Membatasi Paket download di Mikrotik sesuai Extantion

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.exe action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.iso action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.mpg action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.zip action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.rar action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.dat action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.flv action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.3gp action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.mpeg action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.avi action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.ram action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.mov action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp content=.wma action=add-dst-to-address-list address-list=limit address-list-timeout=01:00:00

Keterangan :

ip address yang ada di script adalah ip network, oleh karena itu sesuaikan dulu dengan ip network anda, tcp content merupakan EXTENSI file yang sering di download oleh client, jika anda merasa kurang, silakan di tambahi sendiri. Address list cekek nantinya akan muncul otomatis di menu ip firewall address list dengan nama limit . Blok smua Script di atas kemudian anda paste kan di menu New terminal, akhiri dengan enter.

Langkah berikutnya adalah menginisialisai marking packet di mangle dengan script di bawah ini :

/ip firewall mangle add chain=forward protocol=tcp src-address-list=limit action=mark-packet new-packet-mark=limit-bw-by-extension

maksudnya, semua traffict tcp yang di kenali pada extension file yang di download akan di mark (ditandai) sebagai limit-bw-by-extension yang selanjutny akan di kenali di firewall address list sehingga alamat ip yang di download akan terdeteksi otomatis

Langkah terakhir, adalah memasukkan marking packet yang kita buat di mangle agar di kenali oleh queu dengan memasukkan script dibawah ini

/queue simple add-files max-limit=32000/64000 packet-marks=limit-bw-by-extension

artinya kita membatasi download extension file 32kbps upload dan 64kbps dowload. Bagi anda yang memiliki bandwitdh besar silakan sesuaikan kapasitas downlod yang ingin anda berikan.. bisa 128kbps, 256kbps 512kbps

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s