Proxy Server

yum -y install squid

Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
base

100% |=========================| 1.1 kB 00:00

updates

100% |=========================| 951 B 00:00

addons

100% |=========================| 951 B 00:00

extras

100% |=========================| 1.1 kB 00:00

Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for squid to pack into transaction set.
squid-2.6.STABLE6-4.el5.i 100% |========================| 139 kB 00:00
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check

Dependencies Resolved

===========================================================
Package

Arch

Version

Repository

Size

===========================================================
Installing:
  squid

i386

7:2.6.STABLE6-4.el5

   updates

1.2 M

Transaction Summary
===========================================================
Install

1 Package(s)

Update

0 Package(s)

Remove

0 Package(s)

Total download size: 1.2 M
Downloading Packages:
(1/1): squid-2.6.STABLE6-

100% |====================| 1.2 M 00:00

Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing:   squid

#################################### [1/1]

Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!
[root@lan ~]#

vi /etc/squid/squid.conf

http_port

8080

// line 73: change

acl CONNECT method CONNECT

acl lan src 192.168.0.0/255.255.255.0

// line 2410: add (permit only LAN)

http_access allow localhost

http_access allow lan

// line 2527: add (permit only LAN)

http_access deny all

visible_hostname lan.server-linux.info

// line 2841: add (specify hostname)

# forwarded_for on

forwarded_for off

// line 3117: add (hide IP address)

header_access Referer deny all

// line 3437: add

header_access X-Forwarded-For deny all
header_access Via deny all
header_access Cache-Control deny all

[root@lan ~]#

/etc/rc.d/init.d/squid start

init_cache_dir /var/spool/squid... Starting squid:

[  OK  ]

[root@lan ~]#

chkconfig squid on

Start Web browser. Following example is on Microsoft IE 6. Select [Tools] - [Internet Options] and move to [Connections] tab like below

Check 'use a proxy' and input server's hostname and port number set in the section [1] like following example. Then, you can access to internet through proxy.

Transfer with FFFTP

[2] [Profile name] ⇒ any name you like [Host name/address] ⇒ server's name or IP address [Username] ⇒ user's name [Initial local folder] ⇒ any place you like [Initial local folder] ⇒ user's home directory ( it's OK to keep blank )

[3]	Click 'Connect' button.

[4]	Done to connect and login.

Install vsftpd

[root@www ~]# yum -y install vsftpd Loading "installonlyn" plugin Loading "fastestmirror" plugin Setting up Install Process Setting up repositories base 100% |=========================| 1.1 kB 00:00 updates 100% |=========================| 951 B 00:00 addons 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Loading mirror speeds from cached hostfile Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for vsftpd to pack into transaction set. vsftpd-2.0.5-10.el5.i386. 100% |========================| 16 kB 00:00 ---> Package vsftpd.i386 0:2.0.5-10.el5 set to be updated --> Running transaction check Dependencies Resolved =========================================================== Package Arch Version Repository Size =========================================================== Installing:   vsftpd i386 2.0.5-10.el5 base 137 k Transaction Summary =========================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 137 k Downloading Packages: (1/1): vsftpd-2.0.5-10.el 100% |====================| 137 k 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction   Installing:   vsftpd #################################### [1/1] Installed: vsftpd.i386 0:2.0.5-10.el5 Complete! [root@www ~]# vi /etc/vsftpd/vsftpd.conf anonymous_enable= NO // line 12: no anonymous ascii_upload_enable=YES // line 79: make valid ascii_download_enable=YES   (permit ascii mode transfer) chroot_list_enable=YES // line 94: make valid     (enable chroot list) chroot_list_file=/etc/vsftpd/chroot_list   // line 96: make valid         (chroot list file) ls_recurse_enable=YES // line 102: make valid chroot_local_user=YES // bottom: enable chroot local_root=public_html // root directory use_localtime=YES // use local time [root@www ~]# vi /etc/vsftpd/chroot_list fedora // write users you permit [root@www ~]# /etc/rc.d/init.d/vsftpd start Starting vsftpd for vsftpd: [  OK  ] [root@www ~]# chkconfig vsftpd on

[2]

Add CNAME in DNS for FTP server.

[root@ns ~]# vi /var/named/server-linux.info.lan $TTL 86400 @ IN SOA ns.server-linux.info. root.server-linux.info. ( 200704150 4 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS ns.server-linux.info. IN A 192.168.0.17 IN MX 10 ns.server-linux.info. ns IN A 192.168.0.17 www IN A 192.168.0.18 mail IN A 192.168.0.19 nfs IN CNAME ns.server-linux.info. ftp IN CNAME www.server-linux.info. [root@ns ~]# rndc reload server reload successful

Install Apache

[root@www ~]#

yum -y install httpd php php-mbstring php-pear mod_ssl

Loading "installonlyn" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
base

100% |=========================| 1.1 kB 00:00

updates

100% |=========================|

951 B 00:00

addons

100% |=========================|

951 B 00:00

extras

100% |=========================| 1.1 kB 00:00

Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for php to pack into transaction set.
php-5.1.6-7.el5.i386.rpm

100% |====================| 17 kB 00:00

---> Package php.i386 0:5.1.6-7.el5 set to be updated
---> Downloading header for httpd to pack into transaction set.
httpd-2.2.3-6.el5.centos.

100% |====================| 54 kB 00:00

---> Package httpd.i386 0:2.2.3-6.el5.centos.1 set to be updated
---> Downloading header for php-mbstring to pack into transaction set.
php-mbstring-5.1.6-7.el5.

100% |====================| 16 kB 00:00

---> Package php-mbstring.i386 0:5.1.6-7.el5 set to be updated
---> Downloading header for mod_ssl to pack into transaction set.
mod_ssl-2.2.3-6.el5.cento

100% |====================| 11 kB 00:00

---> Package mod_ssl.i386 1:2.2.3-6.el5.centos.1 set to be updated
---> Downloading header for php-pear to pack into transaction set.
php-pear-1.4.9-4.noarch.r

100% |====================| 20 kB 00:00

---> Package php-pear.noarch 1:1.4.9-4 set to be updated
--> Running transaction check
--> Processing Dependency: php-cli = 5.1.6-7.el5 for package: php
--> Processing Dependency: libnal.so.1 for package: mod_ssl
--> Processing Dependency: libdistcache.so.1 for package: mod_ssl
--> Processing Dependency: php-cli for package: php-pear
--> Processing Dependency: php-common = 5.1.6-7.el5 for package: php
--> Processing Dependency: php-common = 5.1.6-7.el5 for package: php-mbstring
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for distcache to pack into transaction set.
distcache-1.4.5-14.1.i386

100% |====================| 8.8 kB 00:00

---> Package distcache.i386 0:1.4.5-14.1 set to be updated
---> Downloading header for php-common to pack into transaction set.
php-common-5.1.6-7.el5.i3

100% |=====================| 19 kB 00:00

---> Package php-common.i386 0:5.1.6-7.el5 set to be updated
---> Downloading header for php-cli to pack into transaction set.
php-cli-5.1.6-7.el5.i386.

100% |=====================| 17 kB 00:00

---> Package php-cli.i386 0:5.1.6-7.el5 set to be updated
--> Running transaction check

Dependencies Resolved

===========================================================
Package

Arch

Version

  Repository

Size

===========================================================
Installing:
  httpd

i386

2.2.3-6.el5.centos.1

    base

1.1 M

  mod_ssl

i386

1:2.2.3-6.el5.centos.1

    base

84 k

  php

i386

5.1.6-7.el5

    updates

1.2 M

  php-mbstring

i386

5.1.6-7.el51

    updates

966 k

  php-pear

noarch

1:1.4.9-4

    base

355 k

Installing for dependencies:
  distcache

i386

1.4.5-14.1

    base

119 k

  php-cli

i386

5.1.6-7.el5

    updates

2.2 M

  php-common

i386

5.1.6-7.el5

    updates

139 k

Transaction Summary
===========================================================
Install

8 Package(s)

Update

0 Package(s)

Remove

0 Package(s)

Total download size: 6.2 M
Downloading Packages:
(1/8): distcache-1.4.5-14

100% |====================| 119 kB 00:00

(2/8): php-pear-1.4.9-4.n

100% |====================| 355 kB 00:00

(3/8): mod_ssl-2.2.3-6.el

100% |====================|

84 kB 00:00

(4/8): php-mbstring-5.1.6

100% |====================| 966 kB 00:00

(5/8): php-common-5.1.6-7

100% |====================| 139 kB 00:00

(6/8): php-cli-5.1.6-7.el

100% |====================|

2.2 MB 00:00

(7/8): php-5.1.6-7.el5.i3

100% |====================|

1.2 MB 00:00

(8/8): httpd-2.2.3-6.el5.

100% |====================|

1.1 MB 00:00

Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing:   php-common

#################################### [1/8]

  Installing:   php-cli

#################################### [2/8]

  Installing:   httpd

#################################### [3/8]

  Installing:   php

#################################### [4/8]

  Installing:   distcache

#################################### [5/8]

  Installing:   php-pear

#################################### [6/8]

  Installing:   mod_ssl

#################################### [7/8]

  Installing:   php-mbstring

#################################### [8/8]

Installed: httpd.i386 0:2.2.3-6.el5.centos.1 mod_ssl.i386 1:2.2.3-6.el5.centos.1 php.i386 0:5.1.6-7.el5 php-mbstring.i386 0:5.1.6-7.el5 php-pear.noarch 1:1.4.9-4
Dependency Installed: distcache.i386 0:1.4.5-14.1 php-cli.i386 0:5.1.6-7.el5 php-common.i386 0:5.1.6-7.el5
Complete!
[root@www ~]#
[root@www ~]#

rm -f /etc/httpd/conf.d/welcome.conf

[root@www ~]#
[root@www ~]#

rm -f /var/www/error/noindex.html

[root@www ~]#

ln -s /usr/bin/perl /usr/local/bin/perl

[root@www ~]#

Install VideoCache Ubuntu

This summary is not available. Please click here to view the post.

Mikrotik Web-Proxy Cache Full

# CAche Full Mikrotik


/ ip firewall mangle

add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
    action=mark-connection new-connection-mark=Cache-Connection \
    passthrough=yes comment="Cache-Full" disabled=no

add chain=output connection-mark=Cache-Connection action=mark-packet \
    new-packet-mark=Cache-Packet passthrough=yes comment="" disabled=no



/ queue tree

add name="CACHE-FULL" parent=global-out packet-mark=Cache-Packet limit-at=0 \
    queue=ethernet-default priority=8 max-limit=0 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no

Squid Transparent configuration

Please follow these steps you will INSHA ALLAH configure the squid with
transparent option.....
You can also you dhcpd server for ip assigning.


vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

save & quit

vim /etc/squid/squid.conf

###......please enable these options......###

http_port 3128 transparent

acl our_networks src 192.168.1.0/24

http_access allow our_networks

cache_mem 16M

access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

store_log /var/log/squid/store.log

cache_dir /var/spool/squid 2000 16 256

cache_mgr baber@wbitt.com

visible_hostname squid.linuxlab.int

save and quit

#squid -z

#service squid start

###........then if u want to make it transparent kindly add rule to iptables
firwall........###



#iptables -t nat -A PREROUTING -p tcp -i etho --dport 80 -j REDIRECT --to-port
3128

###......Note: eth0 is connected with your LAN switch......###

Basic Commands

Some basic commands
cat
ls
head
tail
man
touch
mkdir
cd
less
more
grep
also see switches with --help or man or info command
please run these commands and post your views.............

Samba Configuration

[root@example ~]#
[root@example ~]# yum install samba-*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nsc.liu.se
* updates: centosh.centos.org
* addons: centosh.centos.org
* extras: centosb2.centos.org
base
| 1.1 kB 00:00
updates
| 951 B 00:00
primary.xml.gz
| 131 kB 00:00
updates 196/196
addons
| 951 B 00:00
extras
| 1.1 kB 00:00
Setting up Install Process
Parsing package install arguments
Package samba-common-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-client-3.0.33-3.7.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba-swat.i386 0:3.0.33-3.7.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================\
=============================================================================
Package Arch Version
Repository Size
================================================================================\
=============================================================================
Installing:
samba-swat i386
3.0.33-3.7.el5 base
8.2 M

Transaction Summary
================================================================================\
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 8.2 M
Is this ok [y/N]: y
Downloading Packages:
samba-swat-3.0.33-3.7.el5.i386.rpm
| 8.2 MB 00:52
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : samba-swat [1/1]

Installed: samba-swat.i386 0:3.0.33-3.7.el5
Complete!
[root@example ~]# vi /etc/samba/smb.conf

#======================= Global Settings =====================================

[global]

# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#

#####Edit this line with your NT workgroup name ########
#####Edited By Baber Zahoor dated 20090805 ########


workgroup = Workgroup
server string = Samba Server Version %v

; netbios name = MYSERVER

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.


######## go to on end of file and add your share ###############


A publicly accessible directory, but read only, except for people in
# the "staff" group
[Share]
comment = Public Stuff
path = /Share #### This can be your own share path #####
public = yes
writable = yes
printable = no
valid users = baber amalik ### can be your user ########
write list = +staff #### this is group name you can add your own.####

wq!


for adding the users in smbpasswd file use this command.
Note: users must be added before adding them into smbpasswd file.


[root@example ~]# smbpasswd -a baber
New SMB password:
Retype new SMB password:
Added user baber.
[root@example ~]#
[root@example ~]# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@example ~]#


now you can access the samba shares from the WidowsXp pc's


if you have firewall installed on your Linux server kindly open the ports.

[root@example ~]# system-config-securitylevel

enable the samba option in the firewall INPUT tables for incoming request

Simple Squid.conf

http_port 8080
#icp_port 3130

icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cache
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

### Opsi Tuning Squid
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.bom\.gov\.au 30 20% 120
refresh_pattern -i \.html$ 480 50% 22160
refresh_pattern -i \.htm$ 480 50% 22160
refresh_pattern -i \.class$ 10080 90% 43200
refresh_pattern -i \.zip$ 10080 90% 43200
refresh_pattern -i \.jpeg$ 10080 90% 43200
refresh_pattern -i \.mid$ 10080 90% 43200
refresh_pattern -i \.shtml$ 480 50% 22160
refresh_pattern -i \.exe$ 10080 90% 43200
refresh_pattern -i \.thm$ 10080 90% 43200
refresh_pattern -i \.wav$ 10080 90% 43200
refresh_pattern -i \.txt$ 10080 90% 43200
refresh_pattern -i \.cab$ 10080 90% 43200
refresh_pattern -i \.au$ 10080 90% 43200
refresh_pattern -i \.mov$ 10080 90% 43200
refresh_pattern -i \.xbm$ 10080 90% 43200
refresh_pattern -i \.ram$ 10080 90% 43200
refresh_pattern -i \.avi$ 10080 90% 43200
refresh_pattern -i \.chtml$ 480 50% 22160
refresh_pattern -i \.thb$ 10080 90% 43200
refresh_pattern -i \.dcr$ 10080 90% 43200
refresh_pattern -i \.bmp$ 10080 90% 43200
refresh_pattern -i \.phtml$ 480 50% 22160
refresh_pattern -i \.mpg$ 10080 90% 43200
refresh_pattern -i \.pdf$ 10080 90% 43200
refresh_pattern -i \.art$ 10080 90% 43200
refresh_pattern -i \.swf$ 10080 90% 43200
refresh_pattern -i \.mp3$ 10080 90% 43200
refresh_pattern -i \.ra$ 10080 90% 43200
refresh_pattern -i \.spl$ 10080 90% 43200
refresh_pattern -i \.viv$ 10080 90% 43200
refresh_pattern -i \.doc$ 10080 90% 43200
refresh_pattern -i \.gz$ 10080 90% 43200
refresh_pattern -i \.Z$ 10080 90% 43200
refresh_pattern -i \.tgz$ 10080 90% 43200
refresh_pattern -i \.tar$ 10080 90% 43200
refresh_pattern -i \.vrm$ 10080 90% 43200
refresh_pattern -i \.vrml$ 10080 90% 43200
refresh_pattern -i \.aif$ 10080 90% 43200
refresh_pattern -i \.aifc$ 10080 90% 43200
refresh_pattern -i \.aiff$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.c$ 10080 90% 43200
refresh_pattern -i \.cpt$ 10080 90% 43200
refresh_pattern -i \.dir$ 10080 90% 43200
refresh_pattern -i \.dxr$ 10080 90% 43200
refresh_pattern -i \.hqx$ 10080 90% 43200
refresh_pattern -i \.jpe$ 10080 90% 43200
refresh_pattern -i \.lha$ 10080 90% 43200
refresh_pattern -i \.lzh$ 10080 90% 43200
refresh_pattern -i \.midi$ 10080 90% 43200
refresh_pattern -i \.movie$ 10080 90% 43200
refresh_pattern -i \.mp2$ 10080 90% 43200
refresh_pattern -i \.mpe$ 10080 90% 43200
refresh_pattern -i \.mpeg$ 10080 90% 43200
refresh_pattern -i \.mpga$ 10080 90% 43200
refresh_pattern -i \.pl$ 10080 90% 43200
refresh_pattern -i \.ppt$ 10080 90% 43200
refresh_pattern -i \.ps$ 10080 90% 43200
refresh_pattern -i \.qt$ 10080 90% 43200
refresh_pattern -i \.qtm$ 10080 90% 43200
refresh_pattern -i \.ras$ 10080 90% 43200
refresh_pattern -i \.sea$ 10080 90% 43200
refresh_pattern -i \.sit$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
refresh_pattern -i \.snd$ 10080 90% 43200
refresh_pattern -i \.wrl$ 10080 90% 43200
refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims override-lastmod
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080
refresh_pattern ^http://*.microsoft.*/.* 720 100% 10080
refresh_pattern ^http://*.live.*/.* 720 100% 10080
refresh_pattern ^http://*.msn.*/.* 720 100% 10080
refresh_pattern ^http://*.hotmail.*/.* 720 100% 10080
refresh_pattern ^http://*.inbox.*/.* 720 100% 10080
refresh_pattern ^http://*.multiply.*/.* 720 100% 7200
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.*/.* 720 100% 10080
refresh_pattern ^http://*.wikipedia.*/.* 720 80% 10080
refresh_pattern ^http://*.lycos.*/.* 720 80% 10080
refresh_pattern ^http://*.blogspot.*/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.*/.* 720 80% 10080
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800
refresh_pattern ^http://*.telkom.*/.* 720 90% 2880
refresh_pattern ^http://*.plasa.*/.* 720 90% 2880
refresh_pattern ^http://*.bhinneka.*/.* 720 90% 2880
refresh_pattern ^http://*.fastncheap.*/.* 720 90% 2880
refresh_pattern ^http://*.glodokshop.*/.* 720 90% 2880
refresh_pattern ^http://*.blogger.*/.* 720 90% 2880
refresh_pattern ^http://*.detik.*/.* 720 90% 2880
refresh_pattern ^http://*.astaga.*/.* 720 90% 2880
refresh_pattern ^http://*.okezone.*/.* 720 90% 2880
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache
#cache_dir aufs /cache 20000 16 256
#cache_dir diskd /squid/cache 70000 16 256 Q1=72 Q2=88
cache_dir aufs /cache1 25000 16 256
cache_dir aufs /cache2 25000 16 256
cache_dir aufs /cache3 25000 16 256

### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off


### DNS server
dns_nameservers 127.0.0.1 192.168.1.254 203.130.193.74 202.134.0.155 202.134.2.5 202.155.0.10 202.155.0.15

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB

### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off
pconn_timeout 15 second
shutdown_lifetime 15 second

### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.0.0/26
acl client1 src 192.168.1.0/24
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
#acl block url_regex -i \.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager


acl TIME time SMTWHFA 10:00-21:00
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.mp4$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.msi$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$ \.rfx$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.3g2$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.cab$ \.qt$ \.flv$ \.swf$ \.3gp$ \.vqf$ \.asf$





http_access allow manager IIX Safe_ports
http_access allow client
http_access allow client1
#http_access allow client2
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all


### Paramater Administratif
cache_mgr support@dd.war.net.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.dd.war.net.id

### Opsi Akselerator
memory_pools off
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off

negative_ttl 2 minutes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 10 seconds
ie_refresh on



### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

### Membatasi Besar File untuk download
reply_body_max_size 3512000 deny !client

### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all

header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en



delay_pools 3
delay_class 1 1
delay_parameters 1 3000/3000
delay_access 1 allow download TIME
delay_access 1 deny all

Config Router BSD

1. Kernel Config

###kernel###

machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident NOVERNET

# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.

options IPDIVERT
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options HZ=1000

options SYSVMSG
options MSGMNB=8192
options MSGMNI=40
options MSGSEG=512
options MSGSSZ=64
options MSGTQL=2048

options SYSVSHM
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096

device pf
device pflog
device pfsync

options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ

options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET

options IPFILTER
options IPFILTER_LOG

2. Config rc.conf
###rc.conf###
sshd_enable="YES"
fsck_y_enable="YES"
gateway_enable="YES"

ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="speedy"
ppp_nat="YES"

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

ifconfig_rl0="up"
ifconfig_rl0="inet 192.168.2.2 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0"
hostname="router.nover.net.id"

3. Pf.conf
###pf.conf###
ext_if ='tun0'
all_if ='{ tun0 rl1 }'
int_if ='rl1 '
noacc ='{ 67 68 69 135 136 137 138 139 213 445 552 554 1034 1080 \
1433 1434 4000 4444 4661 4662 6257 6346 6347 6699 \
7070 }'
dfltport='{ 20 21 80 443 6660:6670 5001 5010 5050 5100 }'
p2p='{1214 3000:4900 4661:4672 6257 6699 6346 6881:6889 4662 4672}'
prioport='{ 22 161 162 1740:1900 2075 2212 3000:3200 3700:3999 \
4001:4900 5000 6900 7000 8000 8360:8364 8352 8372 \
10011 10021 10031 10041 10051 10061 10071 10102 13412 \
13413 13450 20000 20201 20202 }'
gameport='{ 1740:1900 2075 3000:3200 3700:3999 4001:4900 5000 5121 6121 6900
7000 8000 8360:8364 8352 8372 10011 10021 10031 10041 10051 10061 \
10071 10102 13412 13413 13450 20000 20201 20202 64113 64381 }'
cached ='{ 80 3128 8080 8081 }'
ssh1port='{ 22 2212 1680 1870 }'
snmpport='{ 161 162 }'

bio ='block in on'
boo ='block out on'
biqo ='block in quick on'
bdiqo ='block drop in quick on'
bilqo ='block in log quick on'
boqo ='block out quick on'
bdqo ='block drop quick on'
bdoqo ='block drop out quick on'
bdqlo ='block drop quick on'
bqo ='block quick on'
bolqo ='block out log quick on'
poqo ='pass out quick on'
piqo ='pass in quick on'
polqo ='pass out log quick on'
pilqo ='pass in log quick on'
prio ='priority'
pif ='proto tcp from'
pqo ='pass quick on'
puifa ='proto { udp icmp } from any'
puif ='proto { udp icmp } from'
ptufa ='proto { tcp udp } from any'
ptuif ='proto { tcp udp icmp } from'
ptuifa ='proto { tcp udp icmp } from any'
ptuf ='proto { tcp udp } from'
puf ='proto udp from'
ptfa ='proto tcp from any'
pufatap ='proto udp from any to any port'
pufap ='proto udp from any port'
pif ='proto icmp from'
ptf ='proto tcp from'
pifa ='proto icmp from any'
ptufap ='proto { tcp udp } from any port'
fata ='from any to any'
priq0 ='{ q_def0, q_pri0 }'
priq1 ='{ q_def1, q_pri1 }'
apriq0 ='(q_def0, q_pri0)'
apriq1 ='(q_def1, q_pri1)'
fat ='from any to'
poo ='pass out on'
pio ='pass in on'
pef ='persist file'
pst ='persist'
tbl ='table'
crd ='cbq(red default)'
crb ='cbq(red borrow)'
ptt ='proto tcp to'
ks ='keep state'
ms ='modulate state'
st ='set timeout'
bw ='bandwidth'
fa ='from any'
cd ='cbq(default)'
cr ='cbq(red)'
cq ='cbq queue'
hq ='hfsc queue'
fs ='flags S/SA'
qu ='queue'
ql ='qlimit'
rt ='realtime'
ls ='linkshare'
ul ='upperlimit'
pt ='proto tcp'

$st { interval 30, frag 10 }
$st { tcp.first 120, tcp.opening 30, tcp.established 86400 }
$st { tcp.closing 500, tcp.finwait 45, tcp.closed 40 }
$st { udp.first 60, udp.single 30, udp.multiple 60 }
$st { icmp.first 20, icmp.error 10 }
$st { other.first 60, other.single 30, other.multiple 60 }

set limit { states 20000, frags 20000 }
set optimization normal
set block-policy return
set state-policy if-bound
set loginterface $int_if
set loginterface $ext_if

$tbl <spamd> $pst
$tbl <bad_hosts> $pst

scrub in
scrub out no-df random-id

#nat on $ext_if from 192.168.1.0/28 -> 202.152.58.197
##nat on xl0 from 192.168.10.0/24 -> 172.16.10.3
nat on tun0 from 192.168.1.0/24 -> 125.162.86.158

#nat on ethernet public from network local -> ip public

rdr on rl1 proto tcp from 192.168.1.0/24 to any port www -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 8080 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 3128 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 9000 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 10000 -> 192.168.1.1 port 3128

$biqo $all_if proto { tcp udp } to port $noacc
$biqo $all_if proto { tcp udp } from port $noacc

$boqo $ext_if to 255.255.255.255
$biqo $ext_if from 255.255.255.255
$boqo $int_if to 255.255.255.255
$biqo $int_if from 255.255.255.255

pass quick on lo0

$bdiqo $all_if from <cekalsik>
$bdoqo $all_if to <cekalsik>

block in quick on $all_if proto icmp to 69.46.28.205
block in quick on $all_if proto icmp from 69.46.28.205
block in quick on $all_if proto icmp to 70.87.51.179
block in quick on $all_if proto icmp from 70.87.51.179

pass quick proto { tcp udp } to port $snmpport
pass quick proto { tcp udp } from port $snmpport

pass quick inet proto { tcp udp } to port { 123 }
pass quick inet proto { tcp udp } from port { 123 }

pass out proto tcp to port 21 keep state

pass quick inet proto icmp
4. Installation Squid
###Install Squid###
router# tar -zxvf squid-2.6.STABLE18.tar.gz
router# cd squid-2.6.STABLE18
./configure --prefix=/usr' '--sysconfdir=/etc/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--with-aio' '--with-dl' '--enable-storeio=aufs,diskd' '--enable-removal-policies=heap' '--enable-icmp' '--enable-delay-pools' '--enable-snmp' '--enable-cache-digests' '--enable-ipf-transparent' '--enable-pf-transparent' '--disable-ident-lookups' '--disable-hostname-checks' '--enable-underscores' '--enable-ssl' '--disable-wccp' '--disable-wccpv2
make && make install
pw useradd squid
cd /
chown squid:squid cache1 cache2 cache3 cache4 cache5
ee squid.conf

configuration squid.conf

http_port 3128 transparent
icp_port 3130

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY

cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99

ipcache_size 4096
ipcache_low 98
ipcache_high 99

fqdncache_size 4096
maximum_object_size 32 MB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir diskd /cache1 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache2 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache3 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache4 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache5 6000 20 256 Q1=72 Q2=88

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
access_log none
cache_log none
allow_underscore on
pid_filename /var/run/squid/squid.pid
cache_store_log none

##REFRESH PATTERN
refresh_pattern yahoo 0 20% 4320
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern -i \? 2 20% 4320 reload-into-ims
refresh_pattern -i cgi-bin 2 20% 4320 reload-into-ims
refresh_pattern http://.*\login.yahoo\.com/ 10080 20% 4320
refresh_pattern http://.*\338a\.com/ 3600 20% 4320
refresh_pattern http://*\.ibcbet\.com/ 0 20% 4320
refresh_pattern . 960 90% 43200 reload-into-ims

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100

client_lifetime 3 hours
shutdown_lifetime 10 seconds
half_closed_clients off
high_memory_warning 400 mb
high_response_time_warning 0
high_page_fault_warning 2
strip_query_terms off
log_fqdn off
memory_pools off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/24

#acl porn url_regex "/etc/squid/bokep.txt"
#acl noporn url_regex "/etc/squid/nobokep.txt"

acl TIME time SMTWHFA 10:00-20:00
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.mp4$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.msi$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$ \.rfx$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.3g2$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.cab$ \.qt$ \.flv$ \.swf$ \.3gp$ \.vqf$ \.asf$

acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 84
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 445 213 137 138 32768
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny VIRUS
#http_access deny porn !noporn
http_access deny BADPORTS
http_access allow lan
http_access allow localhost
http_access deny all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
extension_methods register-http-method
ftp_user areksitiung@yahoo.com
ftp_list_width 32
ftp_passive on

forwarded_for off
store_objects_per_bucket 15
store_avg_object_size 13 kb
debug_options ALL,1 98,2
max_open_disk_fds 100
store_dir_select_algorithm round-robin

cache_mgr areksitiung@yahoo.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.nover.net.id
logfile_rotate 1
pipeline_prefetch on
vary_ignore_expire on
cachemgr_passwd cimpronet
buffered_logs on
ignore_unknown_nameservers off
ie_refresh off

delay_pools 3
delay_class 1 1
delay_parameters 1 10000/15000
delay_access 1 allow download TIME
delay_access 1 deny all

/usr/sbin/squid -z
/usr/sbin/squid -D

5. Dial PPOE from BSD
router# cat /etc/ppp/ppp.conf
#################################################################
# PPP Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.8 2001/06/21 15:42:26 brian Exp $
#################################################################

default:
set device PPPoE:rl0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun
add default HISADDR
enable dns
speedy:
set authname 1114071xxxx@telkom.net
set authkey xxxx
</cekalsik></cekalsik></bad_hosts></spamd>

Simple Mikrotik Firewall Filter

/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment="Block Bogus IP \
Address" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist \
action=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list \
address-list=ssh_blacklist address-list-timeout=1w3d comment="" \
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list \
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list \
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="Port \
Scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="" \
disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="" \
disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="" \
disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist \
action=drop comment="Filter FTP to Box" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment="Separate \
Protocol into Chains" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" \
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" \
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="Blocking UDP \
Packet" disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="" disabled=no
add chain=tcp protocol=udp dst-port=445 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="Bloking TCP \
Packet" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="" \
disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment="Limited Ping Flood" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment="" disabled=no
add chain=icmp protocol=icmp action=drop comment="" disabled=no
add chain=input dst-address-type=broadcast action=accept comment="Allow \
Broadcast Traffic" disabled=no
add chain=input connection-state=established action=accept comment="Connection \
State" disabled=no
add chain=input connection-state=related action=accept comment="" disabled=no
add chain=input connection-state=invalid action=drop comment="" disabled=no

Simple Mikrotik Nice

/ ip firewall address-list
add list=knock address=82.196.5.255 comment="" disabled=no
add list=knock address=85.255.118.158 comment="" disabled=no
add list=knock address=61.19.247.96 comment="" disabled=no
add list=knock address=67.43.13.127 comment="" disabled=no
add list=knock address=64.28.177.139 comment="" disabled=no
add list=knock address=213.8.145.134 comment="" disabled=no
add list=knock address=213.159.231.218 comment="" disabled=no
add list=knock address=202.67.231.160 comment="" disabled=no
add list=knock address=195.38.160.50 comment="" disabled=no
add list=knock address=195.177.72.3 comment="" disabled=no
add list=knock address=81.176.68.175 comment="" disabled=no
add list=knock address=211.239.118.144 comment="" disabled=no
add list=knock address=82.98.86.177 comment="" disabled=no
add list=knock address=74.86.196.213 comment="" disabled=no
add list=knock address=66.155.143.187 comment="" disabled=no
add list=knock address=64.123.43.80 comment="" disabled=no
add list=servergames address=202.93.20.201 comment="Rf" disabled=no
add list=servergames address=202.150.34.6 comment="Dota" disabled=no
add list=servergames address=203.77.212.20 comment="" disabled=no
add list=servergames address=202.89.208.61 comment="" disabled=no
add list=servergames address=202.81.48.27 comment="" disabled=no
add list=servergames address=202.69.106.186 comment="" disabled=no
add list=servergames address=203.146.140.46 comment="" disabled=no
add list=servergames address=202.43.162.171 comment="" disabled=no
add list=servergames address=202.138.231.226 comment="" disabled=no
add list=servergames address=202.146.225.64 comment="" disabled=no
add list=servergames address=122.144.2.38 comment="" disabled=no
add list=servergames address=122.144.2.42 comment="" disabled=no
add list=Blok-ip address=66.45.254.244 comment="Blokip" disabled=no
add list=Blok-ip address=66.45.254.245 comment="" disabled=no
add list=Blok-ip address=69.50.129.124 comment="" disabled=no
add list=Blok-ip address=69.90.74.20 comment="" disabled=no
add list=Blok-ip address=193.239.248.48 comment="" disabled=no
add list=nice address=167.205.0.0/16 comment="Nice" disabled=no
add list=nice address=222.124.0.0/16 comment="" disabled=no
add list=nice address=61.94.0.0/16 comment="" disabled=no
add list=nice address=125.162.0.0/16 comment="" disabled=no
add list=nice address=125.163.0.0/16 comment="" disabled=no
add list=nice address=125.160.0.0/16 comment="" disabled=no
add list=nice address=125.161.0.0/16 comment="" disabled=no
add list=nice address=125.164.0.0/16 comment="" disabled=no
add list=nice address=61.5.0.0/17 comment="" disabled=no
add list=nice address=202.158.0.0/17 comment="" disabled=no
add list=nice address=118.98.128.0/17 comment="" disabled=no
add list=nice address=125.208.128.0/18 comment="" disabled=no
add list=nice address=210.210.128.0/18 comment="" disabled=no
add list=nice address=152.118.128.0/18 comment="" disabled=no
add list=nice address=152.118.192.0/18 comment="" disabled=no
add list=nice address=152.118.0.0/18 comment="" disabled=no
add list=nice address=152.118.64.0/18 comment="" disabled=no
add list=nice address=117.102.64.0/18 comment="" disabled=no
add list=nice address=61.14.0.0/18 comment="" disabled=no
add list=nice address=206.182.192.0/18 comment="" disabled=no
add list=nice address=202.152.0.0/18 comment="" disabled=no
add list=nice address=221.132.192.0/18 comment="" disabled=no
add list=nice address=124.153.0.0/18 comment="" disabled=no
add list=nice address=207.209.192.0/18 comment="" disabled=no
add list=nice address=203.130.192.0/18 comment="" disabled=no
add list=nice address=202.47.192.0/19 comment="" disabled=no
add list=nice address=202.51.192.0/19 comment="" disabled=no
add list=nice address=202.173.64.0/19 comment="" disabled=no
add list=nice address=202.171.0.0/19 comment="" disabled=no
add list=nice address=202.169.32.0/19 comment="" disabled=no
add list=nice address=202.149.128.0/19 comment="" disabled=no
add list=nice address=202.147.224.0/19 comment="" disabled=no
add list=nice address=202.146.224.0/19 comment="" disabled=no
add list=nice address=202.159.64.0/19 comment="" disabled=no
add list=nice address=202.152.224.0/19 comment="" disabled=no
add list=nice address=203.123.224.0/19 comment="" disabled=no
add list=nice address=118.82.0.0/19 comment="" disabled=no
add list=nice address=117.102.224.0/19 comment="" disabled=no
add list=nice address=117.104.192.0/19 comment="" disabled=no
add list=nice address=124.195.0.0/19 comment="" disabled=no
add list=nice address=209.93.224.0/19 comment="" disabled=no
add list=nice address=61.247.0.0/19 comment="" disabled=no
add list=nice address=61.247.32.0/19 comment="" disabled=no
add list=nice address=118.136.0.0/19 comment="" disabled=no
add list=nice address=118.136.32.0/19 comment="" disabled=no
add list=nice address=118.136.64.0/19 comment="" disabled=no
add list=nice address=118.136.96.0/19 comment="" disabled=no
add list=nice address=118.136.128.0/19 comment="" disabled=no
add list=nice address=118.136.160.0/19 comment="" disabled=no
add list=nice address=118.136.192.0/19 comment="" disabled=no
add list=nice address=118.136.224.0/19 comment="" disabled=no
add list=nice address=118.137.0.0/19 comment="" disabled=no
add list=nice address=118.137.32.0/19 comment="" disabled=no
add list=nice address=118.137.64.0/19 comment="" disabled=no
add list=nice address=118.137.96.0/19 comment="" disabled=no
add list=nice address=118.137.128.0/19 comment="" disabled=no
add list=nice address=118.137.160.0/19 comment="" disabled=no
add list=nice address=118.137.192.0/19 comment="" disabled=no
add list=nice address=118.137.224.0/19 comment="" disabled=no
add list=nice address=121.52.64.0/19 comment="" disabled=no
add list=nice address=124.81.0.0/19 comment="" disabled=no
add list=nice address=124.81.32.0/19 comment="" disabled=no
add list=nice address=124.81.64.0/19 comment="" disabled=no
add list=nice address=124.81.96.0/19 comment="" disabled=no
add list=nice address=124.81.128.0/19 comment="" disabled=no
add list=nice address=124.81.192.0/19 comment="" disabled=no
add list=nice address=124.81.224.0/19 comment="" disabled=no
add list=nice address=202.10.32.0/19 comment="" disabled=no
add list=nice address=202.53.224.0/19 comment="" disabled=no
add list=nice address=202.57.0.0/19 comment="" disabled=no
add list=nice address=202.73.96.0/19 comment="" disabled=no
add list=nice address=202.77.96.0/19 comment="" disabled=no
add list=nice address=202.81.32.0/19 comment="" disabled=no
add list=nice address=202.137.0.0/19 comment="" disabled=no
add list=nice address=202.138.224.0/19 comment="" disabled=no
add list=nice address=202.148.0.0/19 comment="" disabled=no
add list=nice address=202.150.64.0/19 comment="" disabled=no
add list=nice address=202.153.128.0/19 comment="" disabled=no
add list=nice address=202.154.0.0/19 comment="" disabled=no
add list=nice address=202.154.32.0/19 comment="" disabled=no
add list=nice address=202.155.0.0/19 comment="" disabled=no
add list=nice address=202.155.32.0/19 comment="" disabled=no
add list=nice address=202.155.96.0/19 comment="" disabled=no
add list=nice address=202.155.128.0/19 comment="" disabled=no
add list=nice address=202.159.0.0/19 comment="" disabled=no
add list=nice address=202.159.32.0/19 comment="" disabled=no
add list=nice address=202.162.192.0/19 comment="" disabled=no
add list=nice address=203.128.64.0/19 comment="" disabled=no
add list=nice address=219.83.0.0/19 comment="" disabled=no
add list=nice address=219.83.32.0/19 comment="" disabled=no
add list=nice address=219.83.64.0/19 comment="" disabled=no
add list=nice address=60.253.112.0/20 comment="" disabled=no
add list=nice address=61.8.64.0/20 comment="" disabled=no
add list=nice address=61.45.224.0/20 comment="" disabled=no
add list=nice address=116.68.160.0/20 comment="" disabled=no
add list=nice address=117.20.48.0/20 comment="" disabled=no
add list=nice address=119.2.64.0/20 comment="" disabled=no
add list=nice address=119.82.224.0/20 comment="" disabled=no
add list=nice address=119.110.64.0/20 comment="" disabled=no
add list=nice address=121.50.128.0/20 comment="" disabled=no
add list=nice address=122.200.0.0/20 comment="" disabled=no
add list=nice address=124.81.176.0/20 comment="" disabled=no
add list=nice address=202.3.208.0/20 comment="" disabled=no
add list=nice address=202.6.208.0/20 comment="" disabled=no
add list=nice address=202.6.224.0/20 comment="" disabled=no
add list=nice address=202.43.176.0/20 comment="" disabled=no
add list=nice address=202.46.64.0/20 comment="" disabled=no
add list=nice address=202.46.144.0/20 comment="" disabled=no
add list=nice address=202.47.64.0/20 comment="" disabled=no
add list=nice address=202.51.96.0/20 comment="" disabled=no
add list=nice address=202.51.224.0/20 comment="" disabled=no
add list=nice address=202.58.64.0/20 comment="" disabled=no
add list=nice address=202.58.160.0/20 comment="" disabled=no
add list=nice address=202.59.160.0/20 comment="" disabled=no
add list=nice address=202.65.112.0/20 comment="" disabled=no
add list=nice address=202.67.32.0/20 comment="" disabled=no
add list=nice address=202.69.96.0/20 comment="" disabled=no
add list=nice address=202.72.208.0/20 comment="" disabled=no
add list=nice address=202.73.224.0/20 comment="" disabled=no
add list=nice address=202.77.64.0/20 comment="" disabled=no
add list=nice address=202.80.112.0/20 comment="" disabled=no
add list=nice address=202.80.208.0/20 comment="" disabled=no
add list=nice address=202.87.176.0/20 comment="" disabled=no
add list=nice address=202.93.16.0/20 comment="" disabled=no
add list=nice address=202.93.32.0/20 comment="" disabled=no
add list=nice address=202.93.128.0/20 comment="" disabled=no
add list=nice address=202.93.224.0/20 comment="" disabled=no
add list=nice address=202.95.128.0/20 comment="" disabled=no
add list=nice address=202.123.224.0/20 comment="" disabled=no
add list=nice address=202.127.96.0/20 comment="" disabled=no
add list=nice address=202.133.80.0/20 comment="" disabled=no
add list=nice address=202.143.32.0/20 comment="" disabled=no
add list=nice address=202.145.0.0/20 comment="" disabled=no
add list=nice address=202.147.192.0/20 comment="" disabled=no
add list=nice address=202.152.160.0/20 comment="" disabled=no
add list=nice address=202.152.192.0/20 comment="" disabled=no
add list=nice address=202.153.16.0/20 comment="" disabled=no
add list=nice address=202.153.240.0/20 comment="" disabled=no
add list=nice address=202.155.64.0/20 comment="" disabled=no
add list=nice address=202.158.128.0/20 comment="" disabled=no
add list=nice address=202.159.112.0/20 comment="" disabled=no
add list=nice address=202.165.32.0/20 comment="" disabled=no
add list=nice address=203.78.112.0/20 comment="" disabled=no
add list=nice address=203.83.32.0/20 comment="" disabled=no
add list=nice address=203.89.16.0/20 comment="" disabled=no
add list=nice address=203.153.96.0/20 comment="" disabled=no
add list=nice address=203.161.16.0/20 comment="" disabled=no
add list=nice address=203.166.192.0/20 comment="" disabled=no
add list=nice address=203.201.160.0/20 comment="" disabled=no
add list=nice address=207.83.112.0/20 comment="" disabled=no
add list=nice address=210.57.208.0/20 comment="" disabled=no
add list=nice address=210.79.208.0/20 comment="" disabled=no
add list=nice address=219.83.96.0/20 comment="" disabled=no
add list=nice address=220.157.96.0/20 comment="" disabled=no
add list=nice address=58.65.240.0/21 comment="" disabled=no
add list=nice address=60.253.96.0/21 comment="" disabled=no
add list=nice address=116.0.0.0/21 comment="" disabled=no
add list=nice address=116.12.40.0/21 comment="" disabled=no
add list=nice address=116.50.24.0/21 comment="" disabled=no
add list=nice address=116.68.224.0/21 comment="" disabled=no
add list=nice address=116.68.248.0/21 comment="" disabled=no
add list=nice address=116.90.208.0/21 comment="" disabled=no
add list=nice address=116.197.128.0/21 comment="" disabled=no
add list=nice address=116.199.200.0/21 comment="" disabled=no
add list=nice address=116.254.96.0/21 comment="" disabled=no
add list=nice address=117.74.120.0/21 comment="" disabled=no
add list=nice address=117.102.160.0/21 comment="" disabled=no
add list=nice address=117.103.8.0/21 comment="" disabled=no
add list=nice address=117.103.32.0/21 comment="" disabled=no
add list=nice address=117.103.48.0/21 comment="" disabled=no
add list=nice address=117.103.168.0/21 comment="" disabled=no
add list=nice address=119.2.40.0/21 comment="" disabled=no
add list=nice address=119.10.176.0/21 comment="" disabled=no
add list=nice address=119.82.240.0/21 comment="" disabled=no
add list=nice address=121.52.48.0/21 comment="" disabled=no
add list=nice address=121.58.184.0/21 comment="" disabled=no
add list=nice address=122.49.224.0/21 comment="" disabled=no
add list=nice address=122.128.16.0/21 comment="" disabled=no
add list=nice address=122.129.192.0/21 comment="" disabled=no
add list=nice address=122.144.0.0/21 comment="" disabled=no
add list=nice address=122.200.48.0/21 comment="" disabled=no
add list=nice address=122.200.144.0/21 comment="" disabled=no
add list=nice address=124.66.160.0/21 comment="" disabled=no
add list=nice address=124.81.168.0/21 comment="" disabled=no
add list=nice address=202.43.160.0/21 comment="" disabled=no
add list=nice address=202.43.248.0/21 comment="" disabled=no
add list=nice address=202.46.24.0/21 comment="" disabled=no
add list=nice address=202.46.80.0/21 comment="" disabled=no
add list=nice address=202.51.16.0/21 comment="" disabled=no
add list=nice address=202.58.176.0/21 comment="" disabled=no
add list=nice address=202.59.200.0/21 comment="" disabled=no
add list=nice address=202.62.16.0/21 comment="" disabled=no
add list=nice address=202.67.8.0/21 comment="" disabled=no
add list=nice address=202.70.48.0/21 comment="" disabled=no
add list=nice address=202.72.192.0/21 comment="" disabled=no
add list=nice address=202.74.72.0/21 comment="" disabled=no
add list=nice address=202.75.16.0/21 comment="" disabled=no
add list=nice address=202.75.104.0/21 comment="" disabled=no
add list=nice address=202.87.248.0/21 comment="" disabled=no
add list=nice address=202.89.208.0/21 comment="" disabled=no
add list=nice address=202.91.8.0/21 comment="" disabled=no
add list=nice address=202.91.24.0/21 comment="" disabled=no
add list=nice address=202.93.240.0/21 comment="" disabled=no
add list=nice address=202.95.152.0/21 comment="" disabled=no
add list=nice address=202.122.8.0/21 comment="" disabled=no
add list=nice address=202.129.184.0/21 comment="" disabled=no
add list=nice address=202.133.0.0/21 comment="" disabled=no
add list=nice address=202.134.0.0/21 comment="" disabled=no
add list=nice address=202.149.64.0/21 comment="" disabled=no
add list=nice address=202.149.80.0/21 comment="" disabled=no
add list=nice address=202.150.32.0/21 comment="" disabled=no
add list=nice address=202.150.128.0/21 comment="" disabled=no
add list=nice address=202.150.224.0/21 comment="" disabled=no
add list=nice address=202.150.240.0/21 comment="" disabled=no
add list=nice address=202.153.224.0/21 comment="" disabled=no
add list=nice address=202.155.80.0/21 comment="" disabled=no
add list=nice address=202.159.96.0/21 comment="" disabled=no
add list=nice address=202.162.32.0/21 comment="" disabled=no
add list=nice address=202.169.224.0/21 comment="" disabled=no
add list=nice address=202.180.0.0/21 comment="" disabled=no
add list=nice address=202.180.48.0/21 comment="" disabled=no
add list=nice address=202.182.56.0/21 comment="" disabled=no
add list=nice address=202.182.160.0/21 comment="" disabled=no
add list=nice address=203.77.224.0/21 comment="" disabled=no
add list=nice address=203.80.8.0/21 comment="" disabled=no
add list=nice address=203.84.136.0/21 comment="" disabled=no
add list=nice address=203.84.152.0/21 comment="" disabled=no
add list=nice address=203.134.232.0/21 comment="" disabled=no
add list=nice address=203.135.176.0/21 comment="" disabled=no
add list=nice address=203.142.64.0/21 comment="" disabled=no
add list=nice address=203.142.80.0/21 comment="" disabled=no
add list=nice address=203.153.24.0/21 comment="" disabled=no
add list=nice address=203.153.112.0/21 comment="" disabled=no
add list=nice address=203.174.8.0/21 comment="" disabled=no
add list=nice address=203.176.176.0/21 comment="" disabled=no
add list=nice address=203.190.48.0/21 comment="" disabled=no
add list=nice address=203.190.184.0/21 comment="" disabled=no
add list=nice address=203.190.240.0/21 comment="" disabled=no
add list=nice address=210.211.16.0/21 comment="" disabled=no
add list=nice address=219.83.112.0/21 comment="" disabled=no
add list=nice address=222.229.80.0/21 comment="" disabled=no
add list=nice address=32.234.172.0/22 comment="" disabled=no
add list=nice address=58.147.184.0/22 comment="" disabled=no
add list=nice address=60.253.104.0/22 comment="" disabled=no
add list=nice address=116.66.200.0/22 comment="" disabled=no
add list=nice address=116.90.176.0/22 comment="" disabled=no
add list=nice address=117.103.0.0/22 comment="" disabled=no
add list=nice address=117.103.56.0/22 comment="" disabled=no
add list=nice address=121.100.20.0/22 comment="" disabled=no
add list=nice address=124.81.164.0/22 comment="" disabled=no
add list=nice address=124.158.132.0/22 comment="" disabled=no
add list=nice address=124.195.40.0/22 comment="" disabled=no
add list=nice address=202.2.92.0/22 comment="" disabled=no
add list=nice address=202.46.0.0/22 comment="" disabled=no
add list=nice address=202.46.88.0/22 comment="" disabled=no
add list=nice address=202.51.28.0/22 comment="" disabled=no
add list=nice address=202.51.252.0/22 comment="" disabled=no
add list=nice address=202.52.12.0/22 comment="" disabled=no
add list=nice address=202.55.164.0/22 comment="" disabled=no
add list=nice address=202.55.168.0/22 comment="" disabled=no
add list=nice address=202.59.196.0/22 comment="" disabled=no
add list=nice address=202.62.8.0/22 comment="" disabled=no
add list=nice address=202.62.24.0/22 comment="" disabled=no
add list=nice address=202.70.60.0/22 comment="" disabled=no
add list=nice address=202.72.200.0/22 comment="" disabled=no
add list=nice address=202.75.24.0/22 comment="" disabled=no
add list=nice address=202.75.96.0/22 comment="" disabled=no
add list=nice address=202.78.196.0/22 comment="" disabled=no
add list=nice address=202.81.4.0/22 comment="" disabled=no
add list=nice address=202.93.112.0/22 comment="" disabled=no
add list=nice address=202.95.148.0/22 comment="" disabled=no
add list=nice address=202.146.0.0/22 comment="" disabled=no
add list=nice address=202.146.128.0/22 comment="" disabled=no
add list=nice address=202.146.176.0/22 comment="" disabled=no
add list=nice address=202.149.72.0/22 comment="" disabled=no
add list=nice address=202.149.88.0/22 comment="" disabled=no
add list=nice address=202.150.232.0/22 comment="" disabled=no
add list=nice address=202.153.236.0/22 comment="" disabled=no
add list=nice address=202.154.184.0/22 comment="" disabled=no
add list=nice address=202.155.92.0/22 comment="" disabled=no
add list=nice address=202.159.108.0/22 comment="" disabled=no
add list=nice address=202.162.40.0/22 comment="" disabled=no
add list=nice address=202.173.16.0/22 comment="" disabled=no
add list=nice address=202.180.16.0/22 comment="" disabled=no
add list=nice address=202.182.48.0/22 comment="" disabled=no
add list=nice address=202.182.168.0/22 comment="" disabled=no
add list=nice address=202.182.188.0/22 comment="" disabled=no
add list=nice address=203.77.208.0/22 comment="" disabled=no
add list=nice address=203.77.236.0/22 comment="" disabled=no
add list=nice address=203.77.248.0/22 comment="" disabled=no
add list=nice address=203.81.184.0/22 comment="" disabled=no
add list=nice address=203.99.96.0/22 comment="" disabled=no
add list=nice address=203.128.248.0/22 comment="" disabled=no
add list=nice address=203.142.76.0/22 comment="" disabled=no
add list=nice address=203.190.40.0/22 comment="" disabled=no
add list=nice address=203.190.112.0/22 comment="" disabled=no
add list=nice address=203.191.40.0/22 comment="" disabled=no
add list=nice address=219.83.120.0/22 comment="" disabled=no
add list=nice address=222.165.252.0/22 comment="" disabled=no
add list=nice address=32.234.170.0/23 comment="" disabled=no
add list=nice address=58.145.170.0/23 comment="" disabled=no
add list=nice address=60.253.108.0/23 comment="" disabled=no
add list=nice address=116.66.204.0/23 comment="" disabled=no
add list=nice address=117.103.6.0/23 comment="" disabled=no
add list=nice address=121.52.58.0/23 comment="" disabled=no
add list=nice address=121.52.128.0/23 comment="" disabled=no
add list=nice address=121.100.16.0/23 comment="" disabled=no
add list=nice address=121.101.184.0/23 comment="" disabled=no
add list=nice address=122.102.48.0/23 comment="" disabled=no
add list=nice address=123.176.120.0/23 comment="" disabled=no
add list=nice address=124.158.130.0/23 comment="" disabled=no
add list=nice address=124.195.54.0/23 comment="" disabled=no
add list=nice address=202.20.106.0/23 comment="" disabled=no
add list=nice address=202.43.168.0/23 comment="" disabled=no
add list=nice address=202.46.4.0/23 comment="" disabled=no
add list=nice address=202.46.8.0/23 comment="" disabled=no
add list=nice address=202.46.14.0/23 comment="" disabled=no
add list=nice address=202.46.92.0/23 comment="" disabled=no
add list=nice address=202.46.130.0/23 comment="" disabled=no
add list=nice address=202.46.240.0/23 comment="" disabled=no
add list=nice address=202.46.252.0/23 comment="" disabled=no
add list=nice address=202.51.56.0/23 comment="" disabled=no
add list=nice address=202.58.192.0/23 comment="" disabled=no
add list=nice address=202.58.196.0/23 comment="" disabled=no
add list=nice address=202.59.192.0/23 comment="" disabled=no
add list=nice address=202.62.28.0/23 comment="" disabled=no
add list=nice address=202.65.236.0/23 comment="" disabled=no
add list=nice address=202.75.30.0/23 comment="" disabled=no
add list=nice address=202.78.192.0/23 comment="" disabled=no
add list=nice address=202.78.200.0/23 comment="" disabled=no
add list=nice address=202.78.204.0/23 comment="" disabled=no
add list=nice address=202.87.240.0/23 comment="" disabled=no
add list=nice address=202.89.216.0/23 comment="" disabled=no
add list=nice address=202.89.222.0/23 comment="" disabled=no
add list=nice address=202.93.116.0/23 comment="" disabled=no
add list=nice address=202.95.144.0/23 comment="" disabled=no
add list=nice address=202.135.6.0/23 comment="" disabled=no
add list=nice address=202.135.134.0/23 comment="" disabled=no
add list=nice address=202.146.4.0/23 comment="" disabled=no
add list=nice address=202.146.132.0/23 comment="" disabled=no
add list=nice address=202.149.92.0/23 comment="" disabled=no
add list=nice address=202.150.40.0/23 comment="" disabled=no
add list=nice address=202.150.248.0/23 comment="" disabled=no
add list=nice address=202.153.232.0/23 comment="" disabled=no
add list=nice address=202.154.176.0/23 comment="" disabled=no
add list=nice address=202.159.106.0/23 comment="" disabled=no
add list=nice address=202.162.46.0/23 comment="" disabled=no
add list=nice address=202.164.222.0/23 comment="" disabled=no
add list=nice address=202.169.232.0/23 comment="" disabled=no
add list=nice address=202.169.236.0/23 comment="" disabled=no
add list=nice address=202.173.20.0/23 comment="" disabled=no
add list=nice address=202.179.184.0/23 comment="" disabled=no
add list=nice address=202.180.8.0/23 comment="" disabled=no
add list=nice address=202.182.52.0/23 comment="" disabled=no
add list=nice address=202.191.2.0/23 comment="" disabled=no
add list=nice address=203.31.164.0/23 comment="" disabled=no
add list=nice address=203.77.214.0/23 comment="" disabled=no
add list=nice address=203.77.220.0/23 comment="" disabled=no
add list=nice address=203.77.232.0/23 comment="" disabled=no
add list=nice address=203.77.246.0/23 comment="" disabled=no
add list=nice address=203.81.190.0/23 comment="" disabled=no
add list=nice address=203.153.120.0/23 comment="" disabled=no
add list=nice address=203.160.56.0/23 comment="" disabled=no
add list=nice address=203.190.46.0/23 comment="" disabled=no
add list=nice address=203.190.118.0/23 comment="" disabled=no
add list=nice address=203.194.70.0/23 comment="" disabled=no
add list=nice address=204.61.210.0/23 comment="" disabled=no
add list=nice address=204.61.212.0/23 comment="" disabled=no
add list=nice address=204.61.216.0/23 comment="" disabled=no
add list=nice address=206.73.208.0/23 comment="" disabled=no
add list=nice address=206.73.234.0/23 comment="" disabled=no
add list=nice address=206.73.238.0/23 comment="" disabled=no
add list=nice address=210.23.66.0/23 comment="" disabled=no
add list=nice address=210.23.78.0/23 comment="" disabled=no
add list=nice address=58.145.173.0/24 comment="" disabled=no
add list=nice address=58.145.175.0/24 comment="" disabled=no
add list=nice address=58.147.188.0/24 comment="" disabled=no
add list=nice address=58.147.190.0/24 comment="" disabled=no
add list=nice address=60.253.110.0/24 comment="" disabled=no
add list=nice address=87.237.160.0/24 comment="" disabled=no
add list=nice address=116.66.207.0/24 comment="" disabled=no
add list=nice address=116.90.163.0/24 comment="" disabled=no
add list=nice address=116.212.96.0/24 comment="" disabled=no
add list=nice address=117.103.5.0/24 comment="" disabled=no
add list=nice address=117.103.60.0/24 comment="" disabled=no
add list=nice address=119.18.159.0/24 comment="" disabled=no
add list=nice address=121.52.25.0/24 comment="" disabled=no
add list=nice address=121.52.35.0/24 comment="" disabled=no
add list=nice address=121.52.42.0/24 comment="" disabled=no
add list=nice address=121.52.61.0/24 comment="" disabled=no
add list=nice address=121.52.62.0/24 comment="" disabled=no
add list=nice address=121.52.130.0/24 comment="" disabled=no
add list=nice address=121.52.133.0/24 comment="" disabled=no
add list=nice address=121.52.135.0/24 comment="" disabled=no
add list=nice address=121.100.19.0/24 comment="" disabled=no
add list=nice address=122.102.50.0/24 comment="" disabled=no
add list=nice address=122.102.52.0/24 comment="" disabled=no
add list=nice address=123.176.122.0/24 comment="" disabled=no
add list=nice address=123.176.127.0/24 comment="" disabled=no
add list=nice address=124.81.160.0/24 comment="" disabled=no
add list=nice address=124.81.162.0/24 comment="" disabled=no
add list=nice address=124.158.129.0/24 comment="" disabled=no
add list=nice address=124.158.136.0/24 comment="" disabled=no
add list=nice address=124.195.53.0/24 comment="" disabled=no
add list=nice address=152.158.247.0/24 comment="" disabled=no
add list=nice address=156.146.3.0/24 comment="" disabled=no
add list=nice address=192.5.5.0/24 comment="" disabled=no
add list=nice address=192.23.186.0/24 comment="" disabled=no
add list=nice address=192.36.148.0/24 comment="" disabled=no
add list=nice address=192.92.81.0/24 comment="" disabled=no
add list=nice address=202.14.255.0/24 comment="" disabled=no
add list=nice address=202.22.31.0/24 comment="" disabled=no
add list=nice address=202.43.170.0/24 comment="" disabled=no
add list=nice address=202.43.173.0/24 comment="" disabled=no
add list=nice address=202.43.175.0/24 comment="" disabled=no
add list=nice address=202.46.11.0/24 comment="" disabled=no
add list=nice address=202.46.94.0/24 comment="" disabled=no
add list=nice address=202.46.129.0/24 comment="" disabled=no
add list=nice address=202.51.122.0/24 comment="" disabled=no
add list=nice address=202.51.126.0/24 comment="" disabled=no
add list=nice address=202.52.8.0/24 comment="" disabled=no
add list=nice address=202.55.160.0/24 comment="" disabled=no
add list=nice address=202.55.172.0/24 comment="" disabled=no
add list=nice address=202.58.194.0/24 comment="" disabled=no
add list=nice address=202.58.203.0/24 comment="" disabled=no
add list=nice address=202.58.204.0/24 comment="" disabled=no
add list=nice address=202.59.195.0/24 comment="" disabled=no
add list=nice address=202.62.31.0/24 comment="" disabled=no
add list=nice address=202.65.227.0/24 comment="" disabled=no
add list=nice address=202.65.238.0/24 comment="" disabled=no
add list=nice address=202.72.206.0/24 comment="" disabled=no
add list=nice address=202.75.29.0/24 comment="" disabled=no
add list=nice address=202.78.195.0/24 comment="" disabled=no
add list=nice address=202.78.203.0/24 comment="" disabled=no
add list=nice address=202.87.242.0/24 comment="" disabled=no
add list=nice address=202.87.247.0/24 comment="" disabled=no
add list=nice address=202.92.192.0/24 comment="" disabled=no
add list=nice address=202.92.200.0/24 comment="" disabled=no
add list=nice address=202.92.207.0/24 comment="" disabled=no
add list=nice address=202.95.147.0/24 comment="" disabled=no
add list=nice address=202.122.162.0/24 comment="" disabled=no
add list=nice address=202.135.5.0/24 comment="" disabled=no
add list=nice address=202.135.23.0/24 comment="" disabled=no
add list=nice address=202.135.28.0/24 comment="" disabled=no
add list=nice address=202.135.42.0/24 comment="" disabled=no
add list=nice address=202.135.54.0/24 comment="" disabled=no
add list=nice address=202.135.129.0/24 comment="" disabled=no
add list=nice address=202.135.133.0/24 comment="" disabled=no
add list=nice address=202.135.145.0/24 comment="" disabled=no
add list=nice address=202.135.155.0/24 comment="" disabled=no
add list=nice address=202.135.161.0/24 comment="" disabled=no
add list=nice address=202.135.226.0/24 comment="" disabled=no
add list=nice address=202.135.248.0/24 comment="" disabled=no
add list=nice address=202.146.34.0/24 comment="" disabled=no
add list=nice address=202.146.180.0/24 comment="" disabled=no
add list=nice address=202.146.183.0/24 comment="" disabled=no
add list=nice address=202.149.77.0/24 comment="" disabled=no
add list=nice address=202.149.79.0/24 comment="" disabled=no
add list=nice address=202.150.136.0/24 comment="" disabled=no
add list=nice address=202.150.160.0/24 comment="" disabled=no
add list=nice address=202.150.250.0/24 comment="" disabled=no
add list=nice address=202.154.183.0/24 comment="" disabled=no
add list=nice address=202.154.190.0/24 comment="" disabled=no
add list=nice address=202.155.88.0/24 comment="" disabled=no
add list=nice address=202.155.91.0/24 comment="" disabled=no
add list=nice address=202.160.254.0/24 comment="" disabled=no
add list=nice address=202.164.216.0/24 comment="" disabled=no
add list=nice address=202.167.97.0/24 comment="" disabled=no
add list=nice address=202.169.234.0/24 comment="" disabled=no
add list=nice address=202.179.186.0/24 comment="" disabled=no
add list=nice address=202.180.10.0/24 comment="" disabled=no
add list=nice address=202.180.20.0/24 comment="" disabled=no
add list=nice address=202.182.54.0/24 comment="" disabled=no
add list=nice address=202.182.182.0/24 comment="" disabled=no
add list=nice address=202.182.187.0/24 comment="" disabled=no
add list=nice address=202.183.1.0/24 comment="" disabled=no
add list=nice address=202.183.5.0/24 comment="" disabled=no
add list=nice address=202.183.6.0/24 comment="" disabled=no
add list=nice address=202.183.10.0/24 comment="" disabled=no
add list=nice address=203.14.176.0/24 comment="" disabled=no
add list=nice address=203.77.212.0/24 comment="" disabled=no
add list=nice address=203.77.216.0/24 comment="" disabled=no
add list=nice address=203.77.223.0/24 comment="" disabled=no
add list=nice address=203.77.235.0/24 comment="" disabled=no
add list=nice address=203.77.252.0/24 comment="" disabled=no
add list=nice address=203.77.255.0/24 comment="" disabled=no
add list=nice address=203.99.100.0/24 comment="" disabled=no
add list=nice address=203.99.103.0/24 comment="" disabled=no
add list=nice address=203.99.119.0/24 comment="" disabled=no
add list=nice address=203.99.120.0/24 comment="" disabled=no
add list=nice address=203.99.127.0/24 comment="" disabled=no
add list=nice address=203.119.13.0/24 comment="" disabled=no
add list=nice address=203.119.17.0/24 comment="" disabled=no
add list=nice address=203.119.54.0/24 comment="" disabled=no
add list=nice address=203.160.58.0/24 comment="" disabled=no
add list=nice address=203.160.60.0/24 comment="" disabled=no
add list=nice address=203.163.66.0/24 comment="" disabled=no
add list=nice address=203.163.76.0/24 comment="" disabled=no
add list=nice address=203.163.81.0/24 comment="" disabled=no
add list=nice address=203.163.88.0/24 comment="" disabled=no
add list=nice address=203.163.95.0/24 comment="" disabled=no
add list=nice address=203.163.113.0/24 comment="" disabled=no
add list=nice address=203.173.89.0/24 comment="" disabled=no
add list=nice address=203.173.90.0/24 comment="" disabled=no
add list=nice address=203.174.5.0/24 comment="" disabled=no
add list=nice address=203.190.36.0/24 comment="" disabled=no
add list=nice address=203.190.116.0/24 comment="" disabled=no
add list=nice address=203.191.44.0/24 comment="" disabled=no
add list=nice address=203.191.46.0/24 comment="" disabled=no
add list=nice address=203.194.90.0/24 comment="" disabled=no
add list=nice address=205.248.57.0/24 comment="" disabled=no
add list=nice address=205.248.151.0/24 comment="" disabled=no
add list=nice address=205.248.158.0/24 comment="" disabled=no
add list=nice address=206.73.79.0/24 comment="" disabled=no
add list=nice address=206.73.80.0/24 comment="" disabled=no
add list=nice address=206.73.194.0/24 comment="" disabled=no
add list=nice address=206.73.203.0/24 comment="" disabled=no
add list=nice address=206.73.205.0/24 comment="" disabled=no
add list=nice address=206.73.222.0/24 comment="" disabled=no
add list=nice address=206.73.227.0/24 comment="" disabled=no
add list=nice address=206.73.228.0/24 comment="" disabled=no
add list=nice address=206.73.240.0/24 comment="" disabled=no
add list=nice address=206.73.244.0/24 comment="" disabled=no
add list=nice address=206.73.248.0/24 comment="" disabled=no
add list=nice address=206.182.36.0/24 comment="" disabled=no
add list=nice address=207.117.234.0/24 comment="" disabled=no
add list=nice address=210.23.64.0/24 comment="" disabled=no
add list=nice address=210.23.69.0/24 comment="" disabled=no
add list=nice address=219.83.124.0/24 comment="" disabled=no
add list=nice address=220.247.168.0/24 comment="" disabled=no
add list=nice address=222.165.192.0/24 comment="" disabled=no
add list=nice address=222.165.251.0/24 comment="" disabled=no
add list=Lan address=192.168.0.0/27 comment="Lan" disabled=no
add list=standart_group address=10.3.3.3 comment="" disabled=no
add list=123 address=0.0.0.0 comment="" disabled=no