Sunteți pe pagina 1din 5

Limit Bandwith using Layer 7-Protocol

Layer7 Protocol
/ip firewall layer7-protocol
add comment="" name=ISO regexp="\\.(iso)"
add comment="" name=NRG regexp="\\.(nrg)"
add comment="" name=RM regexp="\\.(rm)"
add comment="" name=RM1 regexp="\\.(rm1)"
add comment="" name=MP4 regexp="\\.(mp4)"
add comment="" name=AVI regexp="\\.(avi)"
add comment="" name=WAV regexp="\\.(wav)"
add comment="" name=MPG regexp="\\.(mpg)"
add comment="" name=MP3 regexp="\\.(mp3)"
add comment="" name=MPEG regexp="\\.(mpeg)"
add comment="" name=WMV regexp="\\.(wmv)"
add comment="" name=3GP regexp="\\.(3gp)"
add comment="" name=FLV regexp="\\.(flv)"
add comment="" name=MOV regexp="\\.(mov)"
add comment="" name=IMG regexp="\\.(img)"
add comment="" name=DOC regexp="\\.(doc)"
add comment="" name=PPT regexp="\\.(ppt)"
add comment="" name=PDF regexp="\\.(pdf)"
add comment="" name=EXE regexp="\\.(exe)"
add comment="" name=MSI regexp="\\.(msi)"
add comment="" name=7Z regexp="\\.(7z)"
add comment="" name=BIN regexp="\\.(bin)"
add comment="" name=GZ regexp="\\.(gz)"
add comment="" name=GZIP regexp="\\.(gzip)"
add comment="" name=TAR regexp="\\.(tar)"
add comment="" name=RAR regexp="\\.(rar)"
add comment="" name=ZIP regexp="\\.(zip)"

Firewall
/ip firewall mangle
add action=mark-packet chain=forward comment="EKSTENSI-LAYER-7" disabled=no layer7protocol=ISO new-packet-mark=ISO passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=NRG newpacket-mark=NRG passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=RM newpacket-mark=RM passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=RM1 newpacket-mark=RM1 passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MP4 newpacket-mark=MP4 passthrough=no

add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=AVI newpacket-mark=AVI passthrough=no


add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=WAV newpacket-mark=WAV passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MPG newpacket-mark=MPG passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MP3 newpacket-mark=MP3 passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MPEG newpacket-mark=MPEG passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=WMV newpacket-mark=WMV passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=3GP newpacket-mark=3GP passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=FLV newpacket-mark=FLV passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MOV newpacket-mark=MOV passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=IMG newpacket-mark=IMG passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=DOC newpacket-mark=DOC passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=PPT newpacket-mark=PPT passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=PDF newpacket-mark=PDF passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=EXE newpacket-mark=EXE passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=MSI newpacket-mark=MSI passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=7Z newpacket-mark=7Z passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=BIN newpacket-mark=BIN passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=GZ newpacket-mark=GZ passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=GZIP newpacket-mark=GZIP passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=TAR newpacket-mark=TAR passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=RAR newpacket-mark=RAR passthrough=no
add action=mark-packet chain=forward comment="" disabled=no layer7-protocol=ZIP newpacket-mark=ZIP passthrough=no

Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=256k
name=Limit-Download packet-mark=no-mark parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=ISO packet-mark=ISO parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=NRG packet-mark=NRG parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=RM packet-mark=RM parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=RM1 packet-mark=RM1 parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MP4 packet-mark=MP4 parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=AVI packet-mark=AVI parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=WAV packet-mark=WAV parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MPG packet-mark=MPG parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MP3 packet-mark=MP3 parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MPEG packet-mark=MPEG parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=WMV packet-mark=WMV parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=3GP packet-mark=3GP parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=FLV packet-mark=FLV parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MOV packet-mark=MOV parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=IMG packet-mark=IMG parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=DOC packet-mark=DOC parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=PPT packet-mark=PPT parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=PDF packet-mark=PDF parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=EXE packet-mark=EXE parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=MSI packet-mark=MSI parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=7Z packet-mark=7Z parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=BIN packet-mark=BIN parent=Limit-Download priority=8 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0


name=GZ packet-mark=GZ parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=GZIP packet-mark=GZIP parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=TAR packet-mark=TAR parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=RAR packet-mark=RAR parent=Limit-Download priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0
name=ZIP packet-mark=ZIP parent=Limit-Download priority=8 queue=default

Mikrotik Firewall Advanced Security


Well this time I will explain advanced firewall, because the mikrotik is famous for its
security, therefore it is usually used for large networks, this firewall for my network
settings on routerboard Jova Company. Simply type the command should be in the
terminal mikrotik:
/ip firewall filter add chain=input connection-state=invalid action=drop comment=Drop invalid
connections
/ip firewall filter add chain=input protocol=udp action=accept comment=UDP
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=Allow
limited pings
/ip firewall filter add chain=input protocol=icmp action=drop comment=Drop_excess_pings
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork
action=accept comment=FTP
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork
action=accept comment=SSH for secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork
action=accept comment=Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork
action=accept comment=Web
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork
action=accept comment=winbox
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptpserver
/ip firewall filter add chain=input action=log log-prefix=DROP INPUT comment=Log
everything else
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork
action=accept comment=Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork
action=accept comment=Web1
/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=icmp-con passthrough=yes comment= bikin_cepat_ping_dan_dns
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptpserver
/ip firewall filter add chain=input action=log log-prefix=DROP INPUT
comment=Logeverythingelse
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork
action=accept comment=winbox access

Mikrotik firewall can be used for all types of mikrotik routerboard, mikrotik radio
antennas, routers, and all products mikrotik.

S-ar putea să vă placă și