欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

ROS軟路由常用命令 小結(jié)

  發(fā)布時(shí)間:2016-11-09 13:19:11   作者:佚名   我要評(píng)論
這篇文章主要介紹了ROS軟路由常用命令 小結(jié),需要的朋友可以參考下

RouterOS監(jiān)控腳本,斷線報(bào)警,線路恢復(fù)自動(dòng)解除報(bào)警:
在/system script里添加腳本
name=你要監(jiān)控的ip
內(nèi)容如下


復(fù)制代碼
代碼如下:

:set i 0
:while ($i=0) do={:beep length=2s frequency=2755;:delay 5;:set a abc;\
:foreach i in=[/tool netwatch find host=你要監(jiān)控的ip] \
do={:set a [/tool netwatch get $i status]};:put $a;:if($a=up) do={:set i 1}} :set i 0
:while ($i=0) do={:beep length=2s frequency=2755;:delay 5;:set a abc;\
:foreach i in=[/tool netwatch find host=你要監(jiān)控的ip] \
do={:set a [/tool netwatch get $i status]};:put $a;:if($a=up) do={:set i 1}}

然后再在/tool netwatch里添加監(jiān)控
host=你要監(jiān)控的ip
在down里填寫
/system script run 你要監(jiān)控的ip
:set shendown1 [/system clock get date]
:set shendown2 [/system clock get time]
:set shendown ("你要監(jiān)控的ip down " . $shendown1 . " " . $shendown2)
:log warning $shendown
ROS小包策略:
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="" disabled=no
add chain=forwar* *2*=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no
add chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=general passthrough=yes comment="" disabled=no
add chain=forward packet-size=32-512 action=mark-packet new-packet-mark=small passthrough=yes comment="" disabled=no
add chain=forward packet-size=512-1200 action=mark-packet new-packet-mark=big passthrough=yes comment="" disabled=no
/ queue tree
add name="p2p1" parent=wan packet-mark=p2p limit-at=600000 queue=default priority=8 max-limit=800000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="p2p2" parent=lan packet-mark=p2p limit-at=800000 queue=default priority=8 max-limit=600000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassA" parent=lan packet-mark="" limit-at=0 queue=default priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf2" parent=ClassB packet-mark=small limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf3" parent=ClassB packet-mark=big limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
等下接著發(fā)!

ROS封殺常用P2P策略腳本:
/ ip firewall filter
add chain=input protocol=udp dst-port=137-138 action=drop comment="drop udp137-138"
# 訊雷
add chain=forward protocol=tcp dst-port=3076-3079 action=drop comment="downTools Xunlei" disabled=yes
add chain=forward dst-address=202.96.155.91/32 action=drop
add chain=forward dst-address=210.22.12.53/32 action=drop
add chain=forward dst-address=61.128.198.97/32 action=drop
# 電騾
add chain=forward protocol=tcp dst-port=4661 action=drop comment="downP2P VeryCD"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
# 屁屁狗(PPGOU)
add chain=forward protocol=tcp dst-port=8505 action=drop comment="downTools PPGOU"
add chain=forward dst-address=219.153.0.152/32 action=drop
add chain=forward dst-address=61.145.116.186/32 action=drop
# KUGO酷狗
add chain=forward protocol=tcp dst-port=3318 action=drop comment="downMP3 KUGO" disabled=yes
add chain=forward protocol=tcp dst-port=1043 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=4224 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=2371 action=drop disabled=yes
add chain=forward protocol=udp dst-port=7000 action=drop disabled=yes
add chain=forward dst-address=218.16.125.227/32 action=drop disabled=yes
add chain=forward dst-address=61.143.210.56/32 action=drop disabled=yes
add chain=forward dst-address=218.16.125.226/32 action=drop disabled=yes
add chain=forward dst-address=61.129.115.206/32 action=drop disabled=yes
add chain=forward dst-address=61.145.114.33/32 action=drop disabled=yes
# RF online
add chain=forward dst-address=218.30.85.16/32 dst-port=8888 action=accept comment="RF online"
add chain=forward dst-address=59.34.215.133/32 dst-port=8888 action=accept
add chain=forward dst-address=60.28.26.66/32 dst-port=8888 action=accept
# 比特精靈
add chain=forward protocol=tcp dst-port=16881 action=drop comment="downP2P BitSpirit"
add chain=forward protocol=tcp dst-port=6881-6890 action=drop
add chain=forward protocol=tcp dst-port=8881-8890 action=drop
add chain=forward protocol=udp dst-port=16881 action=drop
add chain=forward protocol=udp dst-port=6881-6890 action=drop
add chain=forward protocol=udp dst-port=8881-8890 action=drop
# 寶酷
add chain=forward protocol=tcp dst-port=6346 action=drop comment="downP2P BaoCue"
add chain=forward protocol=tcp dst-port=11300 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
add chain=forward dst-address=218.1.14.3/32 action=drop
add chain=forward dst-address=218.1.14.4/32 action=drop
add chain=forward dst-address=218.1.14.9/32 action=drop
add chain=forward dst-address=61.172.197.209/32 action=drop
add chain=forward dst-address=61.172.197.197/32 action=drop
add chain=forward dst-address=218.1.14.5/32 action=drop
add chain=forward dst-address=218.5.72.118/32 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
# 百事通下載工具
add chain=forward dst-address=61.145.126.150/32 action=drop comment="downP2P Bai****ong"
# 百度MP3下載
add chain=forward dst-address=202.108.156.206/32 action=drop comment="downMP3 BaiDuMP3" disabled=yes
# PTC下載工具
add chain=forward protocol=tcp dst-port=50007 action=drop comment="downP2P PTCdown"
# eDonkey2000下載工具
add chain=forward protocol=tcp dst-port=4371 action=drop comment="downP2P eDonkey2000"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
add chain=forward dst-address=62.241.53.17/32 action=drop
# Poco2005
add chain=forward protocol=udp src-port=8094 action=drop comment="downP2P Poco2005"
add chain=forward protocol=tcp dst-port=2881 action=drop
add chain=forward protocol=tcp dst-port=5354 action=drop
add chain=forward dst-address=61.145.118.224/32 action=drop
add chain=forward dst-address=210.192.122.147/32 action=drop
add chain=forward dst-address=207.46.196.108/32 action=drop
# 卡盟
add chain=forward protocol=tcp dst-port=3751 action=drop comment="downP2P KAMUN"
add chain=forward protocol=tcp dst-port=3753 action=drop
add chain=forward protocol=tcp dst-port=4772 action=drop
add chain=forward protocol=tcp dst-port=4774 action=drop
add chain=forward dst-address=211.155.224.67/32 action=drop
# 維宇RealLink
add chain=forward dst-address=211.91.135.114/32 action=drop comment="downP2P RealLink"
add chain=forward dst-address=221.233.18.180/32 action=drop
add chain=forward dst-address=61.145.119.55/32 action=drop
add chain=forward dst-address=221.3.132.99/32 action=drop
# 百寶
add chain=forward protocol=tcp dst-port=3468 action=drop comment="downP2P 100bao"
add chain=forward dst-address=219.136.251.56/32 action=drop
add chain=forward dst-address=61.149.124.173/32 action=drop
# 百花PP
add chain=forward protocol=tcp dst-port=5093 action=drop comment="downP2P BaiHua"
add chain=forward dst-address=221.229.241.243/32 action=drop
# 快遞通
add chain=forward dst-address=202.96.137.56/32 action=drop comment="downP2P KDT"
# 酷樂(lè)
add chain=forward protocol=tcp dst-port=6800-6801 action=drop comment="downMP3 Kuro"
add chain=forward protocol=tcp dst-port=7003 action=drop
add chain=forward dst-address=218.244.45.67/32 action=drop
add chain=forward dst-address=220.169.192.145/32 action=drop
# 百度下吧
add chain=forward protocol=tcp dst-port=11000 action=drop comment="downP2P BaiDuXiaBa" disabled=yes
add chain=forward dst-address=202.108.249.171/32 action=drop
# 百兆P2P
add chain=forward protocol=tcp dst-port=9000 action=drop comment="downP2P baizhaoP2P"
add chain=forward dst-address=221.233.19.30/32 action=drop
# 石頭(OPENEXT)
add chain=forward protocol=tcp dst-port=5467 action=drop comment="downP2P OPENEXT"
add chain=forward protocol=tcp dst-port=2500 action=drop
add chain=forward protocol=tcp dst-port=4173 action=drop
add chain=forward protocol=tcp dst-port=10002 action=drop
add chain=forward protocol=tcp dst-port=10003 action=drop
add chain=forward dst-address=66.197.13.166/32 action=drop
add chain=forward dst-address=210.22.12.245/32 action=drop
add chain=forward dst-address=69.93.222.56/32 action=drop
# iLink 1.1
add chain=forward protocol=tcp dst-port=5000 action=drop comment="downP2P iLink"
# DDS
add chain=forward protocol=tcp dst-port=11608 action=drop comment="downP2P DDS"
add chain=forward dst-address=210.51.168.13/32 action=drop
add chain=forward dst-address=211.157.105.252/32 action=drop
add chain=forward dst-address=212.179.66.17/32 action=drop
# iMesh 5
add chain=forward protocol=tcp dst-port=4662 action=drop comment="downP2P iMesh 5"
add chain=forward dst-address=212.179.66.17/32 action=drop
add chain=forward dst-address=212.179.66.24/32 action=drop
add chain=forward dst-address=38.117.175.23/32 action=drop
# winmx
add chain=forward protocol=tcp dst-port=5690 action=drop comment="downP2P winmx"
add chain=forward dst-address=64.246.15.43/32 action=drop
# 網(wǎng)酷
add chain=forward protocol=tcp dst-port=2122 action=drop comment="downP2P netcool"
add chain=forward dst-address=211.152.22.9/32 action=drop
add chain=forward dst-address=211.152.22.101/32 action=drop
add chain=forward dst-address=221.192.132.29/32 action=drop
# PPlive網(wǎng)絡(luò)電視
add chain=forward protocol=tcp dst-port=8008 action=drop comment="P2PTV PPlive"
add chain=forward protocol=udp dst-port=4004 action=drop
# QQ直播
add chain=forward protocol=udp dst-port=13002-13999 action=drop comment="P2PTV QQ" disabled=yes

ROS防火墻的一點(diǎn)心得:
input - 進(jìn)入路由,并且需要對(duì)其處理
forward - 路由轉(zhuǎn)發(fā)
output - 經(jīng)過(guò)路由處理,并且從接口出去的包


action:

1 accept: 接受
add-dst-to-address-list - 把一個(gè)目標(biāo)IP地址加入address-list

add-src-to-address-list - 把一個(gè)源IP地址加入address-list

2 drop - 丟棄
3 jump - 跳轉(zhuǎn),可以跳轉(zhuǎn)到一個(gè)規(guī)則主題里面,如input forward,也可以跳轉(zhuǎn)到某一條里面
4 log - 日志記錄
5 passthrough - 忽略此條規(guī)則
6 reject - 丟棄這個(gè)包,并且發(fā)送一個(gè)ICMP回應(yīng)消息
7 return - 把控制返回給jump的所在
8 tarpit - 捕獲和扣留 進(jìn)來(lái)的TCP連接 (用SYN/ACK回應(yīng)進(jìn)來(lái)的TCP SYN 包)router os命令:
看了很多router os 的資料都是關(guān)于如何安裝的,卻很少見到關(guān)于router os的命令資料(也許因?yàn)橛衱inbox了),雖然在router os 的手冊(cè)中有說(shuō)明,但是是英文版本的,很不好看懂。下面就我就寫出一些常用的命令,希望對(duì)大家有所幫助:
1、開機(jī)登陸以后常用的一個(gè) ? 是常用的幫助命令,可以列出可用的命令及簡(jiǎn)單的說(shuō)明。

2、有些英文命令很長(zhǎng),可以簡(jiǎn)寫如inte***ce ,你輸入in后回車自動(dòng)就會(huì)進(jìn)入inte***ce了?;蛘吣憧梢园聪聇ab鍵來(lái)幫你完成長(zhǎng)英文命令的輸入。

3、有些命令的參數(shù)很多,你不知道的時(shí)候可以輸入命令后加空格?,如print ?可以顯示該命令的參數(shù)。
4、setup 該命令可是誰(shuí)都要記得的,因?yàn)樽畛醢惭b完router os 必須用它分配網(wǎng)卡的ip地址。

5、ip route add gate=211.12.*.14,220.163.*.12 該命令用于多線路接入時(shí)加入多個(gè)網(wǎng)關(guān)用的。

6、ip firewall add action=nat protocol=tcp dst-address=212.12.*.*/32:80 to-dst-address=192.168.0.198 該命令用于映射端口80到本地的192.168.0.198上。

7、print 該命令有點(diǎn)用于列出所有的項(xiàng)目。

8、inte***ce monitor-traffice 0,1,2 可以監(jiān)視當(dāng)前0,1,2網(wǎng)卡的活動(dòng)情況。

9、ip firewall connection print 顯示當(dāng)前的所有的連接。

10、ip arp print 顯示所有router os 知道的ip地址和mac地址的對(duì)應(yīng)列表。

11、user active print 顯示所有的router os 的活動(dòng)用戶。

12、system reboot 、system shutdown分別是重啟和關(guān)機(jī)。

13、system reset 刪除所有原來(lái)的配置,并重新啟動(dòng)router os. 14、system resource monitor 可以監(jiān)視當(dāng)前的cpu,和內(nèi)存的使用情況。

15、log print 可以顯示router os 的日志。



16、tool ping-speed 210.13.14.* 可以顯示ping 的速度。



17、tool sniffer start,和tool sniffer stop 可以開啟和停止嗅探器。



18、tool sniffer packet print 可列出嗅探的包。



19 、system backup name=2004107.bak 可以將系統(tǒng)的配置備份到文件2004107.bak,可以用file print看到。



還有什么enable,disable,remove,set 那些常用的就不說(shuō)了。



ROS 一些常用腳本:
/ ip firewall connection {:foreach r in= do={remove $r}} 刪除所有連接

:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i] disable防火墻規(guī)則

firewall connection tracking syn sendtime 設(shè)置成50 rectime 設(shè)置成30 減輕syn攻擊

/system scheduler add name=reboot interval=24h start-time=06:59:00 on-event={/system reboot} disabled=no 定時(shí)重起

/ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx 改變默認(rèn)網(wǎng)關(guān)

/queue simple remove 刪除所有Simple Queues

:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add copy-from=$i} ARP綁定(靜態(tài)ARP)


每個(gè)IP加一個(gè)simple queue的腳本

:foreach i in [/queue simple find] \
do {:put (deleting . ... . [/queue simple get $i name]);
queue simple remove $i;}

for i from 1 to 254 \
do { \
:if ($i!=100) \
do {/queue simple add \
name=(queue . $i) \
limit-at=128000/128000 \
burst-threshold=384000/192000 \
max-limit=512000/256000 \
burst-limit=2000000/512000 \
burst-time=16s/8s \
dst-address=(192.168.0. . $i); \
:put (192.168.0. . $i . ... . added)} \
}ROS其他參數(shù):

使用:
WinBox-System-Scripts-+
Name(腳本名程)
Source(腳本)
OK-選擇要運(yùn)行的腳本-Run Script

集體綁定ARP
:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add copy-from=$i}
集體幫定ARP,這樣方便了很多,但是值得注意的是,用這命令綁定之后,要把外網(wǎng)的ARP解除了,要不然會(huì)出奇怪問(wèn)題,反正我是遇見了!

限速腳本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}

說(shuō)明:
aaa是變量
2 to 254是2~254
192.168.0. . $aaa是IP
上兩句加起來(lái)是192.168.0.2~192.168.0.254
max-limit=2000000/2000000是上行/下行


刪除所有連接
/ ip firewall connection {:foreach r in= do={remove $r}}

disable防火墻規(guī)則
:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i]


定時(shí)重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no

改變默認(rèn)網(wǎng)關(guān)
/ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx

定時(shí)重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no


/sy reset 恢復(fù)路由原始狀態(tài)

/sy reboot 重啟路由

/sy showdown 關(guān)機(jī)

/sy ide set name=機(jī)器名 設(shè)置機(jī)器名

/export 查看配置

/ip export 查看IP配置

/sy backup 回車 save name=你要設(shè)置文件名 LOAD NAME=你要設(shè)置文件名 備份路由

/inte***ce print 查看網(wǎng)卡狀態(tài)
0 X ether1 ether 1500 這個(gè)是網(wǎng)卡沒有開啟
0 R ether1 ether 1500 這個(gè)是正常狀態(tài)

/int en 0 激活0網(wǎng)卡

/int di 0 激活0網(wǎng)卡

/ip fir con print 查看當(dāng)前所有網(wǎng)絡(luò)邊接

/ip service set www port=81 改變www服務(wù)端口為81

/ip hotspot user add name=user1 password=1 增加用戶ROUTERos改本機(jī)網(wǎng)卡MAC的方法:
interface ethernet> set (網(wǎng)卡名) mac-address=(你想要的MAC)


機(jī)房經(jīng)常提出這種要求,這節(jié)課要求上網(wǎng),下節(jié)課就要求斷網(wǎng)。以前就是撥網(wǎng)線,后來(lái)用了這個(gè)就不用了。并且可以上網(wǎng)時(shí),也能控制學(xué)生上聯(lián)眾或者QQ。課后機(jī)房開放時(shí)即要能上網(wǎng),還要能上QQ,把這些策略禁止掉就行了。


并且WINBOX操作比較簡(jiǎn)便,教會(huì)管理員,我不需要管了。



自由控制機(jī)房上網(wǎng)、QQ、聯(lián)眾:

/ ip firewall rule forward

這里是控制各個(gè)機(jī)房的上網(wǎng)策略,可以上時(shí)設(shè)為無(wú)效,禁止上時(shí)設(shè)為有效。

1機(jī)房
add src-address=192.168.3.0/26 dst-address=!192.168.0.0/16 action=drop \
comment="1機(jī)房" disabled=yes

2機(jī)房
add src-address=192.168.3.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="2機(jī)房" disabled=no

3機(jī)房
add src-address=192.168.3.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="3機(jī)房" disabled=yes

4機(jī)房
add src-address=192.168.3.192/26 dst-address=!192.168.0.0/16 action=drop \
comment="4機(jī)房" disabled=no

5機(jī)房
add src-address=192.168.0.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="5機(jī)房" disabled=no
add src-address=192.168.0.192/29 dst-address=!192.168.0.0/16 action=drop \
comment="" disabled=no

6機(jī)房
add src-address=192.168.0.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="6機(jī)房" disabled=no


這里是控制各個(gè)機(jī)房的聯(lián)眾 QQ

2機(jī)房
add src-address=192.168.3.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="2機(jī)房禁止聯(lián)眾 禁止QQ聊天" disabled=no
add src-address=192.168.3.64/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.3.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no

機(jī)房
add src-address=192.168.3.128/26 dst-address=:8000 protocol=udp action=drop \
comment="3機(jī)房禁止QQ聊天 禁止聯(lián)眾" disabled=yes
add src-address=192.168.3.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=yes


4機(jī)房
add src-address=192.168.3.192/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="4機(jī)房禁止聯(lián)眾,QQ聊天" disabled=no
add src-address=192.168.3.192/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.192/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no


5機(jī)房
add src-address=192.168.0.128/26 dst-address=:8000 protocol=udp action=drop \
comment="5機(jī)房禁止QQ聊天 禁止聯(lián)眾" disabled=no
add src-address=192.168.0.192/29 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no


6機(jī)房
add src-address=192.168.0.64/26 dst-address=:8000 protocol=udp action=drop \
comment="6機(jī)房禁止QQ聊天 禁止聯(lián)眾" disabled=no
add src-address=192.168.0.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=noROS限線程腳本+限速腳本:

限線程腳本:
:for aaa from 2 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $aaa) protocol=tcp connection-limit=50,32 action=drop}
限速腳本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}

說(shuō)明:
aaa是變量
2 to 254是2~254
192.168.0. . $aaa是IP
上兩句加起來(lái)是192.168.0.2~192.168.0.254
connection-limit=50是線程數(shù)這里為50
max-limit=2000000/2000000是上行/下行

使用:
WinBox-System-Scripts-+
Name(腳本名程)
Source(腳本)
OK-選擇要運(yùn)行的腳本-Run Script

查看:
限線程:WinBox-IP-Firewall-Filter Rules(看是否已經(jīng)填加進(jìn)來(lái))
限速:WinBox-Queues-Simple Queues(看是否已經(jīng)填加進(jìn)來(lái))



斬?cái)鄴呙枘愕腞OS 的黑手:
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no在Winbox下對(duì)RouterOS整體限速.:

以限制下載速度640K上行速度320K為例

IP→Firewall→Mangle→添加一個(gè)Action項(xiàng)中Action=accept Flow Mark=all

以限制下載速度640K,上行速度320K為例:

Queues→Queue Types→添加一個(gè)General項(xiàng)中Name=Netbardown Kind=pcq,Settings項(xiàng)中Rate:655360
Classifier中勾上Src.兩項(xiàng);
Queues→Queue Types→添加一個(gè)General項(xiàng)中Name=Netbarup Kind=pcq,Settings項(xiàng)中Rate:327680
Classifier中勾上Dst.兩項(xiàng);

Queues→Queue Tree→添加一個(gè)General項(xiàng)中Name=Netbardown Parent=lan Flow=all Queue Type=Netbardown //lan為本地網(wǎng)卡
Queues→Queue Tree→添加一個(gè)General項(xiàng)中Name=Netbarup Parent=wan Flow=all Queue Type=Netbarup //wan為外網(wǎng)網(wǎng)卡

想不限速時(shí)可以直接把之前添加的這條關(guān)掉:
IP→Firewall→Mangle→添加一個(gè)Action項(xiàng)中Action=accept Flow Mark=all
別告訴我你不會(huì)關(guān)...繼續(xù)發(fā) ~~

網(wǎng)吧一般都打兩條線以上,電信會(huì)在晚上斷掉你一條線,然后會(huì)影響到網(wǎng)吧的網(wǎng)絡(luò)連接,所以做此腳本,讓ROS定時(shí)開關(guān)一條線路,利用的是網(wǎng)關(guān)。其中的192.168.2.1和192.168.3.1分別代表兩個(gè)網(wǎng)關(guān)。192.168.2.1被電信限制的光纖的網(wǎng)關(guān),192.168.3.1為24小時(shí)可用的光纖的網(wǎng)關(guān)。

/ system script
add name="allon" source="/ip route set\[/ip route find dst 0.0.0.0\] gateway \
192.168.2.1,192.168.3.1" policy=ftp,reboot,read,write,policy,test
add name="2moff" source="/ip route set\[/ip route find dst 0.0.0.0\] \
gateway 192.168.3.1" policy=ftp,reboot,read,write,policy,test

/ system scheduler
add name="allok" on-event=allon start-date=mar/24/2006 start-time=08:30:00 \
interval=1d comment="" disabled=no
add name="8mok" on-event=2moff start-date=mar/24/2006 start-time=23:40:00 \
interval=1d comment="" disabled=no


接著來(lái) 真累沒人頂以后不發(fā)了

ROS映射和回流腳本:
# jun/18/2006 18:43:44 by RouterOS 2.9.6
# to-ports 是映射端口 0-65535 指完全映射 如果只想映射 WWW(網(wǎng)站)端口改為 80 即可
# 只想映射 FTP 端口 則 to-ports=21 即可~``還有不明白的可以加我 QQ 33679934 ~``

/ ip firewall nat

add chain=dstnat dst-address=外網(wǎng)地址 action=dst-nat \
to-addresses=內(nèi)部服務(wù)器地址 to-ports=0-65535 comment="映射" disabled=no

add chain=srcnat src-address=內(nèi)部服務(wù)器地址 action=src-nat \
to-addresses=外網(wǎng)地址 to-ports=0-65535 comment="回流" disabled=no使用export命令導(dǎo)出,使用import命令導(dǎo)入。
如:導(dǎo)出全部配置命令為:/export file=xxx
導(dǎo)入配置命令:/import file=xxx
導(dǎo)出防火墻配置的命令:/ip firewall export file=xxx

備份設(shè)置:files-->backup 再用ftp client download備份文件
恢復(fù)設(shè)置:ftp client upload 備份文件;files --> restore

1。備份和恢復(fù)設(shè)置

絕對(duì)是好東東!你想想辛辛苦苦設(shè)置好的防火墻規(guī)則,網(wǎng)卡設(shè)置,各個(gè)路由,端口映射萬(wàn)一弄錯(cuò)了或重新安裝時(shí),是不是都要重新自已設(shè)置?這個(gè)巨麻煩?。?!但ROUETOS卻為你考慮得很周到,可以手工備份你的設(shè)置文件,需要時(shí)只要一個(gè)命令即可恢復(fù)!

大家可以用WINBOX登陸,注意用ADMIN帳號(hào),在左邊是不是有個(gè)FILES?點(diǎn)開,再點(diǎn)對(duì)話框上面的BACKUP,這樣就把當(dāng)前的設(shè)置保存一個(gè)文件里面了,再用IE登陸你的路由,用網(wǎng)管帳號(hào):密碼@路由ip:端口,登陸到你的路由后就會(huì)到你保存的文件了!用IE直接下載吧!/" target=_blank>ftp://網(wǎng)管帳號(hào):密碼@路由IP:端口,登陸到你的路由后就會(huì)到你保存的文件了!用IE直接下載吧!

當(dāng)你重新安裝時(shí),只要把內(nèi)網(wǎng)弄通,用IE再登陸你的路由,把這個(gè)設(shè)置文件傳上去,在WINBOX左邊下面有個(gè)TE開頭的英文,這是終端模擬,點(diǎn)開后就像在路由上操作一樣,用以下命令恢復(fù)你以前的設(shè)置:

system回車

backup回車

load name=你保存的設(shè)置文件名 回車

提示重啟就一下子恢復(fù)到你以前設(shè)置了!!

是不是方便實(shí)用啊?

大家可能會(huì)說(shuō)用WINBOX備份不爽,那我們也可以用終端備份呀!

在WINBOX左邊下面有個(gè)TE開頭的英文,這是終端模擬,點(diǎn)開后就像在路由上操作一樣,用以下命令備份你以前的設(shè)置:

system回車

backup回車

save name=你保存的設(shè)置文件名 回車

建議文件名用日期表示可以很直觀。這樣就按你的文件名保存了。

用LOAD NAME命令就是恢復(fù)了。。。]

2.恢復(fù)路由本身默認(rèn)值。

如果設(shè)錯(cuò)了規(guī)則或者地址,造成win不能進(jìn)入管理界面,可以這樣復(fù)原:
使用 admin 登陸
system 回車
reset 選擇 y
將刪除所有改動(dòng),恢復(fù)新裝的狀態(tài)

這個(gè)是恢復(fù)到出廠設(shè)置,很適合剛開始設(shè)置ROUTEOS時(shí)用用

相關(guān)文章

最新評(píng)論