2015年11月30日 星期一

routeros 設定黑名單 ip

http://forum.mikrotik.com/viewtopic.php?t=31994


設定black list
並在rules上 設定一條即可


==
Use IP address list.
Create a list, e.g. 'blacklist' and put as few or as many IP addresses and CIDR blocks in the list as you need to block.
e.g.
Code: Select all
/ip firewall address-list
add list=blacklist address=1.1.1.1
add list=blacklist address=2.2.2.2
add list=blacklist address=3.3.0.0/16
...


Then you can use this list in any rule in any chain of any table of the firewall.
It's especially helpful because without the address list, if you have nat rules and filter rules and masquerade rules all having to do with the same set of addresses, if you add or remove any addresses from the set, then you'd have to go update all of your chains. If all of the chains refer to the same address list, changing the address list immediately affects all of the rules which refer to it.

You match an address list in your rules by using the criteria: src-address-list=blacklist or dst-address-list=blacklist
In Winbox / Webfig, the address list matchers are in the 'advanced' tab.

So for instance, to accomplish what the original poster asked, you would add the offending IP address to the blacklist and have a rule in the input chain:
/ip firewall filter add chain=input src-address-list=blacklist action=drop

I rarely use the output chain in Mikrotiks, but this is one place I will do it:
/ip firewall filter add chain=output dst-address-list=blacklist action=drop

However, this firewall 'mode' is not the best for a secure filter. It allows everything except specific exceptions. (blocked hosts) which you must manually detect and react to. (You can make firewall rules that automatically detect port scans and brute force attempts on telnet / ssh and add the sources to blacklists but that's beyond the scope of this post)

It's better to make your Mikrotik drop all input traffic on the WAN interface that it didn't request (e.g. ping replies, dns replies, http replies, etc). Suppose ether1 is the WAN interface:
/ip firewall filter add chain=input in-interface=ether1 connection-state=!established,related action=drop
One rule blocks the Internet from being able to initiate any interaction with your mikrotik at all. No blacklist is required.

===




routeros 服務port

建議,對外的 www 改 非80 . 或是關閉

ssh and telnet 比較麻煩

或是參考

2015年11月24日 星期二

有設定 web proxy 須要加強設定的部份

/ip firewall filter
chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop  


進來的所有 ip 到  port 8080  tcp 全部丟棄


add 還要加  

In. Interface  "WAN"

不然 內部proxy會無法使用

即封掉全部的 8080  但要封的是 訪問 wan 8080 port 的部份 

2015年11月24日 星期二

routeros 防止外部一直測試網路


routeros 防止一直tray



























/ip firewall filter
add action=drop chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 1 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" disabled=no dst-port=21,22,23,8291 protocol=tcp src-address-list=login_error_ip
add action=add-src-to-address-list address-list=login_error_ip address-list-timeout=1d chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 2 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=tcp \
    src-address-list=ros_service_login5
add action=add-src-to-address-list address-list=ros_service_login5 address-list-timeout=1d30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 3 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 \
    protocol=tcp src-address-list=ros_service_login4
add action=add-src-to-address-list address-list=ros_service_login4 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 4 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login3
add action=add-src-to-address-list address-list=ros_service_login3 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 5 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login2
add action=add-src-to-address-list address-list=ros_service_login2 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 6 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=ros_service_login1
add action=add-src-to-address-list address-list=ros_service_login1 address-list-timeout=30s chain=input comment="\A2b\A2c\A2d\A2e\A2f\A2g\A2h 7 \A2h\A2g\A2f\A2e\A2d\A2c\A2b" connection-state=new disabled=no dst-port=21,22,23,8291 protocol=\
    tcp src-address-list=!Lan_ip

/ip firewall address-list
add address=172.16.0.0/12 disabled=no list=Lan_ip
add address=192.168.0.0/16 disabled=no list=Lan_ip
add address=10.0.0.0/8 disabled=no list=Lan_ip


source: http://sg.ros.tw/wp/?p=148



2015. 11.30 加注
以上如果有設定,要放在前面,
和 rputeros proxy 防護的部份放後面

目前這組效率相對好

2015年11月17日 星期二

買飛機票 最便宜

如何透過FunTime找到最便宜機票… 超級簡單! 你可以用以下 2 種方式1. 搜尋FunTime機票比價    http://www.funtime.com.tw/oveticket/選擇你想要飛往的目的地進行比價,票價資訊、未稅價、稅金、總價標示一目了然,和哪一家旅行社買最便宜又划算,馬上就知道了! 喜歡的話,點選訂購即可向該旅行社購買 :)2. 便宜機票價格追蹤    http://www.funtime.com.tw/oveticket/

比價 背包客棧
http://www.backpackers.com.tw/forum/airfare.php'

星期二、三
4.7.9.10 月 四月最少
全套機票
註冊航空公司會員

2015年9月29日 星期二

2015年9月12日 星期六

NTP Server for GPS

Source is : NTP ORG
Using Root explorer or other applications browse to /system/etc/gps.conf
Edit it and set any of the following servers based on your individual location.
For more details you may visit the link provided above as Source.

----------------------------------------------------------------------------

Global — pool.ntp.org

time.google.com -> good 20200409 add

----------------------------------------------------------------------------

Europe — europe.pool.ntp.org
Asia — asia.pool.ntp.org
Oceania — oceania.pool.ntp.org
North America — north-america.pool.ntp.org
South America — south-america.pool.ntp.org
Africa — africa.pool.ntp.org

----------------------------------------------------------------------------

Europe — europe.pool.ntp.org

Austria — at.pool.ntp.org
Switzerland — ch.pool.ntp.org
Germany — de.pool.ntp.org
Denmark — dk.pool.ntp.org
Spain — es.pool.ntp.org
France — fr.pool.ntp.org
Italy — it.pool.ntp.org
Luxembourg — lu.pool.ntp.org
Netherlands — nl.pool.ntp.org
Norway — no.pool.ntp.org
Poland — pl.pool.ntp.org
Sweden — se.pool.ntp.org
Slovenia — si.pool.ntp.org
United Kingdom — uk.pool.ntp.org
Finland — fi.pool.ntp.org
Ireland — ie.pool.ntp.org
Russian Federation — ru.pool.ntp.org
Belgium — be.pool.ntp.org
Portugal — pt.pool.ntp.org
Greece — gr.pool.ntp.org
Hungary — hu.pool.ntp.org
Bulgaria — bg.pool.ntp.org
Romania — ro.pool.ntp.org
Czech Republic — cz.pool.ntp.org
Yugoslavia — yu.pool.ntp.org
Estonia — ee.pool.ntp.org
Belarus — by.pool.ntp.org
Slovakia — sk.pool.ntp.org
Ukraine — ua.pool.ntp.org
Lithuania — lt.pool.ntp.org
Macedonia — mk.pool.ntp.org
Moldova — md.pool.ntp.org
Latvia — lv.pool.ntp.org
Croatia — hr.pool.ntp.org
Republic of Serbia — rs.pool.ntp.org
Bosnia and Herzegovina — ba.pool.ntp.org
----------------------------------------------------------------------------

Asia — asia.pool.ntp.org

Philippines — ph.pool.ntp.org
Malaysia — my.pool.ntp.org
Turkey — tr.pool.ntp.org
Singapore — sg.pool.ntp.org
India — in.pool.ntp.org
Hong Kong — hk.pool.ntp.org
United Arab Emirates — ae.pool.ntp.org
Japan — jp.pool.ntp.org
Bangladesh — bd.pool.ntp.org
Israel — il.pool.ntp.org
Korea — kr.pool.ntp.org
Thailand — th.pool.ntp.org
Iran — ir.pool.ntp.org
Taiwan — tw.pool.ntp.org
China — cn.pool.ntp.org
Indonesia — id.pool.ntp.org
Vietnam — vn.pool.ntp.org
Pakistan — pk.pool.ntp.org
Oman — om.pool.ntp.org
Uzbekistan — uz.pool.ntp.org
Sri Lanka — lk.pool.ntp.org
Kyrgyzstan — kg.pool.ntp.org
Cambodia — kh.pool.ntp.org
Qatar — qa.pool.ntp.org
Saudi Arabia — sa.pool.ntp.org

----------------------------------------------------------------------------

Oceania — oceania.pool.ntp.org

Australia — au.pool.ntp.org
New Zealand — nz.pool.ntp.org
New Caledonia — nc.pool.ntp.org

----------------------------------------------------------------------------

North America — north-america.pool.ntp.org

Canada — ca.pool.ntp.org
United States — us.pool.ntp.org
Mexico — mx.pool.ntp.org
Guatemala — gt.pool.ntp.org
Panama — pa.pool.ntp.org
Bahamas — bs.pool.ntp.org
Costa Rica — cr.pool.ntp.org
El Salvador — sv.pool.ntp.org

----------------------------------------------------------------------------

South America — south-america.pool.ntp.org

Brazil — br.pool.ntp.org
Chile — cl.pool.ntp.org
Argentina — ar.pool.ntp.org
Venezuela — ve.pool.ntp.org

----------------------------------------------------------------------------

Africa — africa.pool.ntp.org

Tanzania — tz.pool.ntp.org
South Africa — za.pool.ntp.org
Angola — ao.pool.ntp.org
Madagascar — mg.pool.ntp.org







http://forum.xda-developers.com/showthread.php?t=1200089




目前中華電信提供下列NTP伺服器
tick.stdtime.gov.tw
tock.stdtime.gov.tw
watch.stdtime.gov.tw
android uas FASTERGPS 軟體


2015年7月13日 星期一

windows 7 開啟檔案 不會有安全性警告

[Windows] 關閉 Windows 7『開啟檔案 - 安全性警告』

執行檔案還需要點選『確認』按鈕才可開啟,超級不方便的,關閉此功能步驟如下:

1. 執行 gpedit.msc
2. 開啟『使用者設定』→『系統管理範本』→『Windows元件』→『附件管理員』
3. 將『檔案附件的預設風險層級』、『中度風險檔案類型的包含清單』設定為啟用
4. 選項裡請輸入:.exe;.msi;.bat 〈依個人需要輸入檔案類型)
5. 執行 gpupdate 或重新開機

2015年4月17日 星期五

windows 7 正板 換硬體時

备份和还原
1、备份以下路径文件夹 C:\Windows\System32\spp\store 文件夹(内含隐藏文件)
2、重装系统,记住必须是与激活时相同的版本(新系统的硬件信息,用户名、密码、计算机名等应与上述备份所属系统的设置一致,不一致的没试过)
3、管理员身份运行cmd 输入slmgr -upk回车(清除Key信息)
4、Win+R 运行 msconfig-boot-safe mode(设置安全模式启动,选择重启)
5、在safe mode下,管理员身份运行cmd 输入net stop sppsvc(关闭Software Protection)
6、在C:\Windows\System32\spp\ 文件夹下,用已备份的store文件夹覆盖该目录下的store文件夹;
7、Win+R, msconfig-boot-去掉safe mode选勾,正常启动。
8、重启后,cmd(管理员) slmgr -dli(查看激活情况)。



--
备份与还原
Windows 8 系统下:
Office 2013激活备份方法: 只需备份 C:\Windows\System32\spp\store 文件夹即可,建议备份到一些网盘上去
Office 2013激活还原方法: 将之前备份好的 store 文件夹,覆盖到 C:\Windows\System32\spp\store 即可
Windows 7 系统下:
Windows 7系统请备份:C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat

2015年4月10日 星期五

windows tcp/ip 連線數增加



http://www.speedguide.net/downloads.php

 Windows 9x/ME/2K/XP/XP-SP2/2k3/Vista/7/2008 |

 TCP Optimizer v3.0.8

修改tcp 預設為10 .


可以設定到200左右


如果常使用多螢幕看網站,開多視窗  就用這個fix

also

http://forum.gamer.com.tw/Co.php?bsn=16583&sn=64168

2015年4月4日 星期六

Black Berry passport 10.3.1 install google serice


安裝三個檔案即可




http://forums.crackberry.com/android-apps-amazon-store-apk-files-f413/cobalts-official-google-apps-landing-page-965257/

其他參考

https://www.youtube.com/watch?v=ReHOseE5yVw&spfreload=1

2015年3月24日 星期二

nvidia 開啟 CUDIA





抓 drive
使用右鍵解壓
找 Display.Driver 子目錄


nvcuvenc32.dl_ y nvcuvenc64.dl_

修改成
nvcuvenc32.dll y nvcuvenc64.dll

32    放在windows/system32
64  放在windows/SysWOW64

64bit 二者都要放












http://www.pcdvd.com.tw/showthread.php?t=1073670
這個 說明
最簡單的安裝方法: 
下載 Local Installer 的 EXE (940MB),然後直接安裝即可(附圖;CUDA驅動有包在裡面)。
找不到,而且安裝也沒效果



http://cryptocurrency.tw/viewtopic.php?t=2668



http://conocimiento-adictivo.blogspot.com/2015/01/Como-reactivar-Nvidia-CUDA-Video-Encoder.html


卡 EVGA GT750
使用
http://cryptocurrency.tw/viewtopic.php?t=2668
可以
2015.3.24