SHOW:
|
|
- or go back to the newest paste.
| 1 | #1 wan (sumber internet) = ehter1 = indihome 10mbps | |
| 2 | ||
| 3 | /ip firewall address-list | |
| 4 | add list="private-lokal" address=0.0.0.0/8 | |
| 5 | add list="private-lokal" address=10.0.0.0/8 | |
| 6 | add list="private-lokal" address=100.64.0.0/10 | |
| 7 | add list="private-lokal" address=127.0.0.0/8 | |
| 8 | add list="private-lokal" address=169.254.0.0/16 | |
| 9 | add list="private-lokal" address=172.16.0.0/12 | |
| 10 | add list="private-lokal" address=192.0.0.0/24 | |
| 11 | add list="private-lokal" address=192.0.2.0/24 | |
| 12 | add list="private-lokal" address=192.168.0.0/16 | |
| 13 | add list="private-lokal" address=198.18.0.0/15 | |
| 14 | add list="private-lokal" address=198.51.100.0/24 | |
| 15 | add list="private-lokal" address=203.0.113.0/24 | |
| 16 | add list="private-lokal" address=224.0.0.0/3 | |
| 17 | ||
| 18 | #ip firewall mangle | |
| 19 | /ip firewall mangle | |
| 20 | add action=mark-connection chain=input comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=no \ | |
| 21 | src-address-list=private-lokal | |
| 22 | add action=accept chain=input comment=private-lokal connection-mark=private-lokal | |
| 23 | add action=mark-connection chain=prerouting comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=no \ | |
| 24 | src-address-list=private-lokal | |
| 25 | add action=accept chain=prerouting comment=private-lokal connection-mark=private-lokal | |
| 26 | add action=mark-connection chain=forward comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=no \ | |
| 27 | src-address-list=private-lokal | |
| 28 | add action=accept chain=forward comment=private-lokal connection-mark=private-lokal | |
| 29 | add action=mark-connection chain=postrouting comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=no \ | |
| 30 | src-address-list=private-lokal | |
| 31 | add action=accept chain=postrouting comment=private-lokal connection-mark=private-lokal | |
| 32 | add action=mark-connection chain=output comment=private-lokal dst-address-list=private-lokal new-connection-mark=private-lokal passthrough=no \ | |
| 33 | src-address-list=private-lokal | |
| 34 | add action=accept chain=output comment=private-lokal connection-mark=private-lokal | |
| 35 | add action=mark-connection chain=prerouting comment=vip new-connection-mark=vip passthrough=no protocol=icmp | |
| 36 | add action=mark-connection chain=prerouting comment=vip new-connection-mark=vip passthrough=no port=53,5353,123,8291,1194 protocol=tcp | |
| 37 | add action=mark-connection chain=prerouting comment=vip new-connection-mark=vip passthrough=no port=53,5353,123,8291,1194 protocol=udp | |
| 38 | add action=accept chain=prerouting comment=vip connection-mark=vip | |
| 39 | add action=mark-packet chain=forward comment=vip-down connection-mark=vip in-interface=ether1 new-packet-mark=vip-down passthrough=no | |
| 40 | add action=mark-packet chain=forward comment=vip-up connection-mark=vip new-packet-mark=vip-up out-interface=ether1 passthrough=no | |
| 41 | add action=mark-connection chain=prerouting comment=jump1 connection-rate=0-384k dst-address-list=!private-lokal dst-port=\ | |
| 42 | !21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 layer7-protocol=!torrent new-connection-mark=jump1 passthrough=yes protocol=tcp \ | |
| 43 | src-address-list=private-lokal | |
| 44 | add action=mark-connection chain=prerouting comment=jump1 connection-rate=0-384k dst-address-list=!private-lokal dst-port=\ | |
| 45 | !21,22,23,80,81,88,5050,843,443,182,282,8777,1935,8000-8081 layer7-protocol=!torrent new-connection-mark=jump2 passthrough=yes protocol=udp \ | |
| 46 | src-address-list=private-lokal | |
| 47 | add action=mark-connection chain=prerouting comment=games connection-mark=jump1 connection-rate=0-384k dst-address-list=!private-lokal dst-port=\ | |
| 48 | !53,5353,5938,8291,12671-12675,123 layer7-protocol=!torrent new-connection-mark=games passthrough=no protocol=tcp src-address-list=private-lokal | |
| 49 | add action=mark-connection chain=prerouting comment=games connection-mark=jump2 connection-rate=0-384k dst-address-list=!private-lokal dst-port=\ | |
| 50 | !53,5353,5938,8291,12671-12675,123 layer7-protocol=!torrent new-connection-mark=games passthrough=no protocol=udp src-address-list=private-lokal | |
| 51 | add action=accept chain=prerouting comment=games-ip connection-mark=games | |
| 52 | add action=add-dst-to-address-list address-list=games address-list-timeout=0s chain=forward comment=games-ip connection-mark=games dst-address-list=\ | |
| 53 | !private-lokal src-address-list=private-lokal | |
| 54 | add action=mark-packet chain=forward comment=games-down connection-mark=games in-interface=ether1 new-packet-mark=games-down passthrough=no | |
| 55 | add action=mark-packet chain=forward comment=games-up connection-mark=games new-packet-mark=games-up out-interface=ether1 passthrough=no | |
| 56 | add action=mark-connection chain=prerouting comment=googlevideo content=googlevideo.com dst-address-list=!private-lokal new-connection-mark=googlevideo \ | |
| 57 | passthrough=no src-address-list=private-lokal | |
| 58 | add action=accept chain=prerouting comment=googlevideo connection-mark=googlevideo | |
| 59 | add action=mark-packet chain=forward comment=googlevideo-down connection-mark=googlevideo in-interface=ether1 new-packet-mark=googlevideo-down passthrough=no | |
| 60 | add action=mark-packet chain=forward comment=googlevideo-up connection-mark=googlevideo new-packet-mark=googlevideo-up out-interface=ether1 passthrough=no | |
| 61 | add action=mark-connection chain=prerouting comment=high connection-bytes=100000001-0 dst-address-list=!private-lokal new-connection-mark=high passthrough=no \ | |
| 62 | src-address-list=private-lokal | |
| 63 | add action=accept chain=prerouting comment=high connection-mark=high | |
| 64 | add action=mark-packet chain=forward comment=high-down connection-mark=high in-interface=ether1 new-packet-mark=high-down passthrough=no | |
| 65 | add action=mark-packet chain=forward comment=high-up connection-mark=high new-packet-mark=high-up out-interface=ether1 passthrough=no | |
| 66 | add action=mark-connection chain=prerouting comment=midle connection-bytes=10000001-100000000 dst-address-list=!private-lokal new-connection-mark=midle \ | |
| 67 | passthrough=no src-address-list=private-lokal | |
| 68 | add action=accept chain=prerouting comment=midle connection-mark=midle | |
| 69 | add action=mark-packet chain=forward comment=midle-down connection-mark=midle in-interface=ether1 new-packet-mark=midle-down passthrough=no | |
| 70 | add action=mark-packet chain=forward comment=midle-up connection-mark=midle new-packet-mark=midle-up out-interface=ether1 passthrough=no | |
| 71 | add action=mark-connection chain=prerouting comment=low connection-bytes=3000001-10000000 dst-address-list=!private-lokal new-connection-mark=low \ | |
| 72 | passthrough=no src-address-list=private-lokal | |
| 73 | add action=accept chain=prerouting comment=low connection-mark=low | |
| 74 | add action=mark-packet chain=forward comment=low-down connection-mark=low in-interface=ether1 new-packet-mark=low-down passthrough=no | |
| 75 | add action=mark-packet chain=forward comment=low-up connection-mark=low new-packet-mark=low-up out-interface=ether1 passthrough=no | |
| 76 | add action=mark-connection chain=prerouting comment=lower connection-bytes=1000001-3000000 dst-address-list=!private-lokal new-connection-mark=lower \ | |
| 77 | passthrough=no src-address-list=private-lokal | |
| 78 | add action=accept chain=prerouting comment=lower connection-mark=lower | |
| 79 | add action=mark-packet chain=forward comment=lower-down connection-mark=lower in-interface=ether1 new-packet-mark=lower-down passthrough=no | |
| 80 | add action=mark-packet chain=forward comment=lower-up connection-mark=lower new-packet-mark=lower-up out-interface=ether1 passthrough=no | |
| 81 | add action=mark-connection chain=prerouting comment=lowest connection-bytes=0-1000000 dst-address-list=!private-lokal new-connection-mark=lowest passthrough=\ | |
| 82 | no src-address-list=private-lokal | |
| 83 | add action=accept chain=prerouting comment=lowest connection-mark=lowest | |
| 84 | add action=mark-packet chain=forward comment=lowest-down connection-mark=lowest in-interface=ether1 new-packet-mark=lowest-down passthrough=no | |
| 85 | add action=mark-packet chain=forward comment=lowest-up connection-mark=lowest new-packet-mark=lowest-up out-interface=ether1 passthrough=no | |
| 86 | add action=mark-connection chain=prerouting comment=unknown connection-mark=no-mark dst-address-list=!private-lokal new-connection-mark=unknown passthrough=\ | |
| 87 | no src-address-list=private-lokal | |
| 88 | add action=mark-connection chain=prerouting comment=unknown new-connection-mark=unknown passthrough=no | |
| 89 | add action=accept chain=prerouting comment=unknown connection-mark=unknown | |
| 90 | add action=mark-packet chain=forward comment=unknown-down connection-mark=unknown in-interface=ether1 new-packet-mark=unknown-down passthrough=no | |
| 91 | add action=mark-packet chain=forward comment=unknown-up connection-mark=unknown new-packet-mark=unknown-up out-interface=ether1 passthrough=no | |
| 92 | ||
| 93 | #queue tree | |
| 94 | /queue tree | |
| 95 | add max-limit=100M name=A.DOWN parent=global queue=default | |
| 96 | add limit-at=64k max-limit=100M name=A.01.VIP packet-mark=vip-down parent=A.DOWN priority=1 queue=default | |
| 97 | add limit-at=2M max-limit=100M name=A.02.GAMES-ONLINE packet-mark=games-down parent=A.DOWN priority=2 queue=default | |
| 98 | add limit-at=15M max-limit=15M name=A.03.NORMAL parent=A.DOWN queue=default | |
| 99 | add limit-at=5M max-limit=10M name=A.03.1.GOOGLEVIDEO packet-mark=googlevideo-down parent=A.03.NORMAL priority=3 queue=pcq-download-default | |
| 100 | add limit-at=8M max-limit=8M name=A.03.2.BYTES-TRAFIK parent=A.03.NORMAL queue=default | |
| 101 | add limit-at=1M max-limit=8M name=A.1.LOWES packet-mark=lowest-down parent=A.03.2.BYTES-TRAFIK priority=4 queue=pcq-download-default | |
| 102 | add limit-at=1M max-limit=8M name=A.2.LOWER packet-mark=lower-down parent=A.03.2.BYTES-TRAFIK priority=5 queue=pcq-download-default | |
| 103 | add limit-at=1M max-limit=8M name=A.3.LOW packet-mark=low-down parent=A.03.2.BYTES-TRAFIK priority=6 queue=pcq-download-default | |
| 104 | add limit-at=1M max-limit=8M name=A.4.MIDLE packet-mark=midle-down parent=A.03.2.BYTES-TRAFIK priority=7 queue=pcq-download-default | |
| 105 | add limit-at=1M max-limit=8M name=A.5.HIGH packet-mark=high-down parent=A.03.2.BYTES-TRAFIK queue=pcq-download-default | |
| 106 | add limit-at=1M max-limit=8M name=A.6.UNKNOWN packet-mark=unknown-down parent=A.03.2.BYTES-TRAFIK queue=pcq-download-default | |
| 107 | add max-limit=100M name=B.UP parent=global queue=default | |
| 108 | add limit-at=64k max-limit=100M name=B.01.VIP packet-mark=vip-up parent=B.UP priority=1 queue=default | |
| 109 | add limit-at=1M max-limit=100M name=B.02.GAMES-ONLINE packet-mark=games-up parent=B.UP priority=2 queue=default | |
| 110 | add limit-at=2M max-limit=2M name=B.03.NORMAL parent=B.UP queue=default | |
| 111 | add limit-at=1M max-limit=2M name=B.03.1.GOOGLEVIDEO packet-mark=googlevideo-up parent=B.03.NORMAL priority=3 queue=pcq-upload-default | |
| 112 | add limit-at=1M max-limit=1M name=B.03.2.BYTES-TRAFIK parent=B.03.NORMAL queue=default | |
| 113 | add limit-at=100k max-limit=1M name=B.1.LOWES packet-mark=lowest-up parent=B.03.2.BYTES-TRAFIK priority=4 queue=pcq-upload-default | |
| 114 | add limit-at=100k max-limit=1M name=B.2.LOWER packet-mark=lower-up parent=B.03.2.BYTES-TRAFIK priority=5 queue=pcq-upload-default | |
| 115 | add limit-at=100k max-limit=1M name=B.3.LOW packet-mark=low-up parent=B.03.2.BYTES-TRAFIK priority=6 queue=pcq-upload-default | |
| 116 | add limit-at=100k max-limit=1M name=B.4.MIDLE packet-mark=midle-up parent=B.03.2.BYTES-TRAFIK priority=7 queue=pcq-upload-default | |
| 117 | add limit-at=100k max-limit=1M name=B.5.HIGH packet-mark=high-up parent=B.03.2.BYTES-TRAFIK queue=pcq-upload-default | |
| 118 | add limit-at=100k max-limit=1M name=B.6.UNKNOWN packet-mark=unknown-up parent=B.03.2.BYTES-TRAFIK queue=pcq-upload-default |
