Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Limiting Download File Extensions On Mikrotik

    Hochgeladen von

    wakuadratn
    3K Ansichten10 Seiten

    Originaltitel

    Limiting Download File Extensions on Mikrotik

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    3K Ansichten10 Seiten

    Limiting Download File Extensions On Mikrotik

    Hochgeladen von

    wakuadratn

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 10

    Limiting Download File Extensions on Mikrotik If you want immediately to practice limiting download file extensions on mikrotik, let's

    get started!

    1. Login to your Mikrotik WinBox, Click on IP>Firewall, select tab : Layer7 Protocols. Here we shall create the marking of file extensions variety. For more quickly, just copy the script to layer7 protocols below, and paste to the new terminal window! The script that must insert to Layer7 Protocols :

    /ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)" /ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)" /ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)" /ip firewall layer7-protocol add name="7z" regexp="\\.(7z)" /ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)" /ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)" /ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)" /ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)" /ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)" /ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)" /ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)" /ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)" /ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)" /ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)" /ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"

    /ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)" /ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)" /ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)" /ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)" /ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)" /ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)" /ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)" /ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)" /ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)" /ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"

    Just make sure the script that we just inserted, on the winbox main menu click on IP>Firewall, and then click on Layer7 Protocols tabs. On the Layer7 Protocols tab, you will have many type of file extensions in that. 2. On the firewall window, select tab: Mangle, here we shall create the mangle rule of the file extensions. For more quickly just click on New Terminal menu, copy the mangle script, right click on terminal window and paste therein!

    The mangle script that you have to insert :

    /ip firewall mangle add action=mark-packet chain=prerouting comment="EXE MARK PACKET " disabled=no layer7-protocol=EXE new-packet-mark=EXE passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="RAR MARK PACKET " disabled=no layer7-protocol=RAR new-packet-mark=RAR passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="ZIP MARK PACKET " disabled=no layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="7z MARK PACKET " disabled=no layer7-protocol=7z new-packet-mark=7z passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="CAB MARK PACKET " disabled=no layer7-protocol=CAB new-packet-mark=CAB passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="ASF MARK PACKET " disabled=no layer7-protocol=ASF new-packet-mark=ASF passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MOV MARK PACKET " disabled=no layer7-protocol=MOV new-packet-mark=MOV passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="WMV MARK PACKET " disabled=no layer7-protocol=WMV new-packet-mark=WMV passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MPG MARK PACKET " disabled=no layer7-protocol=MPG new-packet-mark=MPG passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MPEG MARK PACKET " disabled=no layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MKV MARK PACKET " disabled=no layer7-protocol=MKV new-packet-mark=MKV passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="AVI MARK PACKET " disabled=no layer7-protocol=AVI new-packet-mark=AVI passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="FLV MARK PACKET " disabled=no layer7-protocol=FLV new-packet-mark=FLV passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="WAV MARK PACKET " disabled=no layer7-protocol=WAV new-packet-mark=WAV passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="RM MARK PACKET " disabled=no layer7-protocol=RM new-packet-mark=RM passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MP3 MARK PACKET " disabled=no layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="MP4 MARK PACKET " disabled=no layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="RAM MARK PACKET " disabled=no layer7-protocol=RAM new-packet-mark=RAM passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="RMVB MARK PACKET " disabled=no layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="DAT MARK PACKET " disabled=no layer7-protocol=DAT new-packet-mark=DAT passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="DAA MARK PACKET " disabled=no layer7-protocol=DAA new-packet-mark=DAA passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="ISO MARK PACKET " disabled=no layer7-protocol=ISO new-packet-mark=ISO passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="NRG MARK PACKET " disabled=no layer7-protocol=NRG new-packet-mark=NRG passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="BIN MARK PACKET " disabled=no layer7-protocol=BIN new-packet-mark=BIN passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment="VCD MARK PACKET " disabled=no layer7-protocol=VCD new-packet-mark=VCD passthrough=no

    For make sure the script already make the mangle rule on firewall, on the main menu winbox click on IP>Firewall, and then click mangle tabs. On the mangle tab of the firewall, you will find many mangle rule inside according the number of file extensions.

    3. On the main menu click : Queues, Queue list will be shown. Select tab : Queue tree, here you will to create the queue tree rule for each file extensions. For more quickly just click the New Terminal on main menu, copy the queue tree script, right click on terminal window and paste therein!

    The queue tree script that you have to insert :

    /queue tree add name="LIMIT FILE EXTENTION" parent=global-out limit-at=0 priority=3 max-limit=210000 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="7z" parent="LIMIT FILE EXTENTION" packet-mark=7z limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 bursttime=0s /queue tree add name="ASF" parent="LIMIT FILE EXTENTION" packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="AVI" parent="LIMIT FILE EXTENTION" packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="BIN" parent="LIMIT FILE EXTENTION" packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="CAB" parent="LIMIT FILE EXTENTION" packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="DAA" parent="LIMIT FILE EXTENTION" packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="DAT" parent="LIMIT FILE EXTENTION" packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="EXE" parent="LIMIT FILE EXTENTION" packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="FLV" parent="LIMIT FILE EXTENTION" packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

    /queue tree add name="ISO" parent="LIMIT FILE EXTENTION" packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MKV" parent="LIMIT FILE EXTENTION" packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MOV" parent="LIMIT FILE EXTENTION" packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MP3" parent="LIMIT FILE EXTENTION" packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MP4" parent="LIMIT FILE EXTENTION" packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="MPG" parent="LIMIT FILE EXTENTION" packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="NRG" parent="LIMIT FILE EXTENTION" packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="RAM" parent="LIMIT FILE EXTENTION" packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="RAR" parent="LIMIT FILE EXTENTION" packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="RM" parent="LIMIT FILE EXTENTION" packet-mark=RM limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 bursttime=0s /queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="VCD" parent="LIMIT FILE EXTENTION" packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="WAV" parent="LIMIT FILE EXTENTION" packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s /queue tree add name="WMV" parent="LIMIT FILE EXTENTION" packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

    /queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

    Lets check the queue tree rules by click on Queue on the main menu, and the select the tab : queue tree. You will find many rules on the queue tree. You can adjust Limit value of File Extensions as you wish.

    Download any file from the internet, and the limit file extensions rule on the queue tree. This rule allow you to setup the limit speed on each file extensions. But the total bandwidth that will share depending on limit file extension as parent.

    Drop Koneksi Download IDM (Internet Download Manager) Di Mikrotik

    Anda bisa menambahkan rules di firewall mikrotik seperti ini, tetap menggunakan layer-7 filtering yang sebelumnya kita buat :

    /ip firewall filter add action=drop chain=forward connection-limit=4,32 in-interface=bridge-local \ layer7-protocol="Extension \" .zip\"" protocol=tcp

    Firewall tersebut membuat jika ada yang download file menggunakan IDM, akan di drop oleh mikrotik. Karena IDM menggunakan koneksi lebih dari 1, maka firewall tersebut akan drop IDM jika menggunakan 4 koneksi lebih dalam 1 file download (lihat connectionlimit=4,32). Script diatas diperhatikan in-interface sesuaikan port ether lokal Anda. ------------------------------------------------------------------------------------------------------melimit kecepatan download file di mikrotik lebih efektif menggunakan L7 Filtering, tapi membebani load router anda (jadi berat). -------------------------------------------------------------------------------------------------------

    Limit Youtube Video Streams on Mikrotik

    Here are the steps to Limit Youtube Video Stream on Mikrotik that i have done.

    1. Login to your Mikrotik WinBox, Click on IP>Firewall, picture below!

    select tab : Layer7 Protocols, and click on + button, will shown like the

    and then click Ok. You will have the new rule of Layer7 Protocols with the name streaming. You can add any other url video stream inside Regexp.

    ? 1 2

    /ip firewall layer7-protocol add comment="" name=streaming regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"

    Or

    ? 1 2

    /ip firewall layer7-protocol add comment="" name=streaming regexp="videoplayback|video"

    2. Still in firewall window, select tab : Mangle, here you will to create a new mangle rule. For more quickly just click on New Terminal menu, copy the mangle script, right click on terminal window and paste therein!

    The mangle script that you have to insert : ? 1 2 3 4 5

    /ip firewall mangle add action=mark-packet chain=prerouting \ comment="Mark Packet Streaming" disabled=no \ layer7-protocol=streaming new-packet-mark=streaming \

    passthrough=no

    3. On the winbox menu click : Queues, Queue list will be shown. Select tab : Queue tree, here you will to create a new queue rule for video streaming. For more quickly just click on New Terminal menu, copy the Queue Tree script, right click on terminal window and paste therein!

    The Queue tree script that you have to insert : ? 1 2 3 4

    /queue tree add name="streaming" parent=global-out \ packet-mark=streaming limit-at=0 queue=default \ priority=8 max-limit=128k burst-limit=0 \ burst-threshold=0 burst-time=0s You can change the value of the max-limit as you wish depending on the situation of client and total bandwidth that you have. This method is proven can be work, here I will show you the result!

    Play any video on youtube, it doesnt matter local or not about the video that you play.

    Das könnte Ihnen auch gefallen