Scribd
Upload
79 views

Tproxyloss

The document configures firewall rules, address lists, NAT, and queueing on a router. It defines: - Layer 7 firewall rules to detect downloads and YouTube traffic - An address list of clients and a proxy server - Mangle rules for packet marking and routing based on source, destination, and interface - NAT rules for masquerading and DNS forwarding - Queue trees and types for prioritizing different traffic types

Uploaded by

bpuyo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
79 views

Tproxyloss

The document configures firewall rules, address lists, NAT, and queueing on a router. It defines: - Layer 7 firewall rules to detect downloads and YouTube traffic - An address list of clients and a proxy server - Mangle rules for packet marking and routing based on source, destination, and interface - NAT rules for masquerading and DNS forwarding - Queue trees and types for prioritizing different traffic types

Uploaded by

bpuyo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

/ip firewall layer7-protocol

add comment="" name=donlod regexp="\\.(avi|ac4|mp(e\?g|a|e|1|2|3|4)|MP4|mk(a|v\


)|og(x|v|a|g)|rm|r(a|p)m|vob|flv|x-flv|3gp|amr|klv|wav|DivX|mov|wmv|rmvb|a\
ac|zip|7zip|7z|rar|iso|img|gz|dat|mar|DAT|msp|pdf|msp|cab|exe|0[0-9][1-9]|\
apk|msi|bin)"
add comment="" name=youtube regexp=videoplayback|video|watch|control

/ip firewall address-list


add address=192.168.255.2 comment="SQUID PROXY EXTERNAL" disabled=no list=\
"wirelessrouterproxy.blogspot.com proxy"
add address=192.168.10.101 comment=CLIENT1 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.102 comment=CLIENT2 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.103 comment=CLIENT3 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.104 comment=CLIENT4 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.105 comment=CLIENT5 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.106 comment=CLIENT6 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.107 comment=CLIENT7 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.108 comment=CLIENT8 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.109 comment=CLIENT9 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.110 comment=CLIENT10 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.111 comment=CLIENT11 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.112 comment=CLIENT12 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.113 comment=CLIENT13 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.114 comment=CLIENT14 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.115 comment=CLIENT15 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.116 comment=CLIENT16 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.117 comment=CLIENT17 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.118 comment=CLIENT18 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.119 comment=CLIENT19 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.120 comment=CLIENT20 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.121 comment=CLIENT21 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.122 comment=CLIENT22 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.123 comment=CLIENT23 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.124 comment=CLIENT24 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.125 comment=CLIENT25 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.126 comment=CLIENT26 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.127 comment=CLIENT27 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.128 comment=CLIENT28 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.129 comment=CLIENT29 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"
add address=192.168.10.130 comment=CLIENT30 disabled=no list=\
"wirelessrouterproxy.blogspot.com client"

/ip firewall mangle


add action=mark-connection chain=postrouting comment=PING_STABIL disabled=no \
new-connection-mark=PING_STABIL passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment=PING_PAKET connection-mark=\
PING_STABIL disabled=no new-packet-mark=PING_PAKET passthrough=no \
protocol=icmp src-address-list="wirelessrouterproxy.blogspot.com client"
add action=mark-packet chain=prerouting comment="Koneksi Webserver" disabled=\
no dst-address=192.168.5.55 dst-port=80 new-packet-mark=\
local-webserver-up passthrough=no protocol=tcp src-address=\
192.168.10.0/24
add action=mark-packet chain=postrouting comment="" disabled=no dst-address=\
192.168.10.0/24 new-packet-mark=local-webserver-down passthrough=no \
protocol=tcp src-address=192.168.5.55 src-port=80
add action=change-dscp chain=postrouting comment="ICMP CHANGE DSCP" disabled=\
no new-dscp=1 protocol=icmp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=udp
add action=change-dscp chain=postrouting comment="" disabled=no dst-port=53 \
new-dscp=1 protocol=tcp
add action=mark-routing chain=prerouting comment=TPROXY disabled=no \
dst-address=!192.168.5.55 dst-port=80 in-interface=hotspot \
new-routing-mark=tproxy_rm passthrough=no protocol=tcp src-address=\
192.168.10.0/24
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
80 in-interface=local new-connection-mark=tproxy_cm passthrough=no \
protocol=tcp
add action=mark-routing chain=prerouting comment="" connection-mark=tproxy_cm \
disabled=no in-interface=pppoe-speedy new-routing-mark=tproxy_rm \
passthrough=no
add action=mark-packet chain=postrouting comment="SQUID PROXY HIT" disabled=\
no dscp=12 new-packet-mark="PROXY HIT" passthrough=no
add action=jump chain=prerouting comment="Hotspot Jump Mangle" disabled=no \
jump-target=hotspot
add action=jump chain=postrouting comment="" disabled=no jump-target=hotspot
add action=mark-connection chain=prerouting comment="Hotspot Connections" \
disabled=no dst-address-list="!wirelessrouterproxy.blogspot.com client" \
in-interface=hotspot new-connection-mark=conn-up passthrough=yes
add action=mark-connection chain=forward comment="" disabled=no \
new-connection-mark=conn-down out-interface=hotspot passthrough=yes \
src-address-list="!wirelessrouterproxy.blogspot.com client"
add action=mark-packet chain=prerouting comment="Hotspot Packets" \
connection-mark=conn-up disabled=no new-packet-mark=packet-up \
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=conn-up \
disabled=no new-packet-mark=hotspot-up passthrough=no
add action=mark-packet chain=postrouting comment="" connection-mark=conn-down \
disabled=no new-packet-mark=packet-down passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=conn-down \
disabled=no dst-address-list="!wirelessrouterproxy.blogspot.com proxy" \
new-packet-mark=hotspot-down passthrough=no
add action=mark-packet chain=hotspot comment="Streaming Lain" \
connection-mark=conn-down disabled=no layer7-protocol=youtube \
new-packet-mark=streaming passthrough=no
add action=mark-packet chain=hotspot comment=Download connection-mark=\
conn-down disabled=no layer7-protocol=donlod new-packet-mark=download \
passthrough=no
add action=mark-packet chain=hotspot comment=KoneksiLain connection-mark=\
conn-down disabled=no new-packet-mark=koneksilain passthrough=no \
protocol=tcp src-port=443
add action=mark-packet chain=hotspot comment=apple connection-mark=conn-down \
disabled=no new-packet-mark=apple passthrough=no src-address=17.0.0.0/8

/ip firewall nat


add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=pppoe-speedy
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=53 protocol=\
tcp src-address=192.168.10.0/24 to-addresses=103.31.251.74 to-ports=5353
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=53 protocol=\
udp src-address=192.168.10.0/24 to-addresses=103.31.251.74 to-ports=5353

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1200k name=Down packet-mark=packet-down parent=global-out \
priority=7

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 \
pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=\
1300000 pcq-total-limit=2000
add kind=pcq name=pcq-up pcq-classifier=src-address pcq-limit=50 pcq-rate=\
3000000 pcq-total-limit=2000
add name=multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3M name=WebServer packet-mark=local-webserver-down parent=\
global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400k \
max-limit=1200k name=Browsing packet-mark=hotspot-down parent=Down \
priority=8 queue=pcq-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=1200k name="Hotspot Download" packet-mark=download parent=Down \
priority=8 queue=pcq-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3M name="Hit Proxy" packet-mark="PROXY HIT" parent=global-out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=300k \
max-limit=1200k name="Hotspot HTTPS" packet-mark=koneksilain parent=Down \
priority=8 queue=pcq-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="=PING_MULUS=" packet-mark=PING_PAKET parent=global-out \
priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400k \
max-limit=1200k name="Hotspot Streaming" packet-mark=streaming parent=\
Down priority=8 queue=pcq-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100k \
max-limit=1200k name="Hotspot UpdateApple" packet-mark=apple parent=Down \
priority=8 queue=pcq-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=300k name=Upload packet-mark=packet-up parent=public priority=4 \
queue=pcq-up

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy