Created
November 16, 2018 09:12
-
-
Save arysandi/0f5c0eebae27af2f2478672afe8416ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /ip firewall address-list | |
| add address=0.0.0.0/8 list=private-lokal | |
| add address=10.0.0.0/8 list=private-lokal | |
| add address=100.64.0.0/10 list=private-lokal | |
| add address=127.0.0.0/8 list=private-lokal | |
| add address=169.254.0.0/16 list=private-lokal | |
| add address=172.16.0.0/12 list=private-lokal | |
| add address=192.0.0.0/24 list=private-lokal | |
| add address=192.0.2.0/24 list=private-lokal | |
| add address=192.168.0.0/16 list=private-lokal | |
| add address=198.18.0.0/15 list=private-lokal | |
| add address=198.51.100.0/24 list=private-lokal | |
| add address=203.0.113.0/24 list=private-lokal | |
| add address=224.0.0.0/3 list=private-lokal | |
| add address=118.98.0.0/17 list=ggc-telkom | |
| add address=118.97.0.0/16 list=ggc-telkom | |
| add address=216.239.32.0/19 list=ggc-telkom | |
| add address=216.58.192.0/19 list=ggc-telkom | |
| add address=172.217.0.0/16 list=ggc-telkom | |
| add address=74.125.0.0/16 list=ggc-telkom | |
| /ip firewall mangle | |
| add action=mark-connection chain=prerouting comment=private-lokal \ | |
| dst-address-list=private-lokal new-connection-mark=private-lokal \ | |
| passthrough=yes src-address-list=private-lokal | |
| add action=accept chain=prerouting comment=private-lokal connection-mark=\ | |
| private-lokal dst-address-list=private-lokal src-address-list=\ | |
| private-lokal | |
| add action=mark-connection chain=prerouting comment=vip dst-address-list=\ | |
| !private-lokal new-connection-mark=vip passthrough=yes protocol=icmp \ | |
| src-address-list=private-lokal | |
| add action=mark-connection chain=prerouting comment=dns dst-address-list=\ | |
| !private-lokal dst-port=53,5353,123,1194 new-connection-mark=vip \ | |
| passthrough=yes protocol=tcp src-address-list=private-lokal | |
| add action=mark-connection chain=prerouting comment=dns dst-address-list=\ | |
| !private-lokal dst-port=53,5353,123,1194 new-connection-mark=vip \ | |
| passthrough=yes protocol=udp src-address-list=private-lokal | |
| add action=accept chain=prerouting comment=vip connection-mark=vip | |
| add action=mark-connection chain=prerouting comment=games dst-address-list=\ | |
| games new-connection-mark=games passthrough=yes src-address-list=\ | |
| private-lokal | |
| add action=accept chain=prerouting comment=games connection-mark=games | |
| add action=mark-connection chain=prerouting comment=sosmed dst-address-list=\ | |
| sosmed new-connection-mark=sosmed passthrough=yes src-address-list=\ | |
| private-lokal | |
| add action=accept chain=prerouting comment=sosmed connection-mark=sosmed | |
| add action=mark-connection chain=prerouting comment=ggc-telkom \ | |
| dst-address-list=ggc-telkom new-connection-mark=ggc-redirector \ | |
| passthrough=yes src-address-list=private-lokal | |
| add action=accept chain=prerouting comment=ggc-redirector connection-mark=\ | |
| ggc-redirector | |
| add action=mark-connection chain=prerouting comment=all-trafik \ | |
| dst-address-list=!private-lokal new-connection-mark=all-trafik \ | |
| passthrough=yes src-address-list=private-lokal | |
| add action=accept chain=prerouting comment=all-trafik connection-mark=\ | |
| all-trafik | |
| add action=jump chain=forward in-interface=ether1 jump-target=qos-down | |
| add action=mark-packet chain=qos-down comment=vip-down connection-mark=vip \ | |
| new-packet-mark=vip-down passthrough=no | |
| add action=mark-packet chain=qos-down comment=games-down connection-mark=\ | |
| games new-packet-mark=games-down passthrough=no | |
| add action=mark-packet chain=qos-down comment=sosmed-down connection-mark=\ | |
| sosmed new-packet-mark=sosmed-down passthrough=no | |
| add action=mark-packet chain=qos-down comment=patch-games-down \ | |
| connection-mark=all-trafik new-packet-mark=patch-games-down passthrough=\ | |
| no src-address-list=games | |
| add action=mark-packet chain=qos-down comment=ggc-telkom-down \ | |
| connection-mark=ggc-redirector new-packet-mark=ggc-telkom-down \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-down comment=browsing-down connection-bytes=\ | |
| 0-1000000 connection-mark=all-trafik new-packet-mark=browsing-down \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-down comment=low-down connection-bytes=\ | |
| 1000001-10000000 connection-mark=all-trafik new-packet-mark=low-down \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-down comment=midle-down connection-bytes=\ | |
| 10000001-50000000 connection-mark=all-trafik new-packet-mark=midle-down \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-down comment=high-down connection-bytes=\ | |
| 50000001-0 connection-mark=all-trafik new-packet-mark=high-down \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-down comment=unknown-down connection-mark=\ | |
| all-trafik new-packet-mark=unknown-down passthrough=no | |
| add action=mark-packet chain=qos-down comment=unknown-down new-packet-mark=\ | |
| unknown-down passthrough=no | |
| add action=return chain=qos-down | |
| add action=jump chain=forward jump-target=qos-up out-interface=ether1 | |
| add action=mark-packet chain=qos-up comment=vip-up connection-mark=vip \ | |
| new-packet-mark=vip-up passthrough=no | |
| add action=mark-packet chain=qos-up comment=games-up connection-mark=games \ | |
| new-packet-mark=games-up passthrough=no | |
| add action=mark-packet chain=qos-up comment=sosmed-up connection-mark=sosmed \ | |
| new-packet-mark=sosmed-up passthrough=no | |
| add action=mark-packet chain=qos-up comment=patch-games-up connection-mark=\ | |
| all-trafik dst-address-list=games new-packet-mark=patch-games-up \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-up comment=ggc-telkom-up connection-mark=\ | |
| ggc-redirector new-packet-mark=ggc-telkom-up passthrough=no | |
| add action=mark-packet chain=qos-up comment=browsing-up connection-bytes=\ | |
| 0-1000000 connection-mark=all-trafik new-packet-mark=browsing-up \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-up comment=low-up connection-bytes=\ | |
| 1000001-10000000 connection-mark=all-trafik new-packet-mark=low-up \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-up comment=midle-up connection-bytes=\ | |
| 10000001-50000000 connection-mark=all-trafik new-packet-mark=midle-up \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-up comment=high-up connection-bytes=\ | |
| 50000001-0 connection-mark=all-trafik new-packet-mark=high-up \ | |
| passthrough=no | |
| add action=mark-packet chain=qos-up comment=unknown-up connection-mark=\ | |
| all-trafik new-packet-mark=unknown-up passthrough=no | |
| add action=mark-packet chain=qos-up comment=unknown-up new-packet-mark=\ | |
| unknown-up passthrough=no | |
| add action=return chain=qos-up | |
| /ip firewall raw | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=Vainglory dst-address-list=\ | |
| !private-lokal dst-port=7000-8020 protocol=tcp src-address-list=\ | |
| private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=Vainglory content=.superevil.net \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="Mobile Legends" dst-address-list=\ | |
| !private-lokal dst-port=30050-30150 protocol=tcp src-address-list=\ | |
| private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="Mobile Legends" dst-address-list=\ | |
| !private-lokal dst-port=5000-5570 protocol=udp src-address-list=\ | |
| private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="PUBG Mobile" dst-address-list=\ | |
| !private-lokal dst-port=10012,17500 protocol=tcp src-address-list=\ | |
| private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="PUBG Mobile" dst-address-list=\ | |
| !private-lokal dst-port="10491,10010,10013,10612,20002,20001,20000,12235,1\ | |
| 3748,13972,13894,11455,10096,10039" protocol=udp src-address-list=\ | |
| private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="PUBG Mobile" content=.igamecj.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=games address-list-timeout=\ | |
| none-dynamic chain=prerouting comment="PUBG Mobile" content=\ | |
| tencentgames.helpshift.com dst-address-list=!private-lokal \ | |
| src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=ig content=.cdninstagram.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=ig content=.instagram.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=WA content=.whatsapp.net \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=WA content=.whatsapp.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=life360 content=.life360.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=fb content=.facebook.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=fb content=.facebook.net \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=fb content=.fbcdn.net \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=twitter content=.twitter.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=twitter content=.twimg.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| add action=add-dst-to-address-list address-list=sosmed address-list-timeout=\ | |
| none-dynamic chain=prerouting comment=tiktok content=.tiktokv.com \ | |
| dst-address-list=!private-lokal src-address-list=private-lokal | |
| /queue tree | |
| add max-limit=100M name=INCOMING parent=global queue=default | |
| add limit-at=10M max-limit=100M name=A.1.PAKET-TRAFIK parent=INCOMING queue=\ | |
| default | |
| add bucket-size=0 name=A.1.1.VIP packet-mark=vip-down parent=A.1.PAKET-TRAFIK \ | |
| priority=1 queue=default | |
| add bucket-size=0 name=A.1.2.GAMES-ONLINE packet-mark=games-down parent=\ | |
| A.1.PAKET-TRAFIK priority=2 queue=default | |
| add bucket-size=0 name=A.1.3.PATCH-GAMES packet-mark=patch-games-down parent=\ | |
| A.1.PAKET-TRAFIK priority=3 queue=pcq-download-default | |
| add max-limit=8M name=A.1.4.NORMAL parent=A.1.PAKET-TRAFIK queue=default | |
| add limit-at=200k max-limit=8M name=A.1.4.1.BROWSING packet-mark=\ | |
| browsing-down parent=A.1.4.NORMAL priority=4 queue=pcq-download-default | |
| add limit-at=200k max-limit=8M name=A.1.4.3.LOW packet-mark=low-down parent=\ | |
| A.1.4.NORMAL priority=5 queue=pcq-download-default | |
| add limit-at=200k max-limit=8M name=A.1.4.4.MIDLE packet-mark=midle-down \ | |
| parent=A.1.4.NORMAL priority=6 queue=pcq-download-default | |
| add limit-at=200k max-limit=8M name=A.1.4.5.HIGH packet-mark=high-down \ | |
| parent=A.1.4.NORMAL priority=7 queue=pcq-download-default | |
| add limit-at=200k max-limit=8M name=A.1.4.6.UNKNOWN packet-mark=unknown-down \ | |
| parent=A.1.4.NORMAL priority=7 queue=pcq-download-default | |
| add limit-at=200k max-limit=10M name=A.1.4.7.GGC-TELKOM packet-mark=\ | |
| ggc-telkom-down parent=A.1.4.NORMAL queue=pcq-download-default | |
| add max-limit=100M name=OUTGOING parent=global queue=default | |
| add limit-at=2M max-limit=2M name=B.1.PAKET-TRAFIK parent=OUTGOING queue=\ | |
| default | |
| add limit-at=64k max-limit=2M name=B.1.1.VIP packet-mark=vip-up parent=\ | |
| B.1.PAKET-TRAFIK priority=1 queue=default | |
| add limit-at=500k max-limit=2M name=B.1.2.GAMES-ONLINE packet-mark=games-up \ | |
| parent=B.1.PAKET-TRAFIK priority=2 queue=default | |
| add limit-at=250k max-limit=2M name=B.1.3.PATCH-GAMES packet-mark=\ | |
| patch-games-up parent=B.1.PAKET-TRAFIK priority=3 queue=\ | |
| pcq-upload-default | |
| add limit-at=1500k max-limit=1500k name=B.1.4.NORMAL parent=B.1.PAKET-TRAFIK \ | |
| queue=default | |
| add limit-at=200k max-limit=1500k name=B.1.4.1.BROWSING packet-mark=\ | |
| browsing-up parent=B.1.4.NORMAL priority=4 queue=pcq-upload-default | |
| add limit-at=200k max-limit=1500k name=B.1.4.3.LOW packet-mark=low-up parent=\ | |
| B.1.4.NORMAL priority=5 queue=pcq-upload-default | |
| add limit-at=200k max-limit=1500k name=B.1.4.4.MIDLE packet-mark=midle-up \ | |
| parent=B.1.4.NORMAL priority=6 queue=pcq-upload-default | |
| add limit-at=200k max-limit=1500k name=B.1.4.5.HIGH packet-mark=high-up \ | |
| parent=B.1.4.NORMAL priority=7 queue=pcq-upload-default | |
| add limit-at=200k max-limit=1500k name=B.1.4.6.UNKNOWN packet-mark=unknown-up \ | |
| parent=B.1.4.NORMAL priority=7 queue=pcq-upload-default | |
| add limit-at=100k max-limit=2M name=B.1.4.7.GGC-TELKOM packet-mark=\ | |
| ggc-telkom-up parent=B.1.4.NORMAL queue=pcq-upload-default | |
| add limit-at=200k max-limit=8M name=A.1.4.2.SOSMED packet-mark=sosmed-down \ | |
| parent=A.1.4.NORMAL priority=7 queue=pcq-download-default | |
| add limit-at=200k max-limit=1500k name=B.1.4.2.SOSMED packet-mark=sosmed-up \ | |
| parent=B.1.4.NORMAL priority=7 queue=pcq-upload-default | |
| /ip firewall filter | |
| add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp \ | |
| src-address-list=!private-lokal | |
| add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp \ | |
| src-address-list=!private-lokal | |
| add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp \ | |
| src-address-list=!private-lokal | |
| add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp \ | |
| src-address-list=!private-lokal | |
| add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp | |
| add action=accept chain=input comment="defconf: accept ICMP" dst-port=\ | |
| 8291-8299,8030-8039,2222,22,5900-5911,1701-1723,8123,1194,8012,8123 \ | |
| protocol=tcp | |
| add action=accept chain=input comment="defconf: accept ICMP" dst-port=\ | |
| 8291-8299,8030-8039,2222,22,5900-5911,1701-1723,8123,1194,8012,8123 \ | |
| protocol=udp | |
| add action=accept chain=input comment="defconf: accept established,related" \ | |
| connection-state=established,related | |
| add action=drop chain=input comment="defconf: drop all from WAN" \ | |
| in-interface=ether1 | |
| add action=accept chain=forward comment="defconf: accept established,related" \ | |
| connection-state=established,related | |
| add action=drop chain=forward comment="defconf: drop invalid" \ | |
| connection-state=invalid | |
| add action=drop chain=forward comment=\ | |
| "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ | |
| connection-state=new in-interface=ether1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
joss tak coba om