Lompat ke konten Lompat ke sidebar Lompat ke footer

Cara Blokir Hostname di Mikrotik

Cara Blokir Hostname, ARP Spoofing dan lain sebagainya di Mikrotik. 

Cara ini bisa kita lakukan untuk mencegah user iseng yang ingin menikmati internet gratis secara tidak sah pada hotspot area kita.



Block Bad Host Name, ARP Spoofing etc.
hostname, edit t1 sampai t15 sesuai nama hostname yang ingin anda blokir
kemudian buat script dan scheduler, jalankan tiap 2 menit
dibuat pada Mikrotik RouterOS v6.33rc30

:foreach i in=[/ip dhcp-server lease find host-name="t1" || host-name="t2" || host-name="t3" \
|| host-name="t4" || host-name="t5" || host-name="t6" || host-name="t7" \
|| host-name="t8" || host-name="t9" || host-name="t10" || host-name="t11" \
|| host-name="t12" || host-name="t13" || host-name="t14" || host-name="t15" ] do={
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
/ip dhcp-server lease make-static [ find ];
/ip dhcp-server lease set [ find where dynamic=no mac-address=$mac ] use-src-mac=yes client-id="1:$mac" \
server=dhcp1 block-access=yes comment=BadHost
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip blocked on dhcp server lease ")
}


Hapus Bad Hostname, ARP Spoofing etc.
kemudian buat script dan scheduler, jalankan tiap 12 jam
:foreach i in=[/ip dhcp-server lease find comment=BadHost ] do={
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
/ip dhcp-server lease remove [ find where comment=BadHost ];
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip Removing from dhcp server lease ")
}
Mudah2an aman dah :)

Opsi lainnya untuk memblokir 'Bad Element' dengan menggunakan Bridge Filter
edit hostname t1 sampai t15
kemudian buat script dan scheduler, jalankan tiap 2 menit
:foreach i in=[/ip dhcp-server lease find host-name="t1" || host-name="t2" || host-name="t3" \
|| host-name="t4" || host-name="t5" || host-name="t6" || host-name="t7" \
|| host-name="t8" || host-name="t9" || host-name="t10" || host-name="t11" \
|| host-name="t12" || host-name="t13" || host-name="t14" || host-name="t15" ] do={
:local ip [/ip dhcp-server lease get $i address ];
:local mac [/ip dhcp-server lease get $i mac-address ];
:local host [/ip dhcp-server lease get $i host-name ];
:if ([/interface bridge filter find src-mac-address="$mac/FF:FF:FF:FF:FF:FF" ] = "") do={
/interface bridge filter add chain=input src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
/interface bridge filter add chain=output src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
/interface bridge filter add chain=forward src-mac-address="$mac/FF:FF:FF:FF:FF:FF"\
mac-protocol=ip action=drop comment=BadHost
:log warning ("Bad Host Name $host " . "with Mac $mac " . "and IP $ip add to bridge filter ")
}
}

# Hapus Bad Host Name, ARP Spoofing etc. #
/interface bridge filter remove [ find comment=BadHost ]

OK, demikian artikel yang dapat saya share hari ini semoga bermanfaat :)


BACA JUGA: