NeverGiveUp!! wrote:
早安
NG UP 早安
個人積分:38128分
文章編號:91862460
個人積分:38128分
文章編號:91862470
個人積分:58745分
文章編號:91862685
個人積分:535分
文章編號:91863040
個人積分:40分
文章編號:91863417
個人積分:38128分
文章編號:91864039
個人積分:105分
文章編號:91864147
個人積分:48448分
文章編號:91867429
--
可以改這樣.
--
/ip firewall mangle
add action=change-mss chain=forward comment="Change MSS" new-mss=\
clamp-to-pmtu protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
add action=jump chain=prerouting connection-state=new jump-target=\
tcp-services protocol=tcp
add action=jump chain=prerouting connection-state=new jump-target=\
udp-services protocol=udp
add action=jump chain=prerouting connection-state=new jump-target=\
other-services
add action=mark-connection chain=tcp-services dst-port=20-21 \
new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=22 \
new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535
add action=mark-connection chain=tcp-services dst-port=23 \
new-connection-mark=telnet passthrough=no protocol=tcp src-port=\
1024-65535
add action=mark-connection chain=tcp-services dst-port=25 \
new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=80 \
new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=110 \
new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=113 \
new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=119 \
new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=143 \
new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=161-162 \
new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=443 \
new-connection-mark=https passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=465 \
new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=993 \
new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=995 \
new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1723 \
new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=2379 \
new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3128 \
new-connection-mark=proxy passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3389 \
new-connection-mark=win-ts passthrough=no protocol=tcp src-port=\
1024-65535
add action=mark-connection chain=tcp-services dst-port=4242-4243 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=tcp src-port=\
4661-4662
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=4711
add action=mark-connection chain=tcp-services dst-port=5900-5901 \
new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=6667-6669 \
new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=6881-6889 \
new-connection-mark=bittorrent passthrough=no protocol=tcp src-port=\
1024-65535
add action=mark-connection chain=tcp-services dst-port=8080 \
new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=8291 \
new-connection-mark=winbox passthrough=no protocol=tcp src-port=\
1024-65535
add action=mark-connection chain=tcp-services new-connection-mark=other-tcp \
passthrough=no protocol=tcp
add action=mark-connection chain=udp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1701 \
new-connection-mark=l2tp passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4665 \
new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4672 \
new-connection-mark=emule passthrough=no protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=udp src-port=4672
add action=mark-connection chain=udp-services dst-port=12053 \
new-connection-mark=overnet passthrough=no protocol=udp src-port=\
1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=udp src-port=12053
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=skype passthrough=no protocol=udp src-port=36725
add action=mark-connection chain=udp-services connection-state=new \
new-connection-mark=other-udp passthrough=no protocol=udp
add action=mark-connection chain=other-services icmp-options=8:0-255 \
new-connection-mark=ping passthrough=no protocol=icmp
add action=mark-connection chain=other-services new-connection-mark=gre \
passthrough=no protocol=gre
add action=mark-connection chain=other-services new-connection-mark=other \
passthrough=no
add action=change-dscp chain=prerouting comment="EF: SIP,RTP,Teams,Zoom" \
new-dscp=46 port=5060,10000-20000 protocol=udp
add action=change-dscp chain=prerouting comment=\
"AF41: Zoom,Meet,FaceTime,Line,Discord" new-dscp=34 port=3478-3481 \
protocol=udp
add action=change-dscp chain=prerouting comment=\
"AF41: Zoom,Meet,FaceTime,Line,Discord" new-dscp=34 port=3478-3481 \
protocol=tcp
add action=change-dscp chain=prerouting comment=\
"AF31: Steam,Valorant,LoL,PUBG" new-dscp=32 port=27000-27200 protocol=udp
add action=change-dscp chain=prerouting comment="BE: Https,Http" new-dscp=0 \
port=443,80 protocol=tcp
add action=change-dscp chain=prerouting comment="AF21: Youtube,Netflix" \
new-dscp=10 port=443 protocol=tcp
add action=change-dscp chain=prerouting comment="AF21: Twitch,Disney+" \
new-dscp=18 port=1935 protocol=udp
add action=change-dscp chain=prerouting comment=\
"CS1: Windows Update,APP Store,CDN" new-dscp=8 port=80,443,853 protocol=\
tcp
add action=change-dscp chain=prerouting comment="BE: OpenVPN,WireGuard" \
new-dscp=0 port=1194 protocol=udp
add action=change-dscp chain=prerouting comment="BE: SSH" new-dscp=0 port=22 \
protocol=tcp
add action=change-dscp chain=prerouting comment="CS1: DNS,NTP" new-dscp=8 \
port=53,123 protocol=udp
add action=change-dscp chain=prerouting comment="CS1: SMTP,IMAP,POP,FTP" \
new-dscp=8 port=25,143,110,21 protocol=tcp
add action=change-dscp chain=prerouting comment="Reset DSCP IPv4 from WAN" \
in-interface=pppoe-out1 new-dscp=0
add action=change-dscp chain=postrouting comment="EF Rewrite" dscp=46 \
new-dscp=46 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="AF41 Rewrite" dscp=34 \
new-dscp=34 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="AF31 Rewrite" dscp=32 \
new-dscp=32 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="BE Rewrite" dscp=0 \
new-dscp=0 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="AF21 Rewrite" dscp=18 \
new-dscp=18 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="AF21 Rewrite" dscp=10 \
new-dscp=10 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment="CS1 Rewrite" dscp=8 \
new-dscp=8 out-interface=pppoe-out1
add action=change-dscp chain=postrouting comment=\
"Reset any undefined DSCP IPv4" new-dscp=0 out-interface=pppoe-out1
/queue type
add cake-diffserv=diffserv8 cake-flowmode=dual-dsthost cake-nat=yes \
cake-overhead=18 kind=cake name=cake-rx
add cake-ack-filter=filter cake-diffserv=diffserv8 cake-flowmode=dual-srchost \
cake-nat=yes cake-overhead=18 kind=cake name=cake-tx
/queue simple
add max-limit=100M/40M name=cake queue=cake-rx/cake-tx target=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"NAT from local address back to public IP" out-interface-list=WAN \
src-address=192.168.88.0/24
add action=redirect chain=dstnat comment="Redirect DNS queries to router" \
dst-port=53 protocol=tcp
add action=redirect chain=dstnat dst-port=53 protocol=udp
人品是做人最好的底牌.
個人積分:115755分
文章編號:91867557
個人積分:32315分
文章編號:91867565
關閉廣告