Alhamdulilah setelah lama ngutak-ngatik Mikrotik RB951series
Bagian Pertama akan saya tulis disini :
1. Buat dua IP address, yakni
a. IP address ke modem DSL dengan subnet slash 24
b. IP address Untuk Interface Mikrotik harus berbeda dengan Modem DSL dengan slash 24.
2. Tuliskan perintah di new terminal untuk pembagian bandwidth prorata,sbb:
Menggunakan quenee tree dimikrotik :
/queue type add kind=pcq name=DOWNLOAD pcq-classifier=dst-address,dst-port
/queue type add kind=pcq name=UPLOAD pcq-classifier=src-address,src-port
/queue tree add name=DOWNLOAD packet-mark="PAKET DOWNLOAD" parent=global priority=1 queue=DOWNLOAD
/queue tree add name=UPLOAD packet-mark="PAKET UPLOAD" parent=modem priority=1 queue=UPLOAD
Script di Mangle :
/ip firewall mangle add action=mark-connection chain=forward comment="SEMUA KONEKSI" disabled=no new-connection-mark="SEMUA KONEKSI" passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward comment="PAKET DOWNLOAD" connection-mark="SEMUA KONEKSI" disabled=no dst-address=192.168.88.1/24 new-packet-mark="PAKET DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=forward comment="PAKET UPLOAD" connection-mark="SEMUA KONEKSI" disabled=no new-packet-mark="PAKET UPLOAD" passthrough=no
/ip firewall filter
add chain=forward connection-state=established comment=”allow established connections”
add chain=forward connection-state=related comment=”allow related connections”
add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2?
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
add chain=forward action=accept protocol=tcp dst-port=80 comment=”Allow HTTP”
add chain=forward action=accept protocol=tcp dst-port=25 comment=”Allow SMTP”
add chain=forward protocol=tcp comment=”allow TCP”
add chain=forward protocol=icmp comment=”allow ping”
add chain=forward protocol=udp comment=”allow udp”
add chain=forward action=drop comment=”drop everything else”
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no
4. Pengaturan Jam di Mikrotik , sbb:
/system sntp client set enabled=yes mode=unicast primary=152.118.24.8
/system clock set time=08:05:57 date=jan/17/2014 time-zone-name=Asia/Makasar
5. Blok Akses di Mikrotik
/ip firewall filter
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.88.1/24 action=accept comment="Allow semua akses internet to client" disabled=no
add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=123 action=accept comment="Allow NTP Traffic" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no
6. Blok Akses Facebook :
/ip dns static
add address=127.0.0.1 disabled=no name=facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=glib1.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=glib2.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=mail.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=dns.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns0.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns1.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns2.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns3.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns4.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=ns5.facebook.com ttl=5m
add address=127.0.0.1 disabled=no name=www.o.facebook.com ttl=5m
7. Blok Website di Layer 7 :
/ip firewall layer7-protocol add \
comment="BLOK YAHOO MESSENGER" name="BLOK YAHOO MESSENGER" regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
/ip firewall filter add chain=forward action=drop layer7-protocol="BLOK YAHOO MESSENGER" comment="BLOK YAHOO MESSENGER"
/ip firewall filter add action=drop chain=forward comment="BLOK CAMFROG" disabled=no dst-port=2779 protocol=tcp
8. Blok Akses Situs/ website berdasarkan IP Address :
1. Buatkan terlebih dahulu IP Addres Jaringan lokal anda , dan beri nama LAN
2. Tuliskan perintah sebagai berikut :
/ip firewall filter add chain=input tcp=80 src-address-list="LAN" action=drop
Bersambung....ke Tahapan seting mikrotik bagian kedua...
8. Blok Akses Situs/ website berdasarkan IP Address :
1. Buatkan terlebih dahulu IP Addres Jaringan lokal anda , dan beri nama LAN
2. Tuliskan perintah sebagai berikut :
/ip firewall filter add chain=input tcp=80 src-address-list="LAN" action=drop
Bersambung....ke Tahapan seting mikrotik bagian kedua...
Tidak ada komentar:
Posting Komentar