| Home | Posts RSS | Comments RSS | Edit


Custom Search
CO.CC:Free Domain

Sabtu, 03 Januari 2009

Settingan Mikrotik di kantor

Setelah ngalor-ngidul mencari router+gateway internet buat ngatur akses internet dikantor akhirnya diputuskan untuk mencoba Mikrotik (akibat saran dari seorang teman sewaktu bantuin setting diwarnetnya......thanks brooo).
Sebelumnya sempat dicoba IPCOP juga ebox dan beberapa program sejenis. Namun menurut saya yang paling mengakomodir keinginan saya dalam mengelola akses internet di kantor adalah Mikrotik. Berkat bantuan toolnya yg bernama winbox maka segala konfigurasi dapat diatur dengan lebih mudah dikarenakan berupa GUI yang berjalan di platform Win**s, namun dengan bantuan program wine winbox pun dapat berjalan di platform linux.
Untuk teknis penginstallan dapat merujuk ke website dari mikrotik, yang mana dengan spek komputer sekarang (walaupun mikrotik sendiri dapat berjalan di p3) tidak dibutuhkan waktu lama untuk menginstallnya.
Sebagai tambahan informasi, Mikrotik bukan software yang freeware. Untuk menggunakannya kita diharuskan membeli lisensi yang harganya bergantung pada level-nya. untuk level 4 (level yang paling umum digunakan...harganya sewaktu tulisan ini dibuat sekitar 300 ribuan).
Bagi anda yang tidak ingin membeli lisensi namun ingin mengetahui kemampuan dari mikrotik, di internet tersedia banyak link yang mengarah ke mikrotik versi crack. Mikrotik versi crack yang beredar diinternet kebanyakan rilis 2.9.6 dan rilis 2.9.27
Cukup perkenalan dengan mikrotiknya, selanjutnya saya mau kasih config dari mikrotik yang saya gunakan dikantor. Config ini untuk mengakomodir beberapa rule yang saya ingin terapkan, seperti :
  1. Dikarenakan di LAN saya ada sekitar 60 PC namun saya ingin tidak semua PC ini dapat mengakses internet.
  2. Pembatasan jam koneksi untuk browsing (hanya saat jam kerja bisa browsing, selebihnya off), pembatasan jam koneksi untuk yahoo messenger (saya atur dari jam 10 pagi s/d jam 1 siang)
  3. Disamping mikrotik, saya juga membangun sebuah webproxy dengan menggunakan smoothwall. Untuk itu saya harus memaksa agar client menggunakan proxy ini dibrowsernya.
  4. Beberapa filter/firewall untuk mengamankan jaringan LAN saya dari serangan luar.
berikut ini adalah config mikrotiknya :
# jan/02/2009 15:57:10 by RouterOS 3.17
# software id = ANZ5-GFN
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:50:04:13:C9:6F mtu=1500 name=WAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:01:03:40:B2:11 mtu=1500 name=PROXY speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:50:04:99:AE:23 mtu=1500 name=LAN speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:11:2F:2C:AD:B6 mtu=1500 name=ether3 speed=100Mbps
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=phallelobhejat \
tls-certificate=none tls-mode=no-certificates unicast-ciphers="" \
wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name=default \
open-status-page=always shared-users=1 status-autorefresh=1m \
transparent-proxy=yes
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=pptp ranges=192.168.10.1-192.168.10.50
/port
set 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=\
none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=default comment="" dns-server=192.168.0.245 local-address=\
192.168.0.245 name=pptp-in only-one=default remote-address=pptp \
use-compression=default use-encryption=required use-vj-compression=\
default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
"" dial-on-demand=no disabled=no interface=WAN max-mru=1480 max-mtu=1480 \
mrru=disabled name=pppoe-out1 password=xxxxxxxxx profile=default \
service-name="" use-peer-dns=no user=xxxxxxxxxx@telkom.net
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-hit packet-marks=proxy-hit parent=none \
priority=4 queue=default/default total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-iix packet-marks=iix-pkt parent=none \
priority=6 queue=default/default target-addresses=192.168.10.2/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=proxy-intl packet-marks=intl-pkt parent=none \
priority=6 queue=default/default target-addresses=192.168.10.2/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.129-iix packet-marks=iix-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.129/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.129-intl packet-marks=intl-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.129/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.128-iix packet-marks=iix-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.128/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name=0.128-intl packet-marks=intl-pkt parent=none \
priority=8 queue=default/default target-addresses=192.168.0.128/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.106-iix (Dr Yuli)" packet-marks=iix-pkt parent=\
none priority=8 queue=default/default target-addresses=192.168.0.106/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.106-intl (Dr yuli)" packet-marks=intl-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.106/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.138-iix (Direktur)" packet-marks=iix-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.138/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN limit-at=\
0/0 max-limit=0/0 name="0.138-intl (Direktur)" packet-marks=intl-pkt \
parent=none priority=8 queue=default/default target-addresses=\
192.168.0.138/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=urgent packet-marks=iix-pkt parent=none priority=8 \
queue=pcq-upload/pcq-download target-addresses=192.168.0.120/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=yes dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name=urgent2 packet-marks=intl-pkt parent=none \
priority=8 queue=pcq-upload/pcq-download target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=192000/384000 burst-threshold=80000/192000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=32000/128000 max-limit=128000/256000 name=intl-client-prnt \
packet-marks=intl-pkt parent=none priority=8 queue=\
pcq-upload/pcq-download target-addresses="192.168.1.104/32,192.168.1.118/3\
2,192.168.0.100/32,192.168.0.115/32,192.168.0.110/32,192.168.0.125/32,192.\
168.0.119/32,192.168.0.120/32,192.168.0.123/32,192.168.0.124/32,192.168.0.\
126/32,192.168.0.132/32,192.168.0.135/32,192.168.0.136/32,192.168.0.144/32\
" total-queue=default-small
add burst-limit=192000/384000 burst-threshold=80000/192000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=32000/128000 max-limit=128000/256000 name=iix-client-prnt \
packet-marks=iix-pkt parent=none priority=8 queue=pcq-upload/pcq-download \
target-addresses="192.168.1.104/32,192.168.1.118/32,192.168.0.100/32,192.1\
68.0.115/32,192.168.0.110/32,192.168.0.119/32,192.168.0.120/32,192.168.0.1\
23/32,192.168.0.124/32,192.168.0.125/32,192.168.0.126/32,192.168.0.132/32,\
192.168.0.135/32,192.168.0.136/32,192.168.0.144/32" total-queue=\
default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=1.104-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.104/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=1.104-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.104/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=1.118-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.118/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=1.118-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.1.118/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.115-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.115/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.115-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.115/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.110-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.110/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/32000 max-limit=24000/64000 name=0.110-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.110/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.100-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.100/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.100-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.100/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.119-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.119/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.119-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.119/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.123-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.123/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.123-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.123/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.124-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.124/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.124-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.124/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
8000/8000 max-limit=16000/16000 name=0.125-iix parent=iix-client-prnt \
priority=8 queue=default/default target-addresses=192.168.0.125/32 \
total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
8000/8000 max-limit=16000/16000 name=0.125-intl parent=intl-client-prnt \
priority=8 queue=default/default target-addresses=192.168.0.125/32 \
total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.126-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.126/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.126-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.126/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.132-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.132/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.132-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.132/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.135-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.135/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.135-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.135/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.136-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.136/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.136-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.136/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=16000/64000 max-limit=32000/128000 name=0.120-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.120-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.120/32 total-queue=default-small
add burst-limit=64000/192000 burst-threshold=24000/92000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=LAN \
limit-at=16000/64000 max-limit=32000/128000 name=0.144-iix parent=\
iix-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.144/32 total-queue=default-small
add burst-limit=32000/92000 burst-threshold=16000/48000 burst-time=8s/8s \
comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all \
limit-at=8000/32000 max-limit=24000/64000 name=0.144-intl parent=\
intl-client-prnt priority=8 queue=default/default target-addresses=\
192.168.0.144/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=0/0 name="email mr" parent=none priority=8 queue=\
default/default target-addresses=192.168.3.114/32 total-queue=\
default-small
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=backbone type=\
default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-lines=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote name=remote remote=192.168.0.128:514 target=remote
/user group
add name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sn\
iff,!ftp,!write,!policy"
add name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,sniff,!ftp,!policy"
add name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web,sniff"
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/interface ethernet mirror
set
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:1E:F6:02:1D:83 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=pptp-in enabled=yes \
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.245/24 broadcast=192.168.0.255 comment="" disabled=no \
interface=LAN network=192.168.0.0
add address=192.168.5.1/30 broadcast=192.168.5.3 comment="" disabled=no \
interface=WAN network=192.168.5.0
add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no \
interface=PROXY network=192.168.10.0
/ip arp
add address=192.168.0.104 comment="" disabled=no mac-address=\
00:0C:6E:90:E3:A6
add address=192.168.0.117 comment="" disabled=no mac-address=\
00:04:23:B8:FD:D0
add address=192.168.0.126 comment="" disabled=no mac-address=\
00:0B:6A:48:B1:E0
add address=192.168.0.129 comment="" disabled=no mac-address=\
00:17:31:EF:23:DC
add address=192.168.0.132 comment="" disabled=no mac-address=\
00:0C:6E:90:E4:EA
add address=192.168.0.1 comment="" disabled=no mac-address=00:0F:3D:CE:90:1C
add address=192.168.0.112 comment="" disabled=no mac-address=\
00:17:31:EF:23:D0
add address=192.168.0.128 comment="" disabled=no mac-address=\
00:17:31:EF:23:F9
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=202.134.0.61 secondary-dns=\
202.134.1.5
/ip dns static
add address=192.168.0.117 disabled=no name=www.rskm2.net ttl=1d
add address=192.168.10.2 disabled=no name=rsproxy.com ttl=1d
/ip firewall address-list
add address=192.168.1.104 comment=Filter disabled=no list=LAN
add address=192.168.1.118 comment=Filter disabled=no list=LAN
add address=192.168.0.115 comment=Filter disabled=no list=LAN
add address=192.168.0.110 comment=Filter disabled=no list=LAN
add address=192.168.0.119 comment=Filter disabled=no list=LAN
add address=192.168.0.123 comment=Filter disabled=no list=LAN
add address=192.168.0.124 comment=Filter disabled=no list=LAN
add address=192.168.0.125 comment=Filter disabled=no list=LAN
add address=192.168.0.126 comment=Filter disabled=no list=LAN
add address=192.168.0.128 comment="" disabled=no list=LAN
add address=192.168.0.129 comment="" disabled=no list=LAN
add address=192.168.0.100 comment="" disabled=no list=LAN
add address=192.168.0.135 comment=Filter disabled=no list=LAN
add address=192.168.0.136 comment=Filter disabled=no list=LAN
add address=192.168.0.138 comment=Filter disabled=no list=LAN
add address=192.168.0.144 comment=Filter disabled=no list=LAN
add address=192.168.0.0/24 comment="" disabled=no list=DNS
add address=192.168.1.0/24 comment="" disabled=no list=DNS
add address=192.168.3.0/24 comment="" disabled=no list=DNS
add address=192.168.0.129 comment="" disabled=no list=otr
add address=192.168.0.128 comment="" disabled=no list=otr
add address=192.168.0.120 comment=Filter disabled=no list=LAN
add address=60.191.223.11 comment="" disabled=no list=TONGJI
add address=222.216.28.25 comment="" disabled=no list=TONGJI
add address=125.83.89.62 comment="" disabled=no list=TONGJI
add address=60.191.239.191 comment="" disabled=no list=TONGJI
add address=222.77.187.242 comment="" disabled=no list=TONGJI
add address=61.191.57.228 comment="" disabled=no list=TONGJI
add address=203.209.244.4 comment="" disabled=no list=TONGJI
add address=203.209.244.236 comment="" disabled=no list=TONGJI
add address=119.42.232.242 comment="" disabled=no list=TONGJI
add address=202.165.100.249 comment="" disabled=no list=TONGJI
add address=60.191.223.14 comment="" disabled=no list=TONGJI
add address=222.179.82.118 comment="" disabled=no list=TONGJI
add address=222.216.28.100 comment="" disabled=no list=TONGJI
add address=60.191.223.76 comment="" disabled=no list=TONGJI
add address=121.15.245.218 comment="" disabled=no list=TONGJI
add address=192.168.0.132 comment=Filter disabled=no list=LAN
add address=192.168.0.50 comment="" disabled=no list=LAN
add address=192.168.0.106 comment="" disabled=no list=LAN
add address=192.168.0.106 comment="" disabled=no list=otr
add address=192.168.0.100 comment="" disabled=no list=otr
add address=114.120.0.0/13 comment="" disabled=no list=nice
add address=114.56.0.0/14 comment="" disabled=no list=nice
add address=125.166.0.0/15 comment="" disabled=no list=nice
add address=125.162.0.0/16 comment="" disabled=no list=nice
add address=125.163.0.0/16 comment="" disabled=no list=nice
add address=125.160.0.0/16 comment="" disabled=no list=nice
add address=125.161.0.0/16 comment="" disabled=no list=nice
add address=125.164.0.0/16 comment="" disabled=no list=nice
add address=125.165.0.0/16 comment="" disabled=no list=nice
add address=124.81.0.0/16 comment="" disabled=no list=nice
add address=222.124.0.0/16 comment="" disabled=no list=nice
add address=61.94.0.0/16 comment="" disabled=no list=nice
add address=118.96.0.0/16 comment="" disabled=no list=nice
add address=118.97.0.0/16 comment="" disabled=no list=nice
add address=167.205.0.0/16 comment="" disabled=no list=nice
add address=119.11.128.0/17 comment="" disabled=no list=nice
add address=124.195.0.0/17 comment="" disabled=no list=nice
add address=219.83.0.0/17 comment="" disabled=no list=nice
add address=118.98.0.0/17 comment="" disabled=no list=nice
add address=61.5.0.0/17 comment="" disabled=no list=nice
add address=121.52.0.0/17 comment="" disabled=no list=nice
add address=202.158.0.0/17 comment="" disabled=no list=nice
add address=202.155.0.0/17 comment="" disabled=no list=nice
add address=117.102.64.0/18 comment="" disabled=no list=nice
add address=152.118.128.0/18 comment="" disabled=no list=nice
add address=152.118.192.0/18 comment="" disabled=no list=nice
add address=152.118.0.0/18 comment="" disabled=no list=nice
add address=152.118.64.0/18 comment="" disabled=no list=nice
add address=207.209.192.0/18 comment="" disabled=no list=nice
add address=221.132.192.0/18 comment="" disabled=no list=nice
add address=125.208.128.0/18 comment="" disabled=no list=nice
add address=124.153.0.0/18 comment="" disabled=no list=nice
add address=222.165.192.0/18 comment="" disabled=no list=nice
add address=61.14.0.0/18 comment="" disabled=no list=nice
add address=203.130.192.0/18 comment="" disabled=no list=nice
add address=210.210.128.0/18 comment="" disabled=no list=nice
add address=206.182.192.0/18 comment="" disabled=no list=nice
add address=202.152.0.0/18 comment="" disabled=no list=nice
add address=209.93.224.0/19 comment="" disabled=no list=nice
add address=202.173.64.0/19 comment="" disabled=no list=nice
add address=114.199.96.0/19 comment="" disabled=no list=nice
add address=202.171.0.0/19 comment="" disabled=no list=nice
add address=202.47.192.0/19 comment="" disabled=no list=nice
add address=202.169.32.0/19 comment="" disabled=no list=nice
add address=202.182.160.0/19 comment="" disabled=no list=nice
add address=117.102.224.0/19 comment="" disabled=no list=nice
add address=202.51.192.0/19 comment="" disabled=no list=nice
add address=202.149.128.0/19 comment="" disabled=no list=nice
add address=202.146.224.0/19 comment="" disabled=no list=nice
add address=202.159.64.0/19 comment="" disabled=no list=nice
add address=202.155.128.0/19 comment="" disabled=no list=nice
add address=202.95.128.0/19 comment="" disabled=no list=nice
add address=202.152.224.0/19 comment="" disabled=no list=nice
add address=113.11.128.0/19 comment="" disabled=no list=nice
add address=60.253.96.0/19 comment="" disabled=no list=nice
add address=61.247.0.0/19 comment="" disabled=no list=nice
add address=61.247.32.0/19 comment="" disabled=no list=nice
add address=117.104.192.0/19 comment="" disabled=no list=nice
add address=118.98.160.0/19 comment="" disabled=no list=nice
add address=118.98.192.0/19 comment="" disabled=no list=nice
add address=118.136.0.0/19 comment="" disabled=no list=nice
add address=118.136.32.0/19 comment="" disabled=no list=nice
add address=118.136.64.0/19 comment="" disabled=no list=nice
add address=118.136.96.0/19 comment="" disabled=no list=nice
add address=118.136.128.0/19 comment="" disabled=no list=nice
add address=118.136.160.0/19 comment="" disabled=no list=nice
add address=118.136.192.0/19 comment="" disabled=no list=nice
add address=118.136.224.0/19 comment="" disabled=no list=nice
add address=118.137.0.0/19 comment="" disabled=no list=nice
add address=118.137.32.0/19 comment="" disabled=no list=nice
add address=118.137.64.0/19 comment="" disabled=no list=nice
add address=118.137.96.0/19 comment="" disabled=no list=nice
add address=118.137.128.0/19 comment="" disabled=no list=nice
add address=118.137.160.0/19 comment="" disabled=no list=nice
add address=118.137.192.0/19 comment="" disabled=no list=nice
add address=118.137.224.0/19 comment="" disabled=no list=nice
add address=202.53.224.0/19 comment="" disabled=no list=nice
add address=202.73.96.0/19 comment="" disabled=no list=nice
add address=202.77.96.0/19 comment="" disabled=no list=nice
add address=202.81.32.0/19 comment="" disabled=no list=nice
add address=202.137.0.0/19 comment="" disabled=no list=nice
add address=202.148.0.0/19 comment="" disabled=no list=nice
add address=202.150.64.0/19 comment="" disabled=no list=nice
add address=202.153.128.0/19 comment="" disabled=no list=nice
add address=202.154.0.0/19 comment="" disabled=no list=nice
add address=202.154.32.0/19 comment="" disabled=no list=nice
add address=202.159.0.0/19 comment="" disabled=no list=nice
add address=202.159.32.0/19 comment="" disabled=no list=nice
add address=202.159.96.0/19 comment="" disabled=no list=nice
add address=202.162.192.0/19 comment="" disabled=no list=nice
add address=203.128.64.0/19 comment="" disabled=no list=nice
add address=61.8.64.0/20 comment="" disabled=no list=nice
add address=113.212.112.0/20 comment="" disabled=no list=nice
add address=114.199.80.0/20 comment="" disabled=no list=nice
add address=116.68.160.0/20 comment="" disabled=no list=nice
add address=117.20.48.0/20 comment="" disabled=no list=nice
add address=117.103.0.0/20 comment="" disabled=no list=nice
add address=119.2.64.0/20 comment="" disabled=no list=nice
add address=119.110.64.0/20 comment="" disabled=no list=nice
add address=119.235.208.0/20 comment="" disabled=no list=nice
add address=120.164.0.0/20 comment="" disabled=no list=nice
add address=121.50.128.0/20 comment="" disabled=no list=nice
add address=122.129.96.0/20 comment="" disabled=no list=nice
add address=122.129.192.0/20 comment="" disabled=no list=nice
add address=122.200.0.0/20 comment="" disabled=no list=nice
add address=123.231.224.0/20 comment="" disabled=no list=nice
add address=202.3.208.0/20 comment="" disabled=no list=nice
add address=202.6.208.0/20 comment="" disabled=no list=nice
add address=202.6.224.0/20 comment="" disabled=no list=nice
add address=202.46.64.0/20 comment="" disabled=no list=nice
add address=202.46.144.0/20 comment="" disabled=no list=nice
add address=202.47.64.0/20 comment="" disabled=no list=nice
add address=202.51.224.0/20 comment="" disabled=no list=nice
add address=202.57.0.0/20 comment="" disabled=no list=nice
add address=202.58.64.0/20 comment="" disabled=no list=nice
add address=202.58.160.0/20 comment="" disabled=no list=nice
add address=202.59.160.0/20 comment="" disabled=no list=nice
add address=202.65.112.0/20 comment="" disabled=no list=nice
add address=202.67.32.0/20 comment="" disabled=no list=nice
add address=202.69.96.0/20 comment="" disabled=no list=nice
add address=202.70.48.0/20 comment="" disabled=no list=nice
add address=202.72.208.0/20 comment="" disabled=no list=nice
add address=202.73.224.0/20 comment="" disabled=no list=nice
add address=202.77.64.0/20 comment="" disabled=no list=nice
add address=202.80.112.0/20 comment="" disabled=no list=nice
add address=202.80.208.0/20 comment="" disabled=no list=nice
add address=202.87.176.0/20 comment="" disabled=no list=nice
add address=202.93.16.0/20 comment="" disabled=no list=nice
add address=202.93.32.0/20 comment="" disabled=no list=nice
add address=202.93.128.0/20 comment="" disabled=no list=nice
add address=202.93.224.0/20 comment="" disabled=no list=nice
add address=202.123.224.0/20 comment="" disabled=no list=nice
add address=202.127.96.0/20 comment="" disabled=no list=nice
add address=202.133.80.0/20 comment="" disabled=no list=nice
add address=202.138.224.0/20 comment="" disabled=no list=nice
add address=202.143.32.0/20 comment="" disabled=no list=nice
add address=202.145.0.0/20 comment="" disabled=no list=nice
add address=202.147.192.0/20 comment="" disabled=no list=nice
add address=202.147.240.0/20 comment="" disabled=no list=nice
add address=202.152.160.0/20 comment="" disabled=no list=nice
add address=202.152.192.0/20 comment="" disabled=no list=nice
add address=202.153.240.0/20 comment="" disabled=no list=nice
add address=202.165.32.0/20 comment="" disabled=no list=nice
add address=202.182.48.0/20 comment="" disabled=no list=nice
add address=203.78.112.0/20 comment="" disabled=no list=nice
add address=203.83.32.0/20 comment="" disabled=no list=nice
add address=203.89.16.0/20 comment="" disabled=no list=nice
add address=203.123.224.0/20 comment="" disabled=no list=nice
add address=203.153.96.0/20 comment="" disabled=no list=nice
add address=203.161.16.0/20 comment="" disabled=no list=nice
add address=203.166.192.0/20 comment="" disabled=no list=nice
add address=203.201.160.0/20 comment="" disabled=no list=nice
add address=207.83.112.0/20 comment="" disabled=no list=nice
add address=210.57.208.0/20 comment="" disabled=no list=nice
add address=210.79.208.0/20 comment="" disabled=no list=nice
add address=220.157.96.0/20 comment="" disabled=no list=nice
add address=61.45.224.0/21 comment="" disabled=no list=nice
add address=114.134.72.0/21 comment="" disabled=no list=nice
add address=114.141.48.0/21 comment="" disabled=no list=nice
add address=114.141.88.0/21 comment="" disabled=no list=nice
add address=115.69.216.0/21 comment="" disabled=no list=nice
add address=115.166.96.0/21 comment="" disabled=no list=nice
add address=115.178.48.0/21 comment="" disabled=no list=nice
add address=116.0.0.0/21 comment="" disabled=no list=nice
add address=116.12.40.0/21 comment="" disabled=no list=nice
add address=116.50.24.0/21 comment="" disabled=no list=nice
add address=116.66.200.0/21 comment="" disabled=no list=nice
add address=116.68.248.0/21 comment="" disabled=no list=nice
add address=116.90.176.0/21 comment="" disabled=no list=nice
add address=116.197.128.0/21 comment="" disabled=no list=nice
add address=116.254.96.0/21 comment="" disabled=no list=nice
add address=117.74.120.0/21 comment="" disabled=no list=nice
add address=117.102.160.0/21 comment="" disabled=no list=nice
add address=117.103.32.0/21 comment="" disabled=no list=nice
add address=117.103.48.0/21 comment="" disabled=no list=nice
add address=117.103.168.0/21 comment="" disabled=no list=nice
add address=117.121.200.0/21 comment="" disabled=no list=nice
add address=119.2.40.0/21 comment="" disabled=no list=nice
add address=119.10.176.0/21 comment="" disabled=no list=nice
add address=119.47.88.0/21 comment="" disabled=no list=nice
add address=119.82.240.0/21 comment="" disabled=no list=nice
add address=119.110.80.0/21 comment="" disabled=no list=nice
add address=119.160.200.0/21 comment="" disabled=no list=nice
add address=119.235.248.0/21 comment="" disabled=no list=nice
add address=120.29.152.0/21 comment="" disabled=no list=nice
add address=121.58.184.0/21 comment="" disabled=no list=nice
add address=122.49.224.0/21 comment="" disabled=no list=nice
add address=122.128.16.0/21 comment="" disabled=no list=nice
add address=122.129.112.0/21 comment="" disabled=no list=nice
add address=122.144.0.0/21 comment="" disabled=no list=nice
add address=122.200.48.0/21 comment="" disabled=no list=nice
add address=122.200.144.0/21 comment="" disabled=no list=nice
add address=123.108.8.0/21 comment="" disabled=no list=nice
add address=123.255.200.0/21 comment="" disabled=no list=nice
add address=124.66.160.0/21 comment="" disabled=no list=nice
add address=124.158.128.0/21 comment="" disabled=no list=nice
add address=202.43.160.0/21 comment="" disabled=no list=nice
add address=202.43.176.0/21 comment="" disabled=no list=nice
add address=202.43.248.0/21 comment="" disabled=no list=nice
add address=202.46.24.0/21 comment="" disabled=no list=nice
add address=202.46.80.0/21 comment="" disabled=no list=nice
add address=202.51.16.0/21 comment="" disabled=no list=nice
add address=202.57.16.0/21 comment="" disabled=no list=nice
add address=202.58.176.0/21 comment="" disabled=no list=nice
add address=202.59.200.0/21 comment="" disabled=no list=nice
add address=202.62.16.0/21 comment="" disabled=no list=nice
add address=202.67.8.0/21 comment="" disabled=no list=nice
add address=202.72.192.0/21 comment="" disabled=no list=nice
add address=202.74.72.0/21 comment="" disabled=no list=nice
add address=202.75.16.0/21 comment="" disabled=no list=nice
add address=202.78.192.0/21 comment="" disabled=no list=nice
add address=202.89.208.0/21 comment="" disabled=no list=nice
add address=202.91.8.0/21 comment="" disabled=no list=nice
add address=202.91.24.0/21 comment="" disabled=no list=nice
add address=202.93.240.0/21 comment="" disabled=no list=nice
add address=202.129.184.0/21 comment="" disabled=no list=nice
add address=202.133.0.0/21 comment="" disabled=no list=nice
add address=202.134.0.0/21 comment="" disabled=no list=nice
add address=202.138.240.0/21 comment="" disabled=no list=nice
add address=202.146.56.0/21 comment="" disabled=no list=nice
add address=202.149.64.0/21 comment="" disabled=no list=nice
add address=202.149.80.0/21 comment="" disabled=no list=nice
add address=202.150.128.0/21 comment="" disabled=no list=nice
add address=202.153.24.0/21 comment="" disabled=no list=nice
add address=202.153.224.0/21 comment="" disabled=no list=nice
add address=202.162.32.0/21 comment="" disabled=no list=nice
add address=202.164.216.0/21 comment="" disabled=no list=nice
add address=202.169.224.0/21 comment="" disabled=no list=nice
add address=202.179.184.0/21 comment="" disabled=no list=nice
add address=202.180.0.0/21 comment="" disabled=no list=nice
add address=202.180.48.0/21 comment="" disabled=no list=nice
add address=203.77.224.0/21 comment="" disabled=no list=nice
add address=203.80.8.0/21 comment="" disabled=no list=nice
add address=203.84.136.0/21 comment="" disabled=no list=nice
add address=203.84.152.0/21 comment="" disabled=no list=nice
add address=203.123.240.0/21 comment="" disabled=no list=nice
add address=203.135.176.0/21 comment="" disabled=no list=nice
add address=203.142.80.0/21 comment="" disabled=no list=nice
add address=203.153.24.0/21 comment="" disabled=no list=nice
add address=203.153.112.0/21 comment="" disabled=no list=nice
add address=203.174.8.0/21 comment="" disabled=no list=nice
add address=203.176.176.0/21 comment="" disabled=no list=nice
add address=203.190.48.0/21 comment="" disabled=no list=nice
add address=203.190.112.0/21 comment="" disabled=no list=nice
add address=203.190.184.0/21 comment="" disabled=no list=nice
add address=203.190.240.0/21 comment="" disabled=no list=nice
add address=210.23.64.0/21 comment="" disabled=no list=nice
add address=220.247.168.0/21 comment="" disabled=no list=nice
add address=222.229.80.0/21 comment="" disabled=no list=nice
add address=58.65.244.0/22 comment="" disabled=no list=nice
add address=61.45.232.0/22 comment="" disabled=no list=nice
add address=113.208.64.0/22 comment="" disabled=no list=nice
add address=113.212.160.0/22 comment="" disabled=no list=nice
add address=114.30.80.0/22 comment="" disabled=no list=nice
add address=114.31.240.0/22 comment="" disabled=no list=nice
add address=116.199.204.0/22 comment="" disabled=no list=nice
add address=116.212.76.0/22 comment="" disabled=no list=nice
add address=117.103.56.0/22 comment="" disabled=no list=nice
add address=118.98.228.0/22 comment="" disabled=no list=nice
add address=118.98.232.0/22 comment="" disabled=no list=nice
add address=119.2.48.0/22 comment="" disabled=no list=nice
add address=119.18.156.0/22 comment="" disabled=no list=nice
add address=119.82.224.0/22 comment="" disabled=no list=nice
add address=119.82.232.0/22 comment="" disabled=no list=nice
add address=119.235.20.0/22 comment="" disabled=no list=nice
add address=119.252.128.0/22 comment="" disabled=no list=nice
add address=120.29.224.0/22 comment="" disabled=no list=nice
add address=121.100.20.0/22 comment="" disabled=no list=nice
add address=122.102.48.0/22 comment="" disabled=no list=nice
add address=124.6.32.0/22 comment="" disabled=no list=nice
add address=202.2.92.0/22 comment="" disabled=no list=nice
add address=202.10.32.0/22 comment="" disabled=no list=nice
add address=202.43.168.0/22 comment="" disabled=no list=nice
add address=202.46.0.0/22 comment="" disabled=no list=nice
add address=202.46.88.0/22 comment="" disabled=no list=nice
add address=202.51.28.0/22 comment="" disabled=no list=nice
add address=202.51.96.0/22 comment="" disabled=no list=nice
add address=202.51.104.0/22 comment="" disabled=no list=nice
add address=202.51.252.0/22 comment="" disabled=no list=nice
add address=202.55.164.0/22 comment="" disabled=no list=nice
add address=202.55.168.0/22 comment="" disabled=no list=nice
add address=202.57.28.0/22 comment="" disabled=no list=nice
add address=202.58.192.0/22 comment="" disabled=no list=nice
add address=202.62.8.0/22 comment="" disabled=no list=nice
add address=202.62.24.0/22 comment="" disabled=no list=nice
add address=202.72.200.0/22 comment="" disabled=no list=nice
add address=202.75.24.0/22 comment="" disabled=no list=nice
add address=202.81.4.0/22 comment="" disabled=no list=nice
add address=202.87.248.0/22 comment="" disabled=no list=nice
add address=202.122.12.0/22 comment="" disabled=no list=nice
add address=202.129.224.0/22 comment="" disabled=no list=nice
add address=202.138.248.0/22 comment="" disabled=no list=nice
add address=202.146.128.0/22 comment="" disabled=no list=nice
add address=202.146.176.0/22 comment="" disabled=no list=nice
add address=202.147.224.0/22 comment="" disabled=no list=nice
add address=202.149.72.0/22 comment="" disabled=no list=nice
add address=202.149.88.0/22 comment="" disabled=no list=nice
add address=202.153.16.0/22 comment="" disabled=no list=nice
add address=202.153.236.0/22 comment="" disabled=no list=nice
add address=202.158.132.0/22 comment="" disabled=no list=nice
add address=202.158.140.0/22 comment="" disabled=no list=nice
add address=202.162.40.0/22 comment="" disabled=no list=nice
add address=202.169.232.0/22 comment="" disabled=no list=nice
add address=202.173.16.0/22 comment="" disabled=no list=nice
add address=202.180.16.0/22 comment="" disabled=no list=nice
add address=203.77.208.0/22 comment="" disabled=no list=nice
add address=203.77.236.0/22 comment="" disabled=no list=nice
add address=203.77.248.0/22 comment="" disabled=no list=nice
add address=203.81.184.0/22 comment="" disabled=no list=nice
add address=203.99.96.0/22 comment="" disabled=no list=nice
add address=203.123.60.0/22 comment="" disabled=no list=nice
add address=203.123.248.0/22 comment="" disabled=no list=nice
add address=203.128.248.0/22 comment="" disabled=no list=nice
add address=203.142.68.0/22 comment="" disabled=no list=nice
add address=203.142.76.0/22 comment="" disabled=no list=nice
add address=203.153.60.0/22 comment="" disabled=no list=nice
add address=203.153.120.0/22 comment="" disabled=no list=nice
add address=203.160.56.0/22 comment="" disabled=no list=nice
add address=203.191.40.0/22 comment="" disabled=no list=nice
add address=32.234.170.0/23 comment="" disabled=no list=nice
add address=32.234.172.0/23 comment="" disabled=no list=nice
add address=58.65.240.0/23 comment="" disabled=no list=nice
add address=58.145.170.0/23 comment="" disabled=no list=nice
add address=58.145.172.0/23 comment="" disabled=no list=nice
add address=58.147.188.0/23 comment="" disabled=no list=nice
add address=61.45.236.0/23 comment="" disabled=no list=nice
add address=115.85.64.0/23 comment="" disabled=no list=nice
add address=116.68.226.0/23 comment="" disabled=no list=nice
add address=116.68.230.0/23 comment="" disabled=no list=nice
add address=116.90.168.0/23 comment="" disabled=no list=nice
add address=116.199.202.0/23 comment="" disabled=no list=nice
add address=116.212.100.0/23 comment="" disabled=no list=nice
add address=117.103.60.0/23 comment="" disabled=no list=nice
add address=118.82.0.0/23 comment="" disabled=no list=nice
add address=118.98.224.0/23 comment="" disabled=no list=nice
add address=119.82.238.0/23 comment="" disabled=no list=nice
add address=119.235.16.0/23 comment="" disabled=no list=nice
add address=119.252.134.0/23 comment="" disabled=no list=nice
add address=120.136.16.0/23 comment="" disabled=no list=nice
add address=121.52.130.0/23 comment="" disabled=no list=nice
add address=121.52.134.0/23 comment="" disabled=no list=nice
add address=121.100.18.0/23 comment="" disabled=no list=nice
add address=121.101.184.0/23 comment="" disabled=no list=nice
add address=123.176.120.0/23 comment="" disabled=no list=nice
add address=124.158.136.0/23 comment="" disabled=no list=nice
add address=146.23.252.0/23 comment="" disabled=no list=nice
add address=202.10.62.0/23 comment="" disabled=no list=nice
add address=202.20.106.0/23 comment="" disabled=no list=nice
add address=202.46.4.0/23 comment="" disabled=no list=nice
add address=202.46.14.0/23 comment="" disabled=no list=nice
add address=202.46.92.0/23 comment="" disabled=no list=nice
add address=202.46.130.0/23 comment="" disabled=no list=nice
add address=202.46.240.0/23 comment="" disabled=no list=nice
add address=202.46.252.0/23 comment="" disabled=no list=nice
add address=202.51.56.0/23 comment="" disabled=no list=nice
add address=202.51.102.0/23 comment="" disabled=no list=nice
add address=202.51.108.0/23 comment="" disabled=no list=nice
add address=202.51.124.0/23 comment="" disabled=no list=nice
add address=202.55.160.0/23 comment="" disabled=no list=nice
add address=202.55.172.0/23 comment="" disabled=no list=nice
add address=202.58.196.0/23 comment="" disabled=no list=nice
add address=202.59.194.0/23 comment="" disabled=no list=nice
add address=202.59.196.0/23 comment="" disabled=no list=nice
add address=202.62.28.0/23 comment="" disabled=no list=nice
add address=202.65.236.0/23 comment="" disabled=no list=nice
add address=202.75.28.0/23 comment="" disabled=no list=nice
add address=202.78.200.0/23 comment="" disabled=no list=nice
add address=202.78.204.0/23 comment="" disabled=no list=nice
add address=202.87.240.0/23 comment="" disabled=no list=nice
add address=202.87.254.0/23 comment="" disabled=no list=nice
add address=202.89.216.0/23 comment="" disabled=no list=nice
add address=202.89.222.0/23 comment="" disabled=no list=nice
add address=202.90.194.0/23 comment="" disabled=no list=nice
add address=202.90.198.0/23 comment="" disabled=no list=nice
add address=202.93.112.0/23 comment="" disabled=no list=nice
add address=202.93.120.0/23 comment="" disabled=no list=nice
add address=202.122.8.0/23 comment="" disabled=no list=nice
add address=202.129.216.0/23 comment="" disabled=no list=nice
add address=202.135.6.0/23 comment="" disabled=no list=nice
add address=202.135.134.0/23 comment="" disabled=no list=nice
add address=202.138.252.0/23 comment="" disabled=no list=nice
add address=202.146.2.0/23 comment="" disabled=no list=nice
add address=202.146.4.0/23 comment="" disabled=no list=nice
add address=202.146.46.0/23 comment="" disabled=no list=nice
add address=202.147.228.0/23 comment="" disabled=no list=nice
add address=202.147.232.0/23 comment="" disabled=no list=nice
add address=202.149.78.0/23 comment="" disabled=no list=nice
add address=202.149.92.0/23 comment="" disabled=no list=nice
add address=202.150.136.0/23 comment="" disabled=no list=nice
add address=202.153.20.0/23 comment="" disabled=no list=nice
add address=202.153.232.0/23 comment="" disabled=no list=nice
add address=202.154.176.0/23 comment="" disabled=no list=nice
add address=202.154.184.0/23 comment="" disabled=no list=nice
add address=202.158.130.0/23 comment="" disabled=no list=nice
add address=202.162.46.0/23 comment="" disabled=no list=nice
add address=202.169.236.0/23 comment="" disabled=no list=nice
add address=202.169.240.0/23 comment="" disabled=no list=nice
add address=202.173.20.0/23 comment="" disabled=no list=nice
add address=202.180.8.0/23 comment="" disabled=no list=nice
add address=202.191.2.0/23 comment="" disabled=no list=nice
add address=203.31.164.0/23 comment="" disabled=no list=nice
add address=203.34.118.0/23 comment="" disabled=no list=nice
add address=203.77.214.0/23 comment="" disabled=no list=nice
add address=203.77.216.0/23 comment="" disabled=no list=nice
add address=203.77.220.0/23 comment="" disabled=no list=nice
add address=203.77.232.0/23 comment="" disabled=no list=nice
add address=203.77.246.0/23 comment="" disabled=no list=nice
add address=203.81.190.0/23 comment="" disabled=no list=nice
add address=203.99.102.0/23 comment="" disabled=no list=nice
add address=203.99.130.0/23 comment="" disabled=no list=nice
add address=203.123.252.0/23 comment="" disabled=no list=nice
add address=203.134.232.0/23 comment="" disabled=no list=nice
add address=203.134.238.0/23 comment="" disabled=no list=nice
add address=203.142.64.0/23 comment="" disabled=no list=nice
add address=203.148.84.0/23 comment="" disabled=no list=nice
add address=203.160.60.0/23 comment="" disabled=no list=nice
add address=203.189.88.0/23 comment="" disabled=no list=nice
add address=203.190.36.0/23 comment="" disabled=no list=nice
add address=203.190.44.0/23 comment="" disabled=no list=nice
add address=203.194.70.0/23 comment="" disabled=no list=nice
add address=203.223.90.0/23 comment="" disabled=no list=nice
add address=206.73.208.0/23 comment="" disabled=no list=nice
add address=206.73.234.0/23 comment="" disabled=no list=nice
add address=206.73.238.0/23 comment="" disabled=no list=nice
add address=32.234.169.0/24 comment="" disabled=no list=nice
add address=32.234.175.0/24 comment="" disabled=no list=nice
add address=58.65.242.0/24 comment="" disabled=no list=nice
add address=58.145.175.0/24 comment="" disabled=no list=nice
add address=58.147.190.0/24 comment="" disabled=no list=nice
add address=61.45.238.0/24 comment="" disabled=no list=nice
add address=113.59.233.0/24 comment="" disabled=no list=nice
add address=114.30.84.0/24 comment="" disabled=no list=nice
add address=114.141.57.0/24 comment="" disabled=no list=nice
add address=114.141.59.0/24 comment="" disabled=no list=nice
add address=114.141.60.0/24 comment="" disabled=no list=nice
add address=115.124.64.0/24 comment="" disabled=no list=nice
add address=115.178.127.0/24 comment="" disabled=no list=nice
add address=116.58.197.0/24 comment="" disabled=no list=nice
add address=116.68.224.0/24 comment="" disabled=no list=nice
add address=116.68.229.0/24 comment="" disabled=no list=nice
add address=116.90.163.0/24 comment="" disabled=no list=nice
add address=116.90.164.0/24 comment="" disabled=no list=nice
add address=116.90.167.0/24 comment="" disabled=no list=nice
add address=116.90.170.0/24 comment="" disabled=no list=nice
add address=116.199.201.0/24 comment="" disabled=no list=nice
add address=116.212.74.0/24 comment="" disabled=no list=nice
add address=116.212.96.0/24 comment="" disabled=no list=nice
add address=117.18.19.0/24 comment="" disabled=no list=nice
add address=118.82.11.0/24 comment="" disabled=no list=nice
add address=118.82.12.0/24 comment="" disabled=no list=nice
add address=118.82.17.0/24 comment="" disabled=no list=nice
add address=119.2.55.0/24 comment="" disabled=no list=nice
add address=119.82.231.0/24 comment="" disabled=no list=nice
add address=119.82.237.0/24 comment="" disabled=no list=nice
add address=119.235.18.0/24 comment="" disabled=no list=nice
add address=119.235.27.0/24 comment="" disabled=no list=nice
add address=119.235.28.0/24 comment="" disabled=no list=nice
add address=119.252.160.0/24 comment="" disabled=no list=nice
add address=120.136.18.0/24 comment="" disabled=no list=nice
add address=120.136.23.0/24 comment="" disabled=no list=nice
add address=121.52.129.0/24 comment="" disabled=no list=nice
add address=121.52.133.0/24 comment="" disabled=no list=nice
add address=121.100.16.0/24 comment="" disabled=no list=nice
add address=122.102.52.0/24 comment="" disabled=no list=nice
add address=122.201.39.0/24 comment="" disabled=no list=nice
add address=123.176.122.0/24 comment="" disabled=no list=nice
add address=123.176.127.0/24 comment="" disabled=no list=nice
add address=124.158.138.0/24 comment="" disabled=no list=nice
add address=144.5.46.0/24 comment="" disabled=no list=nice
add address=146.23.254.0/24 comment="" disabled=no list=nice
add address=152.158.247.0/24 comment="" disabled=no list=nice
add address=192.5.5.0/24 comment="" disabled=no list=nice
add address=192.23.186.0/24 comment="" disabled=no list=nice
add address=192.92.81.0/24 comment="" disabled=no list=nice
add address=194.0.1.0/24 comment="" disabled=no list=nice
add address=194.0.2.0/24 comment="" disabled=no list=nice
add address=202.10.36.0/24 comment="" disabled=no list=nice
add address=202.10.39.0/24 comment="" disabled=no list=nice
add address=202.14.255.0/24 comment="" disabled=no list=nice
add address=202.20.109.0/24 comment="" disabled=no list=nice
add address=202.22.31.0/24 comment="" disabled=no list=nice
add address=202.43.173.0/24 comment="" disabled=no list=nice
add address=202.43.175.0/24 comment="" disabled=no list=nice
add address=202.43.184.0/24 comment="" disabled=no list=nice
add address=202.43.186.0/24 comment="" disabled=no list=nice
add address=202.43.190.0/24 comment="" disabled=no list=nice
add address=202.46.9.0/24 comment="" disabled=no list=nice
add address=202.46.11.0/24 comment="" disabled=no list=nice
add address=202.46.94.0/24 comment="" disabled=no list=nice
add address=202.46.129.0/24 comment="" disabled=no list=nice
add address=202.51.100.0/24 comment="" disabled=no list=nice
add address=202.51.110.0/24 comment="" disabled=no list=nice
add address=202.51.126.0/24 comment="" disabled=no list=nice
add address=202.58.203.0/24 comment="" disabled=no list=nice
add address=202.58.204.0/24 comment="" disabled=no list=nice
add address=202.59.192.0/24 comment="" disabled=no list=nice
add address=202.59.198.0/24 comment="" disabled=no list=nice
add address=202.65.228.0/24 comment="" disabled=no list=nice
add address=202.65.238.0/24 comment="" disabled=no list=nice
add address=202.72.206.0/24 comment="" disabled=no list=nice
add address=202.75.30.0/24 comment="" disabled=no list=nice
add address=202.78.203.0/24 comment="" disabled=no list=nice
add address=202.78.207.0/24 comment="" disabled=no list=nice
add address=202.87.242.0/24 comment="" disabled=no list=nice
add address=202.87.245.0/24 comment="" disabled=no list=nice
add address=202.87.247.0/24 comment="" disabled=no list=nice
add address=202.92.192.0/24 comment="" disabled=no list=nice
add address=202.92.207.0/24 comment="" disabled=no list=nice
add address=202.93.114.0/24 comment="" disabled=no list=nice
add address=202.93.119.0/24 comment="" disabled=no list=nice
add address=202.122.10.0/24 comment="" disabled=no list=nice
add address=202.122.162.0/24 comment="" disabled=no list=nice
add address=202.122.165.0/24 comment="" disabled=no list=nice
add address=202.122.166.0/24 comment="" disabled=no list=nice
add address=202.135.5.0/24 comment="" disabled=no list=nice
add address=202.135.16.0/24 comment="" disabled=no list=nice
add address=202.135.23.0/24 comment="" disabled=no list=nice
add address=202.135.28.0/24 comment="" disabled=no list=nice
add address=202.135.42.0/24 comment="" disabled=no list=nice
add address=202.135.54.0/24 comment="" disabled=no list=nice
add address=202.135.129.0/24 comment="" disabled=no list=nice
add address=202.135.133.0/24 comment="" disabled=no list=nice
add address=202.135.145.0/24 comment="" disabled=no list=nice
add address=202.135.155.0/24 comment="" disabled=no list=nice
add address=202.135.161.0/24 comment="" disabled=no list=nice
add address=202.135.248.0/24 comment="" disabled=no list=nice
add address=202.146.1.0/24 comment="" disabled=no list=nice
add address=202.146.32.0/24 comment="" disabled=no list=nice
add address=202.146.34.0/24 comment="" disabled=no list=nice
add address=202.146.45.0/24 comment="" disabled=no list=nice
add address=202.146.133.0/24 comment="" disabled=no list=nice
add address=202.146.135.0/24 comment="" disabled=no list=nice
add address=202.146.136.0/24 comment="" disabled=no list=nice
add address=202.146.180.0/24 comment="" disabled=no list=nice
add address=202.147.230.0/24 comment="" disabled=no list=nice
add address=202.147.234.0/24 comment="" disabled=no list=nice
add address=202.149.77.0/24 comment="" disabled=no list=nice
add address=202.151.9.0/24 comment="" disabled=no list=nice
add address=202.153.22.0/24 comment="" disabled=no list=nice
add address=202.154.183.0/24 comment="" disabled=no list=nice
add address=202.154.187.0/24 comment="" disabled=no list=nice
add address=202.154.190.0/24 comment="" disabled=no list=nice
add address=202.158.129.0/24 comment="" disabled=no list=nice
add address=202.158.137.0/24 comment="" disabled=no list=nice
add address=202.158.139.0/24 comment="" disabled=no list=nice
add address=202.158.252.0/24 comment="" disabled=no list=nice
add address=202.160.254.0/24 comment="" disabled=no list=nice
add address=202.162.44.0/24 comment="" disabled=no list=nice
add address=202.167.97.0/24 comment="" disabled=no list=nice
add address=202.169.242.0/24 comment="" disabled=no list=nice
add address=202.169.245.0/24 comment="" disabled=no list=nice
add address=202.169.247.0/24 comment="" disabled=no list=nice
add address=202.173.23.0/24 comment="" disabled=no list=nice
add address=202.180.10.0/24 comment="" disabled=no list=nice
add address=202.180.20.0/24 comment="" disabled=no list=nice
add address=203.14.176.0/24 comment="" disabled=no list=nice
add address=203.77.212.0/24 comment="" disabled=no list=nice
add address=203.77.223.0/24 comment="" disabled=no list=nice
add address=203.77.252.0/24 comment="" disabled=no list=nice
add address=203.77.255.0/24 comment="" disabled=no list=nice
add address=203.84.135.0/24 comment="" disabled=no list=nice
add address=203.99.119.0/24 comment="" disabled=no list=nice
add address=203.99.120.0/24 comment="" disabled=no list=nice
add address=203.99.127.0/24 comment="" disabled=no list=nice
add address=203.119.13.0/24 comment="" disabled=no list=nice
add address=203.119.17.0/24 comment="" disabled=no list=nice
add address=203.123.254.0/24 comment="" disabled=no list=nice
add address=203.134.235.0/24 comment="" disabled=no list=nice
add address=203.134.237.0/24 comment="" disabled=no list=nice
add address=203.142.66.0/24 comment="" disabled=no list=nice
add address=203.153.49.0/24 comment="" disabled=no list=nice
add address=203.153.124.0/24 comment="" disabled=no list=nice
add address=203.160.62.0/24 comment="" disabled=no list=nice
add address=203.160.128.0/24 comment="" disabled=no list=nice
add address=203.163.66.0/24 comment="" disabled=no list=nice
add address=203.163.76.0/24 comment="" disabled=no list=nice
add address=203.163.81.0/24 comment="" disabled=no list=nice
add address=203.163.88.0/24 comment="" disabled=no list=nice
add address=203.163.95.0/24 comment="" disabled=no list=nice
add address=203.163.113.0/24 comment="" disabled=no list=nice
add address=203.173.89.0/24 comment="" disabled=no list=nice
add address=203.173.90.0/24 comment="" disabled=no list=nice
add address=203.174.5.0/24 comment="" disabled=no list=nice
add address=203.190.47.0/24 comment="" disabled=no list=nice
add address=203.191.44.0/24 comment="" disabled=no list=nice
add address=203.191.46.0/24 comment="" disabled=no list=nice
add address=203.194.90.0/24 comment="" disabled=no list=nice
add address=203.196.90.0/24 comment="" disabled=no list=nice
add address=205.248.57.0/24 comment="" disabled=no list=nice
add address=205.248.151.0/24 comment="" disabled=no list=nice
add address=205.248.158.0/24 comment="" disabled=no list=nice
add address=206.73.79.0/24 comment="" disabled=no list=nice
add address=206.73.80.0/24 comment="" disabled=no list=nice
add address=206.73.194.0/24 comment="" disabled=no list=nice
add address=206.73.203.0/24 comment="" disabled=no list=nice
add address=206.73.205.0/24 comment="" disabled=no list=nice
add address=206.73.222.0/24 comment="" disabled=no list=nice
add address=206.73.227.0/24 comment="" disabled=no list=nice
add address=206.73.228.0/24 comment="" disabled=no list=nice
add address=206.73.240.0/24 comment="" disabled=no list=nice
add address=206.73.244.0/24 comment="" disabled=no list=nice
add address=206.73.248.0/24 comment="" disabled=no list=nice
add address=206.182.36.0/24 comment="" disabled=no list=nice
add address=207.117.234.0/24 comment="" disabled=no list=nice
add address=218.100.32.0/24 comment="" disabled=no list=nice
add address=192.168.0.245 comment="" disabled=no list=nice
/ip firewall connection tracking
set enabled=yes generic-timeout=3s icmp-timeout=1s tcp-close-timeout=0s \
tcp-close-wait-timeout=1s tcp-established-timeout=3h \
tcp-fin-wait-timeout=1s tcp-last-ack-timeout=1s tcp-syn-received-timeout=\
3s tcp-syn-sent-timeout=3s tcp-syncookie=yes tcp-time-wait-timeout=3s \
udp-stream-timeout=1s udp-timeout=1s
/ip firewall filter
add action=drop chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx src-address-list=LAN
add action=accept chain=forward comment="" disabled=no dst-port=123 protocol=\
udp
add action=accept chain=input comment="" disabled=no dst-port=123 protocol=\
udp
add action=add-src-to-address-list address-list=login1 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp
add action=add-src-to-address-list address-list=login2 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login1
add action=add-src-to-address-list address-list=login3 address-list-timeout=\
1m chain=input comment="" connection-state=new disabled=no dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login2
add action=add-src-to-address-list address-list=login-blacklist \
address-list-timeout=1d1m chain=input comment="" connection-state=new \
disabled=no dst-port=8291 in-interface=pppoe-out1 protocol=tcp \
src-address-list=login3
add action=drop chain=input comment="" disabled=yes dst-port=8291 \
in-interface=pppoe-out1 protocol=tcp src-address-list=login-blacklist
add action=accept chain=input comment="" disabled=no packet-mark=dns-pkt
add action=drop chain=forward comment=p2p disabled=no p2p=all-p2p \
src-address-list=LAN
add action=accept chain=forward comment=email disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=25 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=465 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=110 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=995 protocol=tcp
add action=drop chain=forward comment=ym disabled=no dst-port=5050-5051 \
protocol=tcp src-address-list=!otr
add action=drop chain=forward comment="" disabled=no dst-port=5100 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment="" disabled=no dst-port=1677 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=5000-5010 \
protocol=tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=20-21 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=23 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=8001 protocol=\
udp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=25 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=27 protocol=tcp \
src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=119 protocol=\
tcp src-address-list=!otr
add action=drop chain=forward comment=ym disabled=no dst-port=37 protocol=tcp \
src-address-list=!otr
add action=accept chain=forward comment=SKYPE disabled=no dst-port=59770 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=59770 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=3478-3479 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=5060 \
protocol=udp
add action=accept chain=input comment="" disabled=no dst-port=5060 protocol=\
udp
add action=accept chain=forward comment="" disabled=no dst-port=4569 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=8000-10000 \
protocol=udp
add action=accept chain=input comment=BCA disabled=no dst-port=10000 \
protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=10000 protocol=\
udp
add action=accept chain=input comment="" disabled=no dst-port=4500 protocol=\
tcp
add action=accept chain=input comment="" disabled=no dst-port=4500 protocol=\
udp
add action=accept chain=forward comment="" disabled=no dst-port=10000 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=10000 \
protocol=udp
add action=accept chain=forward comment="" disabled=no dst-port=4500 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=4500 \
protocol=udp
add action=accept chain=input comment="" disabled=no protocol=ipsec-esp
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="port scanner" disabled=no \
protocol=tcp psd=21,3s,3,1
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,syn
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,rst
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-dst-to-address-list address-list="port scanner" \
address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
psd=21,3s,3,1 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="" disabled=no src-address-list=\
"port scanner"
add action=drop chain=input comment="" disabled=no dst-port=12667 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=31335 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=27444 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=34555 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=35555 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=27444 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=27665 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=31335 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=31846 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=34555 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=35555 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment="" disabled=no src-address=224.0.0.0/8
add action=drop chain=forward comment="" disabled=no dst-address=224.0.0.0/8
add action=jump chain=forward comment="" disabled=no jump-target=tcp \
protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp \
protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="" disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="" disabled=yes dst-port=137-139 protocol=\
tcp
add action=drop chain=tcp comment="" disabled=yes dst-port=445 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=12345-12346 \
protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="" disabled=no dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=111 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=135 protocol=udp
add action=drop chain=udp comment="" disabled=yes dst-port=137-139 protocol=\
udp
add action=drop chain=udp comment="" disabled=yes dst-port=445 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=12345-12346 \
protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=20034 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=3133 protocol=udp
add action=drop chain=udp comment="" disabled=no dst-port=67-68 protocol=udp
add action=accept chain=icmp comment="" disabled=no icmp-options=0:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=8:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=3:1 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=4:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="" disabled=no icmp-options=12:0 \
protocol=icmp
add action=drop chain=icmp comment="" disabled=no
add action=accept chain=input comment="" disabled=no protocol=gre
add action=accept chain=input comment="" disabled=no dst-port=1723 protocol=\
tcp
add action=accept chain=forward comment="" disabled=no dst-port=1723 \
protocol=tcp
add action=accept chain=forward comment="" disabled=no protocol=ipip
add action=accept chain=forward comment="" connection-state=related disabled=\
no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=drop chain=forward comment="" connection-state=invalid disabled=no
add action=drop chain=forward comment="" content=.mp3 disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mpg disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.flv disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.avi disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.wmv disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.exe disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.avr disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.divx disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.ivr disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mov disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.3gp disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mp4 disabled=no \
dst-address-list=!otr protocol=tcp src-address-list=otr
add action=drop chain=forward comment="" content=.rm disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.xvid disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=forward comment="" content=.mpeg disabled=no \
dst-address-list=!otr protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=8080 \
in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=3128 \
in-interface=pppoe-out1 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=5900 \
protocol=tcp
add action=accept chain=input comment="" connection-state=related disabled=no
add action=drop chain=forward comment="tongji virus" connection-mark=\
tongji-conn disabled=no
add action=drop chain=output comment="" connection-mark=tongji-conn disabled=\
no
add action=log chain=forward comment="" connection-mark=tongji-conn disabled=\
no log-prefix="Mac Spoofing"
add action=drop chain=forward comment="" disabled=no in-interface=LAN \
src-address-list=!LAN
add action=accept chain=input comment="" connection-state=established \
disabled=no
add action=drop chain=input comment="" connection-state=invalid disabled=no
add action=drop chain=forward comment="" disabled=no dst-port=8080 \
in-interface=LAN protocol=tcp src-address-list=!LAN
add action=drop chain=forward comment="" disabled=no dst-port=3128 \
in-interface=LAN protocol=tcp src-address-list=!LAN
add action=accept chain=input comment="" disabled=no in-interface=LAN \
src-address-list=LAN
add action=drop chain=input comment="" disabled=no in-interface=LAN \
src-address-list=!LAN
/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=25 new-packet-mark=email-mr passthrough=no \
protocol=tcp src-address=192.168.3.114
add action=mark-packet chain=forward comment="" disabled=no dst-address=\
xxx.xxx.xxx.xxx dst-port=110 new-packet-mark=email-mr passthrough=no \
protocol=tcp src-address=192.168.3.114
add action=mark-packet chain=prerouting comment="zph squid" disabled=no dscp=\
12 new-packet-mark=proxy-hit passthrough=no
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=53 \
new-packet-mark=dns-pkt passthrough=no protocol=udp src-address-list=DNS
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-list=nice in-interface=LAN new-connection-mark=iix-conn \
passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=iix-conn \
disabled=no new-packet-mark=iix-pkt passthrough=no
add action=mark-packet chain=output comment="" connection-mark=iix-conn \
disabled=no new-packet-mark=iix-pkt out-interface=LAN passthrough=no
add action=mark-packet chain=prerouting comment="" disabled=no \
new-packet-mark=intl-pkt passthrough=no protocol=!icmp
add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
intl-pkt out-interface=LAN passthrough=no
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=tongji-conn passthrough=yes src-address-list=TONGJI
add action=mark-packet chain=prerouting comment="" connection-mark=\
tongji-conn disabled=no new-packet-mark=tongji-pkt passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=LAN disabled=no out-interface=\
pppoe-out1 src-address-list=LAN
add action=masquerade chain=srcnat comment=proxy disabled=no out-interface=\
pppoe-out1 src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment=mail disabled=no out-interface=\
pppoe-out1 packet-mark=email-mr
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.0.129 to-ports=\
5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
192.168.5.2 dst-port=80 protocol=tcp src-address-list=LAN to-addresses=\
192.168.5.2 to-ports=80
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=8080 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3128 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=808 \
in-interface=LAN protocol=tcp src-address-list=LAN to-addresses=\
192.168.10.2 to-ports=8080
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set WAN discover=yes
set pppoe-out1 discover=no
set PROXY discover=yes
set LAN discover=yes
set ether3 discover=yes
/ip proxy
set always-from-cache=yes cache-administrator=webmaster cache-hit-dscp=12 \
cache-on-disk=yes enabled=no max-cache-size=1024000KiB \
max-client-connections=600 max-fresh-time=6d max-server-connections=600 \
parent-proxy=192.168.0.117 parent-proxy-port=8080 port=8080 \
serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=allow comment="" disabled=no src-address=192.168.0.0/24
add action=allow comment="" disabled=no src-address=192.168.1.0/24
add action=allow comment="" disabled=no src-address=192.168.3.0/24
add action=deny comment="" disabled=no src-address=0.0.0.0
/ip proxy cache
add action=allow comment="" disabled=no src-address=192.168.0.0/24
add action=allow comment="" disabled=no src-address=192.168.1.0/24
add action=allow comment="" disabled=no src-address=192.168.3.0/24
add action=deny comment="" disabled=no src-address=0.0.0.0
/ip proxy direct
add action=allow comment="" disabled=no dst-address=192.168.5.2 dst-host=80 \
src-address=192.168.0.0/24
/ip route
add comment="" disabled=no distance=1 dst-address=192.168.1.0/24 gateway=\
192.168.0.1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=192.168.3.0/24 gateway=\
192.168.0.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=no port=201
set www address=0.0.0.0/0 disabled=no port=88
set ssh address=0.0.0.0/0 disabled=no port=2204
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
add advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
mtu=unspecified ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autoconfig=yes on-link=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls
set dynamic-label-range=16-1048575
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=xxxxx password=xxxxxx profile=pptp-in routes="" service=pptp
/queue interface
set WAN queue=ethernet-default
set pppoe-out1 queue=default
set PROXY queue=ethernet-default
set LAN queue=ethernet-default
set ether3 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=\
no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=primary-master name=user-manager1 type=\
user-manager
add comment="" disabled=no disk=primary-master name=web-proxy1 type=web-proxy
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
set [ find vcno=1 ] disabled=no term=linux
set [ find vcno=2 ] disabled=no term=linux
set [ find vcno=3 ] disabled=no term=linux
set [ find vcno=4 ] disabled=no term=linux
set [ find vcno=5 ] disabled=no term=linux
set [ find vcno=6 ] disabled=no term=linux
set [ find vcno=7 ] disabled=no term=linux
set [ find vcno=8 ] disabled=no term=linux
/system console screen
set line-count=25
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=phallelobhejat
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=script
add action=remote disabled=no prefix="" topics=info
add action=remote disabled=no prefix="" topics=error
add action=remote disabled=no prefix="" topics=warning
add action=remote disabled=no prefix="" topics=critical
add action=remote disabled=no prefix="" topics=script
/system note
set note="Using nice.rsc from www.mikrotik.co.id, 2 January 2009 05:17:29 WIB,\
605 lines." show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=202.155.39.179 secondary-ntp=\
219.117.196.238
/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no
/system scheduler
add comment="" disabled=no interval=1d name=sch-Client-On on-event=Client-On \
start-date=oct/29/2008 start-time=07:30:00
add comment="" disabled=no interval=1d name=sch-Client-Off on-event=\
Client-Off start-date=oct/22/2008 start-time=17:05:00
add comment="" disabled=no interval=1d name=sch-ym-on on-event=ym-on \
start-date=oct/22/2008 start-time=10:00:00
add comment="" disabled=no interval=1d name=sch-ym-off on-event=ym-off \
start-date=oct/22/2008 start-time=14:00:00
add comment="" disabled=no interval=2d name=sch-reboot on-event=reboot \
start-date=dec/18/2008 start-time=05:00:00
add comment="" disabled=no interval=1h name=sch-reset-counter on-event=\
reset-counter start-date=oct/22/2008 start-time=06:00:00
add comment="" disabled=no interval=1d name=sch-upip on-event=update-ip \
start-date=oct/22/2008 start-time=01:00:00
add comment="" disabled=no interval=1d name=sch-update-nice on-event=":if ([:l\
en [/file find name=nice.rsc]] > 0) do={ /file remove nice.rsc };/tool fet\
ch address=ixp.mikrotik.co.id src-path=/download/nice.rsc;/import nice.rsc\
;/ip firewall address-list add address=192.168.0.245 list nice" \
start-date=oct/22/2008 start-time=06:10:00
/system script
add name=ym-on policy=ftp,reboot,read,write,policy,test,winbox,password,sniff \
source="/ip firewall filter disable [find comment=ym]"
add name=ym-off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall filter enable [find comment=ym]"
add name=Client-Off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall address-list disable [find comment=Filter]"
add name=Client-On policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall address-list enable [find comment=Filter]"
add name=ym-off2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/ip firewa\
ll filter enable [find comment=ym]\r\
\n/system scheduler enable [find comment=tts]"
add name=ym-on2 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/ip firewa\
ll filter disable [find comment=ym]\r\
\n/system scheduler disable [find comment=tts]"
add name=reboot policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/system reboot"
add name=reset-counter policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="/queue sim\
ple reset-counters-all\r\
\n/ip firewall filter reset-counters-all\r\
\n/ip firewall nat reset-counters-all\r\
\n/ip firewall mangle reset-counters-all\r\
\n\r\
\n\r\
\n"
add name=proxy-off policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall nat disable [find comment=natsi]"
add name=proxy-on policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=\
"/ip firewall nat enable [find comment=natsi]"
add name=update-ip policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source="# Define U\
ser Variables\r\
\n:global ddnsuser \"sum14rdi\"\r\
\n:global ddnspass \"pogung152\"\r\
\n:global ddnshost \"sum14rdi.dns1.us\"\r\
\n\r\
\n# Define Global Variables\r\
\n:global ddnsip\r\
\n:global ddnslastip\r\
\n:if ([ :typeof \$ddnslastip ] = nil ) do={ :global ddnslastip \"0\" }\r\
\n\r\
\n:global ddnsinterface\r\
\n:global ddnssystem (\"mt-\" . [/system package get system version] )\r\
\n\r\
\n# Define Local Variables\r\
\n:local int\r\
\n\r\
\n# Loop thru interfaces and look for ones containing\r\
\n# default gateways without routing-marks\r\
\n:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={ \
\r\
\n :if ([:typeof [/ip route get \$int routing-mark ]] != str ) do={\r\
\n :global ddnsinterface [/ip route get \$int interface]\r\
\n } \r\
\n}\r\
\n\r\
\n# Grab the current IP address on that interface.\r\
\n:global ddnsip [ /ip address get [/ip address find interface=\$ddnsinter\
face ] address ]\r\
\n\r\
\n# Did we get an IP address to compare\?\r\
\n:if ([ :typeof \$ddnsip ] = nil ) do={\r\
\n :log info (\"DDNS: No ip address present on \" . \$ddnsinterface . \"\
, please check.\")\r\
\n} else={\r\
\n\r\
\n :if (\$ddnsip != \$ddnslastip) do={\r\
\n\r\
\n :log info \"DDNS: Sending UPDATE!\"\r\
\n :log info [ :put [/tool dns-update name=\$ddnshost address=[:pick \$\
ddnsip 0 [:find \$ddnsip \"/\"] ] key-name=\$ddnsuser key=\$ddnspass ] ]\r\
\n :global ddnslastip \$ddnsip\r\
\n\r\
\n } else={ \r\
\n :log info \"DDNS: No update required.\"\r\
\n }\r\
\n\r\
\n}\r\
\n\r\
\n# End of script"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=<> server=0.0.0.0
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool graphing queue
add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all \
store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool netwatch
add comment="" disabled=no down-script=proxy-off host=192.168.0.117 interval=\
30s timeout=1s up-script=proxy-on
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \
streaming-server=0.0.0.0
/tool user-manager customer
add comment="" disabled=no login=admin parent=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
Silahkan bagi yang berminat untuk mencobanya......

Posted by sum14rdi | Permalink  

Labels:

 
from my XP © Template Design by Herro