Advertisement
sukriborneo

auto_switch_dns-sehat_-_dns-trust_-_dns-open

Oct 31st, 2017
261
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.44 KB | None | 0 0
  1. #AUTO SWITCH DNS-SEHAT / DNS-TRUST / DNS-OPEN
  2. #COPY DAN PASTE KE TERMINAL WINBOX
  3.  
  4. /ip fi add rem [find list=ip-maksiat]
  5. /ip fi add rem [find list=private-lokal]
  6. /ip fi na rem [find comment~"dns"]
  7. /ip fi fi rem [find dst-port="53,5353"]
  8. /sys sch rem auto-switch-dns
  9.  
  10. /ip firewall address-list
  11. add address=10.0.0.0/8 list=private-lokal
  12. add address=172.16.0.0/12 list=private-lokal
  13. add address=192.168.0.0/16 list=private-lokal
  14.  
  15. /ip firewall filter
  16. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
  17. add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
  18. add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
  19. add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
  20.  
  21. /ip dns
  22. set allow-remote-requests=yes servers=103.80.80.248,103.80.80.249
  23.  
  24. /ip firewall nat
  25. add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
  26. add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
  27. add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
  28. add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
  29. add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
  30. add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
  31. add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
  32. add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
  33. add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
  34. add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
  35. add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
  36. add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
  37.  
  38. /tool netwatch
  39. add comment=dns-sehat1 down-script="/ip firewall nat disable [find comment=\"dns-sehat1\"]" host=103.80.80.248 interval=10s up-script=\
  40. "/ip firewall nat enable [find comment=\"dns-sehat1\"]"
  41. add comment=dns-sehat2 down-script="/ip firewall nat disable [find comment=\"dns-sehat2\"]" host=103.80.80.249 interval=10s up-script=\
  42. "/ip firewall nat enable [find comment=\"dns-sehat2\"]"
  43. add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust1\"]" host=103.80.80.243 interval=10s up-script=\
  44. "/ip firewall nat enable [find comment=\"dns-trust1\"]"
  45. add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust2\"]" host=103.80.80.244 interval=10s up-script=\
  46. "/ip firewall nat enable [find comment=\"dns-trust2\"]"
  47. add comment=dns-open1 down-script="/ip firewall nat disable [find comment=\"dns-open1\"]" host=208.67.220.220 interval=10s up-script=\
  48. "/ip firewall nat enable [find comment=\"dns-open1\"]"
  49. add comment=dns-open2 down-script="/ip firewall nat disable [find comment=\"dns-open2\"]" host=208.67.222.222 interval=10s up-script=\
  50. "/ip firewall nat enable [find comment=\"dns-open2\"]"
  51.  
  52. {
  53. /tool fetch url="https://raw.githubusercontent.com/cespun/ip-maksiat/master/.gitignore/list%3Dip-maksiat" mode=http
  54. /import file=list%3Dip-maksiat
  55. /file remove list%3Dip-maksiat
  56. }
  57.  
  58.  
  59.  
  60. bagi yg ingin menghilangkan settingan dari DNS Sehat tapi gak mau repot dan gak mau mikir berikut perintahnya
  61. /ip fil add rem [find list=ip-maksiat]
  62. /ip fi add rem [find list=private-lokal]
  63. /ip fi na rem [find comment~"dns"]
  64. /ip fi fi rem [find dst-port="53,5353"]
  65. /sys sch rem auto-switch-dns
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement