Firefox n gnupg

I like roundcube webmail…
But there is no pgp plugin
I googled a little bit and found an trac entry that the developer of firegpg
is working for a plugin for roundcube
firegpg is a plugin for firefox which encrypts the data in a textfield with gnupg
It works fine with roundcube….
mark the content and then rightclick -> firegpg -> do singning or encrypt or blah

Have fun

Mikrotik QoS

Have got VoIPnMikrotik?
Need QoS?

/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=prio_in \
    passthrough=yes protocol=udp src-address=ipofyorsipprovider
add action=mark-packet chain=forward comment="" disabled=no dst-address=ipofyorsipprovider \
    new-packet-mark=prio_out passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=rest_up \
    packet-mark=!prio_out passthrough=yes src-address=lan/24
add action=mark-packet chain=forward comment="" disabled=no dst-address=lan/24 \
    new-packet-mark=rest_down packet-mark=!prio_in passthrough=yes
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=rest_up \
    passthrough=yes src-address=wlan/24
add action=mark-packet chain=forward comment="" disabled=no dst-address=wlan/24 \
    new-packet-mark=rest_down passthrough=yes

The packets need first matched by mangling to get into queue

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=4096k \
    name=download packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=\
    monitoring_in packet-mark=prio_in parent=download priority=1 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3800k \
    name=rest packet-mark=rest_down parent=download priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=4096k \
    name=upload packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=\
    monitoring_out packet-mark=prio_out parent=upload priority=1 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3800k \
    name=rest-up packet-mark=rest_up parent=upload priority=8 queue=synchronous-default

Yes I’ve got 4mbit sym @ home

Have fun

Mikrotik Packet Filter

Got Mikrotik?
Here is my config
Q: which guy needs vlans @ home
A: a guy with a summit24 :-) thanks to

/ip firewall filter export
add action=accept chain=in_vlan10 comment="" disabled=no dst-port=8291 protocol=tcp src-address-list=\
add action=accept chain=in_vlan10 comment="" disabled=no dst-port=21 protocol=tcp src-address-list=safe
add action=drop chain=in_vlan10 comment="" disabled=no dst-port=22 protocol=tcp src-address-list=\
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=2w chain=in_vlan10 \
    comment="" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=in_vlan10 \
    comment="" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=in_vlan10 \
    comment="" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=in_vlan10 \
    comment="" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=accept chain=in_vlan10 comment="" disabled=no dst-port=22 protocol=tcp
add action=accept chain=in_vlan10 comment="" disabled=no icmp-options=8:0-255 protocol=icmp
add action=accept chain=in_vlan10 comment="" connection-state=established disabled=no
add action=accept chain=in_vlan10 comment="" connection-state=related disabled=no
add action=log chain=in_vlan10 comment="" disabled=yes log-prefix=""
add action=drop chain=in_vlan10 comment="" disabled=no

Here ist my input chain of vlan10 (wan) with sshcrawler autoblacklister

add action=accept chain=in_vlan11 comment="" disabled=no dst-port=8291 protocol=tcp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no dst-port=80 protocol=tcp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no dst-port=22 protocol=tcp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no dst-port=21 protocol=tcp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no dst-port=53 protocol=udp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no dst-port=67 protocol=udp src-address-list=lan
add action=accept chain=in_vlan11 comment="" disabled=no icmp-options=8:0-255 protocol=icmp \
add action=accept chain=in_vlan11 comment="" connection-state=established disabled=no
add action=accept chain=in_vlan11 comment="" connection-state=related disabled=no
add action=log chain=in_vlan11 comment="" disabled=yes log-prefix=""
add action=drop chain=in_vlan11 comment="" disabled=no

Here my input chain of vlan11 my (lan)

add action=accept chain=in_vlan12 comment="" disabled=no icmp-options=8:0-255 protocol=icmp \
add action=accept chain=in_vlan12 comment="" connection-state=established disabled=no
add action=accept chain=in_vlan12 comment="" connection-state=related disabled=no
add action=log chain=in_vlan12 comment="" disabled=yes log-prefix=""
add action=drop chain=in_vlan12 comment="" disabled=no

Here my input chain of vlan12 (switch mgmt)

add action=accept chain=in_vlan13 comment="" disabled=no icmp-options=8:0-255 protocol=icmp \
add action=accept chain=in_vlan13 comment="" connection-state=established disabled=no
add action=accept chain=in_vlan13 comment="" connection-state=related disabled=no
add action=log chain=in_vlan13 comment="" disabled=yes log-prefix=""
add action=drop chain=in_vlan13 comment="" disabled=no

Here my input chain of vlan13 (wlan) “pwgen -s 60” for wpa key

add action=accept chain=forward_vlan11 comment="" disabled=no out-interface=vlan10 src-address-list=lan
add action=accept chain=forward_vlan11 comment="" disabled=no dst-port=xx \
    out-interface=vlan11 protocol=tcp src-address-list=safe
add action=accept chain=forward_vlan11 comment="" disabled=no dst-port=xxxx \
    out-interface=vlan11 protocol=tcp
add action=accept chain=forward_vlan11 comment="" connection-state=established disabled=no
add action=accept chain=forward_vlan11 comment="" connection-state=related disabled=no
add action=log chain=forward_vlan11 comment="" disabled=yes log-prefix=""
add action=drop chain=forward_vlan11 comment="" disabled=no

Here my forward chain for vlan11 (lan) with2 portforwards and out-interface vlan10
so no wlan client is able to get from vlan13 to vlan10 to vlan12 etc or reverse

add action=accept chain=forward_vlan12 comment="" disabled=no out-interface=vlan10 src-address-list=\
add action=accept chain=forward_vlan12 comment="" connection-state=established disabled=no
add action=accept chain=forward_vlan12 comment="" connection-state=related disabled=no
add action=log chain=forward_vlan12 comment="" disabled=yes log-prefix=""
add action=drop chain=forward_vlan12 comment="" disabled=no

Here my forward chain for vlan12 (switch mgmt) for ntpdate :-)

add action=accept chain=forward_vlan13 comment="" disabled=no out-interface=vlan10 src-address-list=\
add action=accept chain=forward_vlan13 comment="" connection-state=established disabled=no
add action=accept chain=forward_vlan13 comment="" connection-state=related disabled=no
add action=log chain=forward_vlan13 comment="" disabled=yes log-prefix=""
add action=drop chain=forward_vlan13 comment="" disabled=no

Here my forward chain for vlan13 (wlan)

add action=jump chain=input comment="" disabled=no in-interface=vlan10 jump-target=in_vlan10
add action=jump chain=input comment="" disabled=no in-interface=vlan11 jump-target=in_vlan11
add action=jump chain=input comment="" disabled=no in-interface=vlan12 jump-target=in_vlan12
add action=jump chain=input comment="" disabled=no in-interface=vlan13 jump-target=in_vlan13
add action=accept chain=input comment="" connection-state=established disabled=no
add action=accept chain=input comment="" connection-state=related disabled=no
add action=log chain=input comment="" disabled=yes log-prefix=""
add action=drop chain=input comment="" disabled=no

Here are the jumps to the input chains

add action=jump chain=forward comment="" disabled=no jump-target=forward_vlan11 src-address-list=lan
add action=jump chain=forward comment="" disabled=no dst-address-list=lan jump-target=forward_vlan11
add action=jump chain=forward comment="" disabled=no jump-target=forward_vlan12 src-address-list=vlan12
add action=jump chain=forward comment="" disabled=no jump-target=forward_vlan13 src-address-list=vlan13
add action=accept chain=forward comment="" connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=no
add action=log chain=forward comment="" disabled=yes log-prefix=""
add action=drop chain=forward comment="" disabled=no

Here are the jumps to the forward chains

/ip firewall nat export
add action=src-nat chain=srcnat comment="" disabled=no out-interface=vlan10 \
add action=src-nat chain=srcnat comment="" disabled=no out-interface=vlan10 \
add action=src-nat chain=srcnat comment="" disabled=no out-interface=vlan10 \
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=xxxx \
    protocol=tcp to-ports=xx
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=xxxx \
    protocol=tcp to-ports=xxxx

Here my nat table

Have fun

dovecot roundcube sieve filter


First of all you need dovecot version 1.1x

You need to activate the sieve plugin in roundcube

rcmail_config['plugins'] = array(managesieve);

Now activate sievesupport of dovecot

protocols = imap imaps managesieve
protocol managesieve {

plugin {
protocol lda {
  mail_plugins = quota cmusieve