MikroTik Scripts: Limit Download File Extension

IP FIREWALL FILTER
Note: change "192.168.100.0/24" with your Network Rules

/ip firewall filter
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment=\
"Limit Download by using File Extension" content=.exe disabled=no protocol=tcp \
src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.zip disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.arj disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.lzh disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.3gp disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.gz disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.gzip disabled=\
no protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.tar disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.bin disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mp3 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.m4a disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wav disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rar disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ram disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.aac disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.aif disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.avi disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpg disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpeg disabled=\
no protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.qt disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.plj disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.asf disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mov disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rm disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.rm1 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mp4 disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wma disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.wmv disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpe disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.mpa disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.pdf disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.msi disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ace disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.iso disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.img disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ogg disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.7z disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.sea disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.sit disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.doc disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.ppt disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.pps disabled=no \
protocol=tcp src-address=192.168.100.0/24
add action=add-dst-to-address-list address-list=limit-extension \
address-list-timeout=1h chain=forward comment="" content=.flv disabled=no \
protocol=tcp src-address=192.168.100.0/24

IP FIREWALL MANGLE

/ip firewall mangle
add action=mark-packet chain=forward comment="Limit Download" disabled=no \
new-packet-mark=Limit-Download passthrough=no protocol=tcp src-address-list=limit-extension

QUEUE TREE
Note:queue limit is 256k you can change with other limit by change "256000"

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
max-limit=256k name=Limit-Download packet-mark=limit-download parent=\
global-out priority=8 queue=default

MikroTik Scripts

Pages

Saturday, September 10, 2011

Limit Download File Extension

About Me