Está en la página 1de 5

<<<<Layer 7 PROTOCOL>>>>

1. Buka winbox > "ip" > "firewall" > "layer7 protocols" > tanda + (untuk regex j
angan pakai terminal, sering error)
--isikan
Code:
Name=http-video dan RegeXp=http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09
-\x0d -~]*(content-type: video)
2. --tambah mangle,copykan kode bawah ini dan pastekan di "New Terminal" winbox
Code:
/ip firewall mangle add action=mark-packet chain=prerouting comment="http-video
mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video p
assthrough=no
3. dan yang terakhir setting queuenya
/queue tree add name=YOUTUBE parent=global-out packet-mark=http-video priority=8
limit-at=32000 max-limit=32000
4. --Buka "New terminal" di winbox
--Copykan kode di bawah ini dan pastekan di "New Terminal" winbox
Code:
ip firewall
\.(exe)"
ip firewall
\.(rar)"
ip firewall
\.(zip)"
ip firewall
.(7z)"
ip firewall
\.(cab)"
ip firewall
\.(asf)"
ip firewall
\.(mov)"
ip firewall
\.(wmv)"
ip firewall
\.(mpg)"
ip firewall
\\.(mpeg)"
ip firewall
\.(mkv)"
ip firewall
\.(avi)"
ip firewall
\.(flv)"
ip firewall
\.(wav)"
ip firewall
.(rm)"
ip firewall
\.(mp3)"
ip firewall
\.(mp4)"
ip firewall
\.(ram)"

layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\


layer7-protocol add comment="" name="Extension \" .rar \"" regexp="\
layer7-protocol add comment="" name="Extension \" .zip \"" regexp="\
layer7-protocol add comment="" name="Extension \" .7z \"" regexp="\\
layer7-protocol add comment="" name="Extension \" .cab \"" regexp="\
layer7-protocol add comment="" name="Extension \" .asf \"" regexp="\
layer7-protocol add comment="" name="Extension \" .mov \"" regexp="\
layer7-protocol add comment="" name="Extension \" .wmv \"" regexp="\
layer7-protocol add comment="" name="Extension \" .mpg \"" regexp="\
layer7-protocol add comment="" name="Extension \" .mpeg \"" regexp="
layer7-protocol add comment="" name="Extension \" .mkv \"" regexp="\
layer7-protocol add comment="" name="Extension \" .avi \"" regexp="\
layer7-protocol add comment="" name="Extension \" .flv \"" regexp="\
layer7-protocol add comment="" name="Extension \" .wav \"" regexp="\
layer7-protocol add comment="" name="Extension \" .rm \"" regexp="\\
layer7-protocol add comment="" name="Extension \" .mp3 \"" regexp="\
layer7-protocol add comment="" name="Extension \" .mp4 \"" regexp="\
layer7-protocol add comment="" name="Extension \" .ram \"" regexp="\

ip firewall
\\.(rmvb)"
ip firewall
\.(dat)"
ip firewall
\.(daa)"
ip firewall
\.(iso)"
ip firewall
\.(nrg)"
ip firewall
\.(bin)"
ip firewall
\.(vcd)"

layer7-protocol add comment="" name="Extension \" .rmvb \"" regexp="


layer7-protocol add comment="" name="Extension \" .dat \"" regexp="\
layer7-protocol add comment="" name="Extension \" .daa \"" regexp="\
layer7-protocol add comment="" name="Extension \" .iso \"" regexp="\
layer7-protocol add comment="" name="Extension \" .nrg \"" regexp="\
layer7-protocol add comment="" name="Extension \" .bin \"" regexp="\
layer7-protocol add comment="" name="Extension \" .vcd \"" regexp="\

silakan modifikasi sendiri mana ekstensi yang perlu di limit dan yang tidak. cuk
up ganti ekstensi doang :D
5. --tambah mangle,copykan kode bawah ini dan patekan di "New Terminal" winbox
Code:
/ip firewall mangle add action=mark-connection chain=prerouting comment="7z DOWN
S" disabled=no layer7-protocol="Extension \" .7z \"" new-connection-mark="7z DOW
NS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="7z DOWNS" disabled=no new-packet-mark=7z passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="asf DOW
NS" disabled=no layer7-protocol="Extension \" .asf \"" new-connection-mark="asf
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="asf DOWNS" disabled=no new-packet-mark=asf passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="avi DOW
NS" disabled=no layer7-protocol="Extension \" .avi \"" new-connection-mark="avi
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="avi DOWNS" disabled=no new-packet-mark=avi passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="bin DOW
NS" disabled=no layer7-protocol="Extension \" .bin \"" new-connection-mark="bin
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="bin DOWNS" disabled=no new-packet-mark=bin passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="flv DOW
NS" disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="flv DOWNS" disabled=no new-packet-mark=flv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="iso DOW
NS" disabled=no layer7-protocol="Extension \" .iso \"" new-connection-mark="iso
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark= "iso DOWNS" disabled=no new-packet-mark=iso passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="mkv DOW
NS" disabled=no layer7-protocol="Extension \" .mkv \"" new-connection-mark="mkv
DOWNS" passthrough=yes protocol=tcp

/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti


on-mark="mkv DOWNS" disabled=no new-packet-mark=mkv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="exe DOW
NS" disabled=no layer7-protocol="Extension \" .exe \"" new-connection-mark="exe
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="exe DOWNS" disabled=no new-packet-mark=exe passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="mov DOW
NS" disabled=no layer7-protocol="Extension \" .mov \"" new-connection-mark="mov
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="mov DOWNS" disabled=no new-packet-mark=mov passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="mp3 DOW
NS" disabled=no layer7-protocol="Extension \" .mp3 \"" new-connection-mark="mp3
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="mp3 DOWNS" disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="mp4 DOW
NS" disabled=no layer7-protocol="Extension \" .mp4 \"" new-connection-mark="mp4
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="mp4 DOWNS" disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="mpeg DO
WNS" disabled=no layer7-protocol="Extension \" .mpeg \"" new-connection-mark="mp
eg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="mpeg DOWNS" disabled=no new-packet-mark=mpeg passthrough=no protocol=tc
p
/ip firewall mangle add action=mark-connection chain=prerouting comment="mpg DOW
NS" disabled=no layer7-protocol="Extension \" .mpg \"" new-connection-mark="mpg
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="mpg DOWNS" disabled=no new-packet-mark=mpg passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="nrg DOW
NS" disabled=no layer7-protocol="Extension \" .nrg \"" new-connection-mark="nrg
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="nrg DOWNS" disabled=no new-packet-mark=nrg passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="ram DOW
NS" disabled=no layer7-protocol="Extension \" .ram \"" new-connection-mark="ram
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="ram DOWNS" disabled=no new-packet-mark=ram passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="rar DOW
NS" disabled=no layer7-protocol="Extension \" .rar \"" new-connection-mark="rar
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="rar DOWNS" disabled=no new-packet-mark=rar passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="rm DOWN
S" disabled=no layer7-protocol="Extension \" .rm \"" new-connection-mark="rm DOW

NS" passthrough=yes protocol=tcp


/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="rm DOWNS" disabled=no new-packet-mark=rm passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="rmvb DO
WNS" disabled=no layer7-protocol="Extension \" .rmvb \"" new-connection-mark="rm
vb DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="rmvb DOWNS" disabled=no new-packet-mark=rmvb passthrough=no protocol=tc
p
/ip firewall mangle add action=mark-connection chain=prerouting comment="wav DOW
NS" disabled=no layer7-protocol="Extension \" .wav \"" new-connection-mark="wav
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="wav DOWNS" disabled=no new-packet-mark=wav passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="wma DOW
NS" disabled=no layer7-protocol="Extension \" .wma \"" new-connection-mark="wma
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="wma DOWNS" disabled=no new-packet-mark=wma passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="wmv DOW
NS" disabled=no layer7-protocol="Extension \" .wmv \"" new-connection-mark="wmv
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="wmv DOWNS" disabled=no new-packet-mark=wmv passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="zip DOW
NS" disabled=no layer7-protocol="Extension \" .zip \"" new-connection-mark="zip
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="zip DOWNS" disabled=no new-packet-mark=zip passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="youtube
DOWNS" disabled=no layer7-protocol="YouTube " new-connection-mark="youtube DOWN
S" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no proto
col=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="daa DOW
NS" disabled=no layer7-protocol="Extension \" .daa \"" new-connection-mark="daa
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="daa DOWNS" disabled=no new-packet-mark=daa passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="dat DOW
NS" disabled=no layer7-protocol="Extension \" .dat \"" new-connection-mark="dat
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="dat DOWNS" disabled=no new-packet-mark=dat passthrough=no protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="vcd DOW
NS" disabled=no layer7-protocol="Extension \" .vcd \"" new-connection-mark="vcd
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="vcd DOWNS" disabled=no new-packet-mark=vcd passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="cab DOW


NS" disabled=no layer7-protocol="Extension \" .cab \"" new-connection-mark="cab
DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connecti
on-mark="cab DOWNS" disabled=no new-packet-mark=cab passthrough=no protocol=tcp
6. kemudian langkah terakhir,kita setting queuenya buat limit bw-nya
caranya sama saja, tinggal copas code dibawah ke terminal
queue tree add name="7z" parent=DOWNLOAD packet-mark=7z priority=8 limit-at=3200
0 max-limit=32000
queue tree add name="asf" parent=DOWNLOAD packet-mark=asf priority=8 limit-at=32
000 max-limit=32000
queue tree add name="avi" parent=DOWNLOAD packet-mark=avi priority=8 limit-at=32
000 max-limit=32000
queue tree add name="bin" parent=DOWNLOAD packet-mark=bin priority=8 limit-at=32
000 max-limit=32000
queue tree add name="cab" parent=DOWNLOAD packet-mark=cab priority=8 limit-at=32
000 max-limit=32000
queue tree add name="daa" parent=DOWNLOAD packet-mark=daa priority=8 limit-at=32
000 max-limit=32000
queue tree add name="dat" parent=DOWNLOAD packet-mark=dat priority=8 limit-at=32
000 max-limit=32000
queue tree add name="exe" parent=DOWNLOAD packet-mark=exe priority=8 limit-at=32
000 max-limit=32000
queue tree add name="flv" parent=DOWNLOAD packet-mark=flv priority=8 limit-at=32
000 max-limit=32000
queue tree add name="iso" parent=DOWNLOAD packet-mark=iso priority=8 limit-at=32
000 max-limit=32000
queue tree add name="mkv" parent=DOWNLOAD packet-mark=mkv priority=8 limit-at=32
000 max-limit=32000
queue tree add name="mov" parent=DOWNLOAD packet-mark=mov priority=8 limit-at=32
000 max-limit=32000
queue tree add name="mp3" parent=DOWNLOAD packet-mark=mp3 priority=8 limit-at=32
000 max-limit=32000
queue tree add name="mp4" parent=DOWNLOAD packet-mark=mp4 priority=8 limit-at=32
000 max-limit=32000
queue tree add name="mpeg" parent=DOWNLOAD packet-mark=mpeg priority=8 limit-at=
32000 max-limit=32000
queue tree add name="mpg" parent=DOWNLOAD packet-mark=mpg priority=8 limit-at=32
000 max-limit=32000
queue tree add name="nrg" parent=DOWNLOAD packet-mark=nrg priority=8 limit-at=32
000 max-limit=32000
queue tree add name="ram" parent=DOWNLOAD packet-mark=ram priority=8 limit-at=32
000 max-limit=32000
queue tree add name="rar" parent=DOWNLOAD packet-mark=rar priority=8 limit-at=32
000 max-limit=32000
queue tree add name="rm" parent=DOWNLOAD packet-mark=rm priority=8 limit-at=3200
0 max-limit=32000
queue tree add name="rmvb" parent=DOWNLOAD packet-mark=rmvb priority=8 limit-at=
32000 max-limit=32000
queue tree add name="vcd" parent=DOWNLOAD packet-mark=vcd priority=8 limit-at=32
000 max-limit=32000
queue tree add name="wav" parent=DOWNLOAD packet-mark=wav priority=8 limit-at=32
000 max-limit=32000
queue tree add name="wmv" parent=DOWNLOAD packet-mark=wmv priority=8 limit-at=32
000 max-limit=32000
queue tree add name="zip" parent=DOWNLOAD packet-mark=zip priority=8 limit-at=32
000 max-limit=32000