Melimit Download Client Warnet, Dengan “Firewall Layer7 Protocols” MikroTik.
Cara ini digunakan untuk melimit bandwidth berdasarkan jenis file
sehingga tidak akan menganngu browser. Misalnya membatasi download video
streaming You Tube dan file-file yang berekstension
exe,flv,zip,rar,mp3,mp4,3gp dan lain lain.
Langkah-langkahnya sebagai berikut :
Sumber Praktek Disini
Langkah-langkahnya sebagai berikut :
- Masuk ke WinBox ---->Klik “IP” ---->Klik “Firewall” ----> Klik “+” ----> “Layer7 Protocols”.
- Masukkan Name=http-video dan RegeXp=http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
- Buka WinBox, klik “New Terminal”
- Copy dan pastekan script dibawah ini
ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" \
regexp="\\.(exe)"
ip firewall layer7-protocol add comment="" name="Extension \
\" .rar \"" regexp="\\.(rar)"
ip firewall layer7-protocol add comment="" \
name="Extension \" .zip \"" regexp="\\.(zip)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .cab \"" \
regexp=\\.(cab)
ip firewall layer7-protocol add comment="" name="Extension \
\" .asf \"" regexp="\\.(asf)"
ip firewall layer7-protocol add comment="" \
name="Extension \" .mov \"" regexp="\\.(mov)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"\
ip firewall
layer7-protocol add comment="" name="Extension \" .mpg \"" \
regexp="\\.(mpg)"
ip firewall layer7-protocol add comment="" name="Extension \
\" .mpeg \"" regexp="\\.(mpeg)"
ip firewall layer7-protocol add comment="" \
name="Extension \" .mkv \"" regexp="\\.(mkv)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .avi \"" regexp="\\.(avi)"\
ip firewall \
layer7-protocol add comment="" name="Extension \" .flv \"" \
regexp="\\.(flv)"
ip firewall layer7-protocol add comment="" name="Extension \
\" .wav \"" regexp="\\.(wav)"
ip firewall layer7-protocol add comment="" \
name="Extension \" .rm \"" regexp="\\.(rm)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .mp4 \"" \
regexp="\\.(mp4)"
ip firewall layer7-protocol add comment="" name="Extension \
\" .ram \"" regexp="\\.(ram)"\
ip firewall layer7-protocol add comment="" \
name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
ip firewall layer7-protocol \
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .daa \"" \
regexp="\\.(daa)"
ip firewall layer7-protocol add comment="" name="Extension \
\" .iso \"" regexp="\\.(iso)"
ip firewall layer7-protocol add comment="" \
name="Extension \" .nrg \"" regexp="\\.(nrg)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .vcd \"" regexp=\\.(vcd)
- Masih di “New Terminal”. Tambahkan mangle, copy dan pastekan script dibawah ini
/ip firewall mangle add action=mark-packet chain=prerouting comment="http-video \
mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video \
passthrough=no
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="7z DOWNS" disabled=no layer7-protocol="Extension \" \
.7z \"" new-connection-mark="7z DOWNS" passthrough=yes protocol=tcp\
/ip \
firewall mangle add action=mark-packet chain=postrouting comment="" \
connection-mark="7z DOWNS" disabled=no new-packet-mark=7z passthrough=no \
protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting \
comment="asf DOWNS" disabled=no layer7-protocol="Extension \" .asf \"" \
new-connection-mark="asf DOWNS" passthrough=yes protocol=tcp
/ip firewall \
mangle add action=mark-packet chain=postrouting comment="" connection-mark="asf \
DOWNS" disabled=no new-packet-mark=asf passthrough=no protocol=tcp
/ip \
firewall mangle add action=mark-connection chain=prerouting comment="avi DOWNS" \
disabled=no layer7-protocol="Extension \" .avi \"" new-connection-mark="avi \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="avi DOWNS" \
disabled=no new-packet-mark=avi passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="bin DOWNS" \
disabled=no layer7-protocol="Extension \" .bin \"" new-connection-mark="bin \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="bin DOWNS" \
disabled=no new-packet-mark=bin passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="flv DOWNS" \
disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" \
disabled=no new-packet-mark=flv passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="iso DOWNS" \
disabled=no layer7-protocol="Extension \" .iso \"" new-connection-mark="iso \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark= "iso DOWNS" \
disabled=no new-packet-mark=iso passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mkv DOWNS" \
disabled=no layer7-protocol="Extension \" .mkv \"" new-connection-mark="mkv \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mkv DOWNS" \
disabled=no new-packet-mark=mkv passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="exe DOWNS" \
disabled=no layer7-protocol="Extension \" .exe \"" new-connection-mark="exe \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="exe DOWNS" \
disabled=no new-packet-mark=exe passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mov DOWNS" \
disabled=no layer7-protocol="Extension \" .mov \"" new-connection-mark="mov \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mov DOWNS" \
disabled=no new-packet-mark=mov passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mp3 DOWNS" \
disabled=no layer7-protocol="Extension \" .mp3 \"" new-connection-mark="mp3 \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mp3 DOWNS" \
disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mp4 DOWNS" \
disabled=no layer7-protocol="Extension \" .mp4 \"" new-connection-mark="mp4 \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mp4 DOWNS" \
disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mpeg DOWNS" \
disabled=no layer7-protocol="Extension \" .mpeg \"" new-connection-mark="mpeg \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mpeg DOWNS" \
disabled=no new-packet-mark=mpeg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mpg DOWNS" \
disabled=no layer7-protocol="Extension \" .mpg \"" new-connection-mark="mpg \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mpg DOWNS" \
disabled=no new-packet-mark=mpg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="nrg DOWNS" \
disabled=no layer7-protocol="Extension \" .nrg \"" new-connection-mark="nrg \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="nrg DOWNS" \
disabled=no new-packet-mark=nrg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="ram DOWNS" \
disabled=no layer7-protocol="Extension \" .ram \"" new-connection-mark="ram \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="ram DOWNS" \
disabled=no new-packet-mark=ram passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="rar DOWNS" \
disabled=no layer7-protocol="Extension \" .rar \"" new-connection-mark="rar \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="rar DOWNS" \
disabled=no new-packet-mark=rar passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="rm DOWNS" \
disabled=no layer7-protocol="Extension \" .rm \"" new-connection-mark="rm DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="rm DOWNS" disabled=no \
new-packet-mark=rm passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="rmvb DOWNS" disabled=no \
layer7-protocol="Extension \" .rmvb \"" new-connection-mark="rmvb DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="rmvb DOWNS" disabled=no \
new-packet-mark=rmvb passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wav DOWNS" disabled=no \
layer7-protocol="Extension \" .wav \"" new-connection-mark="wav DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wav DOWNS" disabled=no \
new-packet-mark=wav passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wma DOWNS" disabled=no \
layer7-protocol="Extension \" .wma \"" new-connection-mark="wma DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wma DOWNS" disabled=no \
new-packet-mark=wma passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wmv DOWNS" disabled=no \
layer7-protocol="Extension \" .wmv \"" new-connection-mark="wmv DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wmv DOWNS" disabled=no \
new-packet-mark=wmv passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="zip DOWNS" disabled=no \
layer7-protocol="Extension \" .zip \"" new-connection-mark="zip DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="zip DOWNS" disabled=no \
new-packet-mark=zip passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no \
layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes \
protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting \
comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="daa DOWNS" disabled=no layer7-protocol="Extension \" \
.daa \"" new-connection-mark="daa DOWNS" passthrough=yes protocol=tcp
/ip \
firewall mangle add action=mark-packet chain=postrouting comment="" \
connection-mark="daa DOWNS" disabled=no new-packet-mark=daa passthrough=no \
protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting \
comment="dat DOWNS" disabled=no layer7-protocol="Extension \" .dat \"" \
new-connection-mark="dat DOWNS" passthrough=yes protocol=tcp
/ip firewall \
mangle add action=mark-packet chain=postrouting comment="" connection-mark="dat \
DOWNS" disabled=no new-packet-mark=dat passthrough=no protocol=tcp
/ip \
firewall mangle add action=mark-connection chain=prerouting comment="vcd DOWNS" \
disabled=no layer7-protocol="Extension \" .vcd \"" new-connection-mark="vcd \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="vcd DOWNS" \
disabled=no new-packet-mark=vcd passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="cab DOWNS" \
disabled=no layer7-protocol="Extension \" .cab \"" new-connection-mark="cab \
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="cab DOWNS" \
disabled=no new-packet-mark=cab passthrough=no protocol=tcp
- Jangan beranjak dari “New Terminal” WinBox. Berikan limit untuk download (sesuaikan dengan besar bandwidth dari ISP). Dalam contoh ini adalah 32kb, jadi besar downloadnya 8kb. Copy dan pastekan script dibawah ini.
/queue simple add name="youtube" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=http-video direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=100k/100k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="exe" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=exe direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rar" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rar \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="zip" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=zip direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="7z" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=7z \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="cab" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=cab direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="asf" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=asf \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mov" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mov direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="wmv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wmv \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mpg" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mpg direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="mpeg" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=mpeg direction=both priority=8 queue=default-small/default-small \
limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 \
burst-time=0s/0s total-queue=default-small
/queue simple add name="mkv" \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mkv direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="avi" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=avi direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="flv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=flv \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="wav" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=wav direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rm" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rm \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mp3" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mp3 direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="mp4" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp4 \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="ram" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=ram direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rmvb" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=rmvb direction=both priority=8 queue=default-small/default-small \
limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 \
burst-time=0s/0s total-queue=default-small
/queue simple add name="dat" \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=dat direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="daa" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=daa direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="iso" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=iso\
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="nrg" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=nrg direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="bin" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=bin \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="vcd" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=vcd direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
- Hasilnya akan seperti ini
- Ok.. Selamat Mencoba
- Coba juga memasukkan script diatas dengan menggunakan perintah WinBox dengan mengikuti alur dari script tersebut.
Sumber Praktek Disini