sukriborneo

auto_switch_dns-trust_-_dns-sehat_-_dns-open

Oct 31st, 2017
109
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
  1. #AUTO SWITCH DNS-TRUST / DNS-SEHAT / DNS-OPEN
  2. #COPY DAN PASTE KE TERMINAL WINBOX
  3.  
  4. /ip fi add rem [find list=ip-maksiat]
  5. /ip fi add rem [find list=private-lokal]
  6. /ip fi na rem [find comment~"dns"]
  7. /ip fi na rem [find comment="blokir-ip-maksiat"]
  8. /ip fi fi rem [find dst-port="53,5353"]
  9. /sys sch rem auto-switch-dns
  10.  
  11. /ip firewall address-list
  12. add address=10.0.0.0/8 list=private-lokal
  13. add address=172.16.0.0/12 list=private-lokal
  14. add address=192.168.0.0/16 list=private-lokal
  15.  
  16. /ip firewall filter
  17. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
  18. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
  19. add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
  20. add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
  21.  
  22. /ip dns
  23. set allow-remote-requests=yes servers=103.80.80.243,103.80.80.244
  24.  
  25. add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
  26. add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
  27. add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
  28. add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
  29. /ip firewall nat
  30. add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
  31. add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
  32. add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
  33. add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
  34. add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
  35. add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
  36. add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
  37. add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
  38.  
  39. /tool netwatch
  40. add comment=dns-sehat1 down-script="/ip firewall nat disable [find comment=\"dns-sehat1\"]" host=103.80.80.248 interval=10s up-script=\
  41. "/ip firewall nat enable [find comment=\"dns-sehat1\"]"
  42. add comment=dns-sehat2 down-script="/ip firewall nat disable [find comment=\"dns-sehat2\"]" host=103.80.80.249 interval=10s up-script=\
  43. "/ip firewall nat enable [find comment=\"dns-sehat2\"]"
  44. add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust1\"]" host=103.80.80.243 interval=10s up-script=\
  45. "/ip firewall nat enable [find comment=\"dns-trust1\"]"
  46. add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust2\"]" host=103.80.80.244 interval=10s up-script=\
  47. "/ip firewall nat enable [find comment=\"dns-trust2\"]"
  48. add comment=dns-open1 down-script="/ip firewall nat disable [find comment=\"dns-open1\"]" host=208.67.220.220 interval=10s up-script=\
  49. "/ip firewall nat enable [find comment=\"dns-open1\"]"
  50. add comment=dns-open2 down-script="/ip firewall nat disable [find comment=\"dns-open2\"]" host=208.67.222.222 interval=10s up-script=\
  51. "/ip firewall nat enable [find comment=\"dns-open2\"]"
  52.  
  53. {
  54. /tool fetch url="https://raw.githubusercontent.com/cespun/ip-maksiat/master/.gitignore/list%3Dip-maksiat" mode=http
  55. /import file=list%3Dip-maksiat
  56. /file remove list%3Dip-maksiat
  57. }
Add Comment
Please, Sign In to add comment