Cara Blokir Hostname, ARP Spoofing dan lain sebagainya di Mikrotik.
Cara ini bisa kita lakukan untuk mencegah user iseng yang ingin menikmati internet gratis secara tidak sah pada hotspot area kita.Block Bad Host Name, ARP Spoofing etc.
hostname, edit t1 sampai t15 sesuai nama hostname yang ingin anda blokir
kemudian buat script dan scheduler, jalankan tiap 2 menit
dibuat pada Mikrotik RouterOS v6.33rc30
:foreach i in=[/ip dhcp-server lease find host-name="t1" || host-name="t2" || host-name="t3" \
|| host-name="t4" || host-name="t5" || host-name="t6" || host-name="t7" \
|| host-name="t8" || host-name="t9" || host-name="t10" || host-name="t11" \
|| host-name="t12" || host-name="t13" || host-name="t14" || host-name="t15" ] do={
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
/ip dhcp-server lease make-static [ find ];
/ip dhcp-server lease set [ find where dynamic=no mac-address=$mac ] use-src-mac=yes client-id="1:$mac" \
server=dhcp1 block-access=yes comment=BadHost
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip blocked on dhcp server lease ")
}
Hapus Bad Hostname, ARP Spoofing etc.
kemudian buat script dan scheduler, jalankan tiap 12 jam
:foreach i in=[/ip dhcp-server lease find comment=BadHost ] do={Mudah2an aman dah :)
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
/ip dhcp-server lease remove [ find where comment=BadHost ];
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip Removing from dhcp server lease ")
}
Opsi lainnya untuk memblokir 'Bad Element' dengan menggunakan Bridge Filter
edit hostname t1 sampai t15
kemudian buat script dan scheduler, jalankan tiap 2 menit
:foreach i in=[/ip dhcp-server lease find host-name="t1" || host-name="t2" || host-name="t3" \
|| host-name="t4" || host-name="t5" || host-name="t6" || host-name="t7" \
|| host-name="t8" || host-name="t9" || host-name="t10" || host-name="t11" \
|| host-name="t12" || host-name="t13" || host-name="t14" || host-name="t15" ] do={
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
:if ([/interface bridge filter find src-mac-address="$mac/FF:FF:FF:FF:FF:FF" ] = "") do={
/interface bridge filter add chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
/interface bridge filter add chain=output src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
/interface bridge filter add chain=forward src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip add to bridge filter ")
}
}
# Hapus Bad Host Name, ARP Spoofing etc. #
/interface bridge filter remove [ find comment=BadHost ]
OK, demikian artikel yang dapat saya share hari ini semoga bermanfaat :)
BACA JUGA:
- Setting Mikrotik Dasar
- Setting Mikrotik Dengan Indihome
- Setting Hotspot di Mikrotik
- Setting Userman / User Manager Mikrotik
ini biasanya dipake diwarnet untuk memblokir ip adddreas dan mac addreas agar tidak jebol.jadi cara ngatasinya biar masuk ke 192.168.1.1 default ADDREAS tanpa terkendala { "HostName" : "192.168.8.11", "cmd" : "", "cmdVersion" : 20150406, "returnCode" : false, "returnMsg" : "Not Supported URL" } itu pencerahanannya MASTER
BalasHapusitu gmna caranya mas ?
Hapus