偶看新闻博格级轻型航母:RouterOS监控脚本,断线报警,线路恢复自动解除报警
来源:百度文库 编辑:偶看新闻 时间:2024/04/28 02:05:31
RouterOS监控脚本,断线报警,线路恢复自动解除报警:
在/system script里添加脚本
name=你要监控的ip
内容如下
:set i 0
:while ($i=0) do={:beep length=2s frequency=2755;:delay 5;:set a abc;\
:foreach i in=[/tool netwatch find host=你要监控的ip] \
do={:set a [/tool netwatch get $i status]};:put $a;:if($a=up) do={:set i 1}}
然后再在/tool netwatch里添加监控
host=你要监控的ip
在down里填写
/system script run 你要监控的ip
:set shendown1 [/system clock get date]
:set shendown2 [/system clock get time]
:set shendown ("你要监控的ip down " . $shendown1 . " " . $shendown2)
:log warning $shendown
ROS小包策略:
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="" disabled=no
add chain=forwar* *2*=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no
add chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=general passthrough=yes comment="" disabled=no
add chain=forward packet-style='font-size:16px'2-512 action=mark-packet new-packet-mark=small passthrough=yes comment="" disabled=no
add chain=forward packet-style='font-size:24px'12-1200 action=mark-packet new-packet-mark=big passthrough=yes comment="" disabled=no
/ queue tree
add name="p2p1" parent=wan packet-mark=p2p limit-at=600000 queue=default priority=8 max-limit=800000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="p2p2" parent=lan packet-mark=p2p limit-at=800000 queue=default priority=8 max-limit=600000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassA" parent=lan packet-mark="" limit-at=0 queue=default priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf2" parent=ClassB packet-mark=small limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf3" parent=ClassB packet-mark=big limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
ROS封杀常用P2P策略脚本:
/ ip firewall filter
add chain=input protocol=udp dst-port=137-138 action=drop comment="drop udp137-138"
# 讯雷
add chain=forward protocol=tcp dst-port=3076-3079 action=drop comment="downTools Xunlei" disabled=yes
add chain=forward dst-address=202.96.155.91/32 action=drop
add chain=forward dst-address=210.22.12.53/32 action=drop
add chain=forward dst-address=61.128.198.97/32 action=drop
# 电骡
add chain=forward protocol=tcp dst-port=4661 action=drop comment="downP2P VeryCD"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
# 屁屁狗(PPGOU)
add chain=forward protocol=tcp dst-port=8505 action=drop comment="downTools PPGOU"
add chain=forward dst-address=219.153.0.152/32 action=drop
add chain=forward dst-address=61.145.116.186/32 action=drop
# KUGO酷狗
add chain=forward protocol=tcp dst-port=3318 action=drop comment="downMP3 KUGO" disabled=yes
add chain=forward protocol=tcp dst-port=1043 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=4224 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=2371 action=drop disabled=yes
add chain=forward protocol=udp dst-port=7000 action=drop disabled=yes
add chain=forward dst-address=218.16.125.227/32 action=drop disabled=yes
add chain=forward dst-address=61.143.210.56/32 action=drop disabled=yes
add chain=forward dst-address=218.16.125.226/32 action=drop disabled=yes
add chain=forward dst-address=61.129.115.206/32 action=drop disabled=yes
add chain=forward dst-address=61.145.114.33/32 action=drop disabled=yes
# RF online
add chain=forward dst-address=218.30.85.16/32 dst-port=8888 action=accept comment="RF online"
add chain=forward dst-address=59.34.215.133/32 dst-port=8888 action=accept
add chain=forward dst-address=60.28.26.66/32 dst-port=8888 action=accept
# 比特精灵
add chain=forward protocol=tcp dst-port=16881 action=drop comment="downP2P BitSpirit"
add chain=forward protocol=tcp dst-port=6881-6890 action=drop
add chain=forward protocol=tcp dst-port=8881-8890 action=drop
add chain=forward protocol=udp dst-port=16881 action=drop
add chain=forward protocol=udp dst-port=6881-6890 action=drop
add chain=forward protocol=udp dst-port=8881-8890 action=drop
# 宝酷
add chain=forward protocol=tcp dst-port=6346 action=drop comment="downP2P BaoCue"
add chain=forward protocol=tcp dst-port=11300 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
add chain=forward dst-address=218.1.14.3/32 action=drop
add chain=forward dst-address=218.1.14.4/32 action=drop
add chain=forward dst-address=218.1.14.9/32 action=drop
add chain=forward dst-address=61.172.197.209/32 action=drop
add chain=forward dst-address=61.172.197.197/32 action=drop
add chain=forward dst-address=218.1.14.5/32 action=drop
add chain=forward dst-address=218.5.72.118/32 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
# 百事通下载工具
add chain=forward dst-address=61.145.126.150/32 action=drop comment="downP2P Bai****ong"
# 百度MP3下载
add chain=forward dst-address=202.108.156.206/32 action=drop comment="downMP3 BaiDuMP3" disabled=yes
# PTC下载工具
add chain=forward protocol=tcp dst-port=50007 action=drop comment="downP2P PTCdown"
# eDonkey2000下载工具
add chain=forward protocol=tcp dst-port=4371 action=drop comment="downP2P eDonkey2000"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
add chain=forward dst-address=62.241.53.17/32 action=drop
# Poco2005
add chain=forward protocol=udp src-port=8094 action=drop comment="downP2P Poco2005"
add chain=forward protocol=tcp dst-port=2881 action=drop
add chain=forward protocol=tcp dst-port=5354 action=drop
add chain=forward dst-address=61.145.118.224/32 action=drop
add chain=forward dst-address=210.192.122.147/32 action=drop
add chain=forward dst-address=207.46.196.108/32 action=drop
# 卡盟
add chain=forward protocol=tcp dst-port=3751 action=drop comment="downP2P KAMUN"
add chain=forward protocol=tcp dst-port=3753 action=drop
add chain=forward protocol=tcp dst-port=4772 action=drop
add chain=forward protocol=tcp dst-port=4774 action=drop
add chain=forward dst-address=211.155.224.67/32 action=drop
# 维宇RealLink
add chain=forward dst-address=211.91.135.114/32 action=drop comment="downP2P RealLink"
add chain=forward dst-address=221.233.18.180/32 action=drop
add chain=forward dst-address=61.145.119.55/32 action=drop
add chain=forward dst-address=221.3.132.99/32 action=drop
# 百宝
add chain=forward protocol=tcp dst-port=3468 action=drop comment="downP2P 100bao"
add chain=forward dst-address=219.136.251.56/32 action=drop
add chain=forward dst-address=61.149.124.173/32 action=drop
# 百花PP
add chain=forward protocol=tcp dst-port=5093 action=drop comment="downP2P BaiHua"
add chain=forward dst-address=221.229.241.243/32 action=drop
# 快递通
add chain=forward dst-address=202.96.137.56/32 action=drop comment="downP2P KDT"
# 酷乐
add chain=forward protocol=tcp dst-port=6800-6801 action=drop comment="downMP3 Kuro"
add chain=forward protocol=tcp dst-port=7003 action=drop
add chain=forward dst-address=218.244.45.67/32 action=drop
add chain=forward dst-address=220.169.192.145/32 action=drop
# 百度下吧
add chain=forward protocol=tcp dst-port=11000 action=drop comment="downP2P BaiDuXiaBa" disabled=yes
add chain=forward dst-address=202.108.249.171/32 action=drop
# 百兆P2P
add chain=forward protocol=tcp dst-port=9000 action=drop comment="downP2P baizhaoP2P"
add chain=forward dst-address=221.233.19.30/32 action=drop
# 石头(OPENEXT)
add chain=forward protocol=tcp dst-port=5467 action=drop comment="downP2P OPENEXT"
add chain=forward protocol=tcp dst-port=2500 action=drop
add chain=forward protocol=tcp dst-port=4173 action=drop
add chain=forward protocol=tcp dst-port=10002 action=drop
add chain=forward protocol=tcp dst-port=10003 action=drop
add chain=forward dst-address=66.197.13.166/32 action=drop
add chain=forward dst-address=210.22.12.245/32 action=drop
add chain=forward dst-address=69.93.222.56/32 action=drop
# iLink 1.1
add chain=forward protocol=tcp dst-port=5000 action=drop comment="downP2P iLink"
# DDS
add chain=forward protocol=tcp dst-port=11608 action=drop comment="downP2P DDS"
add chain=forward dst-address=210.51.168.13/32 action=drop
add chain=forward dst-address=211.157.105.252/32 action=drop
add chain=forward dst-address=212.179.66.17/32 action=drop
# iMesh 5
add chain=forward protocol=tcp dst-port=4662 action=drop comment="downP2P iMesh 5"
add chain=forward dst-address=212.179.66.17/32 action=drop
add chain=forward dst-address=212.179.66.24/32 action=drop
add chain=forward dst-address=38.117.175.23/32 action=drop
# winmx
add chain=forward protocol=tcp dst-port=5690 action=drop comment="downP2P winmx"
add chain=forward dst-address=64.246.15.43/32 action=drop
# 网酷
add chain=forward protocol=tcp dst-port=2122 action=drop comment="downP2P netcool"
add chain=forward dst-address=211.152.22.9/32 action=drop
add chain=forward dst-address=211.152.22.101/32 action=drop
add chain=forward dst-address=221.192.132.29/32 action=drop
# PPlive网络电视
add chain=forward protocol=tcp dst-port=8008 action=drop comment="P2PTV PPlive"
add chain=forward protocol=udp dst-port=4004 action=drop
# QQ直播
add chain=forward protocol=udp dst-port=13002-13999 action=drop comment="P2PTV QQ" disabled=yes
ROS防火墙的一点心得:
input - 进入路由,并且需要对其处理
forward - 路由转发
output - 经过路由处理,并且从接口出去的包
action:
1 accept: 接受
add-dst-to-address-list - 把一个目标IP地址加入address-list
add-src-to-address-list - 把一个源IP地址加入address-list
2 drop - 丢弃
3 jump - 跳转,可以跳转到一个规则主题里面,如input forward,也可以跳转到某一条里面
4 log - 日志记录
5 passthrough - 忽略此条规则
6 reject - 丢弃这个包,并且发送一个ICMP回应消息
7 return - 把控制返回给jump的所在
8 tarpit - 捕获和扣留 进来的TCP连接 (用SYN/ACK回应进来的TCP SYN 包)
ROS其他参数:
使用:
WinBox-System-Scripts-+
Name(脚本名程)
Source(脚本)
OK-选择要运行的脚本-Run Script
集体绑定ARP
:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add copy-from=$i}
集体帮定ARP,这样方便了很多,但是值得注意的是,用这命令绑定之后,要把外网的ARP解除了,要不然会出奇怪问题,反正我是遇见了!
限速脚本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}
说明:
aaa是变量
2 to 254是2~254
192.168.0. . $aaa是IP
上两句加起来是192.168.0.2~192.168.0.254
max-limit=2000000/2000000是上行/下行
删除所有连接
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
disable防火墙规则
:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i]
定时重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no
改变默认网关
/ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx
定时重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no
/sy reset 恢复路由原始状态
/sy reboot 重启路由
/sy showdown 关机
/sy ide set name=机器名 设置机器名
/export 查看配置
/ip export 查看IP配置
/sy backup 回车 save name=你要设置文件名 LOAD NAME=你要设置文件名 备份路由
/inte***ce print 查看网卡状态
0 X ether1 ether 1500 这个是网卡没有开启
0 R ether1 ether 1500 这个是正常状态
/int en 0 激活0网卡
/int di 0 激活0网卡
/ip fir con print 查看当前所有网络边接
/ip service set www port=81 改变www服务端口为81
/ip hotspot user add name=user1 password=1 增加用户
ROUTERos改本机网卡MAC的方法:
interface ethernet> set (网卡名) mac-address=(你想要的MAC)
机房经常提出这种要求,这节课要求上网,下节课就要求断网。以前就是拨网线,后来用了这个就不用了。并且可以上网时,也能控制学生上联众或者QQ。课后机房开放时即要能上网,还要能上QQ,把这些策略禁止掉就行了。
并且WINBOX操作比较简便,教会管理员,我不需要管了。
自由控制机房上网、QQ、联众:
/ ip firewall rule forward
这里是控制各个机房的上网策略,可以上时设为无效,禁止上时设为有效。
1机房
add src-address=192.168.3.0/26 dst-address=!192.168.0.0/16 action=drop \
comment="1机房" disabled=yes
2机房
add src-address=192.168.3.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="2机房" disabled=no
3机房
add src-address=192.168.3.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="3机房" disabled=yes
4机房
add src-address=192.168.3.192/26 dst-address=!192.168.0.0/16 action=drop \
comment="4机房" disabled=no
5机房
add src-address=192.168.0.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="5机房" disabled=no
add src-address=192.168.0.192/29 dst-address=!192.168.0.0/16 action=drop \
comment="" disabled=no
6机房
add src-address=192.168.0.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="6机房" disabled=no
这里是控制各个机房的联众 QQ
2机房
add src-address=192.168.3.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="2机房禁止联众 禁止QQ聊天" disabled=no
add src-address=192.168.3.64/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.3.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
机房
add src-address=192.168.3.128/26 dst-address=:8000 protocol=udp action=drop \
comment="3机房禁止QQ聊天 禁止联众" disabled=yes
add src-address=192.168.3.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=yes
4机房
add src-address=192.168.3.192/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="4机房禁止联众,QQ聊天" disabled=no
add src-address=192.168.3.192/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.192/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
5机房
add src-address=192.168.0.128/26 dst-address=:8000 protocol=udp action=drop \
comment="5机房禁止QQ聊天 禁止联众" disabled=no
add src-address=192.168.0.192/29 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
6机房
add src-address=192.168.0.64/26 dst-address=:8000 protocol=udp action=drop \
comment="6机房禁止QQ聊天 禁止联众" disabled=no
add src-address=192.168.0.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
ROS限线程脚本+限速脚本:
限线程脚本:
:for aaa from 2 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $aaa) protocol=tcp connection-limit=50,32 action=drop}
限速脚本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}
说明:
aaa是变量
2 to 254是2~254
192.168.0. . $aaa是IP
上两句加起来是192.168.0.2~192.168.0.254
connection-limit=50是线程数这里为50
max-limit=2000000/2000000是上行/下行
使用:
WinBox-System-Scripts-+
Name(脚本名程)
Source(脚本)
OK-选择要运行的脚本-Run Script
查看:
限线程:WinBox-IP-Firewall-Filter Rules(看是否已经填加进来)
限速:WinBox-Queues-Simple Queues(看是否已经填加进来)
斩断扫描你的ROS 的黑手:
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
在Winbox下对RouterOS整体限速.:
以限制下载速度640K上行速度320K为例
IP→Firewall→Mangle→添加一个Action项中Action=accept Flow Mark=all
以限制下载速度640K,上行速度320K为例:
Queues→Queue Types→添加一个General项中Name=Netbardown Kind=pcq,Settings项中Rate:655360
Classifier中勾上Src.两项;
Queues→Queue Types→添加一个General项中Name=Netbarup Kind=pcq,Settings项中Rate:327680
Classifier中勾上Dst.两项;
Queues→Queue Tree→添加一个General项中Name=Netbardown Parent=lan Flow=all Queue Type=Netbardown //lan为本地网卡
Queues→Queue Tree→添加一个General项中Name=Netbarup Parent=wan Flow=all Queue Type=Netbarup //wan为外网网卡
想不限速时可以直接把之前添加的这条关掉:
IP→Firewall→Mangle→添加一个Action项中Action=accept Flow Mark=all
别告诉我你不会关...
网吧一般都打两条线以上,电信会在晚上断掉你一条线,然后会影响到网吧的网络连接,所以做此脚本,让ROS定时开关一条线路,利用的是网关。其中的192.168.2.1和192.168.3.1分别代表两个网关。192.168.2.1被电信限制的光纤的网关,192.168.3.1为24小时可用的光纤的网关。
/ system script
add name="allon" source="/ip route set\[/ip route find dst 0.0.0.0\] gateway \
192.168.2.1,192.168.3.1" policy=ftp,reboot,read,write,policy,test
add name="2moff" source="/ip route set\[/ip route find dst 0.0.0.0\] \
gateway 192.168.3.1" policy=ftp,reboot,read,write,policy,test
/ system scheduler
add name="allok" on-event=allon start-date=mar/24/2006 start-time=08:30:00 \
interval=1d comment="" disabled=no
add name="8mok" on-event=2moff start-date=mar/24/2006 start-time=23:40:00 \
interval=1d comment="" disabled=no
接着来 真累没人顶以后不发了
ROS映射和回流脚本:
# jun/18/2006 18:43:44 by RouterOS 2.9.6
# to-ports 是映射端口 0-65535 指完全映射 如果只想映射 WWW(网站)端口改为 80 即可
# 只想映射 FTP 端口 则 to-ports=21 即可~``还有不明白的可以加我 QQ 33679934 ~``
/ ip firewall nat
add chain=dstnat dst-address=外网地址 action=dst-nat \
to-addresses=内部服务器地址 to-ports=0-65535 comment="映射" disabled=no
add chain=srcnat src-address=内部服务器地址 action=src-nat \
to-addresses=外网地址 to-ports=0-65535 comment="回流" disabled=no
使用export命令导出,使用import命令导入。
如:导出全部配置命令为:/export file=xxx
导入配置命令:/import file=xxx
导出防火墙配置的命令:/ip firewall export file=xxx
备份设置:files-->backup 再用ftp client download备份文件
恢复设置:ftp client upload 备份文件;files --> restore
1。备份和恢复设置
绝对是好东东!你想想辛辛苦苦设置好的防火墙规则,网卡设置,各个路由,端口映射万一弄错了或重新安装时,是不是都要重新自已设置?这个巨麻烦!!!但ROUETOS却为你考虑得很周到,可以手工备份你的设置文件,需要时只要一个命令即可恢复!
大家可以用WINBOX登陆,注意用ADMIN帐号,在左边是不是有个FILES?点开,再点对话框上面的BACKUP,这样就把当前的设置保存一个文件里面了,再用IE登陆你的路由,用网管帐号:密码@路由ip:端口,登陆到你的路由后就会到你保存的文件了!用IE直接下载吧!/" target=_blank>ftp://网管帐号:密码@路由IP:端口,登陆到你的路由后就会到你保存的文件了!用IE直接下载吧!
当你重新安装时,只要把内网弄通,用IE再登陆你的路由,把这个设置文件传上去,在WINBOX左边下面有个TE开头的英文,这是终端模拟,点开后就像在路由上操作一样,用以下命令恢复你以前的设置:
system回车
backup回车
load name=你保存的设置文件名 回车
提示重启就一下子恢复到你以前设置了!!
是不是方便实用啊?
大家可能会说用WINBOX备份不爽,那我们也可以用终端备份呀!
在WINBOX左边下面有个TE开头的英文,这是终端模拟,点开后就像在路由上操作一样,用以下命令备份你以前的设置:
system回车
backup回车
save name=你保存的设置文件名 回车
建议文件名用日期表示可以很直观。这样就按你的文件名保存了。
用LOAD NAME命令就是恢复了。。。]
2.恢复路由本身默认值。
如果设错了规则或者地址,造成win不能进入管理界面,可以这样复原:
使用 admin 登陆
system 回车
reset 选择 y
将删除所有改动,恢复新装的状态
这个是恢复到出厂设置,很适合刚开始设置ROUTEOS时用用!
自动扫描加入ip-arp脚本:
:foreach i in [/ip arp find dynamic yes ] do={/ip arp add copy-from $i}
在/system script里添加脚本
name=你要监控的ip
内容如下
:set i 0
:while ($i=0) do={:beep length=2s frequency=2755;:delay 5;:set a abc;\
:foreach i in=[/tool netwatch find host=你要监控的ip] \
do={:set a [/tool netwatch get $i status]};:put $a;:if($a=up) do={:set i 1}}
然后再在/tool netwatch里添加监控
host=你要监控的ip
在down里填写
/system script run 你要监控的ip
:set shendown1 [/system clock get date]
:set shendown2 [/system clock get time]
:set shendown ("你要监控的ip down " . $shendown1 . " " . $shendown2)
:log warning $shendown
ROS小包策略:
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="" disabled=no
add chain=forwar* *2*=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no
add chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=general passthrough=yes comment="" disabled=no
add chain=forward packet-style='font-size:16px'2-512 action=mark-packet new-packet-mark=small passthrough=yes comment="" disabled=no
add chain=forward packet-style='font-size:24px'12-1200 action=mark-packet new-packet-mark=big passthrough=yes comment="" disabled=no
/ queue tree
add name="p2p1" parent=wan packet-mark=p2p limit-at=600000 queue=default priority=8 max-limit=800000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="p2p2" parent=lan packet-mark=p2p limit-at=800000 queue=default priority=8 max-limit=600000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassA" parent=lan packet-mark="" limit-at=0 queue=default priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf2" parent=ClassB packet-mark=small limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Leaf3" parent=ClassB packet-mark=big limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
ROS封杀常用P2P策略脚本:
/ ip firewall filter
add chain=input protocol=udp dst-port=137-138 action=drop comment="drop udp137-138"
# 讯雷
add chain=forward protocol=tcp dst-port=3076-3079 action=drop comment="downTools Xunlei" disabled=yes
add chain=forward dst-address=202.96.155.91/32 action=drop
add chain=forward dst-address=210.22.12.53/32 action=drop
add chain=forward dst-address=61.128.198.97/32 action=drop
# 电骡
add chain=forward protocol=tcp dst-port=4661 action=drop comment="downP2P VeryCD"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
# 屁屁狗(PPGOU)
add chain=forward protocol=tcp dst-port=8505 action=drop comment="downTools PPGOU"
add chain=forward dst-address=219.153.0.152/32 action=drop
add chain=forward dst-address=61.145.116.186/32 action=drop
# KUGO酷狗
add chain=forward protocol=tcp dst-port=3318 action=drop comment="downMP3 KUGO" disabled=yes
add chain=forward protocol=tcp dst-port=1043 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=4224 action=drop disabled=yes
add chain=forward protocol=tcp dst-port=2371 action=drop disabled=yes
add chain=forward protocol=udp dst-port=7000 action=drop disabled=yes
add chain=forward dst-address=218.16.125.227/32 action=drop disabled=yes
add chain=forward dst-address=61.143.210.56/32 action=drop disabled=yes
add chain=forward dst-address=218.16.125.226/32 action=drop disabled=yes
add chain=forward dst-address=61.129.115.206/32 action=drop disabled=yes
add chain=forward dst-address=61.145.114.33/32 action=drop disabled=yes
# RF online
add chain=forward dst-address=218.30.85.16/32 dst-port=8888 action=accept comment="RF online"
add chain=forward dst-address=59.34.215.133/32 dst-port=8888 action=accept
add chain=forward dst-address=60.28.26.66/32 dst-port=8888 action=accept
# 比特精灵
add chain=forward protocol=tcp dst-port=16881 action=drop comment="downP2P BitSpirit"
add chain=forward protocol=tcp dst-port=6881-6890 action=drop
add chain=forward protocol=tcp dst-port=8881-8890 action=drop
add chain=forward protocol=udp dst-port=16881 action=drop
add chain=forward protocol=udp dst-port=6881-6890 action=drop
add chain=forward protocol=udp dst-port=8881-8890 action=drop
# 宝酷
add chain=forward protocol=tcp dst-port=6346 action=drop comment="downP2P BaoCue"
add chain=forward protocol=tcp dst-port=11300 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
add chain=forward dst-address=218.1.14.3/32 action=drop
add chain=forward dst-address=218.1.14.4/32 action=drop
add chain=forward dst-address=218.1.14.9/32 action=drop
add chain=forward dst-address=61.172.197.209/32 action=drop
add chain=forward dst-address=61.172.197.197/32 action=drop
add chain=forward dst-address=218.1.14.5/32 action=drop
add chain=forward dst-address=218.5.72.118/32 action=drop
add chain=forward dst-address=61.172.197.196/32 action=drop
# 百事通下载工具
add chain=forward dst-address=61.145.126.150/32 action=drop comment="downP2P Bai****ong"
# 百度MP3下载
add chain=forward dst-address=202.108.156.206/32 action=drop comment="downMP3 BaiDuMP3" disabled=yes
# PTC下载工具
add chain=forward protocol=tcp dst-port=50007 action=drop comment="downP2P PTCdown"
# eDonkey2000下载工具
add chain=forward protocol=tcp dst-port=4371 action=drop comment="downP2P eDonkey2000"
add chain=forward protocol=tcp dst-port=4662 action=drop
add chain=forward dst-address=62.241.53.15/32 action=drop
add chain=forward dst-address=62.241.53.17/32 action=drop
# Poco2005
add chain=forward protocol=udp src-port=8094 action=drop comment="downP2P Poco2005"
add chain=forward protocol=tcp dst-port=2881 action=drop
add chain=forward protocol=tcp dst-port=5354 action=drop
add chain=forward dst-address=61.145.118.224/32 action=drop
add chain=forward dst-address=210.192.122.147/32 action=drop
add chain=forward dst-address=207.46.196.108/32 action=drop
# 卡盟
add chain=forward protocol=tcp dst-port=3751 action=drop comment="downP2P KAMUN"
add chain=forward protocol=tcp dst-port=3753 action=drop
add chain=forward protocol=tcp dst-port=4772 action=drop
add chain=forward protocol=tcp dst-port=4774 action=drop
add chain=forward dst-address=211.155.224.67/32 action=drop
# 维宇RealLink
add chain=forward dst-address=211.91.135.114/32 action=drop comment="downP2P RealLink"
add chain=forward dst-address=221.233.18.180/32 action=drop
add chain=forward dst-address=61.145.119.55/32 action=drop
add chain=forward dst-address=221.3.132.99/32 action=drop
# 百宝
add chain=forward protocol=tcp dst-port=3468 action=drop comment="downP2P 100bao"
add chain=forward dst-address=219.136.251.56/32 action=drop
add chain=forward dst-address=61.149.124.173/32 action=drop
# 百花PP
add chain=forward protocol=tcp dst-port=5093 action=drop comment="downP2P BaiHua"
add chain=forward dst-address=221.229.241.243/32 action=drop
# 快递通
add chain=forward dst-address=202.96.137.56/32 action=drop comment="downP2P KDT"
# 酷乐
add chain=forward protocol=tcp dst-port=6800-6801 action=drop comment="downMP3 Kuro"
add chain=forward protocol=tcp dst-port=7003 action=drop
add chain=forward dst-address=218.244.45.67/32 action=drop
add chain=forward dst-address=220.169.192.145/32 action=drop
# 百度下吧
add chain=forward protocol=tcp dst-port=11000 action=drop comment="downP2P BaiDuXiaBa" disabled=yes
add chain=forward dst-address=202.108.249.171/32 action=drop
# 百兆P2P
add chain=forward protocol=tcp dst-port=9000 action=drop comment="downP2P baizhaoP2P"
add chain=forward dst-address=221.233.19.30/32 action=drop
# 石头(OPENEXT)
add chain=forward protocol=tcp dst-port=5467 action=drop comment="downP2P OPENEXT"
add chain=forward protocol=tcp dst-port=2500 action=drop
add chain=forward protocol=tcp dst-port=4173 action=drop
add chain=forward protocol=tcp dst-port=10002 action=drop
add chain=forward protocol=tcp dst-port=10003 action=drop
add chain=forward dst-address=66.197.13.166/32 action=drop
add chain=forward dst-address=210.22.12.245/32 action=drop
add chain=forward dst-address=69.93.222.56/32 action=drop
# iLink 1.1
add chain=forward protocol=tcp dst-port=5000 action=drop comment="downP2P iLink"
# DDS
add chain=forward protocol=tcp dst-port=11608 action=drop comment="downP2P DDS"
add chain=forward dst-address=210.51.168.13/32 action=drop
add chain=forward dst-address=211.157.105.252/32 action=drop
add chain=forward dst-address=212.179.66.17/32 action=drop
# iMesh 5
add chain=forward protocol=tcp dst-port=4662 action=drop comment="downP2P iMesh 5"
add chain=forward dst-address=212.179.66.17/32 action=drop
add chain=forward dst-address=212.179.66.24/32 action=drop
add chain=forward dst-address=38.117.175.23/32 action=drop
# winmx
add chain=forward protocol=tcp dst-port=5690 action=drop comment="downP2P winmx"
add chain=forward dst-address=64.246.15.43/32 action=drop
# 网酷
add chain=forward protocol=tcp dst-port=2122 action=drop comment="downP2P netcool"
add chain=forward dst-address=211.152.22.9/32 action=drop
add chain=forward dst-address=211.152.22.101/32 action=drop
add chain=forward dst-address=221.192.132.29/32 action=drop
# PPlive网络电视
add chain=forward protocol=tcp dst-port=8008 action=drop comment="P2PTV PPlive"
add chain=forward protocol=udp dst-port=4004 action=drop
# QQ直播
add chain=forward protocol=udp dst-port=13002-13999 action=drop comment="P2PTV QQ" disabled=yes
ROS防火墙的一点心得:
input - 进入路由,并且需要对其处理
forward - 路由转发
output - 经过路由处理,并且从接口出去的包
action:
1 accept: 接受
add-dst-to-address-list - 把一个目标IP地址加入address-list
add-src-to-address-list - 把一个源IP地址加入address-list
2 drop - 丢弃
3 jump - 跳转,可以跳转到一个规则主题里面,如input forward,也可以跳转到某一条里面
4 log - 日志记录
5 passthrough - 忽略此条规则
6 reject - 丢弃这个包,并且发送一个ICMP回应消息
7 return - 把控制返回给jump的所在
8 tarpit - 捕获和扣留 进来的TCP连接 (用SYN/ACK回应进来的TCP SYN 包)
ROS其他参数:
使用:
WinBox-System-Scripts-+
Name(脚本名程)
Source(脚本)
OK-选择要运行的脚本-Run Script
集体绑定ARP
:foreach i in=[/ip arp find dynamic=yes ] do={/ip arp add copy-from=$i}
集体帮定ARP,这样方便了很多,但是值得注意的是,用这命令绑定之后,要把外网的ARP解除了,要不然会出奇怪问题,反正我是遇见了!
限速脚本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}
说明:
aaa是变量
2 to 254是2~254
192.168.0. . $aaa是IP
上两句加起来是192.168.0.2~192.168.0.254
max-limit=2000000/2000000是上行/下行
删除所有连接
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
disable防火墙规则
:foreach i in=[/ip firewall filter find action=drop ] do=[/ip firewall filter disable $i]
定时重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no
改变默认网关
/ip route set [/ip route find dst-address=0.0.0.0/0] gateway=xxx.xxx.xxx.xxx
定时重起
/system scheduler add name=reboot interval=24h start-time=11:59:00 on-event={/system reboot} disabled=no
/sy reset 恢复路由原始状态
/sy reboot 重启路由
/sy showdown 关机
/sy ide set name=机器名 设置机器名
/export 查看配置
/ip export 查看IP配置
/sy backup 回车 save name=你要设置文件名 LOAD NAME=你要设置文件名 备份路由
/inte***ce print 查看网卡状态
0 X ether1 ether 1500 这个是网卡没有开启
0 R ether1 ether 1500 这个是正常状态
/int en 0 激活0网卡
/int di 0 激活0网卡
/ip fir con print 查看当前所有网络边接
/ip service set www port=81 改变www服务端口为81
/ip hotspot user add name=user1 password=1 增加用户
ROUTERos改本机网卡MAC的方法:
interface ethernet> set (网卡名) mac-address=(你想要的MAC)
机房经常提出这种要求,这节课要求上网,下节课就要求断网。以前就是拨网线,后来用了这个就不用了。并且可以上网时,也能控制学生上联众或者QQ。课后机房开放时即要能上网,还要能上QQ,把这些策略禁止掉就行了。
并且WINBOX操作比较简便,教会管理员,我不需要管了。
自由控制机房上网、QQ、联众:
/ ip firewall rule forward
这里是控制各个机房的上网策略,可以上时设为无效,禁止上时设为有效。
1机房
add src-address=192.168.3.0/26 dst-address=!192.168.0.0/16 action=drop \
comment="1机房" disabled=yes
2机房
add src-address=192.168.3.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="2机房" disabled=no
3机房
add src-address=192.168.3.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="3机房" disabled=yes
4机房
add src-address=192.168.3.192/26 dst-address=!192.168.0.0/16 action=drop \
comment="4机房" disabled=no
5机房
add src-address=192.168.0.128/26 dst-address=!192.168.0.0/16 action=drop \
comment="5机房" disabled=no
add src-address=192.168.0.192/29 dst-address=!192.168.0.0/16 action=drop \
comment="" disabled=no
6机房
add src-address=192.168.0.64/26 dst-address=!192.168.0.0/16 action=drop \
comment="6机房" disabled=no
这里是控制各个机房的联众 QQ
2机房
add src-address=192.168.3.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="2机房禁止联众 禁止QQ聊天" disabled=no
add src-address=192.168.3.64/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.3.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
机房
add src-address=192.168.3.128/26 dst-address=:8000 protocol=udp action=drop \
comment="3机房禁止QQ聊天 禁止联众" disabled=yes
add src-address=192.168.3.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=yes
4机房
add src-address=192.168.3.192/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="4机房禁止联众,QQ聊天" disabled=no
add src-address=192.168.3.192/26 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.3.192/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
5机房
add src-address=192.168.0.128/26 dst-address=:8000 protocol=udp action=drop \
comment="5机房禁止QQ聊天 禁止联众" disabled=no
add src-address=192.168.0.192/29 dst-address=:8000 protocol=udp action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.128/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
add src-address=192.168.0.192/29 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
6机房
add src-address=192.168.0.64/26 dst-address=:8000 protocol=udp action=drop \
comment="6机房禁止QQ聊天 禁止联众" disabled=no
add src-address=192.168.0.64/26 dst-address=219.133.0.0/16 action=drop \
comment="" disabled=no
add src-address=192.168.0.64/26 dst-address=:1007-3400 protocol=tcp \
action=drop comment="" disabled=no
ROS限线程脚本+限速脚本:
限线程脚本:
:for aaa from 2 to 254 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $aaa) protocol=tcp connection-limit=50,32 action=drop}
限速脚本:
:for aaa from 2 to 254 do={/queue simple add name=(queue . $aaa) dst-address=(192.168.0. . $aaa) limit-at=0/0 max-limit=2000000/2000000}
说明:
aaa是变量
2 to 254是2~254
192.168.0. . $aaa是IP
上两句加起来是192.168.0.2~192.168.0.254
connection-limit=50是线程数这里为50
max-limit=2000000/2000000是上行/下行
使用:
WinBox-System-Scripts-+
Name(脚本名程)
Source(脚本)
OK-选择要运行的脚本-Run Script
查看:
限线程:WinBox-IP-Firewall-Filter Rules(看是否已经填加进来)
限速:WinBox-Queues-Simple Queues(看是否已经填加进来)
斩断扫描你的ROS 的黑手:
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
在Winbox下对RouterOS整体限速.:
以限制下载速度640K上行速度320K为例
IP→Firewall→Mangle→添加一个Action项中Action=accept Flow Mark=all
以限制下载速度640K,上行速度320K为例:
Queues→Queue Types→添加一个General项中Name=Netbardown Kind=pcq,Settings项中Rate:655360
Classifier中勾上Src.两项;
Queues→Queue Types→添加一个General项中Name=Netbarup Kind=pcq,Settings项中Rate:327680
Classifier中勾上Dst.两项;
Queues→Queue Tree→添加一个General项中Name=Netbardown Parent=lan Flow=all Queue Type=Netbardown //lan为本地网卡
Queues→Queue Tree→添加一个General项中Name=Netbarup Parent=wan Flow=all Queue Type=Netbarup //wan为外网网卡
想不限速时可以直接把之前添加的这条关掉:
IP→Firewall→Mangle→添加一个Action项中Action=accept Flow Mark=all
别告诉我你不会关...
网吧一般都打两条线以上,电信会在晚上断掉你一条线,然后会影响到网吧的网络连接,所以做此脚本,让ROS定时开关一条线路,利用的是网关。其中的192.168.2.1和192.168.3.1分别代表两个网关。192.168.2.1被电信限制的光纤的网关,192.168.3.1为24小时可用的光纤的网关。
/ system script
add name="allon" source="/ip route set\[/ip route find dst 0.0.0.0\] gateway \
192.168.2.1,192.168.3.1" policy=ftp,reboot,read,write,policy,test
add name="2moff" source="/ip route set\[/ip route find dst 0.0.0.0\] \
gateway 192.168.3.1" policy=ftp,reboot,read,write,policy,test
/ system scheduler
add name="allok" on-event=allon start-date=mar/24/2006 start-time=08:30:00 \
interval=1d comment="" disabled=no
add name="8mok" on-event=2moff start-date=mar/24/2006 start-time=23:40:00 \
interval=1d comment="" disabled=no
接着来 真累没人顶以后不发了
ROS映射和回流脚本:
# jun/18/2006 18:43:44 by RouterOS 2.9.6
# to-ports 是映射端口 0-65535 指完全映射 如果只想映射 WWW(网站)端口改为 80 即可
# 只想映射 FTP 端口 则 to-ports=21 即可~``还有不明白的可以加我 QQ 33679934 ~``
/ ip firewall nat
add chain=dstnat dst-address=外网地址 action=dst-nat \
to-addresses=内部服务器地址 to-ports=0-65535 comment="映射" disabled=no
add chain=srcnat src-address=内部服务器地址 action=src-nat \
to-addresses=外网地址 to-ports=0-65535 comment="回流" disabled=no
使用export命令导出,使用import命令导入。
如:导出全部配置命令为:/export file=xxx
导入配置命令:/import file=xxx
导出防火墙配置的命令:/ip firewall export file=xxx
备份设置:files-->backup 再用ftp client download备份文件
恢复设置:ftp client upload 备份文件;files --> restore
1。备份和恢复设置
绝对是好东东!你想想辛辛苦苦设置好的防火墙规则,网卡设置,各个路由,端口映射万一弄错了或重新安装时,是不是都要重新自已设置?这个巨麻烦!!!但ROUETOS却为你考虑得很周到,可以手工备份你的设置文件,需要时只要一个命令即可恢复!
大家可以用WINBOX登陆,注意用ADMIN帐号,在左边是不是有个FILES?点开,再点对话框上面的BACKUP,这样就把当前的设置保存一个文件里面了,再用IE登陆你的路由,用网管帐号:密码@路由ip:端口,登陆到你的路由后就会到你保存的文件了!用IE直接下载吧!/" target=_blank>ftp://网管帐号:密码@路由IP:端口,登陆到你的路由后就会到你保存的文件了!用IE直接下载吧!
当你重新安装时,只要把内网弄通,用IE再登陆你的路由,把这个设置文件传上去,在WINBOX左边下面有个TE开头的英文,这是终端模拟,点开后就像在路由上操作一样,用以下命令恢复你以前的设置:
system回车
backup回车
load name=你保存的设置文件名 回车
提示重启就一下子恢复到你以前设置了!!
是不是方便实用啊?
大家可能会说用WINBOX备份不爽,那我们也可以用终端备份呀!
在WINBOX左边下面有个TE开头的英文,这是终端模拟,点开后就像在路由上操作一样,用以下命令备份你以前的设置:
system回车
backup回车
save name=你保存的设置文件名 回车
建议文件名用日期表示可以很直观。这样就按你的文件名保存了。
用LOAD NAME命令就是恢复了。。。]
2.恢复路由本身默认值。
如果设错了规则或者地址,造成win不能进入管理界面,可以这样复原:
使用 admin 登陆
system 回车
reset 选择 y
将删除所有改动,恢复新装的状态
这个是恢复到出厂设置,很适合刚开始设置ROUTEOS时用用!
自动扫描加入ip-arp脚本:
:foreach i in [/ip arp find dynamic yes ] do={/ip arp add copy-from $i}
电话监控线路
求之软监控报警系统注册码
高手指教:主板监控程序报警。
什么是routeros
(金山毒霸)初始化脚本监控失败
什么叫“初始化脚本监控失败”?
火灾报警系统线路绝缘测试方式、测试值
智能监控系统、报警系统所需要的设备
之软监控报警系统(家庭版) 序列号。紧急……
如何在Diginet Site中设置监控移动报警
求摄像头监控软件软件。能自动报警
之软监控报警系统隐藏了怎么办?????
请问监控设备有自动报警功能的吗?
routerOS高手进
RouterOS 的下载地址
Mikrotik RouterOS是什么啊?
怎样禁止或者监控网页上脚本病毒?
为什么我的电脑总出现初始化脚本监控失败
卡巴司机的脚本监控有什么作用
在监控工程中,背景音乐部分没有广播消防报警主机和报警信号发生器,还能自动插播报警信号吗?
关于在家使用无线路有共享ADSL上网断线的问题
本所1#电源线路B相断线,本所有什么显示或动作
谁有没有之软监控报警系统(家庭版)的注册码?
有谁知道江西省内监控,防盗报警即将要开标的项目