Embedded Files
Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
Limiting Download File Extensions on Mikrotik
Limiting Download File Extensions on Mikrotik
1. Login to your Mikrotik WinBox, Click on IP>Firewall, select tab : Layer7 Protocols. Here we shall create the marking of file extensions variety. For more quickly, just copy the script to layer7 protocols below, and paste to the new terminal window!
The script that must insert to Layer7 Protocols :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"
Just make sure the script that we just inserted, on the winbox main menu click on IP>Firewall, and then click onLayer7 Protocols tabs. On the Layer7 Protocols tab, you will have many type of file extensions in that. Let's see the picture below!
2. On the firewall window, select tab: Mangle, here we shall create the mangle rule of the file extensions. For more quickly just click on New Terminal menu, copy the mangle script, right click on terminal window and paste therein!
The mangle script that you have to insert :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no \
layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no \
layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no \
layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no \
layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no \
layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no \
layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no \
layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no \
layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no \
layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no \
layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no \
layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no \
layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no \
layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no \
layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no \
layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no \
layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no \
layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no \
layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no \
layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no \
layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no \
layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no \
layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no \
layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no \
layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no \
layer7-protocol=VCD new-packet-mark=VCD passthrough=no
For make sure the script already make the mangle rule on firewall, on the main menu winbox click on IP>Firewall, and then click mangle tabs. On the mangle tab of the firewall, you will find many mangle rule inside according the number of file extensions as shown like the pictures below!
3. On the main menu click : Queues, Queue list will be shown. Select tab : Queue tree, here you will to create the queue tree rule for each file extensions. For more quickly just click the New Terminal on main menu, copy the queue tree script, right click on terminal window and paste therein!
The queue tree script that you have to insert :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/queue tree add name="LIMIT FILE EXTENTION" parent=global-out \
limit-at=0 priority=3 max-limit=210000 burst-limit=\
0 burst-threshold=0 burst-time=0s
/queue tree add name="7z" parent="LIMIT FILE EXTENTION" \
packet-mark=7z limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="LIMIT FILE EXTENTION" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="LIMIT FILE EXTENTION" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="LIMIT FILE EXTENTION" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="LIMIT FILE EXTENTION" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="LIMIT FILE EXTENTION" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="LIMIT FILE EXTENTION" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="LIMIT FILE EXTENTION" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="LIMIT FILE EXTENTION" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="LIMIT FILE EXTENTION" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="LIMIT FILE EXTENTION" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="LIMIT FILE EXTENTION" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="LIMIT FILE EXTENTION" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="LIMIT FILE EXTENTION" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="LIMIT FILE EXTENTION" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="LIMIT FILE EXTENTION" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="LIMIT FILE EXTENTION" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="LIMIT FILE EXTENTION" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="LIMIT FILE EXTENTION" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="LIMIT FILE EXTENTION" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="LIMIT FILE EXTENTION" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
Let’s check the queue tree rules by click on Queue on the main menu, and the select the tab : queue tree. You will find many rules on the queue tree. You can adjust Limit value of File Extensions as you wish.
Download any file from the internet, and the limit file extensions rule on the queue tree. This rule allow you to setup the limit speed on each file extensions. But the total bandwidth that will share depending on limit file extension as parent. For more details let’s see this article video! see you!
____________________________________________XXX_________________________________________
Limit Download File Extension
IP FIREWALL FILTER
Note: change "192.168.100.0/24" with your Network Rules
/ip firewall filter
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment=\
"Limit Download by using File Extension" content=.exe disabled=no protocol=tcp \
src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.zip disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.arj disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.lzh disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.3gp disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.gz disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.gzip disabled=\
no protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.tar disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.bin disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mp3 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.m4a disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wav disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rar disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ram disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.aac disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.aif disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.avi disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpg disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpeg disabled=\
no protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.qt disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.plj disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.asf disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mov disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rm disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rm1 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mp4 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wma disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wmv disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpe disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpa disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.pdf disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.msi disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ace disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.iso disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.img disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ogg disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.7z disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.sea disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.sit disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.doc disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ppt disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.pps disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.flv disabled=no \
protocol=tcp src-address=192.168.100.0/24
IP FIREWALL MANGLE
/ip firewall mangle
add action=mark-packet chain=forward comment="Limit Download" disabled=no \
new-packet-mark=Limit-Download passthrough=no protocol=tcp src-address-list=limit-extension
QUEUE TREE
Note:queue limit is 256k you can change with other limit by change "256000"
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
max-limit=256k name=Limit-Download packet-mark=limit-download parent=\
global-out priority=8 queue=default
__________________________________________XXXX--------------------------------------
Limiting Download File Extensions Mikrotik
Limiting Download File Extensions Mikrotik
STEP-1
STEP-1
/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"
STEP -2
STEP -2
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no \
layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no \
layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no \
layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no \
layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no \
layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no \
layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no \
layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no \
layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no \
layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no \
layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no \
layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no \
layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no \
layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no \
layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no \
layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no \
layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no \
layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no \
layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no \
layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no \
layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no \
layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no \
layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no \
layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no \
layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no \
layer7-protocol=VCD new-packet-mark=VCD passthrough=no
STEP-3
STEP-3
/queue tree add name="LIMIT FILE EXTENTION" parent=global-out \
limit-at=0 priority=3 max-limit=2M(this is your total bandwith or leave blank here ) burst-limit=\
0 burst-threshold=0 burst-time=0s
/queue tree add name="7z" parent="LIMIT FILE EXTENTION" \
packet-mark=7z limit-at=0(PUT YOUR DOWNLOAD LIMIT HERE FOR 7Z E.G 64K SAME FOR REST )queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="LIMIT FILE EXTENTION" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="LIMIT FILE EXTENTION" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="LIMIT FILE EXTENTION" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="LIMIT FILE EXTENTION" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="LIMIT FILE EXTENTION" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="LIMIT FILE EXTENTION" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="LIMIT FILE EXTENTION" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="LIMIT FILE EXTENTION" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="LIMIT FILE EXTENTION" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="LIMIT FILE EXTENTION" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="LIMIT FILE EXTENTION" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="LIMIT FILE EXTENTION" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="LIMIT FILE EXTENTION" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="LIMIT FILE EXTENTION" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="LIMIT FILE EXTENTION" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="LIMIT FILE EXTENTION" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="LIMIT FILE EXTENTION" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="LIMIT FILE EXTENTION" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="LIMIT FILE EXTENTION" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="LIMIT FILE EXTENTION" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
Posted by Admin
_______________________XXXX_______________________________________________________
Page updated
Google Sites
Report abuse