Buat Layer dulu
/ip firewall layer7-protocol add name=YOUTUBE \regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" \regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" \regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" \regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" \regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" \regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" \regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" \regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" \regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" \regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" \regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" \regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" \regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" \regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" \regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" \regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" \regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" \regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" \regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" \regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" \regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" \regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" \regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" \regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" \regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" \regexp=\\.(vcd)
buat mangle hit /ip firewall layer7-protocol add name="EXE" \regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" \regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" \regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" \regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" \regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" \regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" \regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" \regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" \regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" \regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" \regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" \regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" \regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" \regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" \regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" \regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" \regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" \regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" \regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" \regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" \regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" \regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" \regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" \regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" \regexp=\\.(vcd)
/ip firewall mangle add action=mark-packet \ chain=forward comment="SQUID PROXY HIT" \ disabled=no dscp=12 \ new-packet-mark="PROXY HIT" passthrough=no
Mangle Squid koneksi dan squid Paket: /ip firewall mangle add action=mark-connection \ chain=prerouting comment="BROWSING SQUID" disabled=no \ dst-address-list="!client" \ dst-port=80,443 new-connection-mark="SQUID KONEKSI" \ passthrough=yes protocol=tcp \ src-address-list="proxy" /ip firewall mangle add action=mark-packet \ chain=forward comment="SQUID PAKET" \ connection-mark="SQUID KONEKSI" disabled=no \ new-packet-mark="SQUID PAKET" passthrough=no
Mangle Semua koneksi masuk dan koneksi keluar /ip firewall mangle add action=mark-connection \ chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no \ dst-address-list="!client" \ in-interface=local new-connection-mark="SEMUA KONEKSI MASUK" \ passthrough=yes /ip firewall mangle add action=mark-connection \ chain=forward disabled=no \ new-connection-mark="SEMUA KONEKSI KELUAR" \ out-interface=local passthrough=yes \ src-address-list="!client" \ comment="SEMUA KONEKSI KELUAR" /ip firewall mangle add chain=prerouting \ action=mark-packet new-packet-mark="SEMUA PAKET_MASUK"\ passthrough=yes connection-mark="SEMUA KONEKSI MASUK" \ comment="SEMUA PAKET MASUK" /ip firewall mangle add chain=forward \ action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" \ passthrough=yes connection-mark="SEMUA KONEKSI KELUAR" \ comment="SEMUA PAKET KELUAR"
Mangle Browsing koneksi yang koneksi dari semua koneksi masuk: /ip firewall mangle add action=mark-connection chain=prerouting \ comment="BROWSING CLIENT" \ connection-mark="SEMUA KONEKSI MASUK" disabled=no \ new-connection-mark="BROWSING KONEKSI" \ passthrough=yes protocol=tcp
Mangle Koneksi ICMP dengan dscp1: /ip firewall mangle add action=mark-connection \ chain=postrouting disabled=no dscp=1 \ new-connection-mark="ICMP KONEKSI" passthrough=yes \ comment="ICMP KONEKSI"
Mangle Game koneksi yang koneksi dari semua koneksi masuk: Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari port game tersebut: /ip firewall mangle add action=mark-connection \ chain=prerouting comment="POINT BLANK" \ connection-mark="SEMUA KONEKSI MASUK" \ disabled=no dst-port=40000-40010 \ new-connection-mark="GAME KONEKSI" \ passthrough=yes protocol=udp /ip firewall mangle add action=mark-connection \ chain=prerouting comment="POKER" \ connection-mark="SEMUA KONEKSI MASUK" \ disabled=no dst-port=9339,843 \ new-connection-mark="GAME KONEKSI" \ passthrough=yes protocol=tcp /ip firewall mangle add action=mark-connection \ chain=prerouting comment="RF ONLINE" \ connection-mark="SEMUA KONEKSI MASUK" disabled=no \ dst-port=10001,10002,10003,10004,10005,10006,10007 \ new-connection-mark="GAME KONEKSI" \ passthrough=yes protocol=udp
Mangle ICMP PAKET: /ip firewall mangle add action=mark-packet \ chain=postrouting connection-mark="ICMP KONEKSI" \ disabled=no new-packet-mark="ICMP PAKET" passthrough=no \ comment="ICMP PAKET"
Selanjutnya mangle Game Paket: /ip firewall mangle add action=mark-packet \ chain=forward comment="SEMUA GAME DIPAKETKAN" \ connection-mark="GAME KONEKSI" disabled=no \ new-packet-mark="GAME PAKET" passthrough=no
Selanjutnya Bowsing paket: /ip firewall mangle add action=mark-packet \ chain=forward comment="BROWSING PAKET" \ connection-bytes=0-131072 \ connection-mark="BROWSING KONEKSI" \ disabled=no new-packet-mark="BROWSING PAKET" \ passthrough=no protocol=tcp
Change dscp ICMP dan Port 53: /ip firewall mangle add action=change-dscp \ chain=postrouting comment="ICMP CHANGE DSCP" \ disabled=no new-dscp=1 protocol=icmp /ip firewall mangle add action=change-dscp \ chain=postrouting disabled=no dst-port=53 new-dscp=1 \ protocol=udp /ip firewall mangle add action=change-dscp \ chain=postrouting disabled=no dst-port=53 new-dscp=1 \ protocol=tcp
Mangle Extention file seperti .zip .rar .flv .exe dll : /ip firewall mangle add action=change-dscp \ /ip firewall mangle add action=mark-connection \ chain=forward comment="EXTENTION KONEKSI" \ disabled=no in-interface=local \ new-connection-mark="EXTENTION KONEKSI" \ passthrough=yes /ip firewall mangle add action=mark-packet \ chain=forward comment="YOUTUBE MARK" \ connection-mark="EXTENTION KONEKSI" disabled=no \ new-packet-mark="YOUTUBE" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="WMV MARK" \ connection-mark="EXTENTION KONEKSI" disabled=no \ new-packet-mark="WMV" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="EXE MARK" \ connection-mark="EXTENTION KONEKSI" disabled=no \ new-packet-mark="EXE" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="ZIP MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="ZIP" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="RAR MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="RAR" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="MPG MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="MPG" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="MPEG MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="MPEG" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="MP3 MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="MP3" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="MOV MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="MOV" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="ISO MARK" disabled=no \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="ISO" \ passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="MKV MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="MKV" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="FLV MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="FLV" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="AVI MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="AVI" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="CAB MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="CAB" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="ASF MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="ASF" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="WAV MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="WAV" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="RM MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="RM" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="RAM MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="RAM" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="RMVB MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="RMVB" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="DAT MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="DAT" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="DAA MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="DAA" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="NRG MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="NRG" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="BIN MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="BIN" passthrough=no /ip firewall mangle add action=mark-packet \ chain=forward comment="VCD MARK" \ connection-mark="EXTENTION KONEKSI" \ new-packet-mark="VCD" passthrough=no
Queue Tree Queue tree ICMP prioritas ke 1: /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s disabled=no \ limit-at=0 max-limit=0 name="ICMP PING" \ packet-mark="ICMP PAKET" parent=public priority=1 \ queue="default"
Queue Squid Hit Prioritas ke 2: /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s disabled=no \ limit-at=0 max-limit=0 name="SQUID HIT" \ packet-mark="PROXY HIT" parent=local priority=2 \ queue=default
Queue Limit Extention prioritas ke 3 (jika anda ingin melimit yang berbeda silahkan ubah max-limitnya): /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=1000000 \ name="LIMIT FILE EXTENTION" parent=global-out priority=3 /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=128000 \ name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=128000 \ name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="YOUTUBE" packet-mark="YOUTUBE" \ parent="LIMIT FILE EXTENTION" priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 name="MP3" \ packet-mark="MP3" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 name="MP4" \ packet-mark="MP4" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=128000 \ name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=128000 \ name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=128000 \ name="WMV" packet-mark="WMV" \ parent="LIMIT FILE EXTENTION" priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" \ priority=3 queue=default
Queue tree Semua Upload Prioritas ke 4 : /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="+++TOTAL UPLOAD+++" \ packet-mark="SEMUA PAKET MASUK" \ parent=public priority=4 queue=default
Total download Prioritas ke 5 : /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" \ parent=global priority=5
Game download Prioritas ke 6 : /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="GAME DOWNLOAD" packet-mark="GAME PAKET" \ parent="+++TOTAL DOWNLOAD+++" priority=6 \ queue=default
Queue Browsing Paket Priority ke 7 /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s \ disabled=no limit-at=0 max-limit=0 \ name="BROWSING PAKET" packet-mark="BROWSING PAKET" \ parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
Queue tree Total download client priority8 /queue tree add burst-limit=0 \ burst-threshold=0 burst-time=0s disabled=no \ limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" \ parent="+++TOTAL DOWNLOAD+++" priority=8
0 komentar:
Post a Comment
ilmu lebih berharga dari pada uang