MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/
Terminal vt102 detected, using multiline input mode
[admin@MikroTik] > export
# mar/11/2009 22:14:54 by RouterOS 2.9.27
# software id = A6G4-2VN
#
/ interface ethernet
set Sapidi name=”Sapidi” mtu=1500 mac-address=00:E0:4D:48:BE:1D arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=”" disabled=no
set LAN name=”LAN” mtu=1500 mac-address=00:E0:4D:55:00:5A arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=”" disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 default-profile=default-encryption
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=yes
set www port=80 address=192.168.0.0/28 disabled=no
set ssh port=22 address=192.168.0.0/28 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=Sapidi type=external disabled=no
add interface=LAN type=internal disabled=no
/ ip arp
add address=192.168.0.1 mac-address=00:1B:B9:ED:D7:3C interface=LAN comment=”" disabled=no
add address=192.168.0.3 mac-address=00:1B:B9:ED:3D:2A interface=LAN comment=”" disabled=no
add address=192.168.0.4 mac-address=00:1B:B9:96:EC:AF interface=LAN comment=”" disabled=no
add address=192.168.0.5 mac-address=00:F0:5E:39:5B:D6 interface=LAN comment=”" disabled=no
add address=192.168.0.6 mac-address=00:E0:4D:58:5D:A2 interface=LAN comment=”" disabled=no
add address=192.168.0.7 mac-address=00:E0:4D:4D:1A:87 interface=LAN comment=”" disabled=no
add address=192.168.0.13 mac-address=00:E0:4D:56:78:95 interface=LAN comment=”" disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=203.130.193.74 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Sapidi comment=”" disabled=no
add address=192.168.0.14/28 network=192.168.0.0 broadcast=192.168.0.15 interface=LAN comment=”" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip neighbor discovery
set Sapidi discover=yes
set LAN discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes comment=”Prio P2P” disabled=no
add chain=prerouting connection-mark=prio_conn_p2p action=mark-packet new-packet-mark=prio_p2p_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”Prio
Download_Services” disabled=no
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=1000000-10000000 action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes
comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_download_services action=mark-packet new-packet-mark=prio_download_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”Prio
Ensign_Services” disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=udp dst-port=710-711 action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=tcp dst-port=712-713 action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes
comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_ensign_services action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_user_services passthrough=yes
comment=”Prio User_Request” disabled=no
add chain=prerouting protocol=tcp dst-port=8291 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_user_services passthrough=yes
comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_user_services action=mark-packet new-packet-mark=prio_request_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes
comment=”Prio_Communication” disabled=no
add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=udp dst-port=5060 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_comm_services action=mark-packet new-packet-mark=prio_comm_packet passthrough=no comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=syn connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”Testing TCP Flags” disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=rst connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=ack connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=fin connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=syn connection-state=established packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting protocol=tcp connection-mark=upstream_conn action=mark-packet new-packet-mark=upstream_ack passthrough=no comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 action=mark-packet new-packet-mark=upstream_ack passthrough=no comment=”Up Traffic” disabled=no
add chain=forward src-address-list=user action=mark-connection new-connection-mark=user-conn passthrough=yes comment=”Mark user traffic” disabled=no
add chain=forward in-interface=Sapidi connection-mark=user-conn src-address-list=user action=mark-packet new-packet-mark=user-conn-traffic passthrough=yes
comment=”" disabled=no
add chain=output out-interface=LAN dst-address-list=user action=mark-packet new-packet-mark=user-conn-traffic passthrough=no comment=”" disabled=no
add chain=forward src-address-list=kasir action=mark-connection new-connection-mark=kasir-conn passthrough=yes comment=”Mark kasir traffic” disabled=no
add chain=forward in-interface=Sapidi connection-mark=kasir-conn src-address-list=kasir action=mark-packet new-packet-mark=kasir-conn-traffic passthrough=yes
comment=”" disabled=no
add chain=output out-interface=LAN dst-address-list=kasir action=mark-packet new-packet-mark=kasir-conn-traffic passthrough=no comment=”" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Sapidi action=masquerade comment=”KE MODEM” disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=”WEBCACHE PROXY ” disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=”" disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=8000 action=redirect to-ports=8080 comment=”" disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment=”" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s
tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment=”Block Bogus IP Address” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop SSH brute forcers” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=”"
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port Scanners to list
” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”"
disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter FTP to Box” disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”" disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”"
disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate Protocol into Chains” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”" disabled=no
add chain=input protocol=tcp action=jump jump-target=tcp comment=”" disabled=no
add chain=input protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking UDP Packet” disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Virus;Worm NetBios File Sharing” disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=69 packet-mark=”" action=drop comment=”Bloking TCP Packet” disabled=no
add chain=tcp protocol=tcp dst-port=25 packet-mark=”" action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Virus;Worm Conficker;KIDO” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited Ping Flood” disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp action=drop comment=”" disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
add chain=input connection-state=established action=accept comment=”Connection State” disabled=no
add chain=input connection-state=related action=accept comment=”" disabled=no
add chain=input connection-state=invalid action=drop comment=”" disabled=no
/ ip firewall address-list
add list=kasir address=192.168.0.13 comment=”" disabled=no
add list=user address=192.168.0.1-192.168.0.12 comment=”" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”" html-directory=hotspot rate-limit=”" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always
advertise=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname=”proxy.tepilaut.net” transparent-proxy=yes parent-proxy=0.0.0.0:0
cache-administrator=”ayakoma@yahoo.com” max-object-size=4096KiB cache-drive=primary-slave max-cache-size=10240KiB max-ram-cache-size=unlimited
/ ip web-proxy access
add action=allow comment=”" disabled=no
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip web-proxy cache
add url=”:\.3g[p]$” action=allow comment=”Cache of Files” disabled=no
add url=”:\.ra[r]$” action=allow comment=”" disabled=no
add url=”:\.sw[f]$” action=allow comment=”" disabled=no
add url=”:\.jp[g]$” action=allow comment=”" disabled=no
add url=”:\.flv$ .png$ .gif$ .bmp$ .tiff$” action=allow comment=”Cache File mp3, flv” disabled=no
add url=”http*youtube*get_video*” action=allow comment=”Cache of Sites” disabled=no
add url=”http*friendster.com” action=allow comment=”" disabled=no
add url=”http*pu.go.id” action=allow comment=”" disabled=no
add url=”http*detik*com” action=allow comment=”" disabled=no
add url=”http*domai.com” action=allow comment=”" disabled=no
add url=”http*nigmae.net” action=allow comment=”" disabled=no
add url=”http*kompas.com” action=allow comment=”" disabled=no
add url=”http*lalatx.com” action=allow comment=”" disabled=no
add url=”http*yahoo.com” action=allow comment=”" disabled=no
add url=”http*kapanlagi.com” action=allow comment=”" disabled=no
add url=”http*plasa.com” action=allow comment=”" disabled=no
add url=”http*kaskus.us” action=allow comment=”" disabled=no
add url=”http*avaxhome*org” action=allow comment=”" disabled=no
add url=”http*worth1000.com” action=allow comment=”" disabled=no
add url=”http*multiply.com” action=allow comment=”" disabled=no
add url=”http*sex.com” action=allow comment=”" disabled=no
add url=”http*grisoft.com” action=allow comment=”" disabled=no
add url=”http*bhinneka.com” action=allow comment=”" disabled=no
add url=”http*toshiba.com” action=allow comment=”" disabled=no
add url=”http*mandiri.co.id” action=allow comment=”" disabled=no
add url=”http*asus.com” action=allow comment=”" disabled=no
add url=”http*rapidshare.com” action=allow comment=”" disabled=no
add url=”http*multiply.com” action=allow comment=”" disabled=no
add url=”http*tubely.com” action=allow comment=”" disabled=no
add url=”http*glodok.com” action=allow comment=”" disabled=no
add url=”http*ponseljakarta.com” action=allow comment=”" disabled=no
add url=”http*bhinneka.com” action=allow comment=”" disabled=no
add url=”http*yahoo.messenger.com” action=allow comment=”" disabled=no
add action=allow comment=”Allow All” disabled=no
add url=”:cgi-bin \?” action=deny comment=”don’t cache dynamic http pages” disabled=no
/ system logging
add topics=info prefix=”" action=memory disabled=no
add topics=error prefix=”" action=memory disabled=no
add topics=warning prefix=”" action=memory disabled=no
add topics=critical prefix=”" action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=”"
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”" disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”MikroTik”
/ system note
set show-at-login=yes note=”"
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=yes comment=”"
set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=yes
comment=”"
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”PCQ_down_user” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address pcq-total-limit=500
add name=”PCQ_up_user” kind=pcq pcq-rate=32000 pcq-limit=20 pcq-classifier=src-address pcq-total-limit=500
add name=”PCQ_up_kasir” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=src-address pcq-total-limit=500
add name=”PCQ_down_kasir” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address pcq-total-limit=500
add name=”PCQ_download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=”PCQ_upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”Tepi-Laut” target-addresses=192.168.0.0/28 dst-address=0.0.0.0/0 interface=LAN parent=none direction=both priority=1
queue=synchronous-default/synchronous-default limit-at=128000/1000000 max-limit=256000/2000000 total-queue=default-small disabled=no
add name=”Meja.1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”KASIR” target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=8 queue=default/default
limit-at=64000/128000 max-limit=128000/256000 burst-limit=128000/1000000 burst-threshold=128000/512000 burst-time=30s/30s total-queue=default disabled=no
add name=”P2P” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_p2p_packet direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Down_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_download_packet direction=both priority=5
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Ensign_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_ensign_packet direction=both priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”User_Request” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_request_packet direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Communication” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_comm_packet direction=both priority=3
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
/ queue tree
add name=”Total_download” parent=LAN packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name=”Total_upload” parent=Sapidi packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=yes
add name=”User_download” parent=Total_download packet-mark=user-conn-traffic limit-at=0 queue=PCQ_down_user priority=1 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Kasir_download” parent=Total_download packet-mark=kasir-conn-traffic limit-at=0 queue=PCQ_down_kasir priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”User_upload” parent=Total_upload packet-mark=user-conn-traffic limit-at=0 queue=PCQ_up_user priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=”Kasir_upload” parent=Total_upload packet-mark=kasir-conn-traffic limit-at=0 queue=PCQ_up_kasir priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Priorization” parent=global-in packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=yes
add name=”Communication_Services_Prio7″ parent=Priorization packet-mark=prio_comm_packet limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Download_Services_Prio5″ parent=Priorization packet-mark=prio_download_packet limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Ensign_Services_Prio1″ parent=Priorization packet-mark=prio_ensign_packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”P2P_Traffic_Prio8″ parent=Priorization packet-mark=prio_p2p_packet limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=”User_Request_Prio3″ parent=Priorization packet-mark=prio_request_packet limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Tcp_ack” parent=Total_upload packet-mark=upstream_ack limit-at=0 queue=synchronous-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” disabled=no
add name=”ayakoma” group=full address=0.0.0.0/0 comment=”" disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=”" location=”"
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”" file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no redistribute-bgp=no metric-default=1
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import=”" prefix-list-export=”" disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 metric-bgp=1
update-timer=30s timeout-timer=3m garbage-timer=2m
[admin@MikroTik] >
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/
Terminal vt102 detected, using multiline input mode
[admin@MikroTik] > export
# mar/11/2009 22:14:54 by RouterOS 2.9.27
# software id = A6G4-2VN
#
/ interface ethernet
set Sapidi name=”Sapidi” mtu=1500 mac-address=00:E0:4D:48:BE:1D arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=”" disabled=no
set LAN name=”LAN” mtu=1500 mac-address=00:E0:4D:55:00:5A arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=”" disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 default-profile=default-encryption
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=yes
set ftp port=21 address=0.0.0.0/0 disabled=yes
set www port=80 address=192.168.0.0/28 disabled=no
set ssh port=22 address=192.168.0.0/28 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=Sapidi type=external disabled=no
add interface=LAN type=internal disabled=no
/ ip arp
add address=192.168.0.1 mac-address=00:1B:B9:ED:D7:3C interface=LAN comment=”" disabled=no
add address=192.168.0.3 mac-address=00:1B:B9:ED:3D:2A interface=LAN comment=”" disabled=no
add address=192.168.0.4 mac-address=00:1B:B9:96:EC:AF interface=LAN comment=”" disabled=no
add address=192.168.0.5 mac-address=00:F0:5E:39:5B:D6 interface=LAN comment=”" disabled=no
add address=192.168.0.6 mac-address=00:E0:4D:58:5D:A2 interface=LAN comment=”" disabled=no
add address=192.168.0.7 mac-address=00:E0:4D:4D:1A:87 interface=LAN comment=”" disabled=no
add address=192.168.0.13 mac-address=00:E0:4D:56:78:95 interface=LAN comment=”" disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=192.168.1.1 secondary-dns=203.130.193.74 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Sapidi comment=”" disabled=no
add address=192.168.0.14/28 network=192.168.0.0 broadcast=192.168.0.15 interface=LAN comment=”" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip neighbor discovery
set Sapidi discover=yes
set LAN discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=prio_conn_p2p passthrough=yes comment=”Prio P2P” disabled=no
add chain=prerouting connection-mark=prio_conn_p2p action=mark-packet new-packet-mark=prio_p2p_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”Prio
Download_Services” disabled=no
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=1000000-10000000 action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_download_services passthrough=yes
comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_download_services action=mark-packet new-packet-mark=prio_download_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”Prio
Ensign_Services” disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=udp dst-port=710-711 action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 protocol=tcp dst-port=712-713 action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes
comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=prio_conn_ensign_services passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_ensign_services action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_user_services passthrough=yes
comment=”Prio User_Request” disabled=no
add chain=prerouting protocol=tcp dst-port=8291 packet-size=1400-1500 action=mark-connection new-connection-mark=prio_conn_user_services passthrough=yes
comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_user_services action=mark-packet new-packet-mark=prio_request_packet passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=5100 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes
comment=”Prio_Communication” disabled=no
add chain=prerouting protocol=tcp dst-port=5050 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=udp dst-port=5060 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=1869 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=1723 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=5190 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection new-connection-mark=prio_conn_comm_services passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=prio_conn_comm_services action=mark-packet new-packet-mark=prio_comm_packet passthrough=no comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=syn connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”Testing TCP Flags” disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=rst connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=ack connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=fin connection-state=new packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting out-interface=Sapidi protocol=tcp tcp-flags=syn connection-state=established packet-size=40-100 action=mark-connection
new-connection-mark=upstream_conn passthrough=yes comment=”" disabled=no
add chain=postrouting protocol=tcp connection-mark=upstream_conn action=mark-packet new-packet-mark=upstream_ack passthrough=no comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/28 action=mark-packet new-packet-mark=upstream_ack passthrough=no comment=”Up Traffic” disabled=no
add chain=forward src-address-list=user action=mark-connection new-connection-mark=user-conn passthrough=yes comment=”Mark user traffic” disabled=no
add chain=forward in-interface=Sapidi connection-mark=user-conn src-address-list=user action=mark-packet new-packet-mark=user-conn-traffic passthrough=yes
comment=”" disabled=no
add chain=output out-interface=LAN dst-address-list=user action=mark-packet new-packet-mark=user-conn-traffic passthrough=no comment=”" disabled=no
add chain=forward src-address-list=kasir action=mark-connection new-connection-mark=kasir-conn passthrough=yes comment=”Mark kasir traffic” disabled=no
add chain=forward in-interface=Sapidi connection-mark=kasir-conn src-address-list=kasir action=mark-packet new-packet-mark=kasir-conn-traffic passthrough=yes
comment=”" disabled=no
add chain=output out-interface=LAN dst-address-list=kasir action=mark-packet new-packet-mark=kasir-conn-traffic passthrough=no comment=”" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Sapidi action=masquerade comment=”KE MODEM” disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=”WEBCACHE PROXY ” disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=”" disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=8000 action=redirect to-ports=8080 comment=”" disabled=no
add chain=dstnat src-address=192.168.0.0/28 protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment=”" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s
tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment=”Block Bogus IP Address” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop SSH brute forcers” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=”"
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port Scanners to list
” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”"
disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w
comment=”" disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter FTP to Box” disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”" disabled=no
add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”"
disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate Protocol into Chains” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”" disabled=no
add chain=input protocol=tcp action=jump jump-target=tcp comment=”" disabled=no
add chain=input protocol=udp action=jump jump-target=udp comment=”" disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking UDP Packet” disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Virus;Worm NetBios File Sharing” disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=69 packet-mark=”" action=drop comment=”Bloking TCP Packet” disabled=no
add chain=tcp protocol=tcp dst-port=25 packet-mark=”" action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Virus;Worm Conficker;KIDO” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited Ping Flood” disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”" disabled=no
add chain=icmp protocol=icmp action=drop comment=”" disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
add chain=input connection-state=established action=accept comment=”Connection State” disabled=no
add chain=input connection-state=related action=accept comment=”" disabled=no
add chain=input connection-state=invalid action=drop comment=”" disabled=no
/ ip firewall address-list
add list=kasir address=192.168.0.13 comment=”" disabled=no
add list=user address=192.168.0.1-192.168.0.12 comment=”" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”" html-directory=hotspot rate-limit=”" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 transparent-proxy=yes open-status-page=always
advertise=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname=”proxy.tepilaut.net” transparent-proxy=yes parent-proxy=0.0.0.0:0
cache-administrator=”ayakoma@yahoo.com” max-object-size=4096KiB cache-drive=primary-slave max-cache-size=10240KiB max-ram-cache-size=unlimited
/ ip web-proxy access
add action=allow comment=”" disabled=no
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” disabled=no
/ ip web-proxy cache
add url=”:\.3g[p]$” action=allow comment=”Cache of Files” disabled=no
add url=”:\.ra[r]$” action=allow comment=”" disabled=no
add url=”:\.sw[f]$” action=allow comment=”" disabled=no
add url=”:\.jp[g]$” action=allow comment=”" disabled=no
add url=”:\.flv$ .png$ .gif$ .bmp$ .tiff$” action=allow comment=”Cache File mp3, flv” disabled=no
add url=”http*youtube*get_video*” action=allow comment=”Cache of Sites” disabled=no
add url=”http*friendster.com” action=allow comment=”" disabled=no
add url=”http*pu.go.id” action=allow comment=”" disabled=no
add url=”http*detik*com” action=allow comment=”" disabled=no
add url=”http*domai.com” action=allow comment=”" disabled=no
add url=”http*nigmae.net” action=allow comment=”" disabled=no
add url=”http*kompas.com” action=allow comment=”" disabled=no
add url=”http*lalatx.com” action=allow comment=”" disabled=no
add url=”http*yahoo.com” action=allow comment=”" disabled=no
add url=”http*kapanlagi.com” action=allow comment=”" disabled=no
add url=”http*plasa.com” action=allow comment=”" disabled=no
add url=”http*kaskus.us” action=allow comment=”" disabled=no
add url=”http*avaxhome*org” action=allow comment=”" disabled=no
add url=”http*worth1000.com” action=allow comment=”" disabled=no
add url=”http*multiply.com” action=allow comment=”" disabled=no
add url=”http*sex.com” action=allow comment=”" disabled=no
add url=”http*grisoft.com” action=allow comment=”" disabled=no
add url=”http*bhinneka.com” action=allow comment=”" disabled=no
add url=”http*toshiba.com” action=allow comment=”" disabled=no
add url=”http*mandiri.co.id” action=allow comment=”" disabled=no
add url=”http*asus.com” action=allow comment=”" disabled=no
add url=”http*rapidshare.com” action=allow comment=”" disabled=no
add url=”http*multiply.com” action=allow comment=”" disabled=no
add url=”http*tubely.com” action=allow comment=”" disabled=no
add url=”http*glodok.com” action=allow comment=”" disabled=no
add url=”http*ponseljakarta.com” action=allow comment=”" disabled=no
add url=”http*bhinneka.com” action=allow comment=”" disabled=no
add url=”http*yahoo.messenger.com” action=allow comment=”" disabled=no
add action=allow comment=”Allow All” disabled=no
add url=”:cgi-bin \?” action=deny comment=”don’t cache dynamic http pages” disabled=no
/ system logging
add topics=info prefix=”" action=memory disabled=no
add topics=error prefix=”" action=memory disabled=no
add topics=warning prefix=”" action=memory disabled=no
add topics=critical prefix=”" action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=”"
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”" disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”MikroTik”
/ system note
set show-at-login=yes note=”"
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=yes comment=”"
set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=yes
comment=”"
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”PCQ_down_user” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address pcq-total-limit=500
add name=”PCQ_up_user” kind=pcq pcq-rate=32000 pcq-limit=20 pcq-classifier=src-address pcq-total-limit=500
add name=”PCQ_up_kasir” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=src-address pcq-total-limit=500
add name=”PCQ_down_kasir” kind=pcq pcq-rate=0 pcq-limit=20 pcq-classifier=dst-address pcq-total-limit=500
add name=”PCQ_download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=”PCQ_upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”Tepi-Laut” target-addresses=192.168.0.0/28 dst-address=0.0.0.0/0 interface=LAN parent=none direction=both priority=1
queue=synchronous-default/synchronous-default limit-at=128000/1000000 max-limit=256000/2000000 total-queue=default-small disabled=no
add name=”Meja.1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 burst-limit=64000/256000 burst-threshold=48000/192000 burst-time=1m/1m total-queue=default disabled=no
add name=”Meja.9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”Meja.12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=4 queue=default/default
limit-at=16000/64000 max-limit=32000/128000 total-queue=default disabled=no
add name=”KASIR” target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=LAN parent=Tepi-Laut direction=both priority=8 queue=default/default
limit-at=64000/128000 max-limit=128000/256000 burst-limit=128000/1000000 burst-threshold=128000/512000 burst-time=30s/30s total-queue=default disabled=no
add name=”P2P” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_p2p_packet direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Down_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_download_packet direction=both priority=5
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Ensign_Services” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_ensign_packet direction=both priority=1
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”User_Request” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_request_packet direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
add name=”Communication” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=prio_comm_packet direction=both priority=3
queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small disabled=no
/ queue tree
add name=”Total_download” parent=LAN packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name=”Total_upload” parent=Sapidi packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=yes
add name=”User_download” parent=Total_download packet-mark=user-conn-traffic limit-at=0 queue=PCQ_down_user priority=1 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Kasir_download” parent=Total_download packet-mark=kasir-conn-traffic limit-at=0 queue=PCQ_down_kasir priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”User_upload” parent=Total_upload packet-mark=user-conn-traffic limit-at=0 queue=PCQ_up_user priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=”Kasir_upload” parent=Total_upload packet-mark=kasir-conn-traffic limit-at=0 queue=PCQ_up_kasir priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Priorization” parent=global-in packet-mark=”" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=yes
add name=”Communication_Services_Prio7″ parent=Priorization packet-mark=prio_comm_packet limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Download_Services_Prio5″ parent=Priorization packet-mark=prio_download_packet limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Ensign_Services_Prio1″ parent=Priorization packet-mark=prio_ensign_packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”P2P_Traffic_Prio8″ parent=Priorization packet-mark=prio_p2p_packet limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
add name=”User_Request_Prio3″ parent=Priorization packet-mark=prio_request_packet limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=”Tcp_ack” parent=Total_upload packet-mark=upstream_ack limit-at=0 queue=synchronous-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=yes
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” disabled=no
add name=”ayakoma” group=full address=0.0.0.0/0 comment=”" disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=”" location=”"
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”" file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no redistribute-bgp=no metric-default=1
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import=”" prefix-list-export=”" disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 metric-bgp=1
update-timer=30s timeout-timer=3m garbage-timer=2m
[admin@MikroTik] >
Tidak ada komentar:
Posting Komentar