Rabu, 23 Mei 2012

Tentang Script Mikrotik..//


Script Mikrotik U/ Menambahkan IP Facebook & Akamai

:foreach i in=[/ip dns cache find] do={

:local bNew “true”;

:local cacheName [/ip dns cache all get $i name] ;

#    :put $cacheName;

:if (([:find $cacheName “facebook”] != 0) || ([:find $cacheName “akamai”] != 0)) do={

:local tmpAddress [/ip dns cache get $i address] ;

#    :put $tmpAddress;

# if address list is empty do not check

:if ( [/ip firewall address-list find ] = “”) do={

:log info (”added entry: $[/ip dns cache get $i name] IP $tmpAddress”);

/ip firewall address-list add address=$tmpAddress list=nice comment=$cacheName;

} else={

:foreach j in=[/ip firewall address-list find ] do={

:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={

:set bNew “false”;

}

}

:if ( $bNew = “true” ) do={

:log info (”added entry: $[/ip dns cache get $i name] IP $tmpAddress”);

/ip firewall address-list add address=$tmpAddress list=nice comment=$cacheName;

}

}

}

}
Blockir Rapidshare

Script Block Koneksi Rapidshare

    /system script \

    add name=”block_rapidshare” source={ \

    :foreach i in=\

    [ :toarray "62.67.46.0/24,62.67.57.0/24,64.214.225.0/24,64.215.245.0/24,80.129.35.0/24, \

    80.231.56.0/24,80.239.151.0/24,80.239.159.0/24,80.239.226.0/24,80.239.236.0/24, \

    82.129.35.0/24,82.129.36.0/24,82.129.39.0/24,195.122.131.0/24,195.219.1.0/24, \

    206.57.14.0/24,207.138.168.0/24,212.162.2.0/24,212.162.63.0/24"] \

    do={ /ip firewall filter add chain=forward dst-address=$i dst-port=80 protocol=tcp action=drop } \

    };

Atau bisa juga dengan hanya paste cli / rules ini ke new terminal

    /ip firewall filter

    add action=drop chain=forward comment=”" disabled=no dst-address=62.67.46.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=62.67.57.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=64.214.225.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=64.215.245.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.129.35.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.231.56.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.239.151.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.239.159.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.239.226.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=80.239.236.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=82.129.35.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=82.129.36.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=82.129.39.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=195.122.131.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=195.219.1.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=206.57.14.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=207.138.168.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=212.162.2.0/24 dst-port=80 protocol=tcp

    add action=drop chain=forward comment=”" disabled=no dst-address=212.162.63.0/24 dst-port=80 protocol=tcp

Langkah selanjutnya

    ip firewall filter add chain=forward content=rapidshare action=drop

Read more: http://www.danangyanto.com/2011/02/blockir-rapidshare.html#ixzz1QjZEJbCc

1. kita bikin queue di queue tree dengan name=STREAM-DOWN untuk parrent=global-in

2. bikin lagi queue di queue tree dengan name=STREAM-UP untuk parrent=global-out

3.membuat mangle pada /ip firewall. dengan menjalankan script seperti di bawah pada terminal

untuk miktrotik v 2.9.xx

:for e from 2 to 11 do={
/ip firewall mangle add chain=prerouting src-address=(192.168.224. . $e) action=mark-connection new-connection-mark=($e . indosatcon )
/ip firewall mangle add chain=prerouting connection-mark=($e . indosatcon ) protocol=!1 action=mark-packet new-packet-mark=($e . indosatflow ) passthrough=no
}

untuk mikrotik v 3.x

:for e from=2 to=11 do={
/ip firewall mangle add chain=prerouting src-address=”192.168.224.$e” action=mark-connection new-connection-mark=”$e. indosatcon”
/ip firewall mangle add chain=prerouting connection-mark=”$e. indosatcon” protocol=!1 action=mark-packet new-packet-mark=”$e. indosatflow” passthrough=no
}

cek pada /ip firewall mangle memastikan bahwa script nya berjalan.

4. kemudian kita buat queue tree nya dengan menjalan kan script seperti di bawah.

untuk mikrotik v 2.9.xx

:for e from 2 to 11 do={
/queue tree add name=(”STREAM-DOWN-” . $e) parent=STREAM-DOWN packet-mark=($e. indosatflow)
/queue tree add name=(”STREAM-UP-” . $e) parent=STREAM-UP packet-mark=($e. indosatflow)
}

untuk mikrotik v 3.xx

:for e from=2 to=20 do={
/queue tree add name=”STREAM-DOWN-.$e” parent=STREAM-DOWN packet-mark=”$e. indosatflow”
/queue tree add name=”STREAM-UP-. $e” parent=STREAM-UP packet-mark=”$e. indosatflow”
}

cek juga pada queue tree nya apa kah sudah ada list queue nya.

5. coba melimit salah sati ip dan amati… apakah sudah bener berjalan.

:for e from 2 to 11 do={

yaitu perintah untuk membuat script dari angka atau ip yang angka belakangnya 2 sampe dengan 11

src-address=(192.168.224. . $e)

yaitu opsi source ip localnya yang di pakai pada LAN nya, kenapa gak di tulis lengkap, karena untuk alamat ip yang paling belakang udah di buat secara otomatis seperti diatas.

ooo.. iya maap sedikit tambahan, sebelum kita buat script pada queues, kita buat queues secara manual dulu untuk parrent nya. yaitu parent=STREAM-DOWN dan parent=STREAM-UP.

hehehe… maap kalo kurang jelas tulisan ne… maklum masih belajar juga mas…

Script Mangle & Queue Tree di MikroTik

14 November, 2010

Langsung ke contoh kasus:

    Buat limiter bandwidth di Laboratorium Komputer/Warnet untuk PC > 100 (disini, tepatnya diberikan alokasi IP sebesar 250 IP) :-O
    Menggunakan MikroTik versi 2.XX
    Bandwidth download per user sebesar: 64kbps-128kbps, bandwidth upload per user: 64kbps-128kbps
    Subnet user yang digunakan 192.168.5.0/24

Berikut script mangle Queue Tree-nya :D

{
:local ComLabs
:set ComLabs "PC00"
:local ip
:set ip "192.168.5."
:local startip
:set startip 1
:local endip
:set endip 250
/queue tree add name="Download" parent=ether2 limit-at=0 priority=8 queue=default
/queue tree add name="Upload" parent=ether1 limit-at=0 priority=8 queue=default
:for i from=$startip to=$endip do={
:if ($i > 9) do={:set ComLabs "PC0"}
:if ($i > 99) do={:set ComLabs "PC"}
/ip firewall mangle add chain=prerouting src-address=($ip . $i) action=mark-connection new-connection-mark=(mc . $i) passthrough=yes
/ip firewall mangle add chain=prerouting protocol=!1 connection-mark=(mc . $i)action=mark-packet new-packet-mark=(mp . $i) passthrough=no
/queue tree add name=($ComLabs. $i. "Down") parent="Download" packet-mark=(mp . $i) limit-at=64000 max-limit=128000 queue=default priority=8
/queue tree add name=($ComLabs. $i. "Up") parent="Upload" packet-mark=(mp . $i) limit-at=64000 max-limit=128000 queue=default priority=8
}
}

sumber:

Dynamically adding QOS for PPPoE Users


/system script add name=set_pppoe_queues \
source={:local mark-p2p p2p

:local mark-non-p2p other/queue tree{

#
# First remove any invalid queues. This happens whenever a pppoe
# connection is dropped – even if the connection returns the queue is
# forever lost.
#
:foreach j in [find invalid=yes] do {
#
# MT Bug?: “disabled” entries are considered to be “invalid” and
# would be deleted here – this keeps any “disabled” entries
#
:if (![get $j disabled]=yes) do {
remove $j
}
}
}/interface {

:foreach i in [find type="pppoe-in"] do {

:set ifacename ([get $i name])# This will print the list of interfaces found (debugging)

# :put ($ifacename):set queuename ([:pick $ifacename 1 ([:len $ifacename] – 1)])# Print the queue name to the console (debugging)

# :put $queuename /queue tree{

#

# Create a “master-queue”. The parent is the virtual interface

# (pppoe) not the physical interface

:if ([:len [find name=($queuename . " all out")]] = 0) do {

add name=($queuename . ” all out”) parent=$ifacename \

queue=qtype_p2p priority=1 limit-at=50000 \

max-limit=400000

}

#

# MT Bug?: It is possible to add a sub-queue to a “disabled” parent

# queue, and the sub-queue is not made “invalid” despite the fact

# that the parent queue “does not exist” (ie is “invalid”)

# This prevents adding queue to a disabled parent

:if (![get [find name=($queuename . " all out")] disabled]=yes) do {

# Create a “sub-queue” for p2p traffic. The parent is the

# “master-queue” for the virtual interface (pppoe)

:if ([:len [find name=($queuename . " p2p out")]] = 0) do {

add name=($queuename . ” p2p out”) \

parent=($queuename . “all out”) \

packet-mark=$mark-p2p queue=qtype_p2p priority=8 \

limit-at=50000 max-limit=200000

}

# Create a “sub-queue” for non-p2p traffic. The parent is the

# “master-queue” for the virtual interface (pppoe)

:if ([:len [find name=($queuename . " non-p2p out")]] = 0) do {

add name=($queuename . ” non-p2p out”) \

parent=($queuename . “all out”) \

packet-mark=$mark-non-p2p queue=qtype_non_p2p \

priority=1 limit-at=0 max-limit=0

}

# Depending on how you have set up packet marking in mangle you

# can create “sub-queues” here for any other type of traffic sent out # on this virtual interface (pppoe)

}

}

}

}

}

/ system scheduler add name=set_pppoe_queues \
on-event=set_pppoe_queues \
interval=15s \
comment=”Sets up non-simple pppoe queues for QoS”
Diposting oleh di 18.01

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)