mirror.MikroTik/furaihan.simple-mikrotik-script
1
0
Fork 0
mirror of https://github.com/furaihan/simple-mikrotik-script.git synced 2025-06-20 21:35:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

create script to secure your router and add a get mac vendor function

Browse source
This commit is contained in:
furaihan 2020-08-28 11:11:33 +07:00
parent ebd51c2de8
commit 0d994f2232
4 changed files with 131 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

5
data-usage-to-telegram
View file

@ -24,4 +24,7 @@
:local youtube ("\E2\96\B6 Youtube Usage: $YTGB MB%0A")
:local catatan ("Data diatas adalah hasil perhitungan selama: $murup%0A")
:set keluar ($ngalong.$ssid.$MACAddr.$frequency.$signall.$upload.$download.$youtube.$catatan."%0A")
/tool fetch url="https://api.telegram.org/bot624175217:AAEbatoTY88FkeYvjwYQbzdlurwYjMOoaFU/sendMessage?chat_id=-487804024&text=$keluar" keep-result=no;
/tool fetch url="https://api.telegram.org/bot624175217:AAEbatoTY88FkeYvjwYQbzdlurwYjMOoaFU/sendMessage?chat_id=-487804024&text=$keluar" keep-result=no;
global CHATID
global BOTID
local wan

10
first-setup
View file

@ -3,3 +3,13 @@
:global CHATID ("-4936xxx")
#Change telegram bot id below with your own
:global BOTID ("62xxxxxxxx:AAExxxx")
:global GetMacVendor
:set GetMacVendor do={
local MacAddress [:tostr $1]
:do {
local result ([/tool fetch mode=https http-method=get url=("https://api.macvendors.com/".[:pick [:tostr $MacAddress] 0 8 ]) as-value output=user ]->"data")
return $result
} on-error={
return "Error! this probably cause from unknown vendor or a connection problem"
}
}

94
list-port-game
View file

@ -1,99 +1,99 @@
#SOURCE: INTERNET
{/ip firewall raw
add action=add-dst-to-address-list address-list=virus address-list-timeout=1d \
chain=prerouting comment=Virus dst-address-list=!Private-Lokal dst-port=\
chain=prerouting comment=Virus dst-address-list=!not_in_internet dst-port=\
67,135-139,445,520,3389,20004,7533,5678,20561 protocol=udp \
src-address-list=Private-Lokal
src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Vainglory dst-address-list=!Private-Lokal dst-port=\
7000-8020 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment=Vainglory dst-address-list=!not_in_internet dst-port=\
7000-8020 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Vainglory content=.superevil.net \
dst-address-list=!Private-Lokal src-address-list=Private-Lokal
dst-address-list=!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Mobile Legends" dst-address-list=!Private-Lokal \
chain=prerouting comment="Mobile Legends" dst-address-list=!not_in_internet \
dst-port=30000-30150 protocol=tcp
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Mobile Legends" dst-address-list=!Private-Lokal \
dst-port=44590-44610 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment="Mobile Legends" dst-address-list=!not_in_internet \
dst-port=44590-44610 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="PUBG Mobile" dst-address-list=!Private-Lokal \
dst-port=10012-17500 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment="PUBG Mobile" dst-address-list=!not_in_internet \
dst-port=10012-17500 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="PUBG Mobile" dst-address-list=!Private-Lokal \
chain=prerouting comment="PUBG Mobile" dst-address-list=!not_in_internet \
dst-port=7086-7995,12070-12460,41182-42474 protocol=udp src-address-list=\
Private-Lokal
not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="PUBG Mobile" content=tencentgames.helpshift.com \
dst-address-list=!Private-Lokal src-address-list=Private-Lokal
dst-address-list=!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Garena" content=.garenanow.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=FM19 content=.amazonaws.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=FM19 content=fm19 dst-address-list=!Private-Lokal \
src-address-list=Private-Lokal
chain=prerouting comment=FM19 content=fm19 dst-address-list=!not_in_internet \
src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Roblox content=roblox dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Roblox content=roblox.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Roblox dst-address-list=!Private-Lokal dst-port=\
56849-57729,60275-64632 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment=Roblox dst-address-list=!not_in_internet dst-port=\
56849-57729,60275-64632 protocol=udp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Minecraft content=mojang dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Minecraft content=.mojang.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Minecraft content=unity dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Amazonaws content=.amazonaws.com \
dst-address-list=!Private-Lokal src-address-list=Private-Lokal
dst-address-list=!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Gameloft content=.gameloft.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Xboxlive content=.xboxlive.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Friv.COM content=.friv.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Asphalt 9" dst-address-list=!Private-Lokal \
chain=prerouting comment="Asphalt 9" dst-address-list=!not_in_internet \
dst-port=420,36323,45125,46339,43393 protocol=tcp src-address-list=\
Private-Lokal
not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Asphalt 9" dst-address-list=!Private-Lokal \
dst-port=3544 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment="Asphalt 9" dst-address-list=!not_in_internet \
dst-port=3544 protocol=udp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=Gameloop content=.qq.com dst-address-list=\
!Private-Lokal src-address-list=Private-Lokal
!not_in_internet src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="Free Fire" dst-address-list=!Private-Lokal \
dst-port=10000-10007 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment="Free Fire" dst-address-list=!not_in_internet \
dst-port=10000-10007 protocol=udp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=DOTA2 dst-address-list=!Private-Lokal dst-port=\
27000-28998 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment=DOTA2 dst-address-list=!not_in_internet dst-port=\
27000-28998 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=DOTA2 dst-address-list=!Private-Lokal dst-port=\
27000-28998 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment=DOTA2 dst-address-list=!not_in_internet dst-port=\
27000-28998 protocol=udp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=PALADINS dst-address-list=!Private-Lokal dst-port=\
9000-9999 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment=PALADINS dst-address-list=!not_in_internet dst-port=\
9000-9999 protocol=udp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment=PALADINS dst-address-list=!Private-Lokal dst-port=\
9000-9999 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment=PALADINS dst-address-list=!not_in_internet dst-port=\
9000-9999 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="FIFA ONLINE" dst-address-list=!Private-Lokal \
dst-port=7770-7790 protocol=tcp src-address-list=Private-Lokal
chain=prerouting comment="FIFA ONLINE" dst-address-list=!not_in_internet \
dst-port=7770-7790 protocol=tcp src-address-list=not_in_internet
add action=add-dst-to-address-list address-list=GAME address-list-timeout=1d \
chain=prerouting comment="FIFA ONLINE" dst-address-list=!Private-Lokal \
dst-port=16300-16350 protocol=udp src-address-list=Private-Lokal
chain=prerouting comment="FIFA ONLINE" dst-address-list=!not_in_internet \
dst-port=16300-16350 protocol=udp src-address-list=not_in_internet
}

70
secure-your-router Normal file
View file

@ -0,0 +1,70 @@
{
#SOURCE https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall
#Protect the router itself
# work with new connections to decrease load on a router;
# create address-list for IP addresses, that are allowed to access your router;
# enable ICMP access (optionally);
# drop everything else, log=yes might be added to log packets that hit the specific rule;
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
/ip firewall address-list
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
#Protect the LAN devices
#We will create address-list with name "not_in_internet" which we will use for the future firewall rules:
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
#jump to ICMP chain to drop unwanted ICMP messages
/ip firewall filter
add chain=icmp protocol=icmp icmp-options=0:0 action=accept \
comment="echo reply"
add chain=icmp protocol=icmp icmp-options=3:0 action=accept \
comment="net unreachable"
add chain=icmp protocol=icmp icmp-options=3:1 action=accept \
comment="host unreachable"
add chain=icmp protocol=icmp icmp-options=3:4 action=accept \
comment="host unreachable fragmentation required"
add chain=icmp protocol=icmp icmp-options=8:0 action=accept \
comment="allow echo request"
add chain=icmp protocol=icmp icmp-options=11:0 action=accept \
comment="allow time exceed"
add chain=icmp protocol=icmp icmp-options=12:0 action=accept \
comment="allow parameter bad"
add chain=icmp action=drop comment="deny all other types"
#set policy for read user so they cant reboot your router without permission
/user group set read policy=!reboot
local DisableService do={
/ip service
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
}
#DISABLE UNUSED SERVICES (Remove the hashtag # below to disable unused services)
#$DisableService
}