/interface ethernet
set 0 disabled=no name=Public1
set 1 disabled=no name=Public2
set 2 disabled=no name=Proxy
set 3 disabled=no name=Local
/ip firewall layer7-protocol
add comment="" name=EXE regexp="^.*get.+\\.exe.*\$"
add comment="" name=RAR regexp="^.*get.+\\.rar.*\$"
add comment="" name=ZIP regexp="^.*get.+\\.zip.*\$"
add comment="" name=7z regexp="^.*get.+\\.7z.*\$"
add comment="" name=FLV regexp="^.*get.+\\.flv.*\$"
add comment="" name=WMV regexp="^.*get.+\\.wmv.*\$"
add comment="" name=MP3 regexp="^.*get.+\\.mp3.*\$"
add comment="" name=MP4 regexp="^.*get.+\\.mp4.*\$"
add comment="" name=3GP regexp="^.*get.+\\.3gp.*\$"
/interface pppoe-client
add add-default-route=no comment="PPPoE 1" disabled=no interface=Public1 name=Speedy1 password=XXXXXXXXX user=1525XXXXXXXX@telkom.net
add add-default-route=no comment="PPPoE 1" disabled=no interface=Public2 name=Speedy2 password=XXXXXXXXX user=1525XXXXXXXX@telkom.net
/ip address
add address=192.168.11.2/30 interface=Public1
add address=192.168.22.2/30 interface=Public2
add address=192.168.3.30/30 interface=Proxy
add address=192.168.2.30/27 interface=Local
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=192.168.3.29
/ip firewall address-list
add address=192.168.2.0/27 comment="" disabled=no list=LocalNET
add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET
add address=172.22.10.0/28 comment="" disabled=no list=HotspotNET
add address=192.168.11.1 comment="" disabled=no list=Transparent
add address=192.168.22.1 comment="" disabled=no list=Transparent
add address=192.168.3.29 comment="" disabled=no list=Transparent
add address=192.168.2.30 comment="" disabled=no list=Gateway
add address=172.22.10.1 comment="" disabled=no list=Gateway
add address=63.251.101.0/25 comment="" disabled=no list=GAMES
add address=74.114.8.0/21 comment="" disabled=no list=GAMES
add address=192.168.2.1 comment="" disabled=no list=Local
add address=192.168.2.2 comment="" disabled=no list=Local
add address=192.168.2.3 comment="" disabled=no list=Local
add address=192.168.2.4 comment="" disabled=no list=Local
add address=192.168.2.5 comment="" disabled=no list=Local
add address=192.168.2.6 comment="" disabled=no list=Local
add address=192.168.2.7 comment="" disabled=no list=Local
add address=192.168.2.8 comment="" disabled=no list=Local
add address=192.168.2.9 comment="" disabled=no list=Local
add address=192.168.2.10 comment="" disabled=no list=Local
add address=192.168.2.11 comment="" disabled=no list=Local
add address=192.168.2.12 comment="" disabled=no list=Local
add address=192.168.2.13 comment="" disabled=no list=Local
add address=192.168.2.14 comment="" disabled=no list=Local
add address=192.168.2.15 comment="" disabled=no list=Local
add address=192.168.2.16 comment="" disabled=no list=Local
add address=192.168.2.17 comment="" disabled=no list=Local
add address=192.168.2.18 comment="" disabled=no list=Local
add address=192.168.2.19 comment="" disabled=no list=Local
add address=192.168.2.20 comment="" disabled=no list=Local
add address=192.168.2.21 comment="" disabled=no list=Local
add address=192.168.2.22 comment="" disabled=no list=Local
add address=192.168.2.23 comment="" disabled=no list=Local
add address=192.168.2.24 comment="" disabled=no list=Local
add address=192.168.2.25 comment="" disabled=no list=Local
add address=192.168.2.26 comment="" disabled=no list=Local
add address=192.168.2.27 comment="" disabled=no list=Local
add address=192.168.2.28 comment="" disabled=no list=Local
add address=192.168.2.29 comment="" disabled=no list=Local
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=\
fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no src-address-list="port scanners"
add action=accept chain=input comment="Allow Input from LOOPBACK" disabled=no src-address=127.0.0.1
add action=accept chain=input comment="Allow Input from LOCAL Network" disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=input comment="Allow Input from PROXY Network" disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=input comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy1
add action=accept chain=input comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy2
add action=accept chain=input comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy1
add action=accept chain=input comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy2
add action=accept chain=input comment="Allow Winbox Access ---------- CHECK BEFORE ENABLED" disabled=yes dst-port=8291 in-interface=Speedy1 protocol=tcp
add action=accept chain=input comment="Allow Winbox Access ---------- CHECK BEFORE ENABLED" disabled=yes dst-port=8291 in-interface=Speedy2 protocol=tcp
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" connection-state=invalid disabled=no
add action=jump chain=forward comment="Packet Filtering" disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137,138,139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=31337 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137,138,139 protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=31337 protocol=udp
add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=tarpit chain=forward comment="Limit Download Conn" connection-limit=10,32 connection-mark=download_conn disabled=no in-interface=Local protocol=tcp src-address-list=\
Local
add action=tarpit chain=forward comment="Limit Streaming Conn" connection-limit=5,32 connection-mark=streaming_conn disabled=no in-interface=Local protocol=tcp src-address-list=\
Local
add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=forward comment="Allow Forward from PUBLIC1 Network" disabled=no in-interface=Public1 src-address-list=Transparent
add action=accept chain=forward comment="Allow Forward from PUBLIC2 Network" disabled=no in-interface=Public2 src-address-list=Transparent
add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy1
add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy2
add action=accept chain=forward comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy1
add action=accept chain=forward comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy2
add action=accept chain=forward comment="Allow HTTP Access --- CHECK BEFORE ENABLED" disabled=yes dst-port=81 in-interface=Speedy1 protocol=tcp
add action=accept chain=forward comment="Allow SSH Access ----- CHECK BEFORE ENABLED" disabled=yes dst-port=22 in-interface=Speedy1 protocol=tcp
add action=accept chain=forward comment="Allow HTTP Access --- CHECK BEFORE ENABLED" disabled=yes dst-port=81 in-interface=Speedy2 protocol=tcp
add action=accept chain=forward comment="Allow SSH Access ----- CHECK BEFORE ENABLED" disabled=yes dst-port=22 in-interface=Speedy2 protocol=tcp
add action=drop chain=forward comment="Drop everything else" disabled=no
/ip route
add check-gateway=arp comment="PPPoE1 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy1 routing-mark=pppoe_1
add check-gateway=arp comment="PPPoE2 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy2 routing-mark=pppoe_2
add check-gateway=arp comment="Default Route - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy1
add check-gateway=arp comment="Default Route - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=Speedy2
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT LOCAL PROXY" disabled=no dst-address-list=!Transparent dst-port=80,81,8080,3128 in-interface=Local protocol=tcp to-addresses=\
192.168.3.29 to-ports=3128
add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address-list=Gateway dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.3.29
add action=masquerade chain=srcnat comment="MASQUERADE MODEM1" disabled=no out-interface=Public1
add action=masquerade chain=srcnat comment="MASQUERADE MODEM2" disabled=no out-interface=Public2
add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no out-interface=Speedy1
add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no out-interface=Speedy2
add action=dst-nat chain=dstnat comment="DMZ --- CHECK BEFORE ENABLED" disabled=yes dst-port=81,22 in-interface=Speedy1 protocol=tcp to-addresses=192.168.3.29
add action=dst-nat chain=dstnat comment="DMZ --- CHECK BEFORE ENABLED" disabled=yes dst-port=81,22 in-interface=Speedy2 protocol=tcp to-addresses=192.168.3.29
/ip firewall mangle
add action=mark-packet chain=postrouting comment="MARK PROXY-HIT" disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
PCC EXTERNAL PROXY UTK PORT HTTP DAN HTTP PROXY SAJA
add action=mark-connection chain=prerouting comment="PROXY CONNMARK" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_2 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_3 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="PROXY PCC" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_3 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="PROXY ROUTE" connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_2 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_3 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes \
per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes \
per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes \
per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes \
per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes \
per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes \
per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=yes
Marking semua paket keluar masuk dari interface lokal
add action=mark-connection chain=prerouting comment="MARK LOCAL-IN CONN" disabled=no dst-address-list=!Gateway in-interface=Local new-connection-mark=all.pre_conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-connection chain=forward comment="MARK LOCAL-OUT CONN" disabled=no new-connection-mark=all.post_conn out-interface=Local passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn disabled=no new-packet-mark=all.post_pkt passthrough=yes
Marking HTTPS
add action=mark-connection chain=prerouting comment="MARK HTTP/S CONN" connection-mark=all.pre_conn disabled=no dst-port=80,443 new-connection-mark=browsing_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 7z" connection-mark=browsing_conn disabled=no layer7-protocol=7z new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn EXE" connection-mark=browsing_conn disabled=no layer7-protocol=EXE new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn RAR" connection-mark=browsing_conn disabled=no layer7-protocol=RAR new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn ZIP" connection-mark=browsing_conn disabled=no layer7-protocol=ZIP new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP3" connection-mark=browsing_conn disabled=no layer7-protocol=MP3 new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn WMV" connection-mark=browsing_conn disabled=no layer7-protocol=WMV new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 3GP" connection-mark=browsing_conn disabled=no layer7-protocol=3GP new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn FLV" connection-mark=browsing_conn disabled=no layer7-protocol=FLV new-connection-mark=streaming_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP4" connection-mark=browsing_conn disabled=no layer7-protocol=MP4 new-connection-mark=streaming_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn Youtube" connection-mark=browsing_conn content=videoplayback disabled=no new-connection-mark=streaming_conn \
passthrough=yes protocol=tcp
Memisahkan Browsing
add action=mark-connection chain=prerouting comment=BROWSING connection-mark=browsing_conn disabled=no new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-131072 connection-mark=http_conn disabled=no new-packet-mark=http_pkt passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=GAMES connection-mark=all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes protocol=tcp src-address-list=GAMES \
src-port=9339,843,39190
add action=mark-connection chain=forward comment="" connection-mark=all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes protocol=udp src-address-list=GAMES \
src-port=40000-40010
add action=mark-packet chain=forward comment="" connection-mark=games_conn disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=forward comment="A/V STREAM" connection-mark=all.post_conn disabled=no new-connection-mark=stream_conn passthrough=yes protocol=tcp src-port=\
554,8000,88,1935
add action=mark-packet chain=forward comment="" connection-mark=stream_conn disabled=no new-packet-mark=stream_pkt passthrough=no
Memisahkan download
add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.1 new-packet-mark=ApisTECH01.d_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.2 new-packet-mark=ApisTECH02.d_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.3 new-packet-mark=ApisTECH03.d_pkt \
passthrough=no protocol=tcp
................. dst sampe jumlah client terpenuhi
Qos Pada speedy 1
add action=mark-packet chain=postrouting comment="MARK PPPOE1-OUT CONN" disabled=no new-packet-mark=pppoe1.out_pkt out-interface=Speedy1 passthrough=yes
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-128 passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53,123 new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=22,8291 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-256 passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt packet-size=129-256 passthrough=no \
protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt packet-size=129-256 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=443 new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=257-512 passthrough=no protocol=\
tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=257-512 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=80 new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110,995,143,993,25,20,21,69 new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=\
0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no new-packet-mark=pppoe1.bulk_pkt packet-mark=pppoe1.out_pkt passthrough=no
Qos Pada speedy2
add action=mark-packet chain=postrouting comment="MARK PPPOE2-OUT CONN" disabled=no new-packet-mark=pppoe2.out_pkt out-interface=Speedy2 passthrough=yes
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-128 passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53,123 new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=22,8291 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-256 passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt packet-size=129-256 passthrough=no \
protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt packet-size=129-256 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=443 new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=257-512 passthrough=no protocol=\
tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=257-512 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=80 new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110,995,143,993,25,20,21,69 new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=\
0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no new-packet-mark=pppoe2.bulk_pkt packet-mark=pppoe2.out_pkt passthrough=no
Queque Tree
/queue type
add kind=pcq name=pcq_down pcq-classifier=dst-address,dst-port pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1G name="A. INBOUND" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1G name="A1. PROXY HIT" packet-mark=proxy-hit parent="A. INBOUND" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="A2. GAMES" packet-mark=games_pkt parent="A. INBOUND" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1024k name="A3. BROWSING" packet-mark=http_pkt parent="A. INBOUND" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="A4. A/V STREAM" packet-mark=stream_pkt parent="A. INBOUND" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2048k name="A5. DOWNLOAD" parent="A. INBOUND" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH01 packet-mark=ApisTECH01.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH02 packet-mark=ApisTECH02.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH03 packet-mark=ApisTECH03.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
.................. dst sampai semua client terpenuhi
Queque Utk Upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="B. PPPoE1 OUTBOUND" parent=Speedy1 priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B1. TIME CRITICAL" packet-mark=pppoe1.time_critical_pkt parent="B. PPPoE1 OUTBOUND" \
priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B2. CRITICAL" packet-mark=pppoe1.critical_pkt parent="B. PPPoE1 OUTBOUND" priority=2 \
queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B3. HIGH PRIO" packet-mark=pppoe1.high_prio_pkt parent="B. PPPoE1 OUTBOUND" priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B4. LOW PRIO" packet-mark=pppoe1.low_prio_pkt parent="B. PPPoE1 OUTBOUND" priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B5. BULK" packet-mark=pppoe1.bulk_pkt parent="B. PPPoE1 OUTBOUND" priority=5 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="C. PPPoE2 OUTBOUND" parent=Speedy2 priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C1. TIME CRITICAL" packet-mark=pppoe2.time_critical_pkt parent="C. PPPoE2 OUTBOUND" \
priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C2. CRITICAL" packet-mark=pppoe2.critical_pkt parent="C. PPPoE2 OUTBOUND" priority=2 \
queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C3. HIGH PRIO" packet-mark=pppoe2.high_prio_pkt parent="C. PPPoE2 OUTBOUND" priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C4. LOW PRIO" packet-mark=pppoe2.low_prio_pkt parent="C. PPPoE2 OUTBOUND" priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C5. BULK" packet-mark=pppoe2.bulk_pkt parent="C. PPPoE2 OUTBOUND" priority=5 queue=\
default
set 0 disabled=no name=Public1
set 1 disabled=no name=Public2
set 2 disabled=no name=Proxy
set 3 disabled=no name=Local
/ip firewall layer7-protocol
add comment="" name=EXE regexp="^.*get.+\\.exe.*\$"
add comment="" name=RAR regexp="^.*get.+\\.rar.*\$"
add comment="" name=ZIP regexp="^.*get.+\\.zip.*\$"
add comment="" name=7z regexp="^.*get.+\\.7z.*\$"
add comment="" name=FLV regexp="^.*get.+\\.flv.*\$"
add comment="" name=WMV regexp="^.*get.+\\.wmv.*\$"
add comment="" name=MP3 regexp="^.*get.+\\.mp3.*\$"
add comment="" name=MP4 regexp="^.*get.+\\.mp4.*\$"
add comment="" name=3GP regexp="^.*get.+\\.3gp.*\$"
/interface pppoe-client
add add-default-route=no comment="PPPoE 1" disabled=no interface=Public1 name=Speedy1 password=XXXXXXXXX user=1525XXXXXXXX@telkom.net
add add-default-route=no comment="PPPoE 1" disabled=no interface=Public2 name=Speedy2 password=XXXXXXXXX user=1525XXXXXXXX@telkom.net
/ip address
add address=192.168.11.2/30 interface=Public1
add address=192.168.22.2/30 interface=Public2
add address=192.168.3.30/30 interface=Proxy
add address=192.168.2.30/27 interface=Local
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=192.168.3.29
/ip firewall address-list
add address=192.168.2.0/27 comment="" disabled=no list=LocalNET
add address=192.168.3.28/30 comment="" disabled=no list=ProxyNET
add address=172.22.10.0/28 comment="" disabled=no list=HotspotNET
add address=192.168.11.1 comment="" disabled=no list=Transparent
add address=192.168.22.1 comment="" disabled=no list=Transparent
add address=192.168.3.29 comment="" disabled=no list=Transparent
add address=192.168.2.30 comment="" disabled=no list=Gateway
add address=172.22.10.1 comment="" disabled=no list=Gateway
add address=63.251.101.0/25 comment="" disabled=no list=GAMES
add address=74.114.8.0/21 comment="" disabled=no list=GAMES
add address=192.168.2.1 comment="" disabled=no list=Local
add address=192.168.2.2 comment="" disabled=no list=Local
add address=192.168.2.3 comment="" disabled=no list=Local
add address=192.168.2.4 comment="" disabled=no list=Local
add address=192.168.2.5 comment="" disabled=no list=Local
add address=192.168.2.6 comment="" disabled=no list=Local
add address=192.168.2.7 comment="" disabled=no list=Local
add address=192.168.2.8 comment="" disabled=no list=Local
add address=192.168.2.9 comment="" disabled=no list=Local
add address=192.168.2.10 comment="" disabled=no list=Local
add address=192.168.2.11 comment="" disabled=no list=Local
add address=192.168.2.12 comment="" disabled=no list=Local
add address=192.168.2.13 comment="" disabled=no list=Local
add address=192.168.2.14 comment="" disabled=no list=Local
add address=192.168.2.15 comment="" disabled=no list=Local
add address=192.168.2.16 comment="" disabled=no list=Local
add address=192.168.2.17 comment="" disabled=no list=Local
add address=192.168.2.18 comment="" disabled=no list=Local
add address=192.168.2.19 comment="" disabled=no list=Local
add address=192.168.2.20 comment="" disabled=no list=Local
add address=192.168.2.21 comment="" disabled=no list=Local
add address=192.168.2.22 comment="" disabled=no list=Local
add address=192.168.2.23 comment="" disabled=no list=Local
add address=192.168.2.24 comment="" disabled=no list=Local
add address=192.168.2.25 comment="" disabled=no list=Local
add address=192.168.2.26 comment="" disabled=no list=Local
add address=192.168.2.27 comment="" disabled=no list=Local
add address=192.168.2.28 comment="" disabled=no list=Local
add address=192.168.2.29 comment="" disabled=no list=Local
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid disabled=no
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=\
fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners" disabled=no src-address-list="port scanners"
add action=accept chain=input comment="Allow Input from LOOPBACK" disabled=no src-address=127.0.0.1
add action=accept chain=input comment="Allow Input from LOCAL Network" disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=input comment="Allow Input from PROXY Network" disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=input comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy1
add action=accept chain=input comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy2
add action=accept chain=input comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy1
add action=accept chain=input comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy2
add action=accept chain=input comment="Allow Winbox Access ---------- CHECK BEFORE ENABLED" disabled=yes dst-port=8291 in-interface=Speedy1 protocol=tcp
add action=accept chain=input comment="Allow Winbox Access ---------- CHECK BEFORE ENABLED" disabled=yes dst-port=8291 in-interface=Speedy2 protocol=tcp
add action=drop chain=input comment="Drop everything else" disabled=no
add action=drop chain=forward comment="Drop Invalid connections" connection-state=invalid disabled=no
add action=jump chain=forward comment="Packet Filtering" disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jump-target=udp protocol=udp
add action=jump chain=forward comment="" disabled=no jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137,138,139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=31337 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137,138,139 protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=31337 protocol=udp
add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
add action=tarpit chain=forward comment="Limit Download Conn" connection-limit=10,32 connection-mark=download_conn disabled=no in-interface=Local protocol=tcp src-address-list=\
Local
add action=tarpit chain=forward comment="Limit Streaming Conn" connection-limit=5,32 connection-mark=streaming_conn disabled=no in-interface=Local protocol=tcp src-address-list=\
Local
add action=accept chain=forward comment="Allow Forward from LOCAL Network" disabled=no in-interface=Local src-address-list=LocalNET
add action=accept chain=forward comment="Allow Forward from PROXY Network" disabled=no in-interface=Proxy src-address-list=ProxyNET
add action=accept chain=forward comment="Allow Forward from PUBLIC1 Network" disabled=no in-interface=Public1 src-address-list=Transparent
add action=accept chain=forward comment="Allow Forward from PUBLIC2 Network" disabled=no in-interface=Public2 src-address-list=Transparent
add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy1
add action=accept chain=forward comment="Allow Established connections" connection-state=established disabled=no in-interface=Speedy2
add action=accept chain=forward comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy1
add action=accept chain=forward comment="Allow Related connections" connection-state=related disabled=no in-interface=Speedy2
add action=accept chain=forward comment="Allow HTTP Access --- CHECK BEFORE ENABLED" disabled=yes dst-port=81 in-interface=Speedy1 protocol=tcp
add action=accept chain=forward comment="Allow SSH Access ----- CHECK BEFORE ENABLED" disabled=yes dst-port=22 in-interface=Speedy1 protocol=tcp
add action=accept chain=forward comment="Allow HTTP Access --- CHECK BEFORE ENABLED" disabled=yes dst-port=81 in-interface=Speedy2 protocol=tcp
add action=accept chain=forward comment="Allow SSH Access ----- CHECK BEFORE ENABLED" disabled=yes dst-port=22 in-interface=Speedy2 protocol=tcp
add action=drop chain=forward comment="Drop everything else" disabled=no
/ip route
add check-gateway=arp comment="PPPoE1 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy1 routing-mark=pppoe_1
add check-gateway=arp comment="PPPoE2 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy2 routing-mark=pppoe_2
add check-gateway=arp comment="Default Route - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Speedy1
add check-gateway=arp comment="Default Route - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=Speedy2
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=Local protocol=tcp to-addresses=192.168.3.29 to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT LOCAL PROXY" disabled=no dst-address-list=!Transparent dst-port=80,81,8080,3128 in-interface=Local protocol=tcp to-addresses=\
192.168.3.29 to-ports=3128
add action=dst-nat chain=dstnat comment="PROXY NAT" disabled=no dst-address-list=Gateway dst-port=22,81,10000 in-interface=Local protocol=tcp to-addresses=192.168.3.29
add action=masquerade chain=srcnat comment="MASQUERADE MODEM1" disabled=no out-interface=Public1
add action=masquerade chain=srcnat comment="MASQUERADE MODEM2" disabled=no out-interface=Public2
add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no out-interface=Speedy1
add action=masquerade chain=srcnat comment="MASQUERADE PPPOE" disabled=no out-interface=Speedy2
add action=dst-nat chain=dstnat comment="DMZ --- CHECK BEFORE ENABLED" disabled=yes dst-port=81,22 in-interface=Speedy1 protocol=tcp to-addresses=192.168.3.29
add action=dst-nat chain=dstnat comment="DMZ --- CHECK BEFORE ENABLED" disabled=yes dst-port=81,22 in-interface=Speedy2 protocol=tcp to-addresses=192.168.3.29
/ip firewall mangle
add action=mark-packet chain=postrouting comment="MARK PROXY-HIT" disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
PCC EXTERNAL PROXY UTK PORT HTTP DAN HTTP PROXY SAJA
add action=mark-connection chain=prerouting comment="PROXY CONNMARK" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_2 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=proxy.pppoe_3 disabled=no in-interface=Proxy new-connection-mark=proxy.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="PROXY PCC" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=80,81,8080,3128 in-interface=Proxy new-connection-mark=proxy.pppoe_3 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="PROXY ROUTE" connection-mark=proxy.pppoe_1 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_2 disabled=no in-interface=Proxy new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=proxy.pppoe_3 disabled=no in-interface=Proxy new-routing-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes \
per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes \
per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes \
per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="LOCAL CONNMARK" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-connection-mark=local.pppoe_1 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-connection-mark=local.pppoe_2 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-connection-mark=local.pppoe_3 passthrough=no
add action=mark-connection chain=prerouting comment="LOCAL PCC" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_1 passthrough=yes per-connection-classifier=src-address:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_2 passthrough=yes per-connection-classifier=src-address:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-list=!Transparent dst-address-type=!local dst-port=!80,81,8080,3128 in-interface=Local \
new-connection-mark=local.pppoe_3 passthrough=yes per-connection-classifier=src-address:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_1 passthrough=yes \
per-connection-classifier=src-address:3/0 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_2 passthrough=yes \
per-connection-classifier=src-address:3/1 protocol=udp
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Local new-connection-mark=local.pppoe_3 passthrough=yes \
per-connection-classifier=src-address:3/2 protocol=udp
add action=mark-routing chain=prerouting comment="LOCAL ROUTE" connection-mark=local.pppoe_1 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_2 disabled=no in-interface=Local new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=local.pppoe_3 disabled=no in-interface=Local new-routing-mark=pppoe_2 passthrough=yes
Marking semua paket keluar masuk dari interface lokal
add action=mark-connection chain=prerouting comment="MARK LOCAL-IN CONN" disabled=no dst-address-list=!Gateway in-interface=Local new-connection-mark=all.pre_conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=all.pre_conn disabled=no new-packet-mark=all.pre_pkt passthrough=yes
add action=mark-connection chain=forward comment="MARK LOCAL-OUT CONN" disabled=no new-connection-mark=all.post_conn out-interface=Local passthrough=yes
add action=mark-packet chain=forward comment="" connection-mark=all.post_conn disabled=no new-packet-mark=all.post_pkt passthrough=yes
Marking HTTPS
add action=mark-connection chain=prerouting comment="MARK HTTP/S CONN" connection-mark=all.pre_conn disabled=no dst-port=80,443 new-connection-mark=browsing_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 7z" connection-mark=browsing_conn disabled=no layer7-protocol=7z new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn EXE" connection-mark=browsing_conn disabled=no layer7-protocol=EXE new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn RAR" connection-mark=browsing_conn disabled=no layer7-protocol=RAR new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn ZIP" connection-mark=browsing_conn disabled=no layer7-protocol=ZIP new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP3" connection-mark=browsing_conn disabled=no layer7-protocol=MP3 new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn WMV" connection-mark=browsing_conn disabled=no layer7-protocol=WMV new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn 3GP" connection-mark=browsing_conn disabled=no layer7-protocol=3GP new-connection-mark=download_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn FLV" connection-mark=browsing_conn disabled=no layer7-protocol=FLV new-connection-mark=streaming_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn MP4" connection-mark=browsing_conn disabled=no layer7-protocol=MP4 new-connection-mark=streaming_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="LimitConn Youtube" connection-mark=browsing_conn content=videoplayback disabled=no new-connection-mark=streaming_conn \
passthrough=yes protocol=tcp
Memisahkan Browsing
add action=mark-connection chain=prerouting comment=BROWSING connection-mark=browsing_conn disabled=no new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=0-131072 connection-mark=http_conn disabled=no new-packet-mark=http_pkt passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=GAMES connection-mark=all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes protocol=tcp src-address-list=GAMES \
src-port=9339,843,39190
add action=mark-connection chain=forward comment="" connection-mark=all.post_conn disabled=no new-connection-mark=games_conn passthrough=yes protocol=udp src-address-list=GAMES \
src-port=40000-40010
add action=mark-packet chain=forward comment="" connection-mark=games_conn disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=forward comment="A/V STREAM" connection-mark=all.post_conn disabled=no new-connection-mark=stream_conn passthrough=yes protocol=tcp src-port=\
554,8000,88,1935
add action=mark-packet chain=forward comment="" connection-mark=stream_conn disabled=no new-packet-mark=stream_pkt passthrough=no
Memisahkan download
add action=mark-packet chain=forward comment=DOWNLOAD connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.1 new-packet-mark=ApisTECH01.d_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.2 new-packet-mark=ApisTECH02.d_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connection-bytes=131072-0 connection-mark=all.post_conn disabled=no dst-address=192.168.2.3 new-packet-mark=ApisTECH03.d_pkt \
passthrough=no protocol=tcp
................. dst sampe jumlah client terpenuhi
Qos Pada speedy 1
add action=mark-packet chain=postrouting comment="MARK PPPOE1-OUT CONN" disabled=no new-packet-mark=pppoe1.out_pkt out-interface=Speedy1 passthrough=yes
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-128 passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53,123 new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.time_critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=22,8291 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt packet-size=0-256 passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=pppoe1.critical_pkt packet-mark=pppoe1.out_pkt \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt packet-size=129-256 passthrough=no \
protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt packet-size=129-256 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=443 new-packet-mark=pppoe1.high_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=257-512 passthrough=no protocol=\
tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=257-512 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=80 new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110,995,143,993,25,20,21,69 new-packet-mark=pppoe1.low_prio_pkt packet-mark=pppoe1.out_pkt packet-size=\
0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no new-packet-mark=pppoe1.bulk_pkt packet-mark=pppoe1.out_pkt passthrough=no
Qos Pada speedy2
add action=mark-packet chain=postrouting comment="MARK PPPOE2-OUT CONN" disabled=no new-packet-mark=pppoe2.out_pkt out-interface=Speedy2 passthrough=yes
add action=mark-packet chain=postrouting comment="TIME CRITICAL" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-128 passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53,123 new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=rst
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.time_critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-96 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment=CRITICAL disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=97-128 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-64 passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=22,8291 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt packet-size=0-256 passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=9339,843,39190 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-address-list=GAMES dst-port=40000-40010 new-packet-mark=pppoe2.critical_pkt packet-mark=pppoe2.out_pkt \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="HIGH PRIO" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt packet-size=129-256 passthrough=no \
protocol=tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt packet-size=129-256 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=443 new-packet-mark=pppoe2.high_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="LOW PRIO" disabled=no new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=257-512 passthrough=no protocol=\
tcp tcp-flags=fin
add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=257-512 passthrough=no protocol=tcp \
tcp-flags=ack
add action=mark-packet chain=postrouting comment="" connection-bytes=0-98304 disabled=no dst-port=80 new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt passthrough=no \
protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110,995,143,993,25,20,21,69 new-packet-mark=pppoe2.low_prio_pkt packet-mark=pppoe2.out_pkt packet-size=\
0-512 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BULK disabled=no new-packet-mark=pppoe2.bulk_pkt packet-mark=pppoe2.out_pkt passthrough=no
Queque Tree
/queue type
add kind=pcq name=pcq_down pcq-classifier=dst-address,dst-port pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1G name="A. INBOUND" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1G name="A1. PROXY HIT" packet-mark=proxy-hit parent="A. INBOUND" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="A2. GAMES" packet-mark=games_pkt parent="A. INBOUND" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1024k name="A3. BROWSING" packet-mark=http_pkt parent="A. INBOUND" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="A4. A/V STREAM" packet-mark=stream_pkt parent="A. INBOUND" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2048k name="A5. DOWNLOAD" parent="A. INBOUND" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH01 packet-mark=ApisTECH01.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH02 packet-mark=ApisTECH02.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=ApisTECH03 packet-mark=ApisTECH03.d_pkt parent="A5. DOWNLOAD" priority=8 queue=pcq_down
.................. dst sampai semua client terpenuhi
Queque Utk Upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="B. PPPoE1 OUTBOUND" parent=Speedy1 priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B1. TIME CRITICAL" packet-mark=pppoe1.time_critical_pkt parent="B. PPPoE1 OUTBOUND" \
priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B2. CRITICAL" packet-mark=pppoe1.critical_pkt parent="B. PPPoE1 OUTBOUND" priority=2 \
queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B3. HIGH PRIO" packet-mark=pppoe1.high_prio_pkt parent="B. PPPoE1 OUTBOUND" priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B4. LOW PRIO" packet-mark=pppoe1.low_prio_pkt parent="B. PPPoE1 OUTBOUND" priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name="B5. BULK" packet-mark=pppoe1.bulk_pkt parent="B. PPPoE1 OUTBOUND" priority=5 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name="C. PPPoE2 OUTBOUND" parent=Speedy2 priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C1. TIME CRITICAL" packet-mark=pppoe2.time_critical_pkt parent="C. PPPoE2 OUTBOUND" \
priority=1 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C2. CRITICAL" packet-mark=pppoe2.critical_pkt parent="C. PPPoE2 OUTBOUND" priority=2 \
queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C3. HIGH PRIO" packet-mark=pppoe2.high_prio_pkt parent="C. PPPoE2 OUTBOUND" priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C4. LOW PRIO" packet-mark=pppoe2.low_prio_pkt parent="C. PPPoE2 OUTBOUND" priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name="C5. BULK" packet-mark=pppoe2.bulk_pkt parent="C. PPPoE2 OUTBOUND" priority=5 queue=\
default
No comments:
Post a Comment