Block Facebook di MikroTik
1. Pertama buat mangle dulu atau marking yang berbau facebook/ip firewall mangleadd action=add-dst-to-address-list address-list=facebook \address-list-timeout=2m chain=prerouting comment="" content=facebook.com \disabled=no
2. Kedua baru eksekusi facebooknya
/ip firewall filteradd action=drop chain=forward comment="Drop Facebook" disabled=no \dst-address-list=facebook
Ket : Rules diatas nge drop ip-ip yg terdaftar di address-list “facebook”
Coba deh buka facebook n buka web yg lain, liat statistik di rules yg abis dibuat..
Coba deh buka facebook n buka web yg lain, liat statistik di rules yg abis dibuat..
Limit Youtube di MikroTik
Pertama, kita buat layer-7 filteringnya dahulu.
/ip firewall layer7-protocol
add name=video_stream regexp="(get_video\\\?|videoplayback\\\?|videodownload\\\
\?|\\.flv\\\?|\\.fid\\\?)"
Kedua, mangling atau tandai koneksi video youtube (Perhatikan in-interfaces nya, kearah ether lokal/LAN)
/ip firewall mangle
add \
action=mark-connection \
chain=prerouting \
disabled=no \
in-interface=ether1-lan \
new-connection-mark="all_conn[modalsemangat.com]" \
passthrough=yes
add \
action=mark-connection \
chain=prerouting \
disabled=no \
in-interface=ether1-lan \
layer7-protocol=video_stream \
new-connection-mark="video_conn[modalsemangat.com]" \
passthrough=yes
add \
action=mark-packet \
chain=prerouting \
connection-mark="video_conn[modalsemangat.com]" \
disabled=no \
new-packet-mark="video_packet[modalsemangat.com]" \
passthrough=no
add \
action=mark-packet \
chain=prerouting \
connection-mark="all_conn[modalsemangat.com]" \
disabled=no \
new-packet-mark="all_packet[modalsemangat.com]" \
passthrough=no
Ketiga, limit / batasi !!! (di tutor ini pakai simple queue)
/queue simple
add \
name="Browsing, DLL" \
comment="Membatasi video streaming (ex: youtube) - [modalsemangat.com]" \
burst-limit=0/0 \
burst-threshold=0/0 \
burst-time=0s/0s \
direction=both \
disabled=no \
interface=all \
limit-at=0/0 \
max-limit=1M/1M \
packet-marks="all_packet[modalsemangat.com]" \
parent=none \
priority=8 \
queue=default-small/default-small \
target-addresses=192.168.65.0/24 \
total-queue=default-small
add \
name="Video Streaming/Youtube" \
burst-limit=0/0 \
burst-threshold=0/0 \
burst-time=0s/0s \
direction=both \
disabled=no \
interface=all \
limit-at=0/0 \
max-limit=128k/128k \
packet-marks="video_packet[modalsemangat.com]" \
parent=none \
priority=8 \
queue=default-small/default-small \
target-addresses=192.168.65.0/24 \
total-queue=default-small
Saat browser memulai buffering queue “Video Streaming/Youtube” akan mulai beraksi, untuk limitnya sesuaikan dengan keinginan anda. Ini bisa berlaku juga untuk situs video streaming lainnya, bukan hanya untuk youtube saja.
Sekarang saya coba contohkan bagaimana buka tutup untuk koneksi video streaming, anggap saja video streaming youtube tidak bisa di akses pada jam 09:00-18:00 diatas jam tersebut bebas atau kita batasi 1Mbps. Disini kita manfaatkan fitur scheduler mikrotik
/system scheduler
add \
name="Open Youtube" \
disabled=no \
interval=1d \
on-event="/queue simple set \"Video Streaming/Youtube\" max-limit=1m/1m" \
policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=aug/19/2014 \
start-time=18:00:00
add \
name="Blok Youtube" \
disabled=no \
interval=1d \
on-event="/queue simple set \"Video Streaming/Youtube\" max-limit=1k/1k" \
policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=aug/19/2014 \
start-time=09:00:00
Block Torrent/P2P di MikroTik
Di sini saya coba jelaskan bagaimana blokir koneksi torrent
dengan mikrotik. Trus ngapain di blokir segala bos? tuh koneksi
ngabisin bandwidth alias bandwidth killer, download upload disedot
semua. Hasilnya ga kebagian bandwidth deh. Di sini kita pakai tehnik
trap aktifitas aplikasi/koneksi torrent dan dst-address IPnya di masukin
ke address-list bernama “torrent”. Kemudian semua tujuan ke
address-list “torrent” kita drop.
/ip firewall filteradd action=add-dst-to-address-list address-list=torrent chain=forward comment=\"TORRENT No 1: Classic non security torrent [adamonline.web.id]" in-interface=\ether2-lan p2p=all-p2padd action=add-dst-to-address-list address-list=torrent chain=forward comment=\"TORRENT No 2: outgoing DHT [adamonline.web.id]" content=d1:ad2:id20: dst-port=\1025-65535 in-interface=ether2-lan packet-size=95-190 protocol=udpadd action=add-dst-to-address-list address-list=torrent chain=forward comment=\"TORRENT No 3: outgoing TCP announce [adamonline.web.id]" content="info_hash=" \dst-port=27 in-interface=ether2-lan protocol=tcpadd action=add-dst-to-address-list address-list=torrent chain=forward comment=\"TORRENT No 5: 6771 block Local Broadcast [adamonline.web.id]" content=\"\r\\nInfohash:" dst-port=6771 in-interface=ether2-lan protocol=udpadd action=drop chain=forward comment=\"TORRENT No 4: prohibits download .torrent files. [adamonline.web.id]" content=\.torrent dst-port=80 in-interface=ether2-lan protocol=tcpadd action=drop chain=forward comment=\"TORRENT No. 5 : Finally we drop all torrent connection [adamonline.web.id]" \dst-address-list=torrent
- Script diatas bisa di copy paste ke terminal, tapi edit dulu “in-interface=ether2-lan” ke nama interfaces lokal/LAN Anda, agar IP lokal/client Anda tidak masuk ke address-list torrent.
- Script diatas juga block/blokir jika ada user download file berektensi “.torrent” (line 15-17), jadi user tidak bisa download file .torrent ke aplikasi torrentnya
add action=drop chain=forward comment="TORRENT No 4: prohibits download .torrent files. [adamonline.web.id]" \content=.torrent disabled=no dst-port=80 in-interface=ether1-lan protocol=tcp time=\9h-18h,mon,tue,wed,thu,friadd action=drop chain=forward comment=\"TORRENT No. 5 : Finally we drop all torrent connection [adamonline.web.id]" disabled=no dst-address-list=\torrent time=9h-18h,mon,tue,wed,thu,fri
Kalau nambah blokir Website lain gmn ya caranya?
BalasHapus