ads block plus freebsd

#fetch

wget -O /usr/local/etc/squid/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'

# squid.conf

## disable ads ( http://pgl.yoyo.org/adservers/ )

acl ads dstdom_regex "/usr/local/etc/squid/ad_block.txt"

deny_info http://192.168.3.2/fill.png ads

http_access deny ads

squid -k parse

squid -k reconfigure

image fill.png

http://lusca.indolini.org/fill.png
http://bimasakti.org/a/fill.png

Automating with cron

Lastly, you may want to setup and cron job to get the latest list every few days. The site you get the ad list from (pgl.yoyo.org) updates their ips every 3 days or so nn average. With a cron job running you can make sure you have the latest list. Below is a cron job line to get the ad servers list every 3 days at 5:35am (0535).

#minute (0-59)
#|   hour (0-23)
#|   |    day of the month (1-31)
#|   |    |   month of the year (1-12 or Jan-Dec)
#|   |    |   |   day of the week (0-6 with 0=Sun or Sun-Sat)
#|   |    |   |   |   commands
#|   |    |   |   |   |
#### refresh squid's anti-ad server list
35   5    *   *   */3 /scripts_dir/ad_servers_newlist.sh >> /dev/null 2>&1

https://calomel.org/squid_adservers.html

http://indolini.org/blog/block-iklan-melalui-squid-di-slackware-jilid-2/

Block Sisa IP Pada Jaringan LAN Dengan MikroTik

IP Lan dengan / 24 (slash 24) merupakan IP lan dengan range block IP address 1 – 254 yang mana IP 0 digunakan sebagai network dan IP 255 digunakan sebagai broadcast pada mesin mikrotik. Misalkan pada suatu lingkungan Lan digunakan IP : 192.168.10.254 / 24 artinya IP yang bisa digunakan adalah IP dengan range 192.168.10.1 – 192.168.10.254 dengan IP address 192.168.10.0 sebagai network dan IP address 192.168.10.255 sebagai broadcastnya. Lihat gambar dengan contoh IP address tersebut diatas:

Dengan nama interface nya : LAN

Pada suatu lingkungan jaringan lokal seperi contoh warnet atau perkantoran, sangat jarang sekali semua IP tersebut bisa dipakai semua. Sehingga client/user bisa dengan leluasa mengganti IP address nya sendiri dalam lingkup range block IP itu sendiri. Salah satu efek samping dari client/user yang mengganti IP address nya, adalah dengan leluasa nya user tersebut menyedot bandwidth yang telah dilimit pada suatu warnet/kantor. Karena biasa nya warnet/kantor telah membatasi pemakaian Bandwidth setiap user nya dengan menggunakan alamat Ip Address itu sendiri, misalkan salah satu pc dengan alamat Ip 192.168.10.8 telah dibatasi Bandwidth nya, pada suatu kesempatan user yang menggunakan IP tersebut mengganti IP nya menjadi 192.168.10.198 maka apa yang akan terjadi? User tersebut tetap akan bisa melakukan koneksi dengan sepuasnya tanpa ada yang membatasi bandwidth nya, sehingga akan mengganggu user lain yang berada di dalam lingkungan jaringan tersebut.

Dengan mikrotik router sisa dari IP yang tidak terpakai bisa di buang (drop) sehingga tidak akan bisa melakukan koneksi ke Luar (WAN). Disini saya akan mencontohkan suatu jaringan lokal dengan jumlah PC sebanyak 10 unit yang mana jumlah IP address yang terpakai adalah 11 buah dengan perincian sebagai berikut:

Ip Address : 192.168.10.1 – 192.168.10.10 digunakan sebagai pc client
Ip Address : 192.168.10.254 digunakan sebagai gateway nya

1. Masuk kedalam mikrotik anda dengan menggunakan Winbox
2. Buka menu IP -> Firewall

3. setelah muncul menu firewall, pilih tab “Filter Rules” dan tekanlah tombol add (tombol plus)

4. Setelah menekan tanda plus (warna merah) maka akan muncul box menu. Pilih tab general. Pada halaman tab ini, pilihlah menu drop down “forward” pada kolom isian CHAIN. Pada kolom isian IN-INTERFACE pilihlah interface yang mengarah pada Ip address local anda, yang pada contoh ini interface yang saya gunakan namanya adalah LAN.

5. Beralihlah ke tab ADVANCE, masih pada box menu isian tadi. Pada kolom isian SRC.ADDRESS LIST tuliskan “Per-IP” (bisa diganti sesuai dengan keinginan).

6. Pindah ke tab ACTION, pada kolom isian ACTION isilah dengan pilihan dropdown “DROP”.

Tekan tombol OK.
7. Kembali pada menu box menu firewall, pilihlah tab “ADDRESS LIST”.

8. Pada kolom bagian ujung kanan, pilihlah menu dropdown dengan nama “Per-IP” (sesuai dengan nama yg ditulis sebelumnya). Kemudian tekan tombol add (tombol warna merah).

9. Maka akan muncul box isian Firewall Address List. Pada kolom isian “ADDRESS” tulislah range IP yang hendak di drop. Yang pada contoh kali ini kita hendak memblock IP mulai dari 192.168.10.11 sampai dengan 192.168.10.253 karena IP 192.168.10.254 telah di pakai oleh gateway (IP Mikrotik nya saat ini).

Tulislah 192.168.10.11-192.168.10.253 pada kolom isian tersebut.

Sebatas ini, IP yang dimasukkan kedalam List Block tentunya tidak medapat “jatah” bandwidth lagi, walaupun user berhasil mengganti IP nya, namun user tersebut tidak akan bisa koneksi ke WAN (internet).

 

 

copas http://saifulanas.wordpress.com/2011/12/09/block-sisa-ip-pada-jaringan-lan-dengan-mikrotik/

compile ku

PROSEDUR SWEEPING WINDOWS BAJAKAN

hilnet

http://www.forumdelapan.us/thread-1120-post-3700.html#pid3700

s

http://www.networkerectors.com/?p=15

Install Unbound FreeBsd

Install unbound di freebsd – 
#pkg_add -rv unbound
#cd /usr/local/etc/unbound
#cd /usr/local/etc/unbound
#fetch ftp://FTP.INTERNIC.NET/domain/named.cache
named.cache 100% of 3048 B 10 MBps
#rehash
#unbound-control-setup

Hasilnya akan terlihat di consol seperti berikut

setup in directory /usr/local/etc/unbound
generating unbound_server.key
Generating RSA private key, 1536 bit long modulus
............................++++
......++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1536 bit long modulus
.......++++
..................................................................................................................++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
# chown unbound:wheel unbound_*
# chmod 440 unbound_*
# mkdir /usr/local/etc/unbound/dev

tambah unbound_enable="YES"' /etc/rc.conf

#

paste unbound.conf 

server:

         verbosity: 1

         statistics-interval: 120

         num-threads: 1

         interface: 0.0.0.0

         outgoing-range: 950 #1900

         num-queries-per-thread: 1024 #2048

         msg-cache-size: 50m

         rrset-cache-size: 100m

         msg-cache-slabs: 4

         rrset-cache-slabs: 4

         cache-max-ttl: 86400

         infra-host-ttl: 60

         infra-lame-ttl: 120

         infra-cache-numhosts: 10000

         infra-cache-lame-size: 10k

         do-ip4: yes

         do-ip6: no

         do-udp: yes

         do-tcp: yes

         do-daemonize: yes

         access-control: 0.0.0.0/0 allow

         #access-control: 192.168.0.0/16 allow

         #access-control: 172.16.0.0/12 allow

         #access-control: 10.0.0.0/8 allow

         #access-control: 127.0.0.0/8 allow

         #access-control: 0.0.0.0/0 refuse

         chroot: "/usr/local/etc/unbound"

         username: "unbound"

         directory: "/usr/local/etc/unbound"

         #logfile: "/usr/local/etc/unbound/unbound.log"

         #use-syslog: yes

         logfile: ""

         use-syslog: no

         #pidfile: "/usr/local/etc/unbound/unbound.pid"

         root-hints: "/usr/local/etc/unbound/named.cache"

         identity: "DNS"

         version: "1.4"

         hide-identity: yes

         hide-version: yes

         harden-glue: yes

         do-not-query-address: 127.0.0.1/8

         do-not-query-localhost: yes

         module-config: "iterator"

        #zone localhost

        local-zone: "localhost." static

        local-data: "localhost. 10800 IN NS localhost."

        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"

        local-data: "localhost. 10800 IN A 127.0.0.1"

        local-zone: "127.in-addr.arpa." static

        local-data: "127.in-addr.arpa. 10800 IN NS localhost."

        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"

        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

        #zone ubn.net

        local-zone: "unix.net." static

        local-data: "unix.net. 86400 IN NS ns1.unix.net."

        local-data: "unix.net. 86400 IN SOA unix.net. hostmaster.unix.net.  3 3600 1200 604800 86400"

        local-data: "unix.net. 86400 IN A 192.168.3.2"

        local-data: "www.unix.net. 86400 IN A 192.168.3.2"

        local-data: "ns1.unix.net. 86400 IN A 192.168.3.2"

        #local-data: "mail.unix.net. 86400 IN A 192.168.3.2"

        #local-data: "unix.net. 86400 IN MX 10 mail.unix.net."

        #local-data: "unix.net. 86400 IN TXT v=spf1 a mx ~all"

        local-zone: "192.168.3.in-addr.arpa." static

        local-data: "192.168.3.in-addr.arpa. 10800 IN NS unix.net."

        local-data: "192.168.3.in-addr.arpa. 10800 IN SOA unix.net. hostmaster.unix.net. 4 3600 1200 604800 864000"

        local-data: "2.3.168.192.in-addr.arpa. 10800 IN PTR unix.net."

        forward-zone:

        name: "."

     forward-addr: 202.134.1.10 #surabaya

      forward-addr: 202.134.1.5 #surabaya sec

     forward-addr: 180.131.144.144 #nawala

        forward-addr: 125.160.2.34

        forward-addr: 8.8.8.8 #google

#     forward-addr: 208.67.222.222 #opendns

      remote-control:

        control-enable: yes

        control-interface: 127.0.0.1

        control-port: 953

        server-key-file: "/usr/local/etc/unbound/unbound_server.key"

        server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"

        control-key-file: "/usr/local/etc/unbound/unbound_control.key"

        control-cert-file: "/usr/local/etc/unbound/unbound_control.pem" 

sumber copas edit

http://nst.web.id/2012/05/05/install-unbound-freebsd.php

Install Lusca Proxy Server in FreeBSD 9

proxy# pkg_add -rv perl subversion autotools squidstats ccze

Let the server finish the package installation, once the installation completed, let’s download the script update-lusca.sh to use the latest version of Lusca that available through SVN trunks. But if you would like to use the stable version, just skip this step.

proxy# svn checkout http://lusca-cache.googlecode.com/svn/branches/LUSCA_HEAD/ lusca-cache-read-only
Checked out revision 14942
proxy# cd lusca-cache-read-only
proxy# fetch http://simplyeko.com/newlusca/update-lusca.sh
proxy# chmod +x update-lusca.sh
proxy# ee update-lusca.sh

find the line below

WORKDIR=/root/lusca
RELVER=r14942
#RELVER=$1

Change RELVER value with the latest version number after you run “svn checkout” like the command above. If you find the higher version as per article , please change the value RELVER. Afterward, let’s run update-lusca script than continue to compile the Lusca.

—-
proxy# ./update-lusca.sh
proxy# cd /root/lusca/LUSCA-HEAD-rr14942

proxy# ./configure --bindir=/usr/local/sbin --sbindir=/usr/local/sbin --datadir=/usr/local/etc/squid --libexecdir=/usr/local/libexec/squid --localstatedir=/usr/local/squid --sysconfdir=/usr/local/etc/squid --enable-removal-policies=heap --disable-linux-netfilter --enable-arp-acl --disable-linux-tproxy --disable-epoll --disable-auth --disable-unlinkd --disable-htcp --with-maxfd=131072 --disable-wccpv2 --with-pthreads --enable-storeio=aufs,coss,null --disable-delay-pools --enable-snmp --disable-wccp --disable-ident-lookups --disable-pf-transparent --with-large-files --enable-large-cache-files --enable-err-languages=English --enable-default-err-language=English --prefix=/usr/local --mandir=/usr/local/man --infodir=/usr/local/info/
proxy# make clean && make && make install && rehash
proxy# touch /var/log/squid/access.log
proxy# touch /var/log/squid/cache.log
proxy# chown -R squid:squid /var/log/squid/*
proxy# chown -R squid:squid /cache*
—

Modify squid.conf that located in directory /usr/local/etc/squid to match with your existing network and cache directory you located. If found no problem let’s download additional file support like storeurl.pl, refresh conf, and tunning.conf. Those 3 conf files reflect in your squid.conf file, please read carefully your squid.conf file if you would like to change the location of 3 additional support file.

proxy# cd /usr/local/etc/squid/
proxy# fetch http://simplyeko.com/newlusca/squid.conf
proxy# fetch http://simplyeko.com/newlusca/storeurl.txt
proxy# mv storeurl.txt storeurl.pl
proxy# chmod +x storeurl.pl
proxy# fetch http://simplyeko.com/newlusca/refresh.conf
proxy# fetch http://simplyeko.com/newlusca/tunning.conf

Now download script to start/stop/restart Lusca, just fetch the file in directory /usr/local/etc/rc.d/

proxy# cd /usr/local/etc/rc.d/
proxy# fetch http://simplyeko.com/newlusca/squid
proxy# chmod +x squid

Now Lusca Proxy Server ready to serve the client,

proxy# squid -z
proxy# service squid start

If found no problem on your installation and configuration, you will find the squid process in your system by typing following command;

proxy# sockstat -4
proxy# ps -aux | grep squid

http://simplyeko.com/install-lusca-proxy-server-in-freebsd-9.html

How To Install NANO Editor on FreeBSD

This is a quick tutorial on how to install Nano Editor on FreeBSD UNIX. If you got used to pico or nano editor and just installed FreeBSD, in my example FreeBSD 8.2 – RELEASE version, you will find out that if you try to run nano you will get an error that it’s not found.

Make sure you are logged in as root and follow these few steps to install nano and make it work.

portsnap fetch update
cd /usr/ports/editors/nano
make install clean
ln -s /usr/local/bin/nano /usr/bin/nano

If you are using a non-default installation such as the one on Amazon AWS, it might not have the /usr/ports folder, you can just run “portsnap fetch extract update” and try the above steps again or download the package (port) directly:

pkg_add -r nano
ln -s /usr/local/bin/nano /usr/bin/nano

http://sdkit.com/tutorial/how-to-install-nano-editor-on-freebsd/

Remove Webmin Software

http://www.cyberciti.biz/faq/linux-unix-freebsd-rhel-debian-delete-webmin/

Type the following command to remove webmin under FreeBSD operating system:
# cd /usr/ports/sysutils/webmin
# make deinstall clean
OR use pkg_delete command:
# pkg_delete webmin

Install webmin

http://www.cyberciti.biz/faq/freebsd-installing-webmin/

To install webmin, update your ports, enter:
# portsnap fetch update
Install webmin from /usr/ports/sysutils/webmin, enter:
# cd /usr/ports/sysutils/webmin
# make install clean

Configure webmin

Now, webmin is installed. Start webmin on startup, enter:
# vi /etc/rc.conf
Append following line:
webmin_enable="YES"
Save and close the file. You need to run /usr/local/lib/webmin/setup.sh script in order to setup the various config files, enter:
# /usr/local/lib/webmin/setup.sh
Sample output:

***********************************************************************
*            Welcome to the Webmin setup script, version 1.420        *
***********************************************************************
Webmin is a web-based interface that allows Unix-like operating
systems and common Unix services to be easily administered.
Installing Webmin in /usr/local/lib/webmin ...
***********************************************************************
Webmin uses separate directories for configuration files and log files.
Unless you want to run multiple versions of Webmin at the same time
you can just accept the defaults.
Log file directory [/var/log/webmin]: [Press Enter]
***********************************************************************
Webmin is written entirely in Perl. Please enter the full path to the
Perl 5 interpreter on your system.
Full path to perl (default /usr/bin/perl):  [Press Enter]
Testing Perl ...
Perl seems to be installed ok
***********************************************************************
Operating system name:    FreeBSD
Operating system version: 7.0
***********************************************************************
Webmin uses its own password protected web server to provide access
to the administration programs. The setup script needs to know :
 - What port to run the web server on. There must not be another
   web server already using this port.
 - The login name required to access the web server.
 - The password required to access the web server.
 - If the webserver should use SSL (if your system supports it).
 - Whether to start webmin at boot time.
Web server port (default 10000):  [Press Enter]
Login name (default admin):  [Press Enter]
Login password: [type password]
Password again:
Use SSL (y/n): y
***********************************************************************
Creating web server config files..
..done
Creating access control file..
..done
Creating start and stop scripts..
..done
Copying config files..
..done
Changing ownership and permissions ..
..done
Running postinstall scripts ..
..done

How do I view webmin?

Fire a webbrowser and enter url:
https://your-domain.com:10000/
OR
https://your-server-ip:10000/