8. NAT
ip firewall nat add chain=srcnat src-address=192.168.100.0/24 out-interfaces=ether1
action=masquerade
ip firewall nat add chain=dstnat protocol=tcp dst-port=80 in-interfaces=wlan1 action=redirect
to-port=8080
ip firewall nat add chain=srcnat src-address=192.168.200.0/24 out-interfaces=ether1
time=7h-19h,sun,mon,tue,wed,thu,fri,sat action=masquerade
9. STATIC DNS
ip dns static add name="mikrotik.com" address="128.199.188.0"
ip dns static add name="www.mikrotik.com" address="128.199.188.0"
10. BLOKIR PING
ip firewall filter add chain=input src-address=192.168.100.2-192.168.100.50 dst-
address=192.168.6.1 protocol=icmp action=drop
ip firewall filter add chain=input src-address=192.168.100.2-192.168.100.50 dst-
address=192.168.100.1 protocol=icmp action=drop
ip firewall filter add chain=input src-address=192.168.100.2-192.168.100.50 dst-
address=192.168.200.1 protocol=icmp action=drop
11. LOGGING
ip firewall filter add chain=input log=yes log-prefix=Akses
12. FIREWALL KE HTTP DAN HTTPS
ip firewall filter add chain=forward protocol=tcp dst-port=80,443 in-interface=ether2 out-
interface=ether1 action=drop
13. WIRELESS
interface wireless enable 0
interface wireless set 0 mode=ap-bridge ssid=nama_peserta@proxy
14. PROXY SERVER
ip proxy set enabled=yes port=8080 cache administrator=nama_peserta@sekolah.sch.id
cache-on-disk=yes
15. BLOKIR SITE
ip proxy access add dst-host=www.linux.or.id action=deny
16. BLOKIR FILE
ip proxy access add path=*.mp3 action=deny
ip proxy access add path=*.mkv action=deny
17. BLOKIR CONTENT
ip firewall filter add chain=forward content=mikrotik action=drop