您的位置:360文档中心› ROS单IP动态限速脚本

ROS单IP动态限速脚本

合集下载

ROS教程及一些防火墙规则和IP限速脚本

ROS教程及一些防火墙规则和IP限速脚本

ros2.96秋风破解版安装教程(修正版)昨天晚上做的教程,因为半夜思路不清晰,做出了一个错误的垃圾教程~首先向下载过教程的朋友道歉~ 这次经过测试给大家重新做个教程~也是刚才到网盟看了一下~贴子还浮在上面~不能对不起大家,所以,不能误导大家,还是乖乖的重新做一个吧~废话少说了~先把需要的软件和部分策略说一下。

ROS2.96秋风破解版下载(网吧电信光纤,大家手下留情!)网通路由表、防火墙策略、自动切换脚本。

(绿字的教程附带,蓝字的请自己下载。

)接下来是说下具体步骤~这样思路会明确一些~1。

安装ROS系统,并选择所有服务。

硬盘接到IDE1,光驱接到IDE0。

BIOS里设置光驱引导系统,我拿虚拟机做演示,顺便虚拟机的使用大家也看下吧!需要安装的服务,全部选择即可。

全选输入A,同意选择输入I,回车,询问你:注意啦,所有数据(功能),都要被安装(选择的),是否继续,输入Y即可。

它又询问,是否保存旧配置,输入N。

接下来开始创建分区,格式化硬盘,安装服务。

提示软件安装完成,按回车重起。

这里多说一句,虚拟机如果安装完ROS后,会自动从硬盘启动,但是真实的计算机,就还是在光驱启动,所以这时候大家该把光盘拿出来了,BIOS里改为硬盘启动,ROS就会独立启动了。

启动后又问了,是否检测硬盘。

通常不必检测了,因为耽误时间。

默认他自动选N。

我们也可以直接输入N的。

他自动选了。

呵呵~2。

登陆ROS,修改网卡名字、填写另外两块网卡的IP信息。

ROS启动好后,在ROS主机上输入账号admin密码为空。

回车。

输入命令/int pri 查看系统检测到几块网卡~电信+网通双线切换路由,当然应该是3块网卡,如果少了,请自行检查问题所在!输入命令/ip address (设置IP命令)输入命令add address=192.168.0.1/24 interface=ether1 设置路由IP,也就是网关~(内网的网关地址)(内网网卡)通常是靠近CPU的为内网网卡,也就是ether1好了,网关设置好了,那我们登陆http://192.168.0.1来下载Winbox刚才我安装过一次,有遗留信息的。

ROS PPPOE全自动智能限速脚本

ROS PPPOE全自动智能限速脚本

PPPOE全自动智能限速脚本PPPOE全自动智能限速脚本#首先建一个脚本A,然后放到计划里执行。

内容如下######################################################################:local RxCurPacket 0:local RxCurAddress 0:local RxCurUser 0:local RxCurRate 0:local TxCurRate 0:local RxMaxRate 450000:local TxMaxRate 800000:local RxCurMax 400:local RxCurMaxb 200:foreach i in=[/interface find mtu=1480] do={/interface monitor $i once do={:set RxCurPacket ($received-packets-per-second+$sent-packets-per-second); :set RxCurRate ($received-bits-per-second); :set TxCurRate ($sent-bits-per-second); :set RxCurAddress [/ppp active get $i address]; :set RxCurUser [/ppp active get $i name]};:if($RxCurMax<$RxCurPacket) do={/ip firewall nat add chain=dstnat src-address=$RxCurAddress action=dst-nat to-addresses=192.168.0.25 to-ports=80 comment=$RxCurUser}; :if($RxCurMaxb<$RxCurPacket) do={/queue simple add name=$RxCurUser target-addresses=$RxCurAddress limit-at=0/0 max-limit=50000/250000 burst-limit=80000/500000 burst-threshold=70000/400000 burst-time=5/10}; :if($RxMaxRate<$RxCurRate) do={/queue simple add name=$RxCurUser target-addresses=$RxCurAddress limit-at=0/0 max-limit=50000/250000 burst-limit=80000/500000 burst-threshold=70000/400000 burst-time=5/10}; :if($TxMaxRate<$TxCurRate) do={/queue simple add name=$RxCurUser target-addresses=$RxCurAddress limit-at=0/0 max-limit=50000/250000 burst-limit=80000/500000 burst-threshold=70000/400000 burst-time=5/10}}:for aa from 1 to 200 do={/queue simple remove (queue . $aa)}############################################################################说明:我的环境是光纤50M 用户在200,所以分给每个人的速度还是比较大的。

网吧用ROS最正确的限速

网吧用ROS最正确的限速

网吧用ROS最正确的限速网吧用简单队列做限速完全是扯蛋。

网吧限速最好的办法应该是带宽均分,然后在用简单队列来限制上传。

在利用小包优先来处理游戏卡的问题。

经过2个网吧,一个月的测试,完全摆脱了到处喊卡的噩梦,现在把经验发来大家分享一下。

ROS不要用简单队列来限速,什么智能动态限速也不要用。

只需要用小包优先+带宽均分+简单队列限制上传速度。

小包优先的脚本如下:1./ ip firewall mangle2.add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="" disabled=no3.add chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no4.add chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no5.add chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=general passthrough=yes comment=""6.7.disabled=no8.add chain=forward packet-size=32-512 action=mark-packet new-packet-mark=all passthrough=yes comment="" disabled=no9.add chain=forward packet-size=512-1200 action=mark-packet new-packet-mark=big passthrough=yes comment=""disabled=no10.11.12./ queue tree13.add name="p2p1" parent=wan packet-mark=p2p limit-at=2000000 queue=default priority=8 max-limit=6000000 burst-limit=014.15.burst-threshold=0 burst-time=0s disabled=no16.add name="p2p2" parent=lan packet-mark=p2p limit-at=2000000 queue=default priority=8 max-limit=6000000 burst-limit=017.18.burst-threshold=0 burst-time=0s disabled=no19.add name="ClassA" parent=lan packet-mark="" limit-at=0 queue=default priority=8 max-limit=100000000 burst-limit=0 burst-20.21.threshold=0 burst-time=0s disabled=no22.add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-23.24.threshold=0 burst-time=0s disabled=no25.add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-26.27.threshold=0 burst-time=0s disabled=no28.add name="Leaf2" parent=ClassB packet-mark=alllimit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-29.30.threshold=0 burst-time=0s disabled=no31.add name="Leaf3" parent=ClassB packet-mark=big limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-32.33.threshold=0 burst-time=0s disabled=no复制代码然后是带宽均分:1./ ip firewall mangle add chain=forward src-address=192.168.0.0/24 \2.action=mark-connection new-connection-mark=users-con3./ip firewall mangle add connection-mark=users-con action=mark-packet \4.new-packet-mark=users chain=forward5./queue type add name=pcq-download kind=pcq pcq-classifier=dst-address6./queue type add name=pcq-upload kind=pcq pcq-classifier=src-address7./queue tree add name=Download parent=lan max-limit=10M8./queue tree add parent=Download queue=pcq-download packet-mark=users9./queue tree add name=Upload parent=wan max-limit=9M10./queue tree add parent=Upload queue=pcq-upload packet-mark=users复制代码请根据直接实际修改IP地址段,下载最大速度,上传最大速度,lan为我连接内网的网卡,wan是我连接外网的网卡限制上传速度的脚本:1.:for aaa from 5 to 253 do={/queue simple add name=(yp . $aaa) dst-address=(192.168.0. . $aaa) limit-at=10000000/30000002.3.max-limit=10000000/3000000}复制代码如果是3.2版本的,这个脚本自己要修改下,就用这3个部分,别的不需要的,绝对比什么智能动态限速好的多.。

ROS限速脚本+封网站端口IP+封迅雷VAGAA

ROS限速脚本+封网站端口IP+封迅雷VAGAA
192.168.0.250
封迅雷只要封住tcp3076和3077
封vagaa
/ ip firewall filter
add chain=forwaent="No VaGaa"
add chain=forward content= action=reject
限速脚本:(KB后面是5个0,MB是6个0)
真正限速脚本为 下载640KB,上传512KB (dst)
:for szwm from 1 to 100 do={/queue ** add name=(sy . $szwm) dst-address=(192.168.0. . $szwm) max-limit=640000/512000 interface=all disabled=no}
640000 就是 640KB(后面有3个0),这样运行完脚本 ,
ROS2.927会自动 除以8 换算出实际 下载是 80KB 上传64KB。
就是你要限制300K 就是300*8=2400+后面加三个0=2400000(脚本的地方就要写这个)
如何封闭某一IP或网站或端口
1、封IP
/ ip firewall filter add chain=forward dst-address=127.0.0.1(请把这里换为你想封的IP) action=drop comment="这里注释,中文的好像不行"
add chain=forward protocol=udp dst-port=2004 action=drop
add chain=forward protocol=tcp dst-port=2005 action=drop

ROS用流量监控动态控制限速点

ROS用流量监控动态控制限速点

ROS用流量监控动态控制限速点1.gifwinbox-ip-firewall-mangle-+2.gif只标识大包3.gifpacket576-1536手工要输入,不是选的.4.gifwinbox-queues-queue types- +5.gif全部做好后,打开这窗口,可以看到rate值会自动改变.6.gifwinbox-queues-queue tree-+7.gifwinbox-system-scripts-+ source里填入本贴后面程序内容,里面数值要改,程序内有说明.8.gifwinbox-system-scheduler-+9.gifwinbox-queues-simple queues-+ 每台机做一个上行限速.######程序开始####################################################################### 程序名称:ROS用流量监控动态控制限速点# 程序版本:测试# 程序员:kuwin Email:kuwin@# 程序版权:免费软件(本程序可自由传播及修改,不必理会原创作者kuwin)# Ros版本:Ros2.8.27 Ros2.9.2 Ros2.9.7# 编写日期:2007-04-29# 修改日期:2007-05-05# 测试人员:kuwin# 测试结果:# 1.控制效果良好;# 2.程序消耗一定的cpu资源,K62-300的cpu资源要用4%-4%(暂停程序只占3%-6%),建议cpu# 要P3-500以上;(2007-05-05改动后已经大幅降低)# 3.Ros显示的流量要比下载软件(讯雷等)上显示的流量要大,原因未明.# 程序评级:无# 简要说明:# 1."预留带宽"是给网络游戏,浏览网页等一些不会抢带宽的程序突发使用,有趣的是,当这# 些程序用了"预留带宽",本程序又会从讯雷,BT等带宽大鳄那里抢回一部分带宽作"预留# 带宽",在恶劣的使用环境下(比如大家都在下载),最后的限制带宽就是"预留带宽". # 建议"预留带宽"值取256000-512000,太小影响网络游戏,浏览网页的速度,太大又会影# 响下载的速度;# 2."最大带宽"取你的路由器出口带宽值;# 3."步进带宽"是本程序自动设置限制带宽时的加减值,1兆路由器出口带宽设5000,2兆设# 10000,10兆设50000,其它按此类推.# 安装方法:# 1.首先要做好简单的PCQ限速,起名"PCQ-Download".上行PCQ限速不明显,建议不要做.# 上行要在queue simple里做单机限速.(很多网站介绍,上baidu搜pcq限速);# 2.winbox,system-scripts,按+,起名SCRIPT_PCQ_SET,source里贴入这里全部内容;# 3.winbox,system-scheduler,按+,起名"SCH_PCQ_SET",interval填00:00:01(这是秒杀,# 可设1-3秒),on event填SCRIPT_PCQ_SET;# 4.程序内字母大小写敏感,请注意;# 5.请特别注意PCQ名"PCQ-Download".还有网卡的名"public"和"local".# 更新说明:# 1.针对PCQ上行限速不明显,已去掉PCQ上行限速,请另作queue simple限速,# 如:limit-at=0/128000 max-limit=0/256000.(2007-05-05)# 2.原来每秒写硬盘一次!现在只有PCQ限速值改变时才会写硬盘.(2007-05-05)# 3.经过前两点修改,cpu使用率大幅下降.(2007-05-05)############################################################################### ######定义变量(注意在Ros2.8中可以不要后面的0):local RxCurRate 0:local RxCurSet 0:local RxResRate 0:local RxMaxRate 0:local RxStepRate 0#下行即时流量#interface monitor public once do={:set RxCurRate $received-bits-per-second}interface monitor local once do={:set RxCurRate $sent-bits-per-second}#下行当前设置:set RxCurSet [/queue type get [/queue type find name="PCQ-Download"] pcq-rate]#下行预留带宽:set RxResRate 256000#下行最大带宽:set RxMaxRate 1024000#下行步进带宽:set RxStepRate 10000#设置下行带宽:if($RxCurRate<($RxMaxRate+-$RxResRate)) do={:if($RxCurSet<$RxMaxRate) do={:set RxCurSet ($RxCurSet+$RxStepRate)/queue type set "PCQ-Download" kind=pcq pcq-rate=$RxCurSet pcq-classifier=dst-address}} else={:if($RxCurSet>$RxResRate) do={:set RxCurSet ($RxCurSet+-$RxStepRate)/queue type set "PCQ-Download" kind=pcq pcq-rate=$RxCurSet pcq-classifier=dst-address}}######程序结束#############################。

ROS 做PCQ脚本集体[按IP]自动限速 +带宽按端口管理流

ROS 做PCQ脚本集体[按IP]自动限速 +带宽按端口管理流

ROS 做PCQ脚本集体[按IP]自动限速 +带宽按端口管理流环境:对于带宽紧张的环境那些有 100M光纤或 30台+10M光纤的用户可以省略了,因为对你们来说这个没有必要了我现在做的是基于 ADSL PPPOE的 ROUTER OS 2.9.7 做的但是光纤用户一样适用我现在开始说说步骤第一:当然最前提的是你的 ROUTER OS 软件路由器能工作了 NAT共享上网成功第2步:在所有经过ROUTER OS的数据包+ 上MARK 就像猎人要杀猎物也要先找到目标阿其次 mark connection 那里是点passthrough,而 mark packet 那里是不点这个选项的Mark connection 和 Mark packet 的顺序搞反了官方手册首先 mark connection 然后在 mark packet第3步:在QUEUE菜单里面选择Queue Types 创作PCQ限速的子项这里就决定了你的限制每个IP多少K的速度(2.9系列可以直接用K单位2.8 的不行)这里多说2句关于 PCQ的块大小,官方默认值是每IP 20个链接计算的,理解下面这2张图非常关键第2张关于块的图是举例的网吧的带宽和银行道理一样总带宽不能平均处以IP数量这个公式不合适你可以想想网吧的客人不可能同时全部去下载或者全部去上传网吧的目标追求网络利用最大化这个IP的限制要看你自己的网吧的需要的1般来说每个IP限制下载最高 512K;上传128K已经可以流畅游戏和视频----------------------------------------------------------------------------------------------另外:这个也和你的开关频繁开启和关闭有关系如果设置得不合理网络带宽浪费严重客户也会对你的网吧的网络速度抱怨的!(这可是得不尝失)注意 parent 那里的选择是内网网卡和外网网卡当作总流量的控制点第4步:做好流量监视触发器就像1个条件过滤器注意2 和3 红色数字那里*要选择对你的外网线路*要注意ABOVE是 > 的意思,就是大于多少K的时候启动这个限制,只要模糊数字就可以如果你的带宽是10M,你可以直接设置 10000000*另外1个就是BELOW 当然就是 < 小于的意思,这里很关键的地方就是你刚才设置的每IP限制数了你们看第2张图的2那里,你这个BELOW的数值一定要 < 它不然你在限速的时候客户的机器就会1会快1会慢的,其中的道理你们慢慢体会就会理解第5步:做1个执行这个限制的脚本很简单的就2行,但是注意脚本的名字要和你的在第四张图EVEN里面的一致(如果你想我拷贝那几句命令出来给你,你就不要看了,这么懒的都有的!)做到这里这个PCQ 脚本限速就做好了排除服务器等机器,不受PCQ限制做了PCQ,全部机子都是一样速度,连自己用的主机也慢啊,下电影慢死了,网吧只有一个网段,192.168.0.X,怎么样才能单独分某几个IP出来?以下为设置的例子,超级感谢,能用看我的例子 192.168.0.20 和192.168.0.21不受限制/ ip firewall mangleadd chain=prerouting src-address=192.168.0.252 action=mark-connection \??? new-connection-mark=nopcqlimit passthrough=yes comment="" disabled=noadd chain=prerouting src-address=192.168.0.228 action=mark-connection \??? new-connection-mark=nopcqlimit passthrough=yes comment="" disabled=noadd chain=prerouting connection-mark=nopcqlimit action=accept comment="" \ ??? disabled=no把这个脚本允许下,接这到第一部那里,把顺序拉下调整下,请看下图再发图吧: 怎么保证和按优先级管理流量?怎么保证和按优先级管理流量?概述队列树通常的应用,是用来限定特殊用户,协议和端口等等。

ROS时间段限速和动态限速

ROS时间段限速和动态限速

:if([:pick [/system clock get date] 4 7]="29/") do={:for szwm from=2 to=254 do={queue simple disable ("C" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="29/") do={:for szwm from=2 to=254 do={queue simple disable ("A" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="21/") do={:for szwm from=2 to=254 do={queue simple enable ("C" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="21/") do={:for szwm from=2 to=254 do={queue simple disable ("A" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="7/") do={:for szwm from=2 to=254 do={queue simple disable ("B" . $szwm)} }
:if([:pick [/system clock get date] 4 7]="8/") do={:for szwm from=2 to=254 do={queue simple enable ("B" . $szwm)} }

ros动态限速脚本l

ros动态限速脚本l

ros动态限速脚本l网吧因客流比较大,所以网络流量变化也很大,单纯的单机限速,会造成大量的带宽被浪费掉.所以我们现在来考虑动态限速.我们简单的分为4个限速阶段,以30M带宽为例.1 不限速2 单机2M限速3 单机1M限速4 单机512K限速一限速策略的创建需要分2步1 建立新的队列类型/queue typeadd name="down_512k" kind=pcq pcq-rate=512000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="down_1M" kind=pcq pcq-rate=1000000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="down_2M" kind=pcq pcq-rate=2000000 pcq-limit=50 \pcq-classifier=dst-address pcq-total-limit=2000add name="up_512K" kind=pcq pcq-rate=512000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=2000add name="up_1M" kind=pcq pcq-rate=1000000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=2000add name="up_2M" kind=pcq pcq-rate=2000000 pcq-limit=50 \pcq-classifier=src-address pcq-total-limit=20002 建立新的简单队列简单队列的顺序一定要注意:按照512K在上,2M在下的原则排序(先小后大).因为此队列的执行原则是,先执行最上面的,后面的将被抛弃./ queue simpleadd name="PCQ_512K" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=down_512k/up_512K limit-at=0/0 \max-limit=0/0 total-queue=default-small disabled=yesadd name="PCQ_1M" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=up_1M/down_1M limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=yesadd name="PCQ_2M" dst-address=192.168.0.0/24 interface=Lan parent=none \ direction=both priority=8 queue=up_2M/up_1M limit-at=0/0 max-limit=0/0 \total-queue=default-small disabled=yes二脚本的制作实际就是简单的允许某策略或不允许某策略,类似在winbox选中某策略,并点叉号或对号.这里操作的是前面建立的简单队列.来达到限速策略的开与关./ systemadd name="off512k" source="/queue sim disable PCQ_512k" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on512k" source="/queue sim enable PCQ_512k" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="off1m" source="/queue sim disablePCQ_1M" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on1m" source="/queue sim enable PCQ_1M" \ policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="off2m" source="/queue sim disable PCQ_2M" \ policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="on2m" source="/queue sim enable PCQ_2M" \ policy=ftp,reboot,read,write,policy,test,winbox,password三流量监控我们使用ROS自带的工具"通信监控"(tool traffic-monitor)来监视我们的网络流量.当流量达到一定数值,会自动运行前面制作的脚本.请注意:接口一定要选择你的外网网卡.这里的数据可根据实际情况修改,我是以自己30M带宽为例。

ROS限速 防syn ip伪装 mac绑定防火墙屏蔽端口

ROS限速 防syn ip伪装 mac绑定防火墙屏蔽端口
以下操作全部在WINBOX界面里完成
介绍:可以实现在总速度不超过9M的情况下自动关闭所有生成的限速规则在总速度超过18M的时候自动启动所有生成的限速规则。
说明:在输入脚本内容时不要把两边的()带上,那个是为了区分非脚本字符。
总速度=你的外网网卡当前速度。
打开 /system/scripts
RO防syn
ip-firewall-connections
Tracking:TCP Syn Sent Timeout:50
TCP syn received timeout:30
限线程脚本:
:for aaa from 2 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $aaa) protocol=tcp connection-
最重要的,就是,基本每次都能拨上来。可能有很多人说我能拨你家电信,为啥不
能拨网通,我来告诉你答案因为isp的关系。在这里我就不详细说明了。。。。
拨好的时候我就不说了,如果有问题在来问我。。。
检查磁盘
在路由或终端模拟下用下面命令:
system
check-disk
检查磁盘,要重启。 但是很慢,一分钟一G。。。哈哈
192.168.1.101 然后是/32(这里的32不是指掩码了,个人理解为指定的意思)!
②interface里 记着要选你连接外网那个卡,我这里分了“local和public”,所以选public
③ 其他的不管,我们来看最重要的东西拉,Max limit ,这个东西是你限制的上限,注意的是这里的数值是比特位,比如我要限制下载的速度为

可以优化解决大型网络游戏卡的ROS限速脚本

可以优化解决大型网络游戏卡的ROS限速脚本

可以优化解决大型网络游戏卡的ROS限速脚本ros软路由一直是网吧用的比较多的软路由。

的确,ros防ddos攻击还是比较有用的。

网上有很多的ros软路由教程,今天这个算是ros限速脚本吧。

安装就不说了,大家可以参照网上很多的ros软路由教程来安装。

这个ros限速脚本事针对大型网络游戏卡而写的。

ip firewall mangleadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment=""disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=noadd chain=forward p2p=all-p2p action=mark-connection \new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet \new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet \new-packet-mark=general passthrough=yes comment="" disabled=no add chain=forward packet-size=32-512 action=mark-packetnew-packet-mark=all \passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packetnew-packet-mark=big \passthrough=yes comment="" disabled=no直接复制上面。

ROS命令大全

ROS命令大全

ROS通用脚本一:限速脚本:for wbsz from 1 to 254 do={/queue simple add name=(wbsz . $wbsz)dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K} 二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forwardsrc-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ" 十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz] 十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV" add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(没事不要用)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ" ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=dropcomment="Backdoor.GrayBird.ad"add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"================================================================================ ================================================================================ ==================================以上脚本使用说明:用winbox.exe 登陆找到 System -- Script - 点击+ 将对应脚本复制其中后,点击 Run Script即脚本一、导出 ARP 列表ip arp export file arp这样就能将所有ARP列表导出到 arp.rsc 文件。

ROS 完美限制速度

ROS 完美限制速度
Name(脚本名程)
Source(脚本)
OK-选择要运行的脚本-Run Script
ROS限速的极致应用
一般我们用ros限速只是使用了max-limit,其实ros限速可以更好的运用。比如我们希望
客户打开网页时速度可以快一些,下载时速度可以慢一些。ros2.9就可以实现。
max-limit------我们最常用的地方,最大速度
General-In. Interface all(如果你是拨号的就选择pppoe的、固定IP选择all即可)
Dst. Address:外网IP/32
Dst. Port:要映射的端口
Protocol:tcp(如果映射反恐的就用udp)
Action action:nat
TO Dst.Addresses:你的内网IP
$aaa)]})
脚本名:node_off
脚本内容:(:for aaa from 1 to 254 do={/queue sim dis [find name=(ip_ .
$aaa)]})
scripts(脚本部分)以完成
打开 /tools/traffic monitor
新建:
名:node_18M traffic=received trigger=above on event=node_on
2 to 254是2~254
192.168.0. . $aaa是IP
上两句加起来是192.168.0.2~192.168.0.254
connection-limit=50是线程数这里为50
max-limit=2000000/2000000是上行/下行
使用:
WinBox-System-Scripts-+

ROS最正确的限速

ROS最正确的限速

ROS最正确的限速--------小包优先+带宽均分+简单队列限制上传速度注意:本文针对10M带宽做出的限速说明,请根据自己的实际带宽更改相应的限速设置================================= START ========================一、小包优先的脚本如下:/ip firewall mangleadd chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=noadd chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=noadd chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=general passthrough=yes comment="" disabled=noadd chain=forward packet-size=32-512 action=mark-packet new-packet-mark=small passthrough=yes comment="" disabled=noadd chain=forward packet-size=512-1200 action=mark-packet new-packet-mark=big passthrough=yes comment="" disabled=no/ queue treeadd name="p2pW" parent=WAN packet-mark=p2p limit-at=400000 queue=default priority=8 max-limit=400000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="p2pL" parent=LAN packet-mark=p2p limit-at=400000 queue=default priority=8 max-limit=400000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="ClassA" parent=LAN packet-mark="" limit-at=0 queue=default priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="Leaf2" parent=ClassB packet-mark=big limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name="Leaf3" parent=ClassB packet-mark=small limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no二、然后是带宽均分:这个例子示范了如何将10Mbps下载2Mbps上传,均分给网络10.10.12.0/24中的活动的用户# 所有来自本地网络192.168.0.0/24的流,标记一个用户标记/ip firewall mangle add chain=forward src-address=192.168.10.0/24 \action=mark-connection new-connection-mark=users-con/ip firewall mangle add connection-mark=users-con action=mark-packet \new-packet-mark=users chain=forward# 添加两个新的PCQ类型。

ROS动态限速

ROS动态限速

ROS动态限速/ ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all-mark passthrough=yes/ queue type add name="PCQ-up" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000/ queue type add name="PCQ-down" kind=pcq pcq-rate=1600000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000/ queue tree add name="PCQdown" parent=wan queue=PCQ-down packet-mark=all-mark/ queue tree add name="PCQup" parent=wan queue=PCQ-up packet-mark=all-mark/ queue simpleadd name="PCQ0" target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 \interface=all parent=none packet-marks=all-mark direction=both priority=1 \queue=PCQ-up/PCQ-down limit-at=0/0 max-limit=100000000/100000000 \total-queue=default-small disabled=yes/ queue simpleadd name="PCQ1" target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 \interface=all parent=none packet-marks=all-markdirection=both priority=1 \queue=PCQ-up/PCQ-down limit-at=0/0 max-limit=100000000/100000000 \total-queue=default-small disabled=yes/ tool traffic-monitoradd name="PCQdownon" interface=wan traffic=received trigger=above threshold=40000000 on-event=enable1 comment="" disabled=noadd name="PCQdownoff" interface=wan traffic=received trigger=below threshold=5000000 on-event=disable1 comment="" disabled=no/ system scriptadd name="disable0" source=":if \(\[ /queue simple get \[/queue simple find \name=\"PCQ0\"\] disable \]=false \) do={/queue simple disable PCQ0}" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="disable1" source=":if \(\[ /queue simple get \[/queue simple find \name=\"PCQ1\"\] disable \]=false \) do={/queue simple disable PCQ1}" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="enable0" source=":if \(\[ /queue simple get \[/queue simple find \name=\"PCQ0\"\] disable \]=true \) do={/queue simple enable PCQ0}" \policy=ftp,reboot,read,write,policy,test,winbox,passwordadd name="enable1" source=":if \(\[ /queue simple get \[/queue simple find \name=\"PCQ1\"\] disable \]=true \) do={/queue simple enable PCQ1}" \policy=ftp,reboot,read,write,policy,test,winbox,password。

ROS软路由限速脚本

ROS软路由限速脚本
queue=PCQ-up/PCQ-down limit-at=0/0 max-limit=15000000/15000000 \
total-queue=default-small disabled=yes
到这里就是建立动态限速的策略了!192.168.0.0/24 改为你IP段!max-limit=15000000/15000000 这里
把最后一段替换成这段就是由时间段控制开关PCQ了!
add name="PCQON" interface=WAN traffic=received trigger=above \
threshold=14800000 on-event=PCQON comment="" disabled=no
add name="PCQOFF" interface=WAN traffic=received trigger=below \
的静态限速,这样一算,1.5*5=7.5M了,再加上玩网游的人,基本上就稳定在10M左右了!
然后再设置一个脚本,当总流量少于6M的话(也就算没那么多人下载了,流量下来了)那么1.5M的静态限
速脚本就会自动关闭,又打开了本来3M的限速了!
基本上原理就是这样。通过这个原理,网吧宽带利用就会越来越合理!
/system scheduler add name=timeoff interval=24h start-time=23:59:59 on-event={PCQOFF}
disabled=no
==============================================================
add name="PCQ-down" kind=pcq pcq-rate=1500000 pcq-limit=50 \

另类ROS限速让限速更稳定更智能!

另类ROS限速让限速更稳定更智能!

另类ROS限速让限速更稳定更智能!动态限速ROS动态限速(检查外部网络的总速度以切换限速)不用多说,让我们先看看脚本原理:WINBOX界面中引入了以下操作:在总速度不超过9M的情况下,所有生成的限速规则可以自动关闭,在总速度超过18M的情况下,所有生成的限速规则可以自动启动说明:输入文字内容时,不要两边都放()总速度=网卡的当前速度Open /system/scripts脚本::对于aaafrom1到254 do = {/queuesimladname =(IP _。

$ AAA)dst-地址= (192.168.0..$ aaa)接口= wanmax-limit = 256000/800000突发限制= 1000000/300000突发阈值= 128000/512000突发时间= 30s/1m}以上是由速度限制树生成的网段中所有IP的速度限制列表!让我们言归正传:脚本名称:node_on脚本内容:(:对于aaafrom1到254 do = {/queuesim[find name =(IP _ 1)。

$ aaa)]$ aaa)]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =:对于aaa从1到25$ AAA)dst-地址=(192.168.0。

$ AAA)limit-at = 500000/500000 max-limit = 3000000/3000000 }/IP防火墙损坏add chain = pre routing action = mark-packet new-packet-mark = all-mark \ \ pass through = yes comment = \/queue typeadd name = \ pcq-classifier = src-address pcq-total-total threshold = 14800000 on-event = PCQON comment = \ add name = \ AN traffic = received trigger = below \ \ threshold = 5000000 on-event = PCQOF comment = \ = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =需要修改以下说明!以下是注15M。

ROS脚本大全(通用) – CentOS教程

ROS脚本大全(通用) – CentOS教程

ROS脚本大全(通用) – CentOS教程ROS脚本大全(通用)一:限速脚本:for wbsz from 1 to 254 do={/queue simple addname=(wbsz . $wbsz) dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K}二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter addchain=forward src-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32 action=drop}三:端口映射ip firewall nat add chain=dstnatdst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment=”Blockade QQ”五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21九:增加本ROS管理用户/user add name=wbsz password=admin group=full十:删除限速脚本:for wbsz from 1 to 254 do={/queue simple remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32action=drop comment=”Blockade QQ”十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24p2p=all-p2p action=drop comment=”No P2P”十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz]十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=dropcomment=”No Ping”十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment=”No Emule”add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment=”No PPlive TV”add chain=forward protocol=udp dst-port=4004action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment=”No QQLive”二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881action=drop comment=”No BitSpirit”二十一:禁QQ聊天(一般公司才需要)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment=”No Tencent QQ”ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24action=dropadd chain=forward dst-address=61.152.100.0/24action=dropadd chain=forward dst-address=61.141.194.0/24action=dropadd chain=forward dst-address=202.96.170.163/32action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=reject add chain=forward content=tcpconn2.tencent action=reject add chain=forward content=tcpconn3.tencent action=reject add chain=forward content=tcpconn4.tencent action=reject add chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=drop comment=”Backdoor.GrayBird.ad”add chain=forward dst-address=80.190.240.125action=dropadd chain=forward dst-address=203.209.245.168action=dropadd chain=forward dst-address=210.192.122.106action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37action=dropadd chain=forward dst-address=210.192.122.107action=dropadd chain=forward dst-address=61.147.118.198action=dropadd chain=forward dst-address=219.238.233.11action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139action=drop comment=”No 3B”以上脚本使用说明:用winbox.exe 登陆找到System — Script –点击+ 将对应脚本复制其中后,点击Run Script即脚本安装成功!。

ROS通用脚本大全

ROS通用脚本大全

ROS脚本大全一:限速脚本:for wbsz from 1 to 254 do={/queue ** add name=(wbsz . $wbsz) dst-address=(192.168.0. . $wbsz) limit-at=1024K/1024K max-limit=1024K/1024K}二:限制每台机最大线程数:for wbsz from 1 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $wbsz) protocol=tcp connection-limit=50,32 action=drop}三:端口映射ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat四:封端口号/ ip firewall filterad ch forward pr tcp dst-po 8000 act drop comment="Blockade QQ"五:更变telnet服务端口/ip service set telnet port=23六:更变SSH管理服务端口/ip service set ssh port=22七:更变www服务端口号/ip service set www port=80八:更变FTP服务端口号/ip service set ftp port=21九:增加本ROS管理用户/user add name=wbsz password=admin group=full十:删除限速脚本:for wbsz from 1 to 254 do={/queue ** remove (wbsz . $wbsz) }十一:封IP脚步本/ ip firewall filteradd chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ"十二:禁P2P脚本/ ip firewall filteradd chain=forward src-address=192.168.0.0/24 p2p=all-p2p action=drop comment="No P2P"十三:限制每台机最大的TCP线程数(线程数=60)/ ip firewall filteradd chain=forward protocol=tcp connection-limit=60,32 action=drop \disabled=no十四:一次性绑定所有在线机器MAC:foreach wbsz in=[/ip arp find dynamic=yes ] do=[/ip arp add copy-from=$wbsz]十五:解除所以绑定的MAC:foreach wbsz in [/ip arp find] do={/ip arp remove $wbsz}十六:禁Ping/ ip firewall filteradd chain=output protocol=icmp action=drop comment="No Ping"十七:禁电驴/ ip firewall filteradd chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule" add chain=forward protocol=tcp dst-port=4242 action=dropadd chain=forward dst-address=62.241.53.15 action=drop十八:禁PPLIVE/ ip firewall filteradd chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV"add chain=forward protocol=udp dst-port=4004 action=dropadd chain=forward dst-address=218.108.237.11 action=drop十九:禁QQ直播/ ip firewall filteradd chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive" 二十:禁比特精灵/ ip firewall filteradd chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"二十一:禁QQ聊天(一般公司才需要)/ ip firewall filteradd chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ"ad ch forward pr tcp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropad ch forward pr udp dst-po 8000 act dropadd chain=forward dst-address=61.144.238.0/24 action=dropadd chain=forward dst-address=61.152.100.0/24 action=dropadd chain=forward dst-address=61.141.194.0/24 action=dropadd chain=forward dst-address=202.96.170.163/32 action=dropadd chain=forward dst-address=202.104.129.0/24 action=dropadd chain=forward dst-address=202.104.193.20/32 action=dropadd chain=forward dst-address=202.104.193.11/32 action=dropadd chain=forward dst-address=202.104.193.12/32 action=dropadd chain=forward dst-address=218.17.209.23/32 action=dropadd chain=forward dst-address=218.18.95.153/32 action=dropadd chain=forward dst-address=218.18.95.165/32 action=dropadd chain=forward dst-address=218.18.95.220/32 action=dropadd chain=forward dst-address=218.85.138.70/32 action=dropadd chain=forward dst-address=219.133.38.0/24 action=dropadd chain=forward dst-address=219.133.49.0/24 action=dropadd chain=forward dst-address=220.133.40.0/24 action=dropadd chain=forward content=sz.tencent action=rejectadd chain=forward content=sz2.tencent action=rejectadd chain=forward content=sz3.tencent action=rejectadd chain=forward content=sz4.tencent action=rejectadd chain=forward content=sz5.tencent action=rejectadd chain=forward content=sz6.tencent action=rejectadd chain=forward content=sz7.tencent action=rejectadd chain=forward content=sz8.tencent action=rejecadd chain=forward content=sz9.tencent action=rejecadd chain=forward content=tcpconn.tencent action=rejectadd chain=forward content=tcpconn2.tencent action=rejectadd chain=forward content=tcpconn3.tencent action=rejectadd chain=forward content=tcpconn4.tencent action=rejectadd chain=forward content=tcpconn5.tencent action=rejectadd chain=forward content=tcpconn6.tencent action=rejectadd chain=forward content=tcpconn7.tencent action=rejectadd chain=forward content=tcpconn8.tencent action=rejectadd chain=forward content=qq action=rejectadd chain=forward content=www.qq action=reject二十二:防止灰鸽子入浸/ ip firewall filteradd chain=forward protocol=tcp dst-port=1999 action=drop comment="Backdoor.GrayBird.ad" add chain=forward dst-address=80.190.240.125 action=dropadd chain=forward dst-address=203.209.245.168 action=dropadd chain=forward dst-address=210.192.122.106 action=dropadd chain=forward dst-address=218.30.88.43 action=dropadd chain=forward dst-address=219.238.233.110 action=dropadd chain=forward dst-address=222.186.8.88 action=dropadd chain=forward dst-address=124.42.125.37 action=dropadd chain=forward dst-address=210.192.122.107 action=dropadd chain=forward dst-address=61.147.118.198 action=dropadd chain=forward dst-address=219.238.233.11 action=drop二十三:防三波/ ip firewall filteradd chain=forward protocol=tcp dst-port=135-139 action=drop comment="No 3B"以上脚本使用说明:用winbox.exe 登陆找到System -- Script - 点击+ 将对应脚本复制其中后,点击Run Script 即脚本安装成功!。

ROS限速

ROS限速

ROS限速、防syn、ip伪装、mac绑定、防火墙、屏蔽端口节省磁盘资源!:foreach i in=[/system logging facility find local=memory ] do=[/system logging facility set $i local=none]RO防synip-firewall-connectionsTracking:TCP Syn Sent Timeout:50TCP syn received timeout:30限线程脚本::for aaa from 2 to 254 do={/ip firewall filter add chain=forwardsrc-address=(192.168.0. . $aaa) protocol=tcp connection-limit=50,32 action=drop}RO端口的屏蔽ip-firewall-Filer Rules里面选择forward的意思代表包的转发firewall rule-GeneralDst.Address:要屏蔽的端口Protocol:tcpAction:drop(丢弃)ros限速手动限速winbox---queues----simple queues点“+”,NAME里随便填,下面是IP地址的确定①Target Address 不管,Dst. Address里填你要限制的内网机器的IP,比如我这里有个 1号机器 IP为 192.168.1.101,那dst.address 里就填192.168.1.101 然后是/32(这里的32不是指掩码了,个人理解为指定的意思)!②interface里记着要选你连接外网那个卡,我这里分了“local和public”,所以选public③ 其他的不管,我们来看最重要的东西拉,Max limit ,这个东西是你限制的上限,注意的是这里的数值是比特位,比如我要限制下载的速度为 500K 那么就填入多少呢? 500 X 1000 X 8=400 0000=4M。

相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
:if ([:len [/queue simple find name=$tadd]] > 0) do={
/queue simple set $tadd target-addresses=[:tostr ($tadd . "/32")] \
limit-at=[:tostr ($TxCurSet . "/" . $RxCurSet)] \
#临时存放地址的变量
:global tadd
#临时的循环变量
:global i 0
#检测的下行总流量合计
:global RxCurRate 0
#检测的上行总流量合计
:global TxCurRate 0
#临时存放总流量的变量
:global CurRate 0
#下行步进值
:global RxStepRate 0
#总下行流量下阀值(30M)
:global RxDwSwRate 30000000
#初始限定的单IP上行带宽(1.2M)
:global TxCurSet 1200000
#单IP最大上行带宽(2M)
:global TxMaxRate 2000000
#单IP最小上行带宽(500K)
:global TxMinRate 500000
:set RxCurRate ($RxCurRate + $CurRate)
/interface monitor-traffic wan once do={:set CurRate $"sent-bits-per-second"}
:set TxCurRate ($TxCurRate + $CurRate)
burst-threshold=[:tostr (($TxCurSet - $TxStepRate) . "/" . ($RxCurSet - $RxStepRate))] \
total-queue=ethernet-default \
burst-time=30/30
} else={
/queue simple add name=$tadd target-address=[:tostr ($tadd . "/32")] \
limit-at=[:tostr ($TxCurSet . "/" . $RxCurSet)] \
max-limit=[:tostr (($TxCurSet + $TxStepRate) . "/" . ($RxCurSet + $RxStepRate))] \
burst-limit=[:tostr (($TxCurSet * 2) . "/" . ($RxCurSet * 2))] \
#*********使用方法**********
#网关广域网口名:wan ;局域网口名: lan
#在 \ip firewall address-list> 下依次添加需限速的每个IP地址到“userlist”的地址列表(即使是连续的地址,也要一个一个添加),如要添加IP:192.168.0.8,执行如下命令:
:if ($RxCurRate>$RxUpSwRate) do={:set RxCurSet ($RxCurSet - $RxStepRate);}
:if ($TxCurRate<$TxDwSwRate) do={:set TxCurSet ($TxCurSet + $TxStepRate);}
#总上行流量上阀值(50M)
:global TxUpSwRate 50000000
#总上行流量下阀值(30M)
:global TxDwSwRate 30000000
#限速用户IP地址列表名称
:global ListName "userlist"
#临时存放地址列表项的变量
:global ul
:delay $Invs
}
:set RxCurRate ($RxCurRate / $ChkTimes)
:set TxCurRate ($TxCurRate / $ChkTimes)
:set OldRxSet $RxCurSet
:set OldTxSet $TxCurSet
:if ($RxCurRate<$RxDwSwRate) do={:set RxCurSet ($RxCurSet + $RxStepRate);}
max-limit=[:tostr (($TxCurSet + $TxStepRate) . "/" . ($RxCurSet + $RxStepRate))] \
burst-limit=[:tostr (($TxCurSet * 2) . "/" . ($RxCurSet * 2))] \
:if ($TxCurSet<$TxMinRate) do={:set TxCurSet $TxMinRate;}
:if ($TxCurSet>$TxMaxRate) do={:set TxCurSet $TxMaxRate;}
}
:set RxStepRate ($RxCurSet / 3);
:set TxStepRate ($TxCurSet / 3);
:foreach ul in=[/ip firewall address-list find list=userlist] do={
:set tadd [/ip firewall address-list get $ul address]
:if ($TxCurRate>$TxUpSwRate) do={:set TxCurSet ($TxCurSet - $TxStepRate);}
:if ($RxCurSet<$RxMinRate) do={:set RxCurSet $RxMinRate;}
:if ($RxCurSet>$RxMaxRate) do={:set RxCurSet $RxMaxRate;}
:global RxCurSet 10000000
#单IP最大下行带宽(10M)
:global RxMaxRate 10000000
#单IP最小下行带宽(5M)
:global RxMinRate 5000000
#总下行流量上阀值(60M)
:global RxUpSwRate 60000000
#优点:1.脚本不会因频烦调整限速值而占用大量CPU时间。
# 2.simple queue限速可以进行burst(突发)设置,在打开网页等应用中比PCQ限速用户体验更好。
# 3.每个IP建立对应的simple queue限速项,可以通过该项查看每个IP的即时流量和历史流量累计。
#上行步进值
:global TxStepRate 0
#临时存放旧下行限定
:global OldRxSet 0
#临时存放旧上行限定
:global OldTxSet 0
:while ($IsRun) do={
:if (($OldRxSet!=$RxCurSet)||($OldTxSet!=$TxCurSet)) do={
#定义变量(具体数值要根据网络带宽和实际效果进行调整,现有数值是100M光纤带600用户的设置)
#脚本停止开关
:global IsRun true
#循环检测WAN口流量间隔秒数
:global Invs 5;
#循环检测WAN口流量次数
:global ChkTimes 60
#初始限定的单IP下行带宽(10M)
# /ip firewall address-list add list=userlist address=192.168.0.8
#脚本运行后会一直循环,当有新IP加入这个列表后,下一次改变限速值时会自动在 \queue simple>下建立相应的限速项目
#*********以下是脚本内容*********
}
}
:set RxCurRate 0
:set TxCurRate 0
:for i from=1 to=$ChkTimes do={
/interface monitor-traffic wan once do={:set CurRate $"received-bits-per-second"}
#*********脚本功能**********
#脚本在全局变量“Invs”的控制下,每隔“Invs”秒获取一次wan口发送与收到的流量。
#连取"ChkTimes"次后取平均值,即wan口在ChkTimes次采样中的平均发送与收到流量。
#然后根据总上/下行流量阀值调整每个IP QUEUE的限速值。
#注意:这个脚本是在ROS 3.0以上环境运行的,要在3.0以下运行,在脚本中找到以下两行,将其中的双引号删除即可。
# /interface monitor-traffic wan once do={:set CurRate $"received-bits-per-second"}
# /interface monitor-traffic wan once do={:set CurRate $"sent-bits-per-second"}
burst-threshold=[:tostr (($TxCurSet - $TxStepRate) . "/" . ($RxCurSet - $RxStepRate))] \
相关文档
最新文档