4C:5E:0C:AA:A8:8B -------------------------------------------------------------------- /tool sniffer interface=ether1 file-name=sniffer_log.pcap -------------------------------------------------------------------------- /tool sniffer quick interface=ether1 ------------------------------------------------] /tool torch interface=ether1 ----------------------------------------------- /tool sniffer interface=ether1 /tool sniffer quick interface=ether1 ------------------------------------------------- /interface monitor-traffic ether1 ----------------------------------------------- /tool sniffer interface=ether3 direction=rx-only ------------------------------------------ :global prevRxPackets :global prevTxPackets :global prevRxBytes :global prevTxBytes :local interface "ether3" :set prevRxPackets [/interface get $interface value-name=rx-packets] :set prevTxPackets [/interface get $interface value-name=tx-packets] :set prevRxBytes [/interface get $interface value-name=rx-bytes] :set prevTxBytes [/interface get $interface value-name=tx-bytes] :while (true) do={ :local currRxPackets [/interface get $interface value-name=rx-packets] :local currTxPackets [/interface get $interface value-name=tx-packets] :local currRxBytes [/interface get $interface value-name=rx-bytes] :local currTxBytes [/interface get $interface value-name=tx-bytes] :local rxPacketsDiff ($currRxPackets - $prevRxPackets) :local txPacketsDiff ($currTxPackets - $prevTxPackets) :local rxBytesDiff ($currRxBytes - $prevRxBytes) :local txBytesDiff ($currTxBytes - $prevTxBytes) :log info ("Interface $interface - RX: $rxPacketsDiff packets ($rxBytesDiff bytes) | TX: $txPacketsDiff packets ($txBytesDiff bytes)") :set prevRxPackets $currRxPackets :set prevTxPackets $currTxPackets :set prevRxBytes $currRxBytes :set prevTxBytes $currTxBytes :delay 5s } ------------------------------------------------- :local interface "ether3" :local threshold 1000000 ;# 1Mbps :while (true) do={ :local rxRate [/interface monitor-traffic $interface once as-value]->"rx-bits-per-second" :local txRate [/interface monitor-traffic $interface once as-value]->"tx-bits-per-second" :if ($rxRate > $threshold) do={ :log warning ("High RX traffic detected on $interface: " . ($rxRate/1000000) . " Mbps") } :if ($txRate > $threshold) do={ :log warning ("High TX traffic detected on $interface: " . ($txRate/1000000) . " Mbps") } :delay 5s } ------------------------------------------------------ /tool fetch url="http://www.ipdeny.com/ipblocks/data/countries/ir.zone" dst-path=iran-ips.txt /ip firewall address-list remove [find list=iran-ips] :do { /ip firewall address-list add list=iran-ips address=[:pick $line 0 [:find $line "/"]] } on-error={} file=iran-ips.txt :global updateIranIPs { /tool fetch url="http://www.ipdeny.com/ipblocks/data/countries/ir.zone" dst-path=iran-ips.txt; /ip firewall address-list remove [find list=iran-ips]; /import file-name=iran-ips.txt; /file remove iran-ips.txt; :log info "Iran IP list updated successfully"; } :schedule name=update-iran-ips interval=30d on-event=updateIranIPs :local interface "ether3" :local rx ([/interface get $interface value-name=rx-byte]) :local tx ([/interface get $interface value-name=tx-byte]) :log info ("Interface $interface - RX: $rx - TX: $tx")