ROS计划任务--定时限速
ROS限速脚本+封网站端口IP+封迅雷VAGAA
封迅雷只要封住tcp3076和3077
封vagaa
/ ip firewall filter
add chain=forwaent="No VaGaa"
add chain=forward content= action=reject
限速脚本:(KB后面是5个0,MB是6个0)
真正限速脚本为 下载640KB,上传512KB (dst)
:for szwm from 1 to 100 do={/queue ** add name=(sy . $szwm) dst-address=(192.168.0. . $szwm) max-limit=640000/512000 interface=all disabled=no}
640000 就是 640KB(后面有3个0),这样运行完脚本 ,
ROS2.927会自动 除以8 换算出实际 下载是 80KB 上传64KB。
就是你要限制300K 就是300*8=2400+后面加三个0=2400000(脚本的地方就要写这个)
如何封闭某一IP或网站或端口
1、封IP
/ ip firewall filter add chain=forward dst-address=127.0.0.1(请把这里换为你想封的IP) action=drop comment="这里注释,中文的好像不行"
add chain=forward protocol=udp dst-port=2004 action=drop
add chain=forward protocol=tcp dst-port=2005 action=drop
ROS用流量监控动态控制限速点
ROS用流量监控动态控制限速点1.gifwinbox-ip-firewall-mangle-+2.gif只标识大包3.gifpacket576-1536手工要输入,不是选的.4.gifwinbox-queues-queue types- +5.gif全部做好后,打开这窗口,可以看到rate值会自动改变.6.gifwinbox-queues-queue tree-+7.gifwinbox-system-scripts-+ source里填入本贴后面程序内容,里面数值要改,程序内有说明.8.gifwinbox-system-scheduler-+9.gifwinbox-queues-simple queues-+ 每台机做一个上行限速.######程序开始####################################################################### 程序名称:ROS用流量监控动态控制限速点# 程序版本:测试# 程序员:kuwin Email:kuwin@# 程序版权:免费软件(本程序可自由传播及修改,不必理会原创作者kuwin)# Ros版本:Ros2.8.27 Ros2.9.2 Ros2.9.7# 编写日期:2007-04-29# 修改日期:2007-05-05# 测试人员:kuwin# 测试结果:# 1.控制效果良好;# 2.程序消耗一定的cpu资源,K62-300的cpu资源要用4%-4%(暂停程序只占3%-6%),建议cpu# 要P3-500以上;(2007-05-05改动后已经大幅降低)# 3.Ros显示的流量要比下载软件(讯雷等)上显示的流量要大,原因未明.# 程序评级:无# 简要说明:# 1."预留带宽"是给网络游戏,浏览网页等一些不会抢带宽的程序突发使用,有趣的是,当这# 些程序用了"预留带宽",本程序又会从讯雷,BT等带宽大鳄那里抢回一部分带宽作"预留# 带宽",在恶劣的使用环境下(比如大家都在下载),最后的限制带宽就是"预留带宽". # 建议"预留带宽"值取256000-512000,太小影响网络游戏,浏览网页的速度,太大又会影# 响下载的速度;# 2."最大带宽"取你的路由器出口带宽值;# 3."步进带宽"是本程序自动设置限制带宽时的加减值,1兆路由器出口带宽设5000,2兆设# 10000,10兆设50000,其它按此类推.# 安装方法:# 1.首先要做好简单的PCQ限速,起名"PCQ-Download".上行PCQ限速不明显,建议不要做.# 上行要在queue simple里做单机限速.(很多网站介绍,上baidu搜pcq限速);# 2.winbox,system-scripts,按+,起名SCRIPT_PCQ_SET,source里贴入这里全部内容;# 3.winbox,system-scheduler,按+,起名"SCH_PCQ_SET",interval填00:00:01(这是秒杀,# 可设1-3秒),on event填SCRIPT_PCQ_SET;# 4.程序内字母大小写敏感,请注意;# 5.请特别注意PCQ名"PCQ-Download".还有网卡的名"public"和"local".# 更新说明:# 1.针对PCQ上行限速不明显,已去掉PCQ上行限速,请另作queue simple限速,# 如:limit-at=0/128000 max-limit=0/256000.(2007-05-05)# 2.原来每秒写硬盘一次!现在只有PCQ限速值改变时才会写硬盘.(2007-05-05)# 3.经过前两点修改,cpu使用率大幅下降.(2007-05-05)############################################################################### ######定义变量(注意在Ros2.8中可以不要后面的0):local RxCurRate 0:local RxCurSet 0:local RxResRate 0:local RxMaxRate 0:local RxStepRate 0#下行即时流量#interface monitor public once do={:set RxCurRate $received-bits-per-second}interface monitor local once do={:set RxCurRate $sent-bits-per-second}#下行当前设置:set RxCurSet [/queue type get [/queue type find name="PCQ-Download"] pcq-rate]#下行预留带宽:set RxResRate 256000#下行最大带宽:set RxMaxRate 1024000#下行步进带宽:set RxStepRate 10000#设置下行带宽:if($RxCurRate<($RxMaxRate+-$RxResRate)) do={:if($RxCurSet<$RxMaxRate) do={:set RxCurSet ($RxCurSet+$RxStepRate)/queue type set "PCQ-Download" kind=pcq pcq-rate=$RxCurSet pcq-classifier=dst-address}} else={:if($RxCurSet>$RxResRate) do={:set RxCurSet ($RxCurSet+-$RxStepRate)/queue type set "PCQ-Download" kind=pcq pcq-rate=$RxCurSet pcq-classifier=dst-address}}######程序结束#############################。
ROS时间段限速和动态限速
:if([:pick [/system clock get date] 4 7]="29/") do={:for szwm from=2 to=254 do={queue simple disable ("C" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="29/") do={:for szwm from=2 to=254 do={queue simple disable ("A" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="21/") do={:for szwm from=2 to=254 do={queue simple enable ("C" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="21/") do={:for szwm from=2 to=254 do={queue simple disable ("A" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="7/") do={:for szwm from=2 to=254 do={queue simple disable ("B" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="8/") do={:for szwm from=2 to=254 do={queue simple enable ("B" . $szwm)} }
ros动态限速脚本l
ros动态限速脚本l网吧因客流比较大,所以网络流量变化也很大,单纯的单机限速,会造成大量的带宽被浪费掉.所以我们现在来考虑动态限速.我们简单的分为4个限速阶段,以30M带宽为例.1 不限速2 单机2M限速3 单机1M限速4 单机512K限速一限速策略的创建需要分2步1 建立新的队列类型/queue typeadd name="down_512k" kind=pcq pcq-rate=512000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="down_1M" kind=pcq pcq-rate=1000000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="down_2M" kind=pcq pcq-rate=2000000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="up_512K" kind=pcq pcq-rate=512000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=2000add name="up_1M" kind=pcq pcq-rate=1000000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=2000add name="up_2M" kind=pcq pcq-rate=2000000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=20002 建立新的简单队列简单队列的顺序一定要注意:按照512K在上,2M在下的原则排序(先小后大).因为此队列的执行原则是,先执行最上面的,后面的将被抛弃./ queue simpleadd name="PCQ_512K" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=down_512k/up_512K limit-at=0/0 \max-limit=0/0 total-queue=default-small disabled=yesadd name="PCQ_1M" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=up_1M/down_1M limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=yesadd name="PCQ_2M" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=up_2M/up_1M limit-at=0/0 max-limit=0/0 \total-queue=default-small disabled=yes二脚本的制作实际就是简单的允许某策略或不允许某策略,类似在winbox选中某策略,并点叉号或对号.这里操作的是前面建立的简单队列.来达到限速策略的开与关./ systemadd name="off512k" source="/queue sim disable PCQ_512k" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on512k" source="/queue sim enable PCQ_512k" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="off1m" source="/queue sim disablePCQ_1M" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on1m" source="/queue sim enable PCQ_1M" \ policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="off2m" source="/queue sim disable PCQ_2M" \ policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on2m" source="/queue sim enable PCQ_2M" \ policy=ftp,reboot,read,write,policy,test,winbox,password三流量监控我们使用ROS自带的工具"通信监控"(tool traffic-monitor)来监视我们的网络流量.当流量达到一定数值,会自动运行前面制作的脚本.请注意:接口一定要选择你的外网网卡.这里的数据可根据实际情况修改,我是以自己30M带宽为例。
ROS命令大全
ROS通用脚本一:限速脚本:for wbsz from 1 to 254 do={/queue simple add name=(wbsz . $wbsz)dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K} 二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forwardsrc-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ" 十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz] 十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV" add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(没事不要用)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ" ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=dropcomment="Backdoor.GrayBird.ad"add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"================================================================================ ================================================================================ ==================================以上脚本使用说明:用winbox.exe 登陆找到 System -- Script - 点击+ 将对应脚本复制其中后,点击 Run Script即脚本一、导出 ARP 列表ip arp export file arp这样就能将所有ARP列表导出到 arp.rsc 文件。
ROS简单队列限速自己理解整理
ROS 简单队列限速
limit-at--------保证限速
max-limit------最大限速我们最常用的地方,最大速度
burst-limit--------突破速度的最大值(突破最大值)
burst-thershold--------突破速度的阀值(突破阀值)
burst-time-------突破速度的时间值(突破时间)
官方例子: limit-at=1M , max-limit=2M , burst-threshold=1500k , burst-limit=4M time =16s
例子解释:在突破时间(burst-time=16秒)范围内,速度如果低于突破阀值(burst-thershold=1500K)就允许超过最大限速达到突破最大值(max-limit=4M);速度如果达到或高于突破阀值(burst-thershold=1500K)就不允许突发,限速在最大限速(max-limit =2M)
注:突破阀值(burst-thershold=1500K)在保证限速(imit-at=1M)和最大限速(max-limit =2M)之间。
可以优化解决大型网络游戏卡的ROS限速脚本
可以优化解决大型网络游戏卡的ROS限速脚本ros软路由一直是网吧用的比较多的软路由。
的确,ros防ddos攻击还是比较有用的。
网上有很多的ros软路由教程,今天这个算是ros限速脚本吧。
安装就不说了,大家可以参照网上很多的ros软路由教程来安装。
这个ros限速脚本事针对大型网络游戏卡而写的。
ip firewall mangleadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=no直接复制上面。
ROS命令大全
ROS通用脚本一:限速脚本:for wbsz from 1 to 254 do={/queue simple add name=(wbsz . $wbsz)dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K} 二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forwardsrc-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ" 十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz] 十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV" add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(没事不要用)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ" ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=dropcomment="Backdoor.GrayBird.ad"add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"================================================================================ ================================================================================ ==================================以上脚本使用说明:用winbox.exe 登陆找到 System -- Script - 点击+ 将对应脚本复制其中后,点击 Run Script即脚本一、导出 ARP 列表ip arp export file arp这样就能将所有ARP列表导出到 arp.rsc 文件。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Schedule控制流量规则
Schedule计划任务工具根据定义的起始日期时间或者间隔时间执行任务,执行任务安装RouterOS脚本要求完成,所以在使用这个工具之前最好是学习下本公司出版本的《MikroTik Script 教程》,这样就能更好的使用Schedule。
下面就做一个简单的实例,环境是在一个时间段执行RouterOS中一条规则,在一个时间段禁用一条规则,如流量控制。
此实例运用很简单,主要是介绍该工具中的参数,了解工具中的参数后就能更好的灵活运用。
一、先在队列(/queue simple)做一个PCQ规则,命名为PCQ,“name=PCQ”。
具体参考/simple queue中的带宽控制规则,
二、在Schedule中写下禁用和启用这个流控的命令。
启用:
/queue simple set [/queue simple find name=”PCQ”] disabled=no
禁用:
/queue simpl e set [/queue simple find name=”PCQ”] disabled=yes
以下的时间设置是在每天的22点禁用流量控制,在每天的10点起用流控规则,在每个网络环境中的使用情况不一样,在做的时候可以根自己的情况灵活设定时间。
以下为主要参数的说明:
Start-Date:开始执行脚本内容的日期;
Start-time:开始执行脚本内容的时间;
Interval:每隔多少时间执行一次;
On-Event:计划任务执行操作的内容。
禁用
当在22点执行禁用流控后,禁用的状态将一直保存,所有的用户将不再所控制的限制,当然这种是在这个时间段用户相对较小,并且带宽不紧张的情况下执行这一操作。
下面的起用任务是当网络资源紧张的时起用这一任务,根据每天的情况自行设定。
启用。