添加地址列表,多个网段添加一行
/ip firewall address-list
add address=192.168.1.0/24 disabled=no list=lan
add address=192.168.2.0/24 disabled=no list=lan
添加L7识别视频和下载用户
/ip firewall layer7-protocol
add name=Tencent_qq regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
0B/x7D/x98/x38/xE4.+"
add name=Tencent_qqgame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
\\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
add name=PPStream regexp="^.\?.\?\\c.+\\c"
add name=QQMusic regexp=\
"(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=QQLive regexp="(^get.+\\video.\?\\qq.+\\flv|^\\xFE.\?.\?.\?.\?\\xD3|^\
get.+\\video.\?\\qq.+\\mp4)"
add name=Kugou regexp=\
"(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
add name=Http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
.[019]"
add name=Http-img regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
add name=Http-web regexp=\
"\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
add name=NetTV regexp=\
"^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
add name=File regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z|\\.gho|\\.pdf\
|\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
add name=QQsp regexp="(^\\x03.\?\\xE1\\x8D|^\\x02\\x02|^\\x04\\x1E)"
add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
0-9][\\x01-\?a-z]*[\\x02-\\x06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\\\
x01-\\x10\\x1c][\\x01\\x03\\x04\\xFF]"
add name=Http-jpg regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"
写入源地址列表(服务器不计算在内的话,用“!”排除即可)
/ip firewall filter
#排除服务器计数
add action=add-src-to-address-list address-list=icafe address-list-timeout=2m \
chain=forward comment="[\CD\B3\BC\C6\B7\FE\CE\F1\C6\F7]" disabled=no \
src-address=192.168.1.39-192.168.1.64
#引用list:lan,排除服务器
add action=add-src-to-address-list address-list=wks address-list-timeout=2m \
chain=forward comment="[\CD\B3\BC\C6\BF\CD\BB\A7\BB\FA]" disabled=no \
src-address=!192.168.1.39-192.168.1.64 src-address-list=lan
add action=add-src-to-address-list address-list=NetTV address-list-timeout=5m \
chain=forward comment="[\CD\B3\BC\C6\D4\DA\CF\DF\CA\D3\C6\B5]" disabled=\
no layer7-protocol=NetTV src-address-list=wks
add action=add-src-to-address-list address-list=Flies address-list-timeout=5m \
chain=forward comment="[\CD\B3\BC\C6\BF\CD\BB\A7\BB\FA\CF\C2\D4\D8]" \
disabled=no layer7-protocol=File src-address-list=wks
周期写入log
/system scheduler
add comment="\D4\DA\CF\DF\C8\CB\CA\FD\D0\C5\CF\A2\D0\B4log" disabled=no \
interval=1m name=tongji3 on-event=tongji3 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=dec/16/2012 start-time=01:07:12
/system script
add name=tongji3 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":global prince [:len [/ip firewall address-list find list=(\"wks\"\
)]]\r\
\n:log warning (\"\B5\B1\C7\B0\D7\DC\B9\B2\".\"\$prince\".\"\CC\A8\BB\FA\
\C6\F7\D4\DA\CF\DF\")\r\
\n:global prince [:len [/ip firewall address-list find list=(\"NetTV\")]]\
\r\
\n:log warning (\"\D3\D0\".\"\$prince\".\"\CC\A8\B9\DB\BF\B4\D4\DA\CF\DF\
\CA\D3\C6\B5\")\r\
\n:global prince [:len [/ip firewall address-list find list=(\"Flies\")]]\
\r\
\n:log warning (\"\D3\D0\".\"\$prince\".\"\CC\A8\D4\DA\CF\C2\D4\D8\CE\C4\
\BC\FE\")\r\
\n:global prince [:len [/ip firewall address-list find list=(\"wks\")]]\r\
\n:log warning (\"=========================\")"