1. Masukkan ekstensi file di Layer 7 agar tertangkap oleh router ketika melewatinya
/ip firewall layer7-protocol
/ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
/ip firewall layer7-protocol add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
/ip firewall layer7-protocol add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
/ip firewall layer7-protocol add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
/ip firewall layer7-protocol add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
/ip firewall layer7-protocol add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
/ip firewall layer7-protocol add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
/ip firewall layer7-protocol add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
/ip firewall layer7-protocol add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
/ip firewall layer7-protocol add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
/ip firewall layer7-protocol add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
/ip firewall layer7-protocol add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
/ip firewall layer7-protocol add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
/ip firewall layer7-protocol add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
/ip firewall layer7-protocol add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"
2. Set IP jaringan di Address List pada Firewall
1.1.1.1 = ip public
2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass ”
3.3.0.0/24 = range ip jaringan lokal
Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass ”
/ip firewall address-list
/ip firewall address-list add address=192.168.1.2/24 comment="" disabled=no list=bypass
/ip firewall address-list add address=192.168.1.254 comment="" disabled=no list=bypass
/ip firewall address-list add address=192.168.1.254 comment="" disabled=no list=skip_content_download
/ip firewall address-list add address=192.168.2.0/24 comment="" disabled=no list=skip_content_download
3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik
/ip firewall filter
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp
4. Set Mangle di Mikrotik
/ip firewall mangle
/ip firewall mangle add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
/ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
/ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
5. Set PCQ dan Queue
/queue type
/queue type add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
/queue type add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li
/queue tree
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.
Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.
Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall
/ip firewall filter
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .exe \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .3gp \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .7z \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp
Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.
/ip firewall layer7-protocol
/ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
/ip firewall layer7-protocol add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
/ip firewall layer7-protocol add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
/ip firewall layer7-protocol add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
/ip firewall layer7-protocol add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
/ip firewall layer7-protocol add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
/ip firewall layer7-protocol add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
/ip firewall layer7-protocol add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
/ip firewall layer7-protocol add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
/ip firewall layer7-protocol add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
/ip firewall layer7-protocol add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
/ip firewall layer7-protocol add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
/ip firewall layer7-protocol add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
/ip firewall layer7-protocol add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
/ip firewall layer7-protocol add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
/ip firewall layer7-protocol add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
/ip firewall layer7-protocol add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
/ip firewall layer7-protocol add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
/ip firewall layer7-protocol add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
/ip firewall layer7-protocol add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"
2. Set IP jaringan di Address List pada Firewall
1.1.1.1 = ip public
2.2.2.2 = ip mikrotik / ip webproxy (jika menggunakan webproxy external berarti harus ditambahkan ipnya di list ” bypass ”
3.3.0.0/24 = range ip jaringan lokal
Jangan lupa untuk memasukkan IP Public, IP Mikrotik atau IP Webproxy ke dalam list ” bypass ”
/ip firewall address-list
/ip firewall address-list add address=192.168.1.2/24 comment="" disabled=no list=bypass
/ip firewall address-list add address=192.168.1.254 comment="" disabled=no list=bypass
/ip firewall address-list add address=192.168.1.254 comment="" disabled=no list=skip_content_download
/ip firewall address-list add address=192.168.2.0/24 comment="" disabled=no list=skip_content_download
3. Pasang Filter di Firewall untuk menjaring ekstensi yang sedang didownload yang melalui Router Mikrotik
/ip firewall filter
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp
/ip firewall filter add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
!skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp
4. Set Mangle di Mikrotik
/ip firewall mangle
/ip firewall mangle add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
/ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
/ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no
5. Set PCQ dan Queue
/queue type
/queue type add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
/queue type add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-li
/queue tree
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down
Kalau aku sendiri cukup menggunakan Simple Queue dengan masing2 Connection Mark adalah ” Paket_Browsing ” dan ” Paket_Download ” dan terbukti ampuh juga.
Sampai disini langkah untuk membatasi Download sudah selesai …… silahkan cek paket2 yang melalui mangle apakah sudah berjalan.
Sebagai tambahan, seandainya cukup terganggu dengan pengguna IDM … bisa memasukkan perintah berikut pada Firewall
/ip firewall filter
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .exe \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .3gp \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=local layer7-protocol="Extension \" .7z \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp
/ip firewall filter add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp
Mungkin cukup segitu dulu tutorialnya, maaf kalo agak BASBANG …. semoga bermanfaat.
Mikrotik, Limit Download Dengan Layer 7