n This Articles , i want describe , how to block download more than 10 MB per Bytes .
Everybody Want To Download Big Size Files , After Downloaded 10 MB , Download Would Stop .
in This Example , i Want block download per Source And Destination .
For Example , Everybody can download file from one server , and he want open a new session with a new server for other works .
for this reason , we sign Source And Destinations with Srd Address List And Dst Address List , And Then Download More Than 10 MB stop for These Addresses .
We Need Three Rules .
Rule 1 : Match And Assign Source Of Download To A New Address List . Rule 2 : Match And Assign Destination of Download To A new Address list . Rule 3 : Block Every Session ( Download ) , That Size Is More That 10 MB
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Everybody Want To Download Big Size Files , After Downloaded 10 MB , Download Would Stop .
in This Example , i Want block download per Source And Destination .
For Example , Everybody can download file from one server , and he want open a new session with a new server for other works .
for this reason , we sign Source And Destinations with Srd Address List And Dst Address List , And Then Download More Than 10 MB stop for These Addresses .
We Need Three Rules .
Rule 1 : Match And Assign Source Of Download To A New Address List . Rule 2 : Match And Assign Destination of Download To A new Address list . Rule 3 : Block Every Session ( Download ) , That Size Is More That 10 MB
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/ip firewall filter
add action=add-src-to-address-list address-list=Src address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=Dst address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24
add action=drop chain=forward disabled=no dst-address-list=Dst protocol=tcp \
src-address-list=Src
///////////////////////////////////////////////////////////////////////
In My Example , I Assign Every Users In 192.168.0.0/24 Subnet , They have more that 10 MB size to Download
After that , in Last Rule , I Block That Session To block Download for 1 Hour .
If users want to download 40 MB file , every 10MB file downloaded
, they need wait to 1 Hours , Also You can Change Connection Bytes
Value And Address list Time out Value .
Also You can start this strategy base on File Extensions , Such as ( mp3 , avi , flv , zip , ... )