log

src: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention To stop SSH/FTP attacks on your router, follow this advice. This configuration allows only 10 FTP login incorrect answers per minute in /ip firewall filter  add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \ comment="drop ftp brute forcers" add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \ address-list=ftp_blacklist address-list-timeout=3h This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary. in /ip firewall filter  add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \ comment="drop ssh brute forcers" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src

src: mikrotik reference manual Untuk membagi bandwidth secara merata untuk tiap komputer di LAN: Ubah XX dengan octet ketiga dari LAN address mark traffic: /ip firewall mangle add chain=forward src-address=192.168.XX.0/24 action=mark-connection new-connection-mark=usersXX-con /ip firewall mangle add connection-mark=usersXX-con action=mark-packet new-packet-mark=usersXX chain=forward Buat 2 pcq: pcq-download untuk mengelompokkan traffic berdasar alamat tujuan (dst-address) pcq-download ini berada di interface LAN Fungsi dari pcq-download adalah membuat dynamic queue untuk tiap dst-address (user) yg mendownload ke LAN 192.168.XX.0/24 pcq-upload berada di interface Public dan akan mengelompokkan traffic berdasar alamat asal (src-address) add pcq: /queue type add name=pcqXX-download kind=pcq pcq-classifier=dst-address /queue type add name=pcqXX-upload kind=pcq pcq-classifier=src-address  Buat queue tree utk download traffic (local_interface diganti nama interface ethernet