Professional Documents
Culture Documents
Mencegah Netcut Dmikrotik
Mencegah Netcut Dmikrotik
/ system script add name="stop_dc1" source="ip firewall rule forward enable \[/ip firewall rule forward find action=drop\] \n" \ policy=ftp,reboot,read,write,policy,test for RouterOS v2.9 it looks like this: / system script add name="stop_dc1" source="ip firewall filter enable \[/ip firewall filter find action=drop\] \n" \ policy=ftp,reboot,read,write,policy,test
2. enable p2p connections
/ system script add name="start_dc1" source="ip firewall rule forward disable \[/ip firewall rule forward find \ action=drop\] \n" policy=ftp,reboot,read,write,policy,test (I have to add that for these two scripts you have to have a firewall rule: ) / ip firewall rule forward add p2p=all-p2p action=drop comment="" disabled=no
This example will explain you How to Block Web Sites & How to Stop Downloading . I have use Web-Proxy test Package. First, Configure Proxy.
/ip proxy enabled: yes src-address: 0.0.0.0 port: 8080 parent-proxy: 0.0.0.0:0 cache-drive: system cache-administrator: "ASHISH PATEL" max-disk-cache-size: none max-ram-cache-size: none cache-only-on-disk: no maximal-client-connections: 1000 maximal-server-connections: 1000 max-object-size: 512KiB max-fresh-time: 3d
Now, Make it Transparent
/ip proxy access path=*.exe action=deny path=*.mp3 action=deny path=*.zip action=deny path=*.rar action=deny.
Try with this also
add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment="Anti-Netcut" disabled=no dst-port= src-address=63.245.213.1-63.245.213.254 Versi laen anti net cut for mikocok:
0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp 0-65535 protocol=tcp
/ip firewall filter add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \ chain=input comment=" disabled=no dst-port=1337 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \ chain=input comment=" disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=Port scanners to list disabled=no protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=SYN/FIN scan disabled=no protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=SYN/RST scan disabled=no protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp \ comment=FIN/PSH/URG scan add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \ comment=ALL/ALL scan add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment=NMAP NULL scan \ disabled=no protocol=tcp add action=add-src-to-address-list address-list=port scanners address-list-timeout=2w \ chain=input comment=NMAP FIN Stealth scan disabled=no protocol=tcp add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment=ANTI NETCUT disabled=no dst-port=0-65535 \ protocol=tcp src-address=63.245.213.1-63.245.213.254 thanks for ANDRI SUWIGNYO