You are on page 1of 11

Konfigurasi Mikrotik Rajasetan.

net
Posted on October 31, 2007 by fsdoei
Rate This

Berikut adalah contoh konfigurasi mikrotik untuk warnet


ataupun small office.
# jul/09/2007 19:19:08 by RouterOS 2.9.6
# software id = 6DFQ-C8T
#
/ interface ethernet
set Internet name=Internet mtu=1500 mac-address=00:C0:26:57:4F:84
arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=Ke Modem disabled=no
set Lan name=Lan mtu=1500 mac-address=00:10:B5:88:CC:70 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=Ke LAN disabled=no
/ interface bridge port
set Internet bridge=none priority=128 path-cost=10
set Lan bridge=none priority=128 path-cost=10
/ ip pool
add name=rajatega_pool ranges=192.168.0.1-192.168.0.13
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=192.168.0.0/28 disabled=no
set www port=80 address=192.168.0.0/28 disabled=no
set ssh port=22 address=192.168.0.0/28 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip arp
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m
inactive-flow-timeout=15s
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155
allow-remote-requests=yes cache-size=10240KiB cache-max-ttl=1w

/ ip dns static
add name=www.rajatega.net.id address=192.168.0.13 ttl=1d
add name=bm.rajatega.net.id address=192.168.0.14 ttl=1d
add name=rajatega.net.id address=192.168.0.13 ttl=1d
/ ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255
interface=Internet comment=Modem disabled=no
add address=192.168.0.14/28 network=192.168.0.0 broadcast=192.168.0.15
interface=Lan comment=Gw Lan disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=block telnet & spam e-mail relaying
disabled=no
/ ip neighbor discovery
set Internet discover=yes
set Lan discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
comment=Gw Modem Speedy disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.0/28 protocol=icmp
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
comment=ToS disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet
new-packet-mark=ICMP-PM passthrough=yes comment= disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
comment= disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=tcp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes
comment= disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=udp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes
comment= disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet
new-packet-mark=DNS-PM passthrough=yes comment= disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
comment= disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection
new-connection-mark=http_conn passthrough=yes comment=Tandai Service
disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet
new-packet-mark=http passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection
new-connection-mark=irc_conn passthrough=yes comment= disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet
new-packet-mark=irc passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection
new-connection-mark=ym_conn passthrough=yes comment= disabled=no

add chain=prerouting connection-mark=ym_conn action=mark-packet


new-packet-mark=ym passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection
new-connection-mark=mt_conn passthrough=yes comment= disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet
new-packet-mark=mt passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=http_conn passthrough=yes comment= disabled=no
add chain=prerouting src-address=192.168.0.0/28 action=mark-packet
new-packet-mark=Naik passthrough=no comment=Up Traffic disabled=no
add chain=forward src-address=192.168.0.0/28 action=mark-connection
new-connection-mark=Koneksi passthrough=yes comment=Conn-Mark
disabled=no
add chain=forward in-interface=Internet connection-mark=Koneksi
action=mark-packet new-packet-mark=Turun passthrough=no
comment=Down-Direct Connection disabled=no
add chain=output out-interface=Lan dst-address=192.168.0.0/28
action=mark-packet new-packet-mark=Turun passthrough=no comment=Down-Via
Proxy disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Internet src-address=192.168.0.0/28
action=masquerade comment= disabled=no
add chain=dstnat dst-address=64.4.0.0/18 action=accept comment=Hotmail
disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
comment=Proxy disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
comment=Proxy disabled=no
add chain=dstnat protocol=tcp dst-port=8000 action=redirect to-ports=8080
comment=Proxy disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=Drop Invalid
connections disabled=no
add chain=input src-address=!192.168.0.0/28 protocol=tcp src-port=1024-65535
dst-port=8080 action=drop comment=Block to Proxy disabled=no
add chain=input protocol=udp dst-port=12667 action=drop comment=Trinoo
disabled=no
add chain=input protocol=udp dst-port=27665 action=drop comment=Trinoo
disabled=no
add chain=input protocol=udp dst-port=31335 action=drop comment=Trinoo
disabled=no
add chain=input protocol=udp dst-port=27444 action=drop comment=Trinoo
disabled=no
add chain=input protocol=udp dst-port=34555 action=drop comment=Trinoo

disabled=no
add chain=input protocol=udp dst-port=35555 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=27444 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=27665 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=31335 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=31846 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=34555 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=35555 action=drop comment=Trinoo
disabled=no
add chain=input connection-state=established action=accept comment=Allow
Established connections disabled=no
add chain=input protocol=udp action=accept comment=Allow UDP disabled=no
add chain=input protocol=icmp action=accept comment=Allow ICMP disabled=no
add chain=input src-address=192.168.0.0/28 action=accept comment=Allow access
to router from known network disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment=
disabled=no
add chain=input action=drop comment=Drop anything else disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop
comment=drop invalid connections disabled=no
add chain=forward connection-state=established action=accept comment=allow
already established connections disabled=no
add chain=forward connection-state=related action=accept comment=allow
related connections disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment= disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment= disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment= disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment= disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment= disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment= disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=
disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=deny TFTP
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=deny RPC
portmapper disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=deny RPC
portmapper disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=deny NBT
disabled=no

add chain=tcp protocol=tcp dst-port=445 action=drop comment=deny cifs


disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=deny NFS
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=deny
NetBus disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=deny NetBus
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=deny
BackOriffice disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=deny DHCP
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=deny TFTP
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=deny PRC
portmapper disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=deny PRC
portmapper disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=deny NBT
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=deny NFS
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=deny
BackOriffice disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w comment=Port
scanners to list disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners
address-list-timeout=2w comment=NMAP FIN Stealth scan disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w comment=SYN/FIN
scan disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w comment=SYN/RST
scan disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list=port scanners
address-list-timeout=2w comment=FIN/PSH/URG scan disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list=port scanners
address-list-timeout=2w comment=ALL/ALL scan disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners
address-list-timeout=2w comment=NMAP NULL scan disabled=no
add chain=input src-address-list=port scanners action=drop comment=dropping
port scanners disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=drop
invalid connections disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=allow

established connections disabled=no


add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=allow
already established connections disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=allow
source quench disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=allow
echo request disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=allow
time exceed disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=allow
parameter bad disabled=no
add chain=icmp action=drop comment=deny all other types disabled=no
add chain=tcp protocol=tcp dst-port=25 action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
add chain=tcp protocol=udp dst-port=25 action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
add chain=tcp protocol=tcp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
add chain=tcp protocol=udp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
add chain=tcp protocol=udp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment=Smtp disabled=no
/ ip firewall address-list
add list=port scanners address=0.0.0.0 comment= disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip ipsec proposal
add name=default auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname=proxy.rajatega.net.id
transparent-proxy=yes parent-proxy=0.0.0.0:0
cache-administrator=somebody@somethink.org max-object-size=131072KiB
cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add action=allow comment= disabled=no
add dst-port=23-25 action=deny comment=block telnet & spam e-mail relaying
disabled=no
/ ip web-proxy cache
add url=http*youtube*get_video* action=allow comment=YouTube disabled=no
add url=http*friendster.com action=allow comment=Friendster disabled=no
add url=http*pu.go.id action=allow comment=PU disabled=no
add url=http*detik*com action=allow comment=Detik disabled=no
add url=http*domai.com action=allow comment=Domai disabled=no

add url=http*nigmae.net action=allow comment=Nigmae disabled=no


add url=http*kompas.com action=allow comment=Kompas disabled=no
add url=http*lalatx.com action=allow comment=Lalatx disabled=no
add url=http*yahoo.com action=allow comment=Yahoo disabled=no
add url=http*kapanlagi.com action=allow comment=Kapanlagi disabled=no
add url=http*plasa.com action=allow comment=Plasa disabled=no
add url=http*kaskus.us action=allow comment=Kaskus disabled=no
add url=http*avaxhome*org action=allow comment=Avaxhome disabled=no
add url=www.worth1000.com action=allow comment=Worth1000 disabled=no
add action=allow comment=Allow sado alahe disabled=no
add url=:cgi-bin \? action=deny comment=dont cache dynamic http pages
disabled=no
/ ip web-proxy direct
add action=allow comment= disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=default hotspot-address=0.0.0.0 dns-name=
html-directory=hotspot rate-limit= http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=default idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=yes
open-status-page=always advertise=no
/ system logging
add topics=info prefix= action=memory disabled=no
add topics=error prefix= action=memory disabled=no
add topics=warning prefix= action=memory disabled=no
add topics=critical prefix= action=echo disabled=no
add topics=web-proxy prefix= action=disk disabled=no
add topics=debug prefix= action=memory disabled=no
/ system logging action
set memory name=memory target=memory memory-lines=100 memory-stop-onfull=no
set disk name=disk target=disk disk-lines=100 disk-stop-on-full=no
set echo name=echo target=echo remember=yes
set remote name=remote target=remote remote=0.0.0.0:514
/ system script
add name=Proxy-off source=/ip firewall nat set [/ip firewall nat find
comment=Proxy] disable=yes
n/ip web-proxy set enabled=no
policy=ftp,reboot,read,write,policy,test,winbox,password
add name=Proxy-limpacache source=/ip web-proxy clear-cache
policy=ftp,reboot,read,write,policy,test,winbox,password
add name=Proxy-on source=/ip web-proxy set enabled=yes
n/ip firewall nat
set [/ip firewall nat find comment=Proxy] disable=no
policy=ftp,reboot,read,write,policy,test,winbox,password
/ system upgrade mirror

set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0


check-interval=1d user=
/ system clock dst
set dst-delta=+01:00 dst-start=jan/01/1970 00:00:00 dst-end=jan/01/1970
00:00:00
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term= disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
set FIXME term=linux disabled=no
/ system console screen
set line-count=25
/ system identity
set name=MikroTik
/ system note
set show-at-login=yes note=
/ system scheduler
add name=control-proxy-off on-event=Proxy-off start-date=jun/18/2007
start-time=02:30:00 interval=2w1d comment= disabled=no
add name=control-proxy-limpacache on-event=Proxy-limpacache
start-date=jun/18/2007 start-time=02:31:00 interval=2w1d comment=
disabled=no
add name=controle-proxy-on on-event=Proxy-on start-date=jun/14/2007
start-time=02:40:00 interval=2w1d comment= disabled=no
/ port
set serial0 name=serial0 baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=hardware
set serial1 name=serial1 baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=hardware
/ queue type
set default name=default kind=pfifo pfifo-limit=50
set ethernet-default name=ethernet-default kind=pfifo pfifo-limit=50
set wireless-default name=wireless-default kind=sfq sfq-perturb=5
sfq-allot=1514
set synchronous-default name=synchronous-default kind=red red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=hotspot-default kind=sfq sfq-perturb=5
sfq-allot=1514
add name=pcq-download kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000
add name=pcq-upload kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000

add name=PFIFO-64 kind=pfifo pfifo-limit=64


add name=default-small kind=pfifo pfifo-limit=10
/ queue simple
add name=Blues target-addresses=192.168.0.0/28 dst-address=0.0.0.0/0
interface=Lan parent=none packet-marks=Turun priority=1
queue=ethernet-default/ethernet-default limit-at=0/384000
max-limit=0/384000 total-queue=default disabled=no
add name=01 target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=02 target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=03 target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=04 target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=05 target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=06 target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=07 target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=08 target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=09 target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=10 target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=11 target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000

total-queue=default disabled=no
add name=12 target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=Kasir target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=1
queue=ethernet-default/ethernet-default limit-at=0/64000
max-limit=0/128000 total-queue=default disabled=no
/ queue tree
add name=downstream parent=Lan packet-mark=Turun limit-at=0
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=upstream parent=global-in packet-mark=Naik limit-at=0
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=ICMP parent=global-in packet-mark=ICMP-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=DNS parent=global-in packet-mark=DNS-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
/ user
add name=admin group=full address=192.168.0.0/28 comment=system default
user disabled=no
add name=y2k group=full address=192.168.0.0/28 comment= disabled=no
add name=ope group=read address=0.0.0.0/0 comment= disabled=no
/ user group
add name=read policy=local,read,winbox,!telnet,!ssh,!ftp,!reboot,!write,!poli
cy,!test,!password,!web
add name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password
,web,!ftp,!policy
add name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=r0t0r location=Padang
/ snmp community
set public name=public address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=<>
/ tool sniffer

set interface=all only-headers=no memory-limit=10 file-name= file-limit=10


streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes
allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no

You might also like