.22.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.23.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.24.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.25.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.26.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.27.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.28.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.29.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.30.0/24 protocol=tcp action=drop comment=”” disabled=yes
add chain=forward src-address=202.93.31.0/24 protocol=tcp action=drop comment=”” disabled=yes
Selasa, 11 Agustus 2015
blok torrent di mikrotik
langsung saja..
copy kan scrpt dibawah ini dengan tentunya ganti ether1 dengan nama ether jaringan anda yang terhubung ke lan
/ip firewall filter
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 1: Classic non security torrent [adamonline.web.id]" in-interface=\
ether1 p2p=all-p2p
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 2: outgoing DHT [adamonline.web.id]" content=d1:ad2:id20: dst-port=\
1025-65535 in-interface=ether1 packet-size=95-190 protocol=udp
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 3: outgoing TCP announce [adamonline.web.id]" content="info_hash=" \
dst-port=27 in-interface=ether1 protocol=tcp
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 5: 6771 block Local Broadcast [adamonline.web.id]" content=\
"\r\
\nInfohash:" dst-port=6771 in-interface=ether1 protocol=udp
add action=drop chain=forward comment=\
"TORRENT No 4: prohibits download .torrent files. [adamonline.web.id]" content=\
.torrent dst-port=80 in-interface=ether1 protocol=tcp
add action=drop chain=forward comment=\
"TORRENT No. 5 : Finally we drop all torrent connection [adamonline.web.id]" \
dst-address-list=torrent
copy kan scrpt dibawah ini dengan tentunya ganti ether1 dengan nama ether jaringan anda yang terhubung ke lan
/ip firewall filter
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 1: Classic non security torrent [adamonline.web.id]" in-interface=\
ether1 p2p=all-p2p
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 2: outgoing DHT [adamonline.web.id]" content=d1:ad2:id20: dst-port=\
1025-65535 in-interface=ether1 packet-size=95-190 protocol=udp
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 3: outgoing TCP announce [adamonline.web.id]" content="info_hash=" \
dst-port=27 in-interface=ether1 protocol=tcp
add action=add-dst-to-address-list address-list=torrent chain=forward comment=\
"TORRENT No 5: 6771 block Local Broadcast [adamonline.web.id]" content=\
"\r\
\nInfohash:" dst-port=6771 in-interface=ether1 protocol=udp
add action=drop chain=forward comment=\
"TORRENT No 4: prohibits download .torrent files. [adamonline.web.id]" content=\
.torrent dst-port=80 in-interface=ether1 protocol=tcp
add action=drop chain=forward comment=\
"TORRENT No. 5 : Finally we drop all torrent connection [adamonline.web.id]" \
dst-address-list=torrent
Mengamankan jaringan mikrotik
/ip firewall filter
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=udp
add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward disabled=no jump-target=virus
add action=drop chain=input connection-state=invalid disabled=no
add action=accept chain=input disabled=no protocol=udp
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=accept chain=input disabled=no dst-port=21 protocol=tcp
add action=accept chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix="DROP INPUT"
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix="DROP INPUT"
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
blokir facebook berdasarkan address list di mikrotik
Konfigurasi Menggunakan WinBox
Pada tutorial ini saya menggunakan winbox sebagai media konfigurasinya, akan tetapi sobat semua bisa menggunakan telnet atau basis text tapi menyesuaikan sendiri yah.Oke, sekarang siapkan winbox dan login di Router MikroTik masing masing yah.
YANG PERTAMA, buat dulu list addres di
- IP
- Firewall
- Address List
- lalu tekan (+) lalu isi Name firewall address list nya dengan : fb-blok, kemudian biarkan address nya berisi 0.0.0.0 saja
Buat Mangle Rule
Pertama kita membuat Mangle rule di mikrotik kita, mangle gunanya untuk mengelompokkan atau menjaring suatu paket dan menamai kelompok paket tersebut.Masuk menu IP > Firewall
Masuk tab Mangle
Klik tombol Add (Simbol + warna merah)
pada tab general kita isikan konfigurasi seperti berikut
Chain = forward
Src. Address = 0.0.0.0/0 (artinya kita menjaring dari semua koneksi)
Contoh dapat di lihat gambar di bawah yang di lingkari merah.
Action = add dst to address list
Address list = fb-blok
Di sini kita akan memasukkan ip yang dituju kedalam sebuah address list yaitu fb-blok yang nantinya akan di gunakan untuk memblok ip tersebut. nama address listnya tidak harus fb-blok, dapat di sesuaikan selera masing masing.
Membuat Filter Rule
Disini kita akan me-reject koneksi yang menuju ip facebook caranya dengan menambahkan Filter rule.Masuk ke meu Ip > Firewall > (tab) Filter Rule klik add
Konfigurasi pada tab general kita setting chain : forward
Src. Address List : fb-allowed
Dst. Address List : fb-blok
Kemudian klik kotak kecil di depan isian Src.Address List sehingga muncul tanda ! (not).
Disini kita akan membuat filter rule yang berlaku terhadap koneksi yang menuju address list fb-blok yang tadi sudah dibuat oleh mangle secara otomatis dengan alamat pengakses (source addres) yang bukan dari ip fb-allowed (kita buat nanti) yaitu alamat ip siapa saja yang boleh mengakses facebook.
Membuat Address List untuk Allowed User
Selanjutnya kita buat siapa saja yang boleh mengakses facebook dengan menambahkan address list dengan nama fb-allowed.Masuk Menu Ip > Firewall > (tab) Address List Kemudian klik add atau tombol + warna merah.
Selamat Mencoba
https://sucipto.net/2013/06/12/cara-blokir-akses-facebook-http-dan-https-di-mikrotik/
Selasa, 04 Agustus 2015
Mengaktifkan dan me non aktifkan hotspot pada waktu tertentu
Selamat sore...
ada beberapa teman yang berpikiran agar pada saat tertentu hotspot di aktifkan dan pada saat tertentu hotspot di non aktifkan. hal ini terutama bagi rekan2 kerja yang begadang di sekolah. yang mana apabila hotspot masih berfungsi maka otomatis semua akses dibatasi kecepatannya tergantung dari user login nya..
akhirnya ketemu ide utk membuat schedule hotspot, dengan langkah sbb:
1. buat script hotspot enable, dengan cara:
- klik system
- klik script
- klik (+)
- isi nama script tersebut (saya sih ngasih namanya: hotspot_enable)
- lalu isi kan scrip nya : /ip hotspot enable hotspot1
2. buat script hotspot disable, dengan cara:
- klik system
- klik script
- klik (+)
- isi nama script tersebut (saya sih ngasih namanya: hotspot_disable)
- lalu isi kan scrip nya : /ip hotspot disable hotspot1
3. buat schedule hotspot aktif, dengan cara:
- klik system
- klik scheduler
- klik (+)
- isi nama schedule nya
- tentukan kapan schedule tsb aktif
- tentukan interval nya (contoh : 1d 00:00:00), artinya schedule ini akan aktif tiap 24 jam
- dalam on event : isikan nama script yang tadi dibuat (contoh: hotspot_enable)
4. buat schedule hotspot off, dengan cara:
- klik system
- klik scheduler
- klik (+)
- isi nama schedule nya
- tentukan kapan schedule tsb aktif
- tentukan interval nya (contoh : 1d 00:00:00), artinya schedule ini akan aktif tiap 24 jam
- dalam on event : isikan nama script yang tadi dibuat (contoh: hotspot_disable)
done.....
selamat mencoba
ada beberapa teman yang berpikiran agar pada saat tertentu hotspot di aktifkan dan pada saat tertentu hotspot di non aktifkan. hal ini terutama bagi rekan2 kerja yang begadang di sekolah. yang mana apabila hotspot masih berfungsi maka otomatis semua akses dibatasi kecepatannya tergantung dari user login nya..
akhirnya ketemu ide utk membuat schedule hotspot, dengan langkah sbb:
1. buat script hotspot enable, dengan cara:
- klik system
- klik script
- klik (+)
- isi nama script tersebut (saya sih ngasih namanya: hotspot_enable)
- lalu isi kan scrip nya : /ip hotspot enable hotspot1
2. buat script hotspot disable, dengan cara:
- klik system
- klik script
- klik (+)
- isi nama script tersebut (saya sih ngasih namanya: hotspot_disable)
- lalu isi kan scrip nya : /ip hotspot disable hotspot1
3. buat schedule hotspot aktif, dengan cara:
- klik system
- klik scheduler
- klik (+)
- isi nama schedule nya
- tentukan kapan schedule tsb aktif
- tentukan interval nya (contoh : 1d 00:00:00), artinya schedule ini akan aktif tiap 24 jam
- dalam on event : isikan nama script yang tadi dibuat (contoh: hotspot_enable)
4. buat schedule hotspot off, dengan cara:
- klik system
- klik scheduler
- klik (+)
- isi nama schedule nya
- tentukan kapan schedule tsb aktif
- tentukan interval nya (contoh : 1d 00:00:00), artinya schedule ini akan aktif tiap 24 jam
- dalam on event : isikan nama script yang tadi dibuat (contoh: hotspot_disable)
done.....
selamat mencoba
Langganan:
Postingan (Atom)