Block Akses Browsing di Mikrotik dengan Schedule

Assalamu'alaikum.

langsung saja, berikut step2 atau caranya,

Buat nat rule untuk webproxy-nya:
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080   

enable webproxy-nya:
/ip web-proxy set enabled=yes

masukkan content yang ingin di blok:
/ip web-proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 url=*.facebook.com* action=deny comment=situs

Lalu create script (system >> script):
Name : bloksiang
Policy : write, read, policy (yang dicentang)
Source:
/ip web-proxy access enable [/ip web-proxy access find comment=situs]
Name : blokmalam
Policy : write, read, policy (yang dicentang)
Source:
/ip web-proxy access disable [/ip web-proxy access find comment=situs]  

Buat scheduler yang diinginkan (system >> scheduler):

name=bloksiang
start-date=Jan/01/2010
start-time=08:30:00
interval=1d 00:00:00
on-event= bloksiang
name=blokmalam
start-date=Jan/01/2010
start-time=18:30:00
interval=1d 00:00:00
on-event= blokmalam

Nah setelah itu maka liat aja hasilnya maka situs yang masuk di dalam list di web proxy akan terblok. Kalo ada banyak situs atau address atau file yang ingin di blok maka tinggal di add di web proxy serta diberi comment yang sama (dalam hal ini saya menggunakan comment=situs), maka pada waktu yang bersamaan semua situs yang ada list akan terblok.
Misalnya :

/ip web-proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 url=*.youtube* action=deny comment=situs
/ip web-proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 url=*mpeg* action=deny comment=situs
/ip web-proxy access add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 url=*exe* action=deny comment=situs

Selamat mencoba
Wassalamu'alaikum  

Index Of Mikrotik

Assalamu'alaikum.

hello friends, bagi index download mikrotik nih, silakan sepuas hati ente-ente sekalian. :)

http://kambing.ui.ac.id/onnopurbo/library/library-sw-hw/mikrotik/iso/ 
http://mirror.unpad.ac.id/orari/library/library-sw-hw/mikrotik/iso/ 
http://neohosting.jalawave.net/~deny/index.php?path=[Mikrotik]/
http://macan.uad.ac.id/iso/mikrotik/
http://www.shelbywireless.com/files/mikrotik/
http://mikrotik-software.de/~mirror/
http://files.quicklinkwireless.com/mikrotik/


http://download.sujianto.web.id/files/mikrotik/
http://kantong.tca.co.id/index.php?path=mikrotik/
http://utils.hns.net.in/mikrotik/
http://mikrotik.antihackerlink.or.id/
http://ftp.mikrotik.info/


mantap,
semoga bermanfaat bro.
Wassalamu'alaikum.
 

Bandwith Manajemen Queue Tree Vs Simple Queue di Mikrotik

Assalamu'alaikum.

Pada bagian ini, ijinkan saya membahas tentang setting bandwith dengan queue tree vs  queue di mikrotik.
oke lanjut ke sekenarionya.

konfigurasi Simple queues dan Que tree mudah mudahan bisa menjadi referensi untuk anda yang akan menggunakan limiter bandwith with mikrotik.

Configurasi Simple Queue:
Anda bisa membuat kelompok (parent) untuk client-kusus dengan bandwith 256kbps yang didalamnya terdiri dari 3 user sehingga bandwith 256 tadi akan di share untuk 3 user tesebut, dan parent2 yang lainpun bisa anda buat sesuai keinginan anda.

[admin@Mikrotik] queue> simple
[admin@Mikrotik] queue simple
add name=”CLIENT” target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=1000000/1000000 total-queue=default-small
add name=”Client-kusus” target-addresses=192.168.0.1/32,192.168.0.2/32,192.168.0.3/32,dst-address=0.0.0.0/0 interface=all parent=CUSTOMER direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=256000/256000 total-queue=default-small
add name=”mylove” target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 max-limit=32000/56000 total-queue=default-small
add name=”myfriend” target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/8000 max-limit=32000/56000 total-queue=default-small
add name=”maymay” target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=ether2 parent=Client-kusus direction=both priority=8 queue=default-small/default-small limit-at=16000/0 max-limit=32000/56000 total-queue=default-small

Contoh configurasi Queue Tree:
Mangle
Sebelum kita Meng konfigure Queue Tree kita buat dulu Connection-mark di table mangle.
[admin@Mikrotik] > ip firewall mangle
[admin@Mikrotik] ip firewall mangle>
add chain=forward src-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes
add chain=forward dst-address=192.168.0.0/24 action=mark-connection new-connectioan-mark=local passthrough=yes
add chain=forward protocol=icmp connection-mark=local action=mark-packet new-packet-mark=local-icmp passthrough=no
add chain=forward src-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no
add chain=forward dst-address=192.168.0.1 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-1 passthrough=no
add chain=forward src-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no
add chain=forward dst-address=192.168.0.2 protocol=!icmp connection-mark=local action=mark-packet new-packet-mark=local-2 passthrough=no

Queue-tree:
[admin@LimiTer] queue> tree
[admin@LimiTer] queue tree>
add name=”upload” parent=[int-ke-internet] packet-mark=”” priority=1 max-limit=256K
add name=”icmp-upload” parent=upload packet-mark=”local-icmp” priority=3 max-limit=32K
add name=”local-1-upload” parent=upload packet-mark=”local-1″ priority=5 max-limit=64K
add name=”local-2-upload” parent=upload packet-mark=”local-2″ priority=5 max-limit=64K
add name=”download” parent=[int-ke-local] packet-mark=”” priority=1 max-limit=512K
add name=”icmp-download” parent=download packet-mark=”local-icmp” priority=3 max-limit=64K
add name=”local-1-download” parent=download packet-mark=”local-1″ priority=5 max-limit=128K
add name=”local-2-download” parent=download packet-mark=”local-2″ priority=5 max-limit=128

Note : Disini anda bisa membuat alokasi bandwith kusus buat icmp download dan upload.

semoga bermanfaat teman,

Wassalamu'alaikum.

Mikrotik User Meeting Presentation Material (USA)

Assalamu'alaikum.

ijin bagi-bagi lagi, lumayan untuk koleksi anak Indonesia:

HTB QoS by Valens Riyadi, Indonesia


High Performance RouterOS by Dennis Burgess, Link Technologies


Wireless Installations and IP streaming by Robert Clark, Bulleri Internet


Dude workshop by Mike Delp, Link Technologies


802.11n workshop by Steve Discher, Learnmikrotik.com


Hotspot and Paypal by Steve Discher, Learnmikrotik.com


MetaRouter workshop by Brian Vargyas, Baltic Networks


QoS by Janis Megis, Mikrotik


MPLS by Janis Megis, Mikrotik


source:www.mum.mikrotik.com

Wassalamu'alaikum

Tutotial Mikrotik ( e-book) part II

Assalamu'alaikum.

ijin bagi2 lagi nih juragan, nambahin yang sudah, monggo di unduh.

This tutorial Contents:
1. [How To] Blocked Page at Web Proxy MikroTik
2. Editing Hotspot login Page
3. misahin download dan browsing?
4. Tut FullSpeed dari cache internalnya mikrotik (untuk versin 2.9)
5. Yang Pengen Block FRIENDSTER
6. Another way to block web
7. NEW Update --> Setting PPPoE dan Load Balance Speedy --NEW UPDATE--
8. Cara setting Web proxy 3.20
9. NGE Limit Youtube Video Streaming di MT 3.xx
10. Script Limit Bandwidth berdasar Siang – Malam
11. Simple Load Balancing + DNS Resolver + Secret Fiture
12. Blok PTP – other way
13. Login HTTPS di Hotspot
14. mengatur prioritas trafik dari dan ke mikrotik
15. Banyak Web Server di belakang router Mikrotik
16. Routerboard 450 Repaired
17. Satu (1) Userman Banyak Hotspot
18. recovery password mikrotik
19. Cara buat PPPOE server
20. misahin download dan browsing?
21. Beberapa Konfigurasi Mikrotik dan Proxy
22. Queue dengan SRC-NAT dan WEB-PROXY
23. Mikrotik - menggunakan squid sebagai web proxy sehingga lebih optimal
24. Beda Limit Siang dan Malam secara otomatis
25. Script untuk block Conflicker Virus secara otomatis
26. VLAN di RB750 (Requested by bro Hakeem)
27. Contoh Implementasi PCQ
28. Setting Bridge dan dial PPPoE dari Mikrotik
29. The NEW LoadBalance!! More Powerfull -TESTED-

download : http://www.4shared.com/document/Qq11I8Ce/Tutorial-Mikrotik-2.html

gak di password =))

Wassalamu'alaikum.

Tutotial Mikrotik ( e-book) part I

Assalamu'alaikum.

ijin bagi2 saudara ku, mayan untuk tambah ilmu kita bangsa Indonesia tercinta, silakan sedot jangan lupa komennya:

This Tutorial contents:

1. How to limit traffic download RapidShare
2. Implementasi Penggunaan PCQ Bagi ISP Untuk Mendapatkan Hasil Yang Maksimal
3. Detect dan shapping download dengan connetion byte
4. Memisahkan Gateway Internasonal dan IIX dengan 3 NIC (Bagian 2)
5. Bandwidth management di Hotspot Area
6. Memisahkan IIX ke ISP wireless dan Internasional ke speedy
7. How To Block Traceroute
8. HOWTO: Menghindari Port Scanner dari Hacker
9. HOW TO : Melindungi Pelanggan/User Anda
10. Load-balancing & Fail-over di MikroTik
11. Redirect Mikrotik ke Komputer Proxy Squid (tanpa parent proxy MT)
12. Delaypool rasa Mikrotik
13. 2 Isp In 1 Router With Loadbalancing
14. Tutz Load Balancing Plus plus [Chaozz version] (Route Rule)
15. SETUP MIKROTIK (base 1)
16. TUTORIAL SETUP HOTSPOT + USERMANAGER
17. TUTORIAL 2 ISP IN 1 ROUTER WITH LOADBALANCING
18. SETUP QUEUE
19. TUTORIAL MISAHIN BW LOKAL DAN INTERNATIONAL
20. TUTORIAL SETING IP-PROXY & CONTOH PENGGUNANNYA (BASIC)
21. SETING PPTP SERVER & CLIENT
22. HOWTO: Menghindari Port Scanner dari Hacker
23. Wireless Bridge (client) dengan AP tanpa WDS
24. Setting Point To Multi Point
25. Pengamanan Mikrotik dari Scan Winbox dan Neighbour
26. Transparent Traffic Shaper
27. Pengamanan Mikrotik dari Scan Winbox dan Neighbour
28. Script Bikin Queues Tree B/W Limiter
29. Update Otomatis nice.rsc
30. [Share] Script u/ membatasi BW jika suatu traffic client melewati batas tertentu
31. Hotspot Mikrotik
32. [tutorial] Mikrotik Load Balancing - Winbox version
33. Konfigurasi SMS saat Internet down
34. Mikrotik dengan SquidBox
35. bagaimana cara install mikrotik di Router Board
36. Load Balance + Fail Over dengan script
37. Load Balancing nth buat Mikrotik Ver 3.xx dan 2.9xx
38. MikroTik Password Recovery
39. Howto : Bypass traceroute traffic
40. Cara copy torch atau LOG ke file ---caranya?
41. MikroTik Password Recovery
42. [Script] HTML Project for HotSpot Voucher
43. Ringtone Mikrotik
44. Editing Hotspot login Page
45. Memisahkan antara download dan browsing dengan mikrotik
46. backup database radius server hotspot 

download : http://www.4shared.com/document/pl4BOC2f/tutorial-mikrotik.html 

gak di password :)

Wassalamu'alaikum. 

MRTG Sebagai Network Traffic Monitor

Assalamu'alaikum.

Pada bagian ini, ijinkan saya membahas bagaimana setting network traffic monitor, oke langsung saja kita lihat sekenarionya, agar mudah difahami, kekekeke.

MRTG adalah singkatan dari The Multi Router Traffic Grapher. MRTG merupakan aplikasi yang berguna untuk memantau penggunaan “bandwith” dalam suatu network atau jaringan. MRTG berbentuk sebuah aplikasi “web-based” yang memberikan informasi secara grafikal dan secara “on-line” atau “real-time”. Selain MRTG tool network monitoring dengan web based adalah cacti, sedangkan yang berbasis text/shell adalah iptraf, vnstat, tcpcrack, ntop dsb.

Perlu diketahui OS yang saya pakai adalah Ubuntu 9.10 Server.
Paket2 yang diperlukan oleh mrtg adalah apache2, snmp, adan snmpd



Install paket2 mrtg, snmp dan apache2

#apt-get install apache2 mrtg snmp snmpd

edit file snmpd.conf

#nano /etc/snmp/snmpd.conf

cari parameter berikut:
---------------------------------------
com2sec paranoid default public
#com2sec readonly default public
#com2sec readwrite default private
---------------------------------------
ubah menjadi:
---------------------------------------
#com2sec paranoid default public
com2sec readonly default public
#com2sec readwrite default private
---------------------------------------

cari lagi parameter berikut:
-----------------------------------------------------------------------
syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
syscontact Root (configure /etc/snmp/snmpd.local.conf)
-----------------------------------------------------------------------

edit dan ganti “Unknown” menjadi namaanda atau admin atau terserah anda
edit dan ganti “Root” menjadi emailanda misal sonny@telkom.net
setelah selesai exit dan save snmpd.conf

restart snmpd

#/etc/init.d/snmpd restart

buat direktori mrtg di /var/www/
#mkdir /var/www/mrtg/

konfigurasi mrtg

#cfgmaker public@localhost > /etc/mrtg.cfg

Buat File Index mrtg

#indexmaker --output=/var/www/mrtg/index.html /etc/mrtg.cfg

jalankan mrtg dengan perintah

#mrtg

kalo masih ada error seperti ini:

-----------------------------------------------------------------------
ERROR: Mrtg will most likely not work properly when the environment
variable LANG is set to UTF-8. Please run mrtg in an environment
where this is not the case. Try the following command to start:

env LANG=C /usr/bin/mrtg
-----------------------------------------------------------------------

jalankan perintah:

#env LANG=C /usr/bin/mrtg

untuk mulai monotoring jalankan browser anda (firefox/IE) kemudian akses http://localhost/mrtg atau http://iprouteranda/mrtg

gambar  jadinya mas bro:

haha, mudah bukan teman, ane mambaca di buku terbitan ni noh: http://oke.or.id/

sekian,
Wassalamu'alaikum.

firewall filter virus

Assalamu'alaikum...

pada bagian ini ijinkan saya share tentang firewall filtering virus, sebelumnya hal ini sudah sering dibahas pada forum2 networking, terutama yaitu forum mikrotik indonesia,
okelah langsung saja, script ini tinggal copas aja, menggunakan new terminal.

1.
code:
---------------------------------------------------------------------------------
/ip firewall filter
add chain=virus protocol=udp action=drop dst-port=1 comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=2 comment="Death"
add chain=virus protocol=tcp action=drop dst-port=20 comment="Senna Spy FTP server"
add chain=virus protocol=tcp action=drop dst-port=21 comment="Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash"
add chain=virus protocol=tcp action=drop dst-port=22 comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=23 comment="Fire HacKer, Tiny Telnet Server TTS, Truva Atl"
add chain=virus protocol=tcp action=drop dst-port=25 comment="Ajan, Antigen, Barok, Email Password Sender EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy"
add chain=virus protocol=tcp action=drop dst-port=30 comment="Agent 40421"
add chain=virus protocol=tcp action=drop dst-port=31 comment="Agent 31, Hackers Paradise, Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=41 comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=48 comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=50 comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=58 comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=59 comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=79 comment="CDK, Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=80 comment="711 trojan, Seven Eleven, AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, Executor, God Message, God Message Creator, Hooker, IISworm, MTX, NCX, Reverse WWW Tunnel Backdoor, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader"
add chain=virus protocol=tcp action=drop dst-port=81 comment="RemoConChubo"
add chain=virus protocol=tcp action=drop dst-port=99 comment="Hidden Port, NCX"
add chain=virus protocol=tcp action=drop dst-port=110 comment="ProMail trojan"
add chain=virus protocol=tcp action=drop dst-port=113 comment="Invisible Identd Deamon, Kazimas"
add chain=virus protocol=tcp action=drop dst-port=119 comment="Happy99"
add chain=virus protocol=tcp action=drop dst-port=121 comment="Attack Bot, God Message, JammerKillah"
add chain=virus protocol=tcp action=drop dst-port=123 comment="Net Controller"
add chain=virus protocol=tcp action=drop dst-port=133 comment="Farnaz"
add chain=virus protocol=tcp action=drop dst-port=135-139 comment="Blaster worm"
add chain=virus protocol=udp action=drop dst-port=135-139 comment="messenger worm
add chain=virus protocol=tcp action=drop dst-port=142 comment="NetTaxi"
add chain=virus protocol=tcp action=drop dst-port=146 comment="Infector"
add chain=virus protocol=udp action=drop dst-port=146 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=170 comment="A-trojan"
add chain=virus protocol=tcp action=drop dst-port=334 comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=411 comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=420 comment="Breach, Incognito"
add chain=virus protocol=tcp action=drop dst-port=421 comment="TCP Wrappers trojan"
add chain=virus protocol=tcp action=drop dst-port=445 comment="Blaster worm
add chain=virus protocol=udp action=drop dst-port=445 comment="Blaster worm
add chain=virus protocol=tcp action=drop dst-port=455 comment="Fatal Connections"
add chain=virus protocol=tcp action=drop dst-port=456 comment="Hackers Paradise"
add chain=virus protocol=tcp action=drop dst-port=513 comment="Grlogin"
add chain=virus protocol=tcp action=drop dst-port=514 comment="RPC Backdoor"
add chain=virus protocol=tcp action=drop dst-port=531 comment="Net666, Rasmin"
add chain=virus protocol=tcp action=drop dst-port=555 comment="711 trojan, Seven Eleven, Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy"
add chain=virus protocol=tcp action=drop dst-port=605 comment="Secret Service"
add chain=virus protocol=tcp action=drop dst-port=666 comment="Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3rz Therippers"
add chain=virus protocol=tcp action=drop dst-port=667 comment="SniperNet"
add chain=virus protocol=tcp action=drop dst-port=669 comment="DP trojan"
add chain=virus protocol=tcp action=drop dst-port=692 comment="GayOL"
add chain=virus protocol=tcp action=drop dst-port=777 comment="AimSpy, Undetected"
add chain=virus protocol=tcp action=drop dst-port=808 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=911 comment="Dark Shadow"
add chain=virus protocol=tcp action=drop dst-port=999 comment="Deep Throat, Foreplay, WinSatan"
add chain=virus protocol=tcp action=drop dst-port=1000 comment="Der Spaeher, Direct Connection"
add chain=virus protocol=tcp action=drop dst-port=1001 comment="Der Spaeher, Le Guardien, Silencer, WebEx"
add chain=virus protocol=tcp action=drop dst-port=1010-1016 comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=1020 comment="Vampire"
add chain=virus protocol=tcp action=drop dst-port=1024 comment="Jade, Latinus, NetSpy"
add chain=virus protocol=tcp action=drop dst-port=1025 comment="Remote Storm"
add chain=virus protocol=udp action=drop dst-port=1025 comment="Remote Storm"
add chain=virus protocol=tcp action=drop dst-port=1035 comment="Multidropper"
add chain=virus protocol=tcp action=drop dst-port=1042 comment="BLA trojan"
add chain=virus protocol=tcp action=drop dst-port=1045 comment="Rasmin"
add chain=virus protocol=tcp action=drop dst-port=1049 comment="sbin initd"
add chain=virus protocol=tcp action=drop dst-port=1050 comment="MiniCommand"
add chain=virus protocol=tcp action=drop dst-port=1053 comment="The Thief"
add chain=virus protocol=tcp action=drop dst-port=1054 comment="AckCmd"
add chain=virus protocol=tcp action=drop dst-port=1080-1083 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=1090 comment="Xtreme"
add chain=virus protocol=tcp action=drop dst-port=1095-1098 comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1099 comment="Blood Fest Evolution, Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1150-1151 comment="Orion"
add chain=virus protocol=tcp action=drop dst-port=1170 comment="Psyber Stream Server PSS, Streaming Audio Server, Voice"
add chain=virus protocol=udp action=drop dst-port=1200-1201 comment="NoBackO"
add chain=virus protocol=tcp action=drop dst-port=1207 comment="SoftWAR"
add chain=virus protocol=tcp action=drop dst-port=1208 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=1212 comment="Kaos"
add chain=virus protocol=tcp action=drop dst-port=1234 comment="SubSeven Java client, Ultors Trojan"
add chain=virus protocol=tcp action=drop dst-port=1243 comment="BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles"
add chain=virus protocol=tcp action=drop dst-port=1245 comment="VooDoo Doll"
add chain=virus protocol=tcp action=drop dst-port=1255 comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1256 comment="Project nEXT"
add chain=virus protocol=tcp action=drop dst-port=1269 comment="Matrix"
add chain=virus protocol=tcp action=drop dst-port=1272 comment="The Matrix"
add chain=virus protocol=tcp action=drop dst-port=1313 comment="NETrojan"
add chain=virus protocol=tcp action=drop dst-port=1338 comment="Millenium Worm"
add chain=virus protocol=tcp action=drop dst-port=1349 comment="Bo dll"
add chain=virus protocol=tcp action=drop dst-port=1394 comment="GoFriller, Backdoor G-1"
add chain=virus protocol=tcp action=drop dst-port=1441 comment="Remote Storm"
add chain=virus protocol=tcp action=drop dst-port=1492 comment="FTP99CMP"
add chain=virus protocol=tcp action=drop dst-port=1524 comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=1568 comment="Remote Hack"
add chain=virus protocol=tcp action=drop dst-port=1600 comment="Direct Connection, Shivka-Burka"
add chain=virus protocol=tcp action=drop dst-port=1703 comment="Exploiter"
add chain=virus protocol=tcp action=drop dst-port=1777 comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1807 comment="SpySender"
add chain=virus protocol=tcp action=drop dst-port=1966 comment="Fake FTP"
add chain=virus protocol=tcp action=drop dst-port=1967 comment="WM FTP Server"
add chain=virus protocol=tcp action=drop dst-port=1969 comment="OpC BO"
add chain=virus protocol=tcp action=drop dst-port=1981 comment="Bowl, Shockrave"
add chain=virus protocol=tcp action=drop dst-port=1999 comment="Back Door, SubSeven, TransScout"
add chain=virus protocol=tcp action=drop dst-port=2000 comment="Der Spaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=2001 comment="Der Spaeher, Trojan Cow"
add chain=virus protocol=tcp action=drop dst-port=2023 comment="Ripper Pro"
add chain=virus protocol=tcp action=drop dst-port=2080 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=2115 comment="Bugs"
add chain=virus protocol=udp action=drop dst-port=2130 comment="Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=2140 comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=2140 comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=2155 comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=2255 comment="Nirvana"
add chain=virus protocol=tcp action=drop dst-port=2283 comment="Hvl RAT"
add chain=virus protocol=tcp action=drop dst-port=2300 comment="Xplorer"
add chain=virus protocol=tcp action=drop dst-port=2311 comment="Studio 54"
add chain=virus protocol=tcp action=drop dst-port=2330-2339 comment="Contact"
add chain=virus protocol=udp action=drop dst-port=2339 comment="Voice Spy"
add chain=virus protocol=tcp action=drop dst-port=2345 comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=2565 comment="Striker trojan"
add chain=virus protocol=tcp action=drop dst-port=2583 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=2600 comment="Digital RootBeer"
add chain=virus protocol=tcp action=drop dst-port=2716 comment="The Prayer"
add chain=virus protocol=tcp action=drop dst-port=2773-2774 comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=2801 comment="Phineas Phucker"
add chain=virus protocol=udp action=drop dst-port=2989 comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=3000 comment="Remote Shut"
add chain=virus protocol=tcp action=drop dst-port=3024 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=3031 comment="Microspy"
add chain=virus protocol=tcp action=drop dst-port=3128 comment="Reverse WWW Tunnel Backdoor, RingZero"
add chain=virus protocol=tcp action=drop dst-port=3129 comment="Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=3150 comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=3150 comment="Deep Throat, Foreplay, Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=3456 comment="Terror trojan"
add chain=virus protocol=tcp action=drop dst-port=3459 comment="Eclipse 2000, Sanctuary"
add chain=virus protocol=tcp action=drop dst-port=3700 comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=3777 comment="PsychWard"
add chain=virus protocol=tcp action=drop dst-port=3791-3801 comment="Total Solar Eclypse"
add chain=virus protocol=tcp action=drop dst-port=4000 comment="SkyDance"
add chain=virus protocol=tcp action=drop dst-port=4092 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=4242 comment="Virtual Hacking Machine VHM"
add chain=virus protocol=tcp action=drop dst-port=4321 comment="BoBo"
add chain=virus protocol=tcp action=drop dst-port=4444 comment="Prosiak, Swift Remote"
add chain=virus protocol=tcp action=drop dst-port=4567 comment="File Nail"
add chain=virus protocol=tcp action=drop dst-port=4590 comment="ICQ Trojan"
add chain=virus protocol=tcp action=drop dst-port=4950 comment="ICQ Trogen Lm"
add chain=virus protocol=tcp action=drop dst-port=5000 comment="Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5001 comment="Back Door Setup, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5002 comment="cd00r, Shaft"
add chain=virus protocol=tcp action=drop dst-port=5010 comment="Solo"
add chain=virus protocol=tcp action=drop dst-port=5011 comment="One of the Last Trojans OOTLT, One of the Last Trojans OOTLT, modified"
add chain=virus protocol=tcp action=drop dst-port=5025 comment="WM Remote KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=5031-5032 comment="Net Metropolitan"
add chain=virus protocol=tcp action=drop dst-port=5321 comment="Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=5333 comment="Backage, NetDemon"
add chain=virus protocol=tcp action=drop dst-port=5343 comment="wCrat WC Remote Administration Tool"
add chain=virus protocol=tcp action=drop dst-port=5400-5402 comment="Back Construction, Blade Runner"
add chain=virus protocol=tcp action=drop dst-port=5512 comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=5534 comment="The Flu"
add chain=virus protocol=tcp action=drop dst-port=5550 comment="Xtcp"
add chain=virus protocol=tcp action=drop dst-port=5555 comment="ServeMe"
add chain=virus protocol=tcp action=drop dst-port=5556-5557 comment="BO Facil"
add chain=virus protocol=tcp action=drop dst-port=5569 comment="Robo-Hack"
add chain=virus protocol=tcp action=drop dst-port=5637-5638 comment="PC Crasher"
add chain=virus protocol=tcp action=drop dst-port=5742 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=5760 comment="Portmap Remote Root Linux Exploit"
add chain=virus protocol=tcp action=drop dst-port=5880-5889 comment="Y3K RAT"
add chain=virus protocol=tcp action=drop dst-port=6000 comment="The Thing"
add chain=virus protocol=tcp action=drop dst-port=6006 comment="Bad Blood"
add chain=virus protocol=tcp action=drop dst-port=6272 comment="Secret Service"

2.
code :
---------------------------------------------------------------------------------
add chain=virus protocol=tcp action=drop dst-port=6400 comment="The Thing"
add chain=virus protocol=tcp action=drop dst-port=6661 comment="TEMan, Weia-Meia"
add chain=virus protocol=tcp action=drop dst-port=6666 comment="Dark Connection Inside, NetBus worm"
add chain=virus protocol=tcp action=drop dst-port=6667 comment="Dark FTP, ScheduleAgent, SubSeven, Subseven 2.1.4 DefCon 8, Trinity, WinSatan"
add chain=virus protocol=tcp action=drop dst-port=6669 comment="Host Control, Vampire"
add chain=virus protocol=tcp action=drop dst-port=6670 comment="BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame"
add chain=virus protocol=tcp action=drop dst-port=6711 comment="BackDoor-G, SubSeven, VP Killer"
add chain=virus protocol=tcp action=drop dst-port=6712 comment="Funny trojan, SubSeven"
add chain=virus protocol=tcp action=drop dst-port=6713 comment="SubSeven"
add chain=virus protocol=tcp action=drop dst-port=6723 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=6771 comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=6776 comment="2000 Cracks, BackDoor-G, SubSeven, VP Killer"
add chain=virus protocol=udp action=drop dst-port=6838 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=6883 comment="Delta Source DarkStar"
add chain=virus protocol=tcp action=drop dst-port=6912 comment="Shit Heep"
add chain=virus protocol=tcp action=drop dst-port=6939 comment="Indoctrination"
add chain=virus protocol=tcp action=drop dst-port=6969-6970 comment="GateCrasher, IRC 3, Net Controller, Priority"
add chain=virus protocol=tcp action=drop dst-port=7000 comment="Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=7001 comment="Freak88, Freak2k"
add chain=virus protocol=tcp action=drop dst-port=7215 comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=7300-7308 comment="NetMonitor"
add chain=virus protocol=tcp action=drop dst-port=7424 comment="Host Control"
add chain=virus protocol=udp action=drop dst-port=7424 comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=7597 comment="Qaz"
add chain=virus protocol=tcp action=drop dst-port=7626 comment="Glacier"
add chain=virus protocol=tcp action=drop dst-port=7777 comment="God Message, Tini"
add chain=virus protocol=tcp action=drop dst-port=7789 comment="Back Door Setup, ICKiller"
add chain=virus protocol=tcp action=drop dst-port=7891 comment="The ReVeNgEr"
add chain=virus protocol=tcp action=drop dst-port=7983 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=8787 comment="Back Orifice 2000"
add chain=virus protocol=tcp action=drop dst-port=8988 comment="BacHack"
add chain=virus protocol=tcp action=drop dst-port=8989 comment="Rcon, Recon, Xcon"
add chain=virus protocol=tcp action=drop dst-port=9000 comment="Netministrator"
add chain=virus protocol=udp action=drop dst-port=9325 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=9400 comment="InCommand"
add chain=virus protocol=tcp action=drop dst-port=9872-9875 comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=9876 comment="Cyber Attacker, Rux"
add chain=virus protocol=tcp action=drop dst-port=9878 comment="TransScout"
add chain=virus protocol=tcp action=drop dst-port=9989 comment="Ini-Killer"
add chain=virus protocol=tcp action=drop dst-port=9999 comment="The Prayer"
add chain=virus protocol=tcp action=drop dst-port=10000-10005 comment="OpwinTRojan"
add chain=virus protocol=udp action=drop dst-port=10067 comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=10085-10086 comment="Syphillis"
add chain=virus protocol=tcp action=drop dst-port=10100 comment="Control Total, Gift trojan"
add chain=virus protocol=tcp action=drop dst-port=10101 comment="BrainSpy, Silencer"
add chain=virus protocol=udp action=drop dst-port=10167 comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=10520 comment="Acid Shivers"
add chain=virus protocol=tcp action=drop dst-port=10528 comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=10607 comment="Coma"
add chain=virus protocol=udp action=drop dst-port=10666 comment="Ambush"
add chain=virus protocol=tcp action=drop dst-port=11000 comment="Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=11050-11051 comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=11223 comment="Progenic trojan, Secret Agent"
add chain=virus protocol=tcp action=drop dst-port=12076 comment="Gjamer"
add chain=virus protocol=tcp action=drop dst-port=12223 comment="Hack´99 KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=12345 comment="Ashley, cron  crontab, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill"
add chain=virus protocol=tcp action=drop dst-port=12346 comment="Fat Bitch trojan, GabanBus, NetBus, X-bill"
add chain=virus protocol=tcp action=drop dst-port=12349 comment="BioNet"
add chain=virus protocol=tcp action=drop dst-port=12361-12363 comment="Whack-a-mole"
add chain=virus protocol=udp action=drop dst-port=12623 comment="DUN Control"
add chain=virus protocol=tcp action=drop dst-port=12624 comment="ButtMan"
add chain=virus protocol=tcp action=drop dst-port=12631 comment="Whack Job"
add chain=virus protocol=tcp action=drop dst-port=12754 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=13000 comment="Senna Spy Trojan Generator, Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=13010 comment="Hacker Brasil HBR"
add chain=virus protocol=tcp action=drop dst-port=13013-13014 comment="PsychWard"
add chain=virus protocol=tcp action=drop dst-port=13223 comment="Hack´99 KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=13473 comment="Chupacabra"
add chain=virus protocol=tcp action=drop dst-port=14500-14503 comment="PC Invader"
add chain=virus protocol=tcp action=drop dst-port=15000 comment="NetDemon"
add chain=virus protocol=tcp action=drop dst-port=15092 comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=15104 comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=15382 comment="SubZero"
add chain=virus protocol=tcp action=drop dst-port=15858 comment="CDK"
add chain=virus protocol=tcp action=drop dst-port=16484 comment="Mosucker"
add chain=virus protocol=tcp action=drop dst-port=16660 comment="Stacheldraht"
add chain=virus protocol=tcp action=drop dst-port=16772 comment="ICQ Revenge"
add chain=virus protocol=tcp action=drop dst-port=16959 comment="SubSeven, Subseven 2.1.4 DefCon 8"
add chain=virus protocol=tcp action=drop dst-port=16969 comment="Priority"
add chain=virus protocol=tcp action=drop dst-port=17166 comment="Mosaic"
add chain=virus protocol=tcp action=drop dst-port=17300 comment="Kuang2 the virus"
add chain=virus protocol=tcp action=drop dst-port=17449 comment="Kid Terror"
add chain=virus protocol=tcp action=drop dst-port=17499-17500 comment="CrazzyNet"
add chain=virus protocol=tcp action=drop dst-port=17569 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=17593 comment="Audiodoor"
add chain=virus protocol=tcp action=drop dst-port=17777 comment="Nephron"
add chain=virus protocol=udp action=drop dst-port=18753 comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=19864 comment="ICQ Revenge"
add chain=virus protocol=tcp action=drop dst-port=20000 comment="Millenium"
add chain=virus protocol=tcp action=drop dst-port=20001 comment="Millenium, Millenium Lm"
add chain=virus protocol=tcp action=drop dst-port=20002 comment="AcidkoR"
add chain=virus protocol=tcp action=drop dst-port=20005 comment="Mosucker"
add chain=virus protocol=tcp action=drop dst-port=20023 comment="VP Killer"
add chain=virus protocol=tcp action=drop dst-port=20034 comment="NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job"
add chain=virus protocol=tcp action=drop dst-port=20203 comment="Chupacabra"
add chain=virus protocol=tcp action=drop dst-port=20331 comment="BLA trojan"
add chain=virus protocol=tcp action=drop dst-port=20432 comment="Shaft"
add chain=virus protocol=udp action=drop dst-port=20433 comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=21544 comment="GirlFriend, Kid Terror"
add chain=virus protocol=tcp action=drop dst-port=21554 comment="Exploiter, Kid Terror, Schwindler, Winsp00fer"
add chain=virus protocol=tcp action=drop dst-port=22222 comment="Donald Dick, Prosiak, Ruler, RUX The TIc.K"
add chain=virus protocol=tcp action=drop dst-port=23005-23006 comment="NetTrash"
add chain=virus protocol=tcp action=drop dst-port=23023 comment="Logged"
add chain=virus protocol=tcp action=drop dst-port=23032 comment="Amanda"
add chain=virus protocol=tcp action=drop dst-port=23432 comment="Asylum"
add chain=virus protocol=tcp action=drop dst-port=23456 comment="Evil FTP, Ugly FTP, Whack Job"
add chain=virus protocol=tcp action=drop dst-port=23476 comment="Donald Dick"
add chain=virus protocol=udp action=drop dst-port=23476 comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=23477 comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=23777 comment="InetSpy"
add chain=virus protocol=tcp action=drop dst-port=24000 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=25685-25982 comment="Moonpie"
add chain=virus protocol=udp action=drop dst-port=26274 comment="Delta Source"
add chain=virus protocol=tcp action=drop dst-port=26681 comment="Voice Spy"
add chain=virus protocol=tcp action=drop dst-port=27374 comment="Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven Muie, Ttfloader"
add chain=virus protocol=udp action=drop dst-port=27444 comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=27573 comment="SubSeven"
add chain=virus protocol=tcp action=drop dst-port=27665 comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=28678 comment="Exploit"er
add chain=virus protocol=tcp action=drop dst-port=29104 comment="NetTrojan"
add chain=virus protocol=tcp action=drop dst-port=29369 comment="ovasOn"
add chain=virus protocol=tcp action=drop dst-port=29891 comment="The Unexplained"
add chain=virus protocol=tcp action=drop dst-port=30000 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=30001 comment="ErrOr32"
add chain=virus protocol=tcp action=drop dst-port=30003 comment="Lamers Death"
add chain=virus protocol=tcp action=drop dst-port=30029 comment="AOL trojan"
add chain=virus protocol=tcp action=drop dst-port=30100-30133 comment="NetSphere"
add chain=virus protocol=udp action=drop dst-port=30103 comment="NetSphere"
add chain=virus protocol=tcp action=drop dst-port=30303 comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=30947 comment="Intruse"
add chain=virus protocol=tcp action=drop dst-port=30999 comment="Kuang2"
add chain=virus protocol=tcp action=drop dst-port=31335 comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=31336 comment="Bo Whack, Butt Funnel"
add chain=virus protocol=tcp action=drop dst-port=31337 comment="Back Fire, Back Orifice 1.20 patches, Back Orifice Lm, Back Orifice russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron  crontab, Freak88, Freak2k, icmp_pipe.c, Sockdmini"
add chain=virus protocol=udp action=drop dst-port=31337 comment="Back Orifice, Deep BO"
add chain=virus protocol=tcp action=drop dst-port=31338 comment="Back Orifice, Butt Funnel, NetSpy DK"
add chain=virus protocol=udp action=drop dst-port=31338 comment="Deep BO"
add chain=virus protocol=tcp action=drop dst-port=31339 comment="NetSpy DK"
add chain=virus protocol=tcp action=drop dst-port=31666 comment="BOWhack"
add chain=virus protocol=tcp action=drop dst-port=31785-31792 comment="Hack a Tack"
add chain=virus protocol=udp action=drop dst-port=31791-31792 comment="Hack a Tack"
add chain=virus protocol=tcp action=drop dst-port=32001 comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=32100 comment="Peanut Brittle, Project nEXT"
add chain=virus protocol=tcp action=drop dst-port=32418 comment="Acid Battery"
add chain=virus protocol=tcp action=drop dst-port=33270 comment="Trinity"
add chain=virus protocol=tcp action=drop dst-port=33333 comment="Blakharaz, Prosiak"
add chain=virus protocol=tcp action=drop dst-port=33577-33777 comment="Son of PsychWard"
add chain=virus protocol=tcp action=drop dst-port=33911 comment="Spirit 2000, Spirit 2001"
add chain=virus protocol=tcp action=drop dst-port=34324 comment="Big Gluck, TN"
add chain=virus protocol=tcp action=drop dst-port=34444 comment="Donald Dick"
add chain=virus protocol=udp action=drop dst-port=34555-35555 comment="Trinoo for Windows"
add chain=virus protocol=tcp action=drop dst-port=37237 comment="Mantis"
add chain=virus protocol=tcp action=drop dst-port=37651 comment="Yet Another Trojan YAT"
add chain=virus protocol=tcp action=drop dst-port=40412 comment="The Spy"
add chain=virus protocol=tcp action=drop dst-port=40421 comment="Agent 40421, Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=40422-40426 comment="Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=41337 comment="Storm"
add chain=virus protocol=tcp action=drop dst-port=41666 comment="Remote Boot Tool RBT, Remote Boot Tool RBT"
add chain=virus protocol=tcp action=drop dst-port=44444 comment="Prosiak"
add chain=virus protocol=tcp action=drop dst-port=44575 comment="Exploiter"
add chain=virus protocol=udp action=drop dst-port=47262 comment="Delta Source"
add chain=virus protocol=tcp action=drop dst-port=49301 comment="OnLine KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=50130 comment="Enterprise"
add chain=virus protocol=tcp action=drop dst-port=50505 comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=50766 comment="Fore, Schwindler"
add chain=virus protocol=tcp action=drop dst-port=51966 comment="Cafeini"
add chain=virus protocol=tcp action=drop dst-port=52317 comment="Acid Battery 2000"
add chain=virus protocol=tcp action=drop dst-port=53001 comment="Remote Windows Shutdown RWS"

3.
code :
---------------------------------------------------------------------------------
add chain=virus protocol=tcp action=drop dst-port=54283 comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=54320 comment="Back Orifice 2000"
add chain=virus protocol=tcp action=drop dst-port=54321 comment="Back Orifice 2000, School Bus"
add chain=virus protocol=tcp action=drop dst-port=55165 comment="File Manager trojan, File Manager trojan, WM Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=55166 comment="WM Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=57341 comment="NetRaider"
add chain=virus protocol=tcp action=drop dst-port=58339 comment="Butt Funnel"
add chain=virus protocol=tcp action=drop dst-port=60000 comment="Deep Throat, Foreplay, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=60001 comment="Trinity"
add chain=virus protocol=tcp action=drop dst-port=60068 comment="Xzip 6000068"
add chain=virus protocol=tcp action=drop dst-port=60411 comment="Connection"
add chain=virus protocol=tcp action=drop dst-port=61348 comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=61466 comment="TeleCommando"
add chain=virus protocol=tcp action=drop dst-port=61603 comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=63485 comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=64101 comment="Taskman"
add chain=virus protocol=tcp action=drop dst-port=65000 comment="Devil, Sockets des Troie, Stacheldraht"
add chain=virus protocol=tcp action=drop dst-port=65390 comment="Eclypse"
add chain=virus protocol=tcp action=drop dst-port=65421 comment="Jade"
add chain=virus protocol=tcp action=drop dst-port=65432 comment="The Traitor th3tr41t0r"
add chain=virus protocol=udp action=drop dst-port=65432 comment="The Traitor th3tr41t0r"
add chain=virus protocol=tcp action=drop dst-port=65534 comment="sbin initd"
add chain=virus protocol=tcp action=drop dst-port=65535 comment="RC1 trojan"
add chain=forward action=jump jump-target=virus comment="jump to the virus chain"

NB :
kelebihan
1. memblokir semua virus2 yang bertebaran di jaringan lan, terutama yang ingin masuk ke dalam router, dan berniat menggerogoti bandwith inet anda!

kerugian
1. jika anda menggunakan router broard, sebaiknya jangan terlalu byk, karena dapat menimbulkan hank.
2. jika anda menggunakan pc router yang spek komputernya minimal.
contoh pentium 3 dgn hdd 5-7 juga kurang baik. Sebaiknya menggunakan pc yang high performance.

Mudah2an bermanfaat,

Wassalamu'alaikum...  

Memisahkan gateway traffic Local dan International

Assalamu'alaikum...

Pertama : Allah SWT, orang tua, dan guru ku!
Kedua : teman2 seperjuangan IT Indonesia!
Ketiga : semua forum indonesia dan luar negeri!

langsung saja.

Teknik lainnya utk memisahkan traffic data local/IIX dan International adalah dengan menggunakan mark-routing.

Misal untuk traffic International dilewatkan melalui gateway 203.89.24.65 sedangkan traffic local Indonesia di lewatkan melalui gateway 203.89.24.177.

code:
---------------------------------------------------------------------------------
/ip firewall address-list
add list=nice address="1.2.3.4"
remove [find list="nice"]
add list=nice address="114.120.0.0/13"
add list=nice address="120.168.0.0/13"
add list=nice address="114.56.0.0/14"
add list=nice address="125.166.0.0/15"
add list=nice address="120.162.0.0/15"
add list=nice address="120.160.0.0/15"
add list=nice address="125.162.0.0/16"
add list=nice address="125.163.0.0/16"
add list=nice address="125.160.0.0/16"
add list=nice address="125.161.0.0/16"
add list=nice address="125.164.0.0/16"
add list=nice address="125.165.0.0/16"
add list=nice address="124.81.0.0/16"
add list=nice address="222.124.0.0/16"
add list=nice address="61.94.0.0/16"
add list=nice address="118.96.0.0/16"
add list=nice address="118.97.0.0/16"
add list=nice address="167.205.0.0/16"
add list=nice address="110.139.0.0/16"
add list=nice address="110.138.0.0/16"
add list=nice address="110.137.0.0/16"
add list=nice address="110.136.0.0/16"
add list=nice address="202.158.0.0/17"
add list=nice address="61.5.0.0/17"
add list=nice address="124.195.0.0/17"
add list=nice address="121.52.0.0/17"
add list=nice address="118.98.0.0/17"
add list=nice address="202.155.0.0/17"
add list=nice address="219.83.0.0/17"
add list=nice address="119.11.128.0/17"
add list=nice address="118.99.64.0/18"
add list=nice address="112.78.128.0/18"
add list=nice address="117.102.64.0/18"
add list=nice address="152.118.128.0/18"
add list=nice address="152.118.192.0/18"
add list=nice address="152.118.0.0/18"
add list=nice address="152.118.64.0/18"
add list=nice address="221.132.192.0/18"
add list=nice address="125.208.128.0/18"
add list=nice address="124.153.0.0/18"
add list=nice address="222.165.192.0/18"
add list=nice address="203.130.192.0/18"
add list=nice address="210.210.128.0/18"
add list=nice address="202.173.64.0/19"
add list=nice address="114.199.96.0/19"
add list=nice address="202.171.0.0/19"
add list=nice address="202.47.192.0/19"
add list=nice address="202.169.32.0/19"
add list=nice address="117.102.224.0/19"
add list=nice address="202.149.128.0/19"
add list=nice address="202.146.224.0/19"
add list=nice address="202.155.128.0/19"
add list=nice address="118.82.0.0/19"
add list=nice address="202.95.128.0/19"
add list=nice address="202.152.224.0/19"
add list=nice address="113.11.128.0/19"
add list=nice address="60.253.96.0/19"
add list=nice address="61.247.0.0/19"
add list=nice address="61.247.32.0/19"
add list=nice address="111.94.0.0/19"
add list=nice address="111.94.32.0/19"
add list=nice address="111.94.64.0/19"
add list=nice address="111.94.96.0/19"
add list=nice address="111.94.128.0/19"
add list=nice address="111.94.160.0/19"
add list=nice address="111.94.192.0/19"
add list=nice address="114.79.0.0/19"
add list=nice address="114.79.32.0/19"
add list=nice address="115.166.96.0/19"
add list=nice address="117.104.192.0/19"
add list=nice address="118.98.160.0/19"
add list=nice address="118.98.192.0/19"
add list=nice address="118.136.0.0/19"
add list=nice address="118.136.32.0/19"
add list=nice address="118.136.64.0/19"
add list=nice address="118.136.96.0/19"
add list=nice address="118.136.128.0/19"
add list=nice address="118.136.160.0/19"
add list=nice address="118.136.192.0/19"
add list=nice address="118.136.224.0/19"
add list=nice address="118.137.0.0/19"
add list=nice address="118.137.32.0/19"
add list=nice address="118.137.64.0/19"
add list=nice address="118.137.96.0/19"
add list=nice address="118.137.128.0/19"
add list=nice address="118.137.160.0/19"
add list=nice address="118.137.192.0/19"
add list=nice address="118.137.224.0/19"
add list=nice address="120.164.0.0/19"
add list=nice address="123.231.224.0/19"
add list=nice address="202.46.64.0/19"
add list=nice address="202.51.192.0/19"
add list=nice address="202.53.224.0/19"
add list=nice address="202.77.96.0/19"
add list=nice address="202.81.32.0/19"
add list=nice address="202.137.0.0/19"
add list=nice address="202.148.0.0/19"
add list=nice address="202.150.64.0/19"
add list=nice address="202.152.0.0/19"
add list=nice address="202.152.32.0/19"
add list=nice address="202.153.128.0/19"
add list=nice address="202.154.0.0/19"
add list=nice address="202.154.32.0/19"
add list=nice address="202.159.0.0/19"
add list=nice address="202.159.32.0/19"
add list=nice address="202.159.64.0/19"
add list=nice address="202.159.96.0/19"
add list=nice address="202.162.192.0/19"
add list=nice address="203.123.224.0/19"
add list=nice address="203.128.64.0/19"
add list=nice address="61.8.64.0/20"
add list=nice address="110.5.96.0/20"
add list=nice address="111.67.64.0/20"
add list=nice address="111.94.224.0/20"
add list=nice address="113.212.112.0/20"
add list=nice address="114.199.80.0/20"
add list=nice address="116.213.48.0/20"
add list=nice address="117.20.48.0/20"
add list=nice address="117.103.0.0/20"
add list=nice address="119.2.64.0/20"
add list=nice address="119.110.64.0/20"
add list=nice address="119.235.208.0/20"
add list=nice address="121.50.128.0/20"
add list=nice address="121.100.16.0/20"
add list=nice address="122.129.96.0/20"
add list=nice address="122.129.192.0/20"
add list=nice address="122.200.0.0/20"
add list=nice address="180.178.96.0/20"
add list=nice address="180.214.240.0/20"
add list=nice address="202.3.208.0/20"
add list=nice address="202.6.208.0/20"
add list=nice address="202.6.224.0/20"
add list=nice address="202.46.144.0/20"
add list=nice address="202.47.64.0/20"
add list=nice address="202.51.224.0/20"
add list=nice address="202.57.0.0/20"
add list=nice address="202.58.64.0/20"
add list=nice address="202.58.160.0/20"
add list=nice address="202.59.160.0/20"
add list=nice address="202.62.16.0/20"
add list=nice address="202.65.112.0/20"
add list=nice address="202.67.32.0/20"
add list=nice address="202.69.96.0/20"
add list=nice address="202.70.48.0/20"
add list=nice address="202.72.208.0/20"
add list=nice address="202.73.112.0/20"
add list=nice address="202.73.224.0/20"
add list=nice address="202.75.96.0/20"
add list=nice address="202.77.64.0/20"
add list=nice address="202.78.192.0/20"
add list=nice address="202.80.112.0/20"
add list=nice address="202.80.208.0/20"
add list=nice address="202.87.176.0/20"
add list=nice address="202.93.16.0/20"
add list=nice address="202.93.32.0/20"
add list=nice address="202.93.128.0/20"
add list=nice address="202.93.224.0/20"
add list=nice address="202.123.224.0/20"
add list=nice address="202.127.96.0/20"
add list=nice address="202.133.80.0/20"
add list=nice address="202.138.224.0/20"
add list=nice address="202.143.32.0/20"
add list=nice address="202.145.0.0/20"
add list=nice address="202.147.192.0/20"
add list=nice address="202.149.80.0/20"
add list=nice address="202.150.128.0/20"
add list=nice address="202.152.160.0/20"
add list=nice address="202.153.16.0/20"
add list=nice address="202.153.240.0/20"
add list=nice address="202.165.32.0/20"
add list=nice address="202.182.48.0/20"
add list=nice address="203.78.112.0/20"
add list=nice address="203.83.32.0/20"
add list=nice address="203.89.16.0/20"
add list=nice address="203.153.96.0/20"
add list=nice address="203.161.16.0/20"
add list=nice address="203.166.192.0/20"
add list=nice address="210.57.208.0/20"
add list=nice address="210.79.208.0/20"
add list=nice address="220.157.96.0/20"
add list=nice address="58.145.168.0/21"
add list=nice address="61.45.224.0/21"
add list=nice address="110.35.80.0/21"
add list=nice address="110.44.168.0/21"
add list=nice address="110.76.144.0/21"
add list=nice address="111.68.24.0/21"
add list=nice address="111.94.240.0/21"
add list=nice address="112.109.16.0/21"
add list=nice address="113.59.232.0/21"
add list=nice address="113.212.160.0/21"
add list=nice address="114.30.80.0/21"
add list=nice address="114.31.240.0/21"
add list=nice address="114.110.16.0/21"
add list=nice address="114.134.72.0/21"
add list=nice address="114.141.48.0/21"
add list=nice address="114.141.88.0/21"
add list=nice address="115.69.216.0/21"
add list=nice address="115.85.64.0/21"
add list=nice address="115.124.64.0/21"
add list=nice address="115.178.48.0/21"
add list=nice address="115.178.120.0/21"
add list=nice address="116.0.0.0/21"
add list=nice address="116.12.40.0/21"
add list=nice address="116.50.24.0/21"
add list=nice address="116.66.200.0/21"
add list=nice address="116.68.224.0/21"
add list=nice address="116.90.208.0/21"
add list=nice address="116.197.128.0/21"
add list=nice address="116.212.72.0/21"
add list=nice address="116.254.96.0/21"
add list=nice address="117.18.16.0/21"
add list=nice address="117.74.120.0/21"
add list=nice address="117.102.160.0/21"
add list=nice address="117.103.32.0/21"
add list=nice address="117.103.48.0/21"
add list=nice address="117.103.168.0/21"
add list=nice address="117.121.200.0/21"
add list=nice address="119.2.40.0/21"
add list=nice address="119.10.176.0/21"
add list=nice address="119.47.88.0/21"
add list=nice address="119.82.240.0/21"
add list=nice address="119.110.80.0/21"
add list=nice address="119.160.200.0/21"
add list=nice address="119.235.24.0/21"
add list=nice address="119.235.248.0/21"
add list=nice address="119.252.128.0/21"
add list=nice address="120.29.152.0/21"
add list=nice address="120.136.16.0/21"
add list=nice address="120.164.40.0/21"
add list=nice address="121.52.136.0/21"
add list=nice address="121.58.184.0/21"
add list=nice address="121.101.128.0/21"
add list=nice address="121.101.184.0/21"
add list=nice address="122.49.224.0/21"
add list=nice address="122.128.16.0/21"
add list=nice address="122.129.112.0/21"
add list=nice address="122.144.0.0/21"
add list=nice address="122.200.48.0/21"
add list=nice address="122.200.144.0/21"
add list=nice address="123.108.8.0/21"
add list=nice address="123.108.96.0/21"
add list=nice address="123.255.200.0/21"
add list=nice address="124.66.160.0/21"
add list=nice address="124.158.128.0/21"
add list=nice address="175.176.160.0/21"
add list=nice address="180.211.88.0/21"
add list=nice address="199.249.120.0/21"
add list=nice address="202.43.160.0/21"
add list=nice address="202.43.176.0/21"
add list=nice address="202.43.248.0/21"
add list=nice address="202.46.0.0/21"
add list=nice address="202.46.24.0/21"
add list=nice address="202.51.16.0/21"
add list=nice address="202.57.16.0/21"
add list=nice address="202.58.176.0/21"
add list=nice address="202.59.200.0/21"
add list=nice address="202.67.8.0/21"
add list=nice address="202.72.192.0/21"
add list=nice address="202.73.104.0/21"
add list=nice address="202.74.72.0/21"
add list=nice address="202.75.16.0/21"
add list=nice address="202.87.248.0/21"
add list=nice address="202.89.208.0/21"
add list=nice address="202.91.8.0/21"
add list=nice address="202.91.24.0/21"
add list=nice address="202.93.240.0/21"
add list=nice address="202.122.8.0/21"
add list=nice address="202.122.168.0/21"
add list=nice address="202.129.184.0/21"
add list=nice address="202.133.0.0/21"
add list=nice address="202.134.0.0/21"
add list=nice address="202.138.240.0/21"
add list=nice address="202.147.224.0/21"
add list=nice address="202.147.248.0/21"
add list=nice address="202.149.64.0/21"
add list=nice address="202.153.224.0/21"
add list=nice address="202.162.32.0/21"
add list=nice address="202.164.216.0/21"
add list=nice address="202.169.224.0/21"
add list=nice address="202.169.240.0/21"
add list=nice address="202.173.16.0/21"
add list=nice address="202.179.184.0/21"
add list=nice address="202.182.168.0/21"
add list=nice address="203.77.224.0/21"
add list=nice address="203.80.8.0/21"
add list=nice address="203.84.136.0/21"
add list=nice address="203.84.152.0/21"
add list=nice address="203.134.232.0/21"
add list=nice address="203.135.176.0/21"
add list=nice address="203.142.80.0/21"
add list=nice address="203.153.24.0/21"
add list=nice address="203.153.112.0/21"
add list=nice address="203.160.56.0/21"
add list=nice address="203.174.8.0/21"
add list=nice address="203.190.40.0/21"
add list=nice address="203.190.184.0/21"
add list=nice address="203.190.240.0/21"
add list=nice address="203.191.40.0/21"
add list=nice address="203.201.168.0/21"
add list=nice address="210.23.64.0/21"
add list=nice address="222.229.80.0/21"
add list=nice address="58.65.244.0/22"
add list=nice address="61.45.232.0/22"
add list=nice address="79.140.192.0/22"
add list=nice address="110.92.72.0/22"
add list=nice address="111.67.80.0/22"
add list=nice address="111.68.112.0/22"
add list=nice address="111.94.248.0/22"
add list=nice address="111.221.40.0/22"
add list=nice address="112.78.32.0/22"
add list=nice address="112.78.40.0/22"
add list=nice address="113.208.64.0/22"
add list=nice address="114.134.64.0/22"
add list=nice address="116.68.160.0/22"
add list=nice address="116.68.172.0/22"
add list=nice address="116.68.248.0/22"
add list=nice address="116.90.164.0/22"
add list=nice address="116.90.168.0/22"
add list=nice address="116.199.200.0/22"
add list=nice address="117.74.112.0/22"
add list=nice address="117.103.56.0/22"
add list=nice address="118.98.232.0/22"
add list=nice address="119.2.48.0/22"
add list=nice address="119.82.224.0/22"
add list=nice address="119.82.232.0/22"
add list=nice address="119.235.16.0/22"
add list=nice address="120.29.224.0/22"
add list=nice address="121.52.132.0/22"
add list=nice address="122.102.48.0/22"
add list=nice address="124.6.32.0/22"
add list=nice address="124.6.40.0/22"
add list=nice address="124.158.136.0/22"
add list=nice address="138.32.236.0/22"
add list=nice address="175.111.88.0/22"
add list=nice address="180.131.144.0/22"
add list=nice address="180.178.92.0/22"
add list=nice address="180.214.232.0/22"
add list=nice address="180.222.216.0/22"
add list=nice address="180.235.148.0/22"
add list=nice address="183.91.84.0/22"
add list=nice address="183.182.92.0/22"
add list=nice address="202.10.32.0/22"
add list=nice address="202.10.40.0/22"
add list=nice address="202.43.72.0/22"
add list=nice address="202.43.92.0/22"
add list=nice address="202.43.112.0/22"
add list=nice address="202.43.168.0/22"
add list=nice address="202.43.188.0/22"
add list=nice address="202.46.8.0/22"
add list=nice address="202.51.28.0/22"
add list=nice address="202.51.56.0/22"
add list=nice address="202.51.96.0/22"
add list=nice address="202.51.104.0/22"
add list=nice address="202.51.124.0/22"
add list=nice address="202.51.252.0/22"
add list=nice address="202.55.164.0/22"
add list=nice address="202.55.168.0/22"
add list=nice address="202.57.28.0/22"
add list=nice address="202.62.8.0/22"
add list=nice address="202.75.24.0/22"
add list=nice address="202.81.4.0/22"
add list=nice address="202.122.160.0/22"
add list=nice address="202.129.224.0/22"
add list=nice address="202.138.248.0/22"
add list=nice address="202.146.0.0/22"
add list=nice address="202.146.128.0/22"
add list=nice address="202.146.176.0/22"
add list=nice address="202.147.244.0/22"
add list=nice address="202.149.72.0/22"
add list=nice address="202.151.12.0/22"
add list=nice address="202.153.236.0/22"
add list=nice address="202.154.176.0/22"
add list=nice address="202.158.140.0/22"
add list=nice address="202.162.40.0/22"
add list=nice address="202.169.236.0/22"
add list=nice address="202.180.0.0/22"
add list=nice address="202.180.52.0/22"
add list=nice address="202.182.160.0/22"
add list=nice address="203.77.208.0/22"
add list=nice address="203.77.236.0/22"
add list=nice address="203.77.248.0/22"
add list=nice address="203.99.96.0/22"
add list=nice address="203.114.224.0/22"
add list=nice address="203.128.248.0/22"
add list=nice address="203.142.68.0/22"
add list=nice address="203.142.76.0/22"
add list=nice address="203.153.60.0/22"
add list=nice address="203.153.120.0/22"
add list=nice address="203.153.216.0/22"
add list=nice address="203.190.48.0/22"
add list=nice address="203.190.112.0/22"
add list=nice address="203.201.160.0/22"
add list=nice address="203.217.188.0/22"
add list=nice address="220.247.168.0/22"
add list=nice address="32.234.170.0/23"
add list=nice address="32.234.172.0/23"
add list=nice address="58.65.240.0/23"
add list=nice address="61.45.236.0/23"
add list=nice address="111.67.86.0/23"
add list=nice address="111.67.88.0/23"
add list=nice address="111.68.116.0/23"
add list=nice address="111.68.124.0/23"
add list=nice address="111.92.160.0/23"
add list=nice address="111.92.164.0/23"
add list=nice address="112.78.36.0/23"
add list=nice address="112.78.46.0/23"
add list=nice address="112.215.6.0/23"
add list=nice address="112.215.22.0/23"
add list=nice address="114.4.10.0/23"
add list=nice address="114.4.14.0/23"
add list=nice address="114.6.8.0/23"
add list=nice address="114.134.68.0/23"
add list=nice address="115.124.72.0/23"
add list=nice address="116.68.164.0/23"
add list=nice address="116.68.170.0/23"
add list=nice address="116.68.254.0/23"
add list=nice address="116.90.172.0/23"
add list=nice address="116.90.176.0/23"
add list=nice address="116.199.206.0/23"
add list=nice address="116.212.96.0/23"
add list=nice address="116.212.100.0/23"
add list=nice address="117.103.60.0/23"
add list=nice address="118.98.226.0/23"
add list=nice address="119.2.52.0/23"
add list=nice address="119.82.230.0/23"
add list=nice address="119.82.238.0/23"
add list=nice address="119.235.20.0/23"
add list=nice address="119.252.160.0/23"
add list=nice address="121.52.130.0/23"
add list=nice address="122.128.24.0/23"
add list=nice address="123.176.120.0/23"
add list=nice address="124.158.150.0/23"
add list=nice address="146.23.252.0/23"
add list=nice address="175.103.62.0/23"
add list=nice address="194.146.106.0/23"
add list=nice address="202.2.92.0/23"
add list=nice address="202.4.160.0/23"
add list=nice address="202.4.170.0/23"
add list=nice address="202.8.28.0/23"
add list=nice address="202.10.62.0/23"
add list=nice address="202.20.106.0/23"
add list=nice address="202.20.108.0/23"
add list=nice address="202.43.64.0/23"
add list=nice address="202.43.88.0/23"
add list=nice address="202.43.116.0/23"
add list=nice address="202.43.186.0/23"
add list=nice address="202.46.14.0/23"
add list=nice address="202.46.130.0/23"
add list=nice address="202.46.240.0/23"
add list=nice address="202.46.252.0/23"
add list=nice address="202.47.90.0/23"
add list=nice address="202.51.60.0/23"
add list=nice address="202.51.102.0/23"
add list=nice address="202.51.110.0/23"
add list=nice address="202.51.118.0/23"
add list=nice address="202.55.160.0/23"
add list=nice address="202.55.172.0/23"
add list=nice address="202.57.24.0/23"
add list=nice address="202.58.242.0/23"
add list=nice address="202.59.194.0/23"
add list=nice address="202.59.196.0/23"
add list=nice address="202.65.236.0/23"
add list=nice address="202.72.202.0/23"
add list=nice address="202.73.98.0/23"
add list=nice address="202.73.100.0/23"
add list=nice address="202.75.28.0/23"
add list=nice address="202.89.116.0/23"
add list=nice address="202.89.216.0/23"
add list=nice address="202.90.194.0/23"
add list=nice address="202.90.198.0/23"
add list=nice address="202.93.112.0/23"
add list=nice address="202.93.120.0/23"
add list=nice address="202.122.166.0/23"
add list=nice address="202.129.216.0/23"
add list=nice address="202.135.6.0/23"
add list=nice address="202.135.134.0/23"
add list=nice address="202.138.252.0/23"
add list=nice address="202.146.4.0/23"
add list=nice address="202.146.32.0/23"
add list=nice address="202.146.134.0/23"
add list=nice address="202.147.232.0/23"
add list=nice address="202.147.240.0/23"
add list=nice address="202.149.78.0/23"
add list=nice address="202.153.232.0/23"
add list=nice address="202.154.184.0/23"
add list=nice address="202.158.130.0/23"
add list=nice address="202.158.132.0/23"
add list=nice address="202.158.138.0/23"
add list=nice address="202.162.46.0/23"
add list=nice address="202.169.232.0/23"
add list=nice address="202.169.248.0/23"
add list=nice address="202.171.236.0/23"
add list=nice address="202.180.4.0/23"
add list=nice address="202.180.8.0/23"
add list=nice address="202.182.176.0/23"
add list=nice address="202.182.182.0/23"
add list=nice address="202.182.184.0/23"
add list=nice address="202.182.188.0/23"
add list=nice address="202.191.2.0/23"
add list=nice address="203.24.76.0/23"
add list=nice address="203.29.26.0/23"
add list=nice address="203.30.254.0/23"
add list=nice address="203.31.164.0/23"
add list=nice address="203.43.114.0/23"
add list=nice address="203.77.214.0/23"
add list=nice address="203.77.216.0/23"
add list=nice address="203.77.220.0/23"
add list=nice address="203.79.26.0/23"
add list=nice address="203.81.188.0/23"
add list=nice address="203.89.146.0/23"
add list=nice address="203.89.148.0/23"
add list=nice address="203.99.102.0/23"
add list=nice address="203.99.130.0/23"
add list=nice address="203.142.64.0/23"
add list=nice address="203.148.84.0/23"
add list=nice address="203.153.124.0/23"
add list=nice address="203.161.190.0/23"
add list=nice address="203.189.88.0/23"
add list=nice address="203.189.120.0/23"
add list=nice address="203.190.36.0/23"
add list=nice address="203.190.54.0/23"
add list=nice address="203.190.116.0/23"
add list=nice address="203.194.70.0/23"
add list=nice address="203.201.50.0/23"
add list=nice address="203.209.188.0/23"
add list=nice address="203.210.80.0/23"
add list=nice address="203.217.132.0/23"
add list=nice address="203.217.172.0/23"
add list=nice address="203.223.90.0/23"
add list=nice address="204.61.216.0/23"
add list=nice address="32.234.168.0/24"
add list=nice address="32.234.175.0/24"
add list=nice address="58.65.242.0/24"
add list=nice address="58.147.188.0/24"
add list=nice address="58.147.191.0/24"
add list=nice address="61.45.238.0/24"
add list=nice address="64.110.176.0/24"
add list=nice address="69.88.25.0/24"
add list=nice address="69.166.10.0/24"
add list=nice address="111.67.84.0/24"
add list=nice address="111.67.90.0/24"
add list=nice address="111.67.95.0/24"
add list=nice address="111.68.120.0/24"
add list=nice address="111.68.127.0/24"
add list=nice address="112.78.44.0/24"
add list=nice address="112.78.96.0/24"
add list=nice address="112.78.98.0/24"
add list=nice address="112.215.21.0/24"
add list=nice address="112.215.26.0/24"
add list=nice address="112.215.28.0/24"
add list=nice address="113.197.67.0/24"
add list=nice address="114.4.0.0/24"
add list=nice address="114.4.5.0/24"
add list=nice address="114.4.6.0/24"
add list=nice address="114.4.12.0/24"
add list=nice address="114.4.40.0/24"
add list=nice address="114.5.2.0/24"
add list=nice address="114.6.1.0/24"
add list=nice address="114.6.12.0/24"
add list=nice address="114.129.18.0/24"
add list=nice address="114.141.57.0/24"
add list=nice address="114.141.60.0/24"
add list=nice address="115.85.94.0/24"
add list=nice address="116.68.168.0/24"
add list=nice address="116.68.252.0/24"
add list=nice address="116.90.163.0/24"
add list=nice address="116.199.205.0/24"
add list=nice address="117.74.116.0/24"
add list=nice address="118.91.128.0/24"
add list=nice address="119.2.55.0/24"
add list=nice address="119.18.156.0/24"
add list=nice address="119.82.237.0/24"
add list=nice address="119.235.22.0/24"
add list=nice address="119.252.162.0/24"
add list=nice address="119.252.165.0/24"
add list=nice address="119.252.173.0/24"
add list=nice address="121.52.129.0/24"
add list=nice address="122.102.52.0/24"
add list=nice address="123.176.122.0/24"
add list=nice address="123.176.127.0/24"
add list=nice address="124.158.141.0/24"
add list=nice address="144.5.46.0/24"
add list=nice address="146.23.254.0/24"
add list=nice address="152.158.247.0/24"
add list=nice address="175.103.33.0/24"
add list=nice address="175.103.44.0/24"
add list=nice address="192.5.5.0/24"
add list=nice address="192.23.186.0/24"
add list=nice address="192.36.148.0/24"
add list=nice address="194.0.1.0/24"
add list=nice address="194.0.2.0/24"
add list=nice address="194.146.108.0/24"
add list=nice address="198.1.2.0/24"
add list=nice address="198.182.167.0/24"
add list=nice address="199.4.137.0/24"
add list=nice address="202.1.236.0/24"
add list=nice address="202.4.185.0/24"
add list=nice address="202.10.36.0/24"
add list=nice address="202.10.39.0/24"
add list=nice address="202.10.44.0/24"
add list=nice address="202.14.255.0/24"
add list=nice address="202.22.31.0/24"
add list=nice address="202.43.173.0/24"
add list=nice address="202.43.175.0/24"
add list=nice address="202.43.184.0/24"
add list=nice address="202.45.149.0/24"
add list=nice address="202.46.12.0/24"
add list=nice address="202.46.129.0/24"
add list=nice address="202.47.80.0/24"
add list=nice address="202.47.88.0/24"
add list=nice address="202.51.100.0/24"
add list=nice address="202.51.108.0/24"
add list=nice address="202.51.113.0/24"
add list=nice address="202.51.117.0/24"
add list=nice address="202.51.121.0/24"
add list=nice address="202.55.162.0/24"
add list=nice address="202.58.124.0/24"
add list=nice address="202.59.192.0/24"
add list=nice address="202.59.198.0/24"
add list=nice address="202.65.227.0/24"
add list=nice address="202.65.228.0/24"
add list=nice address="202.65.238.0/24"
add list=nice address="202.72.200.0/24"
add list=nice address="202.72.206.0/24"
add list=nice address="202.73.97.0/24"
add list=nice address="202.75.31.0/24"
add list=nice address="202.87.240.0/24"
add list=nice address="202.87.242.0/24"
add list=nice address="202.87.245.0/24"
add list=nice address="202.87.247.0/24"
add list=nice address="202.89.223.0/24"
add list=nice address="202.92.192.0/24"
add list=nice address="202.92.207.0/24"
add list=nice address="202.93.114.0/24"
add list=nice address="202.93.117.0/24"
add list=nice address="202.93.119.0/24"
add list=nice address="202.122.164.0/24"
add list=nice address="202.135.5.0/24"
add list=nice address="202.135.16.0/24"
add list=nice address="202.135.23.0/24"
add list=nice address="202.135.28.0/24"
add list=nice address="202.135.42.0/24"
add list=nice address="202.135.54.0/24"
add list=nice address="202.135.129.0/24"
add list=nice address="202.135.133.0/24"
add list=nice address="202.135.145.0/24"
add list=nice address="202.135.155.0/24"
add list=nice address="202.135.161.0/24"
add list=nice address="202.135.248.0/24"
add list=nice address="202.146.34.0/24"
add list=nice address="202.146.47.0/24"
add list=nice address="202.146.133.0/24"
add list=nice address="202.146.136.0/24"
add list=nice address="202.146.138.0/24"
add list=nice address="202.146.180.0/24"
add list=nice address="202.147.234.0/24"
add list=nice address="202.147.242.0/24"
add list=nice address="202.149.77.0/24"
add list=nice address="202.150.227.0/24"
add list=nice address="202.151.8.0/24"
add list=nice address="202.151.10.0/24"
add list=nice address="202.152.192.0/24"
add list=nice address="202.152.195.0/24"
add list=nice address="202.152.197.0/24"
add list=nice address="202.152.199.0/24"
add list=nice address="202.152.200.0/24"
add list=nice address="202.152.203.0/24"
add list=nice address="202.152.207.0/24"
add list=nice address="202.154.183.0/24"
add list=nice address="202.154.187.0/24"
add list=nice address="202.154.190.0/24"
add list=nice address="202.158.129.0/24"
add list=nice address="202.158.137.0/24"
add list=nice address="202.158.252.0/24"
add list=nice address="202.160.254.0/24"
add list=nice address="202.167.97.0/24"
add list=nice address="202.169.234.0/24"
add list=nice address="202.171.233.0/24"
add list=nice address="202.180.7.0/24"
add list=nice address="202.180.10.0/24"
add list=nice address="202.180.13.0/24"
add list=nice address="202.180.14.0/24"
add list=nice address="202.180.48.0/24"
add list=nice address="202.180.51.0/24"
add list=nice address="202.182.164.0/24"
add list=nice address="202.182.166.0/24"
add list=nice address="202.182.187.0/24"
add list=nice address="202.182.191.0/24"
add list=nice address="203.14.176.0/24"
add list=nice address="203.19.4.0/24"
add list=nice address="203.30.237.0/24"
add list=nice address="203.77.212.0/24"
add list=nice address="203.77.223.0/24"
add list=nice address="203.77.232.0/24"
add list=nice address="203.77.235.0/24"
add list=nice address="203.77.247.0/24"
add list=nice address="203.77.252.0/24"
add list=nice address="203.77.255.0/24"
add list=nice address="203.79.29.0/24"
add list=nice address="203.81.184.0/24"
add list=nice address="203.99.121.0/24"
add list=nice address="203.99.127.0/24"
add list=nice address="203.119.13.0/24"
add list=nice address="203.119.17.0/24"
add list=nice address="203.123.60.0/24"
add list=nice address="203.123.62.0/24"
add list=nice address="203.142.66.0/24"
add list=nice address="203.153.49.0/24"
add list=nice address="203.153.126.0/24"
add list=nice address="203.160.128.0/24"
add list=nice address="203.163.66.0/24"
add list=nice address="203.163.76.0/24"
add list=nice address="203.163.81.0/24"
add list=nice address="203.163.88.0/24"
add list=nice address="203.163.95.0/24"
add list=nice address="203.163.113.0/24"
add list=nice address="203.171.221.0/24"
add list=nice address="203.173.89.0/24"
add list=nice address="203.173.90.0/24"
add list=nice address="203.174.5.0/24"
add list=nice address="203.189.123.0/24"
add list=nice address="203.190.52.0/24"
add list=nice address="203.190.118.0/24"
add list=nice address="203.194.90.0/24"
add list=nice address="203.196.90.0/24"
add list=nice address="203.201.166.0/24"
add list=nice address="203.207.52.0/24"
add list=nice address="203.207.59.0/24"
add list=nice address="203.209.190.0/24"
add list=nice address="203.210.87.0/24"
add list=nice address="203.215.48.0/24"
add list=nice address="203.215.50.0/24"
add list=nice address="203.217.134.0/24"
add list=nice address="203.217.140.0/24"
add list=nice address="220.247.172.0/24"
add list=nice address="220.247.175.0/24"

Kemudian tandai packet data yang menuju local Indonesia:
/ ip firewall mangle
add chain=postrouting dst-address-list=nice action=mark-routing \
    new-routing-mark=nice passthrough=yes comment="" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=203.89.24.65 scope=255 target-scope=10 \
    comment="traffic selain local Indonesia" disabled=no
add dst-address=0.0.0.0/0 gateway=203.89.24.177 scope=255 target-scope=10 \
    routing-mark=nice comment="traffic local Indonesia" disabled=no 

Dengan demikian maka jika ke jaringan local Indonesia akan melalui 203.89.24.177 sedangkan untuk ke International melalui 203.89.24.65, sehingga jika interfacenya dipisah diantara router user dengan router datautama dapat diberi dua mikrotik sebagai bridge utk melimit traffic International maupun local secara terpisah.

Hasil traceroute ke www.plasa.com

C:\Documents and Settings\wahyu>tracert www.plasa.com

Tracing route to www.plasa.com [202.134.0.12]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.2.1
2 <1 ms <1 ms <1 ms ip-24-177.isp.net.id [203.89.24.177]
3 16 ms 25 ms 12 ms ip-24-1.isp.net.id [203.89.24.1]
4 25 ms 25 ms 15 ms telkomnet.openixp.net [218.100.27.179]
5 21 ms 23 ms 19 ms 202.134.2.148
6 12 ms 9 ms 12 ms web.plasa.com [202.134.0.12]
7 10 ms 12 ms 28 ms web.plasa.com [202.134.0.12]
8 11 ms 17 ms 12 ms web.plasa.com [202.134.0.12]

Trace complete.

Hasil traceroute ke www.yahoo.com

C:\Documents and Settings\wahyu>tracert www.yahoo.com

Tracing route to www.yahoo-ht2.akadns.net [209.131.36.158]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.2.1
2 <1 ms <1 ms <1 ms ip-24-65.isp.net.id [203.89.24.65]
3 15 ms 25 ms 10 ms ip-24-1.isp.net.id [203.89.24.1]
4 12 ms 12 ms 15 ms 202.59.203.241
5 10 ms 14 ms 10 ms 202.153.90.89
6 94 ms 99 ms 71 ms 202.153.90.225
7 110 ms 204 ms 225 ms 208.30.197.53
8 * 140 ms 125 ms sl-bb20-hk-14-0.sprintlink.net [203.222.38.37]
9 * 163 ms 161 ms sl-bb20-tok-15-0.sprintlink.net [203.222.33.88]
10 318 ms 245 ms 241 ms sl-bb21-sea-8-2.sprintlink.net [144.232.20.50]
11 305 ms 260 ms 222 ms sl-bb20-sea-15-0.sprintlink.net [144.232.6.89]
12 218 ms 216 ms 228 ms so-3-0-0.gar1.Seattle1.Level3.net [209.0.227.133]
13 226 ms 225 ms 313 ms ae-1-53.mp1.Seattle1.Level3.net [4.68.105.65]
14 237 ms 232 ms 239 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218]
15 230 ms 235 ms 238 ms ae-23-54.car3.SanJose1.Level3.net [4.68.123.109]
16 232 ms 241 ms 365 ms 4.71.112.14
17 230 ms 238 ms 233 ms g-1-0-0-p171.msr2.sp1.yahoo.com [216.115.107.87]
18 345 ms 314 ms 258 ms UNKNOWN-209-131-32-23.yahoo.com [209.131.32.23]
19 311 ms 261 ms 235 ms f1.www.vip.sp1.yahoo.com [209.131.36.158]

Trace complete. 

semoga bermanfaat.
Wassalamu'alaikum. 
 
  

Memperkecil delay ping dan DNS resolve

Assalamu'alaikum...

Tujuan atau maksud dari judul di atas adalah sebagai :

• Memperkecil delay ping dari sisi klien ke arah Internet.
• Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

1.    Memanipulasi Type of Service untuk ICMP Packet :
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
> ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
> ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay

2.    Memanipulasi Type of Service untuk DNS Resolving :
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
> ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
> ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay

3.    Menambahkan Queue Type :
> queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64

4.    Mengalokasikan Bandwidth untuk ICMP Packet :
> queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

5.    Mengalokasikan Bandwidth untuk DNS Resolving :
> queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64

semoga bermanfaat,
Wassalamu'alaikum.

[share] Rule Firewall milik Dmitry di MUM 2006 tahun kemaren

Assalamu'alaikum...

Setelah cari cari di wiki dapet juga isi firewall-nya Dmitry (Dmitry Golubev, MikroTik (Latvia) Documentation writer and expert in networking, has worked at MikroTik for four years.)

Ini hasil kopas yang diterjemahkan secara bebas dan juga beberapa penyesuaian.
Kalau bro bro / sis sis (ada ngga yah sis disini ??????) baca sumbernya disini:

Komponen utama untuk menentukan firewall adalah:
* protocol classifier
* invalid packet filter
* port-scan detector
* policy classifier
* application protocol filter
* TCP-specific filters
* application protocol specific filters

Protocol Classifier
disini digunakan untuk mengklasifikasikan bebarapa port baik TCP atau UDP:
Code:
/ ip firewall mangle
add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services
Untuk bagian TCP bisa dikelompokkan sebagai berikut:
Code:
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp passthrough=no
add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp passthrough=no
add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=465 action=mark-connection new-connection-mark=smtps passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=993 action=mark-connection new-connection-mark=imaps passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=995 action=mark-connection new-connection-mark=pop3s passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=1723 action=mark-connection new-connection-mark=pptp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=2379 action=mark-connection new-connection-mark=kgs passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3128 action=mark-connection new-connection-mark=proxy passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3389 action=mark-connection new-connection-mark=win-ts passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=4242-4243 action=mark-connection new-connection-mark=emule passthrough=no
add chain=tcp-services protocol=tcp src-port=4661-4662 dst-port=1024-65535 action=mark-connection new-connection-mark=overnet passthrough=no
add chain=tcp-services protocol=tcp src-port=4711 dst-port=1024-65535 action=mark-connection new-connection-mark=emule passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=5900-5901 action=mark-connection new-connection-mark=vnc passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6667-6669 action=mark-connection new-connection-mark=irc passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6881-6889 action=mark-connection new-connection-mark=bittorrent passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8080 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8291 action=mark-connection new-connection-mark=winbox passthrough=no
add chain=tcp-services protocol=tcp action=mark-connection new-connection-mark=other-tcp passthrough=no
Untuk bagian UDP juga ga kalah banyaknya loh ^^. :
Code:
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=123 action=mark-connection new-connection-mark=ntp passthrough=no
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=1701 action=mark-connection new-connection-mark=l2tp passthrough=no
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4665 action=mark-connection new-connection-mark=emule passthrough=no
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4672 action=mark-connection new-connection-mark=emule passthrough=no
add chain=udp-services protocol=udp src-port=4672 dst-port=1024-65535 action=mark-connection new-connection-mark=emule passthrough=no
add chain=udp-services protocol=udp src-port=1024-65535 dst-port=12053 action=mark-connection new-connection-mark=overnet passthrough=no
add chain=udp-services protocol=udp src-port=12053 dst-port=1024-65535 action=mark-connection new-connection-mark=overnet passthrough=no
add chain=udp-services protocol=udp src-port=36725 dst-port=1024-65535 action=mark-connection new-connection-mark=skype passthrough=no
add chain=udp-services protocol=udp connection-state=new action=mark-connection new-connection-mark=other-udp passthrough=no
Nah yang ga di masukkan di tipe TCP dan UDP juga dimasukkin juga di mangle:
Code:
add chain=other-services protocol=icmp icmp-options=8:0-255 action=mark-connection new-connection-mark=ping passthrough=no
add chain=other-services protocol=gre action=mark-connection new-connection-mark=gre passthrough=no
add chain=other-services action=mark-connection new-connection-mark=other passthrough=no
Nah ini ada tips trick nya Dmitry:
Code:
Note that for TCP and UDP, we check both, source port (usually, 1024-65535) and destination port. Everything else is not a valid protocol.
so biasanya yang port aman diantara port 1024 sampai 65535 asal port yang dipake oleh client.

Invalid packet filter
Untuk memudahkan packet filter, maka dibuat dulu mangle sebagai berikut:
Code:
/ip firewall mangle
add chain=prerouting in-interface=Public dst-address-list=nat-addr action=mark-packet new-packet-mark=nat-traversal passthrough=no
Kita masukkan ip local, ip yang direstricted dan ip ISP kita biar bisa masuk ke mikrotiknya (mohon disesuaikan dengan kebutuhan yahhhhh):
Code:
/ ip firewall address-list
add list=illegal-addr address=0.0.0.0/8 comment="illegal addresses"
add list=illegal-addr address=127.0.0.0/8
add list=illegal-addr address=224.0.0.0/3
add list=illegal-addr address=10.0.0.0/8
add list=illegal-addr address=172.16.0.0/12
add list=illegal-addr address=192.168.0.0/16
add list=local-addr address=192.168.1.0/24 comment="my local network"
add list=local-addr address=10.1.0.0/16 comment="my Local ISP network"
add list=local-addr address=172.31.255.0/21 comment="my Public IP network"
add list=nat-addr address=192.168.1.0/24 comment="my local network"
Di atas terlihat 3 bagian daftar ip
illegal ----> daftar ip yang aneh-aneh dan yang di restricted
local-add ---> daftar ip jaringan kita, dan ip lokal ISP, dan juga IP Public kita
nat-addr ----> daftar block ip yang di masquerade (src-nat)

Port Scan Detector dan TCP-specific filters
Di bagian Filter Firewall Rule:
Kita bypass traffic untuk jaringan internal kita:
Code:
/ ip firewall filter
add chain=forward in-interface=Local out-interface=Local action=accept comment="Allow traffic between wired and wireless networks"
Nah disini mulai kita blok port Scanner dan intrusi dari luar ke mikrotik kita:
Code:
/ ip firewall filter
add chain=forward action=jump jump-target=sanity-check comment="Sanity Check"
add chain=sanity-check packet-mark=nat-traversal action=jump jump-target=drop comment="Deny illegal NAT traversal"
add chain=sanity-check protocol=tcp psd=20,3s,3,1 action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d comment="Block port scans"
add chain=sanity-check protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d comment="Block TCP Null scan"
add chain=sanity-check protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d comment="Block TCP Xmas scan"
add chain=sanity-check protocol=tcp src-address-list=blocked-addr action=jump jump-target=drop
add chain=sanity-check protocol=tcp tcp-flags=rst action=jump jump-target=drop comment="Drop TCP RST"
add chain=sanity-check protocol=tcp tcp-flags=fin,syn action=jump jump-target=drop comment="Drop TCP SYN+FIN"
add chain=sanity-check connection-state=invalid action=jump jump-target=drop comment="Dropping invalid connections at once"
add chain=sanity-check connection-state=established action=accept comment="Accepting already established connections"
add chain=sanity-check connection-state=related action=accept comment="Also accepting related connections"
add chain=sanity-check dst-address-type=broadcast,multicast action=jump jump-target=drop comment="Drop all traffic that goes to multicast or broadcast addresses"
add chain=sanity-check in-interface=Local dst-address-list=illegal-addr dst-address-type=!local action=jump jump-target=drop comment="Drop illegal destination addresses"
add chain=sanity-check in-interface=Local src-address-list=!local-addr action=jump jump-target=drop comment="Drop everything that goes from local interface but not from local address"
add chain=sanity-check in-interface=Public src-address-list=illegal-addr action=jump jump-target=drop comment="Drop illegal source addresses"
add chain=sanity-check in-interface=Public dst-address-list=!local-addr action=jump jump-target=drop comment="Drop everything that goes from public interface but not to local address"
add chain=sanity-check src-address-type=broadcast,multicast action=jump jump-target=drop comment="Drop all traffic that goes from multicast or broadcast addresses"
Application protocol specific filters
Aplikasi spesifik yang membutuhkan rule tertentu:
Code:
/ ip firewall filter
add chain=forward protocol=tcp action=jump jump-target=restrict-tcp
add chain=forward protocol=udp action=jump jump-target=restrict-udp
add chain=forward action=jump jump-target=restrict-ip
add chain=restrict-tcp connection-mark=auth action=reject
add chain=restrict-tcp connection-mark=smtp action=jump jump-target=smtp-first-drop comment="anti-spam policy"
add chain=smtp-first-drop src-address-list=first-smtp action=add-src-to-address-list address-list=approved-smtp
add chain=smtp-first-drop src-address-list=approved-smtp action=return
add chain=smtp-first-drop action=add-src-to-address-list address-list=first-smtp
add chain=smtp-first-drop action=reject reject-with=icmp-network-unreachable
Nah karena koneksi port / protocol yang tidak bisa diklafikasikan di atas, maka kita drop saja ^^
Code:
/ ip firewall filter
add chain=restrict-tcp connection-mark=other-tcp action=jump jump-target=drop
add chain=restrict-udp connection-mark=other-udp action=jump jump-target=drop
add chain=restrict-ip connection-mark=other action=jump jump-target=drop
Nah kan jaringan kita sudah terprotek dari luar, tapi.... mikrotik kita juga butuh security nih..........., maka liat aja nih firewall dibawah:
Code:
/ ip firewall filter
add chain=input src-address-type=local dst-address-type=local action=accept comment="Allow local traffic \(between router applications\)"
add chain=input in-interface=Local protocol=udp src-port=68 dst-port=67 action=jump jump-target=dhcp comment="DHCP protocol would not pass sanity checking, so enabling it explicitly before other checks"
add chain=input action=jump jump-target=sanity-check comment="Sanity Check"
add chain=input dst-address-type=!local action=jump jump-target=drop comment="Dropping packets not destined to the router itself, including all broadcast traffic"
add chain=input connection-mark=ping limit=5,5 action=accept comment="Allow pings, but at a very limited rate \(5 per sec\)"
add chain=input in-interface=Local action=jump jump-target=local-services comment="Allowing some services to be accessible from the local network"
add chain=input in-interface=Public action=jump jump-target=public-services comment="Allowing some services to be accessible from the Internet"
add chain=input action=jump jump-target=drop
add chain=dhcp src-address=0.0.0.0 dst-address=255.255.255.255 action=accept
add chain=dhcp src-address=0.0.0.0 dst-address-type=local action=accept
add chain=dhcp src-address-list=local-addr dst-address-type=local action=accept
add chain=local-services connection-mark=ssh action=accept comment="SSH \(22/TCP\)"
add chain=local-services connection-mark=dns action=accept comment="DNS"
add chain=local-services connection-mark=proxy action=accept comment="HTTP Proxy \(3128/TCP\)"
add chain=local-services connection-mark=winbox comment="Winbox \(8291/TCP\)" disabled=no
add chain=local-services action=drop comment="Drop Other Local Services"
add chain=public-services connection-mark=ssh action=accept comment="SSH \(22/TCP\)"
add chain=public-services connection-mark=pptp action=accept comment="PPTP \(1723/TCP\)"
add chain=public-services connection-mark=gre action=accept comment="GRE for PPTP"
add chain=public-services action=drop comment="Drop Other Public Services"

semoga bermanfaat ya.
Wassalamu'alaikum.