LIMIT PlayStore Mikrotik

/ip firewall layer7-protocol

add name=IPA regexp="\\.(ipa)"

add name=IPSW regexp="\\.(ipsw)"

add name=APK regexp="^.*get.+\\.apk.*\$"

add comment="PLAY STORE" name="Google Play Store" regexp=\

    "^.+.c.android.clients.google.com.*\$"

/ip firewall mangle

add action=mark-connection chain=forward comment=APK connection-mark=!Game \

    disabled=no layer7-protocol=APK new-connection-mark=APK packet-mark=\

    !Game_pkt passthrough=yes

add action=mark-packet chain=forward connection-mark=APK disabled=no \

    new-packet-mark=APK passthrough=no

add action=mark-connection chain=forward comment=IPA connection-mark=!Game \

    disabled=no layer7-protocol=IPA new-connection-mark=IPA packet-mark=\

    !Game_pkt passthrough=yes

add action=mark-packet chain=forward connection-mark=IPA disabled=no \

    new-packet-mark=IPA passthrough=no

add action=mark-connection chain=forward comment=IPSW connection-mark=!Game \

    disabled=no layer7-protocol=IPSW new-connection-mark=IPSW packet-mark=\

    !Game_pkt passthrough=yes

add action=mark-packet chain=forward connection-mark=IPSW disabled=no \

    new-packet-mark=IPSW passthrough=no

add action=mark-connection chain=forward connection-mark=!Game disabled=no \

    layer7-protocol="Google Play Store" new-connection-mark="PLAY STORE" \

    packet-mark=!Game_pkt passthrough=yes

add action=mark-packet chain=forward connection-mark="PLAY STORE" disabled=no \

    new-packet-mark="PLAY STORE" passthrough=no

  

/queue type  

add kind=pcq name=que-down pcq-burst-rate=1M pcq-burst-threshold=256k \

    pcq-burst-time=30s pcq-classifier=dst-address pcq-dst-address-mask=32 \

    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=384k pcq-src-address-mask=\

    32 pcq-src-address6-mask=64 pcq-total-limit=2000  

  

/queue tree      

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \

    max-limit=1M name=ANDROID packet-mark="" parent=V.DOWNLOAD priority=6

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50k \

    max-limit=1M name=APEKA packet-mark=APK parent=ANDROID priority=6 queue=\

    que-down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=186k \

    max-limit=1M name=IPESWE packet-mark=IPSW parent=ANDROID priority=8 queue=\

    que-down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50k \

    max-limit=756k name=IPS packet-mark=IPA parent=ANDROID priority=8 queue=\

    que-down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50k \

    max-limit=1M name="PLAY STORE" packet-mark="PLAY STORE" parent=ANDROID \

    priority=6 queue=que-down

sumber http://syakirahkomputer.blogspot.com

Continue reading LIMIT PlayStore Mikrotik

Blokir Windows Update dengan Mikrotik

 

Blokir Windows Update dengan Mikrotik

/ip firewall raw
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=windowsupdate.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=test.stats.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=ntservicepack.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.windowsupdate.microsoft.com

Continue reading Blokir Windows Update dengan Mikrotik

Memaksimalkan Jaringan WiFi Mikrotik

 

wifi merupakan sebuah kebutuhan yang sangat penting,wifi juga dapat mempengaruhi apakan pengunjung akan kembali lagi atau tidak dari wifi yang anda sediakan,bagaimana jika pengunjung anda mengakses jaringan wifi anda namun mengalami kendala,seperti lambat ataupun susah untuk konek otomasti pengunjung tersebut tidak akan kembali lagi ke tempat anda

Berikut beberapa tips Optimize Wifi network pada mikrotik

Hanya gunakan channel 1,6,11

Jangan gunakan channel auto

Perhatikan peletakan access point

Supported rate A/G 12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps

Basic rate A/G 12Mbps,18Mbps

Band 2GHz-G/N

Channel Width 20MHz

Untuk frekuensi 5GHz cukup gunakan 40MHz atau 20MHz

Batasi Tx Power

Gunakanlah SSID yang sama

Pastikan jumlah IP Pool mencukupi untuk jumlah pengunjuna

/24 = 256 ip

/23 = 512 ip

/22 = 1024 ip

Jangan membatasi VPN

Gunakan Bandwith management

Untuk kenyamanan hindari pengunjung harus sering login

Jika tidak membutuhkan hotspot,gunakanlah security pada wireless WPA2-PSK dengan AES

Jika gunakan hotspot besarkan session time out

Setting idle time out ke none

Keep alive time ke none

Set Minimum Singal Strength ke -75

Non aktifkan default authenticate

Non aktifkan default forward

Turn of wps mode

Itulah beberapa tips untuk Optimize Wifi network pada mikrotik

sumber : sharkwifi.com

Continue reading Memaksimalkan Jaringan WiFi Mikrotik

Blokir Situs Website dengan DNS Static Mikrotik

 

Internet sangat diperlukan di masa pandemi seperti ini, dengan internet kita menggunakannya untuk banyak belajar, dalam beberapa kasus baik di kantor ataupun sekolah penggunaan internet sering disalah gunakan yaitu dengan menggunakannya untuk menonton streaming ataupun bermain game.

berikut adalah salah satu klue atau cara untuk memblokir website dengan menggunakan dns static di mikrotik.

buka winbox

pilih menu ip > dns > static 

atau dengan command

ip dns static

berikut daftar list situs yang biasanya di blokir

/ip dns static

add name=*.agenfilm21.me address=127.0.0.1

add name=*.ayamhoki.com address=127.0.0.1

add name=*.cinemaindoxxi.me address=127.0.0.1

add name=*.filmbioskop.com address=127.0.0.1

add name=*.layarcinemaxxi.com address=127.0.0.1

add name=*.lk21-film.online address=127.0.0.1

add name=*.luckygames.io address=127.0.0.1

add name=*.studentsexparties.com address=127.0.0.1

add name=*.sukafilm.me address=127.0.0.1

add name=*.herbayoga.com address=127.0.0.1

add name=*.keezmovies.com address=127.0.0.1

add name=*.xvideos.com address=127.0.0.1

add name=*.fuq.com address=127.0.0.1

add name=*.ip-hide.net address=127.0.0.1

add name=*.pornstarmovies.us address=127.0.0.1

Continue reading Blokir Situs Website dengan DNS Static Mikrotik

Change SSH port in CWP

CWP comes with the OpenSSH server. This is using by default port 22. CWP doesn’t modify this at installation time but notifies you to change it as soon as possible. The message looks like:

WARNING: Security vulnerability! Your server is using default SSH Port 22, to make your server more secure change SSH port in config file /etc/ssh/sshd_config and in CSF firewall ! After changes are done don’t forget to restart SSH and CSF Firewall.

To modify the SSH port on CentOs Web Panel:

Login to CWP at https://domainname.com:2087 (port 2087 is for a secure connection)
Go to Services Config->SSH Configuration
This will open for editing the file /etc/ssh/sshd_config
Look for the line:

#Port 22

and change the port number to something else, like 2211; also remove the # character from the beginning of the line. In the end, you will have:

Port 2211

Click the Save changes button
Go to the Dashboard and restart the SSH server.
Go to Security->CSF Firewall, click the Firewall Configuration button
Look for the # Allow incoming TCP ports section and add your port number to the list.
Click the Save changes button
Go to Security->CSF Firewall, click the Firewall Restart button
Now you will be able to connect to the server via SSH using the new port number
The short video tutorial for this KB article:






sumber : plothost.com

if the login fault, try this

semanage port -l | grep ssh

and if output is 22

semanage port -a -t ssh_port_t -p tcp 2222

than, finally

semanage port -l | grep ssh

and show the port used ssh_port_t 




Continue reading Change SSH port in CWP

default ports on the CentOS servers

List of mostly used default ports on the CentOS servers

Port Number - Name
20 - FTP
21 - FTP
22 - SSH
25 - SMTP/EMAIL
26 - SMTP
43 - WHOIS
53 - BIND/DNS
80 - HTTP / Apache Web server
110 - POP3/EMAIL
143 - IMAP
443 - HTTPS / Apache Web server SSL
465 - SMTP/EMAIL SSL/TLS
873 - RSYNC
993 - IMAP/EMAIL SSL
995 - POP3/EMAIL SSL
2030 - CWP Admin
2031 - CWP Admin SSL
2082 - CWP User Panel
2083 - CWP User Panel SSL
2086 - CWP Admin (same as 2030)
2087 - CWP Admin SSL (same as 2031)
2304 - CWP External API SSL (https, only for api access like whmcs )
3306 - MYSQL

sumber : wiki.centos

Continue reading default ports on the CentOS servers