You are on page 1of 2

#RADIUS

*router pelanggan
/radius add address=111.68.24.10 secret=RadiusClient service=login
/radius add address=111.68.24.11 secret=RadiusClient service=login
/user aaa set default-group=read use-radius=yes
/user group add name=gmt
policy="local,telnet,ssh,ftp,reboot,read,write,test,winbox,password,web,sniff,sensi
tive,api" skin=default
/ip service
set telnet address="" disabled=no port=8723
set ftp address="" disabled=no port=8721
set www address="" disabled=no port=8780
set ssh address="" disabled=no port=8722
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
########################
*radio
/radius add address=111.68.24.10 secret=Radius.Radi0 service=login
/radius add address=111.68.24.11 secret=Radius.Radi0 service=login
/user aaa set default-group=read use-radius=yes
/user group add name=gmt
policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,snif
f,sensitive,api" skin=default
/ip service
set telnet address="" disabled=no port=8723
set ftp address="" disabled=no port=8721
set www address="" disabled=no port=8780
set ssh address="" disabled=no port=8722
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291

#######################################

#Filter Spam
/ip firewall filter
add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" dst-
port=25 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
chain=forward comment="Detect and add-list SMTP virus or spammers" connection-
limit=30,32 dst-port=25 limit=50,5:packet log-prefix="" protocol=tcp

#################################

#Filter DNS
/ip firewall address-list
add address=10.0.0.0/8 list=rfc1918
add address=172.16.0.0/12 list=rfc1918
add address=192.168.0.0/16 list=rfc1918

/ip firewall filter


add action=drop chain=output comment="Filter DNS Recursive Router" dst-address-
list=!rfc1918 protocol=udp src-port=53
add action=drop chain=input dst-port=53 protocol=udp src-address-list=!rfc1918

####################
#Limiter packet maxi (Untuk maximal limit bisa di sesuaikan sesuai langganan)
/ip firewall mangle
add action=mark-connection chain=prerouting comment="UPLOAD CONNECTION" dst-
address-list=!rfc1918 in-interface=bridge1 new-connection-mark=UP.CON protocol=!
icmp src-address-list=rfc1918
add action=mark-packet chain=prerouting comment="UPLOAD PACKET" connection-
mark=UP.CON dst-address-list=!rfc1918 in-interface=bridge1 new-packet-mark=UP.PM
passthrough=no protocol=!icmp src-address-list=rfc1918
add action=mark-connection chain=postrouting comment="DOWNLOAD CONNECTION" dst-
address-list=rfc1918 new-connection-mark=DN.CON out-interface=bridge1
passthrough=yes protocol=!icmp src-address-list=!rfc1918
add action=mark-packet chain=forward comment="DOWNLOAD PACKET" connection-
mark=DN.CON dst-address-list=rfc1918 new-packet-mark=DN.PM out-interface=bridge1
passthrough=no protocol=!icmp src-address-list=!rfc1918

/queue tree
add max-limit=5120k name=GLOBAL-DN parent=global queue=default
add max-limit=5120k name=USERS packet-mark=DN.PM parent=GLOBAL-DN queue=pcq-
download-default
add max-limit=5120k name=GLOBAL-UP packet-mark=UP.PM parent=global queue=pcq-
upload-default