Mencegah Netcut Dmikrotik

1.
disable p2p connections
/ system script add name="stop_dc1" source="ip firewall rule forward enable \[/ip firewall rule forward find action=drop\] \n" \ policy=ftp,reboot,read,write,policy,test for RouterOS v2.9 it looks like this: / system script add name="stop_dc1" source="ip firewall filter enable \[/ip firewall filter find action=drop\] \n" \ policy=ftp,reboot,read,write,policy,test
2. enable p2p connections
/ system script add name="start_dc1" source="ip firewall rule forward disable \[/ip firewall rule forward find \ action=drop\] \n" policy=ftp,reboot,read,write,policy,test (I have to add that for these two scripts you have to have a firewall rule: ) / ip firewall rule forward add p2p=all-p2p action=drop comment="" disabled=no
This example will explain you How to Block Web Sites & How to Stop Downloading . I have use Web-Proxy test Package. First, Configure Proxy.
/ip proxy enabled: yes src-address: 0.0.0.0 port: 8080 parent-proxy: 0.0.0.0:0 cache-drive: system cache-administrator: "ASHISH PATEL" max-disk-cache-size: none max-ram-cache-size: none cache-only-on-disk: no maximal-client-connections: 1000 maximal-server-connections: 1000 max-object-size: 512KiB max-fresh-time: 3d
Now, Make it Transparent
/ip firewall nat chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

Make sure that your proxy is NOT a Open Proxy
/ip firewall filter chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop
Now for Blocking Websites
/ip proxy access dst-host=www.vansol27.com action=deny

It will block website http://www.vansol27.com, We can always block the same for different networks by giving src-address. It will block for particular source address. We can also stop downloading files like.mp3, .exe, .dat, .avi, etc.
/ip proxy access path=*.exe action=deny path=*.mp3 action=deny path=*.zip action=deny path=*.rar action=deny.
Try with this also
/ip proxy access dst-host=:mail action=deny

This will block all the websites contain word mail in url. Example: It will block www.hotmail.com, mail.yahoo.com, www.rediffmail.com
/ip firewall filter
add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=63.245.213.1-63.245.213.254 Versi laen anti net cut for mikocok:
0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp
/ip firewall filter add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \ chain=input comment=" disabled=no dst-port=1337 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \ chain=input comment=" disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=Port scanners to list disabled=no protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=SYN/FIN scan disabled=no protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=SYN/RST scan disabled=no protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp \ comment=FIN/PSH/URG scan add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \ comment=ALL/ALL scan add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment=NMAP NULL scan \ disabled=no protocol=tcp add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=NMAP FIN Stealth scan disabled=no protocol=tcp add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=63.245.213.1-63.245.213.254 thanks for ANDRI SUWIGNYO

Mencegah Netcut Dmikrotik

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mencegah Netcut Dmikrotik

Uploaded by

Copyright:

Available Formats

1.

disable p2p connections

/ip firewall nat chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

/ip firewall filter chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop

Now for Blocking Websites

/ip proxy access dst-host=www.vansol27.com action=deny

/ip proxy access dst-host=:mail action=deny

You might also like