Scribd Logo
Upload

Welcome to Scribd!

  • Script Configuracion rB2011

    Uploaded by

    Soldier
    130 views5 pages
    Script Configuracion rB2011

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Script Configuracion rB2011

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    130 views5 pages

    Script Configuracion rB2011

    Uploaded by

    Soldier
    Script Configuracion rB2011

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    # sep/05/2015 12:35:55 by RouterOS 6.

    31
    # software id = 5220-KR3D
    #
    /ip firewall mangle
    add action=mark-routing chain=prerouting comment=\
    "Raptor - Mangle ====================>" dst-port=80 in-interface=LAN \
    new-routing-mark=raptor_route passthrough=no protocol=tcp
    add action=mark-connection chain=forward comment="== RAPTORCACHE ==" content=\
    "!X-Cache: HIT from Raptor" new-connection-mark=raptor-connection
    add action=mark-packet chain=forward connection-mark=!raptor-connection \
    new-packet-mark=raptor-packs passthrough=no
    add action=mark-connection chain=forward comment="==SQUID - TOS 12==" dscp=\
    !12 new-connection-mark=squid-connection
    add action=mark-packet chain=forward connection-mark=!squid-connection \
    new-packet-mark=squid-packs
    add action=mark-connection chain=prerouting comment="ICMP (Ping)" \
    new-connection-mark=icmp_conn protocol=icmp
    add action=mark-packet chain=prerouting connection-mark=icmp_conn \
    new-packet-mark=icmp passthrough=no
    add action=mark-connection chain=prerouting comment=DNS dst-port=53 \
    new-connection-mark=dns_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=dns_conn \
    new-packet-mark=dns passthrough=no
    add action=mark-connection chain=prerouting comment=Http connection-bytes=\
    0-500000 dst-port=80 new-connection-mark=http_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=http_conn \
    new-packet-mark=http passthrough=no
    add action=mark-connection chain=prerouting comment="Http Descarga" \
    connection-bytes=500000-5000000 dst-port=80 new-connection-mark=\
    http_conn_descarga protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=http_conn_descarga \
    new-packet-mark=http_descarga passthrough=no
    add action=mark-connection chain=prerouting comment=Https dst-port=443 \
    new-connection-mark=https_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=https_conn \
    new-packet-mark=https passthrough=no
    add action=mark-connection chain=prerouting comment=WoW dst-port=\
    3724,6112-6114,6881-6999 new-connection-mark=wow_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=wow_conn \
    new-packet-mark=wow passthrough=no
    add action=mark-connection chain=prerouting dst-port=3724 \
    new-connection-mark=wow_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=wow_udp_conn \
    new-packet-mark=wow_udp passthrough=no
    add action=mark-connection chain=prerouting comment=LoL dst-port=\
    2099,5222,5223,8393-8400 new-connection-mark=lol_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=lol_conn \
    new-packet-mark=lol passthrough=no
    add action=mark-connection chain=prerouting dst-port=5000-5500 \
    new-connection-mark=lol_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=lol_udp_conn \
    new-packet-mark=lol_udp passthrough=no
    add action=mark-connection chain=prerouting comment=Ventrilo dst-port=30572 \
    new-connection-mark=vent_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=vent_conn \
    new-packet-mark=ventrilo passthrough=no
    add action=mark-connection chain=prerouting comment=MSN dst-port=1863 \
    new-connection-mark=msn_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=msn_conn \
    new-packet-mark=msn passthrough=no

    add action=mark-connection chain=prerouting comment=Winbox dst-port=8291 \


    new-connection-mark=winbox_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=winbox_conn \
    new-packet-mark=winbox passthrough=no
    add action=mark-connection chain=prerouting comment="Dragon Nest" dst-port=\
    14300,14301,14403,7000,14500 new-connection-mark=dragon_nest_conn \
    protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=dragon_nest_conn \
    new-packet-mark=dragon_nest passthrough=no
    add action=mark-connection chain=prerouting dst-port=15100-15110 \
    new-connection-mark=dragon_nest_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=dragon_nest_udp_conn \
    new-packet-mark=dragon_nest_udp passthrough=no
    add action=mark-connection chain=prerouting comment=Otros \
    new-connection-mark=otras_conn
    add action=mark-packet chain=prerouting connection-mark=otras_conn \
    new-packet-mark=other passthrough=no
    # sep/05/2015 12:38:24 by RouterOS 6.31
    # software id = 5220-KR3D
    #
    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
    disabled=yes
    add chain=forward comment="Acepta RaptorCache" src-address=192.168.11.0/24
    add chain=input comment="*************Accept established connection packets" con
    nection-state=established
    add chain=input comment="Accept related connection packets" connection-state=rel
    ated
    add action=drop chain=input comment="Drop invalid packets" connection-state=inva
    lid
    add action=add-src-to-address-list address-list=ICMP address-list-timeout=1m cha
    in=input comment="*************Start Port KnockingA By Rodrigo" disabled=yes pro
    tocol=icmp
    add action=add-src-to-address-list address-list="ICMP + Http" address-list-timeo
    ut=2m chain=input disabled=yes dst-port=80 protocol=tcp src-address-list=ICMP
    add action=drop chain=input comment="End Port KnockingA" disabled=yes dst-port=2
    2,23,8291 protocol=tcp src-address-list="!ICMP + Http"
    add action=add-src-to-address-list address-list=Temp1 address-list-timeout=5m ch
    ain=input comment="*************Start Port KnockingB By Rodrigo" disabled=yes ds
    t-port=1000 protocol=tcp
    add action=add-src-to-address-list address-list=Temp1+Temp2 address-list-timeout
    =5m chain=input disabled=yes dst-port=2000 protocol=tcp src-address-list=Temp1
    add action=add-src-to-address-list address-list=Temp1+Temp2+Cantito address-list
    -timeout=5m chain=input disabled=yes dst-port=3000 protocol=tcp src-address-list
    =Temp1+Temp2
    add action=drop chain=input comment="END Port KnockingB" disabled=yes dst-port=2
    2,23,8291 protocol=tcp src-address-list=!Temp1+Temp2+Cantito
    add chain=input comment="*************Permitir Protocolos ICMP" connection-limit
    =15,32 icmp-options=0:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
    add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
    add action=drop chain=input protocol=icmp
    add action=tarpit chain=input comment="*************Impedir Atacante DOS genere
    nuevas conecxiones" protocol=tcp src-address-list="Lista Negra"
    add action=add-src-to-address-list address-list="Lista Negra" address-list-timeo
    ut=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
    add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-addr
    ess-list="Lista Negra"

    add action=drop chain=input comment="*************Block Intrusos WebProxy" dst-p


    ort=3128 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-interfac
    e=WAN protocol=udp
    add action=drop chain=forward comment="*************BLOCK SPAMMERS OR INFECTED U
    SERS" dst-port=25 protocol=tcp src-address-list=spammer
    add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
    chain=forward comment="Detect and add-list SMTP virus or spammers" connection-li
    mit=30,32 dst-port=25 limit=50,5 protocol=\
    tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=viru
    s
    add chain=input comment="*************Permitir el Acceso al Router desde Redes C
    onocidas" disabled=yes src-address-list="Permitir IPs for Access"
    add action=drop chain=input comment="*************Drop all INPUT" disabled=yes
    /ip firewall mangle
    add action=mark-routing chain=prerouting comment="Raptor - Mangle ==============
    ======>" dst-port=80 in-interface=LAN new-routing-mark=raptor_route passthrough=
    no protocol=tcp
    add action=mark-connection chain=forward comment="== RAPTORCACHE ==" content="!X
    -Cache: HIT from Raptor" new-connection-mark=raptor-connection
    add action=mark-packet chain=forward connection-mark=!raptor-connection new-pack
    et-mark=raptor-packs passthrough=no
    add action=mark-connection chain=forward comment="==SQUID - TOS 12==" dscp=!12 n
    ew-connection-mark=squid-connection
    add action=mark-packet chain=forward connection-mark=!squid-connection new-packe
    t-mark=squid-packs
    add action=mark-connection chain=prerouting comment="ICMP (Ping)" new-connection
    -mark=icmp_conn protocol=icmp
    add action=mark-packet chain=prerouting connection-mark=icmp_conn new-packet-mar
    k=icmp passthrough=no
    add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connecti
    on-mark=dns_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=dns_conn new-packet-mark
    =dns passthrough=no
    add action=mark-connection chain=prerouting comment=Http connection-bytes=0-5000
    00 dst-port=80 new-connection-mark=http_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=http_conn new-packet-mar
    k=http passthrough=no
    add action=mark-connection chain=prerouting comment="Http Descarga" connection-b
    ytes=500000-5000000 dst-port=80 new-connection-mark=http_conn_descarga protocol=
    tcp
    add action=mark-packet chain=prerouting connection-mark=http_conn_descarga new-p
    acket-mark=http_descarga passthrough=no
    add action=mark-connection chain=prerouting comment=Https dst-port=443 new-conne
    ction-mark=https_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=https_conn new-packet-ma
    rk=https passthrough=no
    add action=mark-connection chain=prerouting comment=WoW dst-port=3724,6112-6114,
    6881-6999 new-connection-mark=wow_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=wow_conn new-packet-mark
    =wow passthrough=no
    add action=mark-connection chain=prerouting dst-port=3724 new-connection-mark=wo
    w_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=wow_udp_conn new-packetmark=wow_udp passthrough=no
    add action=mark-connection chain=prerouting comment=LoL dst-port=2099,5222,5223,
    8393-8400 new-connection-mark=lol_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=lol_conn new-packet-mark
    =lol passthrough=no

    add action=mark-connection chain=prerouting dst-port=5000-5500 new-connection-ma


    rk=lol_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=lol_udp_conn new-packetmark=lol_udp passthrough=no
    add action=mark-connection chain=prerouting comment=Ventrilo dst-port=30572 newconnection-mark=vent_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=vent_conn new-packet-mar
    k=ventrilo passthrough=no
    add action=mark-connection chain=prerouting comment=MSN dst-port=1863 new-connec
    tion-mark=msn_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=msn_conn new-packet-mark
    =msn passthrough=no
    add action=mark-connection chain=prerouting comment=Winbox dst-port=8291 new-con
    nection-mark=winbox_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=winbox_conn new-packet-m
    ark=winbox passthrough=no
    add action=mark-connection chain=prerouting comment="Dragon Nest" dst-port=14300
    ,14301,14403,7000,14500 new-connection-mark=dragon_nest_conn protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=dragon_nest_conn new-pac
    ket-mark=dragon_nest passthrough=no
    add action=mark-connection chain=prerouting dst-port=15100-15110 new-connectionmark=dragon_nest_udp_conn protocol=udp
    add action=mark-packet chain=prerouting connection-mark=dragon_nest_udp_conn new
    -packet-mark=dragon_nest_udp passthrough=no
    add action=mark-connection chain=prerouting comment=Otros new-connection-mark=ot
    ras_conn
    add action=mark-packet chain=prerouting connection-mark=otras_conn new-packet-ma
    rk=other passthrough=no
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=WAN
    add action=masquerade chain=srcnat out-interface=RAPTORCACHE
    add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=yes dst-port=220 pro
    tocol=tcp to-addresses=192.168.11.2 to-ports=22
    add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=yes dst-port=82
    protocol=tcp to-addresses=192.168.11.2 to-ports=82
    add action=masquerade chain=srcnat src-address=192.168.89.0/24
    add action=masquerade chain=srcnat src-address=192.168.88.0/24
    add action=masquerade chain=srcnat src-address=192.168.90.0/24
    # sep/05/2015 12:39:20 by RouterOS 6.31
    # software id = 5220-KR3D
    #
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=WAN
    add action=masquerade chain=srcnat out-interface=RAPTORCACHE
    add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=yes dst-port=220 pro
    tocol=tcp to-addresses=192.168.11.2 to-ports=22
    add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=yes dst-port=82
    protocol=tcp to-addresses=192.168.11.2 to-ports=82
    add action=masquerade chain=srcnat src-address=192.168.89.0/24
    add action=masquerade chain=srcnat src-address=192.168.88.0/24
    add action=masquerade chain=srcnat src-address=192.168.90.0/24
    # sep/05/2015 12:40:17 by RouterOS 6.31
    # software id = 5220-KR3D
    #
    /queue simple
    add max-limit=4M/4M name=RAPTOR packet-marks=raptor-packs target=""
    add max-limit=4M/4M name=SQUID packet-marks=squid-packs target=""
    # sep/05/2015 12:40:56 by RouterOS 6.31
    # software id = 5220-KR3D
    #

    /queue tree
    add max-limit=4M name=RaptorCache packet-mark=raptor-packs parent=global priorit
    y=4 queue=default
    add max-limit=4M name="Squid 3.x" packet-mark=squid-packs parent=global priority
    =4 queue=default
    add name=QoS_down parent=LAN priority=1
    add limit-at=10M max-limit=12350k name=3QoS_down_Web parent=QoS_down priority=5
    add name=2QoS_down_Games parent=QoS_down priority=2
    add name=1QoS_down_VoIP parent=QoS_down priority=1
    add name=QoS_up parent=WAN priority=1
    add name=1QoS_up_VoIP parent=QoS_up priority=1
    add name=2QoS_up_Games parent=QoS_up priority=2
    add limit-at=5M max-limit=5512k name=3QoS_up_Web parent=QoS_up priority=5
    add name="ICMP_(Ping)_up" packet-mark=icmp parent=1QoS_up_VoIP priority=1 queue=
    default
    add name=DNS_up packet-mark=dns parent=3QoS_up_Web priority=5 queue=default
    add name=Http_up packet-mark=http parent=3QoS_up_Web priority=5 queue=default
    add name=Https_up packet-mark=https parent=3QoS_up_Web priority=5 queue=default
    add name=Otros_up packet-mark=other parent=3QoS_up_Web priority=6 queue=default
    add name=WinBox packet-mark=winbox parent=1QoS_down_VoIP priority=2 queue=defaul
    t
    add name=MSN packet-mark=msn parent=3QoS_down_Web priority=5 queue=default
    add name=LoL_udp packet-mark=lol_udp parent=2QoS_down_Games priority=2 queue=def
    ault
    add name=Ventrilo_up packet-mark=ventrilo parent=1QoS_up_VoIP priority=1 queue=d
    efault
    add name=WinBox_up packet-mark=winbox parent=1QoS_up_VoIP priority=2 queue=defau
    lt
    add name="Dragon Nest" packet-mark=dragon_nest parent=2QoS_down_Games priority=2
    queue=default
    add name=MSN_up packet-mark=msn parent=3QoS_up_Web priority=5 queue=default
    add name="Dragon Nest_up" packet-mark=dragon_nest parent=2QoS_up_Games priority=
    2 queue=default
    add name="Dragon Nest_udp" packet-mark=dragon_nest_udp parent=2QoS_down_Games pr
    iority=2 queue=default
    add name="Dragon Nest_udp_up" packet-mark=dragon_nest_udp parent=2QoS_up_Games p
    riority=2 queue=default
    add name=LoL_up packet-mark=lol parent=2QoS_up_Games priority=2 queue=default
    add name=LoL_udp_up packet-mark=lol_udp parent=2QoS_up_Games priority=2 queue=de
    fault
    add name=WoW_up packet-mark=wow parent=2QoS_up_Games priority=2 queue=default
    add name=WoW_udp_up packet-mark=wow_udp parent=2QoS_up_Games priority=2 queue=de
    fault
    add name=Http_Descarga packet-mark=http_descarga parent=3QoS_down_Web priority=6
    queue=default
    add name="ICMP_(Ping)" packet-mark=icmp parent=1QoS_down_VoIP priority=1 queue=d
    efault
    add name=DNS packet-mark=dns parent=3QoS_down_Web priority=5 queue=default
    add name=Http packet-mark=http parent=3QoS_down_Web priority=5 queue=default
    add name=Https packet-mark=https parent=3QoS_down_Web priority=5 queue=default
    add name=WoW packet-mark=wow parent=2QoS_down_Games priority=2 queue=default
    add name=WoW_udp packet-mark=wow_udp parent=2QoS_down_Games priority=2 queue=def
    ault
    add name=LoL packet-mark=lol parent=2QoS_down_Games priority=2 queue=default
    add name=Ventrilo packet-mark=ventrilo parent=1QoS_down_VoIP priority=1 queue=de
    fault
    add name=Otros packet-mark=other parent=3QoS_down_Web priority=7 queue=default

    You might also like