Tangkap Content Extention via L7 (Limit Download dgn[L7] & connbyt + Drop IDM

Setelah Newbie mikir2 7 keliling akhiryna dapat rule yg pas dan udah tested untuk drop Koneksi IDM + dapat menangkap Koneksi download buat dibuang ke queue agar terlimit dengan rapih menggunakan jasa Layer7
langsung to the point aja deh silahkan terjemahin sendiri rulenya,dipelajari aja ya maksud dan tujuannya hehe.. 

Mohon koreksi apa bila ada yg kurang or CMIIW

Ros V4.9
sesuaikan ip dijaringan anda
10.0.0.0/24 = ip_local client
192.168.1.100 = ip proxy Ext <-Kalo Ada
10.0.0.30 = ip router


Regex content Layer7
Code:
/ip firewall layer7-protocol
add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"
add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
add comment="" name="Extension \" .pdf \"" regexp="\\.(pdf)"
add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"
add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"
add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"
add comment="" name="Extension \" .mp2 \"" regexp="\\.(mp2)"
add comment="" name="Extension \" .3gp \"" regexp="\\.(3gp)"
add comment="" name="Extension \" .mpe \"" regexp="\\.(mpe)"
add comment="" name="Extension \" .qt \"" regexp="\\.(qt)"
add comment="" name="Extension \" .raw \"" regexp="\\.(raw)"
add comment="" name="Extension \" .wma \"" regexp="\\.(wma)"
add comment="" name="Extension \" .ogg \"" regexp="\\.(ogg)"
add comment="" name="Extension \" .doc \"" regexp="\\.(doc)"
buat dulu ip di address_list buat pisahin agar tidak ketangkap oleh rule difilter dan mangle
Code:
/ip firewall address-list
add address=10.0.0.30 comment="" disabled=no list=bypass
add address=192.168.1.100 comment="" disabled=no list=bypass
add address=192.168.1.100 comment="" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment="" disabled=no list=skip_content_download

filter buat nangkap ip content L7
Code:
/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .zip \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment="" disabled=no dst-address-list=\
    !skip_content_download layer7-protocol="Extension \" .vcd \"" protocol=tcp

Kita buat manglenya buat nandain keneksi download pake connbyte digabungin dgn ip_content L7 yg kita tangkap tadi + nandain koneksi browsing 

Code:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
    Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
    Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
    passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
    protocol=!icmp
add action=mark-packet chain=prerouting comment="" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
    passthrough=no
setelah itu kita buat queue buat batasin downloadnya terserah mau pake simple or tree, disini sy memakai quetree dan sy mengalokasikan BW untuk Download 256kbps aja, silahkan sesuaikan dngn kondisi BW anda 

que_typenya

Code:
/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
Que_Treenya

Code:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
    queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
    priority=8 queue=pcq-down
Nah... masalah limit download udah selesai sampai disini, skarang tinggal rule untuk Drop koneksi IDM (tetap nangkapnya memakai content L7) 

Langsung Filter aja pake conn_limit trus di Drop  (perhatikan in-interfacenya sesuaikan dgn nama interface yg menuju Local client anda
Code:
/ip firewall filter
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .exe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .3gp \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .7z \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .asf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .avi \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .bin \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .cab \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .daa \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .dat \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .doc \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .flv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .iso \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mkv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mov \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp2 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp3 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mp4 \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpe \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpeg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .mpg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .nrg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ogg \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .pdf \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .qt \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .ram \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rar \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .raw \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rm \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .rmvb \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .vcd \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wav \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wma \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .wmv \"" protocol=tcp
add action=drop chain=forward comment="" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol="Extension \" .zip \"" protocol=tcp

Silahkan dicoba.. 
Label:
Selasa, 13 Desember 2011
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description
  • description

Video Gallery

  • Linux
    sekedar informasi, sekarang zimbra sudah diakuisisi oleh VMWare. jadi nantinya logo webmail zimbra kita akan ada logo VMware-nya.
  • Foto
    kalo mau buat efek foto kembar yang penting pilih minimal 3 foto (mau lebih juga terserah anda aj..)yang setingan tempat dan letak kameranya
  • Network
    setelah anda membongkar dus, dan menyiapkan koneksi. yang perlu anda lakukan adalah:
  • Serba-Serbi
    16 Cara Mengikat Sepatu Ala Jepang share buat teman2 & cew ato cow yang senang menggunakan sepatu bertali. Selamat mencoba
  • Tips-Trik
    Jika agan pengguna komputer, pasti sudah tidak asing lagi dengan yang namanya mouse. Mouse adalah salah satu pendamping setia dari komputer. Hampir semua jenis mouse memiliki 3 buah tombol. Tombol kiri, tombol kanan dan tombol scroll yang ada di tengah
  • Windows
    Windows 7 merupakan versi yang jauh lebih baik daripada versi terbaru windows, yaitu windows Vista. Dan windows 7 dilengkapi dengan banyak fitur baru.