Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #AUTO SWITCH DNS-TRUST / DNS-SEHAT / DNS-OPEN
- #COPY DAN PASTE KE TERMINAL WINBOX
- /ip firewall address-list
- add address=10.0.0.0/8 list=private-lokal
- add address=172.16.0.0/12 list=private-lokal
- add address=192.168.0.0/16 list=private-lokal
- /ip firewall filter
- add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
- add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
- add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
- add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
- /ip dns
- set allow-remote-requests=no servers=208.67.222.222,208.67.220.220
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=dns-trust src-address-list=private-lokal disabled=no dst-port=53,5353 nth=4,1 protocol=tcp to-addresses=103.80.80.243 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-trust src-address-list=private-lokal disabled=no dst-port=53,5353 nth=2,1 protocol=tcp to-addresses=103.80.80.244 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-trust src-address-list=private-lokal disabled=no dst-port=53,5353 nth=3,1 protocol=udp to-addresses=103.80.80.243 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-trust src-address-list=private-lokal disabled=no dst-port=53,5353 nth=1,1 protocol=udp to-addresses=103.80.80.244 to-ports=5353
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=dns-sehat src-address-list=private-lokal disabled=no dst-port=53,5353 nth=4,1 protocol=tcp to-addresses=103.80.80.248 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-sehat src-address-list=private-lokal disabled=no dst-port=53,5353 nth=2,1 protocol=tcp to-addresses=103.80.80.249 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-sehat src-address-list=private-lokal disabled=no dst-port=53,5353 nth=3,1 protocol=udp to-addresses=103.80.80.248 to-ports=5353
- add action=dst-nat chain=dstnat comment=dns-sehat src-address-list=private-lokal disabled=no dst-port=53,5353 nth=1,1 protocol=udp to-addresses=103.80.80.249 to-ports=5353
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=no dst-port=53,5353 nth=4,1 protocol=tcp to-addresses=208.67.222.222 to-ports=53
- add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=no dst-port=53,5353 nth=2,1 protocol=tcp to-addresses=208.67.220.220 to-ports=53
- add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=no dst-port=53,5353 nth=3,1 protocol=udp to-addresses=208.67.222.222 to-ports=53
- add action=dst-nat chain=dstnat comment=dns-open src-address-list=private-lokal disabled=no dst-port=53,5353 nth=1,1 protocol=udp to-addresses=208.67.220.220 to-ports=53
- /system scheduler
- add interval=10s name=auto-switch-dns on-event="#cek dns-sehat\r\
- \n:if (([/ping address=103.80.80.248 count=1] > 0) && ([/ping address=103.80.80.249 count=1] > 0)) do={/ip firewall nat enable [find comment=\"dns-sehat\" disabled=y\
- es]};\r\
- \n:if (([/ping address=103.80.80.248 count=1] = 0) || ([/ping address=103.80.80.249 count=1] = 0)) do={/ip firewall nat disable [find comment=\"dns-sehat\" disabled=\
- no]};\r\
- \n\r\
- \n#cek dns-trust\r\
- \n:if (([/ping address=103.80.80.243 count=1] > 0) && ([/ping address=103.80.80.244 count=1] > 0)) do={/ip firewall nat enable [find comment=\"dns-trust\" disabled=y\
- es]};\r\
- \n:if (([/ping address=103.80.80.243 count=1] = 0) || ([/ping address=103.80.80.244 count=1] = 0)) do={/ip firewall nat disable [find comment=\"dns-trust\" disabled=\
- no]};\r\
- \n\r\
- \n#cek dns-open\r\
- \n:if (([/ping address=208.67.222.222 count=1] > 0) && ([/ping address=208.67.220.220 count=1] > 0)) do={/ip firewall nat enable [find comment=\"dns-open\" disabled=\
- yes]};\r\
- \n:if (([/ping address=208.67.222.222 count=1] = 0) || ([/ping address=208.67.220.220 count=1] = 0)) do={/ip firewall nat disable [find comment=\"dns-open\" disabled\
- =no]};"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
