Professional Documents
Culture Documents
net
Posted on October 31, 2007 by fsdoei
Rate This
/ ip dns static
add name=www.rajatega.net.id address=192.168.0.13 ttl=1d
add name=bm.rajatega.net.id address=192.168.0.14 ttl=1d
add name=rajatega.net.id address=192.168.0.13 ttl=1d
/ ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255
interface=Internet comment=Modem disabled=no
add address=192.168.0.14/28 network=192.168.0.0 broadcast=192.168.0.15
interface=Lan comment=Gw Lan disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=block telnet & spam e-mail relaying
disabled=no
/ ip neighbor discovery
set Internet discover=yes
set Lan discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
comment=Gw Modem Speedy disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.0/28 protocol=icmp
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
comment=ToS disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet
new-packet-mark=ICMP-PM passthrough=yes comment= disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
comment= disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=tcp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes
comment= disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=udp dst-port=53
action=mark-connection new-connection-mark=DNS-CM passthrough=yes
comment= disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet
new-packet-mark=DNS-PM passthrough=yes comment= disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
comment= disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection
new-connection-mark=http_conn passthrough=yes comment=Tandai Service
disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet
new-packet-mark=http passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection
new-connection-mark=irc_conn passthrough=yes comment= disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet
new-packet-mark=irc passthrough=no comment= disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection
new-connection-mark=ym_conn passthrough=yes comment= disabled=no
disabled=no
add chain=input protocol=udp dst-port=35555 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=27444 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=27665 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=31335 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=31846 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=34555 action=drop comment=Trinoo
disabled=no
add chain=input protocol=tcp dst-port=35555 action=drop comment=Trinoo
disabled=no
add chain=input connection-state=established action=accept comment=Allow
Established connections disabled=no
add chain=input protocol=udp action=accept comment=Allow UDP disabled=no
add chain=input protocol=icmp action=accept comment=Allow ICMP disabled=no
add chain=input src-address=192.168.0.0/28 action=accept comment=Allow access
to router from known network disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment=
disabled=no
add chain=input action=drop comment=Drop anything else disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop
comment=drop invalid connections disabled=no
add chain=forward connection-state=established action=accept comment=allow
already established connections disabled=no
add chain=forward connection-state=related action=accept comment=allow
related connections disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment= disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment= disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment= disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment= disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment= disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment= disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=
disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=deny TFTP
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=deny RPC
portmapper disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=deny RPC
portmapper disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=deny NBT
disabled=no
total-queue=default disabled=no
add name=12 target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=7
queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/32000
total-queue=default disabled=no
add name=Kasir target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0
interface=Lan parent=Blues packet-marks=Turun priority=1
queue=ethernet-default/ethernet-default limit-at=0/64000
max-limit=0/128000 total-queue=default disabled=no
/ queue tree
add name=downstream parent=Lan packet-mark=Turun limit-at=0
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=upstream parent=global-in packet-mark=Naik limit-at=0
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=ICMP parent=global-in packet-mark=ICMP-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=DNS parent=global-in packet-mark=DNS-PM limit-at=8000
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
/ user
add name=admin group=full address=192.168.0.0/28 comment=system default
user disabled=no
add name=y2k group=full address=192.168.0.0/28 comment= disabled=no
add name=ope group=read address=0.0.0.0/0 comment= disabled=no
/ user group
add name=read policy=local,read,winbox,!telnet,!ssh,!ftp,!reboot,!write,!poli
cy,!test,!password,!web
add name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password
,web,!ftp,!policy
add name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=r0t0r location=Padang
/ snmp community
set public name=public address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=<>
/ tool sniffer