download

Mikrotik, Limit Download Dengan Layer 7


Mikrotik, Limit Download Dengan Layer 7

Pusing dengan user yang download file dengan kapasitas besar sehingga mengganggu kenyamanan browsing, berikut cara untuk membatasi download dengan Layer 7 :

1. Masukkan ekstensi file di Layer 7 agar tertangkap oleh router ketika melewatinya

/ip firewall layer7-protocol
add comment="" name="Extension " .exe "" regexp="\.(exe)"
add comment="" name="Extension " .rar "" regexp="\.(rar)"
add comment="" name="Extension " .zip "" regexp="\.(zip)"
add comment="" name="Extension " .7z "" regexp="\.(7z)"
add comment="" name="Extension " .cab "" regexp="\.(cab)"
add comment="" name="Extension " .asf "" regexp="\.(asf)"
add comment="" name="Extension " .mov "" regexp="\.(mov)"
add comment="" name="Extension " .wmv "" regexp="\.(wmv)"
add comment="" name="Extension " .mpg "" regexp="\.(mpg)"
add comment="" name="Extension " .mpeg "" regexp="\.(mpeg)"
add comment="" name="Extension " .mkv "" regexp="\.(mkv)"
add comment="" name="Extension " .avi "" regexp="\.(avi)"
add comment="" name="Extension " .flv "" regexp="\.(flv)"
add comment="" name="Extension " .pdf "" regexp="\.(pdf)"
add comment="" name="Extension " .wav "" regexp="\.(wav)"
add comment="" name="Extension " .rm "" regexp="\.(rm)"
add comment="" name="Extension " .mp3 "" regexp="\.(mp3)"
add comment="" name="Extension " .mp4 "" regexp="\.(mp4)"
add comment="" name="Extension " .ram "" regexp="\.(ram)"
add comment="" name="Extension " .rmvb "" regexp="\.(rmvb)"
add comment="" name="Extension " .dat "" regexp="\.(dat)"
add comment="" name="Extension " .daa "" regexp="\.(daa)"
add comment="" name="Extension " .iso "" regexp="\.(iso)"
add comment="" name="Extension " .nrg "" regexp="\.(nrg)"
add comment="" name="Extension " .bin "" regexp="\.(bin)"
add comment="" name="Extension " .vcd "" regexp="\.(vcd)"
add comment="" name="Extension " .mp2 "" regexp="\.(mp2)"
add comment="" name="Extension " .3gp "" regexp="\.(3gp)"
add comment="" name="Extension " .mpe "" regexp="\.(mpe)"
add comment="" name="Extension " .qt "" regexp="\.(qt)"
add comment="" name="Extension " .raw "" regexp="\.(raw)"
add comment="" name="Extension " .wma "" regexp="\.(wma)"
add comment="" name="Extension " .ogg "" regexp="\.(ogg)"
add comment="" name="Extension " .doc "" regexp="\.(doc)"

2. Set IP jaringan di Address List pada Firewall

/ip firewall address-list
add address=1.1.1.1 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=bypass
add address=2.2.2.2 comment="" disabled=no list=skip_content_download
add address=3.3.0.0/24 comment="" disabled=no list=skip_content_download

1.1.1.1 = ip public

2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass “

3.3.0.0/24 = range ip jaringan lokal

Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass “

3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik

/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp3 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .avi "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .flv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .iso "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .pdf "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpeg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .exe "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rar "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .zip "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp4 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mp2 "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .3gp "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mov "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpe "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mpg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .qt "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .ram "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rm "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .raw "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wav "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wmv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .wma "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .ogg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .doc "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .7z "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .asf "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .bin "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .cab "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .daa "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .dat "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .mkv "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .nrg "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .rmvb "" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=
    !skip_content_download layer7-protocol="Extension " .vcd "" protocol=tcp

4. Set Mangle di Mikrotik

/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=
    Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=
    Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download 
    passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes 
    protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing 
    passthrough=no

5. Set PCQ dan Queue

/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 
    queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN 
    priority=8 queue=pcq-down

Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.

Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.

Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall

/ip firewall filter
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .exe "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .3gp "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .7z "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .asf "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .avi "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .bin "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .cab "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .daa "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .dat "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .doc "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .flv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .iso "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mkv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mov "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp2 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp3 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mp4 "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpe "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpeg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .mpg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .nrg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .ogg "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .pdf "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .qt "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .ram "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rar "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .raw "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rm "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .rmvb "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .vcd "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wav "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wma "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .wmv "" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension " .zip "" protocol=tcp

Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.

Baca juga : limit download idmLimit Youtube dan Download File di Mikrotik part 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s