Sample Configuration Pc-Router Speedy Costumer

This sample configuration of mikrotik telkomnet speedy costumer.

# jun/09/2007 20:52:52 by RouterOS 2.9.27
# software id = JI4S-NSN
#
/ interface ethernet
set Public name=”Public” mtu=1500 mac-address=00:15:E9:EF:86:FE arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
set Lan name=”Lan” mtu=1500 mac-address=00:01:02:97:D0:BE arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
set Proxy name=”Proxy” mtu=1500 mac-address=00:01:02:97:CE:C5 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”” disabled=no
/ interface wireless security-profiles
set default name=”default” mode=none authentication-types=”” \
unicast-ciphers=”” group-ciphers=”” wpa-pre-shared-key=”” \
wpa2-pre-shared-key=”” eap-methods=passthrough tls-mode=no-certificates \
tls-certificate=none static-algo-0=none static-key-0=”” static-algo-1=none \
static-key-1=”” static-algo-2=none static-key-2=”” static-algo-3=none \
static-key-3=”” static-transmit-key=key-0 static-sta-private-algo=none \
static-sta-private-key=”” radius-mac-authentication=no group-key-update=5m
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no \
audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no \
frames-per-second=25 audio-min=-100 audio-max=-20
/ interface wireless snooper
set multiple-channels=yes channel-time=200ms receive-errors=no
/ interface wireless sniffer
set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no \
memory-limit=10 file-name=”” file-limit=10 streaming-enabled=no \
streaming-server=0.0.0.0 streaming-max-rate=0
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 \
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
keepalive-timeout=30 default-profile=default-encryption
/ ip pool
add name=”dhcp_pool1″ ranges=192.168.0.1-192.168.0.30
/ ip telephony region
/ ip telephony gatekeeper
set gatekeeper=none remote-id=”” remote-address=0.0.0.0
/ ip telephony aaa
set use-radius-accounting=no interim-update=0s
/ ip telephony codec
move G.711-uLaw-64k/sw
move G.711-ALaw-64k/sw
move G.729A-8k/sw
move G.729-8k/sw
move G.723.1-6.3k/sw
move GSM-06.10-13.2k/sw
move LPC-10-2.5k/sw
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m \
inactive-flow-timeout=15s
/ ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Public comment=”” disabled=no
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \
interface=Lan comment=”” disabled=no
add address=192.168.2.1/30 network=192.168.2.0 broadcast=192.168.2.255 \
interface=Proxy comment=”” disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:1 maximal-client-connecions=1000 \
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” \
disabled=yes
/ ip neighbor discovery
set Public discover=yes
set Lan discover=yes
set Proxy discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=3128 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=dns_conn passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=dns_conn passthrough=yes comment=”” disabled=yes
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
new-connection-mark=ym_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
new-connection-mark=cs_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection \
new-connection-mark=irc_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=mt_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
new-connection-mark=ssh_conn passthrough=yes comment=”” disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=http passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=dns_conn action=mark-packet \
new-packet-mark=dns passthrough=no comment=”” disabled=yes
add chain=prerouting connection-mark=ym_conn action=mark-packet \
new-packet-mark=ym passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet \
new-packet-mark=cs passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
new-packet-mark=irc passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
new-packet-mark=mt passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet \
new-packet-mark=email passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet \
new-packet-mark=ssh passthrough=no comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet \
new-packet-mark=test-up passthrough=no comment=”UP TRAFFIC” disabled=no
add chain=forward src-address=192.168.1.0/29 action=mark-connection \
new-connection-mark=test-conn passthrough=yes comment=”CONN-MARK” \
disabled=no
add chain=forward in-interface=Public connection-mark=test-conn \
action=mark-packet new-packet-mark=test-down passthrough=no comment=” \
DOWN-DIRECT CONNECTION” disabled=no
add chain=forward in-interface=Public src-address=192.168.1.0/24 \
action=mark-connection new-connection-mark=test-conn passthrough=yes \
comment=”” disabled=no
add chain=output out-interface=Lan dst-address=192.168.0.0/24 \
action=mark-packet new-packet-mark=test-down passthrough=no \
comment=”DOWN-VIA PROXY” disabled=no
add chain=prerouting connection-mark=conn-iix action=mark-packet \
new-packet-mark=packet-iix passthrough=no comment=”Link IIX” disabled=no
add chain=prerouting action=mark-packet new-packet-mark=packet-intl \
passthrough=no comment=”Link Intl” disabled=no
add chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no \
comment=”Proxy Ke Intl” disabled=no
add chain=output connection-mark=conn-iix action=mark-packet \
new-packet-mark=packet-iix passthrough=no comment=”Proxy Ke IIX” \
disabled=no
add chain=forward src-address-list=nice action=mark-connection \
new-connection-mark=mark-con-indonesia passthrough=yes comment=”mark all \
indonesia source connection traffic” disabled=no
add chain=forward dst-address-list=nice action=mark-connection \
new-connection-mark=mark-con-indonesia passthrough=yes comment=”mark all \
indonesia destination connection traffic” disabled=no
add chain=forward src-address-list=!nice action=mark-connection \
new-connection-mark=mark-con-overseas passthrough=yes comment=”mark all \
overseas source connection traffic” disabled=no
add chain=forward dst-address-list=!nice action=mark-connection \
new-connection-mark=mark-con-overseas passthrough=yes comment=”mark all \
overseas destination connection traffic” disabled=no
add chain=prerouting connection-mark=mark-con-indonesia action=mark-packet \
new-packet-mark=indonesia passthrough=yes comment=”mark all indonesia \
traffic” disabled=no
add chain=prerouting connection-mark=mark-con-overseas action=mark-packet \
new-packet-mark=overseas passthrough=yes comment=”mark all overseas \
traffic” disabled=no
add chain=prerouting in-interface=Lan dst-address-list=nice \
action=mark-connection new-connection-mark=conn-iix passthrough=yes \
comment=”” disabled=no
add chain=prerouting connection-mark=conn-iix action=mark-packet \
new-packet-mark=packet-iix passthrough=no comment=”” disabled=no
add chain=output connection-mark=conn-iix action=mark-packet \
new-packet-mark=packet-iix passthrough=no comment=”” disabled=no
add chain=prerouting action=mark-packet new-packet-mark=packet-intl \
passthrough=no comment=”” disabled=no
add chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no \
comment=”” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=dst-nat \
to-addresses=192.168.1.4 to-ports=8080 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=8080 action=dst-nat \
to-addresses=192.168.1.4 to-ports=3128 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=dst-nat \
to-addresses=192.168.1.4 to-ports=8080 comment=”” disabled=no
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=8080 comment=”” disabled=yes
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=3128 \
action=redirect to-ports=8080 comment=”” disabled=yes
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=8080 \
action=redirect to-ports=8080 comment=”” disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related \
connections” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Public action=accept comment=”Allow connection \
to router from local network” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
address-list=knock address-list-timeout=15s comment=”” disabled=no
add chain=input protocol=tcp dst-port=7331 src-address-list=knock \
action=add-src-to-address-list address-list=safe address-list-timeout=15m \
comment=”” disabled=no
add chain=input connection-state=established action=accept comment=”accept \
established connection packets” disabled=no
add chain=input connection-state=related action=accept comment=”accept related \
connection packets” disabled=no
add chain=input connection-state=invalid action=drop comment=”drop invalid \
packets” disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and \
drop port scan connections” disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tarpit comment=”suppress DoS attack” disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment=”detect DoS attack” disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to \
chain ICMP” disabled=no
add chain=input action=jump jump-target=services comment=”jump to chain \
services” disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow \
Broadcast Traffic” disabled=no
add chain=input action=log log-prefix=”Filter:” comment=”” disabled=no
add chain=input action=accept comment=”Allow access to router from known \
network” disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”” \
disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment=”” \
disabled=no
add chain=input action=drop comment=”drop everything else” disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment=”0:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment=”3:3 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment=”3:4 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment=”8:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment=”11:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp action=drop comment=”Drop everything else” \
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”Port \
scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping \
port scanners” disabled=no
add chain=forward connection-state=established action=accept comment=”allow \
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid \
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” \
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop \
Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor \
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop \
Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop \
Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop \
MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop \
SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, \
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus \
chain” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop Invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access \
to router from known network” disabled=no
add chain=input src-address=63.219.6.0/24 action=accept comment=”” disabled=no
add chain=input src-address=125.0.0.0/8 action=accept comment=”” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop \
comment=”drop invalid connections” disabled=no
add chain=forward connection-state=established action=accept comment=”allow \
already established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment=”” disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”” \
disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=”” \
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=”” \
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP” \
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC \
portmapper” disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC \
portmapper” disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT” \
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs” \
disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS” \
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny \
NetBus” disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus” \
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny \
BackOriffice” disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP” \
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP” \
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRC \
portmapper” disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRC \
portmapper” disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT” \
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS” \
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”deny \
BackOriffice” disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop \
invalid connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allow \
established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=”allow \
already established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow \
source quench” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow \
echo request” disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow \
time exceed” disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=”allow \
parameter bad” disabled=no
add chain=icmp action=drop comment=”deny all other types” disabled=no
add chain=virus protocol=tcp dst-port=25 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=25 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=forward connection-state=established action=accept comment=”allow \
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow \
related connections” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=forward connection-state=invalid action=drop comment=”drop invalid \
connections” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop \
Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor \
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop \
Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop \
Dumaru.Y, sebaiknya di didisable karena juga sering digunakan utk vpn atau \
webmin” disabled=yes
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop \
MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop \
SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, \
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus \
chain” disabled=no
add chain=input connection-state=established action=accept comment=”Accept \
established connections” disabled=no
add chain=input connection-state=related action=accept comment=”Accept related \
connections” disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow \
limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=”Drop excess pings” \
disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork \
action=accept comment=”FTP” disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork \
action=accept comment=”SSH for secure shell” disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork \
action=accept comment=”Telnet” disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork \
action=accept comment=”Web” disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork \
action=accept comment=”winbox” disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” \
disabled=no
add chain=input src-address-list=ournetwork action=accept comment=”From \
Datautama network” disabled=no
add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything \
else” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
/ ip firewall address-list
add list=ournetwork address=125.168.0.0/24 comment=”Modem Speedy” disabled=no
add list=ournetwork address=192.168.1.0/24 comment=”IP Radio” disabled=no
add list=ournetwork address=192.168.0.0/24 comment=”LAN Network” disabled=no
add list=nice address=125.162.0.0/16 comment=”” disabled=no
add list=nice address=125.163.0.0/16 comment=”” disabled=no
add list=nice address=152.118.0.0/16 comment=”” disabled=no
add list=nice address=125.160.0.0/16 comment=”” disabled=no
add list=nice address=125.161.0.0/16 comment=”” disabled=no
add list=nice address=125.164.0.0/16 comment=”” disabled=no
add list=nice address=222.124.0.0/16 comment=”” disabled=no
add list=nice address=61.94.0.0/16 comment=”” disabled=no
add list=nice address=167.205.0.0/16 comment=”” disabled=no
add list=nice address=141.103.0.0/16 comment=”” disabled=no
add list=nice address=202.158.0.0/17 comment=”” disabled=no
add list=nice address=61.5.0.0/17 comment=”” disabled=no
add list=nice address=210.210.128.0/18 comment=”” disabled=no
add list=nice address=125.208.128.0/18 comment=”” disabled=no
add list=nice address=203.130.192.0/18 comment=”” disabled=no
add list=nice address=221.132.192.0/18 comment=”” disabled=no
add list=nice address=202.152.0.0/18 comment=”” disabled=no
add list=nice address=121.52.64.0/19 comment=”” disabled=no
add list=nice address=202.173.64.0/19 comment=”” disabled=no
add list=nice address=202.171.0.0/19 comment=”” disabled=no
add list=nice address=202.47.192.0/19 comment=”” disabled=no
add list=nice address=202.136.64.0/19 comment=”” disabled=no
add list=nice address=202.169.32.0/19 comment=”” disabled=no
add list=nice address=202.51.192.0/19 comment=”” disabled=no
add list=nice address=202.149.128.0/19 comment=”” disabled=no
add list=nice address=202.147.224.0/19 comment=”” disabled=no
add list=nice address=202.146.224.0/19 comment=”” disabled=no
add list=nice address=202.159.64.0/19 comment=”” disabled=no
add list=nice address=124.195.0.0/19 comment=”” disabled=no
add list=nice address=61.247.32.0/19 comment=”” disabled=no
add list=nice address=124.81.0.0/19 comment=”” disabled=no
add list=nice address=124.81.32.0/19 comment=”” disabled=no
add list=nice address=124.81.64.0/19 comment=”” disabled=no
add list=nice address=124.81.96.0/19 comment=”” disabled=no
add list=nice address=202.10.32.0/19 comment=”” disabled=no
add list=nice address=202.57.0.0/19 comment=”” disabled=no
add list=nice address=202.77.96.0/19 comment=”” disabled=no
add list=nice address=202.81.32.0/19 comment=”” disabled=no
add list=nice address=202.137.0.0/19 comment=”” disabled=no
add list=nice address=202.138.224.0/19 comment=”” disabled=no
add list=nice address=202.148.0.0/19 comment=”” disabled=no
add list=nice address=202.150.64.0/19 comment=”” disabled=no
add list=nice address=202.153.128.0/19 comment=”” disabled=no
add list=nice address=202.154.0.0/19 comment=”” disabled=no
add list=nice address=202.154.32.0/19 comment=”” disabled=no
add list=nice address=202.155.0.0/19 comment=”” disabled=no
add list=nice address=202.155.32.0/19 comment=”” disabled=no
add list=nice address=202.155.64.0/19 comment=”” disabled=no
add list=nice address=202.155.96.0/19 comment=”” disabled=no
add list=nice address=202.155.128.0/19 comment=”” disabled=no
add list=nice address=202.159.0.0/19 comment=”” disabled=no
add list=nice address=202.159.32.0/19 comment=”” disabled=no
add list=nice address=202.162.192.0/19 comment=”” disabled=no
add list=nice address=203.128.64.0/19 comment=”” disabled=no
add list=nice address=203.153.96.0/19 comment=”” disabled=no
add list=nice address=219.83.0.0/19 comment=”” disabled=no
add list=nice address=219.83.32.0/19 comment=”” disabled=no
add list=nice address=219.83.64.0/19 comment=”” disabled=no
add list=nice address=60.253.112.0/20 comment=”” disabled=no
add list=nice address=61.8.64.0/20 comment=”” disabled=no
add list=nice address=116.68.160.0/20 comment=”” disabled=no
add list=nice address=122.200.0.0/20 comment=”” disabled=no
add list=nice address=124.81.128.0/20 comment=”” disabled=no
add list=nice address=124.81.176.0/20 comment=”” disabled=no
add list=nice address=124.81.208.0/20 comment=”” disabled=no
add list=nice address=124.81.224.0/20 comment=”” disabled=no
add list=nice address=202.3.208.0/20 comment=”” disabled=no
add list=nice address=202.6.208.0/20 comment=”” disabled=no
add list=nice address=202.6.224.0/20 comment=”” disabled=no
add list=nice address=202.43.176.0/20 comment=”” disabled=no
add list=nice address=202.46.64.0/20 comment=”” disabled=no
add list=nice address=202.46.144.0/20 comment=”” disabled=no
add list=nice address=202.47.64.0/20 comment=”” disabled=no
add list=nice address=202.51.96.0/20 comment=”” disabled=no
add list=nice address=202.58.160.0/20 comment=”” disabled=no
add list=nice address=202.59.160.0/20 comment=”” disabled=no
add list=nice address=202.62.16.0/20 comment=”” disabled=no
add list=nice address=202.65.112.0/20 comment=”” disabled=no
add list=nice address=202.67.32.0/20 comment=”” disabled=no
add list=nice address=202.69.96.0/20 comment=”” disabled=no
add list=nice address=202.72.208.0/20 comment=”” disabled=no
add list=nice address=202.73.112.0/20 comment=”” disabled=no
add list=nice address=202.73.224.0/20 comment=”” disabled=no
add list=nice address=202.77.64.0/20 comment=”” disabled=no
add list=nice address=202.80.112.0/20 comment=”” disabled=no
add list=nice address=202.80.208.0/20 comment=”” disabled=no
add list=nice address=202.87.176.0/20 comment=”” disabled=no
add list=nice address=202.93.16.0/20 comment=”” disabled=no
add list=nice address=202.93.32.0/20 comment=”” disabled=no
add list=nice address=202.93.128.0/20 comment=”” disabled=no
add list=nice address=202.93.224.0/20 comment=”” disabled=no
add list=nice address=202.123.224.0/20 comment=”” disabled=no
add list=nice address=202.127.96.0/20 comment=”” disabled=no
add list=nice address=202.133.80.0/20 comment=”” disabled=no
add list=nice address=202.143.32.0/20 comment=”” disabled=no
add list=nice address=202.143.96.0/20 comment=”” disabled=no
add list=nice address=202.145.0.0/20 comment=”” disabled=no
add list=nice address=202.147.192.0/20 comment=”” disabled=no
add list=nice address=202.150.32.0/20 comment=”” disabled=no
add list=nice address=202.152.160.0/20 comment=”” disabled=no
add list=nice address=202.152.192.0/20 comment=”” disabled=no
add list=nice address=202.152.224.0/20 comment=”” disabled=no
add list=nice address=202.153.240.0/20 comment=”” disabled=no
add list=nice address=202.159.112.0/20 comment=”” disabled=no
add list=nice address=202.165.32.0/20 comment=”” disabled=no
add list=nice address=202.182.48.0/20 comment=”” disabled=no
add list=nice address=203.77.224.0/20 comment=”” disabled=no
add list=nice address=203.78.112.0/20 comment=”” disabled=no
add list=nice address=203.83.32.0/20 comment=”” disabled=no
add list=nice address=203.89.16.0/20 comment=”” disabled=no
add list=nice address=203.123.224.0/20 comment=”” disabled=no
add list=nice address=203.142.64.0/20 comment=”” disabled=no
add list=nice address=203.161.16.0/20 comment=”” disabled=no
add list=nice address=203.166.192.0/20 comment=”” disabled=no
add list=nice address=210.57.208.0/20 comment=”” disabled=no
add list=nice address=219.83.96.0/20 comment=”” disabled=no
add list=nice address=220.157.96.0/20 comment=”” disabled=no
add list=nice address=58.65.240.0/21 comment=”” disabled=no
add list=nice address=60.253.96.0/21 comment=”” disabled=no
add list=nice address=61.247.24.0/21 comment=”” disabled=no
add list=nice address=116.0.0.0/21 comment=”” disabled=no
add list=nice address=116.12.40.0/21 comment=”” disabled=no
add list=nice address=116.50.24.0/21 comment=”” disabled=no
add list=nice address=116.66.200.0/21 comment=”” disabled=no
add list=nice address=116.197.128.0/21 comment=”” disabled=no
add list=nice address=122.128.16.0/21 comment=”” disabled=no
add list=nice address=122.129.192.0/21 comment=”” disabled=no
add list=nice address=122.144.0.0/21 comment=”” disabled=no
add list=nice address=122.200.48.0/21 comment=”” disabled=no
add list=nice address=124.66.160.0/21 comment=”” disabled=no
add list=nice address=124.81.168.0/21 comment=”” disabled=no
add list=nice address=124.81.240.0/21 comment=”” disabled=no
add list=nice address=124.158.128.0/21 comment=”” disabled=no
add list=nice address=202.43.160.0/21 comment=”” disabled=no
add list=nice address=202.43.248.0/21 comment=”” disabled=no
add list=nice address=202.46.24.0/21 comment=”” disabled=no
add list=nice address=202.46.80.0/21 comment=”” disabled=no
add list=nice address=202.51.232.0/21 comment=”” disabled=no
add list=nice address=202.52.8.0/21 comment=”” disabled=no
add list=nice address=202.53.232.0/21 comment=”” disabled=no
add list=nice address=202.53.248.0/21 comment=”” disabled=no
add list=nice address=202.58.64.0/21 comment=”” disabled=no
add list=nice address=202.58.176.0/21 comment=”” disabled=no
add list=nice address=202.62.8.0/21 comment=”” disabled=no
add list=nice address=202.67.8.0/21 comment=”” disabled=no
add list=nice address=202.72.192.0/21 comment=”” disabled=no
add list=nice address=202.73.104.0/21 comment=”” disabled=no
add list=nice address=202.74.72.0/21 comment=”” disabled=no
add list=nice address=202.75.16.0/21 comment=”” disabled=no
add list=nice address=202.75.104.0/21 comment=”” disabled=no
add list=nice address=202.87.248.0/21 comment=”” disabled=no
add list=nice address=202.89.208.0/21 comment=”” disabled=no
add list=nice address=202.95.128.0/21 comment=”” disabled=no
add list=nice address=202.95.152.0/21 comment=”” disabled=no
add list=nice address=202.129.184.0/21 comment=”” disabled=no
add list=nice address=202.133.0.0/21 comment=”” disabled=no
add list=nice address=202.134.0.0/21 comment=”” disabled=no
add list=nice address=202.149.80.0/21 comment=”” disabled=no
add list=nice address=202.150.224.0/21 comment=”” disabled=no
add list=nice address=202.150.240.0/21 comment=”” disabled=no
add list=nice address=202.153.224.0/21 comment=”” disabled=no
add list=nice address=202.159.96.0/21 comment=”” disabled=no
add list=nice address=202.162.32.0/21 comment=”” disabled=no
add list=nice address=202.169.224.0/21 comment=”” disabled=no
add list=nice address=202.180.48.0/21 comment=”” disabled=no
add list=nice address=202.182.160.0/21 comment=”” disabled=no
add list=nice address=203.80.8.0/21 comment=”” disabled=no
add list=nice address=203.84.152.0/21 comment=”” disabled=no
add list=nice address=203.123.240.0/21 comment=”” disabled=no
add list=nice address=203.134.232.0/21 comment=”” disabled=no
add list=nice address=203.135.176.0/21 comment=”” disabled=no
add list=nice address=203.142.80.0/21 comment=”” disabled=no
add list=nice address=203.153.24.0/21 comment=”” disabled=no
add list=nice address=203.174.8.0/21 comment=”” disabled=no
add list=nice address=203.176.176.0/21 comment=”” disabled=no
add list=nice address=203.190.48.0/21 comment=”” disabled=no
add list=nice address=203.190.112.0/21 comment=”” disabled=no
add list=nice address=203.190.184.0/21 comment=”” disabled=no
add list=nice address=203.190.240.0/21 comment=”” disabled=no
add list=nice address=203.201.160.0/21 comment=”” disabled=no
add list=nice address=210.211.16.0/21 comment=”” disabled=no
add list=nice address=219.83.112.0/21 comment=”” disabled=no
add list=nice address=222.229.80.0/21 comment=”” disabled=no
add list=nice address=32.234.172.0/22 comment=”” disabled=no
add list=nice address=58.147.184.0/22 comment=”” disabled=no
add list=nice address=60.253.104.0/22 comment=”” disabled=no
add list=nice address=61.247.20.0/22 comment=”” disabled=no
add list=nice address=116.90.208.0/22 comment=”” disabled=no
add list=nice address=116.199.200.0/22 comment=”” disabled=no
add list=nice address=121.50.128.0/22 comment=”” disabled=no
add list=nice address=121.52.52.0/22 comment=”” disabled=no
add list=nice address=124.81.248.0/22 comment=”” disabled=no
add list=nice address=202.2.92.0/22 comment=”” disabled=no
add list=nice address=202.46.0.0/22 comment=”” disabled=no
add list=nice address=202.46.88.0/22 comment=”” disabled=no
add list=nice address=202.51.16.0/22 comment=”” disabled=no
add list=nice address=202.51.28.0/22 comment=”” disabled=no
add list=nice address=202.51.224.0/22 comment=”” disabled=no
add list=nice address=202.51.252.0/22 comment=”” disabled=no
add list=nice address=202.53.224.0/22 comment=”” disabled=no
add list=nice address=202.53.244.0/22 comment=”” disabled=no
add list=nice address=202.55.164.0/22 comment=”” disabled=no
add list=nice address=202.55.168.0/22 comment=”” disabled=no
add list=nice address=202.58.76.0/22 comment=”” disabled=no
add list=nice address=202.59.200.0/22 comment=”” disabled=no
add list=nice address=202.65.236.0/22 comment=”” disabled=no
add list=nice address=202.70.60.0/22 comment=”” disabled=no
add list=nice address=202.72.200.0/22 comment=”” disabled=no
add list=nice address=202.73.100.0/22 comment=”” disabled=no
add list=nice address=202.75.96.0/22 comment=”” disabled=no
add list=nice address=202.75.112.0/22 comment=”” disabled=no
add list=nice address=202.78.196.0/22 comment=”” disabled=no
add list=nice address=202.81.4.0/22 comment=”” disabled=no
add list=nice address=202.93.112.0/22 comment=”” disabled=no
add list=nice address=202.93.240.0/22 comment=”” disabled=no
add list=nice address=202.95.136.0/22 comment=”” disabled=no
add list=nice address=202.95.148.0/22 comment=”” disabled=no
add list=nice address=202.122.12.0/22 comment=”” disabled=no
add list=nice address=202.122.172.0/22 comment=”” disabled=no
add list=nice address=202.146.0.0/22 comment=”” disabled=no
add list=nice address=202.146.128.0/22 comment=”” disabled=no
add list=nice address=202.149.64.0/22 comment=”” disabled=no
add list=nice address=202.149.72.0/22 comment=”” disabled=no
add list=nice address=202.149.88.0/22 comment=”” disabled=no
add list=nice address=202.150.128.0/22 comment=”” disabled=no
add list=nice address=202.150.232.0/22 comment=”” disabled=no
add list=nice address=202.150.248.0/22 comment=”” disabled=no
add list=nice address=202.153.236.0/22 comment=”” disabled=no
add list=nice address=202.154.184.0/22 comment=”” disabled=no
add list=nice address=202.162.40.0/22 comment=”” disabled=no
add list=nice address=202.169.232.0/22 comment=”” disabled=no
add list=nice address=202.173.16.0/22 comment=”” disabled=no
add list=nice address=202.183.0.0/22 comment=”” disabled=no
add list=nice address=203.77.208.0/22 comment=”” disabled=no
add list=nice address=203.81.184.0/22 comment=”” disabled=no
add list=nice address=203.99.96.0/22 comment=”” disabled=no
add list=nice address=203.123.248.0/22 comment=”” disabled=no
add list=nice address=203.190.40.0/22 comment=”” disabled=no
add list=nice address=203.191.40.0/22 comment=”” disabled=no
add list=nice address=203.201.172.0/22 comment=”” disabled=no
add list=nice address=219.83.120.0/22 comment=”” disabled=no
add list=nice address=32.234.170.0/23 comment=”” disabled=no
add list=nice address=58.145.170.0/23 comment=”” disabled=no
add list=nice address=58.145.174.0/23 comment=”” disabled=no
add list=nice address=60.253.108.0/23 comment=”” disabled=no
add list=nice address=116.90.212.0/23 comment=”” disabled=no
add list=nice address=116.199.206.0/23 comment=”” disabled=no
add list=nice address=121.52.48.0/23 comment=”” disabled=no
add list=nice address=121.52.58.0/23 comment=”” disabled=no
add list=nice address=122.102.48.0/23 comment=”” disabled=no
add list=nice address=122.200.144.0/23 comment=”” disabled=no
add list=nice address=124.195.54.0/23 comment=”” disabled=no
add list=nice address=194.146.106.0/23 comment=”” disabled=no
add list=nice address=202.20.106.0/23 comment=”” disabled=no
add list=nice address=202.43.168.0/23 comment=”” disabled=no
add list=nice address=202.46.4.0/23 comment=”” disabled=no
add list=nice address=202.46.8.0/23 comment=”” disabled=no
add list=nice address=202.46.14.0/23 comment=”” disabled=no
add list=nice address=202.46.92.0/23 comment=”” disabled=no
add list=nice address=202.46.130.0/23 comment=”” disabled=no
add list=nice address=202.46.240.0/23 comment=”” disabled=no
add list=nice address=202.46.252.0/23 comment=”” disabled=no
add list=nice address=202.51.228.0/23 comment=”” disabled=no
add list=nice address=202.53.230.0/23 comment=”” disabled=no
add list=nice address=202.53.240.0/23 comment=”” disabled=no
add list=nice address=202.55.162.0/23 comment=”” disabled=no
add list=nice address=202.58.72.0/23 comment=”” disabled=no
add list=nice address=202.58.196.0/23 comment=”” disabled=no
add list=nice address=202.59.196.0/23 comment=”” disabled=no
add list=nice address=202.70.52.0/23 comment=”” disabled=no
add list=nice address=202.75.26.0/23 comment=”” disabled=no
add list=nice address=202.75.30.0/23 comment=”” disabled=no
add list=nice address=202.78.192.0/23 comment=”” disabled=no
add list=nice address=202.78.200.0/23 comment=”” disabled=no
add list=nice address=202.78.204.0/23 comment=”” disabled=no
add list=nice address=202.87.242.0/23 comment=”” disabled=no
add list=nice address=202.89.216.0/23 comment=”” disabled=no
add list=nice address=202.89.222.0/23 comment=”” disabled=no
add list=nice address=202.91.8.0/23 comment=”” disabled=no
add list=nice address=202.91.12.0/23 comment=”” disabled=no
add list=nice address=202.93.116.0/23 comment=”” disabled=no
add list=nice address=202.93.246.0/23 comment=”” disabled=no
add list=nice address=202.95.140.0/23 comment=”” disabled=no
add list=nice address=202.95.144.0/23 comment=”” disabled=no
add list=nice address=202.122.8.0/23 comment=”” disabled=no
add list=nice address=202.122.160.0/23 comment=”” disabled=no
add list=nice address=202.135.6.0/23 comment=”” disabled=no
add list=nice address=202.135.134.0/23 comment=”” disabled=no
add list=nice address=202.146.176.0/23 comment=”” disabled=no
add list=nice address=202.149.68.0/23 comment=”” disabled=no
add list=nice address=202.149.78.0/23 comment=”” disabled=no
add list=nice address=202.149.92.0/23 comment=”” disabled=no
add list=nice address=202.150.132.0/23 comment=”” disabled=no
add list=nice address=202.152.240.0/23 comment=”” disabled=no
add list=nice address=202.152.250.0/23 comment=”” disabled=no
add list=nice address=202.152.254.0/23 comment=”” disabled=no
add list=nice address=202.153.232.0/23 comment=”” disabled=no
add list=nice address=202.154.176.0/23 comment=”” disabled=no
add list=nice address=202.158.140.0/23 comment=”” disabled=no
add list=nice address=202.162.46.0/23 comment=”” disabled=no
add list=nice address=202.169.236.0/23 comment=”” disabled=no
add list=nice address=202.179.184.0/23 comment=”” disabled=no
add list=nice address=202.182.168.0/23 comment=”” disabled=no
add list=nice address=202.182.190.0/23 comment=”” disabled=no
add list=nice address=202.191.2.0/23 comment=”” disabled=no
add list=nice address=203.77.214.0/23 comment=”” disabled=no
add list=nice address=203.77.220.0/23 comment=”” disabled=no
add list=nice address=203.77.246.0/23 comment=”” disabled=no
add list=nice address=203.77.248.0/23 comment=”” disabled=no
add list=nice address=203.81.190.0/23 comment=”” disabled=no
add list=nice address=203.123.252.0/23 comment=”” disabled=no
add list=nice address=203.160.56.0/23 comment=”” disabled=no
add list=nice address=203.190.44.0/23 comment=”” disabled=no
add list=nice address=203.194.70.0/23 comment=”” disabled=no
add list=nice address=204.61.210.0/23 comment=”” disabled=no
add list=nice address=204.61.212.0/23 comment=”” disabled=no
add list=nice address=204.61.216.0/23 comment=”” disabled=no
add list=nice address=210.23.78.0/23 comment=”” disabled=no
add list=nice address=58.145.168.0/24 comment=”” disabled=no
add list=nice address=58.145.173.0/24 comment=”” disabled=no
add list=nice address=58.147.188.0/24 comment=”” disabled=no
add list=nice address=60.253.110.0/24 comment=”” disabled=no
add list=nice address=64.110.188.0/24 comment=”” disabled=no
add list=nice address=87.237.160.0/24 comment=”” disabled=no
add list=nice address=116.68.248.0/24 comment=”” disabled=no
add list=nice address=116.90.214.0/24 comment=”” disabled=no
add list=nice address=116.199.204.0/24 comment=”” disabled=no
add list=nice address=121.50.135.0/24 comment=”” disabled=no
add list=nice address=121.50.136.0/24 comment=”” disabled=no
add list=nice address=121.50.138.0/24 comment=”” disabled=no
add list=nice address=121.52.25.0/24 comment=”” disabled=no
add list=nice address=121.52.42.0/24 comment=”” disabled=no
add list=nice address=121.52.51.0/24 comment=”” disabled=no
add list=nice address=121.100.20.0/24 comment=”” disabled=no
add list=nice address=122.102.50.0/24 comment=”” disabled=no
add list=nice address=122.102.52.0/24 comment=”” disabled=no
add list=nice address=122.200.146.0/24 comment=”” disabled=no
add list=nice address=122.201.39.0/24 comment=”” disabled=no
add list=nice address=124.81.162.0/24 comment=”” disabled=no
add list=nice address=124.81.252.0/24 comment=”” disabled=no
add list=nice address=152.158.247.0/24 comment=”” disabled=no
add list=nice address=192.5.5.0/24 comment=”” disabled=no
add list=nice address=192.23.186.0/24 comment=”” disabled=no
add list=nice address=192.36.148.0/24 comment=”” disabled=no
add list=nice address=194.146.108.0/24 comment=”” disabled=no
add list=nice address=202.14.255.0/24 comment=”” disabled=no
add list=nice address=202.22.31.0/24 comment=”” disabled=no
add list=nice address=202.43.170.0/24 comment=”” disabled=no
add list=nice address=202.43.173.0/24 comment=”” disabled=no
add list=nice address=202.43.175.0/24 comment=”” disabled=no
add list=nice address=202.46.11.0/24 comment=”” disabled=no
add list=nice address=202.46.94.0/24 comment=”” disabled=no
add list=nice address=202.46.129.0/24 comment=”” disabled=no
add list=nice address=202.51.120.0/24 comment=”” disabled=no
add list=nice address=202.51.122.0/24 comment=”” disabled=no
add list=nice address=202.51.126.0/24 comment=”” disabled=no
add list=nice address=202.51.231.0/24 comment=”” disabled=no
add list=nice address=202.55.160.0/24 comment=”” disabled=no
add list=nice address=202.55.172.0/24 comment=”” disabled=no
add list=nice address=202.58.75.0/24 comment=”” disabled=no
add list=nice address=202.58.203.0/24 comment=”” disabled=no
add list=nice address=202.59.192.0/24 comment=”” disabled=no
add list=nice address=202.59.198.0/24 comment=”” disabled=no
add list=nice address=202.59.206.0/24 comment=”” disabled=no
add list=nice address=202.65.227.0/24 comment=”” disabled=no
add list=nice address=202.65.228.0/24 comment=”” disabled=no
add list=nice address=202.65.230.0/24 comment=”” disabled=no
add list=nice address=202.72.206.0/24 comment=”” disabled=no
add list=nice address=202.75.25.0/24 comment=”” disabled=no
add list=nice address=202.75.29.0/24 comment=”” disabled=no
add list=nice address=202.78.195.0/24 comment=”” disabled=no
add list=nice address=202.78.203.0/24 comment=”” disabled=no
add list=nice address=202.78.206.0/24 comment=”” disabled=no
add list=nice address=202.87.240.0/24 comment=”” disabled=no
add list=nice address=202.87.245.0/24 comment=”” disabled=no
add list=nice address=202.87.247.0/24 comment=”” disabled=no
add list=nice address=202.91.11.0/24 comment=”” disabled=no
add list=nice address=202.91.15.0/24 comment=”” disabled=no
add list=nice address=202.92.192.0/24 comment=”” disabled=no
add list=nice address=202.92.200.0/24 comment=”” disabled=no
add list=nice address=202.92.207.0/24 comment=”” disabled=no
add list=nice address=202.93.245.0/24 comment=”” disabled=no
add list=nice address=202.95.143.0/24 comment=”” disabled=no
add list=nice address=202.95.147.0/24 comment=”” disabled=no
add list=nice address=202.122.10.0/24 comment=”” disabled=no
add list=nice address=202.122.162.0/24 comment=”” disabled=no
add list=nice address=202.122.170.0/24 comment=”” disabled=no
add list=nice address=202.135.5.0/24 comment=”” disabled=no
add list=nice address=202.135.23.0/24 comment=”” disabled=no
add list=nice address=202.135.28.0/24 comment=”” disabled=no
add list=nice address=202.135.42.0/24 comment=”” disabled=no
add list=nice address=202.135.54.0/24 comment=”” disabled=no
add list=nice address=202.135.129.0/24 comment=”” disabled=no
add list=nice address=202.135.133.0/24 comment=”” disabled=no
add list=nice address=202.135.145.0/24 comment=”” disabled=no
add list=nice address=202.135.155.0/24 comment=”” disabled=no
add list=nice address=202.135.161.0/24 comment=”” disabled=no
add list=nice address=202.135.226.0/24 comment=”” disabled=no
add list=nice address=202.135.248.0/24 comment=”” disabled=no
add list=nice address=202.146.5.0/24 comment=”” disabled=no
add list=nice address=202.146.34.0/24 comment=”” disabled=no
add list=nice address=202.146.133.0/24 comment=”” disabled=no
add list=nice address=202.146.178.0/24 comment=”” disabled=no
add list=nice address=202.146.180.0/24 comment=”” disabled=no
add list=nice address=202.146.183.0/24 comment=”” disabled=no
add list=nice address=202.149.77.0/24 comment=”” disabled=no
add list=nice address=202.150.134.0/24 comment=”” disabled=no
add list=nice address=202.150.160.0/24 comment=”” disabled=no
add list=nice address=202.150.252.0/24 comment=”” disabled=no
add list=nice address=202.152.243.0/24 comment=”” disabled=no
add list=nice address=202.152.244.0/24 comment=”” disabled=no
add list=nice address=202.152.248.0/24 comment=”” disabled=no
add list=nice address=202.152.252.0/24 comment=”” disabled=no
add list=nice address=202.154.183.0/24 comment=”” disabled=no
add list=nice address=202.158.128.0/24 comment=”” disabled=no
add list=nice address=202.158.136.0/24 comment=”” disabled=no
add list=nice address=202.158.143.0/24 comment=”” disabled=no
add list=nice address=202.160.254.0/24 comment=”” disabled=no
add list=nice address=202.162.44.0/24 comment=”” disabled=no
add list=nice address=202.164.219.0/24 comment=”” disabled=no
add list=nice address=202.167.97.0/24 comment=”” disabled=no
add list=nice address=202.173.20.0/24 comment=”” disabled=no
add list=nice address=202.173.23.0/24 comment=”” disabled=no
add list=nice address=202.182.182.0/24 comment=”” disabled=no
add list=nice address=202.182.187.0/24 comment=”” disabled=no
add list=nice address=202.182.189.0/24 comment=”” disabled=no
add list=nice address=203.77.212.0/24 comment=”” disabled=no
add list=nice address=203.77.216.0/24 comment=”” disabled=no
add list=nice address=203.77.223.0/24 comment=”” disabled=no
add list=nice address=203.77.250.0/24 comment=”” disabled=no
add list=nice address=203.77.255.0/24 comment=”” disabled=no
add list=nice address=203.99.100.0/24 comment=”” disabled=no
add list=nice address=203.99.103.0/24 comment=”” disabled=no
add list=nice address=203.99.119.0/24 comment=”” disabled=no
add list=nice address=203.99.120.0/24 comment=”” disabled=no
add list=nice address=203.99.127.0/24 comment=”” disabled=no
add list=nice address=203.119.13.0/24 comment=”” disabled=no
add list=nice address=203.119.17.0/24 comment=”” disabled=no
add list=nice address=203.119.41.0/24 comment=”” disabled=no
add list=nice address=203.119.48.0/24 comment=”” disabled=no
add list=nice address=203.119.54.0/24 comment=”” disabled=no
add list=nice address=203.123.254.0/24 comment=”” disabled=no
add list=nice address=203.160.58.0/24 comment=”” disabled=no
add list=nice address=203.160.60.0/24 comment=”” disabled=no
add list=nice address=203.163.66.0/24 comment=”” disabled=no
add list=nice address=203.163.76.0/24 comment=”” disabled=no
add list=nice address=203.163.81.0/24 comment=”” disabled=no
add list=nice address=203.163.88.0/24 comment=”” disabled=no
add list=nice address=203.163.95.0/24 comment=”” disabled=no
add list=nice address=203.163.113.0/24 comment=”” disabled=no
add list=nice address=203.173.89.0/24 comment=”” disabled=no
add list=nice address=203.173.90.0/24 comment=”” disabled=no
add list=nice address=203.190.46.0/24 comment=”” disabled=no
add list=nice address=203.191.44.0/24 comment=”” disabled=no
add list=nice address=203.191.46.0/24 comment=”” disabled=no
add list=nice address=203.194.90.0/24 comment=”” disabled=no
add list=nice address=203.201.168.0/24 comment=”” disabled=no
add list=nice address=210.23.64.0/24 comment=”” disabled=no
add list=nice address=210.23.66.0/24 comment=”” disabled=no
add list=nice address=210.23.69.0/24 comment=”” disabled=no
add list=nice address=210.23.77.0/24 comment=”” disabled=no
add list=nice address=220.247.168.0/24 comment=”” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” \
html-directory=hotspot rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=no
/ ip dhcp-server
add name=”dhcp1″ interface=Lan lease-time=3d address-pool=dhcp_pool1 \
bootp-support=static add-arp=yes authoritative=after-2sec-delay \
disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.1 mac-address=00:13:D3:E4:FA:52 \
client-id=”1:0:13:d3:e4:fa:52″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.2 mac-address=00:13:D3:FD:36:98 \
client-id=”1:0:13:d3:fd:36:98″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.3 mac-address=00:13:D3:E4:FA:9D \
client-id=”1:0:13:d3:e4:fa:9d” server=dhcp1 comment=”” disabled=no
add address=192.168.0.4 mac-address=00:13:D3:FD:02:7E \
client-id=”1:0:13:d3:fd:2:7e” server=dhcp1 comment=”” disabled=no
add address=192.168.0.5 mac-address=00:13:D3:E4:FA:30 \
client-id=”1:0:13:d3:e4:fa:30″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.6 mac-address=00:13:D3:FD:36:61 \
client-id=”1:0:13:d3:fd:36:61″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.11 mac-address=00:18:F3:43:D4:66 \
client-id=”1:0:18:f3:43:d4:66″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.10 mac-address=00:13:D3:FD:37:BA \
client-id=”1:0:13:d3:fd:37:ba” server=dhcp1 comment=”” disabled=no
add address=192.168.0.9 mac-address=00:13:D3:C9:E7:C1 \
client-id=”1:0:13:d3:c9:e7:c1″ server=dhcp1 comment=”” disabled=no
add address=192.168.0.8 mac-address=00:13:D3:FD:36:6A \
client-id=”1:0:13:d3:fd:36:6a” server=dhcp1 comment=”” disabled=no
add address=192.168.0.7 mac-address=00:13:D3:E4:FA:2A \
client-id=”1:0:13:d3:e4:fa:2a” server=dhcp1 comment=”” disabled=no
add address=192.168.0.13 mac-address=00:10:5A:5C:D3:39 \
client-id=”1:0:10:5a:5c:d3:39″ server=dhcp1 comment=”” disabled=no
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.254 \
dns-server=192.168.0.254,202.134.0.155,203.130.193.74 comment=””
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=8080 hostname=”proxy” \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system \
max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add action=allow comment=”” disabled=yes
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” \
disabled=yes
/ ip web-proxy direct
add action=allow comment=”” disabled=yes
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=memory disabled=no
add topics=critical prefix=”” action=echo disabled=no
add topics=watchdog prefix=”” action=disk disabled=no
add topics=web-proxy prefix=”” action=disk disabled=no
add topics=debug prefix=”” action=disk disabled=no
add topics=firewall prefix=”” action=disk disabled=no
add topics=route prefix=”” action=disk disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
check-interval=1d user=””
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 \
00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes \
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”Oasis.war.net.id”
/ system note
set show-at-login=yes note=”Using nice.rsc from http://www.mikrotik.co.id, 9 June \
2007 05:20:11 WIB, 462 lines.”
/ system gps
set enabled=no set-system-time=yes
/ system lcd
set enabled=no type=24×4 port=parallel contrast=0
/ system lcd page
set time display-time=5s disabled=yes
set resources display-time=5s disabled=yes
set uptime display-time=5s disabled=yes
set packets display-time=5s disabled=yes
set bits display-time=5s disabled=yes
set version display-time=5s disabled=yes
set Public display-time=5s disabled=yes
set Lan display-time=5s disabled=yes
set Proxy display-time=5s disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard bios
set
/ system health
set state-after-reboot=enabled
/ port
set serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
flow-control=hardware
set serial1 name=”serial1″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 \
flow-control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default \
use-encryption=default only-one=default change-tcp-mss=yes comment=””
set default-encryption name=”default-encryption” use-compression=default \
use-vj-compression=default use-encryption=yes only-one=default \
change-tcp-mss=yes comment=””
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address \
pcq-total-limit=2000
add name=”Download” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”HTTP” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=http direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”DNS” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=dns direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=yes
add name=”YMessenger” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=ym direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”CounterStrike” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=cs direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”IRC” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=irc direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”Mikrotik” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mt direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”Email” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=email direction=both priority=1 \
queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
add name=”Oasis” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 \
interface=Lan parent=none direction=both priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/384000 \
max-limit=0/384000 total-queue=default disabled=no
add name=”1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/64000 total-queue=default disabled=no
add name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/128000 \
max-limit=0/128000 total-queue=default disabled=no
add name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/82000 total-queue=default disabled=no
add name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/82000 total-queue=default disabled=no
add name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Oasis packet-marks=test-down direction=both \
priority=8 queue=ethernet-default/ethernet-default limit-at=0/10000 \
max-limit=0/82000 total-queue=default disabled=no
add name=”LinkIIX” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=packet-iix direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 \
total-queue=default disabled=no
add name=”Link Internasional” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=packet-intl direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 \
total-queue=default disabled=no
add name=”iix” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=packet-iix direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/256000 total-queue=default-small disabled=no
add name=”intl” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=packet-intl direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32000/128000 total-queue=default-small disabled=no
/ queue tree
add name=”upstream” parent=global-out packet-mark=test-up limit-at=384000 \
queue=default priority=8 max-limit=384000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”downstream” parent=Lan packet-mark=test-down limit-at=384000 \
queue=Download priority=8 max-limit=384000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user” \
disabled=no
/ user group
add name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\
tp,!write,!policy
add name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,!ftp,!policy
add name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=yes port=1700
/ driver
/ snmp
set enabled=yes contact=”admin” location=”admin”
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10 \
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes \
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes \
allow-target=yes disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no \
redistribute-static=no redistribute-rip=no redistribute-bgp=no \
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate \
authentication=none prefix-list-import=”” prefix-list-export=”” \
disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no \
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no \
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 \
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

One Comment

  1. kheisya
    Posted September 3, 2008 at 7:53 am | Permalink

    siip lah tut-nya…….angkat jempol2 buat yang nulis……


Tulis sebuah Komentar

You must be logged in to post a comment.
%d blogger menyukai ini: