Categories: MikroTik

Stop downloads on Mikrotik and punish offenders!!!

Trust me, people can kill your career before it gets started. What do they do? Queue up downloads and make sure nobody is able to work, and guess who takes the blame? The network administrator. So how do we not only stop them but punish them as well for making our jobs difficult? In this post, I will share with us on how to stop all downloads on your Mikrotik router and punish offenders, using the layer7 protocol and address-list. Just walk with me. Its easy and straightforward, trust me.

Image showing how to setup Mikrotik layer7 protocol

This lab will be performed on a Mikrotik router. Mikrotik is one of the best things that have happened to networking. It comes with so many features all packed into one box and the best part is that it is very cheap compared to other network gears, and it works best too. So, here we go! Assuming all the basic configurations have been don and there is internet connectivity on your router, then follow the steps below.

Step one :

Click on IP, firewall, layer7 protocol. Give it a title and paste these codes where applicable :

^.*get.+.(exe|rar|zip|iso|mp4|mp3).*$

Step two:

Enter the following codes below:

ip firewall filter add chain=forward layer7-protocol=blockdownloads action= add-src-to-address-list address-list=offenders

Next, we state the duration to hold their addresses in the address-list.To do this, go to firewall, double click on the rule we just created, in the action tab,click on timeout and enter 02:00:00. The final step is to create another filter rule that will block any address found in the address-list called offenders (the one we just created) from accessing the internet. Enter these codes:

ip firewall filter add chain=forward src-address-list=offenders action=drop

Offending addresses will be dynamically added to an address-list known as offenders for two hours, and any address found there will be blocked from forwarding any form of packet through the router. You can also do this with sites that have been blocked. Check here for a post on how to block sites.

 

Spread the love
Timigate

View Comments

  • I'm not sure this will be effective for HTTPS..

    This will also punish people who are not downloading stuff but visit a webpage that tries to download something.

Recent Posts

Optimize your Metro ethernet with Jumbo MTU

Optimizing Metro Ethernet segments with jumbo MTU (Maximum Transmission Unit) can significantly enhance network performance…

1 week ago

Mikrotik switchOS configuration: a step-by-step guide

MikroTik's SwitchOS is an operating system specifically designed for their line of network switches. It…

1 month ago

Improve your network uptime with VRRP right now

A properly configured VRRP setup does not only track device uptime but also tracks connection…

1 month ago

Have you been configuring NAT the right way on Mikrotik?

Network Address Translation (NAT) is a technique used in networking to map private IP addresses…

1 month ago

Implementing VXLAN over MPLS with Mikrotik

In the ever-evolving landscape of networking technologies, the demand for efficient and scalable solutions has…

2 months ago

Multi-Area OSPF implementation on Mikrotik routers

Setting up Multi-Area OSPF (Open Shortest Path First) on Mikrotik routers involves a few steps.…

2 months ago