Re: Não consigo fazer cache full no server mk 3.30
Citação:
Postado originalmente por
carneirinhobad
DSSS, peço desculpa pela minha ingnorancia, não to sabendo como fazer o procedimento que vc postou, pelo que entendi não coloco os prints e sim as regras ok??agora to na duvida de como exportar essas regras como vc falou, o terminal que vc fala e o new terminal?? não to sabendo fazer peço desculpas mais uma vez.
Carlos Henrique
esfriei um pouco a cabeça, fui e new terminal e dei o comando export e apareceu o que vc falou
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
0/0 max-limit=1000000/1000000 name=CacheFull parent=none priority=8 \
queue=default-small/default-small target-addresses=192.168.1.1/32 \
total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=p2p packet-mark=p2p parent=global-in \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=P2P-IN packet-mark=pacotes-p2p parent=\
global-in priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
200000 max-limit=200000 name=P2P-OUT packet-mark=pacotes-p2p parent=\
global-out priority=8 queue=default
/ip firewall mangle
add action=mark-packet chain=prerouting comment="" disabled=no \
new-packet-mark=p2p p2p=all-p2p passthrough=yes
add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
p2p p2p=all-p2p passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=conexao-p2p p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
conexao-p2p disabled=no new-packet-mark=pacotes-p2p passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
172.254.1.0/24
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.2
add action=accept chain=dstnat comment="conectividade social" disabled=no \
dst-address=200.201.174.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.173.0/24
add action=redirect chain=dstnat comment="Proxy Transparente" disabled=no \
dst-port=80 in-interface=Internet protocol=tcp src-address=172.254.1.0/24 \
to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp src-address=192.168.1.2 to-ports=8080
add action=accept chain=dstnat comment="Hotmail nao passa pelo cache" \
disabled=no dst-address=207.68.128.0/18
add action=accept chain=dstnat comment="" disabled=no dst-address=64.4.0.0/18
add action=accept chain=dstnat comment="" disabled=no dst-address=\
213.199.144.0/20
add action=accept chain=dstnat comment="" disabled=no dst-address=\
65.52.0.0/14
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.208.0.0/20
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.249.150.0/26
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.167.67.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.179.42.29
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.249.84.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.173.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.201.174.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.220.254.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.217.233.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.172.181.0/24
add action=accept chain=dstnat comment="" disabled=no dst-address=\
200.141.204.0/24
add action=dst-nat chain=dstnat comment="Redirecionamento Radmin" disabled=no \
dst-port=4899 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.1.2 to-ports=4899
add action=dst-nat chain=dstnat comment="Redirecionamento Vnc" disabled=no \
dst-port=5800-5900 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.1.2 to-ports=5800-5900
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.1.0/24
Re: Não consigo fazer cache full no server mk 3.30
DSSS, as regras IP Filter passam dos 1497 caracteres por isso não madei tudo, e preciso manda o resto??
henrique
/ip firewall filter
add action=drop chain=forward comment="Bloqueio Portas do Windows" disabled=\
no dst-port=135 protocol=tcp
add action=drop chain=output comment="" disabled=no dst-port=135 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=136 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=136 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=136 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=137 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=137 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=138 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=138 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=138 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=139 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=139 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=139 protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=input comment=\
"Bloquear portas de jogos online para melhor desempenho da Banda" \
disabled=no dst-port=44405 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=44405 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=44405 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
udp
add action=drop chain=input comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55970 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55971 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55960 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55961 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55962 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
tcp
add action=drop chain=input comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=forward comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=output comment="" disabled=no dst-port=55901 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=accept chain=input comment="conectividade social" disabled=no \
dst-address=200.201.174.0/24 dst-port=80 protocol=tcp src-address=\
192.168.0.0/24 src-port=1024-65535
add action=drop chain=input comment="" disabled=no p2p=all-p2p protocol=tcp
add action=drop chain=input comment="drop invalid packets" connection-state=\
invalid disabled=no
add action=accept chain=input comment="accept related packets" \
connection-state=related disabled=no
add action=accept chain=input comment="accept established packets" \
connection-state=established disabled=no
add action=drop chain=input comment="detect and drop port scan connections" \
disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=\
3,32 disabled=no protocol=tcp src-address-list=black_list
add action=drop chain=input comment="drop all that is not to local" disabled=\
no dst-address-type=!local
add action=drop chain=input comment="drom all that is not from unicast" \
disabled=no src-address-type=!unicast
add action=jump chain=input comment="jump to chain ICMP" disabled=no \
jump-target=ICMP protocol=icmp
add action=jump chain=input comment="jump to chain services" disabled=no \
jump-target=services
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" disabled=no \
protocol=icmp
dd action=drop chain=services comment="TESTE DE P2P BLOQUEIO" disabled=yes \
p2p=all-p2p protocol=tcp
add action=accept chain=services comment="accept localhost" disabled=no \
dst-address=127.0.0.1 src-address=127.0.0.1
add action=accept chain=services comment="allow ftp" disabled=no dst-port=\
20-21 protocol=tcp
add action=accept chain=services comment="allow sftp, ssh" disabled=no \
dst-port=22 protocol=tcp
add action=accept chain=services comment="allow telnet" disabled=no dst-port=\
23 protocol=tcp
add action=accept chain=services comment="allow DNS request" disabled=no \
dst-port=53 protocol=tcp
add action=accept chain=services comment="Allow DNS request" disabled=no \
dst-port=53 protocol=udp
add action=accept chain=services comment="allow http, webbox" disabled=no \
dst-port=80 protocol=tcp
add action=accept chain=services comment="Allow winbox" disabled=no dst-port=\
8291 protocol=tcp