Trust me, people can kill your career before it gets started. What do they do? Queue up downloads and make sure nobody is able to work, and guess who takes the blame? The network administrator. So how do we not only stop them but punish them as well for making our jobs difficult? In this post, I will share with us on how to stop all downloads on your Mikrotik router and punish offenders, using the layer7 protocol and address-list. Just walk with me. Its easy and straightforward, trust me.
This lab will be performed on a Mikrotik router. Mikrotik is one of the best things that have happened to networking. It comes with so many features all packed into one box and the best part is that it is very cheap compared to other network gears, and it works best too. So, here we go! Assuming all the basic configurations have been don and there is internet connectivity on your router, then follow the steps below.
Click on IP, firewall, layer7 protocol. Give it a title and paste these codes where applicable :
^.*get.+.(exe|rar|zip|iso|mp4|mp3).*$
Enter the following codes below:
ip firewall filter add chain=forward layer7-protocol=blockdownloads action= add-src-to-address-list address-list=offenders
Next, we state the duration to hold their addresses in the address-list.To do this, go to firewall, double click on the rule we just created, in the action tab,click on timeout and enter 02:00:00. The final step is to create another filter rule that will block any address found in the address-list called offenders (the one we just created) from accessing the internet. Enter these codes:
ip firewall filter add chain=forward src-address-list=offenders action=drop
Offending addresses will be dynamically added to an address-list known as offenders for two hours, and any address found there will be blocked from forwarding any form of packet through the router. You can also do this with sites that have been blocked. Check here for a post on how to block sites.
Optimizing Metro Ethernet segments with jumbo MTU (Maximum Transmission Unit) can significantly enhance network performance…
MikroTik's SwitchOS is an operating system specifically designed for their line of network switches. It…
A properly configured VRRP setup does not only track device uptime but also tracks connection…
Network Address Translation (NAT) is a technique used in networking to map private IP addresses…
In the ever-evolving landscape of networking technologies, the demand for efficient and scalable solutions has…
Setting up Multi-Area OSPF (Open Shortest Path First) on Mikrotik routers involves a few steps.…
View Comments
I'm not sure this will be effective for HTTPS..
This will also punish people who are not downloading stuff but visit a webpage that tries to download something.
It works for all sites, YouTube and Facebook inclusive.