MCqjvMiE

· 9 years ago · Aug 19, 2016, 05:58 AM
1# aug/13/2016 12:16:57 by RouterOS 6.32.2
2# software id = 98T6-5WE5
3#
4/interface ethernet
5set [ find default-name=ether1 ] comment=browsing mac-address=\
6    4C:5E:0C:D9:6B:39 name=ether1-public
7set [ find default-name=ether2 ] mac-address=4C:5E:0C:D9:6B:3A name=\
8    ether2-local
9set [ find default-name=ether3 ] comment=game mac-address=4C:5E:0C:D9:6B:3B \
10    name="ether3-public 2"
11set [ find default-name=ether4 ] disabled=yes mac-address=4C:5E:0C:D9:6B:3C
12set [ find default-name=ether5 ] mac-address=4C:5E:0C:D9:6B:3D
13/interface pppoe-client
14add disabled=no interface=ether1-public max-mru=1480 max-mtu=1480 mrru=1600 \
15    name=pppoe-out1 password=FOUEON01LU user=122318216357@telkom.net
16add disabled=no interface="ether3-public 2" max-mru=1480 max-mtu=1480 mrru=\
17    1600 name=pppoe-out2 password=GKNECU44JK user=121318200026@telkom.net
18/ip neighbor discovery
19set ether1-public comment=browsing
20set "ether3-public 2" comment=game
21/ip dhcp-server
22add disabled=no interface=ether2-local lease-time=3d name=dhcp1
23/ip ipsec proposal
24set [ find default=yes ] enc-algorithms=aes-128-cbc
25/queue simple
26add max-limit=0/256k name=queue1 target=192.168.1.2/32
27/queue tree
28add disabled=yes name="1.First Priority" parent=global priority=1
29add disabled=yes name="2.Second Priority" parent=global priority=2
30add disabled=yes max-limit=3M name="3.Third Priorty" parent=global priority=5
31add disabled=yes max-limit=350k name="1.Time Critical" parent=\
32    "3.Third Priorty" priority=5
33add disabled=yes max-limit=3M name=2.Browsing parent="3.Third Priorty" \
34    priority=7
35add disabled=yes max-limit=350k name="4.Fourth Priority" parent=global
36/queue type
37add kind=pcq name=down pcq-classifier=dst-address,dst-port \
38    pcq-dst-address6-mask=64 pcq-src-address6-mask=64
39add kind=pcq name=up pcq-classifier=src-address,src-port \
40    pcq-dst-address6-mask=64 pcq-src-address6-mask=64
41add kind=pcq name="PROXY DOWN" pcq-classifier=dst-address
42add kind=pcq name=DOWN pcq-classifier=dst-address,dst-port
43add kind=pcq name=UP pcq-classifier=src-address,src-port
44add kind=pfifo name=PING pfifo-limit=64
45add kind=pcq name=hit-pcq pcq-classifier=dst-address pcq-limit=200
46add kind=pcq name=PCQ-1Mbps pcq-classifier=dst-address pcq-limit=100 \
47    pcq-rate=1024k
48add kind=pcq name=PCQ-2Mbps pcq-classifier=dst-address pcq-limit=100 \
49    pcq-rate=2048k
50add kind=pcq name=PCQ-750Kbps pcq-classifier=dst-address pcq-limit=100 \
51    pcq-rate=750k
52add kind=pcq name=pcq-512k pcq-classifier=dst-address pcq-rate=512k
53add kind=pfifo name=default2
54add kind=pcq name=pcq-up pcq-classifier=src-address pcq-rate=250k
55add kind=pcq name=pcq-down pcq-classifier=dst-address
56add kind=pfifo name=pfifo-critical pfifo-limit=100
57add kind=pcq name=pcq-game-down pcq-classifier=dst-address,dst-port \
58    pcq-limit=60 pcq-total-limit=20k
59add kind=pcq name=pcq-game-up pcq-classifier=src-address,src-port pcq-limit=\
60    60 pcq-total-limit=20k
61add kind=pcq name=pcq_critical.up pcq-classifier=src-address,src-port \
62    pcq-limit=20 pcq-total-limit=500
63add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-limit=200 \
64    pcq-total-limit=8k
65add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=200 \
66    pcq-total-limit=8k
67add kind=pcq name=browse pcq-classifier=src-address,dst-address pcq-limit=100 \
68    pcq-rate=3M
69add kind=pfifo name=pfifo-critical-d pfifo-limit=600
70add kind=pfifo name=pfifo-critical-up pfifo-limit=600
71add kind=sfq name=sfq-down
72add kind=sfq name=sfq-up
73add kind=pcq name=pcq_hit_down pcq-classifier=dst-address
74add kind=pcq name=pcq_hit_up pcq-classifier=src-address
75add kind=pfifo name=pfifo-critical-down pfifo-limit=600
76add kind=pcq name=proxy pcq-classifier=dst-address pcq-dst-address6-mask=64 \
77    pcq-limit=100 pcq-rate=3M pcq-src-address6-mask=64
78add kind=pcq name=hotspot-down pcq-classifier=dst-address \
79    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
80/queue tree
81add disabled=yes name=1.icmp packet-mark=icmp parent="1.First Priority" \
82    priority=1 queue=default
83add disabled=yes name=2.dns packet-mark=dns parent="1.First Priority" \
84    priority=1 queue=default
85add disabled=yes name=3.mikrotik packet-mark=mikrotik parent=\
86    "1.First Priority" priority=1 queue=default
87add disabled=yes name="game website" packet-mark="game website" parent=\
88    "2.Second Priority" priority=2 queue=default
89add disabled=yes name="Time Down" packet-mark=time_critical_down parent=\
90    "1.Time Critical" priority=5 queue=pfifo-critical-down
91add disabled=yes name="Time Up" packet-mark=time_critical_up parent=\
92    "1.Time Critical" priority=5 queue=pfifo-critical-up
93add disabled=yes name="game online" packet-mark="game online" parent=\
94    "2.Second Priority" priority=2 queue=default
95add disabled=yes max-limit=350k name=Upload packet-mark=upload parent=\
96    "4.Fourth Priority" queue=default
97add disabled=yes limit-at=125k max-limit=512k name=User101 packet-mark=\
98    user101 parent=2.Browsing priority=7 queue=default
99add disabled=yes limit-at=125k max-limit=512k name=User102 packet-mark=\
100    user102 parent=2.Browsing priority=7 queue=default
101add disabled=yes limit-at=125k max-limit=512k name=User103 packet-mark=\
102    user103 parent=2.Browsing priority=7 queue=default
103add disabled=yes limit-at=125k max-limit=512k name=User104 packet-mark=\
104    user104 parent=2.Browsing priority=7 queue=default
105add disabled=yes limit-at=125k max-limit=512k name=User105 packet-mark=\
106    user105 parent=2.Browsing priority=7 queue=default
107add disabled=yes limit-at=125k max-limit=512k name=User106 packet-mark=\
108    user106 parent=2.Browsing priority=7 queue=default
109add disabled=yes limit-at=125k max-limit=512k name=User107 packet-mark=\
110    user107 parent=2.Browsing priority=7 queue=default
111add disabled=yes limit-at=125k max-limit=512k name=User108 packet-mark=\
112    user108 parent=2.Browsing priority=7 queue=default
113add disabled=yes limit-at=125k max-limit=512k name=User109 packet-mark=\
114    user109 parent=2.Browsing priority=7 queue=default
115add disabled=yes limit-at=125k max-limit=512k name=User110 packet-mark=\
116    user110 parent=2.Browsing priority=7 queue=default
117add disabled=yes limit-at=125k max-limit=512k name=User111 packet-mark=\
118    user111 parent=2.Browsing priority=7 queue=default
119add disabled=yes limit-at=125k max-limit=512k name=User112 packet-mark=\
120    user112 parent=2.Browsing priority=7 queue=default
121add disabled=yes limit-at=125k max-limit=512k name=User113 packet-mark=\
122    user113 parent=2.Browsing priority=7 queue=default
123add disabled=yes limit-at=125k max-limit=512k name=User114 packet-mark=\
124    user114 parent=2.Browsing priority=7 queue=default
125add disabled=yes limit-at=125k max-limit=512k name=User115 packet-mark=\
126    user115 parent=2.Browsing priority=7 queue=default
127add disabled=yes limit-at=125k max-limit=512k name=User116 packet-mark=\
128    user116 parent=2.Browsing priority=7 queue=default
129add disabled=yes limit-at=125k max-limit=3M name=User117 packet-mark=user117 \
130    parent=2.Browsing priority=7 queue=default
131add disabled=yes limit-at=125k max-limit=512k name=User118 packet-mark=\
132    user118 parent=2.Browsing priority=7 queue=default
133add disabled=yes limit-at=125k max-limit=512k name=User119 packet-mark=\
134    user119 parent=2.Browsing priority=7 queue=default
135add disabled=yes limit-at=125k max-limit=512k name=User120 packet-mark=\
136    user120 parent=2.Browsing priority=7 queue=default
137add disabled=yes limit-at=125k max-limit=512k name=User121 packet-mark=\
138    user121 parent=2.Browsing priority=7 queue=default
139add disabled=yes limit-at=125k max-limit=512k name=User122 packet-mark=\
140    user122 parent=2.Browsing priority=7 queue=default
141add disabled=yes limit-at=125k max-limit=512k name=User123 packet-mark=\
142    user123 parent=2.Browsing priority=7 queue=default
143add disabled=yes limit-at=125k max-limit=512k name=User124 packet-mark=\
144    user124 parent=2.Browsing priority=7 queue=default
145add disabled=yes limit-at=125k max-limit=512k name=User125 packet-mark=\
146    user125 parent=2.Browsing priority=7 queue=default
147add disabled=yes limit-at=125k max-limit=512k name=User100 packet-mark=\
148    user100 parent=2.Browsing priority=7 queue=default
149/tool user-manager customer
150set admin access=\
151    own-routers,own-users,own-profiles,own-limits,config-payment-gw
152/ip address
153add address=192.168.1.1/24 interface=ether2-local network=192.168.1.0
154add address=192.168.0.10/24 interface=ether1-public network=192.168.0.0
155add address=192.168.2.1/24 comment=modem2 interface="ether3-public 2" \
156    network=192.168.2.0
157add address=192.168.10.254/24 interface=ether1-public network=192.168.10.0
158/ip dhcp-server network
159add address=192.168.1.0/24 dns-server=\
160    202.134.0.155,208.67.222.222,8.8.8.8,8.8.4.4 gateway=192.168.1.1
161/ip dns
162set allow-remote-requests=yes servers=\
163    202.134.0.155,208.67.222.222,8.8.8.8,8.8.4.4
164/ip firewall address-list
165add address=192.168.1.0/24 list=local
166/ip firewall filter
167add chain=input comment=l2tp_Game_IX port=1701,500,4500 protocol=udp
168add chain=forward connection-mark=icmp limit=50,2
169add chain=input protocol=tcp
170add chain=input protocol=udp
171add chain=input limit=50/5s,2 protocol=icmp
172add chain=input comment=l2tp_Game_IX port=1701,500,4500 protocol=udp
173add action=drop chain=forward dst-port=8001-8002 protocol=tcp
174add action=passthrough chain=unused-hs-chain comment=\
175    "place hotspot rules here" disabled=yes
176add chain=forward connection-mark=icmp limit=50,2
177add chain=input protocol=tcp
178add chain=input protocol=udp
179add chain=input limit=50/5s,2 protocol=icmp
180add action=add-dst-to-address-list address-list="game online" chain=forward \
181    comment="3 kingdoms" dst-port=42051-42052 protocol=udp
182add action=add-dst-to-address-list address-list="game online" chain=forward \
183    comment="age of wushu" dst-port=2001,2002,2003 protocol=tcp
184add action=add-dst-to-address-list address-list="game online" chain=forward \
185    comment=atlantica dst-port=4300 protocol=tcp
186add action=add-dst-to-address-list address-list="game online" chain=forward \
187    comment=ayodance dst-port=18901-18909,18900-18910 protocol=tcp
188add action=add-dst-to-address-list address-list="game online" chain=forward \
189    comment=aurakingdom dst-port=5568-5569,6543-6546,10022-10035 protocol=tcp
190add action=add-dst-to-address-list address-list="game online" chain=forward \
191    dst-port=5568-5569,6543-6546,10022-10035 protocol=udp
192add action=add-dst-to-address-list address-list="game online" chain=forward \
193    comment="aurora world indonesia" dst-port=20050-20200 protocol=tcp
194add action=add-dst-to-address-list address-list="game online" chain=forward \
195    comment=Blacksquad dst-port=61000-62000 protocol=tcp
196add action=add-dst-to-address-list address-list="game online" chain=forward \
197    dst-port=50009-50040 protocol=udp
198add action=add-dst-to-address-list address-list="game online" chain=forward \
199    comment=cabal dst-port=15001-15002 protocol=tcp
200add action=add-dst-to-address-list address-list="game online" chain=forward \
201    comment=crazyshooter dst-port=7200,7400,7106,7999,47611,36567 protocol=\
202    tcp
203add action=add-dst-to-address-list address-list="game online" chain=forward \
204    dst-port=7200,10087 protocol=tcp
205add action=add-dst-to-address-list address-list="game online" chain=forward \
206    comment=dragnoest dst-port=14300-14550 protocol=tcp
207add action=add-dst-to-address-list address-list="game online" chain=forward \
208    dst-port=15100-15150 protocol=udp
209add action=add-dst-to-address-list address-list="game online" chain=forward \
210    comment="dizzel indonesia & ayo oke" dst-port=7320-7350,28000-28020 \
211    protocol=tcp
212add action=add-dst-to-address-list address-list="game online" chain=forward \
213    dst-port=29000-29010,49330-49350 protocol=udp
214add action=add-dst-to-address-list address-list="game online" chain=forward \
215    comment="dota 2 steam" dst-port=27010-27160 protocol=tcp
216add action=add-dst-to-address-list address-list="game online" chain=forward \
217    dst-port=3478,4379-4380,27000-27160 protocol=udp
218add action=add-dst-to-address-list address-list="game online" chain=forward \
219    comment="Elsword Indonesia" dst-port=14300-14310 protocol=tcp
220add action=add-dst-to-address-list address-list="game online" chain=forward \
221    dst-port=14101-14105 protocol=udp
222add action=add-dst-to-address-list chain=forward comment="fifa online 3" \
223    dst-port=6310-6340,7770-7790 protocol=tcp
224add action=add-dst-to-address-list chain=forward dst-port=\
225    6310-6340,16310-16340 protocol=udp
226add action=add-dst-to-address-list address-list="game online" chain=forward \
227    comment="freestyle 2" dst-port=40600-40700 protocol=udp
228add action=add-dst-to-address-list address-list="game online" chain=forward \
229    dst-port=10600-10700 protocol=tcp
230add action=add-dst-to-address-list address-list="game online" chain=forward \
231    comment="gundam capsule" dst-port=12000-15900 protocol=udp
232add action=add-dst-to-address-list address-list="game online" chain=forward \
233    dst-port=5000-5020 protocol=tcp
234add action=add-dst-to-address-list address-list="game online" chain=forward \
235    comment="Hero of newearth" dst-port=1513,11031,11235-11335 protocol=tcp
236add action=add-dst-to-address-list address-list="game online" chain=forward \
237    dst-port=1513,11031,11235-11335 protocol=udp
238add action=add-dst-to-address-list address-list="game online" chain=forward \
239    comment=hon dst-port=11031 protocol=tcp
240add action=add-dst-to-address-list address-list="game online" chain=forward \
241    dst-port=11100-11125,11440-11460 protocol=udp
242add action=add-dst-to-address-list address-list="game online" chain=forward \
243    comment="kart rider" dst-port=39311 protocol=tcp
244add action=add-dst-to-address-list address-list="game online" chain=forward \
245    dst-port=39311 protocol=udp
246add action=add-dst-to-address-list address-list="game online" chain=forward \
247    comment=lostsaga dst-port=14000-14050 protocol=tcp
248add action=add-dst-to-address-list address-list="game online" chain=forward \
249    dst-port=14000-14050 protocol=udp
250add action=add-dst-to-address-list address-list="game online" chain=forward \
251    comment="League Of Legends" dst-port=2099,5222-5223,8393-8400 protocol=\
252    tcp
253add action=add-dst-to-address-list address-list="game online" chain=forward \
254    dst-port=5000-5500 protocol=udp
255add action=add-dst-to-address-list address-list="game online" chain=forward \
256    comment="moodo marble" dst-port=28901-28920 protocol=tcp
257add action=add-dst-to-address-list address-list="game online" chain=forward \
258    dst-port=27019 protocol=udp
259add action=add-dst-to-address-list address-list="game online" chain=forward \
260    comment="perfect world indonesia" dst-port=29000 protocol=tcp
261add action=add-dst-to-address-list address-list="game online" chain=forward \
262    comment="pointblank indonesia" dst-port=39100-49100 protocol=tcp
263add action=add-dst-to-address-list address-list="game online" chain=forward \
264    dst-port=40000-40010 protocol=udp
265add action=add-dst-to-address-list address-list="game online" chain=forward \
266    comment="rising force" dst-port=27780 protocol=tcp
267add action=add-dst-to-address-list address-list="game online" chain=forward \
268    comment=teamviewer dst-port=5938 protocol=tcp
269add action=add-dst-to-address-list address-list="game online" chain=forward \
270    dst-port=5938 protocol=udp
271add action=add-dst-to-address-list address-list="game online" chain=forward \
272    comment=touch dst-port=18901-18909 protocol=tcp
273add action=add-dst-to-address-list address-list="game online" chain=forward \
274    comment=yulgang dst-port=19000 protocol=tcp
275add action=add-dst-to-address-list address-list="game online" chain=forward \
276    comment="world in ayodance" dst-port=52510,53100-53110,54100,55100 \
277    protocol=tcp
278add action=add-dst-to-address-list address-list="game online" chain=forward \
279    comment=X-shot dst-port=7341-7451 protocol=tcp
280add action=add-dst-to-address-list address-list="game online" chain=forward \
281    dst-port=7341-7451,7808,30000 protocol=udp
282/ip firewall mangle
283add chain=prerouting comment="accept - accept an" connection-mark=icmp \
284    src-address-list=local
285add chain=postrouting connection-mark=icmp src-address-list=local
286add chain=prerouting connection-mark=dns dst-address-list=local \
287    src-address-list=local
288add chain=postrouting connection-mark=dns dst-address-list=local \
289    src-address-list=local
290add action=mark-packet chain=output new-packet-mark=output_HC passthrough=no \
291    protocol=tcp
292add action=mark-connection chain=icmp comment=icmp dst-address-list=!local \
293    icmp-options=0:0 new-connection-mark=icmp protocol=icmp
294add action=mark-connection chain=icmp dst-address-list=local icmp-options=8:0 \
295    new-connection-mark=icmp protocol=icmp
296add action=mark-connection chain=icmp dst-address-list=local icmp-options=0:0 \
297    new-connection-mark=icmp protocol=icmp
298add action=mark-connection chain=icmp dst-address-list=local icmp-options=8:0 \
299    new-connection-mark=icmp protocol=icmp
300add action=change-dscp chain=prerouting new-dscp=1 protocol=icmp
301add action=mark-packet chain=prerouting connection-mark=icmp new-packet-mark=\
302    icmp passthrough=no
303add action=jump chain=prerouting jump-target=icmp
304add action=jump chain=postrouting jump-target=icmp
305add action=mark-connection chain=dns comment=dns dst-port=53 \
306    new-connection-mark=dns protocol=udp src-address-list=local
307add action=mark-connection chain=dns dst-port=53 new-connection-mark=dns \
308    protocol=udp src-address-list=local
309add action=mark-packet chain=prerouting connection-mark=dns new-packet-mark=\
310    dns passthrough=no
311add action=jump chain=prerouting jump-target=dns
312add action=jump chain=postrouting jump-target=dns
313add action=mark-connection chain=prerouting comment=mikrotik dst-port=8291 \
314    new-connection-mark=mikrotik protocol=tcp
315add action=mark-packet chain=prerouting connection-mark=mikrotik \
316    new-packet-mark=mikrotik passthrough=no
317add action=mark-packet chain=game connection-mark="game online" \
318    new-packet-mark="game online" passthrough=no
319add action=mark-packet chain=game connection-mark=game_IX dst-address-list=\
320    Game_IX new-packet-mark=game_IX passthrough=no
321add action=jump chain=prerouting jump-target=game
322add action=mark-routing chain=prerouting comment=browsing new-routing-mark=\
323    browsing protocol=icmp
324add action=mark-routing chain=prerouting dst-port=\
325    80,182,443,5000,8001-8002,8081,8578-8579 new-routing-mark=browsing \
326    protocol=tcp
327add action=mark-routing chain=prerouting dst-port=\
328    80,182,443,5000,8001-8002,8081,8578-8579 new-routing-mark=browsing \
329    protocol=udp
330add action=mark-connection chain=prerouting comment=QoS_ack_up dst-port=\
331    80,182,443,5000,8081 new-connection-mark=time_critical_up packet-size=\
332    0-666 protocol=tcp src-address-list=local tcp-flags=syn
333add action=mark-connection chain=prerouting dst-port=80,182,443,5000,8081 \
334    new-connection-mark=time_critical_up packet-size=0-123 protocol=tcp \
335    src-address-list=local tcp-flags=ack
336add action=mark-packet chain=prerouting connection-mark=time_critical_up \
337    new-packet-mark=time_critical_up passthrough=no
338add action=mark-connection chain=postrouting comment=QoS_Ack_down \
339    dst-address-list=local new-connection-mark=time_critical_down \
340    packet-size=0-666 protocol=tcp src-port=80,443 tcp-flags=syn
341add action=mark-connection chain=postrouting dst-address-list=local \
342    new-connection-mark=time_critical_down packet-size=0-123 protocol=tcp \
343    src-port=80,443 tcp-flags=ack
344add action=mark-packet chain=postrouting connection-mark=time_critical_down \
345    new-packet-mark=time_critical_down passthrough=no
346add action=mark-connection chain=down dst-port=80,182,443,5000,8081,8578-8579 \
347    new-connection-mark=browsing protocol=tcp
348add action=mark-connection chain=down dst-port=80,182,443,5000,8081,8578-8579 \
349    new-connection-mark=browsing protocol=udp
350add action=mark-packet chain=down connection-mark=browsing dst-address=\
351    192.168.1.101 new-packet-mark=user101 passthrough=no
352add action=mark-packet chain=down connection-mark=browsing dst-address=\
353    192.168.1.100 new-packet-mark=user100 passthrough=no
354add action=mark-packet chain=down connection-mark=browsing dst-address=\
355    192.168.1.102 new-packet-mark=user102 passthrough=no
356add action=mark-packet chain=down connection-mark=browsing dst-address=\
357    192.168.1.103 new-packet-mark=user103 passthrough=no
358add action=mark-packet chain=down connection-mark=browsing dst-address=\
359    192.168.1.104 new-packet-mark=user104 passthrough=no
360add action=mark-packet chain=down connection-mark=browsing dst-address=\
361    192.168.1.105 new-packet-mark=user105 passthrough=no
362add action=mark-packet chain=down connection-mark=browsing dst-address=\
363    192.168.1.106 new-packet-mark=user106 passthrough=no
364add action=mark-packet chain=down connection-mark=browsing dst-address=\
365    192.168.1.108 new-packet-mark=user108 passthrough=no
366add action=mark-packet chain=down connection-mark=browsing dst-address=\
367    192.168.1.109 new-packet-mark=user109 passthrough=no
368add action=mark-packet chain=down connection-mark=browsing dst-address=\
369    192.168.1.111 new-packet-mark=user111 passthrough=no
370add action=mark-packet chain=down connection-mark=browsing dst-address=\
371    192.168.1.112 new-packet-mark=user113 passthrough=no
372add action=mark-packet chain=down connection-mark=browsing dst-address=\
373    192.168.1.113 new-packet-mark=user113 passthrough=no
374add action=mark-packet chain=down connection-mark=browsing dst-address=\
375    192.168.1.114 new-packet-mark=user114 passthrough=no
376add action=mark-packet chain=down connection-mark=browsing dst-address=\
377    192.168.1.115 new-packet-mark=user115 passthrough=no
378add action=mark-packet chain=down connection-mark=browsing dst-address=\
379    192.168.1.110 new-packet-mark=user110 passthrough=no
380add action=mark-packet chain=down connection-mark=browsing dst-address=\
381    192.168.1.116 new-packet-mark=user116 passthrough=no
382add action=mark-packet chain=down connection-mark=browsing disabled=yes \
383    dst-address=192.168.1.117 new-packet-mark=user117 passthrough=no
384add action=mark-packet chain=down connection-mark=browsing dst-address=\
385    192.168.1.118 new-packet-mark=user118 passthrough=no
386add action=mark-packet chain=down connection-mark=browsing dst-address=\
387    192.168.1.119 new-packet-mark=user119 passthrough=no
388add action=mark-packet chain=down connection-mark=browsing dst-address=\
389    192.168.1.120 new-packet-mark=user120 passthrough=no
390add action=mark-packet chain=down connection-mark=browsing dst-address=\
391    192.168.1.121 new-packet-mark=user121 passthrough=no
392add action=mark-packet chain=down connection-mark=browsing dst-address=\
393    192.168.1.122 new-packet-mark=user122 passthrough=no
394add action=mark-packet chain=down connection-mark=browsing dst-address=\
395    192.168.1.123 new-packet-mark=user123 passthrough=no
396add action=mark-packet chain=down connection-mark=browsing dst-address=\
397    192.168.1.124 new-packet-mark=user124 passthrough=no
398add action=mark-packet chain=down connection-mark=browsing dst-address=\
399    192.168.1.125 new-packet-mark=user125 passthrough=no
400add action=mark-connection chain=prerouting dst-port=80,443 in-interface=\
401    ether2-local new-connection-mark=upload protocol=tcp src-address=\
402    192.168.1.0/24
403add action=mark-packet chain=prerouting connection-mark=upload in-interface=\
404    ether2-local new-packet-mark=upload passthrough=no
405add action=jump chain=forward jump-target=down
406add action=mark-connection chain=prerouting comment=upload in-interface=\
407    ether2-local new-connection-mark=UPLOAD protocol=tcp src-address=\
408    192.168.10.0/24 src-port=80,443
409add action=mark-connection chain=prerouting dst-port=80,443 in-interface=\
410    ether2-local new-connection-mark=UPLOAD protocol=tcp src-address=\
411    192.168.10.0/24
412add action=mark-packet chain=prerouting connection-mark=UPLOAD \
413    new-packet-mark=upload passthrough=no
414add action=jump chain=prerouting jump-target=down
415add action=jump chain=postrouting jump-target=down
416/ip firewall nat
417# pppoe-out1 not ready
418add action=masquerade chain=srcnat out-interface=pppoe-out1
419add action=masquerade chain=srcnat out-interface=pppoe-out2
420add action=masquerade chain=srcnat out-interface=ether1-public
421add action=masquerade chain=srcnat out-interface="ether3-public 2"
422add action=masquerade chain=srcnat
423/ip ipsec policy
424set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
425/ip route
426add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=browsing
427add check-gateway=ping distance=1 gateway=pppoe-out2
428add check-gateway=ping distance=1 gateway=pppoe-out2
429/ip service
430set telnet disabled=yes
431set ftp disabled=yes
432set www disabled=yes
433set ssh disabled=yes
434set api disabled=yes
435set api-ssl disabled=yes
436/system clock
437set time-zone-autodetect=no
438/system lcd
439set contrast=0 enabled=no port=parallel type=24x4
440/system lcd page
441set time disabled=yes display-time=5s
442set resources disabled=yes display-time=5s
443set uptime disabled=yes display-time=5s
444set packets disabled=yes display-time=5s
445set bits disabled=yes display-time=5s
446set version disabled=yes display-time=5s
447set identity disabled=yes display-time=5s
448set pppoe-out1 disabled=yes display-time=5s
449set pppoe-out2 disabled=yes display-time=5s
450set ether1-public disabled=yes display-time=5s
451set ether2-local disabled=yes display-time=5s
452set "ether3-public 2" disabled=yes display-time=5s
453set ether4 disabled=yes display-time=5s
454set ether5 disabled=yes display-time=5s
455/tool user-manager database
456set db-path=user-manager