hcmhcm wrote:
你的主機是DMZ方式...(恕刪)
hcmhcm大大您好,由於本檔案filter.rsc檔案連結已失效,能否請您再提供新的連結或email cmcj66@yahoo.com.tw 給小弟呢?感激不盡!
*) safe mode - do not allow user with less permissions to disrupt active
safe mode;
*) console - print command does not try to reuse item numbers assigned by
previous invocations of 'print' when doing 'print where' or 'print follow',
items are numbered consecutively starting from '0'.
*) console - fix compact export of some partially modified
configuration values;
*) api - use the same syntax for property values as is used in 'print detail'
output, with the exception of numbers, that are not shown with suffixes
(K/M/G/T or bitrate) and are not contracted or separated into digit groups.
*) console - show internal numbers in the form returned by 'find' (like *9A0F)
instead of ~(unknown)~ when configuration refers to
deleted items. This change also applies to API.
*) ipsec - fix addition of default policy template;
*) console - values of type 'nil' were returning 'nil' as result of most
operations. Now it compares less than all values except 'nil'
and 'nothing', and compares inequal to all values except 'nil'.
This was changed to make 'print where' and 'find where' more useful.
An example. Previously the following command
/ip route print where routing-mark!=nosuch
Would not print routes that had no value for 'routing-mark' set, because
(nil != ~nosuch~) was equal to nil. Now it evaluates to 'true', and this
command will also print all routes that have no 'routing-mark' value set.
*) l2tp - fixed problem on CCR where server responded with wrong source address;
*) console export - put qutes around item names that start with a digit;
*) sntp client - added support for dns lookup of ntp servers;
*) console - when exporting to file, use name ending in '.in_progress', and
rename when export finishes;
*) bridge setups sometimes could crash on CCR devices;
*) fixed port flapping in 1G mode on sfp-sfpplus1 on CRS226;
FB: Pctine
前天家中突然跳電,之後 RB450G 就再起不能了 OTL
慘~玩路由器那麼多年…
還沒碰過跳個電就再起不能的事~
因為插上電只會聽到剛開機的第一聲嗶,
而等再久也聽不到開進系統的第二聲嗶嗶;
只好接上 serial console 線來看問題在哪?
便見 trace 停在 start service 就沒動靜了…
當下先斷電,戳 reset 鈕插電之後,
就會進 recovery mode 接著就開進 Mikrotik >
這時透過 WinBox 把之前備份的設定檔 restore 回去,
沒想到重開機就變成 kernel panic 了…
更慘~只好透過 BIOS 把 NAND 清光,
重新透過 Netinstall 把系統裝回去。
奇怪的是,雖然官網現在已提供 v6.18 了
但是 Netinstall 只能上 v5.26
不過幸好的是,Netinstall 後 License Key 似乎都還在…
難不成 Key 是存在 BIOS 或 EC 裡的?
之後再透過 WinBox 來升 v6.18 就沒問題了~怪
就是不能一開始 Netinstall 就灌 v6.18
再來 restore 備份設定檔就都 ok 了!
到現在還是想不出為什麼只是家中跳個電…
就那麼嚴重的原因?
要是以後再跳電再來一次…
那還真的是很麻煩的一件事!
tsaisj55 wrote:
我要的就是不能上 internet 但區網還能存取
這樣設定不知還有沒有漏洞...(恕刪)
小弟的想法比較簡單, 如果要全然靠 firewall 來防堵會很辛苦, 有的 user 甚至會在 PC 上面安裝 usb wifi 網卡, 透過手機上網.
所以建議你分兩部份來做, 第一就是 PC 端的作業系統不要讓 user 有權限去修改網路卡的相關設定, 再來就是 RouterOS (firewall) 部份利用 mac binding IP 的方式, 使得 Client 取得指定的 IP, 再利用 firewall rule 來做控管.
一般這樣做就差不多了, 再加上必要的政令宣導, 最後如果還有閒錢, 再另外做上網紀錄的 log.
FB: Pctine
內文搜尋
從 APP 打開
X