# DNSB REMOVE MULAI

:log info "DNSB REMOVE START"

/ip dns set servers="8.8.8.8,8.8.4.4"

/system scheduler remove [find comment=dnsb]

/system scheduler remove [find comment=dnsbsch]

/system scheduler remove [find comment=dnsbproxy]

/system scheduler remove [find comment=dnsbdynip]

/ip route remove [find comment=dnsb]

/interface pptp-client remove [find comment=dnsb]

/interface l2tp-client remove [find comment=dnsb]

/interface sstp-client remove [find comment=dnsb]

/interface ovpn-client remove [find comment=dnsb]

/ppp profile remove [find comment=dnsb]

/ip firewall nat remove [find comment=dnsb]

/ip firewall mangle remove [find comment=dnsb]

/ip firewall filter remove [find comment=dnsb]

/ip firewall filter remove [find comment=ipfilter]

/ip firewall filter remove [find comment=vpnkiller]

/ip firewall filter remove [find comment=proxykiller]

/ip firewall filter remove [find comment=dnsbaccess]

/ip firewall filter remove [find comment=dnsbtmp]

/ip firewall filter remove [find comment=moviekiller]

/ip firewall address-list remove [find comment=dnsb]

/ip firewall address-list remove [find list=dnscrypt]

/ip firewall address-list remove [find comment=proxykiller]

/ip firewall address-list remove [find list=DNSB-bypass]

/ip firewall address-list remove [find list=private-ip]

/ip dns static remove [find comment=moviekiller]

/routing filter remove [find comment=dnsb]

/routing bgp peer remove [find comment=dnsb]

/routing bgp instance remove [find comment=dnsb]

/routing ospf network remove [find comment=dnsb]

/routing ospf area remove [find comment=dnsb]

/routing ospf instance remove [find comment=dnsb]

/ip dhcp-client set use-peer-dns=yes [find]

/interface pppoe-client set use-peer-dns=yes [find]

/tool netwatch remove [find comment=cekdns1]

/tool netwatch remove [find comment=cekdns2]

:log info "DNSB REMOVE FINISHED"

# DNSB REMOVE SELESAI

# DNSB SETUP MULAI

:log info "DNSB SETUP START"

:log info "DNSB Backup Configuration First ..."

:global date [/system clock get date]

:global time [/system clock get time]

:global tahun [:pick $date 7 11]

:global bulan [:pick $date 0 3]

:global hari [:pick $date 4 6]

:global jam [:pick $time 0 2]

:global menit [:pick $time 3 5]

:global detik [:pick $time 6 8]

/system backup save name="DNSB-$tahun-$bulan-$hari-$jam$menit$detik"

:log info "preparing DNSB installation ..."

/ip firewall filter remove [find comment=dnsbtmp]

/ip firewall filter add chain=forward action=accept disabled=yes comment=dnsbtmp

/ip firewall filter move [find comment=dnsbtmp] destination=0

/ip firewall filter move [find comment=dnsbtmp] destination=[find comment="place hotspot

rules here"]

/ip firewall filter move [find comment="place hotspot rules here"] destination=[find
comment=dnsbtmp]

/ip firewall nat remove [find comment=dnsbtmp]

/ip firewall nat add chain=unused action=passthrough comment=dnsbtmp disabled=yes

/ip firewall nat move [find comment=dnsbtmp] destination=0

/ip firewall nat move [find comment=dnsbtmp] destination=[find comment="place hotspot rules
here"]

/ip firewall nat move [find comment="place hotspot rules here"] destination=[find
comment=dnsbtmp]

/ip firewall address-list remove [find list=DNSB-bypass]

/ip firewall address-list remove [find list=private-ip]

/ip firewall address-list add list=DNSB-bypass address=2.3.4.5

/ip firewall address-list add list=private-ip address=10.0.0.0/8

/ip firewall address-list add list=private-ip address=172.16.0.0/12

/ip firewall address-list add list=private-ip address=192.168.0.0/16

:log info "DNSB Add PPTP/L2TP/SSTP/OVPN client ..."

/ip route remove [find comment=dnsb]

/interface pptp-client remove [find comment=dnsb]

/interface l2tp-client remove [find comment=dnsb]

/interface sstp-client remove [find comment=dnsb]

/interface ovpn-client remove [find comment=dnsb]

/ppp profile remove [find comment=dnsb]

/ppp profile add name=dnsb use-mpls=no use-compression=no use-encryption=no only-

one=default change-tcp-mss=yes comment=dnsb

/interface sstp-client add name=dnsb1 connect-to=112.109.20.98 user=151031085234168

password=123456 disabled=no profile=dnsb comment=dnsb

/interface sstp-client add name=dnsb2 connect-to=45.64.254.230 user=151031085234168

password=123456 disabled=no profile=dnsb comment=dnsb

:log info "DNSB Add Routes ..."

/ip route remove [find comment=dnsb]

/ip route add dst-address=172.18.0.0/16 gateway=dnsb1,dnsb2 comment=dnsb

/ip route add dst-address=202.57.23.64/27 gateway=dnsb1,dnsb2 comment=dnsb

:log info "DNSB Add Filter ..."

/ip firewall filter remove [find comment=dnsb]

/ip firewall filter add chain=forward dst-address=172.17.0.0/16 action=accept place-before=[find

comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=forward dst-address=172.18.0.0/16 action=accept place-before=[find

comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=forward dst-address=202.57.23.64/27 action=accept place-

before=[find comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=forward dst-address=112.109.20.98 action=accept place-

before=[find comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=forward dst-address=45.64.254.230 action=accept place-

before=[find comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=input protocol=udp port=53 src-address-list=private-ip action=accept

place-before=[find comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=input in-interface=dnsb1 action=accept place-before=[find

comment=dnsbtmp] comment=dnsb

/ip firewall filter add chain=input in-interface=dnsb2 action=accept place-before=[find

comment=dnsbtmp] comment=dnsb

:log info "DNSB Add NAT ..."

/ip firewall nat remove [find comment=dnsb]

/ip firewall nat add chain=dstnat protocol=udp dst-port=53 src-address-list=!DNSB-bypass

action=redirect to-ports=53 in-interface=all-ethernet comment=dnsb place-before=[find
comment=dnsbtmp]

/ip firewall nat add chain=dstnat protocol=udp dst-port=53 src-address-list=!DNSB-bypass

action=redirect to-ports=53 in-interface=all-wireless comment=dnsb place-before=[find
comment=dnsbtmp]
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 src-address-list=!DNSB-bypass
action=redirect to-ports=53 in-interface=all-vlan comment=dnsb place-before=[find
comment=dnsbtmp]

/ip firewall nat add chain=dstnat protocol=udp dst-port=53 src-address-list=!DNSB-bypass

action=redirect to-ports=53 in-interface=all-ppp comment=dnsb place-before=[find
comment=dnsbtmp]

:foreach i in=[interface bridge find] do={/ip firewall nat add chain=dstnat protocol=udp dst-
port=53 src-address-list=!DNSB-bypass action=redirect to-ports=53 in-interface=[/interface
bridge get $i value-name=name] comment=dnsb place-before=[find comment=dnsbtmp]}

/ip firewall nat add chain=srcnat out-interface=dnsb1 action=masquerade comment=dnsb place-

before=[find comment=dnsbtmp]

/ip firewall nat add chain=srcnat out-interface=dnsb2 action=masquerade comment=dnsb place-

before=[find comment=dnsbtmp]

:log info "DNSB Add Mangle ..."

/ip firewall mangle remove [find comment=dnsb]

/ip firewall mangle add chain=prerouting dst-address=172.17.0.0/16 action=accept

comment=dnsbtmp2

/ip firewall mangle move [find comment=dnsbtmp2] destination=0

/ip firewall mangle add chain=prerouting dst-address=172.17.0.0/16 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb

/ip firewall mangle add chain=prerouting dst-address=172.18.0.0/16 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb

/ip firewall mangle add chain=prerouting dst-address=202.57.23.64/27 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb

/ip firewall mangle add chain=prerouting dst-address=202.57.28.252 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb

/ip firewall mangle add chain=prerouting dst-address=112.109.20.98 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb

/ip firewall mangle add chain=prerouting dst-address=45.64.254.230 action=accept place-

before=[find comment=dnsbtmp2] comment=dnsb
/ip firewall mangle remove [find comment=dnsbtmp2]

:log info "DNSB Set NTP Client ..."

/system ntp client set enabled=yes primary-ntp=114.141.48.158 secondary-ntp=202.162.32.12

:log info "DNSB Add BGP Filtering ..."

/routing filter remove [find comment=dnsb]

/routing filter add chain=dnsb_deny_all prefix=0.0.0.0/0 prefix-length=0-32 action=discard

comment=dnsb

/routing filter add chain=dnsb_allow_in prefix=0.0.0.0/0 prefix-length=0-32 action=accept

comment=dnsb set-type=blackhole

/routing ospf network remove [find comment=dnsb]

/routing ospf area remove [find comment=dnsb]

/routing ospf instance remove [find comment=dnsb]

/routing bgp peer remove [find comment=dnsb]

/routing bgp instance remove [find comment=dnsb]

/routing bgp instance add name=dnsb comment=dnsb as=65432 router-id=172.17.1.68

/routing bgp peer add name=dnsb1 instance=dnsb remote-as=65432 remote-

address=172.17.101.2 out-filter=dnsb_deny_all in-filter=dnsb_allow_in comment=dnsb

/routing bgp peer add name=dnsb2 instance=dnsb remote-as=65432 remote-

address=172.17.101.10 out-filter=dnsb_deny_all in-filter=dnsb_allow_in comment=dnsb

/ip firewall address-list remove [find list=dnscrypt]

/ip firewall filter remove [find comment=ipfilter]

/ip firewall address-list add address=8.8.8.8 list=dnscrypt

/ip firewall address-list add address=8.8.4.4 list=dnscrypt

/ip firewall address-list add address=208.67.220.220 list=dnscrypt

/ip firewall address-list add address=208.67.222.222 list=dnscrypt

/ip firewall address-list add address=208.67.220.222 list=dnscrypt

/ip firewall address-list add address=208.67.222.220 list=dnscrypt

/ip firewall address-list add address=208.67.222.123 list=dnscrypt

/ip firewall address-list add address=208.67.220.123 list=dnscrypt

/ip firewall filter add chain=forward src-address-list=!DNSB-bypass proto=tcp dst-port=443 dst-

address-list=dnscrypt action=reject reject-with=tcp-reset comment=ipfilter place-before=[find
comment=dnsbtmp]

:log info "DNSB Remove Scheduler ..."

/system scheduler remove [find comment=dnsbsch]

:log info "DNSB Activation ..."

/ip dns set servers=172.17.101.2,172.17.101.10

/ip dns set allow-remote-requests=yes

/ip dns cache flush

/ip dhcp-client set use-peer-dns=no [find]

/interface pppoe-client set use-peer-dns=no [find]

:log info "DNSB Add External DNS Fail-Over ..."

/tool netwatch remove [find comment=cekdns1]

/tool netwatch remove [find comment=cekdns2]

/tool netwatch add comment=cekdns1 timeout=3s down-script="/tool netwatch enable [find

comment=cekdns2];" host=172.17.101.2 up-script="/ip dns set
servers=172.17.101.2,172.17.101.10; /tool netwatch disable [find comment=cekdns2]; /ip dhcp-
client set use-peer-dns=no [find];"
/tool netwatch add comment=cekdns2 timeout=3s down-script="/ip dns set
servers=8.8.8.8,8.8.4.4; /ip dhcp-client set use-peer-dns=yes [find];" host=172.17.101.10 up-
script="/ip dns set servers=172.17.101.2,172.17.101.10; /ip dhcp-client set use-peer-dns=no
[find];"

/ip firewall mangle move [find dynamic=yes] destination=0

:log info "DNSB SETUP FINISHED"

# DNSB SETUP SELESAI