Archive for May, 2008

28
May
08

Script and Scheduling in Mikrotik OS

By vade Comment
Categories: Mikrotik

Misalnya IP Address pelanggan yang telah kita set dan kita berikan src-nat IP publik
(diasumsikan tidak melewati proxy) di Mikrotik adalah : 172.168.1.0/30

1. Login ke Mikrotik OS Anda, lalu ketik :

system script

2. Ketik script untuk mematikan koneksi pelanggan ke arah publik:

add name=”pelanggan-off” \
policy=ftp,read,write,policy,winbox,password \
source={/ip firewall nat set [/ip firewall nat find \
src-address=172.168.1.0/30] disabled=yes}

3. Sedangkan script untuk menghidupkan koneksi pelanggan ke arah publik:

add name=”pelanggan-on” \
policy=ftp,read,write,policy,winbox,password \
source={/ip firewall nat set [/ip firewall nat find \
src-address=172.168.1.0/30] disabled=no}

4. Lalu, langkah terakhir adalah menentukan jam kapan pelanggan harus terkoneksi
ke publik (internet) atau mematikan IP publik pelanggan yang telah kita masukan
kedalam script tadi. Misalnya kita tentukan jam hidup koneksi pada pukul
09.00-14.30, sedangkan waktu matinya koneksi pada pukul 14.31 – 08.59. Cukup
kita panggil nama scriptnya didalam schedule :

/system scheduler

add name=hidup09-1430 start-time=09:00:00 \
interval=1d on-event=pelanggan-on

add name=mati1431-0859 start-time=14:31:00 \
interval=1d on-event=pelanggan-off

taken from :
http://mujie.blog.palangkaraya.net/2007/12/24/script-dan-schedule-di-mikrotik-os/#comment-26

27
May
08

Pandangan merendah

By vade Leave a Comment
Categories: Poetries
Apakah engkau terlalu mengadah,
mendongak tinggi dan berharap,
sebuah bintang merah akan datang dan teruntai,
sambil menebar cahaya sejuta cinta ketulusan,
kepada sang lelaki biasa.
Sadarlah, engkau masih menginjak tanah kesederhanaan,
rumput ketundukkan.
Bila saja pandangan tak melulu ke langit,
raut wajah tersenyum dan jemari terketir menyentuh tanah,
tentu engkau akan bahagia.
22
May
08

Protect your mikrotik from brute forces and ilegal telnet & FTP !

By vade Comments
Categories: Mikrotik
nih caranya….

ssh blocker

/ ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
comment=”drop ssh brute forcers” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=”" \
disabled=no

ftp blocker

/ ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
comment=”drop ftp brute forcers” disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment=”" \
disabled=no

telnet blocker

/ ip firewall filter
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
comment=”drop telnet brute forcers” disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
comment=”" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment=”" \
disabled=no

sumber : http://www.forummikrotik.com/beginner-basics/553-ask-blok-ip-yg-coba-masuk-pake-ssh-n-telnet.html

« Previous Entries

 

May 2008
M T W T F S S
« Nov   Jun »
 1234
567891011
12131415161718
19202122232425
262728293031  

Quote

"I am a traveler seeking the truth, a human searching for the meaning of humanity and a citizen seeking dignity, freedom, stability and welfare under the shade of Islam. I am a free man who is aware of the purpose of his existence and who proclaims: “Truly, my prayer and my sacrifice, my living and my dying are all for Allah, the Lord of the worlds; no partner has He. This, am I commanded and I am of those who submit to His Will.” This is who I am. Who are you?" (Hassan al-Banna)

Online

tracker

Your IP Address

Kalender Hijriyah

Blog Stats

  • 20,463 hits

Qur’an Flash

Powered by