5. Mikrotik Limit Speed Download by File Extension




Here is a script:

/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"


/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no layer7-protocol=VCD new-packet-mark=VCD passthrough=no


/queue tree add name="LIMIT FILE EXTENTION" parent=global \
limit-at=0 priority=3 max-limit=1048576 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="7z" parent="LIMIT FILE EXTENTION" \
packet-mark=7z limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="LIMIT FILE EXTENTION" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="LIMIT FILE EXTENTION" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="LIMIT FILE EXTENTION" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="LIMIT FILE EXTENTION" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="LIMIT FILE EXTENTION" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="LIMIT FILE EXTENTION" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="LIMIT FILE EXTENTION" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="LIMIT FILE EXTENTION" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="LIMIT FILE EXTENTION" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="LIMIT FILE EXTENTION" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="LIMIT FILE EXTENTION" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="LIMIT FILE EXTENTION" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="LIMIT FILE EXTENTION" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="LIMIT FILE EXTENTION" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="LIMIT FILE EXTENTION" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="LIMIT FILE EXTENTION" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="LIMIT FILE EXTENTION" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="LIMIT FILE EXTENTION" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="LIMIT FILE EXTENTION" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="LIMIT FILE EXTENTION" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-hreshold=0 burst-time=0s
/queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s


Note: if you want to add more file extension, you need to follow these steps:

1. Add file extension to layer 7 protocol:
/ip firewall layer7-protocol add name="XXX" regexp="\\.(XXX)"

2. Add file extention to firewall:
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="XEX MARK PACKET " disabled=no layer7-protocol=XXX new-packet-mark=XXX passthrough=no

3. Add file extension to Queues Tree:
/queue tree add name="XXX" parent="LIMIT FILE EXTENTION" \
packet-mark=XXX limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

Previous
Next Post »

2 comments

Write comments
September 22, 2017 at 11:15 AM delete

I have tried this, some file extension rule works but some not.. it works with .exe, .mp3 and .zip, but it doesn't work on .rar and .mp4, I haven't tested all the file extension yet.. but so far that is what I have observed.

Reply
avatar
Ka Hindot
AUTHOR
August 1, 2019 at 4:12 PM delete

any extension files doesn't work to me..

Reply
avatar