Kumpulan Script untuk Mikrotik

lagi belajar mengenai mikrotik, berikut ini Kumpulan Script untuk Mikrotik yang saya salin dari beberapa website kesayangan saya.

Kumpulan Script untuk Mikrotik

kumpulan script untuk mikrotik

kumpulan script untuk mikrotik

 

LAYER 7 DOWNLOAD
\.(iso)
#LAYER 7 YOUTUBE
^.*get.+.youtube.com.*$
CARA IMPORT ADDRESS LIST GAME ONLINE NICE
/tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc dst-path=/nice.rsc mode=http;/import nice.rsc;
MENAMBAH ADMIN USER MANAGER
/tool user-manager customer set admin password=54321
BACKUP & RESTORE DATABASE USER MANAGER

/tool user-manager database save name=db_userman.umb
/tool user-manager database load name=db_userman.umb
Blokir Virus Confiker di Mikrotik

/ip firewall filter add chain=virus protocol= udp dst-port=135 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= udp dst-port=137 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= udp dst-port=138 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= udp dst-port=445 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= tcp dst-port=135 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= tcp dst-port=139 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= tcp dst-port=5933 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= tcp dst-port=445 action=drop comment=”Confiker” disabled=no
/ip firewall filter add chain=virus protocol= tcp dst-port=4691 action=drop comment=”Confiker” disabled=no

Script Blokir Situs di Mikrotik

ip firewall filter
add chain=forward src-address=74.125.67.100 action=drop
add chain=forward dst-address=74.125.67.100 action=drop
Konfigurasi Proxy Transparant

ip firewall nat add chain=dstnat in-interface=local protocol=tcp dst-port=80
src-address-list=iplocal dst-address-list=192.168.1.0/24 action=redirect to-ports=8080

ip firewall nat add chain=dstnat in-interface=local protocol=tcp dst-port=3128
src-address-list=iplocal dst-address-list=192.168.1.0/24 action=redirect to-ports=8080

ip firewall nat add chain=dstnat in-interface=local protocol=tcp dst-port=8080
src-address-list=iplocal dst-address-list=192.168.1.0/24 action=redirect to-ports=8080

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=accept
ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=accept
ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=accept

IP Firewall Filter

/ip firewall filter
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=udp
add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward disabled=no jump-target=virus
add action=drop chain=input connection-state=invalid disabled=no
add action=accept chain=input disabled=no protocol=udp
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input disabled=no protocol=icmp
add action=accept chain=input disabled=no dst-port=21 protocol=tcp
add action=accept chain=input disabled=no dst-port=22 protocol=tcp
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix=”DROP INPUT”
add action=accept chain=input disabled=no dst-port=23 protocol=tcp
add action=accept chain=input disabled=no dst-port=80 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=log chain=input disabled=yes log-prefix=”DROP INPUT”
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \
chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \
chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”Port scanners to list ” \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”SYN/FIN scan” disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”SYN/RST scan” disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”FIN/PSH/URG scan” disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”ALL/ALL scan” disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”NMAP NULL scan” disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w chain=input comment=”NMAP FIN Stealth scan” \
disabled=no protocol=tcp
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\
0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254

 

Leave a Reply