Gallery

Cara Membatasi Bandwidth Download Client dengan Firewall layer7 Protocols Mikrotik

Written By ahmadkomputer on Minggu, 14 Agustus 2011 | 05.23

Kali ini kita akan belajar membatasi download berdasarkan extension file yang di download menggunakan Firewall Layer 7. File-file yang di limit adalah yang ber extension  exe,flv,zip,rar,mp3,mp4,3gp dan lain lain, bisa juga anda tambahkan sendiri. Lalu, bagaimana cara setting nya ?? Berikut ini cara nya :
Buka winbox kemudian klik “ip” kemudian klik “firewall” kemudian klik tanda “plus” warna merah kemudian klik “layer7 protocols”



isikan
Name=Limit Download (isi terserah anda)

RegeXp=http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
lalu Buka “New terminal” di winbox
Copykan dan paste kan  kode di bawah ini dan patekan di “New Terminal” winbox


ip firewall layer7-protocol add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
ip firewall layer7-protocol add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
lanjutkan paste kan script mangle berikut :
/ip firewall mangle add action=mark-packet chain=prerouting comment=”http-video mark-packet” disabled=no layer7-protocol=http-video new-packet-mark=http-video passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=”7z DOWNS” disabled=no layer7-protocol=”Extension \” .7z \”" new-connection-mark=”7z DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”7z DOWNS” disabled=no new-packet-mark=7z passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”asf DOWNS” disabled=no layer7-protocol=”Extension \” .asf \”" new-connection-mark=”asf DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”asf DOWNS” disabled=no new-packet-mark=asf passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”avi DOWNS” disabled=no layer7-protocol=”Extension \” .avi \”" new-connection-mark=”avi DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”avi DOWNS” disabled=no new-packet-mark=avi passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”bin DOWNS” disabled=no layer7-protocol=”Extension \” .bin \”" new-connection-mark=”bin DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”bin DOWNS” disabled=no new-packet-mark=bin passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”flv DOWNS” disabled=no layer7-protocol=”Extension \” .flv \”" new-connection-mark=”flv DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”flv DOWNS” disabled=no new-packet-mark=flv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”iso DOWNS” disabled=no layer7-protocol=”Extension \” .iso \”" new-connection-mark=”iso DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark= “iso DOWNS” disabled=no new-packet-mark=iso passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mkv DOWNS” disabled=no layer7-protocol=”Extension \” .mkv \”" new-connection-mark=”mkv DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mkv DOWNS” disabled=no new-packet-mark=mkv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”exe DOWNS” disabled=no layer7-protocol=”Extension \” .exe \”" new-connection-mark=”exe DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”exe DOWNS” disabled=no new-packet-mark=exe passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mov DOWNS” disabled=no layer7-protocol=”Extension \” .mov \”" new-connection-mark=”mov DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mov DOWNS” disabled=no new-packet-mark=mov passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mp3 DOWNS” disabled=no layer7-protocol=”Extension \” .mp3 \”" new-connection-mark=”mp3 DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mp3 DOWNS” disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mp4 DOWNS” disabled=no layer7-protocol=”Extension \” .mp4 \”" new-connection-mark=”mp4 DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mp4 DOWNS” disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mpeg DOWNS” disabled=no layer7-protocol=”Extension \” .mpeg \”" new-connection-mark=”mpeg DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mpeg DOWNS” disabled=no new-packet-mark=mpeg passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”mpg DOWNS” disabled=no layer7-protocol=”Extension \” .mpg \”" new-connection-mark=”mpg DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”mpg DOWNS” disabled=no new-packet-mark=mpg passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”nrg DOWNS” disabled=no layer7-protocol=”Extension \” .nrg \”" new-connection-mark=”nrg DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”nrg DOWNS” disabled=no new-packet-mark=nrg passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”ram DOWNS” disabled=no layer7-protocol=”Extension \” .ram \”" new-connection-mark=”ram DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”ram DOWNS” disabled=no new-packet-mark=ram passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”rar DOWNS” disabled=no layer7-protocol=”Extension \” .rar \”" new-connection-mark=”rar DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”rar DOWNS” disabled=no new-packet-mark=rar passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”rm DOWNS” disabled=no layer7-protocol=”Extension \” .rm \”" new-connection-mark=”rm DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”rm DOWNS” disabled=no new-packet-mark=rm passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”rmvb DOWNS” disabled=no layer7-protocol=”Extension \” .rmvb \”" new-connection-mark=”rmvb DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”rmvb DOWNS” disabled=no new-packet-mark=rmvb passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”wav DOWNS” disabled=no layer7-protocol=”Extension \” .wav \”" new-connection-mark=”wav DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”wav DOWNS” disabled=no new-packet-mark=wav passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”wma DOWNS” disabled=no layer7-protocol=”Extension \” .wma \”" new-connection-mark=”wma DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”wma DOWNS” disabled=no new-packet-mark=wma passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”wmv DOWNS” disabled=no layer7-protocol=”Extension \” .wmv \”" new-connection-mark=”wmv DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”wmv DOWNS” disabled=no new-packet-mark=wmv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”zip DOWNS” disabled=no layer7-protocol=”Extension \” .zip \”" new-connection-mark=”zip DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”zip DOWNS” disabled=no new-packet-mark=zip passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”youtube DOWNS” disabled=no layer7-protocol=”YouTube ” new-connection-mark=”youtube DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”youtube DOWNS” disabled=no new-packet-mark=youtube passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”daa DOWNS” disabled=no layer7-protocol=”Extension \” .daa \”" new-connection-mark=”daa DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”daa DOWNS” disabled=no new-packet-mark=daa passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”dat DOWNS” disabled=no layer7-protocol=”Extension \” .dat \”" new-connection-mark=”dat DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”dat DOWNS” disabled=no new-packet-mark=dat passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”vcd DOWNS” disabled=no layer7-protocol=”Extension \” .vcd \”" new-connection-mark=”vcd DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”vcd DOWNS” disabled=no new-packet-mark=vcd passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=”cab DOWNS” disabled=no layer7-protocol=”Extension \” .cab \”" new-connection-mark=”cab DOWNS” passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment=”" connection-mark=”cab DOWNS” disabled=no new-packet-mark=cab passthrough=no protocol=tcp
kemudian untuk limit nya di sini dibatasi hanya 32kB untuk limitnya berarti downloadnya hanya 8 KB perdetik,Jika anda menginginkan limit tambah silakan ganti sesuai dengan keinginan anda, misalnya 32k/32kanda gandi menjadi 64k/64k atau 128k/128k. Sesuaikan dengan Bandwitdh yang anda miliki. Copykan kode bawah ini dan patekan di “New Terminal” winbox.
queue simple add name=”youtube” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=http-video direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=100k/100k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”exe” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=exe direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”rar” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rar direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”zip” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=zip direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”7z” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=7z direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”cab” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=cab direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”asf” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=asf direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mov” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mov direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”wmv” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wmv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mpg” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mpg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mpeg” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mpeg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mkv” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mkv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”avi” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=avi direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”flv” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=flv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”wav” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wav direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”rm” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rm direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mp3″ dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp3 direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”mp4″ dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp4 direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”ram” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=ram direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”rmvb” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rmvb direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”dat” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=dat direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”daa” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=daa direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”iso” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=iso direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”nrg” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=nrg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”bin” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=bin direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name=”vcd” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=vcd direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
—————————————————————————————

Setelah anda selesai settingan anda coba download dengan menggunakan IDM atau Speed Downloader yang lain, kemudian anda cek speed download nya, cek juga di queue simple mikrotik anda….
Selamat Mencoba

Capture Hasil Settingan :

Setting Layer 7

Mangle


Queue Simple

Selamat mencoba….

Sumber: tamampapua.wordpress.com
Blog, Updated at: 05.23

1 comments:

Anonim mengatakan...

sudah di coba ? jalankah ? kalau youtube nya maksudnya gimana ? di layer7nya

layer7-protocol=”YouTube" --> input value salah katanya

MENERIMA ORDER E BOOK DALAM DVD SILAHKAN CALL 0852-1730-9068 (WA/LINE)

Diberdayakan oleh Blogger.

Facebook

Featured Post (Slider)

Tech Post

Ad Home

Combine

Horizontal

Vertical1

Vertical2

Gallery

Portfolio

Video Of Day

Recent Comments

Tech Post

Social Icons

Featured Slider

Scrolling box

Popular Posts

Popular Posts