Mikrotik | Forum Mikrotik Indonesia   Mikrotik Manual Mikrotik iSPY Mikrotik RSS Feed
This Logo is a Courtesy from RumahDowty

Go Back   Mikrotik | Forum Mikrotik Indonesia > Diskusi Mikrotik RouterOS > Scripting @ Mikrotik
Reload this Page Cara blok ip gmn sih?
iSpy My iTrade Register FAQ Members List Calendar Mark Forums Read

Diskusi Cara blok ip gmn sih? pada Scripting @ Mikrotik | Mikrotik | Forum Mikrotik Indonesia : Originally Posted by chiepot kl pake DHCP gimana cara blok nya??? Thanks... pake mac-addressnya ...




 
Reply
Page 2 of 4 < 1 2 34 >
 
LinkBack Thread Tools
  #16 (permalink)  
Old 23-08-2007, 14:40
[a]'s Avatar
[a] [a] is online now
Administrator
  
Join Date: Jun 2007
Location: Jakarta
Posts: 1,477
iTrader: (1)
Thanks: 190
Thanked 339 Times in 139 Posts
[a] has disabled reputation
Send a message via Yahoo to [a]
Quote:
Originally Posted by chiepot View Post
kl pake DHCP gimana cara blok nya???
Thanks...
pake mac-addressnya bro...

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote

  #17 (permalink)  
Old 23-08-2007, 19:42
nux's Avatar
nux nux is offline
Member
  
Join Date: Jul 2007
Posts: 238
iTrader: (0)
Thanks: 4
Thanked 44 Times in 30 Posts
nux will become famous soon enoughnux will become famous soon enough
Quote:
Originally Posted by [a] View Post
pake mac-addressnya bro...
pake arp bro?, kalo dhcp kan setiap konek ip addressnya selalu berubah, gimana ngeset pc tersebut selalu dapet ip address yg sama?
ato ip addressnya yg digunakan pake mac address?, berarti harus masukin satu2 semua mac address yg ada?
mohon pencerahan..

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 24-08-2007, 15:39
ace's Avatar
ace ace is offline
Newbie
  
Join Date: Aug 2007
Posts: 41
iTrader: (0)
Thanks: 6
Thanked 3 Times in 3 Posts
ace is on a distinguished road
coba kalo gini bro..

di daftarkan dulu IP mana aja yg boleh di pake

contoh:
/ ip firewall address-list
add list="allow list" address=192.168.10.20 comment="" disabled=no
add list="allow list" address=192.168.10.30 comment="" disabled=no


trus di blok dari filter rulenya
kecuali "allow list" actionnya di drop
/ ip firewall filter
add chain=forward in-interface=LAN protocol=tcp dst-address-list="!allow list" \
action=drop comment="blok IP" disabled=no
add chain=input in-interface=LAN protocol=tcp dst-address-list="!allow list" \
action=drop comment="" disabled=no

gw udah coba sih bisa...
muda2an si bro bisa juga
kalo engga bisa mohon maaf, soale masi nubi

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 24-08-2007, 18:09
[a]'s Avatar
[a] [a] is online now
Administrator
  
Join Date: Jun 2007
Location: Jakarta
Posts: 1,477
iTrader: (1)
Thanks: 190
Thanked 339 Times in 139 Posts
[a] has disabled reputation
Send a message via Yahoo to [a]
Quote:
Originally Posted by nux View Post
pake arp bro?, kalo dhcp kan setiap konek ip addressnya selalu berubah, gimana ngeset pc tersebut selalu dapet ip address yg sama?
ato ip addressnya yg digunakan pake mac address?, berarti harus masukin satu2 semua mac address yg ada?
mohon pencerahan..
ada beberapa langkah bro menurut gua...

- ARP di set=reply-only, jadi klo ada client gonta ganti IP secara manual ga akan bisa...

- Bikin entry ARP static yang berisikan Mac Addr PC A, dengan IP yang diassign untuk PC A, jadi klo PC A ganti IP, ga akan bisa connect (ping aja ga bisa)

- di DHCP Server, set :

1. Address Pool, gunakan Static Only
2. di Leases, bikin rule yang akan memberi IP Static ke PC A, masukkan juga Mac Address PC A disitu. Secara otomatis, rule tersebut akan menjadi Static.

Coba kaya gitu dulu deh yahh....

Klo ada yg salah2 mohon dimaafkan, namanya juga masih belajar...

Mudah2an berhasil.....

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 30-08-2007, 12:31
unique_leader's Avatar
unique_leader unique_leader is online now
Member Senior
  
Join Date: Jul 2007
Posts: 318
iTrader: (0)
Thanks: 19
Thanked 28 Times in 17 Posts
unique_leader is on a distinguished roadunique_leader is on a distinguished road
Quote:
Originally Posted by locantop View Post
coba gini
ip firewall filter>add chain=forward src-address=192.168.x.x action=accept

(sampai ip yang mau u kasih akses )
trus di bawah nya

ip firewall filter add chain=forward action=drop

nah jadi selain ip yang u masukin ga bakalan bisa konek ke mikrotik/internet
aku ngikutin cara di atas untuk blok IP tp saat aku masukin

ip firewall filter add chain=forward action=drop
malah user/client ga jalan napa ya

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #21 (permalink)  
Old 01-09-2007, 15:26
servas's Avatar
servas servas is offline
Newbie
  
Join Date: Aug 2007
Posts: 25
iTrader: (0)
Thanks: 0
Thanked 4 Times in 3 Posts
servas is on a distinguished road
ask
Guys di log ku ada tulisan gini :

sep/01/2007 16:24:01 system,error,critical login failure for user user3 from 83.16.108.102 via ssh
sep/01/2007 16:24:10 system,error,critical login failure for user ventas from 83.16.108.102 via ssh
sep/01/2007 16:24:19 system,error,critical login failure for user james from 83.16.108.102 via ssh
sep/01/2007 16:24:28 system,error,critical login failure for user greg from 83.16.108.102 via ssh
sep/01/2007 16:24:37 system,error,critical login failure for user areyes from 83.16.108.102 via ssh
sep/01/2007 16:24:46 system,error,critical login failure for user geoff from 83.16.108.102 via ssh
sep/01/2007 16:24:55 system,error,critical login failure for user online from 83.16.108.102 via ssh
sep/01/2007 16:25:04 system,error,critical login failure for user mark from 83.16.108.102 via ssh

ada someone yang cobain mtku dr luar. untuk ngeblok ipnya gimana ya ? ngeblock biar pingpun ngga bisa.

mohon pencerahan,

Rgds,

Servas

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #22 (permalink)  
Old 02-09-2007, 01:10
[a]'s Avatar
[a] [a] is online now
Administrator
  
Join Date: Jun 2007
Location: Jakarta
Posts: 1,477
iTrader: (1)
Thanks: 190
Thanked 339 Times in 139 Posts
[a] has disabled reputation
Send a message via Yahoo to [a]
untuk ngeblok ssh dan akses winbox dari luar bisa diliat dithread2 sebelumnya bro...

untuk blok ping, bikin rule di firewall, dengan settingan

chain : input
protocol : icmp
in-interface : [wan] (interface yg terhubung ke internet)
action : drop

begitu yahh...semoga bisa sedikit membantu

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #23 (permalink)  
Old 06-09-2007, 21:40
robin robin is offline
Baru Gabung
  
Join Date: Sep 2007
Posts: 2
iTrader: (0)
Thanks: 0
Thanked 0 Times in 0 Posts
robin is on a distinguished road
ini juga script bikinan temen saya

supaya ip lokal tidak bisa internet

BLOCKING IP

Setting dengan WinBox

New Terminal >

SCRIPT 1
# Start of Script1
/ip firewall filter add chain=forward src-address=192.168.1.0/24 action=jump jump-target=BlockingIP comment="BlockingIP 192.168.1.x"
# End of Script1

SCRIPT 2
# Start of Script2
:for e from 1 to 254 do={
/ip firewall filter add chain=BlockingIP src-address=(192.168.1 . . $e) action=reject \ comment=($e)
}
/ip firewall filter add chain=BlockingIP action=return comment="Return the packet"
# End of Script2

1. a. Menu ip > firewall > filter rules
b. liat bagian chain Forward
c. Cari rule dengan comment "BlockingIP 192.168.1.x"
d. Drag Drop Rule itu ke paling atas
2. a. Menu ip > firewall > filter rules
b. liat bagian chain BlockingIP
c. ada comment 1-254
d. tinggal disable atau enable aja...
- disable berarti gak di block
- enable berarti di block
e. Rule yang paling bawah.. dengan Comment "Return the packet"
HARUS SELALU ENABLE

Last edited by robin : 12-09-2007 at 09:48. Reason: ada yang kelupaan :P
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #24 (permalink)  
Old 07-09-2007, 04:00
[a]'s Avatar
[a] [a] is online now
Administrator
  
Join Date: Jun 2007
Location: Jakarta
Posts: 1,477
iTrader: (1)
Thanks: 190
Thanked 339 Times in 139 Posts
[a] has disabled reputation
Send a message via Yahoo to [a]
Quote:
Originally Posted by robin View Post
ini juga script bikinan temen saya

BLOCKING IP

Setting dengan WinBox

New Terminal >
/ip firewall filter add chain=forward src-address=192.168.1.0/24
action=jump jump-target=BlockingIP comment="BlockingIP 192.168.1.x"

1. a. Menu ip > firewall > filter rules
b. liat bagian chain Forward
c. Cari rule dengan comment "BlockingIP 192.168.1.x"
d. Drag Drop Rule itu ke paling atas
2. a. Menu ip > firewall > filter rules
b. liat bagian chain BlockingIP
c. ada comment 1-254
d. tinggal disable atau enable aja...
- disable berarti gak di block
- enable berarti di block
e. Rule yang paling bawah.. dengan Comment "Return the packet"
HARUS SELALU ENABLE
klo rule diatas ini kegunaannya adalah untuk nge-blok ip dari network kita sendiri...

dan rule2 diatas dah dibikinin duluan sama temennya si bro robin...jadi tinggal pake doang....hayuh bro robin...kita belajar config sendiri sama-sama...

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #25 (permalink)  
Old 07-09-2007, 17:53
okto_2005's Avatar
okto_2005 okto_2005 is offline
Member Super Senior
  
Join Date: Jul 2007
Posts: 638
iTrader: (0)
Thanks: 10
Thanked 250 Times in 104 Posts
okto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to beholdokto_2005 is a splendid one to behold
Send a message via Yahoo to okto_2005 Send a message via Skype™ to okto_2005
blok ssh keknya udah pernah dibahas deh coba cari lagi.....

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #26 (permalink)  
Old 07-09-2007, 21:31
c0nf's Avatar
c0nf c0nf is offline
Member Senior
  
Join Date: Jul 2007
Location: Bdg, Id.
Posts: 441
iTrader: (0)
Thanks: 23
Thanked 30 Times in 28 Posts
c0nf will become famous soon enoughc0nf will become famous soon enough
Send a message via ICQ to c0nf Send a message via MSN to c0nf Send a message via Yahoo to c0nf
udah ada koq di thread yang mana gitu (saking banyaknya thread jadinya bingung sendiri nyarinya)...

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #27 (permalink)  
Old 19-11-2007, 21:50
oxs_juragan oxs_juragan is offline
Baru Gabung
  
Join Date: Nov 2007
Posts: 8
iTrader: (0)
Thanks: 0
Thanked 0 Times in 0 Posts
oxs_juragan is on a distinguished road
to admin, tolong dong fasilitas upload gambarnya di aktifin biar enak nich...tnks

Untuk block ip sudah agak ngerti siich, tapi kalo mau di gabung dgn mac addres masih agak bingung, tolong pencerahanya.!!!
untuk gambar.a router board hanya berfungsi sebagai radio, karena takut kl di fungsikan sebagai router penuh bisa hank ( betul gk yach ??? ) makanya di beri pc router lagi.

ni link gambarnya

di situ ada gambar.a dan gambar.b, tolong koreksinya yg benar gambar.a atau gambar.b atau mungkin ada masukkan dari temen2.

yg saya inginkan seperti ini.

ada 3 sektoral, di mana sektoral 1,2,3
untuk koneksi klient A = 192.168.0.1 -192.168.0.20
dgn pengecekan ip dan mac addresnya harus sesuai.
misal : ip 192.168.0.1 dgn mac af:23:hg:89 kalo ip di ganti gk bisa konek.
yg lain di blok, aksesnya ke wifi/ ip 202.168.100.1

untuk koneksi klient B = 192.168.10.1-192.168.10.20
dgn pengecekan ip dan mac addresnya harus sesuai.
akses tujuan ke ADSL/SPEDY ip 10.40.81.1

klient A di beri bandwith 64 kbps utk di pake 20klient, kalo misal klient yg
aktif hanya 2klient maka bandwith 64 kbps otomatis bisa di nikmati dua klient
sehingga akses menjadi cepat.


mungkin segitu dulu....mohon bantuan temen2 semua.tnks
mohon maaf kalo terlalu panjang.
oxs_juragan@yahoo.com

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #28 (permalink)  
Old 19-11-2007, 22:51
d3v4's Avatar
d3v4 d3v4 is offline
VIP Member
  
Join Date: Jul 2007
Posts: 930
iTrader: (0)
Thanks: 38
Thanked 199 Times in 111 Posts
d3v4 is a glorious beacon of lightd3v4 is a glorious beacon of lightd3v4 is a glorious beacon of lightd3v4 is a glorious beacon of lightd3v4 is a glorious beacon of lightd3v4 is a glorious beacon of lightd3v4 is a glorious beacon of light
super ribet ngejlimet

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #29 (permalink)  
Old 20-11-2007, 09:24
oxs_juragan oxs_juragan is offline
Baru Gabung
  
Join Date: Nov 2007
Posts: 8
iTrader: (0)
Thanks: 0
Thanked 0 Times in 0 Posts
oxs_juragan is on a distinguished road
kasih solusinya dung...biar simple tapi tetep dapet intinya...

maklum masih newbie, baru kemaren belajar nicch


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #30 (permalink)  
Old 20-11-2007, 09:27
oxs_juragan oxs_juragan is offline
Baru Gabung
  
Join Date: Nov 2007
Posts: 8
iTrader: (0)
Thanks: 0
Thanked 0 Times in 0 Posts
oxs_juragan is on a distinguished road
@d3v4
ajarin duung bos, bagi ym nya yach biar bisa mojok berdua....bagi2 ilmu buat indonesia biar makin maju IT nya.

maklum d kampung gk da teman berkeluh kesah nich.
p lease help me my brother

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote