Tuesday, 18 September 2012

Cara Membatasi Bandwidth Download Client dengan Firewall layer7 Protocols Di Mikrotik Router


Cara yang paling ampuh untuk.. membatasi Download atau limit Video di Router mikrotik adalah dengan Firewall Layer7 Protocols,yang paling hebatnya Dengan Firewall Layer7 protocols ini browsing tidak terlimit atau tidak terganggu,Soalnya saya hanya limit bandwidth berdasarkan Extension saja,Misalnya download exe,flv,zip,rar,mp3,mp4,3gp dan lain lain.
Bagi anda yang mempunyai warnet tentu tutorial ini sangat berguna,saya limit dengan 32Kb,berarti dengan kecepatan download sekitar 8 kb perdetik termasuk Video streaming...
Ok,sekarang kita mulai
  • Buka winbox kemudian klik "ip" kemudian klik "firewall" kemudian klik tanda "plus" warna merah kemudian klik "layer7 protocols"
  • isikan Name=http-video dan RegeXp=http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
    lihat gambar di bawah ini:
  • Buka "New terminal" di winbox
  • Copykan kode di bawah ini dan patekan di "New Terminal" winbox
ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" \
regexp="\\.(exe)"
ip firewall layer7-protocol add comment="" name="Extension \

\" .rar \"" regexp="\\.(rar)"

ip firewall layer7-protocol add comment="" \
name="Extension \" .zip \"" regexp="\\.(zip)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .cab \"" \
regexp=\\.(cab)
ip firewall layer7-protocol add comment="" name="Extension \

\" .asf \"" regexp="\\.(asf)"

ip firewall layer7-protocol add comment="" \
name="Extension \" .mov \"" regexp="\\.(mov)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"\
ip firewall
layer7-protocol add comment="" name="Extension \" .mpg \"" \
regexp="\\.(mpg)"
ip firewall layer7-protocol add comment="" name="Extension \

\" .mpeg \"" regexp="\\.(mpeg)"

ip firewall layer7-protocol add comment="" \
name="Extension \" .mkv \"" regexp="\\.(mkv)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .avi \"" regexp="\\.(avi)"\
ip firewall \
layer7-protocol add comment="" name="Extension \" .flv \"" \
regexp="\\.(flv)"
ip firewall layer7-protocol add comment="" name="Extension \

\" .wav \"" regexp="\\.(wav)"

ip firewall layer7-protocol add comment="" \
name="Extension \" .rm \"" regexp="\\.(rm)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .mp4 \"" \
regexp="\\.(mp4)"
ip firewall layer7-protocol add comment="" name="Extension \

\" .ram \"" regexp="\\.(ram)"\

ip firewall layer7-protocol add comment="" \
name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
ip firewall layer7-protocol \
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .daa \"" \
regexp="\\.(daa)"
ip firewall layer7-protocol add comment="" name="Extension \

\" .iso \"" regexp="\\.(iso)"

ip firewall layer7-protocol add comment="" \
name="Extension \" .nrg \"" regexp="\\.(nrg)"
ip firewall layer7-protocol add \
comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
ip firewall \
layer7-protocol add comment="" name="Extension \" .vcd \"" regexp=\\.(vcd)
  • tambah mangle,copykan kode bawah ini dan patekan di "New Terminal" winbox
/ip firewall mangle add action=mark-packet chain=prerouting comment="http-video \

mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video \

passthrough=no
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="7z DOWNS" disabled=no layer7-protocol="Extension \" \
.7z \"" new-connection-mark="7z DOWNS" passthrough=yes protocol=tcp\
/ip \
firewall mangle add action=mark-packet chain=postrouting comment="" \
connection-mark="7z DOWNS" disabled=no new-packet-mark=7z passthrough=no \
protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting \
comment="asf DOWNS" disabled=no layer7-protocol="Extension \" .asf \"" \
new-connection-mark="asf DOWNS" passthrough=yes protocol=tcp
/ip firewall \
mangle add action=mark-packet chain=postrouting comment="" connection-mark="asf \

DOWNS" disabled=no new-packet-mark=asf passthrough=no protocol=tcp

/ip \
firewall mangle add action=mark-connection chain=prerouting comment="avi DOWNS" \
disabled=no layer7-protocol="Extension \" .avi \"" new-connection-mark="avi \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="avi DOWNS" \
disabled=no new-packet-mark=avi passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="bin DOWNS" \
disabled=no layer7-protocol="Extension \" .bin \"" new-connection-mark="bin \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="bin DOWNS" \
disabled=no new-packet-mark=bin passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="flv DOWNS" \
disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" \
disabled=no new-packet-mark=flv passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="iso DOWNS" \
disabled=no layer7-protocol="Extension \" .iso \"" new-connection-mark="iso \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark= "iso DOWNS" \
disabled=no new-packet-mark=iso passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mkv DOWNS" \
disabled=no layer7-protocol="Extension \" .mkv \"" new-connection-mark="mkv \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mkv DOWNS" \
disabled=no new-packet-mark=mkv passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="exe DOWNS" \
disabled=no layer7-protocol="Extension \" .exe \"" new-connection-mark="exe \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="exe DOWNS" \
disabled=no new-packet-mark=exe passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mov DOWNS" \
disabled=no layer7-protocol="Extension \" .mov \"" new-connection-mark="mov \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mov DOWNS" \
disabled=no new-packet-mark=mov passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mp3 DOWNS" \
disabled=no layer7-protocol="Extension \" .mp3 \"" new-connection-mark="mp3 \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mp3 DOWNS" \
disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mp4 DOWNS" \
disabled=no layer7-protocol="Extension \" .mp4 \"" new-connection-mark="mp4 \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mp4 DOWNS" \
disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mpeg DOWNS" \
disabled=no layer7-protocol="Extension \" .mpeg \"" new-connection-mark="mpeg \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mpeg DOWNS" \
disabled=no new-packet-mark=mpeg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="mpg DOWNS" \
disabled=no layer7-protocol="Extension \" .mpg \"" new-connection-mark="mpg \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="mpg DOWNS" \
disabled=no new-packet-mark=mpg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="nrg DOWNS" \
disabled=no layer7-protocol="Extension \" .nrg \"" new-connection-mark="nrg \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="nrg DOWNS" \
disabled=no new-packet-mark=nrg passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="ram DOWNS" \
disabled=no layer7-protocol="Extension \" .ram \"" new-connection-mark="ram \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="ram DOWNS" \
disabled=no new-packet-mark=ram passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="rar DOWNS" \
disabled=no layer7-protocol="Extension \" .rar \"" new-connection-mark="rar \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="rar DOWNS" \
disabled=no new-packet-mark=rar passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="rm DOWNS" \
disabled=no layer7-protocol="Extension \" .rm \"" new-connection-mark="rm DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="rm DOWNS" disabled=no \
new-packet-mark=rm passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="rmvb DOWNS" disabled=no \
layer7-protocol="Extension \" .rmvb \"" new-connection-mark="rmvb DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="rmvb DOWNS" disabled=no \
new-packet-mark=rmvb passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wav DOWNS" disabled=no \
layer7-protocol="Extension \" .wav \"" new-connection-mark="wav DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wav DOWNS" disabled=no \
new-packet-mark=wav passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wma DOWNS" disabled=no \
layer7-protocol="Extension \" .wma \"" new-connection-mark="wma DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wma DOWNS" disabled=no \
new-packet-mark=wma passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="wmv DOWNS" disabled=no \
layer7-protocol="Extension \" .wmv \"" new-connection-mark="wmv DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="wmv DOWNS" disabled=no \
new-packet-mark=wmv passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="zip DOWNS" disabled=no \
layer7-protocol="Extension \" .zip \"" new-connection-mark="zip DOWNS" \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=postrouting comment="" connection-mark="zip DOWNS" disabled=no \
new-packet-mark=zip passthrough=no protocol=tcp
/ip firewall mangle add \
action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no \
layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes \
protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting \
comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment="daa DOWNS" disabled=no layer7-protocol="Extension \" \
.daa \"" new-connection-mark="daa DOWNS" passthrough=yes protocol=tcp
/ip \
firewall mangle add action=mark-packet chain=postrouting comment="" \
connection-mark="daa DOWNS" disabled=no new-packet-mark=daa passthrough=no \
protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting \
comment="dat DOWNS" disabled=no layer7-protocol="Extension \" .dat \"" \
new-connection-mark="dat DOWNS" passthrough=yes protocol=tcp
/ip firewall \
mangle add action=mark-packet chain=postrouting comment="" connection-mark="dat \

DOWNS" disabled=no new-packet-mark=dat passthrough=no protocol=tcp

/ip \
firewall mangle add action=mark-connection chain=prerouting comment="vcd DOWNS" \
disabled=no layer7-protocol="Extension \" .vcd \"" new-connection-mark="vcd \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="vcd DOWNS" \
disabled=no new-packet-mark=vcd passthrough=no protocol=tcp
/ip firewall \
mangle add action=mark-connection chain=prerouting comment="cab DOWNS" \
disabled=no layer7-protocol="Extension \" .cab \"" new-connection-mark="cab \

DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add \
action=mark-packet chain=postrouting comment="" connection-mark="cab DOWNS" \
disabled=no new-packet-mark=cab passthrough=no protocol=tcp
  • kemudian untuk limit nya ,saya di sini beri 32kB untuk limitnya berarti downloadnya hanya 8 KB perdetik,Copykan kode bawah ini dan patekan di "New Terminal" winbox
/queue simple add name="youtube" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=http-video direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=100k/100k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="exe" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=exe direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rar" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rar \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="zip" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=zip direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="7z" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=7z \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="cab" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=cab direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="asf" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=asf \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mov" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mov direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="wmv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wmv \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mpg" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mpg direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="mpeg" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=mpeg direction=both priority=8 queue=default-small/default-small \
limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 \
burst-time=0s/0s total-queue=default-small
/queue simple add name="mkv" \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mkv direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="avi" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=avi direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="flv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=flv \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="wav" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=wav direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rm" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rm \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="mp3" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=mp3 direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="mp4" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp4 \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="ram" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=ram direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="rmvb" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=rmvb direction=both priority=8 queue=default-small/default-small \
limit-at=0/0 max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 \
burst-time=0s/0s total-queue=default-small
/queue simple add name="dat" \
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=dat direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32k/32k \
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="daa" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=daa direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="iso" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=iso\
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="nrg" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=nrg direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
/queue simple \
add name="bin" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=bin \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=32k/32k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s \
total-queue=default-small
/queue simple add name="vcd" dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=vcd direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=32k/32k burst-limit=0/0 \
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

  • lihat gambar di bawah ini....youtube video terlimit

Selamat mencoba--

No comments:

Post a Comment