add action=dst-nat chain=dstnat comment="Port Forwarding Jovision DVR access" \
dst-address=<WAN_IP> dst-port=9101 in-interface=WAN protocol=tcp \
to-addresses=<LOCAL_IP> to-ports=9101
How to block website by any name?
you can try this.......
/ip firewall layer7-protocol
add name=prothom regexp="^.+(prothom-alo).*\$"
/ip firewall filter
add action=drop chain=forward layer7-protocol=prothom
Port Number, Protocol Number and Description :
1 — Ping (Packet Internet Groper) and ICMP)
6 — TCP (Transmission Control Protocol)
7 — Echo (Display the Line of Text)
15 — Netstat (Ip Monitoring)
17 — UDP (User Datagram Protocol)
20 — FTP (File Transfer Protocol) Client
21 — FTP Server
22 — SSH (Secure Shell) (Remote Login)
23 — Telnet (Remote Login)
25 — SMTP (Simple Mail Transfer Protocol) (Incoming Service)
34 — RF (Remote File Transfer)
37 — Timeserver
42 — Name Server or (Wins)
43 — WHOIS
53 — DNS (Domain Naming System or Server)
67 — BOOTP (Bootstrap Protocol)
68 — DHCP (Dynamic Host Configuration Protocol)
69 — TFTP (Trivial File Transfer Protocol)
79 — Finger (List the Current User information)
80 — HTTP (Hyper Text Transfer Protocol)
88 — Kerberos (Authentication Protocol)
101 — NIC Host NAME
108 — SNA (IBM System Network Architecture)
109 — POP2 (Post Office Protocol Version2)
110 — POP3 (Post Office Protocol Version3)
111 — Portmap
115 — SFTP (Secure File Transfer Protocol)
118 — SQL Structure Query Languages
119 — NNTP (Network News Transfer Protocol)
123 — NTP (Network Time Protocol)
136 — Profile
137 — NetBIOS Name Service
138 — NetBIOS Datagram Service
139 — NetBIOS Session Service
143 — IMAP (Internet Message Access Protocol)
161 — SNMP (Simple Network Managing Protocol)
167 — NMAP (Network Mapper)
174 — Mailq (Mails)
180 — RIS (Remote Installation Service)
223 — IMAP3 (Internet Mail Accessing Protocol)
389 — LDAP (Lightweight Directory Access Protocol)
443 — HTTPS (Hyper Text Transfer Protocol over Security)
500 — IKE (Internet Key Exchange)
514 — Syslog / UDP
515 — Printer (Printing Service)
519 — Uptime (for load average)
520 — RIP Routing Information Protocol
546 — DHCPV6 Client (Dynamic Host configuration Protocol Version6)
547 — DHCPV7 Server (Dynamic Host configuration Protocol Version6)
565 — Whoami (Present user information)
636 — LDAPS over SSL (Secure Socket Layer)
992 — Telnets over SSL
993 — IMAPS over SSL
995 — POP3S over SSL
2049 — NFS (Network File System in Linux) in Windows GFS (Global File System)
2082 — CPANEL (Web server Third-party Tool)
2095 — CPANEL Webmail
2427 — MCGP (Media Gateway Control Protocol)
3128 — Squid (Proxy) (Firewall Filter)
3268 — AD Global Catalog
3269 — AD Global Catalog over SSL
3306 — My SQL Server
3346 — Transporentproxy
33443 — Trace route
6000 to 6063 — Xwindow (Graphical Window)
8080 — Web cache
10000 — Webmin
How to block all website except gmail and ymail
You can use layer 7 protocols
For accept rule:
Name: Accept
regexp= ^.+(gmail.com|mail.google.com|yahoo.com|login.yahoo.com|in-mg61.mail.yahoo.com).*$
For deny rule:
Name=Block regexp=^.+(.).*$
Need two filters rules
1. action=accept and L7=(Accept)
2. action=drop and L7=Block
if u have any trouble to understanding. inbox me :)
/queue type add name="download_equal" kind=pcq pcq-rate=512k pcq-classifier=dst-address
/queue type add name="upload_equal" kind=pcq pcq-rate=512k pcq-classifier=src-address
/queue simple add queue=upload_equal/download_equal target-addresses=
10.0.0.0/24:
global
checkrate [/
queue
tree
get
total-traffic rate]
:
local
limit 2000000
:
if
( $checkrate < $limit )
do
={
:
log
info
(
"Queue not Exceeded"
)
}
:
if
( $checkrate > $limit )
do
={
:
log
info
(
"Queue Exceeded"
)
/
tool
e-mail
send
server
=
xxx.xxx.xxx.xxx
from
=
"me@myself.com"
to=
"me@myself.com"
subject=(
"Queue Limit Exceed name=total-traffic"
) body=(
"Queue Limit Exceed name=total-traffic, Limit is: "
. $checkrate)
}
Enjoy!