Vous êtes sur la page 1sur 3

# ip address -------------------------/ip address add address=192.168.88.1/24 interface=ether3 /ip address add address=192.168.10.2/24 interface=ether1 /ip address add address=192.168.20.

2/24 interface=ether2 # interface pppoe-client --------------# ip dns -------------------------------/ip dns set primary-dns=8.8.8.8 /ip dns set secondary-dns=8.8.4.4 /ip dns set allow-remote-requests=yes # ip dns statico-----------------------/ip dns static add address=192.168.88.1 comment="" disabled=no name=192.168.88.1 .Load-PCC ttl=1d # ip firewall Filter-----------------------/ip firewall filter add action=drop chain=forward SO" content=velox.user.com.br disabled=no /ip firewall filter add action=drop chain=forward SO" content=speed.user.com.br disabled=no /ip firewall filter add action=accept chain=input r1 src-address=192.168.88.0/24 /ip firewall filter add action=accept chain=input r2 src-address=192.168.88.0/24 comment="BLOQUEIO DE DNS REVER comment="BLOQUEIO DE DNS REVER disabled=no in-interface=!ethe disabled=no in-interface=!ethe

# ip firewall nat-------------------------/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=et her1 /ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=et her2 # ip firewall mangle-----------------------# LoopBack por link------------------------/ ip firewall mangle add action=mark-connection chain=prerouting comment="" conn ection-state=new disabled=no dst-address-list=LINK0 in-interface=ether3 new-conn ection-mark=Sites0 passthrough=yes / ip firewall mangle add action=mark-routing chain=prerouting comment="" connect ion-mark=Sites0 disabled=no in-interface=ether3 new-routing-mark=Rota0 passthrou gh=no / ip route add gateway=192.168.10.1 routing-mark=Rota0 / ip firewall mangle add action=mark-connection chain=prerouting comment="" conn ection-state=new disabled=no dst-address-list=LINK1 in-interface=ether3 new-conn ection-mark=Sites1 passthrough=yes / ip firewall mangle add action=mark-routing chain=prerouting comment="" connect ion-mark=Sites1 disabled=no in-interface=ether3 new-routing-mark=Rota1 passthrou gh=no / ip route add gateway=192.168.20.1 routing-mark=Rota1 /ip firewall address-list add ESCO" disabled=no list=LINK0 /ip firewall address-list add st=LINK0 /ip firewall address-list add st=LINK0 /ip firewall address-list add d=no list=LINK1 /ip firewall address-list add =LINK1 address=200.155.80.0-200.155.255.255 comment="BRAD address=200.220.186.0/24 comment="" disabled=no li address=200.220.178.0/24 comment="" disabled=no li address=64.38.29.0/24 comment="RapidShare" disable address=208.69.32.0/24 comment="" disabled=no list

/ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no lis t=LINK1 /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list =LINK1 /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list =LINK1 # Fim LoopBack por link---------------------/ip firewall mangle add action=accept chain=prerouting comment="HTTPS FORA DO LO ADBALACED" disabled=no protocol=tcp dst-port=443 in-interface=ether3 /ip firewall mangle add action=accept chain=prerouting comment="FORA DO LOADBALA CED" disabled=no dst-address-list=loopback in-interface=ether3 /ip firewall mangle add action=change-ttl chain=forward comment="Filtro Tracert / Traceroute" disabled=no new-ttl=set:30 protocol=icmp /ip firewall mangle add action=mark-connection connection-state=new chain=prerou ting disabled=no in-interface=ether1 new-connection-mark=ether1_conn passthrough =yes /ip firewall mangle add action=mark-connection connection-state=new chain=prerou ting disabled=no in-interface=ether2 new-connection-mark=ether2_conn passthrough =yes /ip firewall mangle add action=mark-routing chain=output connection-mark=ether1_ conn disabled=no new-routing-mark=to_ether1 passthrough=yes /ip firewall mangle add action=mark-routing chain=output connection-mark=ether2_ conn disabled=no new-routing-mark=to_ether2 passthrough=yes /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=1 92.168.10.0/24 in-interface=ether3 /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=1 92.168.20.0/24 in-interface=ether3 /ip firewall mangle add action=mark-connection connection-state=new chain=prerou ting disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark =ether1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 /ip firewall mangle add action=mark-connection connection-state=new chain=prerou ting disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark =ether2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=eth er1_conn disabled=no in-interface=ether3 new-routing-mark=to_ether1 passthrough= yes /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=eth er2_conn disabled=no in-interface=ether3 new-routing-mark=to_ether2 passthrough= yes # ip route---------------------------------/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 ga teway=192.168.10.1 routing-mark=to_ether1 comment="Link0" /ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 ga teway=192.168.20.1 routing-mark=to_ether2 comment="Link1" /ip route add check-gateway=ping comment="Link0" disabled=no distance=1 dst-addr ess=0.0.0.0/0 gateway=192.168.10.1 scope=30 target-scope=10 /ip route add check-gateway=ping comment="Link1" disabled=no distance=2 dst-addr ess=0.0.0.0/0 gateway=192.168.20.1 scope=30 target-scope=10 # ip firewall address-list----------------------------/ip firewall address-list add address=200.155.80.0-200.155.255.255 comment=BRADE SCO disabled=no list=loopback /ip firewall address-list add address=200.220.186.0/24 comment=BRADESCO disabled =no list=loopback /ip firewall address-list add address=200.220.178.0/24 comment=BRADESCO disabled =no list=loopback /ip firewall address-list add address=64.38.29.0/24 comment=RapidShare disabled= no list=loopback

/ip firewall address-list add address=208.69.32.0/24 comment="" disabled=no list =loopback /ip firewall address-list add address=208.67.217.0/24 comment="" disabled=no lis t=loopback /ip firewall address-list add address=201.7.178.0/24 comment="" disabled=no list =loopback /ip firewall address-list add address=201.7.176.0/24 comment="" disabled=no list =loopback /ip firewall address-list add address=200.159.128.0/24 comment=BRADESCO disabled =no list=loopback /ip firewall address-list add address=201.7.176.0/20 comment="Vdeos - Globo" disa bled=no list=loopback /ip firewall address-list add address=208.84.247.0/24 comment="Vdeos - terratv" d isabled=no list=loopback /ip firewall address-list add address=200.154.56.0/24 comment="Vdeos - terratv" d isabled=no list=loopback /ip firewall address-list add address=200.201.160.0/24 comment="Caixa Economica Federal" disabled=no list=loopback /ip firewall address-list add address=200.201.166.0/24 comment="" disabled=no li st=loopback /ip firewall address-list add address=200.201.173.0/24 comment="" disabled=no li st=loopback /ip firewall address-list add address=200.201.174.0/24 comment="" disabled=no li st=loopback /ip firewall address-list add address=200.141.207.3 comment=Detran disabled=no l ist=loopback # /system script-------------------------------------/system script add name=Link0Dow policy=\ ftp,reboot,read,write,policy,test,winb ox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Li nk0\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled =yes;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=yes;\r\ \n/ ip route set [find comment=\"Link0\"] disabled=yes;" /system script add name=Link1Dow policy=\ ftp,reboot,read,write,policy,test,winb ox,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Li nk1\"] disabled=yes;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled =yes;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=yes;\r\ \n/ ip route set [find comment=\"Link1\"] disabled=yes;" /system script add name=Link0Up policy=\ ftp,reboot,read,write,policy,test,winbo x,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Lin k0\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link0\"] disabled=n o;\r\ \n/ip firewall mangle set [find comment=\"Link0\"] disabled=no;\r\ \n/ip r oute set [find comment=\"Link0\"] disabled=no;" /system script add name=Link1Up policy=\ ftp,reboot,read,write,policy,test,winbo x,password,sniff,sensitive source="\ /ip firewall filter set [find comment=\"Lin k1\"] disabled=no;\r\ \n/ip firewall nat set [find comment=\"Link1\"] disabled=n o;\r\ \n/ip firewall mangle set [find comment=\"Link1\"] disabled=no;\r\ \n/ip r oute set [find comment=\"Link1\"] disabled=no;"