Sunday, August 5, 2018

Cara konfigurasi filter konten dengan dns trust AUTO SWITCH

August 05, 2018 Leave a Reply 
#AUTO SWITCH DNS-TRUST / DNS-SEHAT / DNS-OPEN
#COPY DAN PASTE KE TERMINAL WINBOX

/ip fi add rem [find list=ip-maksiat]
/ip fi add rem [find list=private-lokal]
/ip fi na rem [find comment~"dns"]
/ip fi na rem [find comment="blokir-ip-maksiat"]
/ip fi fi rem [find dst-port="53,5353"]
/sys sch rem auto-switch-dns
/tool net rem [find comment~"dns"]

/ip firewall address-list
add list=private-lokal address=0.0.0.0/8
add list=private-lokal address=10.0.0.0/8
add list=private-lokal address=100.64.0.0/10
add list=private-lokal address=127.0.0.0/8
add list=private-lokal address=169.254.0.0/16
add list=private-lokal address=172.16.0.0/12
add list=private-lokal address=192.0.0.0/24
add list=private-lokal address=192.0.2.0/24
add list=private-lokal address=192.168.0.0/16
add list=private-lokal address=198.18.0.0/15
add list=private-lokal address=198.51.100.0/24
add list=private-lokal address=203.0.113.0/24
add list=private-lokal address=224.0.0.0/3

/ip firewall filter
add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
 
/ip dns
set allow-remote-requests=yes servers=103.80.80.243,103.80.80.244

/ip firewall nat
add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353

#host=8.8.8.8 bisa diganti dengan ip AP atau ip modem yang bisa di ping
/tool netwatch
add host=8.8.8.8 interval=1s up-script=\
    "{\r\
    \nlocal toport [/ip firewall nat get 2 to-ports]\r\
    \nif (\$toport=\"64872\") do={\r\
    \n/ip firewall nat set 2,3 hotspot=!auth\r\
    \n}\r\
    \n}"

/tool netwatch
add comment=dns-sehat1 down-script="/ip firewall nat disable [find comment=\"dns-sehat1\" disabled=no]" host=103.80.80.248 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-sehat1\" disabled=yes]"

add comment=dns-sehat2 down-script="/ip firewall nat disable [find comment=\"dns-sehat2\"  disabled=no]" host=103.80.80.249 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-sehat2\" disabled=yes]"

add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust1\" disabled=no]" host=103.80.80.243 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-trust1\" disabled=yes]"

add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust2\" disabled=no]" host=103.80.80.244 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-trust2\" disabled=yes]"

add comment=dns-open1 down-script="/ip firewall nat disable [find comment=\"dns-open1\" disabled=no]" host=208.67.220.220 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-open1\" disabled=yes]"

add comment=dns-open2 down-script="/ip firewall nat disable [find comment=\"dns-open2\" disabled=no]" host=208.67.222.222 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-open2\" disabled=yes]"


{
/tool fetch url="https://raw.githubusercontent.com/cespun/ip-maksiat/master/.gitignore/list%3Dip-maksiat" mode=http
/import file=list%3Dip-maksiat
/file remove list%3Dip-maksiat
}
Share This

0 komentar:

Terimakasi telah mengunjungi blog ini , semoga informasi yang terdapat dalam blog ini bermafaat bagi anda jika informasi yang kalian baca di blog ini bermanfaat silahkan di Share dan beri komentar :)
Perhatian !!!

Berkomentarlah yang baik dan sopan !
jika mengirim link aktif komentar anda akan di anggap spam !
berkomentarlah sesuai topik !