長偉資訊

由 **super** » 2012年 4月 25日, 01:21

代碼: 選擇全部: / ip upnp set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes /ip upnp interfaces add disabled=no \ interface=pppoe-IP \ type=external add disabled=no \ interface=ether2-LAN \ type=internal

由 **super** » 2012年 4月 25日, 03:21

1. 標記所有數據包

代碼: 選擇全部: /ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no

2.做2條 PCQ 規則 1條下載 1條上傳

代碼: 選擇全部: /queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address /queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address

3. 做2條限速規則

代碼: 選擇全部: /queue tree add parent=global-in queue=PCQ_download packet-mark=all /queue tree add parent=global-out queue=PCQ_upload packet-mark=all

如果你不用 mangle 你可以跳過 1 直接到2~3

代碼: 選擇全部: /queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.0.0/24

由 **super** » 2012年 4月 25日, 06:27

代碼: 選擇全部: / ip firewall filter add chain=input connection-state=invalid action=drop comment="丟棄非法連接packets" disabled=no add chain=input protocol=tcp dst-port=80 connection-limit=60,0 action=drop comment="限制總http連接數為60" disabled=no add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="探測並丟棄端口掃瞄連接" disabled=no add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment="壓制DoS攻擊" disabled=no add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment="探測DoS攻擊" disabled=no add chain=input dst-address-type=!local action=drop comment="丟棄掉非本地數據" disabled=no add chain=input src-address-type=!unicast action=drop comment="丟棄掉所有非單播數據" disabled=no add chain=input protocol=icmp action=jump jump-target=ICMP comment="跳轉到ICMP鏈表" disabled=no add chain=input protocol=tcp action=jump jump-target=virus comment="跳轉到病毒鏈表" disabled=no add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment="Ping應答限制為每秒5個封包" disabled=no add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment="Traceroute限制為每秒5個封包" disabled=no add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment="MTU線路探測限制為每秒5個封包" disabled=no add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment="Ping請求限制為每秒5個封包" disabled=no add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment="Trace TTL限制為每秒5個封包" disabled=no add chain=ICMP protocol=icmp action=drop comment="丟棄掉任何ICMP數據" disabled=no add chain=forward connection-state=established action=accept comment="接受以連接的數據封包" disabled=no add chain=forward connection-state=related action=accept comment="接受相關數據封包" disabled=no add chain=forward connection-state=invalid action=drop comment="丟棄非法數據封包" disabled=no add chain=forward protocol=tcp connection-limit=200,32 action=drop comment="限制每個主機TCP連接數為200條" disabled=no add chain=forward protocol=tcp connection-limit=300,32 action=drop comment="限制每個主機UDP連接數為300條" disabled=no add chain=forward src-address-type=!unicast action=drop comment="丟棄掉所有非單播數據" disabled=no add chain=forward protocol=icmp action=jump jump-target=ICMP comment="跳轉到ICMP鏈表" disabled=no add chain=forward action=jump jump-target=virus comment="跳轉到病毒鏈表" disabled=no add chain=forward action=accept comment="接受任何數據" disabled=no add chain=virus protocol=tcp dst-port=41 action=drop comment="DeepThroat.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=82 action=drop comment="Worm.NetSky.Y@mm" disabled=no add chain=virus protocol=tcp dst-port=113 action=drop comment="W32.Korgo.A/B/C/D/E/F-1" disabled=no add chain=virus protocol=tcp dst-port=2041 action=drop comment="W33.Korgo.A/B/C/D/E/F-2" disabled=no add chain=virus protocol=tcp dst-port=3150 action=drop comment="DeepThroat.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=3067 action=drop comment="W32.Korgo.A/B/C/D/E/F-3" disabled=no add chain=virus protocol=tcp dst-port=3422 action=drop comment="Backdoor.IRC.Aladdinz.R-1" disabled=no add chain=virus protocol=tcp dst-port=6667 action=drop comment="W32.Korgo.A/B/C/D/E/F-4" disabled=no add chain=virus protocol=tcp dst-port=6789 action=drop comment="Worm.NetSky.S/T/U@mm" disabled=no add chain=virus protocol=tcp dst-port=8787 action=drop comment="Back.Orifice.2000.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=8879 action=drop comment="Back.Orifice.2000.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=8967 action=drop comment="W32.Dabber.A/B-2" disabled=no add chain=virus protocol=tcp dst-port=9999 action=drop comment="W32.Dabber.A/B-3" disabled=no add chain=virus protocol=tcp dst-port=20034 action=drop comment="Block.NetBus.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=21554 action=drop comment="GirlFriend.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=31666 action=drop comment="Back.Orifice.2000.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=43958 action=drop comment="Backdoor.IRC.Aladdinz.R-2" disabled=no add chain=virus protocol=tcp dst-port=999 action=drop comment="DeepThroat.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=6670 action=drop comment="DeepThroat.Trojan-4" disabled=no add chain=virus protocol=tcp dst-port=6771 action=drop comment="DeepThroat.Trojan-5" disabled=no add chain=virus protocol=tcp dst-port=60000 action=drop comment="DeepThroat.Trojan-6" disabled=no add chain=virus protocol=tcp dst-port=2140 action=drop comment="DeepThroat.Trojan-7" disabled=no add chain=virus protocol=tcp dst-port=10067 action=drop comment="Portal.of.Doom.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=10167 action=drop comment="Portal.of.Doom.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=3700 action=drop comment="Portal.of.Doom.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=9872-9875 action=drop comment="Portal.of.Doom.Trojan-4" disabled=no add chain=virus protocol=tcp dst-port=6883 action=drop comment="Delta.Source.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=26274 action=drop comment="Delta.Source.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=4444 action=drop comment="Delta.Source.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=47262 action=drop comment="Delta.Source.Trojan-4" disabled=no add chain=virus protocol=tcp dst-port=3791 action=drop comment="Eclypse.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=3801 action=drop comment="Eclypse.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=65390 action=drop comment="Eclypse.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=5880-5882 action=drop comment="Y3K.RAT.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=5888-5889 action=drop comment="Y3K.RAT.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=30100-30103 action=drop comment="NetSphere.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=30133 action=drop comment="NetSphere.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=7300-7301 action=drop comment="NetMonitor.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=7306-7308 action=drop comment="NetMonitor.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=79 action=drop comment="FireHotcker.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=5031 action=drop comment="FireHotcker.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=5321 action=drop comment="FireHotcker.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=6400 action=drop comment="TheThing.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=7777 action=drop comment="TheThing.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=1047 action=drop comment="GateCrasher.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=6969-6970 action=drop comment="GateCrasher.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=2774 action=drop comment="SubSeven-1" disabled=no add chain=virus protocol=tcp dst-port=27374 action=drop comment="SubSeven-2" disabled=no add chain=virus protocol=tcp dst-port=1243 action=drop comment="SubSeven-3" disabled=no add chain=virus protocol=tcp dst-port=1234 action=drop comment="SubSeven-4" disabled=no add chain=virus protocol=tcp dst-port=6711-6713 action=drop comment="SubSeven-5" disabled=no add chain=virus protocol=tcp dst-port=16959 action=drop comment="SubSeven-7" disabled=no add chain=virus protocol=tcp dst-port=11000 action=drop comment="Senna.Spy.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=13000 action=drop comment="Senna.Spy.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=25685-25686 action=drop comment="Moonpie.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=25982 action=drop comment="Moonpie.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=31337-31339 action=drop comment="NetSpy.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=8102 action=drop comment="Trojan" disabled=no add chain=virus protocol=tcp dst-port=8011 action=drop comment="WAY.Trojan" disabled=no add chain=virus protocol=tcp dst-port=7626 action=drop comment="Trojan.BingHe" disabled=no add chain=virus protocol=tcp dst-port=19191 action=drop comment="Trojan.NianSeHoYian" disabled=no add chain=virus protocol=tcp dst-port=23444-23445 action=drop comment="NetBull.Trojan" disabled=no add chain=virus protocol=tcp dst-port=2583 action=drop comment="WinCrash.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=3024 action=drop comment="WinCrash.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=4092 action=drop comment="WinCrash.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=5714 action=drop comment="WinCrash.Trojan-4" disabled=no add chain=virus protocol=tcp dst-port=1010-1012 action=drop comment="Doly1.0/1.35/1.5trojan-1" disabled=no add chain=virus protocol=tcp dst-port=1015 action=drop comment="Doly1.0/1.35/1.5trojan-2" disabled=no add chain=virus protocol=tcp dst-port=1999-2005 action=drop comment="TransScout.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=9878 action=drop comment="TransScout.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=2773 action=drop comment="Backdoor.YAI..Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=7215 action=drop comment="Backdoor.YAI.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=54283 action=drop comment="Backdoor.YAI.Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=1003 action=drop comment="BackDoorTrojan-1" disabled=no add chain=virus protocol=tcp dst-port=5598 action=drop comment="BackDoorTrojan-2" disabled=no add chain=virus protocol=tcp dst-port=5698 action=drop comment="BackDoorTrojan-3" disabled=no add chain=virus protocol=tcp dst-port=31554 action=drop comment="SchainwindlerTrojan-2" disabled=no add chain=virus protocol=tcp dst-port=18753 action=drop comment="Shaft.DDoS.Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=20432 action=drop comment="Shaft.DDoS.Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=65000 action=drop comment="Devil.DDoS.Trojan" disabled=no add chain=virus protocol=tcp dst-port=11831 action=drop comment="LatinusTrojan-1" disabled=no add chain=virus protocol=tcp dst-port=29559 action=drop comment="LatinusTrojan-2" disabled=no add chain=virus protocol=tcp dst-port=1784 action=drop comment="Snid.X2Trojan-1" disabled=no add chain=virus protocol=tcp dst-port=3586 action=drop comment="Snid.X2Trojan-2" disabled=no add chain=virus protocol=tcp dst-port=7609 action=drop comment="Snid.X2Trojan-3" disabled=no add chain=virus protocol=tcp dst-port=12348-12349 action=drop comment="BionetTrojan-1" disabled=no add chain=virus protocol=tcp dst-port=12478 action=drop comment="BionetTrojan-2" disabled=no add chain=virus protocol=tcp dst-port=57922 action=drop comment="BionetTrojan-3" disabled=no add chain=virus protocol=tcp dst-port=3127-3198 action=drop comment="Worm.Novarg.a.Mydoom.a." disabled=no add chain=virus protocol=tcp dst-port=6777 action=drop comment="Worm.BBeagle.a.Bagle.a." disabled=no add chain=virus protocol=tcp dst-port=8866 action=drop comment="Worm.BBeagle.b" disabled=no add chain=virus protocol=tcp dst-port=2745 action=drop comment="Worm.BBeagle.c-g/j-l" disabled=no add chain=virus protocol=tcp dst-port=2556 action=drop comment="Worm.BBeagle.p/q/r/n" disabled=no add chain=virus protocol=tcp dst-port=20742 action=drop comment="Worm.BBEagle.m-2" disabled=no add chain=virus protocol=tcp dst-port=4751 action=drop comment="Worm.BBeagle.s/t/u/v" disabled=no add chain=virus protocol=tcp dst-port=2535 action=drop comment="Worm.BBeagle.aa/ab/w/x-z-2" disabled=no add chain=virus protocol=tcp dst-port=5238 action=drop comment="Worm.LovGate.r.RpcExploit" disabled=no add chain=virus protocol=tcp dst-port=1068 action=drop comment="Worm.Sasser.a" disabled=no add chain=virus protocol=tcp dst-port=5554 action=drop comment="Worm.Sasser.b/c/f" disabled=no add chain=virus protocol=tcp dst-port=9996 action=drop comment="Worm.Sasser.b/c/f" disabled=no add chain=virus protocol=tcp dst-port=9995 action=drop comment="Worm.Sasser.d" disabled=no add chain=virus protocol=tcp dst-port=10168 action=drop comment="Worm.Lovgate.a/b/c/d" disabled=no add chain=virus protocol=tcp dst-port=20808 action=drop comment="Worm.Lovgate.v.QQ" disabled=no add chain=virus protocol=tcp dst-port=1092 action=drop comment="Worm.Lovgate.f/g" disabled=no add chain=virus protocol=tcp dst-port=20168 action=drop comment="Worm.Lovgate.f/g" disabled=no add chain=virus protocol=tcp dst-port=1363-1364 action=drop comment="ndm.requester" disabled=no add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen.cast" disabled=no add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichainlid" disabled=no add chain=virus protocol=tcp dst-port=3410 action=drop comment="Backdoor.Optixprotocol" disabled=no add chain=virus protocol=tcp dst-port=8888 action=drop comment="Worm.BBeagle.b" disabled=no add chain=virus protocol=udp dst-port=44444 action=drop comment="Delta.Source.Trojan-7" disabled=no add chain=virus protocol=udp dst-port=8998 action=drop comment="Worm.Sobig.f-3" disabled=no add chain=virus protocol=udp dst-port=123 action=drop comment="Worm.Sobig.f-1" disabled=no

代碼: 選擇全部: / ip firewall filter add action=drop chain=input comment="\A5\E1\B1\F3\ABD\AAk\B3s\B1\B5packets" connection-state=invalid disabled=no add action=drop chain=input comment="\AD\AD\A8\EE\C1`http\B3s\B1\B5\BC\C6\AC\B060" connection-limit=60,0 disabled=no dst-port=80 protocol=tcp add action=drop chain=input comment="\B1\B4\B4\FA\A8\C3\A5\E1\B1\F3\BA\DD\A4f\B1\BD\BA\CB\B3s\B1\B5" disabled=no protocol=tcp psd=21,3s,3,1 add action=tarpit chain=input comment="\C0\A3\A8\EEDoS\A7\F0\C0\BB" connection-limit=3,32 disabled=no protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="\B1\B4\B4\FADoS\A7\F0\C0\BB" connection-limit=10,32 disabled=no protocol=tcp add action=drop chain=input comment="\A5\E1\B1\F3\B1\BC\ABD\A5\BB\A6a\BC\C6\BE\DA" disabled=no dst-address-type=!local add action=drop chain=input comment="\A5\E1\B1\F3\B1\BC\A9\D2\A6\B3\ABD\B3\E6\BC\BD\BC\C6\BE\DA" disabled=no src-address-type=!unicast add action=jump chain=input comment="\B8\F5\C2\E0\A8\ECICMP\C3\EC\AA\ED" disabled=no jump-target=ICMP protocol=icmp add action=jump chain=input comment="\B8\F5\C2\E0\A8\EC\AFf\ACr\C3\EC\AA\ED" disabled=no jump-target=virus protocol=tcp add action=accept chain=ICMP comment="Ping\C0\B3\B5\AA\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\AB\CA\A5]" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp add action=accept chain=ICMP comment="Traceroute\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\AB\CA\A5]" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp add action=accept chain=ICMP comment="MTU\BDu\B8\F4\B1\B4\B4\FA\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\AB\CA\A5]" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp add action=accept chain=ICMP comment="Ping\BD\D0\A8D\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\AB\CA\A5]" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp add action=accept chain=ICMP comment="Trace TTL\AD\AD\A8\EE\AC\B0\A8C\AC\ED5\AD\D3\AB\CA\A5]" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp add action=drop chain=ICMP comment="\A5\E1\B1\F3\B1\BC\A5\F4\A6\F3ICMP\BC\C6\BE\DA" disabled=no protocol=icmp add action=accept chain=forward comment="\B1\B5\A8\FC\A5H\B3s\B1\B5\AA\BA\BC\C6\BE\DA\AB\CA\A5]" connection-state=established disabled=no add action=accept chain=forward comment="\B1\B5\A8\FC\AC\DB\C3\F6\BC\C6\BE\DA\AB\CA\A5]" connection-state=related disabled=no add action=drop chain=forward comment="\A5\E1\B1\F3\ABD\AAk\BC\C6\BE\DA\AB\CA\A5]" connection-state=invalid disabled=no add action=drop chain=forward comment="\AD\AD\A8\EE\A8C\AD\D3\A5D\BE\F7TCP\B3s\B1\B5\BC\C6\AC\B0200\B1\F8" connection-limit=200,32 disabled=yes protocol=tcp add action=drop chain=forward comment="\AD\AD\A8\EE\A8C\AD\D3\A5D\BE\F7UDP\B3s\B1\B5\BC\C6\AC\B0300\B1\F8" connection-limit=300,32 disabled=yes protocol=tcp add action=drop chain=forward comment="\A5\E1\B1\F3\B1\BC\A9\D2\A6\B3\ABD\B3\E6\BC\BD\BC\C6\BE\DA" disabled=no src-address-type=!unicast add action=jump chain=forward comment="\B8\F5\C2\E0\A8\ECICMP\C3\EC\AA\ED" disabled=no jump-target=ICMP protocol=icmp add action=jump chain=forward comment="\B8\F5\C2\E0\A8\EC\AFf\ACr\C3\EC\AA\ED" disabled=no jump-target=virus add action=accept chain=forward comment="\B1\B5\A8\FC\A5\F4\A6\F3\BC\C6\BE\DA" disabled=no

由 **super** » 2012年 4月 27日, 00:23

# 設定主要區網(5) IP (ip address 0 = 192.168.88.1) 及 DHCP Server

代碼: 選擇全部: /ip address set 0 interface=ether5-local-slave /ip dhcp-server set default interface=ether5-local-slave

# set port name , Ethernet-1 --> WAN , Ethernet-5 --> LAN (master)

代碼: 選擇全部: /interface ethernet set 0 name=1-WAN master-port=none /interface ethernet set 1 name=2-WAN master-port=none /interface ethernet set 2 name=3-WAN master-port=none /interface ethernet set 3 name=4-WAN master-port=none /interface ethernet set 4 name=5-LAN master-port=none /interface print

# Remove default DHCP Client；set DNS

代碼: 選擇全部: /ip dhcp-client remove 0 /ip dns set servers=168.95.1.1,168.95.192.1

# 設定 ADSL 撥接

代碼: 選擇全部: /interface pppoe-client add name=PPPoE-1 interface=1-WAN user=83520008@ip.hinet.net password=Y037514 use-peer-dns=no add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no max-mru=1480 max-mtu=1480 mrru=disabled profile=default /interface pppoe-client add name=PPPoE-2 interface=2-WAN user=83520008@hinet.net password=Y037514 use-peer-dns=no add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no max-mru=1480 max-mtu=1480 mrru=disabled profile=default /interface pppoe-client add name=PPPoE-3 interface=3-WAN user=83520008@hinet.net password=Y037514 use-peer-dns=no add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no max-mru=1480 max-mtu=1480 mrru=disabled profile=default /interface pppoe-client add name=PPPoE-4 interface=4-WAN user=83520008@hinet.net password=Y037514 use-peer-dns=no add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no max-mru=1480 max-mtu=1480 mrru=disabled profile=default /interface print

#Load Balance

代碼: 選擇全部: /ip firewall mangle add chain=input in-interface=1-WAN action=mark-connection new-connection-mark=ADSL-1 connection-state=new comment="Load Balance" /ip firewall mangle add chain=input in-interface=2-WAN action=mark-connection new-connection-mark=ADSL-2 connection-state=new /ip firewall mangle add chain=input in-interface=3-WAN action=mark-connection new-connection-mark=ADSL-3 connection-state=new /ip firewall mangle add chain=input in-interface=4-WAN action=mark-connection new-connection-mark=ADSL-4 connection-state=new

代碼: 選擇全部: /ip firewall mangle add chain=output connection-mark=ADSL-1 action=mark-routing new-routing-mark=toADSL-1 /ip firewall mangle add chain=output connection-mark=ADSL-2 action=mark-routing new-routing-mark=toADSL-2 /ip firewall mangle add chain=output connection-mark=ADSL-3 action=mark-routing new-routing-mark=toADSL-3 /ip firewall mangle add chain=output connection-mark=ADSL-4 action=mark-routing new-routing-mark=toADSL-4

代碼: 選擇全部: /ip firewall mangle add chain=prerouting action=mark-connection dst-address-type=!local in-interface=5-LAN new-connection-mark=ADSL-1 per-connection-classifier=both-addresses-and-ports:4/0 /ip firewall mangle add chain=prerouting action=mark-connection dst-address-type=!local in-interface=5-LAN new-connection-mark=ADSL-2 per-connection-classifier=both-addresses-and-ports:4/1 /ip firewall mangle add chain=prerouting action=mark-connection dst-address-type=!local in-interface=5-LAN new-connection-mark=ADSL-3 per-connection-classifier=both-addresses-and-ports:4/2 /ip firewall mangle add chain=prerouting action=mark-connection dst-address-type=!local in-interface=5-LAN new-connection-mark=ADSL-4 per-connection-classifier=both-addresses-and-ports:4/3

代碼: 選擇全部: /ip firewall mangle add chain=prerouting action=mark-routing connection-mark=ADSL-1 in-interface=5-LAN new-routing-mark=toADSL-1 /ip firewall mangle add chain=prerouting action=mark-routing connection-mark=ADSL-2 in-interface=5-LAN new-routing-mark=toADSL-2 /ip firewall mangle add chain=prerouting action=mark-routing connection-mark=ADSL-3 in-interface=5-LAN new-routing-mark=toADSL-3 /ip firewall mangle add chain=prerouting action=mark-routing connection-mark=ADSL-4 in-interface=5-LAN new-routing-mark=toADSL-4

代碼: 選擇全部: /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-1 routing-mark=toADSL-1 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-2 routing-mark=toADSL-2 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-3 routing-mark=toADSL-3 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-3 routing-mark=toADSL-4 check-gateway=ping

代碼: 選擇全部: /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-1 distance=1 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-2 distance=1 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-3 distance=1 check-gateway=ping /ip route add dst-address=0.0.0.0/0 gateway=PPPoE-4 distance=1 check-gateway=ping

代碼: 選擇全部: /ip firewall nat add chain=srcnat out-interface=PPPoE-1 action=masquerade /ip firewall nat add chain=srcnat out-interface=PPPoE-2 action=masquerade /ip firewall nat add chain=srcnat out-interface=PPPoE-3 action=masquerade /ip firewall nat add chain=srcnat out-interface=PPPoE-4 action=masquerade

# 時區及時間伺服器 (clock.stdtime.gov.tw)(tock.stdtime.gov.tw) watch.stdtime.gov.tw

代碼: 選擇全部: /system clock set time-zone-name=Asia/Taipei /system ntp client set enabled=yes primary-ntp=118.163.81.63 secondary-ntp=118.163.81.63 /system reboot

由 **super** » 2012年 5月 27日, 06:32

http://lbear.pixnet.net/blog/post/32250424

代碼: 選擇全部: #Script在RouterOS 5.0rc11中測試過 #Date:2010/04/11 #Script Name:DynDNSUpdate #Script Describe：更新IP到DynDNS上面去 #定義使用者相關的變數，請於下面自行輸入 :local ddnsuser "你的DynDNS帳號" :local ddnspass "你的DynDNS密碼" :local ddnshost "dynalias.net" :local ddnsinterface "要更新的介面名稱(例如:pppoe-out1)" #定義IP變數 :global ddnsipADSL1 :global ddnslastipADSL1 :if ([ :typeof $ddnslastipADSL1 ] = nil ) do={ $ddnslastipADSL1 "0" } #取得介面的IP位置 :set ddnsipADSL1 [ /ip address get [/ip address find interface=$ddnsinterface ] address ] #去掉IP的網段 :set ddnsipADSL1 [:pick $ddnsipADSL1 0 [:find $ddnsipADSL1 "/"]] #判斷是否需要進行更新 :if ([ :typeof $ddnsipADSL1 ] = nil ) do={ :log info ("DynDNS: " . $ddnsinterface . "介面上沒有IP，請確認") } else={ :if ($ddnsipADSL1 != $ddnslastipADSL1) do={ :log info ("DynDNS:" . $ddnsinterface . "更新IP" . $ddnsipADSL1) :local str "/nic/update?hostname=$ddnshost&myip=$ddnsipADSL1&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG" /tool fetch address=members.dyndns.org src-path=$str mode=http user=$ddnsuser password=$ddnspass dst-path=("/DynDNS.".$ddnshost) :delay 1 :local str [/file find name="DynDNS.$ddnshost"]; /file remove $str #更新後把IP設為最新的IP :global ddnslastipADSL1 $ddnsipADSL1 } }

由 **super** » 2012年 5月 27日, 14:09

代碼: 選擇全部: / ip firewall filter add chain=forward content=www.qvod.com action=reject comment="No QVOD" add chain=forward content=qvod.com action=reject add chain=forward protocol=tcp dst-port=40645 action=drop add chain=forward protocol=udp dst-port=40645 action=drop add chain=forward protocol=tcp dst-port=7353 action=drop add chain=forward protocol=udp dst-port=7353 action=drop add chain=forward protocol=tcp dst-port=1381-1475 action=drop add chain=forward protocol=udp dst-port=1381-1475 action=drop add chain=forward src-address=61.139.219.204 action=drop disabled=no add chain=forward dst-address=61.139.219.204 action=drop disabled=no add chain=forward src-address=114.80.100.85 action=drop disabled=no add chain=forward dst-address=114.80.100.85 action=drop disabled=no add chain=forward src-address=76.73.4.101 action=drop disabled=no add chain=forward dst-address=76.73.4.101 action=drop disabled=no add chain=forward src-address=222.80.240.180 action=drop disabled=no add chain=forward dst-address=222.80.240.180 action=drop disabled=no add chain=forward src-address=222.80.155.82 action=drop disabled=no add chain=forward dst-address=222.80.155.82 action=drop disabled=no

由 **super** » 2012年 5月 27日, 14:21

代碼: 選擇全部: /ip firewall filter add action=drop chain=forward comment="CCDAD1B6CAD3C6B5B9E3B8E6B9E6D4F2CECACCE2B7B4C0A1QQA3BA59473472" content="Host: adslvfile.qq.com" disabled=no dst-port=80 protocol=tcp add action=drop chain=forward comment="D1B8C0D7BFB4BFB4B9E3B8E6" content=http://float.sandai.net/finalfiles/ disabled=no protocol=tcp src-port=80 add action=jump chain=forward comment="C6E6D2D5B9E3B8E6" content="Host: policy.cupid.qiyi.com" disabled=no dst-port=80 jump-target=qiyi protocol=tcp add action=drop chain=qiyi comment="" content="GET /adpolicy" disabled=no add action=jump chain=forward comment="PPSB9E3B8E6" content="Host: notice.ppstream.com" disabled=no dst-port=80 jump-target=pps protocol=tcp add action=drop chain=pps comment="" content=.swf disabled=no add action=drop chain=pps comment="" content=.flv disabled=no add action=drop chain=forward comment="PPTVB9E3B8E6" content="Host: iafp.pptv.com" disabled=no dst-port=80 protocol=tcp add action=jump chain=forward comment="CBD1BAFCB9E3B8E6" content="Host: images.sohu.com" disabled=no dst-port=80 jump-target=so protocol=tcp add action=jump chain=forward comment="" content="Host: mfiles.sohu.com" disabled=no dst-port=80 jump-target=sohu protocol=tcp add action=jump chain=so comment="" content=Main.swf disabled=no jump-target= sohu add action=drop chain=sohu comment="" content=.mp4 disabled=no add action=drop chain=sohu comment="" content=.swf disabled=no add action=jump chain=forward comment="CDC1B6B9B9E3B8E6" content="Host: v2.tudou.com" disabled=no dst-port=80 jump-target=tudou protocol=tcp add action=drop chain=tudou comment="" content=/tdcm/adcontrol disabled=no add action=jump chain=forward comment="56CDF8" content=cdn.56imgs.com:88 disabled=no dst-port=88 jump-target=56 protocol=tcp add action=drop chain=56 comment="" content=/flashApp/player_res/module/ad/ disabled=no add action=jump chain=forward comment="C0D6CAD3CDF8" content=letv.com disabled=no jump-target=le protocol=tcp src-port=80 add action=drop chain=le comment="" content=http:// disabled=no

由 **super** » 2012年 5月 28日, 23:32

範本 http://www.minitw.com/archives/180

代碼: 選擇全部: :log info "DDNS: Begin" :local ddnsuser "你的帳號" :local ddnspass "你的密碼" :local ddnshost "名稱(如為test.changeip.net的話，請填test)" :local ddnszone "網域(如為test.changeip.net的話，請填changeip.net)" :local ddnsinterface "你要更新上去IP所使用的介面名稱(pppoe-out)" #一定要先宣告，不然後面程式無法使用 :global ddnslastip :global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface] address ] #舊的IP有存在就用舊的，不存在就建0.0.0.0/0 :if ([:typeof [:global ddnslastip]] = nil ) do={ :global ddnslastip 0.0.0.0/0 } else={ :set ddnslastip $ddnslastip } :if ([:typeof [:global ddnsip]] = nil ) do={ :log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.") } else={ :if ($ddnsip != $ddnslastip) do={ :log info "DDNS: 開始更新DDNS!" :log info ([/tool dns-update key-name=$ddnsuser key=$ddnspass name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] zone=$ddnszone] . "更新IP：" . $ddnsip) :global ddnslastip $ddnsip } else={ :log info "DDNS: IP無變動" } } :log info "DDNS:

先到RouterOS裡新增一個Script，System->Script。
記得把Script的名字改為ddnsUpdate
然後再到Scheduler，System->Scheduler。新增1個排程
設定3分鍾更新一次
On Event: 內容
/system script run ddnsUpdate

代碼: 選擇全部: :log info "DDNS: Begin" :local ddnsuser "super286" :local ddnspass "xxxxxxxxxx" :local ddnshost "eversuper" :local ddnszone "changeip.net" :local ddnsinterface "PPPoE-Dyna" #一定要先宣告，不然後面程式無法使用 :global ddnslastip :global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface] address ] #舊的IP有存在就用舊的，不存在就建0.0.0.0/0 :if ([:typeof [:global ddnslastip]] = nil ) do={ :global ddnslastip 0.0.0.0/0 } else={ :set ddnslastip $ddnslastip } :if ([:typeof [:global ddnsip]] = nil ) do={ :log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.") } else={ :if ($ddnsip != $ddnslastip) do={ :log info "DDNS: 開始更新DDNS!" :log info ([/tool dns-update key-name=$ddnsuser key=$ddnspass name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] zone=$ddnszone] . "更新IP：" . $ddnsip) :global ddnslastip $ddnsip } else={ :log info "DDNS: IP無變動" } } :log info "DDNS: End"

IP:eversuper.changeip.net

由 **super** » 2012年 6月 2日, 01:00

124.199.96.0-124.199.111.255
61.57.32.0-61.57.63.255
61.60.32.0-61.60.127.255
211.79.128.0-211.79.159.255
163.29.0.0-163.29.255.255
223.200.0.0-223.200.255.255
117.56.0.0-117.56.255.255
61.67.64.0-61.67.95.255
211.79.160.0-211.79.191.255
210.241.0.0-210.241.63.255
124.199.64.0-124.199.95.255
61.56.0.0-61.56.15.255
61.60.0.0-61.60.31.255
210.241.64.0-210.241.127.255
210.69.0.0-210.69.255.255

代碼: 選擇全部: /ip firewall address-list add address=124.199.96.0-124.199.111.255 disabled=no list=GSN-NET add address=61.57.32.0-61.57.63.255 disabled=no list=GSN-NET add address=61.60.32.0-61.60.127.255 disabled=no list=GSN-NET add address=211.79.128.0-211.79.159.255 disabled=no list=GSN-NET add address=163.29.0.0-163.29.255.255 disabled=no list=GSN-NET add address=223.200.0.0-223.200.255.255 disabled=no list=GSN-NET add address=117.56.0.0-117.56.255.255 disabled=no list=GSN-NET add address=61.67.64.0-61.67.95.255 disabled=no list=GSN-NET add address=211.79.160.0-211.79.191.255 disabled=no list=GSN-NET add address=210.241.0.0-210.241.63.255 disabled=no list=GSN-NET add address=124.199.64.0-124.199.95.255 disabled=no list=GSN-NET add address=61.56.0.0-61.56.15.255 disabled=no list=GSN-NET add address=61.60.0.0-61.60.31.255 disabled=no list=GSN-NET add address=210.241.64.0-210.241.127.255 disabled=no list=GSN-NET add address=210.69.0.0-210.69.255.255 disabled=no list=GSN-NET add address=210.69.165.135 disabled=no list=GSN-NET add address=203.65.0.0-203.65.254.254 disabled=no list=GSN-NET

由 **super** » 2012年 6月 6日, 20:36

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=!LAN

add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
外部的IP(123.123.123.123) dst-port=80 protocol=tcp to-addresses=內部的IP(192.168.55.200) \
to-ports=80

代碼: 選擇全部: /ip firewall nat add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\ 114.33.87.219 dst-port=80 protocol=tcp to-addresses=192.168.1.4 \ to-ports=80

長偉資訊

RouterOS

RouterOS

RouterOS 限速 PCQ

RouterOS的防火牆

4-WAN + 1-LAN, PPPoE

DDNS

RouterOS 封快播(QVOD)

ROS軟路由屏蔽各大視頻網播放前的廣告[最新修正]

changeip.net https://www.changeip.com/MyAccount.asp

GSN IP

Re: RouterOS NAT loopback