Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    tutorial's Avatar
    Newbie
    Join Date
    Sep 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Lightbulb Nanya tentang filter Rules

    Nanya nih udah mumet.... pertanyaan cupu baru 2 hari pegang mikrotik Click here to enlarge

    yang di bold gan, walaupun udah di address-list kok tetep aja ya semua IP ke "drop" koneksinya... [semua ke blok koneksinya]

    apa ada yang salah ya? Click here to enlarge

    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Allow semua akses internet to client
    chain=forward action=accept dst-address-list=pelanggan in-interface=Speedy
    out-interface=Local

    1 ;;; Deny Client
    chain=forward action=drop dst-address-list=!pelanggan in-interface=Speedy


    2 ;;; Allow Remote winbox dari Publik
    chain=input action=accept protocol=tcp in-interface=Local dst-port=8291

    3 ;;; Allow NTP Traffic
    chain=input action=accept protocol=udp in-interface=Public src-port=123

    4 ;;; Allow DNS Traffic
    chain=input action=accept protocol=udp in-interface=Speedy src-port=53

    5 ;;; Allow Ping Traceroute Traffic
    chain=input action=drop protocol=icmp in-interface=Speedy

    6 ;;; Log Ip Yang Di Tolak
    chain=input action=add-src-to-address-list connection-state=new
    address-list=spam address-list-timeout=30m in-interface=Speedy

    7 ;;; Drop Semua Akses yang tidak di ijinkan
    chain=input action=drop dst-address-list=!joedotnet in-interface=Speedy
    ini interfaces addressnya biar jelas

    interface pr
    Flags: D - dynamic, X - disabled, R - running, S - slave
    # NAME TYPE MTU L2MTU
    0 R Public ether 1500 1526
    1 R Local ether 1500 1524
    2 ether3 ether 1500 1524
    3 ether4 ether 1500 1524
    4 R Proxy ether 1500 1524
    5 R Speedy pppoe-out 1480
    makasih sebelumnya. Click here to enlarge

  2. #2
    Status
    Offline
    Chronoss's Avatar
    Newbie
    Join Date
    Nov 2008
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    ijinkan saya yang tidak tahu dan awam ini untuk mencoba ya gan....

    coba in-interfacenya di balik gan... jadi yang Allow semua akses internet to client di bikin in-interface=local dan out-interfacenya-speedy....

    yang Deny Client coba interface in nya di ganti jadi in-interface=local...

    jadi nya gini gan...

    Code:
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Allow semua akses internet to client
    chain=forward action=accept dst-address-list=pelanggan in-interface=Local
    out-interface=Speedy
    
    1 ;;; Deny Client
    chain=forward action=drop dst-address-list=!pelanggan in-interface=Local
    
    2 ;;; Allow Remote winbox dari Publik
    chain=input action=accept protocol=tcp in-interface=Local dst-port=8291
    
    3 ;;; Allow NTP Traffic
    chain=input action=accept protocol=udp in-interface=Public src-port=123
    
    4 ;;; Allow DNS Traffic
    chain=input action=accept protocol=udp in-interface=Speedy src-port=53
    
    5 ;;; Allow Ping Traceroute Traffic
    chain=input action=drop protocol=icmp in-interface=Speedy
    
    6 ;;; Log Ip Yang Di Tolak
    chain=input action=add-src-to-address-list connection-state=new
    address-list=spam address-list-timeout=30m in-interface=Local
    
    7 ;;; Drop Semua Akses yang tidak di ijinkan
    chain=input action=drop dst-address-list=!joedotnet in-interface=Local
    apa yang terjadi gan....


    Tambahan :
    No. 2 : Kenapa in-interface ga di kosongin aja, jadi biar bisa di remote dari interface manapun
    No. 3 : juga sama kenapa ga di kosongin saja in-interfacenya, jadi biar trafic NTP-nya bisa di allow semua interface
    No. 4 : juga Sama




    maaf klo salah gan.... (masih tahab Baru belajar) sekali lagi mohon maaf ya....
    Last edited by Chronoss; 15-03-2011 at 03:13.

  3. The Following User Says Thank You to Chronoss For This Useful Post:


  4. #3
    Status
    Offline
    tutorial's Avatar
    Newbie
    Join Date
    Sep 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ^^ masih uey....

    setelah di selidiki keknya karena adanya proxy... Click here to enlarge

    kalo proxy di disable dulu jalan tuh script...

    tapi ane coba dulu. wejangannya Click here to enlarge

  5. #4
    Status
    Offline
    foolbaby's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sama2 newbie
    cb in interface ganti ke local lan
    gabti chain ke input

    CMIWW

  6. #5
    Status
    Offline
    tutorial's Avatar
    Newbie
    Join Date
    Sep 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by foolbaby Click here to enlarge
    sama2 newbie
    cb in interface ganti ke local lan
    gabti chain ke input

    CMIWW

    Udah tapi tetep.... masalahna ada proxy nih... Click here to enlarge

    kalo proxy dimatiin tu script berjalan dengan baiknya, tapi kalo proxy hidup sih ya bablas.... Click here to enlarge(

  7. #6
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yg jadi masalah traffic yg berasal dari in-interface=Speedy menuju proxy itu kenak block karena rule dst-address=!pelanggan

    saya yakin bahwa address-list=pelanggan tidak ada IP Proxy didalam nya

    rule anda hanya mengijinkan traffic forward dari in-interface=Speedy dengan tujuan pelanggan
    tetapi memblock traffic dari in-interface=Speedy menuju proxy external

    coba accept dulu traffic dari in-interface=Speedy menuju proxy external
    jika ingin ngeblock sebaiknya dari traffic inisialisasi atau connection-state=New dari Pelanggan sisanya di drop
    jangan dari in-interface=Speedy tetapi dari in-interface=LAN

    contoh :
    /ip fi fi
    add chain=forward in-interface=LAN src-address-list=pelanggan action=accept
    add chain=forward in-interface=LAN action=drop

    dengan rule diatas traffic yg di inisialisasi dari yang bukan pelanggan akan kenak drop
    dengan kata lain hanya meng-allow dari src-address-list=pelanggan
    dengan tidak melihat menggunakan proxy atau tidak
    Last edited by adiputrolds; 15-03-2011 at 17:54.

  8. #7
    Status
    Offline
    tutorial's Avatar
    Newbie
    Join Date
    Sep 2010
    Posts
    50
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ^^ baru bisa masuk sini lagi..


    di coba dulu wejangan yang di atas.. nanti report lagi,

    terimakasih kang Click here to enlarge

  9. #8
    Status
    Offline
    kodox's Avatar
    Member
    Join Date
    Jul 2010
    Location
    Karawang, Jabar
    Posts
    206
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Super Cupu Ikut Nimbrung....

    Click here to enlarge Originally Posted by tutorial Click here to enlarge
    Nanya nih udah mumet.... pertanyaan cupu baru 2 hari pegang mikrotik Click here to enlarge

    yang di bold gan, walaupun udah di address-list kok tetep aja ya semua IP ke "drop" koneksinya... [semua ke blok koneksinya]

    apa ada yang salah ya? Click here to enlarge



    ini interfaces addressnya biar jelas



    makasih sebelumnya. Click here to enlarge
    Saya malah gak ngarti2 di baca bolak-balik 3x, soalnya gak ada gambar topologinya. Maklum kebiasaan baca komik Click here to enlargeClick here to enlarge

  10. #9
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by tutorial Click here to enlarge
    ^^ baru bisa masuk sini lagi..


    di coba dulu wejangan yang di atas.. nanti report lagi,

    terimakasih kang Click here to enlarge
    monggo mas

  11. #10
    Status
    Offline
    sadinewbi's Avatar
    Baru Gabung
    Join Date
    Dec 2012
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mungkin hampir sama pertanyanya, kalau saya setelah nerapin firewall yang di bawah ini beberapa web ikut ke blok kayak facebook, yahoo. awalnya memang jalan script ini (dapet dari agan adhielesmana (), spam yang dari ip publik jadi ke blok dan trafik interfaces yang menuju internet jadi normal tapi ketika klien banyak yang ngakses beberapa web ikut ke blok dalam adress lis, jadi lambat ngaksesnya bahkan tidak bisa. mohon para master tulung di bantuin dah mumet nih masalah spam dari luar, banyak yang komplen dan di komlpen setiap hari......hadehClick here to enlarge

    maaf kalo ada yang salah....Click here to enlarge

    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Allow semua akses internet to client
    chain=forward action=accept dst-address=192.188.0.0/16
    in-interface=ether1-publik out-interface=ether3-lokal

    1 ;;; Allow Remote winbox dari Publik
    chain=input action=accept protocol=tcp in-interface=ether1-publik
    dst-port=8291

    2 ;;; Allow NTP Traffic
    chain=input action=accept protocol=udp in-interface=ether1-publik
    src-port=123

    3 ;;; Allow DNS Traffic
    chain=input action=accept protocol=udp in-interface=ether1-publik
    src-port=53

    4 ;;; Allow Ping Traceroute Traffic
    chain=input action=accept protocol=icmp in-interface=ether1-publik

    5 ;;; Log Ip Yang Di Tolak
    chain=input action=add-src-to-address-list connection-state=new
    address-list=spam address-list-timeout=30m in-interface=ether1-publik


    6 ;;; Drop Semua Akses yang tidak di ijinkan
    chain=input action=drop src-address-list=spam in-interface=ether1-publik

    7 ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough
    makasih sebelumnyaClick here to enlarge
    Last edited by sadinewbi; 17-01-2013 at 21:13.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Filter rules
    By anarcy99 in forum General Networking
    Replies: 1
    Last Post: 09-08-2010, 12:02
  2. [New Update] Filter Rules Virus
    By labosanet in forum Beginner Basics
    Replies: 6
    Last Post: 07-08-2010, 22:26
  3. Binggung Tentang Filter
    By most_wanted in forum Beginner Basics
    Replies: 3
    Last Post: 21-02-2009, 13:56
  4. Nanya dong KK semua..soal rule filter
    By kuraikun in forum General Networking
    Replies: 5
    Last Post: 12-12-2008, 16:04
  5. script utk memindahkan posisi filter rules
    By mikrotikers in forum Scripting @ Mikrotik
    Replies: 5
    Last Post: 28-02-2008, 14:38

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •