/ip firewall layer7-protocol
add comment="" name=ISO regexp="\\.(iso)"
add comment="" name=NRG regexp="\\.(nrg)"
add comment="" name=RM regexp="\\.(rm)"
add comment="" name=RM1 regexp="\\.(rm1)"
add comment="" name=MP4 regexp="\\.(mp4)"
add comment="" name=AVI regexp="\\.(avi)"
add comment="" name=WAV regexp="\\.(wav)"
add comment="" name=MPG regexp="\\.(mpg)"
add comment="" name=MP3 regexp="\\.(mp3)"
Saturday, September 24, 2011
Limit Bandwith using Layer 7-Protocol
SCRIPT I
Friday, September 23, 2011
How to setup Mikrotik Password
By the default Mikrotik doesn't have password (blank password), but we can add the password by inserting this command on Mikrotik Terminal
If you want to change the old password with your new password here this:
[admin@Mikrotik] >password
If you want to change the old password with your new password here this:
[admin@Mikrotik] >password
old password: ***** (please change the star sign to your old password)
new password: ***** (please change the star sign to your new password)
retype new password: ***** (please confirm your new password)
Sunday, September 18, 2011
Disabled Tracert using Mikrotik
How to Drop Trace route using Mikrotik
IP FIREWALL
IP FIREWALL
/ip firewall
add action=drop chain=forward comment="Drop Traceroute" disabled=no \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=drop chain=input comment="Disable ICMP ping" disabled=no protocol=\
icmp
How to Block Facebook using Mikrotik
Here this the script for blocked facebook access using mikrotik
IP FIREWALL
Note:
Content: Facebook.com (you can change it to other site as you want to blocked)
Src-Address: You local IP Rules (change this ip rules with your ip rules)
IP FIREWALL
/ip firewall
add action=drop chain=forward comment="No-Facebook" content=facebook.com disabled=yes \
dst-port=80 protocol=tcp src-address=192.168.100.0/24
Note:
Content: Facebook.com (you can change it to other site as you want to blocked)
Src-Address: You local IP Rules (change this ip rules with your ip rules)
Tuesday, September 13, 2011
Activated NTP Client for Mikrotik Clock
Here this the script for activating NTP client for auto-update Mikrotik O'clock
SYSTEM NTP CLIENT
SYSTEM CLOCK
On this sample i use Timezone Asia/jakarta, you can change to other Timezone
SYSTEM NTP CLIENT
/system ntp client
set enabled=yes mode=unicast primary-ntp=203.160.128.6 secondary-ntp=202.169.224.16
SYSTEM CLOCK
On this sample i use Timezone Asia/jakarta, you can change to other Timezone
/system clock
set time-zone-name=Asia/Jakarta
Saturday, September 10, 2011
Limit Queue Video Streaming
Limit Queue for Video Streaming "eg:Youtube" and Video Download using Layer7-Protocol.
LAYER7-PROTOCOL
IP FIREWALL MANGLE
QUEUE TREE
Note: This sample use bandwith limit 256k, you can change the limit as you need by edited "256000" to other Limit you needed.
LAYER7-PROTOCOL
/ip firewall layer7-protocol
add comment="" name=http-video regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][\
1-5][0-9][0-9][\\x09-\\x0d-~]*(content-type: video)"
IP FIREWALL MANGLE
/ip firewall mangle
add action=mark-packet chain=forward comment="Limit Video Streaming" disabled=no \
layer7-protocol=http-video new-packet-mark=Limit-Video passthrough=no \
protocol=tcp
QUEUE TREE
Note: This sample use bandwith limit 256k, you can change the limit as you need by edited "256000" to other Limit you needed.
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
max-limit=256000 name=Limit-Video packet-mark=Limit-Video parent=global-out \
priority=8 queue=default
Limit Download File Extension
IP FIREWALL FILTER
Note: change "192.168.100.0/24" with your Network Rules
Note: change "192.168.100.0/24" with your Network Rules
/ip firewall filter
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment=\
"Limit Download by using File Extension" content=.exe disabled=no protocol=tcp \
src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.zip disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.arj disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.lzh disabled=no \
protocol=tcp src-address=192.168.100.0/24
Queue Simple
This is the scripts for queue simple on Mikrotik Router OS, you can edited "target-address" and "max-limit" by using Replace option at Notepad tools.
QUEUE SIMPLE
QUEUE SIMPLE
/queue simple
add name=COM-01 target-address=192.168.100.1 max-limit=128000/128000
add name=COM-02 target-address=192.168.100.2 max-limit=128000/128000
add name=COM-03 target-address=192.168.100.3 max-limit=128000/128000
add name=COM-04 target-address=192.168.100.4 max-limit=128000/128000
add name=COM-05 target-address=192.168.100.5 max-limit=128000/128000
add name=COM-06 target-address=192.168.100.6 max-limit=128000/128000
add name=COM-07 target-address=192.168.100.7 max-limit=128000/128000
add name=COM-08 target-address=192.168.100.8 max-limit=128000/128000
add name=COM-09 target-address=192.168.100.9 max-limit=128000/128000
Subscribe to:
Posts (Atom)