Niamweb

Bikin scheduler sekitar 1 menit untuk mengecek kondisi DNS server ISP apakah On atau Down, jika down maka akan dialihkan ke DNS public, jika On maka akan diset untuk menggunakan DNS ISP. Berikut script untuk dipasang pada scheduler mikrotik  :do {     [:resolve dnstest.domain.net.id server="103.1.1.1"];     :if ([/ip dns get server] != "103.1.1.1") do={         /ip dns set servers="103.1.1.1"         /ip fire nat set [find comment=dns] disable=no         :log warning "update to Internal DNS"     } } on-error={     /ip dns set servers=8.8.8.8,8.8.4.4     /ip fire nat set [find comment=dns] disable=yes     :log warning "update to public DNS"     }  Pakai DNS ISP /ip firewall nat add action=dst-nat chain=dstnat comment=dns dst-port=53 protocol=udp to-addresses=103.1.1.1 add action=dst-nat chain=dstnat comment=dns dst-port=53 protocol=tcp to-addresses=103.1.1.1 Atau diredirect untuk pakai DNS Mikrotik  /ip firewall nat add action=redirect c

semua halaman diarahkan ke index.html server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html; server_name _; location / { try_files $uri $uri/ =404; } error_page 404 /index.html; error_page 500 502 503 504 /index.html; location = /index.html { root /var/www/html; internal; } } server { root /var/www/html; index index.html;     server_name _; location / { try_files $uri $uri/ =404; }     error_page 404 /index.html;     error_page 500 502 503 504 /index.html;     location = /index.html {         root /var/www/html;         internal;     }     listen [::]:443 ssl ipv6only=on;     listen 443 ssl;     ssl_certificate /etc/letsencrypt/live/blocked.domain.net.id/fullchain.pem;     ssl_certificate_key /etc/letsencrypt/live/blocked.domain.net.id/privkey.pem;     include /etc/letsencrypt/options-ssl-nginx.conf;     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; }

 ini artinya conntrack_max sudah full, solusinya bisa dinaikkan nilainya dengan konsekwensi pemakaian RAM bertambah, atau bisa dimatikan saja trackingnya dengan cara berikut ini: configure set system conntrack ignore rule 10 description "stateless firewall" set system conntrack ignore rule 10 protocol all commit save exit referensi: https://support.vyos.io/en/support/solutions/articles/103000096273-system-optimization https://community.ui.com/questions/Disable-the-ability-for-the-nfconntrack-table-to-become-full/8897cb01-70fd-489f-8cef-00e0af90a21b