Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
15 views10 pages

Script Queue Tree Dan Mangle Raw

The document outlines configurations for a network firewall, including the creation of address lists for local networks and various online services such as Facebook, Instagram, and YouTube. It details the setup of mangle rules for traffic marking and management, including specific protocols and traffic types like DNS and ICMP. Additionally, it includes queue tree settings for bandwidth management using PCQ (Per Connection Queue).

Uploaded by

namedoor02
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
15 views10 pages

Script Queue Tree Dan Mangle Raw

The document outlines configurations for a network firewall, including the creation of address lists for local networks and various online services such as Facebook, Instagram, and YouTube. It details the setup of mangle rules for traffic marking and management, including specific protocols and traffic types like DNS and ICMP. Additionally, it includes queue tree settings for bandwidth management using PCQ (Per Connection Queue).

Uploaded by

namedoor02
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Script Queue tree Dan Mangle Raw

Add Addres List


/ip firewall address-list
add address=192.168.0.0/16 list=Lokal

add address=172.16.0.0/12 list=Lokal

add address=10.0.0.0/8 list=Lokal

Add address list layer7


/ip firewall layer7-protocol

add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"

add name=ZIP regexp="pk\\x03\\x04\\x14"

add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70"

add name=RAR regexp="Rar\\x21\\x1a\\x07"

add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"

Add Raw Mangle


Facebook
/ip firewall raw

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting comment=FACEBOOK content=\

.facebook.com dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=.facebook.net \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=.fbcdn.net \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \


address-list-timeout=1d chain=prerouting content=.fbsbx.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=fb.com dst-address-list=\

!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=fb.gg dst-address-list=\

!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=fbwat.ch \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=messenger.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=FACEBOOK \

address-list-timeout=1d chain=prerouting content=m.me dst-address-list=\

!lokal src-address-list=lokal

INSTAGRAM
/ip firewall raw

add action=add-dst-to-address-list address-list=INSTAGRAM \

address-list-timeout=1d chain=prerouting comment=INSTAGRAM content=\

.instagram.com dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=INSTAGRAM \

address-list-timeout=1d chain=prerouting content=.cdninstagram.com \

dst-address-list=!lokal src-address-list=local
MARKETPLACE
add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting comment=MARKETPLACE content=\

tokopedia.com dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=tokopedia.net \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=shopee.co.id \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=bukalapak.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=lazada.co.id \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=blibli.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=MARKETPLACE \

address-list-timeout=1d chain=prerouting content=olx.co.id \

dst-address-list=!lokal src-address-list=local
SNACK VIDEO
add action=add-dst-to-address-list address-list=SNACKVIDEO \

address-list-timeout=1d chain=prerouting comment=SNACKVIDEO content=\

.snackvideo.com dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=SNACKVIDEO \

address-list-timeout=1d chain=prerouting content=.myqcloud.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=SNACKVIDEO \

address-list-timeout=1d chain=prerouting content=.snackvideo.in \

dst-address-list=!lokal src-address-list=local

TIKTOK
/ip firewall raw

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting comment=TIKTOK content=.tiktok.com dst-address-list=\

!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.tiktokv.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.tiktokcdn.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.byteoversea.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.ibyteimg.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.ibytedtos.com dst-address-list=!lokal \

src-address-list=lokal
add action=add-dst-to-address-list address-list=TIKTOK address-list-timeout=\

1d chain=prerouting content=.myqcloud.com dst-address-list=!lokal \

src-address-list=local

TWITTER
add action=add-dst-to-address-list address-list=TWITTER address-list-timeout=\

1d chain=prerouting comment=TWITTER content=.twitter.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=TWITTER address-list-timeout=\

1d chain=prerouting content=.twimg.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=TWITTER address-list-timeout=\

1d chain=prerouting content=t.co dst-address-list=!lokal \

src-address-list=local

YOUTUBE
/ip firewall raw

add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting comment=YOUTUBE content=.youtube.com \

dst-address-list=!lokal src-address-list=lokal

add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting content=.ytimg.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting content=.googlevideo.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting content=youtu.be dst-address-list=!lokal \

src-address-list=lokal
add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting content=yt3.ggpht.com dst-address-list=!lokal \

src-address-list=lokal

add action=add-dst-to-address-list address-list=YOUTUBE address-list-timeout=\

1d chain=prerouting content=youtubei.googleapis.com dst-address-list=\

!lokal src-address-list=lokal

Add Mangle
/ip firewall mangle

add action=accept chain=prerouting comment="Bypass Local Traffic" dst-address-list=Lokal src-address-list=Lokal

add action=accept chain=forward dst-address-list=Lokal src-address-list=Lokal

FACEBOOK
add action=mark-packet chain=forward comment="FACEBOOK" connection-mark=FACEBOOK in-interface="ether1 - Wan" new-
packet-mark=FACEBOOK_down passthrough=no

Trafic Games
add action=mark-connection chain=forward comment="Games Traffic" dst-port=39190-39200 new-connection-mark=games
passthrough=yes protocol=tcp src-address-list=Lokal

add action=mark-connection chain=forward dst-port=40000-40010 new-connection-mark=games passthrough=yes protocol=udp


src-address-list=Lokal

add action=mark-packet chain=forward connection-mark=games in-interface="ether1 - Wan" new-packet-mark=games_down


passthrough=no

add action=mark-packet chain=forward connection-mark=games in-interface="ether2 - Lan" new-packet-mark=games_up


passthrough=no
ICMP TRAFIC
add action=mark-connection chain=forward comment="ICMP Traffic" new-connection-mark=icmp passthrough=yes protocol=icmp
src-address-list=Lokal

add action=mark-packet chain=forward connection-mark=icmp in-interface="ether1 - Wan" new-packet-mark=icmp_down


passthrough=no protocol=icmp

add action=mark-packet chain=forward connection-mark=icmp in-interface="ether2 - Lan" new-packet-mark=icmp_up


passthrough=no protocol=icmp

DNS TRAFIC
add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 new-connection-mark=dns
passthrough=yes protocol=udp src-address-list=Lokal

add action=mark-packet chain=forward connection-mark=dns in-interface="ether1 - Wan" new-packet-mark=dns_down


passthrough=no protocol=udp

add action=mark-packet chain=forward connection-mark=dns in-interface="ether2 - Lan" new-packet-mark=dns_up passthrough=no


protocol=udp

REMOTE
add action=mark-connection chain=forward comment="Remote Traffic" dst-port=22,23,8291,5938,4899 new-connection-
mark=remote passthrough=yes protocol=tcp src-address-list=Lokal

add action=mark-packet chain=forward connection-mark=remote in-interface="ether1 - Wan" new-packet-mark=remote_down


passthrough=no

add action=mark-packet chain=forward connection-mark=remote in-interface="ether2 - Lan" new-packet-mark=remote_up


passthrough=no

MARKING TRAFIC
YOUTUBE
add action=mark-connection chain=forward comment="YouTube Traffic" layer7-protocol=youtube new-connection-mark=youtube
passthrough=yes src-address-list= Lokal

add action=mark-packet chain=forward connection-mark=youtube in-interface="ether1 - Wan" new-packet-mark=youtube_down


passthrough=no

add action=mark-packet chain=forward connection-mark=youtube in-interface="ether2 - Lan" new-packet-mark=youtube_up


passthrough=no
LAIN-LAIN
add action=mark-connection chain=forward comment="Extension Layer7" layer7-protocol=EXE new-connection-mark=extensi
passthrough=yes

add action=mark-connection chain=forward layer7-protocol=ZIP new-connection-mark=extensi passthrough=yes

add action=mark-connection chain=forward layer7-protocol=MP4 new-connection-mark=extensi passthrough=yes

add action=mark-connection chain=forward layer7-protocol=RAR new-connection-mark=extensi passthrough=yes

add action=mark-packet chain=forward connection-mark=extensi in-interface="ether1 - Wan" new-packet-mark=extensi_down


passthrough=no

add action=mark-packet chain=forward connection-mark=extensi in-interface="ether2 - Lan" new-packet-mark=extensi_up


passthrough=no

MARKING TRAFIC LAYER7


add action=mark-connection chain=forward comment="Browsing Traffic" connection-mark=!heavy_traffic new-connection-
mark=browsing passthrough=yes src-address-list=Lokal

add action=mark-connection chain=forward comment="Heavy Traffic" connection-bytes=1024000-0 connection-mark=browsing


connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=tcp

add action=mark-connection chain=forward connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-


102400k new-connection-mark=heavy_traffic passthrough=yes protocol=udp

add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether1 - Wan" new-packet-


mark=heavy_browsing_down passthrough=no

add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether2 - Lan" new-packet-


mark=heavy_browsing_up passthrough=no

add action=mark-packet chain=forward connection-mark=browsing in-interface="ether1 - Wan" new-packet-


mark=small_browsing_down passthrough=no

add action=mark-packet chain=forward connection-mark=browsing in-interface="ether2 - Lan" new-packet-


mark=small_browsing_up passthrough=no

BROWSING TRAFIC
add action=mark-connection chain=forward comment="Browsing Traffic" connection-mark=!heavy_traffic new-connection-
mark=browsing passthrough=yes src-address-list= Lokal

add action=mark-connection chain=forward comment="Heavy Traffic" connection-bytes=1024000-0 connection-mark=browsing


connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=tcp

add action=mark-connection chain=forward connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-


102400k new-connection-mark=heavy_traffic passthrough=yes protocol=udp

add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether1 - Wan" new-packet-


mark=heavy_browsing_down passthrough=no

add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether2 - Lan" new-packet-


mark=heavy_browsing_up passthrough=no

add action=mark-packet chain=forward connection-mark=browsing in-interface="ether1 - Wan" new-packet-


mark=small_browsing_down passthrough=no
add action=mark-packet chain=forward connection-mark=browsing in-interface="ether2 - Lan" new-packet-
mark=small_browsing_up passthrough=no

Queue Tree HTB

/queue type

add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64

add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64

/queue tree

add name="Global Traffic" parent=global queue=default

add max-limit=10M name=Download parent="Global Traffic" queue=default

add max-limit=1M name=Upload parent="Global Traffic"

add limit-at=512k max-limit=3M name="1. Game" packet-mark=games_down parent=Download priority=1


queue=down_pcq

add limit-at=64k max-limit=3M name="2. Icmp" packet-mark=icmp_down parent=Download priority=1


queue=down_pcq

add limit-at=64k max-limit=3M name="3. Dns" packet-mark=dns_down parent=Download priority=1 queue=down_pcq

add max-limit=3M name="5. Download Traffic" parent=Download queue=default

add max-limit=3M name="1. Small Browsing" packet-mark=small_browsing_down parent="5. Download


Traffic" priority=5 queue=down_pcq

add max-limit=3M name="2. Heavy Browsing" packet-mark=heavy_browsing_down parent="5. Download


Traffic" priority=7 queue=down_pcq

add limit-at=512k max-limit=3M name="4. Remote" packet-mark=remote_down parent=Download priority=3


queue=down_pcq

add max-limit=3M name="3. YouTube" packet-mark=youtube_down parent="5. Download Traffic" priority=7


queue=down_pcq

add max-limit=3M name="4. Extensi" packet-mark=extensi_down parent="5. Download Traffic" queue=down_pcq

add limit-at=256k max-limit=1M name="1. game" packet-mark=games_up parent=Upload priority=1 queue=up_pcq

add limit-at=32k max-limit=1M name="2. icmp" packet-mark=icmp_up parent=Upload priority=1 queue=up_pcq

add limit-at=32k max-limit=1M name="3. dns" packet-mark=dns_up parent=Upload priority=1 queue=up_pcq

add limit-at=256k max-limit=1M name="4. remote" packet-mark=remote_up parent=Upload priority=3 queue=up_pcq

add max-limit=1M name="5. Upload Traffic" parent=Upload queue=default


add max-limit=1M name="1. small browsing" packet-mark=small_browsing_up parent="5. Upload Traffic" priority=5
queue=up_pcq

add max-limit=1M name="2. heavy browsing" packet-mark=heavy_browsing_up parent="5. Upload Traffic" priority=7
queue=up_pcq

add max-limit=1M name="3. youtube" packet-mark=youtube_up parent="5. Upload Traffic" priority=7 queue=up_pcq

add max-limit=1M name="4. extensi" packet-mark=extensi_up parent="5. Upload Traffic" queue=up_pcq

DEFENDER FIREWAL

Mencegah UDP Flood Attack

/ip firewall raw

add action=drop chain=prerouting comment="Mencegah UDP Flood Attack" dst-port=53 in-interface=pppoe-out1


protocol=udp

add action=accept chain=prerouting dst-port=53 in-interface=!pppoe-out1 limit=100,5:packet protocol=udp

add action=drop chain=prerouting dst-port=53 in-interface=!pppoe-out1 protocol=udp

jangan Lupa Set Allow Remote Request di IP > DNS

Mencegah Port Scanner

/ip firewall filter

add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=forward


comment="Mencegah port scanner" protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=input protocol=tcp


psd=21,3s,3,1

add action=drop chain=forward src-address-list="Port Scan"

add action=drop chain=input src-address-list="Port Scan"

You might also like