Scribd Logo
Upload

Welcome to Scribd!

  • Limit Extensi

    Uploaded by

    Waone Imperfect
    27 views8 pages
    The document describes how to configure firewall rules and traffic shaping on a router to limit downloads of certain file extensions like EXE, RAR, ZIP and media file types. It involves adding layer 7 protocols, marking traffic with these protocols, creating queue types to classify traffic by source/destination address, and building a queue tree with priorities and limits to shape download and upload traffic.

    Original Description:

    latihan

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how to configure firewall rules and traffic shaping on a router to limit downloads of certain file extensions like EXE, RAR, ZIP and media file types. It involves adding layer 7 protocols, marking traffic with these protocols, creating queue types to classify traffic by source/destination address, and building a queue tree with priorities and limits to shape download and upload traffic.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    27 views8 pages

    Limit Extensi

    Uploaded by

    Waone Imperfect
    The document describes how to configure firewall rules and traffic shaping on a router to limit downloads of certain file extensions like EXE, RAR, ZIP and media file types. It involves adding layer 7 protocols, marking traffic with these protocols, creating queue types to classify traffic by source/destination address, and building a queue tree with priorities and limits to shape download and upload traffic.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 8

    MEMBUAT LIMIT EXTENSI

    /ip firewall layer7-protocol


    add name=EXE regexp="^.*get.+\\.exe.*\$"
    add name=RAR regexp="^.*get.+\\.rar.*\$"
    add name=ZIP regexp="^.*get.+\\.zip.*\$"
    add name=7z regexp="^.*get.+\\.7z.*\$"
    add name=WMV regexp="^.*get.+\\.wmv.*\$"
    add name=MPG regexp="^.*get.+\\.mpg.*\$"
    add name=MPEG regexp="^.*get.+\\.mpeg.*\$"
    add name=AVI regexp="^.*get.+\\.avi.*\$"
    add name=FLV regexp="^.*get.+\\.flv.*\$"
    add name=WAV regexp="^.*get.+\\.wav.*\$"
    add name=MP3 regexp="^.*get.+\\.mp3.*\$"
    add name=MP4 regexp="^.*get.+\\.mp4.*\$"
    add name=ISO regexp="^.*get.+\\.iso.*\$"
    add name=3GP regexp="^.*get.+\\.3gp.*\$"
    add name=MOV regexp="^.*get.+\\.mov.*\$"
    add name=MKV regexp="^.*get.+\\.mkv.*\$"
    add name=PDF regexp="^.*get.+\\.pdf.*\$"
    add name=TAR regexp="^.*get.+\\.tar.*\$"
    add name=APK regexp="^.*get.+\\.apk.*\$"
    add name=DAT regexp="^.*get.+\\.dat.*\$"
    add name=NRG regexp="^.*get.+\\.nrg.*\$"
    add name=RAM regexp="^.*get.+\\.ram.*\$"
    add name=RM regexp="^.*get.+\\.rm.*\$"
    add name=RMVB regexp="^.*get.+\\.rmvb.*\$"
    add name=WMA regexp="^.*get.+\\.wma.*\$"
    add name=DAA regexp="^.*get.+\\.daa.*\$"
    add name=VCD regexp="^.*get.+\\.vcd.*\$"
    add name=CAB regexp="^.*get.+\\.cab.*\$"
    add name=ASF regexp="^.*get.+\\.asf.*\$"
    add name=BIN regexp="^.*get.+\\.bin.*\$"
    add name=BROWSING regexp="http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d -~]"
    add name=YOUTUBE regexp="videoplayback"


    INI ROUTING UNTUK EXTENSI

    /ip firewall mangle

    add comment=BROWSING action=mark-connection \
    chain=prerouting layer7-protocol=BROWSING \
    new-connection-mark=down-BROWSING

    add action=mark-packet chain=postrouting \
    connection-mark=down-BROWSING \
    new-packet-mark=BROWSING passthrough=no

    add comment=EXE action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=EXE \
    connection-mark=down-EXE passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=EXE \
    new-connection-mark=down-EXE

    add comment=RAR action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=RAR \
    connection-mark=down-RAR passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=RAR \
    new-connection-mark=down-RAR

    add comment=ZIP action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=ZIP \
    connection-mark=down-ZIP passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=ZIP \
    new-connection-mark=down-ZIP

    add comment=7z action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=7z \
    connection-mark=down-7z passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=7z \
    new-connection-mark=down-7z

    add comment=WMV action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=WMV \
    connection-mark=down-WMV passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=WMV \
    new-connection-mark=down-WMV

    add comment=MPG action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MPG \
    connection-mark=down-MPG passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MPG \
    new-connection-mark=down-MPG

    add comment=MPEG action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MPEG \
    connection-mark=down-MPEG passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MPEG \
    new-connection-mark=down-MPEG

    add comment=AVI action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=AVI \
    connection-mark=down-AVI passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=AVI \
    new-connection-mark=down-AVI

    add comment=FLV action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=FLV \
    connection-mark=down-FLV passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=FLV \
    new-connection-mark=down-FLV

    add comment=WAV action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=WAV \
    connection-mark=down-WAV passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=WAV \
    new-connection-mark=down-WAV

    add comment=MP3 action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MP3 \
    connection-mark=down-MP3 passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MP3 \
    new-connection-mark=down-MP3

    add comment=MP4 action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MP4 \
    connection-mark=down-MP4 passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MP4 \
    new-connection-mark=down-MP4

    add comment=ISO action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=ISO \
    connection-mark=down-ISO passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=ISO \
    new-connection-mark=down-ISO

    add comment=3GP action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=3GP \
    connection-mark=down-3GP passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=3GP \
    new-connection-mark=down-3GP

    add comment=MOV action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MOV \
    connection-mark=down-MOV passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MOV \
    new-connection-mark=down-MOV

    add comment=MKV action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=MKV \
    connection-mark=down-MKV passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=MKV \
    new-connection-mark=down-MKV

    add comment=PDF action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=PDF \
    connection-mark=down-PDF passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=PDF \
    new-connection-mark=down-PDF

    add comment=TAR action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=TAR \
    connection-mark=down-TAR passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=TAR \
    new-connection-mark=down-TAR

    add comment=APK action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=APK \
    connection-mark=down-APK passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=APK \
    new-connection-mark=down-APK

    add comment=DAT action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=DAT \
    connection-mark=down-DAT passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=DAT \
    new-connection-mark=down-DAT

    add comment=NRG action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=NRG \
    connection-mark=down-NRG passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=NRG \
    new-connection-mark=down-NRG

    add comment=RAM action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=RAM \
    connection-mark=down-RAM passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=RAM \
    new-connection-mark=down-RAM

    add comment=RM action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=RM \
    connection-mark=down-RM passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=RM \
    new-connection-mark=down-RM

    add comment=RMVB action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=RMVB \
    connection-mark=down-RMVB passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=RMVB \
    new-connection-mark=down-RMVB

    add comment=WMA action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=WMA \
    connection-mark=down-WMA passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=WMA \
    new-connection-mark=down-WMA

    add comment=DAA action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=DAA \
    connection-mark=down-DAA passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=DAA \
    new-connection-mark=down-DAA

    add comment=VCD action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=VCD \
    connection-mark=down-VCD passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=VCD \
    new-connection-mark=down-VCD

    add comment=CAB action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=CAB \
    connection-mark=down-CAB passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=CAB \
    new-connection-mark=down-CAB

    add comment=ASF action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=ASF \
    connection-mark=down-ASF passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=ASF \
    new-connection-mark=down-ASF

    add comment=BIN action=mark-packet chain=postrouting \
    disabled=no new-packet-mark=BIN \
    connection-mark=down-BIN passthrough=no

    add action=mark-connection chain=prerouting \
    disable=no layer7-protocol=BIN \
    new-connection-mark=down-BIN

    MEMBUAT QUEUE TYPE DENGAN JENIS PCQ UNTUK PAKET YANG SUDAH DI TANDAI
    MASING-MASING UNTUK SOURCE DAN DESTINATION

    /queue type
    add name=pct-DOWN kind=pcq \
    pcq-classifier=dst-address

    add name=pct-UP kind=pcq \
    pcq-classifier=src-address

    MEMBUAT QUEUE TREE UNTUK PAKET UPLOAD DAN DOWNLOAD

    /queue tree

    add name=Download parent=ether3 \
    queue=pct-DOWN priority=1 max-limit=1M

    add name=Browsing parent=Download \
    queue=pct-DOWN priority=2 packet-mark=BROWSING

    add name="Limit Extensi" parent=ether3 \
    queue=pct-DOWN priority=2 max-limit=250k
    add name=3GP parent="Limit Extensi" \
    packet-mark=3GP queue=pct-DOWN priority=3

    add name=7z parent="Limit Extensi" \
    packet-mark=7z queue=pct-DOWN priority=3

    add name=AVI parent="Limit Extensi" \
    packet-mark=AVI queue=pct-DOWN priority=3

    add name=EXE parent="Limit Extensi" \
    packet-mark=EXE queue=pct-DOWN priority=3

    add name=FLV parent="Limit Extensi" \
    packet-mark=FLV queue=pct-DOWN priority=3

    add name=ISO parent="Limit Extensi" \
    packet-mark=ISO queue=pct-DOWN priority=3

    add name=MKV parent="Limit Extensi" \
    packet-mark=MKV queue=pct-DOWN priority=3

    add name=MOV parent="Limit Extensi" \
    packet-mark=MOV queue=pct-DOWN priority=3

    add name=MP3 parent="Limit Extensi" \
    packet-mark=MP3 queue=pct-DOWN priority=3

    add name=MP4 parent="Limit Extensi" \
    packet-mark=MP4 queue=pct-DOWN priority=3

    add name=MPEG parent="Limit Extensi" \
    packet-mark=MPEG queue=pct-DOWN priority=3

    add name=MPG parent="Limit Extensi" \
    packet-mark=MPG queue=pct-DOWN priority=3

    add name=PDF parent="Limit Extensi" \
    packet-mark=PDF queue=pct-DOWN priority=3

    add name=RAR parent="Limit Extensi" \
    packet-mark=RAR queue=pct-DOWN priority=3

    add name=WAV parent="Limit Extensi" \
    packet-mark=WAV queue=pct-DOWN priority=3

    add name=WMV parent="Limit Extensi" \
    packet-mark=WMV queue=pct-DOWN priority=3

    add name=ZIP parent="Limit Extensi" \
    packet-mark=ZIP queue=pct-DOWN priority=3

    add name=APK parent="Limit Extensi" \
    packet-mark=APK queue=pct-DOWN priority=3

    add name=DAT parent="Limit Extensi" \
    packet-mark=DAT queue=pct-DOWN priority=3

    add name=TAR parent="Limit Extensi" \
    packet-mark=TAR queue=pct-DOWN priority=3

    add name=YOUTUBE parent="Limit Extensi" \
    packet-mark=YOUTUBE queue=pct-DOWN priority=3

    add name=NRG parent="Limit Extensi" \
    packet-mark=NRG queue=pct-DOWN priority=3

    add name=RAM parent="Limit Extensi" \
    packet-mark=RAM queue=pct-DOWN priority=3

    add name=RM parent="Limit Extensi" \
    packet-mark=RM queue=pct-DOWN priority=3

    add name=RMVB parent="Limit Extensi" \
    packet-mark=RMVB queue=pct-DOWN priority=3

    add name=WMA parent="Limit Extensi" \
    packet-mark=WMA queue=pct-DOWN priority=3

    add name=DAA parent="Limit Extensi" \
    packet-mark=DAA queue=pct-DOWN priority=3

    add name=VCD parent="Limit Extensi" \
    packet-mark=VCD queue=pct-DOWN priority=3

    add name=CAB parent="Limit Extensi" \
    packet-mark=CAB queue=pct-DOWN priority=3
    add name=ASF parent="Limit Extensi" \
    packet-mark=ASF queue=pct-DOWN priority=3

    add name=BIN parent="Limit Extensi" \
    packet-mark=BIN queue=pct-DOWN priority=3

    You might also like