Server Labs ( Build Your Server )

Friday, November 14, 2014

Copy Progress Bar Shell Script V2

#!/bin/bash
#
# SCRIPT:  ddcopy.sh
# PURPOSE: Copies files and shows the progress of copying.
#
#............................USAGE...........................
# This script copies only files not directories
# ddcopy <Source filename or Path>  <Destination filename or Path>
# ddcopy <Source filename or Path>  <Destination Directory or Path>


##################################################################
#                  Arguments Checking                            #
##################################################################

if [ $# -eq 0 ]           # Look for parameters supplied or not
then
    echo "$0: missing file operand"
    exit 1
fi

if [ $# -eq 1 ]           # Look for exactly one parameter
then
    echo  "$0 : missing destination file operand after '$1'"
    exit 1
fi

if [ $# -eq 2 ]
then
  Source="$1"
  Dest="$2"
  if [ ! -e "$1" ]           # Check source file exist or not
  then
      echo "$0: cannot stat '$1': No such file or directory"
      exit 1
  elif [ -d "$1" ]
  then
      echo "$0: Source file '$1' is a directory"
      exit 1
  fi

   egrep -q "^\/|\/$" <<<$2

   if [ $? -eq 0 -a ! -d $2 ]
   then
       echo "$0: cannot create regular file '$2' : Is a directory"
       exit 1
   fi

   if [ -d "$2" ]
   then
  filename=`basename "$1"`
  $(egrep -q "\/$" <<<$2) && Dest="$2$filename" || Dest="$2/$filename"
   fi

   if [ -e "$Dest" -a -f "$Dest" ]
   then
      echo -n "$0: $Dest already exist : overwrite '$Dest' (y/n)?  "
      read answer
      if [ "$answer" = "n" -o "$answer" = "N" ]
      then
          exit 1
      fi
   fi
fi

###################################################################
#               DEFINE VARIABLES HERE                             #
###################################################################

Seek=0               # skip BLOCKS bs-sized blocks at start of output
Skip=0               # skip BLOCKS bs-sized blocks at start of input
Bsize=128000         # block size
size=`stat -c %s "$Source"`

# Bellow 25MB files copied directly with copy command
# If you want progress bar for < 25MB files also, remove bellow
# if block

if [ $size -lt 25000000 ]
then
    cp "$Source" "$Dest"
    exit 0
fi

blocks=$((size/Bsize))      # total blocks of input file

lastblock=$((size%Bsize))   # last block,  which size  < $Bsize

# If last block size is > 0 then add 1 block to existing blocks.

if [ $lastblock -gt 0 ]
then
    let blocks++
fi

# I am dividing screen width 60 as 20 parts.Each part is filled
# with a colour after each iteration.

# Make blocks count dividable by 20.

addblocks=$((blocks%20))
if [ $addblocks -gt 0 ]
then
   adjustblocks=$((20-addblocks))
   blocks=$((blocks+adjustblocks))
fi

Count=$((blocks/20))

# Count variable contain number of blocks to be copied for
# each iteration

###################################################################
#            MAIN PROGRAM STARTS HERE                             #
###################################################################

printf "\e[40m\e[43m%60s\n\e[A" " "

for ((i=1;i<=20;i++))
do

  dd if="$Source" of="$Dest" bs=128kB seek=$Seek skip=$Skip \
  count=$Count 2>/dev/null

   Skip=$((Skip+$Count))
   Seek=$((Seek+$Count))
   j=$((j+3))                     # 60/20 each part is 3 chars length

   printf "\e[40m\e[7m%${j}s\n\e[A" " "
#  echo -e "\033[7m   \c"

done
printf "\e[0m\n"
#echo -e "\033[0m"

OUTPUT:
Screen Shot1:

Screen Shot2:

Screen Shot3:

How to format Flash/Pen Drive in Linux



Note: I have used my device name and number in examples, you have to change it
as your device name and number, otherwise  unwanted device data will be wiped
out.
Put your USB flash drive in one of your computer's free USB ports. After a few
seconds, Linux will automatically recognize it and an icon for it will appear on
your desktop. If pen drive doesn't mounted automatically, login as root and try
to mount it, still it is not mounted there may be a problem with pen drive or it
is defective.


Finding device: 
Very very first thing is you should to know what device you are working with.
For that you can use any one of the following methods.


Method 1:  Using  ls /dev/sd*  command
First make sure your usb drive is not plugged in. Then run:


[venu@ras ~]$ ls /dev/sd*
/dev/sda   /dev/sda10  /dev/sda12  /dev/sda2  /dev/sda6  /dev/sda8
/dev/sda1  /dev/sda11  /dev/sda13  /dev/sda5  /dev/sda7  /dev/sda9
Once you have done that, put in your pen drive and run the above command again.


[venu@ras ~]$ ls /dev/sd*
/dev/sda   /dev/sda10  /dev/sda12  /dev/sda2  /dev/sda6  /dev/sda8  /dev/sdb
/dev/sda1  /dev/sda11  /dev/sda13  /dev/sda5  /dev/sda7  /dev/sda9  /dev/sdb1
Whatever drive (ex sdb) was not there before is your pen drive. From the above
list my pen drive is sdb. Don't be confuse with /dev/sdb and /dev/sdb1,  sdb is
a drive and sdb1 is first partition in that drive.


Method 2:  Using df command

[venu@ras ~]$ df
Filesystem           1K-blocks      Used Available Use% Mounted on

/dev/sda10            29753556   8008860  20208884  29% /
/dev/sda12            19840892   1528664  17288088   9% /msfiles
/dev/sda11            21825108  16772836   3925716  82% /venu
tmpfs                  1032232         0   1032232   0% /dev/shm
/dev/sdb1              1947636         4   1947632   1% /media/VENU
As you can see above my pen drive (/dev/sdb1) is mounted at /media/VENU. If you
have any doubt about which one is your pen drive, do same thing as in method1.
Run df command before and after inserting  pen drive.


Method 3:   dmesg | tail

[venu@ras ~]$ dmesg | tail
sdb: assuming drive cache: write through
SCSI device sdb: 3903359 512-byte hdwr sectors (1999 MB)
sdb: Write Protect is off
sdb: Mode Sense: 0b 00 00 08
sdb: assuming drive cache: write through
 sdb: sdb1
sd 8:0:0:0: Attached scsi removable disk sdb
sd 8:0:0:0: Attached scsi generic sg1 type 0
usb-storage: device scan complete
SELinux: initialized (dev sdb1, type vfat), uses genfs_contexts

Method 4:   mount -l

[venu@ras ~]$ mount -l
/dev/sda10 on / type ext3 (rw) [/]
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda12 on /msfiles type ext3 (rw) [/msfiles1]
/dev/sda11 on /venu type ext3 (rw) [/venu1]
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/sdb1 on /media/VENU type vfat (rw,nosuid,nodev,shortname=winnt,uid=500)
[VENU]

Method 5:   fdisk -l 
fdisk command need root privileges. So login as root and run the command:


[root@ras ~]# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System

/dev/sda1   *           1        5099    40957686    7  HPFS/NTFS
/dev/sda2            5100       60800   447418282+   f  W95 Ext'd (LBA)
/dev/sda5            5100       10198    40957686    7  HPFS/NTFS
/dev/sda10          50994       54817    30716248+  83  Linux
/dev/sda11          54818       57622    22531131   83  Linux
/dev/sda12          57623       60172    20482843+  83  Linux
/dev/sda13          60173       60694     4192933+  82  Linux swap / Solaris

Disk /dev/sdb: 1998 MB, 1998519808 bytes
32 heads, 63 sectors/track, 1936 cylinders
Units = cylinders of 2016 * 512 = 1032192 bytes

   Device Boot      Start         End      Blocks   Id  System

/dev/sdb1               1        1936     1951456+   b  W95 FAT32
fdisk -l displays all detected drives even drive is unmounted.


Formatting pen drive:
First decide which file system you want. FAT32 is probably the file system you
want, but that's up to you. Ext3 may not be work on windows, It asks for fomatt-
ing.


1.Once you have Identified your pen drive, unmount it.

[root@ras ~]# umount /dev/sdb1

2.Format pen drive now.
Depending on distribution different commands are available for formatting, but
in general most used ones that I have seen are mkdosfs or mkfs.vfat for FAT32
and  mke2fs or mkfs.ext3 for Linux filesystems.


For Ms-Dos or Windows file system:
Use mkdosfs -n "Label" -I /dev/sdx, Replace Label with the name you want the
pen drive to have and /dev/sdx with your drive.


[root@ras ~]# mkdosfs -n "KVMREDDY" -I /dev/sdb1
mkdosfs 2.11 (12 Mar 2005)
or

[root@ras ~]# mkfs.vfat -n "KVMREDDY" -I /dev/sdb1
mkfs.vfat 2.11 (12 Mar 2005)
 (Note: I – capital letter of i )

 If you don't want any Label then no need to supply option n. switch I will
force mkdosfs to work properly but it  is not mandatory, you can remove that
also.


For Linux File system:
Use mkfs.ext3 -L "Label"  /dev/sdx for ext3 file system or mke2fs -L 'Label'
/dev/sdx for ex2, Replace Label with the name you want the pen drive to have
and /dev/sdx with your drive.

Ext3 file system:


[root@ras ~]# mkfs.ext3 -L "KVMREDDY" /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=KVMREDDY
OS type: Linux
.............................
[root@ras ~]# 
ext2 file system:  


[root@ras ~]# mke2fs -L 'VENU' /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=VENU
OS type: Linux
...........................
[root@ras ~]# 
After formatting you will be returned to the prompt then remove and insert the
pen drive to have mounted again.

How to Remove RPM GPG Public Key

Public keys can be erased after importing just like packages. Here's how to
remove the CentOS GPG public key:

rpm -e <GPG public key>


[root@localhost]# rpm -qa gpg-pubkey*
gpg-pubkey-e8562897-459f07a4
[root@localhost]# rpm -e gpg-pubkey-e8562897-459f07a4
[root@localhost]# rpm -qa gpg-pubkey*
[root@localhost]#

If there are duplicates exist:
For example, Import the same key two times


[root@localhost]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[root@localhost]# rpm -qa gpg-pubkey*
gpg-pubkey-e8562897-459f07a4
[root@localhost]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[root@localhost]# rpm -qa gpg-pubkey*
gpg-pubkey-e8562897-459f07a4
gpg-pubkey-e8562897-459f07a4
Now try to remove Public Key, You will get error message like this:


[root@localhost]# rpm -e gpg-pubkey-e8562897-459f07a4
error: "gpg-pubkey-e8562897-459f07a4" specifies multiple packages

How to solve this:
Use --allmatches switch along with -e, It removes all versions of the package
which match PACKAGE_NAME(Public Key ).


[root@localhost]# rpm -e --allmatches gpg-pubkey-e8562897-459f07a4
[root@localhost]# rpm -qa gpg-pubkey*
[root@localhost]#

Linear Search Shell Script


#!/bin/bash
# SCRIPT : linearsearch.sh
# USAGE  : linearsearch.sh
# PURPOSE: Searches given number in a list.
#                         \\\\ ////
#                         \\ - - //
#                            @ @
#                    ---oOOo-( )-oOOo---
# A variation of Here Document permits "commenting out" data block.
: <<DATABLOCK

 In computer science, linear search or sequential search is a method
for finding a particular value in a list, that consists in checking
every one of its elements, one at a time and in sequence, until the
desired one is found.

 This is a very straightforward loop comparing every element in the
array with the key. As soon as an equal value is found, it returns.
If the loop finishes without finding a match, the search failed and
-1 is returned.

 For small arrays, a linear search is a good solution because it's so
straightforward. In an array of a million elements, a linear search
will take,on average, 500,000 comparisons to find the key. For a much
faster search, take a look at binary search.

DATABLOCK

#####################################################################
#                      Define Functions Here                        #
#####################################################################

lsearch()
{
   status=-1

   for((i=0;i<count;i++))
   do
      Temp=$1

      if [ $Temp -eq ${ARRAY[i]} ]
       then

          status=0
          searches=$((i+1))
          return

#         return $((i+1))
# Bash function can return value between 0-255, That's why I assigned
# result to a global variable. This is one of the method to capture
# return value of a function.

      fi

   done
}

#####################################################################
#                       Variable Declaration                       #
#####################################################################

clear

echo "Enter Array Elements : "

read -a ARRAY

count=${#ARRAY[@]}

search=y

#####################################################################
#                       Main Script Starts Here                     #
#####################################################################

while [ "$search" == "y" -o "$search" == "Y" ]
do

     echo -n "Enter element to be searched : "
     read num
     lsearch $num

     if [ $status -eq 0 ]
     then
         echo "$num found after $searches searches"
     else
         echo "$num not found"
     fi

     echo -n "Do you want another search (y/n): "
     read search

done
OUTPUT:
$ sh linearsearch.sh
Enter Array Elements :
12 34 56 78 90 23 45 56 67 321 66 88 92
Enter element to be searched : 56
56 found after 3 searches
Do you want another search (y/n): y
Enter element to be searched : 321
321 found after 10 searches
Do you want another search (y/n): y
Enter element to be searched : 100
100 not found
Do you want another search (y/n): n

Menu Driven Shell Script - Using Dialog Utility

##############################################################################
#                           MAIN STRATS HERE                                 #
##############################################################################

trap 'deletetempfiles'  EXIT     # calls deletetempfiles function on exit

while :
do

# Dialog utility to display options list

    dialog --clear --backtitle "MENU DRIVEN PROGRAM" --title "MAIN MENU" \
    --menu "Use [UP/DOWN] key to move" 12 60 6 \
    "DATE_TIME" "TO DISPLAY DATE AND TIME" \
    "CALENDAR"  "TO DISPLAY CALENDAR" \
    "DELETE"    "TO DELETE FILES" \
    "USERS"     "TO LIST CURRENTLY LOGGED IN USERS" \
    "DISK"      "TO DISPLAY DISK STATISTICS" \
    "EXIT"      "TO EXIT" 2> menuchoices.$$

    retopt=$?
    choice=`cat menuchoices.$$`

    case $retopt in

           0) case $choice in

                  DATE_TIME)  show_time ;;
                  CALENDAR)   show_cal ;;
                  DELETE)     deletefile ;;
                  USERS)      currentusers ;;
                  DISK)       diskstats ;;
                  EXIT)       clear; exit 0;;

              esac ;;

          *)clear ; exit ;;
    esac

done

#############################################################################

 ########################## currentusers function ############################

currentusers()
{
   who > userslist.$$
   dialog --backtitle "MENU DRIVEN PROGRAM" \
   --title "CURRENTLY LOGGED IN USERS LIST" \
   --textbox userslist.$$ 12 60
}

##############################################################################

############################ diskstats function #############################

diskstats()
{
   df -h | grep "^/" > statsfile.$$
   dialog --backtitle "MENU DRIVEN PROGRAM" \
   --title "DISK STATISTICS" \
   --textbox statsfile.$$ 10 60
}

Drop All Databases in MySQL

The Following command drops all databases in the mysql dbms except mysql, information_schema,test and OLD db’s.

The command is pretty handy when one needs to drop all the databases in one go:


# mysql -uroot -p  -e "show databases" | grep -v Database | grep -v mysql| grep -v information_schema| grep -v test | grep -v OLD |gawk '{print "drop database " $1 ";select sleep(0.1);"}' | mysql -uroot -ppassword

What this does is

connect to a mysql dbms server and execute the command for showing all databases
Omit lines that match “Database” while printing.
Omit lines with mysql,infomation_schema and test.
use gawk to print out the words “drop database” followed by the daabase name (which is in $1) and then a semicolon. Call sleep command.
pipe all of above back to the mysql dbms to drop all those databases

Also,


mysql -uroot -pxxxxx  -e "show databases" | grep -v Database | grep -v mysql | grep -v information_schema| grep -v test | grep -v OLD | gawk '{print "drop database " $1";select sleep(0.1);"}' > droppeddatabases.sql

install SquidGuard Web Filter Plugin For Squid 3.x To Block Unwanted Sites

Step #1: Install squidguard

Open a terminal and type the following command as root on the server:
# apt-get install squidguard

Step #2: Install Blacklist

The blacklists are the heart of every URL filter. Squidgurd supports both free and commercial distributions of blacklists on the net or create and use your own (or any combination of them). List of free databases:

MESD blacklists (free).
Shalla's Blacklists (free for non commercial/private use).
Urlblacklist (commercial)

Use wget command to download blacklists from shallalist.de as follows:

# cd /tmp
 #  wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz

Sample outputs:

 
--2012-08-22 00:34:16--  http://www.shallalist.de/Downloads/shallalist.tar.gz
Resolving www.shallalist.de... 78.47.242.85
Connecting to www.shallalist.de|78.47.242.85|:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 9935263 (9.5M), 7448411 (7.1M) remaining [application/x-tar]
Saving to: `shallalist.tar.gz'
 
100%[++++++++++++++============================================>] 99,35,263    475K/s   in 16s
 
2012-08-22 00:34:33 (459 KB/s) - `shallalist.tar.gz' saved [9935263/9935263]

Untar tar ball, enter:
# tar -zxvf shallalist.tar.gz
Sample outputs:

BL/
BL/porn/
BL/porn/domains
BL/porn/urls
BL/gamble/
BL/gamble/domains
BL/gamble/urls
BL/chat/
BL/chat/domains
BL/chat/urls
BL/automobile/
....
..
BL/radiotv/domains
BL/radiotv/urls
BL/urlshortener/
BL/urlshortener/domains
BL/urlshortener/urls
BL/anonvpn/
BL/anonvpn/urls
BL/anonvpn/domains

In this example, install porn blacklist as follows using the cp command:
# cp -avr BL/porn/ /var/lib/squidguard/db/
Sample outputs:

`BL/porn/' -> `/var/lib/squidguard/db/porn'
`BL/porn/domains' -> `/var/lib/squidguard/db/porn/domains'
`BL/porn/urls' -> `/var/lib/squidguard/db/porn/urls'

Finally, create the database from text files as follows:

# cd /var/lib/squidguard/db/porn
 # squidGuard -b -C domains
 # squidGuard -b -C urls

Sample outputs:

Processing file and database /var/lib/squidguard/db/porn/domains
    [==================================================] 100 % done
Processing file and database /var/lib/squidguard/db/porn/urls
    [==================================================] 100 % done

Where,

-b : Show on progress bar when updating the blacklists.
-C fileName : Create new .db files from urls/domain files, which are specified in "fileName".

Set permissions so that squid can read the files using chown command:
# chown proxy:proxy -R /var/lib/squidguard/db/

Step #3: Configure Squid 3

I'm assuming that Squid 3 is installed and configured properly. Edit /etc/squid3/squid.conf, enter:
# vi /etc/squid3/squid.conf
You need to specify the location of the executable for the URL rewriter using url_rewrite_program as follows:

 
url_rewrite_program /usr/bin/squidGuard

Save and close the file.

Step #4: Configure SquidGuard

Finally edit /etc/squid/squidGuard.conf, enter:
# vi /etc/squid/squidGuard.conf
Add the following directives:

 
## Block adult/porn sites for school  ##
dest porn {
        domainlist      porn/domains
        urllist         porn/urls
}

Edit / update acl as follows:

 
acl {
        default {
                pass  !porn all
                redirect http://192.168.1.11/blocked.html?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
        }
}

Save and close the file. Create a blocked.html on 192.168.1.11 web server:

 
<html>
 <head>
  <title>URL Blocked</title>
 </head>
 <body>
  <h1>URL Blocked</h1>
  <p>Access to this site / url has been blocked.</p>
  <p>If you think this is an error, please contact the help-desk:</p>
  <p>Call us - 123-456-789 (ext. 333)</p>
  <p>Email us - proxymaster@server1.cyberciti.biz</p>
 </body>
</head>
</html>

Finally, reload the squid 2/3 proxy server:
# /usr/sbin/squid3 -k reconfigure
Verify that both squid and squidguard working properly, run:
# tail -f /var/log/squid3/cache.log
Sample outputs:

2012/08/22 01:23:40| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2012/08/22 01:23:40| Squid modules loaded: 0
2012/08/22 01:23:40| Adaptation support is off.
2012/08/22 01:23:40| Store logging disabled
2012/08/22 01:23:40| DNS Socket created at [::], FD 8
2012/08/22 01:23:40| DNS Socket created at 0.0.0.0, FD 9
2012/08/22 01:23:40| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2012/08/22 01:23:40| helperOpenServers: Starting 5/5 'squidGuard' processes
2012/08/22 01:23:40| Accepting  HTTP connections at [::]:3128, FD 30.
2012/08/22 01:23:40| HTCP Disabled.
2012/08/22 01:23:40| Loaded Icons.
2012/08/22 01:23:40| Ready to serve requests.

Step #5: Verify the configuration

Type the following command to verify that squidguard is working and blocking the urls:

 
echo "http://DOMAIN-NAME-HERE / - - GET" | squidGuard -d
echo "http://sex.com / - - GET" | squidGuard -d

Sample outputs:

2012-08-22 01:26:05 [3365] New setting: dbhome: /var/lib/squidguard/db
2012-08-22 01:26:05 [3365] New setting: logdir: /var/log/squid3
2012-08-22 01:26:05 [3365] destblock good missing active content, set inactive
2012-08-22 01:26:05 [3365] destblock local missing active content, set inactive
2012-08-22 01:26:05 [3365] init domainlist /var/lib/squidguard/db/porn/domains
2012-08-22 01:26:05 [3365] loading dbfile /var/lib/squidguard/db/porn/domains.db
2012-08-22 01:26:05 [3365] init urllist /var/lib/squidguard/db/porn/urls
2012-08-22 01:26:05 [3365] loading dbfile /var/lib/squidguard/db/porn/urls.db
2012-08-22 01:26:05 [3365] squidGuard 1.4 started (1345578965.473)
2012-08-22 01:26:05 [3365] Info: recalculating alarm in 23635 seconds
2012-08-22 01:26:05 [3365] squidGuard ready for requests (1345578965.476)
2012-08-22 01:26:05 [3365] source not found
2012-08-22 01:26:05 [3365] no ACL matching source, using default
http://192.168.1.11/blocked.html?clientaddr=+clientname=+clientident=+srcclass=default+targetclass=porn+url=http://sex.com /- - -
2012-08-22 01:26:05 [3365] squidGuard stopped (1345578965.477)

Or you can see the following in browser:

This URL Has Been Blocked - Opera Browser - SquidGuard with Squid 3 Proxy Server

Fig.01: SquidGuard in action

How do I block other categories?

Update /etc/squid/squidGuard.conf as follows. Define your categories. Just like you did above for porn:

 
dest gamble {
        domainlist      gamble/domains
        urllist         gamble/urls
}
dest alcohol {
        domainlist      alcohol/domains
        urllist         alcohol/urls
}

Update acl entry as follows:

 
acl {
        default {
                pass  !porn !gamble !alcohol all
                redirect http://192.168.1.11/blocked.html?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
        }
}

You also need to install database in /var/lib/squidguard/db/ directory:

# cd /tmp
 # cp -avr BL/alcohol/ /var/lib/squidguard/db/
 # cp -avr BL/gamble/ /var/lib/squidguard/db/

To initializing the blacklists, run:
# squidGuard -C all
Or just initializing newly created categories:

# squidGuard -C /var/lib/squidguard/db/alcohol/domains
 squidGuard -C /var/lib/squidguard/db/alcohol/urls

Finally, set permissions:
# chown proxy:proxy -R /var/lib/squidguard/db/
Reload the squid 3:
# /usr/sbin/squid3 -k reconfigure

Do not allow URL filter bypass by the IP addresses

To make sure that users don't bypass the URL filter by simply using the IP addresses instead of the FQDNs, edit acl entry as follows with !in-addr directive:

 
acl {
        default {
                pass  !porn !gamble !alcohol !in-addr all
                redirect        http://192.168.1.11/blocked.html?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
        }
}

Reload the squid as follows:
# /usr/sbin/squid3 -k reconfigure

Blok Virus dan Spyware pada Mikrotik

/ ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment="Block Bogus IP Address" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklistaction=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=newsrc-address-list=ssh_stage3 action=add-src-to-address-listaddress-list=ssh_blacklist address-list-timeout=1w3d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=newsrc-address-list=ssh_stage2 action=add-src-to-address-listaddress-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=newsrc-address-list=ssh_stage1 action=add-src-to-address-listaddress-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=newaction=add-src-to-address-list address-list=ssh_stage1address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-listaddress-list="port scanners" address-list-timeout=2w comment="Port Scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urgaction=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-listaddress-list="port scanners" address-list-timeout=2w comment=""disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-listaddress-list="port scanners" address-list-timeout=2w comment=""disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ackaction=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urgaction=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urgaction=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="" disabled=no
add chain=input src-address-list="port scanners" action=drop comment=""disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklistaction=drop comment="Filter FTP to Box" disabled=no
add chain=output protocol=tcp content="530 Login incorrect"dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="530 Login incorrect"action=add-dst-to-address-list address-list=ftp_blacklistaddress-list-timeout=3h comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment="Separate Protocol into Chains" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=""disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=""disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="Blocking UDP Packet" disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="Bloking TCP Packet" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=""disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=acceptcomment="Limited Ping Flood" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=acceptcomment="" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=acceptcomment="" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=acceptcomment="" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=acceptcomment="" disabled=no
add chain=icmp protocol=icmp action=drop comment="" disabled=no
add chain=input dst-address-type=broadcast action=accept comment="Allow Broadcast Traffic" disabled=no
add chain=input connection-state=established action=accept comment="Connection State" disabled=no
add chain=input connection-state=related action=accept comment="" disabled=no
add chain=input connection-state=invalid action=drop comment="" disabled=no 
add chain=virus protocol=udp action=drop dst-port=1 comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=2 comment="Death"
add chain=virus protocol=tcp action=drop dst-port=20 comment="Senna Spy FTP server"
add chain=virus protocol=tcp action=drop dst-port=21 comment="Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash"
add chain=virus protocol=tcp action=drop dst-port=22 comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=23 comment="Fire HacKer, Tiny Telnet Server TTS, Truva Atl"
add chain=virus protocol=tcp action=drop dst-port=25 comment="Ajan, Antigen, Barok, Email Password Sender EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy"
add chain=virus protocol=tcp action=drop dst-port=30 comment="Agent 40421"
add chain=virus protocol=tcp action=drop dst-port=31 comment="Agent 31, Hackers Paradise, Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=41 comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=48 comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=50 comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=58 comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=59 comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=79 comment="CDK, Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=80 comment="711 trojan, Seven Eleven, AckCmd, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, Executor, God Message, God Message Creator, Hooker, IISworm, MTX, NCX, Reverse WWW Tunnel Backdoor, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader"
add chain=virus protocol=tcp action=drop dst-port=81 comment="RemoConChubo"
add chain=virus protocol=tcp action=drop dst-port=99 comment="Hidden Port, NCX"
add chain=virus protocol=tcp action=drop dst-port=110 comment="ProMail trojan"
add chain=virus protocol=tcp action=drop dst-port=113 comment="Invisible Identd Deamon, Kazimas"
add chain=virus protocol=tcp action=drop dst-port=119 comment="Happy99"
add chain=virus protocol=tcp action=drop dst-port=121 comment="Attack Bot, God Message, JammerKillah"
add chain=virus protocol=tcp action=drop dst-port=123 comment="Net Controller"
add chain=virus protocol=tcp action=drop dst-port=133 comment="Farnaz"
add chain=virus protocol=tcp action=drop dst-port=135-139 comment="Blaster worm"
add chain=virus protocol=udp action=drop dst-port=135-139 comment="messenger worm"
add chain=virus protocol=tcp action=drop dst-port=142 comment="NetTaxi"
add chain=virus protocol=tcp action=drop dst-port=146 comment="Infector"
add chain=virus protocol=udp action=drop dst-port=146 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=170 comment="A-trojan"
add chain=virus protocol=tcp action=drop dst-port=334 comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=411 comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=420 comment="Breach, Incognito"
add chain=virus protocol=tcp action=drop dst-port=421 comment="TCP Wrappers trojan"
add chain=virus protocol=tcp action=drop dst-port=445 comment="Blaster worm"
add chain=virus protocol=udp action=drop dst-port=445 comment="Blaster worm"
add chain=virus protocol=tcp action=drop dst-port=455 comment="Fatal Connections"
add chain=virus protocol=tcp action=drop dst-port=456 comment="Hackers Paradise"
add chain=virus protocol=tcp action=drop dst-port=513 comment="Grlogin"
add chain=virus protocol=tcp action=drop dst-port=514 comment="RPC Backdoor"
add chain=virus protocol=tcp action=drop dst-port=531 comment="Net666, Rasmin"
add chain=virus protocol=tcp action=drop dst-port=555 comment="711 trojan, Seven Eleven, Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy"
add chain=virus protocol=tcp action=drop dst-port=605 comment="Secret Service"
add chain=virus protocol=tcp action=drop dst-port=666 comment="Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3rz Therippers"
add chain=virus protocol=tcp action=drop dst-port=667 comment="SniperNet"
add chain=virus protocol=tcp action=drop dst-port=669 comment="DP trojan"
add chain=virus protocol=tcp action=drop dst-port=692 comment="GayOL"
add chain=virus protocol=tcp action=drop dst-port=777 comment="AimSpy, Undetected"
add chain=virus protocol=tcp action=drop dst-port=808 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=911 comment="Dark Shadow"
add chain=virus protocol=tcp action=drop dst-port=999 comment="Deep Throat, Foreplay, WinSatan"
add chain=virus protocol=tcp action=drop dst-port=1000 comment="Der Spaeher, Direct Connection"
add chain=virus protocol=tcp action=drop dst-port=1001 comment="Der Spaeher, Le Guardien, Silencer, WebEx"
add chain=virus protocol=tcp action=drop dst-port=1010-1016 comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=1020 comment="Vampire"
add chain=virus protocol=tcp action=drop dst-port=1024 comment="Jade, Latinus, NetSpy"
add chain=virus protocol=tcp action=drop dst-port=1025 comment="Remote Storm"
add chain=virus protocol=udp action=drop dst-port=1025 comment="Remote Storm"
add chain=virus protocol=tcp action=drop dst-port=1035 comment="Multidropper"
add chain=virus protocol=tcp action=drop dst-port=1042 comment="BLA trojan"
add chain=virus protocol=tcp action=drop dst-port=1045 comment="Rasmin"
add chain=virus protocol=tcp action=drop dst-port=1049 comment="sbin initd"
add chain=virus protocol=tcp action=drop dst-port=1050 comment="MiniCommand"
add chain=virus protocol=tcp action=drop dst-port=1053 comment="The Thief"
add chain=virus protocol=tcp action=drop dst-port=1054 comment="AckCmd"
add chain=virus protocol=tcp action=drop dst-port=1080-1083 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=1090 comment="Xtreme"
add chain=virus protocol=tcp action=drop dst-port=1095-1098 comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1099 comment="Blood Fest Evolution, Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1150-1151 comment="Orion"
add chain=virus protocol=tcp action=drop dst-port=1170 comment="Psyber Stream Server PSS, Streaming Audio Server, Voice"
add chain=virus protocol=udp action=drop dst-port=1200-1201 comment="NoBackO"
add chain=virus protocol=tcp action=drop dst-port=1207 comment="SoftWAR"
add chain=virus protocol=tcp action=drop dst-port=1208 comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=1212 comment="Kaos"
add chain=virus protocol=tcp action=drop dst-port=1234 comment="SubSeven Java client, Ultors Trojan"
add chain=virus protocol=tcp action=drop dst-port=1243 comment="BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles"
add chain=virus protocol=tcp action=drop dst-port=1245 comment="VooDoo Doll"
add chain=virus protocol=tcp action=drop dst-port=1255 comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1256 comment="Project nEXT"
add chain=virus protocol=tcp action=drop dst-port=1269 comment="Matrix"
add chain=virus protocol=tcp action=drop dst-port=1272 comment="The Matrix"
add chain=virus protocol=tcp action=drop dst-port=1313 comment="NETrojan"
add chain=virus protocol=tcp action=drop dst-port=1338 comment="Millenium Worm"
add chain=virus protocol=tcp action=drop dst-port=1349 comment="Bo dll"
add chain=virus protocol=tcp action=drop dst-port=1394 comment="GoFriller, Backdoor G-1"
add chain=virus protocol=tcp action=drop dst-port=1441 comment="Remote Storm"
add chain=virus protocol=tcp action=drop dst-port=1492 comment="FTP99CMP"
add chain=virus protocol=tcp action=drop dst-port=1524 comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=1568 comment="Remote Hack"
add chain=virus protocol=tcp action=drop dst-port=1600 comment="Direct Connection, Shivka-Burka"
add chain=virus protocol=tcp action=drop dst-port=1703 comment="Exploiter"
add chain=virus protocol=tcp action=drop dst-port=1777 comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1807 comment="SpySender"
add chain=virus protocol=tcp action=drop dst-port=1966 comment="Fake FTP"
add chain=virus protocol=tcp action=drop dst-port=1967 comment="WM FTP Server"
add chain=virus protocol=tcp action=drop dst-port=1969 comment="OpC BO"
add chain=virus protocol=tcp action=drop dst-port=1981 comment="Bowl, Shockrave"
add chain=virus protocol=tcp action=drop dst-port=1999 comment="Back Door, SubSeven, TransScout"
add chain=virus protocol=tcp action=drop dst-port=2000 comment="Der Spaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=2001 comment="Der Spaeher, Trojan Cow"
add chain=virus protocol=tcp action=drop dst-port=2023 comment="Ripper Pro"
add chain=virus protocol=tcp action=drop dst-port=2080 comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=2115 comment="Bugs"
add chain=virus protocol=udp action=drop dst-port=2130 comment="Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=2140 comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=2140 comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=2155 comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=2255 comment="Nirvana"
add chain=virus protocol=tcp action=drop dst-port=2283 comment="Hvl RAT"
add chain=virus protocol=tcp action=drop dst-port=2300 comment="Xplorer"
add chain=virus protocol=tcp action=drop dst-port=2311 comment="Studio 54"
add chain=virus protocol=tcp action=drop dst-port=2330-2339 comment="Contact"
add chain=virus protocol=udp action=drop dst-port=2339 comment="Voice Spy"
add chain=virus protocol=tcp action=drop dst-port=2345 comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=2565 comment="Striker trojan"
add chain=virus protocol=tcp action=drop dst-port=2583 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=2600 comment="Digital RootBeer"
add chain=virus protocol=tcp action=drop dst-port=2716 comment="The Prayer"
add chain=virus protocol=tcp action=drop dst-port=2773-2774 comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=2801 comment="Phineas Phucker"
add chain=virus protocol=udp action=drop dst-port=2989 comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=3000 comment="Remote Shut"
add chain=virus protocol=tcp action=drop dst-port=3024 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=3031 comment="Microspy"
add chain=virus protocol=tcp action=drop dst-port=3128 comment="Reverse WWW Tunnel Backdoor, RingZero"
add chain=virus protocol=tcp action=drop dst-port=3129 comment="Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=3150 comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=3150 comment="Deep Throat, Foreplay, Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=3456 comment="Terror trojan"
add chain=virus protocol=tcp action=drop dst-port=3459 comment="Eclipse 2000, Sanctuary"
add chain=virus protocol=tcp action=drop dst-port=3700 comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=3777 comment="PsychWard"
add chain=virus protocol=tcp action=drop dst-port=3791-3801 comment="Total Solar Eclypse"
add chain=virus protocol=tcp action=drop dst-port=4000 comment="SkyDance"
add chain=virus protocol=tcp action=drop dst-port=4092 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=4242 comment="Virtual Hacking Machine VHM"
add chain=virus protocol=tcp action=drop dst-port=4321 comment="BoBo"
add chain=virus protocol=tcp action=drop dst-port=4444 comment="Prosiak, Swift Remote"
add chain=virus protocol=tcp action=drop dst-port=4567 comment="File Nail"
add chain=virus protocol=tcp action=drop dst-port=4590 comment="ICQ Trojan"
add chain=virus protocol=tcp action=drop dst-port=4950 comment="ICQ Trogen Lm"
add chain=virus protocol=tcp action=drop dst-port=5000 comment="Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5001 comment="Back Door Setup, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5002 comment="cd00r, Shaft"
add chain=virus protocol=tcp action=drop dst-port=5010 comment="Solo"
add chain=virus protocol=tcp action=drop dst-port=5011 comment="One of the Last Trojans OOTLT, One of the Last Trojans OOTLT, modified"
add chain=virus protocol=tcp action=drop dst-port=5025 comment="WM Remote KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=5031-5032 comment="Net Metropolitan"
add chain=virus protocol=tcp action=drop dst-port=5321 comment="Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=5333 comment="Backage, NetDemon"
add chain=virus protocol=tcp action=drop dst-port=5343 comment="wCrat WC Remote Administration Tool"
add chain=virus protocol=tcp action=drop dst-port=5400-5402 comment="Back Construction, Blade Runner"
add chain=virus protocol=tcp action=drop dst-port=5512 comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=5534 comment="The Flu"
add chain=virus protocol=tcp action=drop dst-port=5550 comment="Xtcp"
add chain=virus protocol=tcp action=drop dst-port=5555 comment="ServeMe"
add chain=virus protocol=tcp action=drop dst-port=5556-5557 comment="BO Facil"
add chain=virus protocol=tcp action=drop dst-port=5569 comment="Robo-Hack"
add chain=virus protocol=tcp action=drop dst-port=5637-5638 comment="PC Crasher"
add chain=virus protocol=tcp action=drop dst-port=5742 comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=5760 comment="Portmap Remote Root Linux Exploit"
add chain=virus protocol=tcp action=drop dst-port=5880-5889 comment="Y3K RAT"
add chain=virus protocol=tcp action=drop dst-port=6000 comment="The Thing"
add chain=virus protocol=tcp action=drop dst-port=6006 comment="Bad Blood"
add chain=virus protocol=tcp action=drop dst-port=6272 comment="Secret Service"

Separate and Prioritize Browsing on the Mikrotik

Perhaps you have thought, If you give 128 kbps of the bandwidth, constraints limit was too small. But if give the bandwidth limit was raised as 256kbps, 512 kbps or greater, I was worried about going against with bandwidth monopoly when the client download is very much, it's possibility occurs bandwidth distribution inequality with some clients. the client when browsing will lose then downloader. I was thinking how to give same satisfaction for all of my clients.

So when the internet connection used with many clients the bandwidth still remains evenly distributed, which gives prioritize browsing speed against download speed, because download speed spend a lot of bandwidth for a long time.

Therefore this is essential problems for all of us. The logic is like this, the limit based on the file extension then we try to limit based by the file size.

For example, the file about to be downloaded >1MB (larger than 1 MB) then it would be categorized as Download and if <1MB (smaller than 1 MB) this is categorized as Browsing. The Confinguration is not limiting Bandwidth, but only just distinguish the priority. So if there is no client browsing the download will be fast again.

Ok I think is clear enough, and now how do we apply the browsing can be prioritize when many clients use our internet connection in mikrotik winbox.

Log in into your Winbox with a password that you have. If you not have yet, ask with your internet service provider (ISP). Look at the picture above! Go to the new terminal menu tab and right click and paste the script below at the cursor terminal command mikrotik.

/ip firewall mangle

add chain=prerouting action=mark-connection new-connection-mark=conn-download passthrough=yes protocol=tcp dst-port=80 connection-bytes=1000000-0 comment="CONN-DOWNLOAD"

add chain=prerouting action=mark-packet new-packet-mark=download-packet passthrough=no connection-mark=conn-download

add chain=prerouting action=mark-connection new-connection-mark=conn-browsing passthrough=yes protocol=tcp dst-port=80 connection-bytes=0-1000000 comment="CONN-BROWSING"

add chain=prerouting action=mark-packet new-packet-mark=browsing-packet passthrough=no connection-mark=conn-browsing

After insert the script for separation between download and browsing, you will see like the picture above. Then you can check the results by click on IP> Firewall> Mangle, look at the right picture above.

The second is create queue tree and you just need to insert the second script below.

/queue tree

add name="paket browsing" parent=global-in packet-mark=browsing-packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

add name="paket download" parent=global-in packet-mark=download-packet limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

Go to the new terminal menu tab again, right click and paste the second script at the cursor terminal, will shown as the picture above. Check the results by click on Queues> Queue Tree.

It is easy - I hope can help you enforce justice against your client, good luck!

Monday, November 10, 2014

Easily Password Protect Your Files/Folders in Ubuntu/Linux Mint

Getting Started

Right click on the file(s) or folder(s) and select Compress:

In the window that will appear, select a compression format (7z, zip, tar, etc.), then click Other Options:

Enter any password of your choice, check on "Encrypt the file list too", then click Create:

You have now compressed and password-protected your file/folder. No user can now extract the archive file unless he/she provides the correct password:

More Advanced Options

If you want to prevent other users from deleting or moving the password-protected archive file you have just created, open the terminal and cd to where it is stored, then run this command:

sudo chattr +i file-name.ext

To undo this, enter this command:

sudo chattr -i file-name.ext

Pages

Facebook Badge

Show visitores IP

Tracking Live visitors

md5

Search This Blog

Total Pageviews

Live Traffic Stats

Friday, November 14, 2014

Finding device:

Method 1: Using ls /dev/sd* command

Method 2: Using df command

Method 3: dmesg | tail

Method 4: mount -l

Method 5: fdisk -l

Formatting pen drive:

1.Once you have Identified your pen drive, unmount it.

2.Format pen drive now.

For Ms-Dos or Windows file system:

For Linux File system:

If there are duplicates exist:

How to solve this:

Step #1: Install squidguard

Step #2: Install Blacklist

Step #3: Configure Squid 3

Step #4: Configure SquidGuard

Step #5: Verify the configuration

How do I block other categories?

Do not allow URL filter bypass by the IP addresses

Monday, November 10, 2014

Blog Archive

Labels

Popular Posts

My Blog List