PortChannel LACP CISCO3048TP

WI-131(config-if)# int e1/35
WI-131(config-if)# switchport
WI-131(config-if)# channel-group 1 mode active
WI-131(config-if)# int e1/36
WI-131(config-if)# switchport
WI-131(config-if)# channel-group 1 mode active
WI-131(config-if)# int port-channel 1
WI-131(config-if)# switchport
WI-131(config-if)# switchport mode trunk
WI-131(config-if)# switchport trunk allowed vlan 2011
WI-131(config-if)# no sh
WI-131(config-if)# sh port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
1     Po1(SU)     Eth      LACP      Eth1/35(P)   Eth1/36(P)

ether03 = e1/35

ether04 = e1/36

Continue

Lock IP Public PPPOE Indihome

:local IFACE
:set IFACE INDIHOME

:local WANIP [/ip address get [find where interface=$IFACE] address];
:set WANIP [:pick $WANIP 0 ([:len $WANIP]-3) ];

:if ($WANIP ~"^10[.]") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={

:if ($WANIP ~"^172.") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={
:if ($WANIP ~"^192.") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={
:log warning "Public IP - $WANIP - Found, OK ! No action required"
}
}
}
:delay 10
/ip cloud force-update

Continue

auto update gre mikrotik

:global currentIP
# ubah di sini
:global iface "PPPOE"
/in pppoe-client monitor $iface once do={:set currentIP $"local-address" }
:if ($currentIP in 10.0.0.0/8) do={
:log error "re-dial...";
/in pppoe-client disable $iface
:delay 2
/in pppoe-client enable $iface
}
# ubah di sini
:global ifacegre "gre-dewo"
:global p2p [/ip address get [find interface=$ifacegre] network  ]
:global target [/in gre get $ifacegre remote-address ]
# cek berdasarkan running interface gre
#:if ($statusgre != true) do={
#/in gre export file=$ifacegre
#:delay 1
# cek berdasarkan ping target
:if ([/ping $p2p count=2] = 0 ) do={
/in gre export file=$ifacegre
:delay 1
/in gre set $ifacegre local-address=$currentIP
:log error "$ifacegre error, kirim file"
/file set contents="/in gre set $ifacegre remote-address=$currentIP" [find name~"$ifacegre"]
:delay 2
/tool fetch mode=ftp upload=yes src-path="$ifacegre.rsc" dst-path="$ifacegre.rsc" user=ftp password=ftp port=21 address="$target"
}

Continue

set timezone centos

berikut ini cara update timezone pada centos7

[root@id ~]# date
Mon Apr 20 17:18:54 UTC 2020
[root@id ~]# timedatectl set-timezone 'Asia/Jakarta'
[root@id ~]# timedatectl
      Local time: Tue 2020-04-21 00:19:35 WIB
  Universal time: Mon 2020-04-20 17:19:35 UTC
        RTC time: n/a
       Time zone: Asia/Jakarta (WIB, +0700)
     NTP enabled: n/a
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
[root@id ~]# date
Tue Apr 21 00:19:36 WIB 2020
[root@id ~]# 

Continue

BIRD on DEBIAN

# wget -O - http://bird.network.cz/debian/apt.key | apt-key add -
# apt-get install lsb-release
# echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/bird.list
# apt-get update
kalo error lakukan seperti berikut
# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
# apt-get update
# apt-get install bird

Continue

Update Script Mikrotik

OK, kali ini saya akan share script mentah untuk update ip list yang nantinya bikin script lagi buat dijalanin di mikrotik.

#!/bin/bash
wget -O all.txt https://lists.blocklist.de/lists/all.txt
sleep 2
rm -rf blocked.rsc
touch blocked.rsc
DATE=$(date '+%d/%m/%Y %H:%M:%S')
LINE=$(wc -l all.txt | awk '{print $1}')
echo -e "# Generated at $DATE ... $LINE lines\n# Sumber: https://lists.blocklist.de/lists/all.txt\n# Silahkan bisa ditambahkan di router masing-masing\n# Supported by: https://yam.net.id\n\n# Add scheduler\n:if ([:len [/system scheduler find name=\"autoupdate\"]]=0) do={\n/system scheduler add name=autoupdate on-event=\"/tool fetch url=http://103.146.184.12/dump/blocked.rsc;:delay 1;/import blocked.rsc\" interval=\"2d 00:00:00\" start-time=04:00:00}\n\n# Start blocking now\n:if ([:len [/ip fi fi find comment=BLOCKED]]=0) do={\n/ip fi fi add chain=input src-address-list=BLOCKED protocol=udp dst-port=!80,443 action=drop comment=BLOCKED\n/ip fi fi add chain=input src-address-list=BLOCKED protocol=tcp dst-port=!80,443 action=reject reject-with=icmp-network-unreachable comment=BLOCKED\n/ip fi fi add chain=forward src-address-list=BLOCKED protocol=tcp dst-port=!80,443 action=reject reject-with=icmp-network-unreachable comment=BLOCKED\n/ip fi fi add chain=forward src-address-list=BLOCKED protocol=udp dst-port=!80,443 action=drop comment=BLOCKED}\n\n# Clearing address-list\n/ip firewall address-list\nadd list=BLOCKED address=1.2.3.4\nremove [find list=BLOCKED]\n# Kasih jeda\n:delay 2\n" > blocked.rsc
cat all.txt | grep "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]$" | awk '{print "/ip firewall address-list add list=BLOCKED address="$1 }' >> blocked.rsc

reference :

https://deadc0de.re/articles/unbound-blocking-ads.html

Download the list you're interested to block (for example ads+malwares+social networks)

$ wget https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts

Entries in the host file are in the form 0.0.0.0 <domain> and unbound needs something like this:

local-zone: "<domain>" redirect
local-data: "<domain> A 0.0.0.0"

Following awk command will transform the list into something that unbound understands:

$ cat hosts | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > ads.conf 

Finally copy the resulting file to pfsense (or to your DNS resolver running unbound).

Continue