Mikrotik, Limit Download Dengan Layer 7

In Mikrotik 2623 views

Mikrotik, Limit Download Dengan Layer 7

Pusing dengan user yang download file dengan kapasitas besar sehingga mengganggu kenyamanan browsing, berikut cara untuk membatasi download dengan Layer 7 :

1. Masukkan ekstensi file di Layer 7 agar tertangkap oleh router ketika melewatinya

/ip firewall layer7-protocol
add comment="" name="Extension " .exe "" regexp=".(exe)"
add comment="" name="Extension " .rar "" regexp=".(rar)"
add comment="" name="Extension " .zip "" regexp=".(zip)"
add comment="" name="Extension " .7z "" regexp=".(7z)"
add comment="" name="Extension " .cab "" regexp=".(cab)"
add comment="" name="Extension " .asf "" regexp=".(asf)"
add comment="" name="Extension " .mov "" regexp=".(mov)"
add comment="" name="Extension " .wmv "" regexp=".(wmv)"
add comment="" name="Extension " .mpg "" regexp=".(mpg)"
add comment="" name="Extension " .mpeg "" regexp=".(mpeg)"
add comment="" name="Extension " .mkv "" regexp=".(mkv)"
add comment="" name="Extension " .avi "" regexp=".(avi)"
add comment="" name="Extension " .flv "" regexp=".(flv)"
add comment="" name="Extension " .pdf "" regexp=".(pdf)"
add comment="" name="Extension " .wav "" regexp=".(wav)"
add comment="" name="Extension " .rm "" regexp=".(rm)"
add comment="" name="Extension " .mp3 "" regexp=".(mp3)"
add comment="" name="Extension " .mp4 "" regexp=".(mp4)"
add comment="" name="Extension " .ram "" regexp=".(ram)"
add comment="" name="Extension " .rmvb "" regexp=".(rmvb)"
add comment="" name="Extension " .dat "" regexp=".(dat)"
add comment="" name="Extension " .daa "" regexp=".(daa)"
add comment="" name="Extension " .iso "" regexp=".(iso)"
add comment="" name="Extension " .nrg "" regexp=".(nrg)"
add comment="" name="Extension " .bin "" regexp=".(bin)"
add comment="" name="Extension " .vcd "" regexp=".(vcd)"
add comment="" name="Extension " .mp2 "" regexp=".(mp2)"
add comment="" name="Extension " .3gp "" regexp=".(3gp)"
add comment="" name="Extension " .mpe "" regexp=".(mpe)"
add comment="" name="Extension " .qt "" regexp=".(qt)"
add comment="" name="Extension " .raw "" regexp=".(raw)"
add comment="" name="Extension " .wma "" regexp=".(wma)"
add comment="" name="Extension " .ogg "" regexp=".(ogg)"
add comment="" name="Extension " .doc "" regexp=".(doc)"

2. Set IP jaringan di Address List pada Firewall

/ip firewall address-list
add address=1.1.1.1 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=skip_content_download
add address=3.3.0.0/24 comment="" disabled=no list=skip_content_download

1.1.1.1 = ip public

2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass ”

3.3.0.0/24 = range ip jaringan lokal

Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass ”

3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik

/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp3 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .avi "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .flv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .iso "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .pdf "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpeg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .exe "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rar "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .zip "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp4 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp2 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .3gp "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mov "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpe "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .qt "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .ram "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rm "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .raw "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wav "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wmv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wma "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .ogg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .doc "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .7z "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .asf "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .bin "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .cab "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .daa "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .dat "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mkv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .nrg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rmvb "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .vcd "" protocol=tcp

4. Set Mangle di Mikrotik

/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=
    Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=
    Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download 
    passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes 
    protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing 
    passthrough=no

5. Set PCQ dan Queue

/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 
    queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN 
    priority=8 queue=pcq-down

Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.

Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.

Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall

/ip firewall filter
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .exe "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .3gp "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .7z "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .asf "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .avi "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .bin "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .cab "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .daa "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .dat "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .doc "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .flv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .iso "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mkv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mov "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp2 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp3 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp4 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpe "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpeg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .nrg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .ogg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .pdf "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .qt "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .ram "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rar "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .raw "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rm "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rmvb "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .vcd "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wav "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wma "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wmv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .zip "" protocol=tcp

Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.

Baca juga : limit download idmLimit Youtube dan Download File di Mikrotik part 2

Related Search

Tags: #LOCAL

Mikrotik Duckdns.org Update (New Script)
Mikrotik Duckdns.org Update (New Script)
Entah kenapa script untuk update Dynamic IP
Setup Storage Path The Dude di RB750G r3
Setup Storage Path The Dude di RB750G r3
The Dude merupakan tool yang cukup penting
Cara Membuat Certificates di MikroTik
Cara Membuat Certificates di MikroTik
Certificates yang dibuat pada Mikrotik ini dapat

Top