Block Download Based Download Sizes

From MikroTik Wiki
Jump to: navigation, search

In This Articles , i want describe , how to block download more than 10 MB per Bytes .

Everybody Want To Download Big Size Files , After Downloaded 10 MB , Download Would Stop .

in This Example , i Want block download per Source And Destination .

For Example , Everybody can download file from one server , and he want open a new session with a new server for other works .

for this reason , we sign Source And Destinations with Srd Address List And Dst Address List , And Then Download More Than 10 MB stop for These Addresses .

We Need Three Rules .

Rule 1 : Match And Assign Source Of Download To A New Address List . Rule 2 : Match And Assign Destination of Download To A new Address list . Rule 3 : Block Every Session ( Download ) , That Size Is More That 10 MB .


/ip firewall filter

add action=add-src-to-address-list address-list=Src address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24

add action=add-dst-to-address-list address-list=Dst address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24

add action=drop chain=forward disabled=no dst-address-list=Dst protocol=tcp \
src-address-list=Src

In My Example , I Assign Every Users In 192.168.0.0/24 Subnet , They have more that 10 MB size to Download After that , in Last Rule , I Block That Session To block Download for 1 Hour .

If users want to download 40 MB file , every 10MB file downloaded , they need wait to 1 Hours , Also You can Change Connection Bytes Value And Address list Time out Value .

Also You can start this strategy base on File Extensions , Such as ( mp3 , avi , flv , zip , ... )


Reza Moghadam


--MikroTik Certified Trainer 16:14, 12 April 2013 (UTC)