Stop downloads on Mikrotik and punish offenders!!!

Trust me, people can kill your career before it gets started. What do they do? Queue up downloads and make sure nobody is able to work, and guess who takes the blame? The network administrator. So how do we not only stop them but punish them as well for making our jobs difficult? In this post, I will share with us on how to stop all downloads on your Mikrotik router and punish offenders, using the layer7 protocol and address-list. Just walk with me. Its easy and straightforward, trust me.

Layer7 rules on Mikrotik
Image showing how to setup Mikrotik layer7 protocol

This lab will be performed on a Mikrotik router. Mikrotik is one of the best things that have happened to networking. It comes with so many features all packed into one box and the best part is that it is very cheap compared to other network gears, and it works best too. So, here we go! Assuming all the basic configurations have been don and there is internet connectivity on your router, then follow the steps below.

Step one :

Click on IP, firewall, layer7 protocol. Give it a title and paste these codes where applicable :

^.*get.+.(exe|rar|zip|iso|mp4|mp3).*$

Step two:

Enter the following codes below:

ip firewall filter add chain=forward layer7-protocol=blockdownloads action= add-src-to-address-list address-list=offenders

Next, we state the duration to hold their addresses in the address-list.To do this, go to firewall, double click on the rule we just created, in the action tab,click on timeout and enter 02:00:00. The final step is to create another filter rule that will block any address found in the address-list called offenders (the one we just created) from accessing the internet. Enter these codes:

ip firewall filter add chain=forward src-address-list=offenders action=drop

Offending addresses will be dynamically added to an address-list known as offenders for two hours, and any address found there will be blocked from forwarding any form of packet through the router. You can also do this with sites that have been blocked. Check here for a post on how to block sites.

 

Spread the love

Timigate

Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

2 thoughts on “Stop downloads on Mikrotik and punish offenders!!!

  • July 20, 2018 at 3:45 am
    Permalink

    I’m not sure this will be effective for HTTPS..

    This will also punish people who are not downloading stuff but visit a webpage that tries to download something.

    Reply
    • July 20, 2018 at 7:23 am
      Permalink

      It works for all sites, YouTube and Facebook inclusive.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *