Berikut adalah langkah untuk mengamankan koneksi internet anda agar lebih aman dan sehat untuk dikonsumsi anak2 dan rekan kerja anda
langkah buka terminal di mikrotik dan lanjutkan
#AUTO SWITCH DNS-SEHAT / DNS-TRUST / DNS-OPEN
#COPY DAN PASTE KE TERMINAL WINBOX
/ip fi add rem [find list=ip-maksiat]
/ip fi add rem [find list=private-lokal]
/ip fi na rem [find comment~"dns"]
/ip fi fi rem [find dst-port="53,5353"]
/sys sch rem auto-switch-dns
/tool net rem [find comment~"dns"]
/ip firewall address-list
add list=private-lokal address=0.0.0.0/8
add list=private-lokal address=10.0.0.0/8
add list=private-lokal address=100.64.0.0/10
add list=private-lokal address=127.0.0.0/8
add list=private-lokal address=169.254.0.0/16
add list=private-lokal address=172.16.0.0/12
add list=private-lokal address=192.0.0.0/24
add list=private-lokal address=192.0.2.0/24
add list=private-lokal address=192.168.0.0/16
add list=private-lokal address=198.18.0.0/15
add list=private-lokal address=198.51.100.0/24
add list=private-lokal address=203.0.113.0/24
add list=private-lokal address=224.0.0.0/3
/ip firewall filter
add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
add action=drop chain=input comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=tcp src-address-list=!private-lokal
add action=drop chain=forward comment=dns-flood dst-port=53,5353 protocol=udp src-address-list=!private-lokal
/ip dns
set allow-remote-requests=yes servers=103.80.80.248,103.80.80.249
/ip firewall nat
add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.248 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-sehat2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.249 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.243 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-trust2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=103.80.80.244 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open1 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.220.220 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=tcp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
add action=dst-nat chain=dstnat comment=dns-open2 dst-port=53,5353 protocol=udp src-address-list=private-lokal to-addresses=208.67.222.222 to-ports=5353
#host=8.8.8.8 bisa diganti dengan ip AP atau ip modem yang bisa di ping
/tool netwatch
add host=8.8.8.8 interval=1s up-script=\
"{\r\
\nlocal toport [/ip firewall nat get 2 to-ports]\r\
\nif (\$toport=\"64872\") do={\r\
\n/ip firewall nat set 2,3 hotspot=!auth\r\
\n}\r\
\n}"
/tool netwatch
add comment=dns-sehat1 down-script="/ip firewall nat disable [find comment=\"dns-sehat1\" disabled=no]" host=103.80.80.248 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-sehat1\" disabled=yes]"
add comment=dns-sehat2 down-script="/ip firewall nat disable [find comment=\"dns-sehat2\" disabled=no]" host=103.80.80.249 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-sehat2\" disabled=yes]"
add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust1\" disabled=no]" host=103.80.80.243 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-trust1\" disabled=yes]"
add comment=dns-trust1 down-script="/ip firewall nat disable [find comment=\"dns-trust2\" disabled=no]" host=103.80.80.244 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-trust2\" disabled=yes]"
add comment=dns-open1 down-script="/ip firewall nat disable [find comment=\"dns-open1\" disabled=no]" host=208.67.220.220 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-open1\" disabled=yes]"
add comment=dns-open2 down-script="/ip firewall nat disable [find comment=\"dns-open2\" disabled=no]" host=208.67.222.222 interval=10s up-script="/ip firewall nat enable [find comment=\"dns-open2\" disabled=yes]"
{
/tool fetch url="https://raw.githubusercontent.com/cespun/ip-maksiat/master/.gitignore/list%3Dip-maksiat" mode=http
/import file=list%3Dip-maksiat
/file remove list%3Dip-maksiat
}
