Mikrotik Tutorial Warnet

Setting Miktrotik Dengan Bandwidth 10M di Mikrotik v6.39

Jika semua sudah di sesuaikan, silahkan copy semua kemudian paste ke terminal winbox.

1. Membuat address-list ke mikrotik dengan nama “private_IPv4” berisi semua private IP, jika di jaringan anda terdapat ip lokal di luar ip private di atas silahkan anda tambahkan.
[accordion][item title="/ip firewall address-list"]add address=192.168.0.0/24 list=private_IPv4
add address=172.16.0.0/12 list=private_IPv4
add address=10.0.0.0/8 list=private_IPv4[/item][/accordion]
2. Memasukan Regex Layer7 Youtube dan Layer7 extensi EXE, ZIP, MP4, dan RAR. Jika anda ingin menambah Layer7 untuk extensi yang lain, silahkan tinggal di input saja.
[accordion][item title=" /ip firewall layer7-protocol"]add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"
add name=ZIP regexp="pk\\x03\\x04\\x14"
add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70"
add name=RAR regexp="Rar\\x21\\x1a\\x07"
add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"[/item][/accordion]
3. Bypass local Traffic, tujuannya adalah agar traffic dari lokal menuju lokal lagi tidak terlimit.
[accordion][item title="/ip firewall mangle"]add action=accept chain=prerouting comment="Bypass Local Traffic" dst-address-list=private_IPv4 src-address-list=private_IPv4
add action=accept chain=forward dst-address-list=private_IPv4 src-address-list=private_IPv4[/item][/accordion]
4. Menandai Traffic Game online berdasarkan port untuk kita pisahkan queue nya nanti.
[accordion][item title="/ip firewall mangle"]add action=mark-connection chain=forward comment="Games Traffic Poit Blank" dst-port=39190-39200 new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private_IPv4
add action=mark-connection chain=forward dst-port=40000-40010 new-connection-mark=games passthrough=yes protocol=udp src-address-list=private_IPv4
add action=mark-connection chain=forward comment="Games Traffic Dota 2" dst-port=27000-27150,9100-9200,8230-8250,8110-8120 new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private_IPv4
add action=mark-connection chain=forward dst-port=27000-27150,347 new-connection-mark=games passthrough=yes protocol=udp src-address-list=private_IPv4
add action=mark-connection chain=forward comment="Games Traffic Lost Saga" dst-port=14000-14010 new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private_IPv4
add action=mark-connection chain=forward dst-port=14000-14010 new-connection-mark=games passthrough=yes protocol=udp src-address-list=private_IPv4
add action=mark-connection chain=forward comment="Games Traffic Fifa Online 3" dst-port=7770-7790 new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private_IPv4
add action=mark-connection chain=forward dst-port=16300-16350 new-connection-mark=games passthrough=yes protocol=udp src-address-list=private_IPv4
add action=mark-packet chain=forward connection-mark=games in-interface="ether1-Wan" new-packet-mark=games_down passthrough=no
add action=mark-packet chain=forward connection-mark=games in-interface="ether2-Lan" new-packet-mark=games_up passthrough=no[/item][/accordion]
5. Menandai / marking traffic DNS, ICMP dan beberapa port seperti SSH, dan winbox.
[accordion][item title="/ip firewall mangle"]add action=mark-connection chain=forward comment="ICMP Traffic" new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=private_IPv4
add action=mark-packet chain=forward connection-mark=icmp in-interface="ether1-Wan" new-packet-mark=icmp_down passthrough=no protocol=icmp
add action=mark-packet chain=forward connection-mark=icmp in-interface="ether2-Lan" new-packet-mark=icmp_up passthrough=no protocol=icmp
add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp src-address-list=private_IPv4
add action=mark-packet chain=forward connection-mark=dns in-interface="ether1-Wan" new-packet-mark=dns_down passthrough=no protocol=udp
add action=mark-packet chain=forward connection-mark=dns in-interface="ether2-Lan" new-packet-mark=dns_up passthrough=no protocol=udp
add action=mark-connection chain=forward comment="Remote Traffic" dst-port=22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=tcp src-address-list=private_IPv4
add action=mark-packet chain=forward connection-mark=remote in-interface="ether1-Wan" new-packet-mark=remote_down passthrough=no
add action=mark-packet chain=forward connection-mark=remote in-interface="ether2-Lan" new-packet-mark=remote_up passthrough=no[/item]
[/accordion][ads-post]
6. Menandai / marking traffic YouTube dan Extensi berdasarkan layer7.
[accordion][item title="/ip firewall mangle"]add action=mark-connection chain=forward comment="YouTube Traffic" layer7-protocol=youtube new-connection-mark=youtube passthrough=yes src-address-list=private_IPv4
add action=mark-packet chain=forward connection-mark=youtube in-interface="ether1-Wan" new-packet-mark=youtube_down passthrough=no
add action=mark-packet chain=forward connection-mark=youtube in-interface="ether2-Lan" new-packet-mark=youtube_up passthrough=no
add action=mark-connection chain=forward comment="Extension Layer7" layer7-protocol=EXE new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=ZIP new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=MP3 new-connection-mark=extensi passthrough=yes
add action=mark-connection chain=forward layer7-protocol=RAR new-connection-mark=extensi passthrough=yes
add action=mark-packet chain=forward connection-mark=extensi in-interface="ether1-Wan" new-packet-mark=extensi_down passthrough=no
add action=mark-packet chain=forward connection-mark=extensi in-interface="ether2-Lan" new-packet-mark=extensi_up passthrough=no[/item]
[/accordion]
7. Mangle terakhir di atas tujuannya memisahkan traffic browsing yang ringan dan berat.
[accordion][item title="/ip firewall mangle"]add action=mark-connection chain=forward comment="Browsing Traffic" connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=yes src-address-list=private_IPv4
add action=mark-connection chain=forward comment="Heavy Traffic" connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=tcp
add action=mark-connection chain=forward connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether1-Wan" new-packet-mark=heavy_browsing_down passthrough=no
add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether2-Lan" new-packet-mark=heavy_browsing_up passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface="ether1-Wan" new-packet-mark=small_browsing_down passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface="ether2-Lan" new-packet-mark=small_browsing_up passthrough=no[/item][/accordion]
8. Queue Tree HTB.
[accordion][item title="/queue type"]add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64[/item][/accordion][accordion][item title="/queue tree"]add name="Global Traffic" parent=global queue=default
add max-limit=3M name=Download parent="Global Traffic" queue=default
add max-limit=1M name=Upload parent="Global Traffic"
add limit-at=512k max-limit=3M name="1. Game" packet-mark=games_down parent=Download priority=1 queue=down_pcq
add limit-at=64k max-limit=3M name="2. Icmp" packet-mark=icmp_down parent=Download priority=1 queue=down_pcq
add limit-at=64k max-limit=3M name="3. Dns" packet-mark=dns_down parent=Download priority=1 queue=down_pcq
add max-limit=3M name="5. Download Traffic" parent=Download queue=default
add max-limit=3M name="1. Small Browsing" packet-mark=small_browsing_down parent="5. Download Traffic" priority=5 queue=down_pcq
add max-limit=3M name="2. Heavy Browsing" packet-mark=heavy_browsing_down parent="5. Download Traffic" priority=7 queue=down_pcq
add limit-at=512k max-limit=3M name="4. Remote" packet-mark=remote_down parent=Download priority=3 queue=down_pcq
add max-limit=3M name="3. YouTube" packet-mark=youtube_down parent="5. Download Traffic" priority=7 queue=down_pcq
add max-limit=3M name="4. Extensi" packet-mark=extensi_down parent="5. Download Traffic" queue=down_pcq
add limit-at=256k max-limit=1M name="1. game" packet-mark=games_up parent=Upload priority=1 queue=up_pcq
add limit-at=32k max-limit=1M name="2. icmp" packet-mark=icmp_up parent=Upload priority=1 queue=up_pcq
add limit-at=32k max-limit=1M name="3. dns" packet-mark=dns_up parent=Upload priority=1 queue=up_pcq
add limit-at=256k max-limit=1M name="4. remote" packet-mark=remote_up parent=Upload priority=3 queue=up_pcq
add max-limit=1M name="5. Upload Traffic" parent=Upload queue=default
add max-limit=1M name="1. small browsing" packet-mark=small_browsing_up parent="5. Upload Traffic" priority=5 queue=up_pcq
add max-limit=1M name="2. heavy browsing" packet-mark=heavy_browsing_up parent="5. Upload Traffic" priority=7 queue=up_pcq
add max-limit=1M name="3. youtube" packet-mark=youtube_up parent="5. Upload Traffic" priority=7 queue=up_pcq
add max-limit=1M name="4. extensi" packet-mark=extensi_up parent="5. Upload Traffic" queue=up_pcq[/item][/accordion]
Setelah copy semua script di atas kemudian paste ke terminal winbox, hasilnya kira-kira seperti berikut:

Setting Miktrotik Dengan Bandwidth 10M di Mikrotik v6.39

Setting Miktrotik Dengan Bandwidth 10M di Mikrotik v6.39
9. Blok Virus Mikrotik
[accordion][item title="/ip firewall filter"]add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot, Gaobot"
add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139,445
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445 protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139,445,593
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445,593 protocol=tcp
add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg[/item][/accordion][info title="Info Copas" icon="info-circle"]ether dan ip,di mikrotik sesuaikan dengan ether dan ip di mikrotik anda, SALAM COPAS Script[/info]
August 09, 2017
URL Print Email
Label:

Post a Comment

[blogger]

MKRdezign

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget