Stop downloads on Mikrotik and punish offenders!!!

Trust me, people can kill your career before it gets started. What do they do? Queue up downloads and make sure nobody is able to work, and guess who takes the blame? The network administrator. So how do we not only stop them but punish them as well for making our jobs difficult? In this post, I will share with us on how to stop all downloads on your Mikrotik router and punish offenders, using the layer7 protocol and address-list. Just walk with me. Its easy and straightforward, trust me.

This lab will be performed on a Mikrotik router. Mikrotik is one of the best things that have happened to networking. It comes with so many features all packed into one box and the best part is that it is very cheap compared to other network gears, and it works best too. So, here we go! Assuming all the basic configurations have been don and there is internet connectivity on your router, then follow the steps below.

Step one :

Click on IP, firewall, layer7 protocol. Give it a title and paste these codes where applicable :

^.*get.+.(exe|rar|zip|iso|mp4|mp3).*$

Step two:

Enter the following codes below:

ip firewall filter add chain=forward layer7-protocol=blockdownloads action= add-src-to-address-list address-list=offenders

Next, we state the duration to hold their addresses in the address-list.To do this, go to firewall, double click on the rule we just created, in the action tab,click on timeout and enter 02:00:00. The final step is to create another filter rule that will block any address found in the address-list called offenders (the one we just created) from accessing the internet. Enter these codes:

ip firewall filter add chain=forward src-address-list=offenders action=drop

Offending addresses will be dynamically added to an address-list known as offenders for two hours, and any address found there will be blocked from forwarding any form of packet through the router. You can also do this with sites that have been blocked. Check here for a post on how to block sites.