Mikrotik Limit Internet Speed based on file extension



Mikrotik Limit Internet Speed based on file extension


1. Set the rule in layer7-protocol

i will apply the following script in terminal

/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"


2. create rule in Mangle to mark the parket.

/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no \
layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no \
layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no \
layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no \
layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no \
layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no \
layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no \
layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no \
layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no \
layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no \
layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no \
layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no \
layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no \
layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no \
layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no \
layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no \
layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no \
layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no \
layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no \
layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no \
layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no \
layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no \
layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no \
layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no \
layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no \
layer7-protocol=VCD new-packet-mark=VCD passthrough=no


3. filter the file extension based on the mangle packet above

now it's time to limit speed based on the extension of file



/queue tree add name="7z" parent="global" \
packet-mark=7z limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="global" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="global" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="global" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="global" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="global" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="global" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="global" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="global" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="global" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="global" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="global" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="global" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="global" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="global" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="global" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="global" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="global" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="global" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="global" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="global" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="global" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="global" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="global" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ZIP" parent="global" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=32000 \
burst-limit=0 burst-threshold=0 burst-time=0s


now you can test the downloading the file with extension you filter, and see the result.


done!!!
Share on Google Plus

About somono chek

Hi, I am Somono Chek. I've been working in IT field for 8 years. I created this blog for sharing my experiences and knowledge for this 8 years related to IT Skill: Networking, Network Security, Linux Server, Windows Server and other skill related to IT.

0 comments:

Post a Comment