Graphic Web Design, Computer Network, Balinese Culture

Loading...
48 comments
Limiting Download File Extensions on Mikrotik

This is one another method to prioritize browsing speed by limiting download speed with the variety ​​of many file extensions that may the clients do at time. Indeed, every method has advantages and disadvantages, it is depending on the situation and your priorities. Download that excessive and greedy cause of decreasing the bandwidth space, if this happens there is no more space for browsing because bandwidth space already used by the client who download which causes the browsing activity hangs.


In the Queue Tree we shall give the proportions of bandwidth space to the file extensions that may to download and contested each other of the clients who download the same file extension. Limiting download file extensions on mikrotik is complete the bandwidth management of limiting youtube and video streams. So that the browsing can run smoothly without significant disturbance with the monster such a downloader and video streamer.

In the practice about limiting download file extensions is support of the leaking of a video stream that may not difined yet. For example, there is a video stream from any url that not defined on the queue tree. In fact limiting download file extensions is covered the video streams that was not defined. I don't how can it be! In other events about my experience, when I was upload a video file to the youtube, limiting video streams and downloads with file extensions is unable to cover it. However, this is very rarely done by the client especially on my internet café.

If you want immediately to practice limiting download file extensions on mikrotik, let's get started!

1.  Login to your Mikrotik WinBox, Click on IP>Firewall,  select tab : Layer7 Protocols.  Here we shall create the marking of file extensions variety. For more quickly, just copy the script to layer7 protocols  below, and paste to the new terminal window!

The script that must insert to Layer7 Protocols :

/ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
/ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
/ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"

Just make sure the script that we just inserted, on the winbox main menu click on IP>Firewall, and then click on Layer7 Protocols tabs. On the Layer7 Protocols tab, you will have many type of file extensions in that. Let's see the picture below!


2. On the firewall window, select tab: Mangle, here we shall create the mangle rule of the file extensions. For more quickly just click on New Terminal menu, copy the mangle script, right click on terminal window and paste therein!

The mangle script that you have to insert :

/ip firewall mangle add action=mark-packet \
chain=prerouting comment="EXE MARK PACKET " disabled=no \
layer7-protocol=EXE new-packet-mark=EXE passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAR MARK PACKET " disabled=no \
layer7-protocol=RAR new-packet-mark=RAR passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ZIP MARK PACKET " disabled=no \
layer7-protocol=ZIP new-packet-mark=ZIP passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="7z MARK PACKET " disabled=no \
layer7-protocol=7z new-packet-mark=7z passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="CAB MARK PACKET " disabled=no \
layer7-protocol=CAB new-packet-mark=CAB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ASF MARK PACKET " disabled=no \
layer7-protocol=ASF new-packet-mark=ASF passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MOV MARK PACKET " disabled=no \
layer7-protocol=MOV new-packet-mark=MOV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WMV MARK PACKET " disabled=no \
layer7-protocol=WMV new-packet-mark=WMV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPG MARK PACKET " disabled=no \
layer7-protocol=MPG new-packet-mark=MPG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MPEG MARK PACKET " disabled=no \
layer7-protocol=MPEG new-packet-mark=MPEG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MKV MARK PACKET " disabled=no \
layer7-protocol=MKV new-packet-mark=MKV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="AVI MARK PACKET " disabled=no \
layer7-protocol=AVI new-packet-mark=AVI passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="FLV MARK PACKET " disabled=no \
layer7-protocol=FLV new-packet-mark=FLV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="WAV MARK PACKET " disabled=no \
layer7-protocol=WAV new-packet-mark=WAV passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RM MARK PACKET " disabled=no \
layer7-protocol=RM new-packet-mark=RM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP3 MARK PACKET " disabled=no \
layer7-protocol=MP3 new-packet-mark=MP3 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="MP4 MARK PACKET " disabled=no \
layer7-protocol=MP4 new-packet-mark=MP4 passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RAM MARK PACKET " disabled=no \
layer7-protocol=RAM new-packet-mark=RAM passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="RMVB MARK PACKET " disabled=no \
layer7-protocol=RMVB new-packet-mark=RMVB passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAT MARK PACKET " disabled=no \
layer7-protocol=DAT new-packet-mark=DAT passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="DAA MARK PACKET " disabled=no \
layer7-protocol=DAA new-packet-mark=DAA passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="ISO MARK PACKET " disabled=no \
layer7-protocol=ISO new-packet-mark=ISO passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="NRG MARK PACKET " disabled=no \
layer7-protocol=NRG new-packet-mark=NRG passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="BIN MARK PACKET " disabled=no \
layer7-protocol=BIN new-packet-mark=BIN passthrough=no
/ip firewall mangle add action=mark-packet \
chain=prerouting comment="VCD MARK PACKET " disabled=no \
layer7-protocol=VCD new-packet-mark=VCD passthrough=no

For make sure the script already make the mangle rule on firewall, on the main menu winbox click on IP>Firewall, and then click mangle tabs. On the mangle tab of the  firewall, you will find many mangle rule inside according the number of file extensions as shown like the pictures below!

 
3. On the main menu click : Queues, Queue list will be shown. Select tab : Queue tree, here you will to create the queue tree rule for each file extensions. For more quickly just click the New Terminal on main menu, copy the queue tree script, right click on terminal window and paste therein!

The queue tree script that you have to insert :

/queue tree add name="LIMIT FILE EXTENTION" parent=global-out \
limit-at=0 priority=3 max-limit=210000 burst-limit=\
0 burst-threshold=0 burst-time=0s
/queue tree add name="7z" parent="LIMIT FILE EXTENTION" \
packet-mark=7z limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ASF" parent="LIMIT FILE EXTENTION" \
packet-mark=ASF limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="AVI" parent="LIMIT FILE EXTENTION" \
packet-mark=AVI limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="BIN" parent="LIMIT FILE EXTENTION" \
packet-mark=BIN limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="CAB" parent="LIMIT FILE EXTENTION" \
packet-mark=CAB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAA" parent="LIMIT FILE EXTENTION" \
packet-mark=DAA limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="DAT" parent="LIMIT FILE EXTENTION" \
packet-mark=DAT limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="EXE" parent="LIMIT FILE EXTENTION" \
packet-mark=EXE limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="FLV" parent="LIMIT FILE EXTENTION" \
packet-mark=FLV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ISO" parent="LIMIT FILE EXTENTION" \
packet-mark=ISO limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MKV" parent="LIMIT FILE EXTENTION" \
packet-mark=MKV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MOV" parent="LIMIT FILE EXTENTION" \
packet-mark=MOV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP3" parent="LIMIT FILE EXTENTION" \
packet-mark=MP3 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MP4" parent="LIMIT FILE EXTENTION" \
packet-mark=MP4 limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPEG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPEG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="MPG" parent="LIMIT FILE EXTENTION" \
packet-mark=MPG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="NRG" parent="LIMIT FILE EXTENTION" \
packet-mark=NRG limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAM" parent="LIMIT FILE EXTENTION" \
packet-mark=RAM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RAR" parent="LIMIT FILE EXTENTION" \
packet-mark=RAR limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RM" parent="LIMIT FILE EXTENTION" \
packet-mark=RM limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="RMVB" parent="LIMIT FILE EXTENTION" \
packet-mark=RMVB limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="VCD" parent="LIMIT FILE EXTENTION" \
packet-mark=VCD limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WAV" parent="LIMIT FILE EXTENTION" \
packet-mark=WAV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="WMV" parent="LIMIT FILE EXTENTION" \
packet-mark=WMV limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s
/queue tree add name="ZIP" parent="LIMIT FILE EXTENTION" \
packet-mark=ZIP limit-at=0 queue=default priority=1 max-limit=\
0 burst-limit=0 burst-threshold=0 burst-time=0s

Let’s check the queue tree rules by click on Queue on the main menu, and the select the tab : queue tree. You will find many rules on the queue tree. You can adjust Limit value of File Extensions  as you wish.


Download any file from the internet,  and  the limit file extensions rule on the queue tree. This rule allow you to setup the limit speed on each file extensions. But the total bandwidth that will share depending on limit file extension as parent. For more details let’s see this article video! see you!
Share This Article :
Related Articles

48 comments :

  1. I have implemented this on my router...was initially impressed to see the results but however gmail and other logins like facebook started to show up 'no data received' and 'invalid request' dead pages after logins, i disabled mangle rules and things are fine again...

    can you please help me with this?

    ReplyDelete
    Replies
    1. This is my guess just for a while. Adding mangle,queue,and other will spend resource of your router, it is possible to make any conflict inside, when the router is not perfect to work between software and hardware itself. I suggest you to restart the router after insert all of the rules to your router, for system changes on your router reload fresh and well.

      Delete
  2. Ketut Agus Suardika
    ممكن ملف
    /queue type

    ReplyDelete
  3. Cara yang mungkin ditutup beban dihilangkan pada waktu tertentu berarti 6:00-12:00 setiap hari
    Copy 5

    ReplyDelete
  4. i put the script but does not work with file extention mp4,flv when i download them from youtube

    ReplyDelete
    Replies
    1. That is youtube have rules, capture the packets youtube after that you can limit at once by queue rules. This is the next article for youtube http://agratitudesign.blogspot.com/2013/08/solution-to-limit-youtube-video-streams.html

      Delete
  5. i followed the next article and applayed it on my system and give me good work ,thanks

    ReplyDelete
  6. there are Clint's downloading not under tree queue so they take all traffic> WATS the problem?

    ReplyDelete
  7. how can i know extension files that Clint's downloading not under tree queues

    ReplyDelete
    Replies
    1. The extension files is many, we just handle the most extension that usually downloaded by the client or maybe any connection packets that used by someone that must be defined yet. We can not perfectly handle a little more details. May be you try this http://agratitudesign.blogspot.com/2013/10/full-bandwidth-management-parent-queue.html to keep safe from the connection packets that not defined yet.

      Delete
  8. Hi, this setup works well., But when the server cache transparet launch will be in trouble?
    how to fix this problem?
    when i disable
    firewall nat chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
    limition work,by web proxy not work,when enable that,limition not work but proxy work,how can fix this problem

    ReplyDelete
  9. Very cool and thank for your posting, Therefore i suggest to show us how to configure load-balancing over Mikrotik.

    ReplyDelete
    Replies
    1. Thank you for the suggestion! but right now i can't implement it, because I just have single ISP here!

      Delete
  10. /queue tree add name="LIMIT FILE EXTENTION" parent=global-out \
    limit-at=0 priority=3 max-limit=210000 burst-limit=\
    0 burst-threshold=0 burst-time=0s

    Apakah max-limit tersebut untuk perKLIEN (IP Address) atau untuk semua Klien (210kbps untuk semua)

    ReplyDelete
    Replies
    1. Queue tree tidak mempunyai pembagian per ip address, tidak seperti queue simple. Akan tetapi semua diserah pada mangle rule. Jadi Jelas kl tidak mengambil paket per client dari mangle, itu untuk semua client!

      Delete
    2. hallo gays i need help in my network i need support teamviewer and config my mikrotik plz iam wating reply lolo_nono104@yahoo.com

      Delete
  11. Dimikrotik saya kok tidak berjalan ya limitnya, queue tree tidak terdetek jika ada download an.. padahal copy paste script tidak ada kesalahan.. apakah di queue type yg default nya berbeda pada mikrotik saya.. terimakasih..

    ReplyDelete
  12. hi, i was try using your step but its not work.. :(
    the user from mikrotik hotspot still get the full speed.
    is it this trick will work with the mikrotik web proxy and mikrotik hotspot user?
    thank you..

    ReplyDelete
    Replies
    1. It still very simple to make the bandwidth management such a hotspot network as whole using this way should be combined with another. But i will talk about hotspot network for the next. Thanks for comment!

      Delete
  13. Could you update your script for Mikrotik v 6.+ ?

    ReplyDelete
    Replies
    1. It will be different in using qos version 6+, this a new system and more flexible in queue simple that will be able to separate upload and download priority like in queue tree in version 5+ that i have seen. I hope any fund later to buy this mikrotik system and exploring the bandwidth management system.

      Delete
    2. I hope, I'll see some QoS tutorials about v6+ on your blog soon.

      Delete
  14. Hi friends,

    I'm want to stop downloading by Mikrotik rb951ui-2hnd. i find your explication in this page but it doesn't work. downloading have no limit.your method for youtube doesn't work too.

    Pleas can you help me.i want this solution for my job.

    ReplyDelete
    Replies
    1. what qos version is this ( v.5+ or v6+)?

      Delete
    2. Very nice man
      i have problem v3.30 this code is not working (remain-bytes-total-nice)$
      ???

      Delete
  15. hi can you help me about block or limit file format for hotspot?

    ReplyDelete
  16. Can you help i have done stge 1 and 2 successfully but when i paste the queue tree its saying input does not match any value of parent. i used this script for parent ( /queue tree add name="LIMIT FILE EXTENTION" parent=global-out \.. limit-at=0 priority=3 max-limit=21\... limit-at=0 priority=3 max-limit=210000 burst-limit=\
    \... 0 burst-threshold=0 burst-time=0s)
    Please help

    ReplyDelete
  17. "input does not match any value of parent" this is the error i've got on 6.13v but on 5.24 it is ok

    ReplyDelete
    Replies
    1. you're right! I still not find a solution yet for v6+ because i don't have, I'm sorry now!

      Delete
    2. "input does not match any value of parent"
      The queue tree script that you have to insert :


      /queue tree add name="LIMIT FILE EXTENTION" parent=global\
      limit-at=0 priority=3 max-limit=210000 burst-limit=\
      0 burst-threshold=0 burst-time=0s


      THANKS ^__^

      Delete
  18. hello sir good work,, sir i m in trouble please help me. i m using mikrotik 6.7 virsion, and i have to assigned 4mb downloading speed to this website only "www.dodear.com(i.p 192.168.20.60)".. i configured DHCP, Hotspot and PPPoE in same box, i want that my users get internet speed acording to package, but when they visit www.dodear.com then my users get 4mb speed. please reply as soon as possible

    ReplyDelete
  19. Hi, this setup works well., But when the server cache transparet launch will be in trouble?
    how to fix this problem?
    when i disable
    firewall nat chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
    limition work,by web proxy not work,when enable that,limition not work but proxy work,how can fix this problem

    ReplyDelete
  20. hello my friend iwant reset Tx/Rx bytes(Reset countres) in my interfaces every 1min
    please help me

    ReplyDelete
  21. I want to ask
    for example / In some extension make speed limited in 1mb
    if tow or three clients download the same extension Are they reach every one of those the 1mb x 3 = 3mb total ?? , I want this way to make every one have the same speed but not totally for the all
    like 1mb x 3 clients get 3mb not 1mb totally in the same extension

    ReplyDelete
  22. Thank you for your post, I look for such article along time, today i find it finally. this post give me lots of advise it is very useful for me
    Signature:
    Jugar juegos de frozen en línea gratis, los nuevos de princesa de Disney juegos frozen - la princesa encantadora y linda. Divertirse frozen!

    ReplyDelete
  23. v6 CHANGES
    global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;

    ReplyDelete
  24. Hello, just wanted to say, I loved this article. It was practical.
    Keep on posting!
    kids games online
    friv 2
    unblocked games
    juegos de un show mas

    ReplyDelete
  25. Hello!
    I use hotspot in my router and I have about 30 clients and 2mb bandwidth.
    Can I use file Extension limitation with it.
    Both of them in same time.
    My router model is RB951G-2Hnd

    ReplyDelete
  26. hello, is it possible to join all those file extentions in just one layer7 protocol so that 1 mangle and firewall rule will limit them.

    thanks

    ReplyDelete
  27. Bli ini ngga working yah kalo source dowtnloadnya dari htps website

    ReplyDelete
  28. @Sapanda
    Yes, by adding the pipe or more sign to the arugment eg. \.(mp3|avi|flv|ogg) etc.

    ReplyDelete
  29. Tenho um problema quando vários Utilizadores começam a baixar a mesma extensão o limite esgota-se.
    Gostaria que cada utilizador quando estiver a baixar na referência de uma extensão consome apelas a largura de banda dele e não esgota a largura de banda limitada na extensão.

    ReplyDelete
  30. I have a problem when multiple users start to download the same extent the limit runs out.
    I would like each user when to download the reference an extension consumes apelas his bandwidth and does not exhaust the limited bandwidth extension.

    ReplyDelete
  31. I use the issuance does not work with me

    ReplyDelete