A
ip firewall filter/
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.exe protocol=tcp
src-address=192.168.168.0/24
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.rar protocol=tcp
src-address=192.168.168.0/24
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.zip protocol=tcp
src-address=192.168.168.0/24
ip firewall filter/
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.exe protocol=tcp
src-address=192.168.168.0/24
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.rar protocol=tcp
src-address=192.168.168.0/24
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.zip protocol=tcp
src-address=192.168.168.0/24
B
ip firewall mangle/
\add action=mark-packet chain=forward comment="limit download" disabled=no
new-packet-mark=limit-download passthrough=no protocol=tcp src-address-list=limit-extension
ip firewall mangle/
\add action=mark-packet chain=forward comment="limit download" disabled=no
new-packet-mark=limit-download passthrough=no protocol=tcp src-address-list=limit-extension
C
queue tree/
add limit-at=32k max-limit=32k name=Limit-Download packet-mark=Limit-Download parent=global queue=default
queue tree/
add limit-at=32k max-limit=32k name=Limit-Download packet-mark=Limit-Download parent=global queue=default
E
ip firewall address-list/
add address=192.168.168.10 list=Unlimited
add address=192.168.168.20 list=Unlimited
add address=192.168.168.30 list=Unlimited
ip firewall filter/
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.exe protocol=tcp
src-address=192.168.168.0/24 src-address-list=!Unlimited
ip firewall address-list/
add address=192.168.168.10 list=Unlimited
add address=192.168.168.20 list=Unlimited
add address=192.168.168.30 list=Unlimited
ip firewall filter/
\add action=add-dst-to-address-list address-list=limit-extension address-list-timeout=1h chain=forward comment
\ limit download by using file extension" content=.exe protocol=tcp
src-address=192.168.168.0/24 src-address-list=!Unlimited
در این سناریو تصمیم داریم برای دانلود بعضی از File Extension محدودیت سرعت دانلود اعمال کنیم.
در ابتدا اگر درخواستی برای دنلود File Extensions:.rar .zip .exe از طرف src-address=192.168.168.0/24 آمد بیا اونها را در لیستی با نام limit-extension به مدت 1 ساعت قرار بده سپس با استفاده از mangle و queue tree بیا محدودیت مد نظر ما را اعمال کن.
در صورتی که بخواهیم بعضی از سیستم ها دچار این محدودیت مرگبار نشند میتونیم از Part E استفاده کنیم.
موفق باشید.
کامنت