Ngelab Script

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \

in-interface=ether1-ISP1 new-connection-mark=isp1 passthrough=yes
in-interface=ether2-ISP2 new-connection-mark=isp2 passthrough=yes
"from bottom to the top"
add action=mark-connection chain=prerouting comment=koneksi-mark \

connection-mark=no-mark in-interface=ether3-Lokal new-connection-mark=isp
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
in-interface=ether3-Lokal new-connection-mark=isp2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment=mark-routing connection-mark
isp1 in-interface=ether3-Lokal new-routing-mark="ke isp_1" passthrough=ye
add action=mark-routing chain=prerouting connection-mark=isp2 in-interface=\
ether3-Lokal new-routing-mark="ke isp_2" passthrough=yes
add action=mark-routing chain=output connection-mark=isp1 new-routing-mark=\
"ke isp_1" passthrough=yes
add action=mark-routing chain=output connection-mark=isp2 new-routing-mark=\
"ke isp_2" passthrough=yes
-----------------------------------------------------------------------------------
------------------------------------
/ip route
add check-gateway=ping distance=1 gateway=192.168.137.10 routing-mark="ke isp_1"
add check-gateway=ping distance=1 gateway=10.10.10.1 routing-mark="ke isp_2"
add check-gateway=ping distance=1 gateway=192.168.137.10
-----------------------------------------------------------------------------------
-------------------------------------
/ip firewall filter
add action=drop chain=forward comment="DROP FB+YT" dst-address-list=https
/ip firewall mangle
add action=add-dst-to-address-list address-list=https address-list-timeout=none-
dynamic chain=forward comment=BLOKIR content=www.youtube.com
dynamic chain=forward content=www.facebook.com
-----------------------------------------------------------------------------------
--------------------------------------
[admin@MikroTik] > export

# oct/14/2019 13:54:12 by RouterOS 6.44.2
# software id =
#
#
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1-ISP-1
set [ find default-name=ether2 ] disable-running-check=no name=ether1-ISP-2
set [ find default-name=ether3 ] disable-running-check=no name=ether3-Lokal
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.191.1.2-172.191.1.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 disabled=no interface=ether3-Lokal
name=dhcp1
/ip address
add address=172.191.1.1/24 interface=ether3-Lokal network=172.191.1.0
add address=192.168.137.11/24 interface=ether1-ISP-1 network=192.168.137.0
add address=10.10.10.2/24 interface=ether1-ISP-2 network=10.10.10.0
/ip dhcp-server network
add address=172.191.1.0/24 gateway=172.191.1.1
add address=172.191.2.0/24 gateway=172.191.2.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.137.0/24 list=lokal
------------------------------------------------------------------------->
/ip firewall filter
add action=drop chain=forward comment="DROP FB+YT" dst-address-list=https
------------------------------------------------------------------------->
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-
interface=ether1-ISP-1 new-connection-mark=isp-1 passthrough=yes
interface=ether1-ISP-2 new-connection-mark=isp-2 passthrough=yes
interface=ether3-Lokal new-connection-mark=isp-1 passthrough=yes per-connection-
classifier=\
both-addresses-and-ports:2/0
interface=ether3-Lokal new-connection-mark=isp-2 passthrough=yes per-connection-
classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=isp-1 in-interface=ether3-
Lokal new-routing-mark="KE ISP1" passthrough=yes
add action=mark-routing chain=prerouting connection-mark=isp-2 in-interface=ether3-
Lokal new-routing-mark="KE ISP2" passthrough=yes
add action=mark-routing chain=output connection-mark=isp-1 new-routing-mark="KE
ISP1" passthrough=yes
add action=mark-routing chain=output connection-mark=isp-2 new-routing-mark="KE
ISP2" passthrough=yes
-----------------------------------------------------------------------------------
-------------------------->
dynamic chain=forward comment=BLOKIR content=www.youtube.com
dynamic chain=forward content=www.facebook.com
-----------------------------------------------------------------------------------
-------------------------->
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-ISP-1
add action=masquerade chain=srcnat out-interface=ether1-ISP-2
/ip route
add check-gateway=ping distance=1 gateway=192.168.137.10 routing-mark="KE ISP1"
add check-gateway=ping distance=1 gateway=10.10.10.1 routing-mark="KE ISP2"

Ngelab Script

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ngelab Script

Uploaded by

Copyright:

Available Formats

/ip firewall mangle

add action=mark-connection chain=prerouting connection-mark=no-mark \

add action=mark-connection chain=prerouting comment=koneksi-mark \

[admin@MikroTik] > export

You might also like