Burst for each TCP connection

Diambil dari http://forum.mikrotik.com/viewtopic.php?t=12870

This is little how-to create manual burst using queue tree.

As it is bandwidth control using queue tree first we need to mangle traffic

first i mangle all connections, then i mark first 2Mbytes then i mark the rest of packets

/ip firewall mangle add chain=forward protocol=tcp \
action=mark-connection \
new-connection-mark=new_conn passthrough=yes \
comment="mark all new connections" disabled=no

/ip firewall mangle add chain=forward protocol=tcp  \
connection-mark=new_conn \
connection-bytes=0-2000000 action=mark-packet \
new-packet-mark=new_packet passthrough=no \
comment="mark packets" disabled=no

/ip firewall mangle add chain=forward protocol=tcp \
connection-mark=new_conn action=mark-packet \
new-packet-mark=old_packets passthrough=no \
comment="marking old packets" disabled=no

Read more »

How to stop (smtp) viruses !!

Diambil dari http://forum.mikrotik.com/viewtopic.php?t=11474

Hi, i created these 2 simple rules for firewall forward and this work very fine…… do not say it to anybody ;) :D

chain=forward protocol=tcp dst-port=25 \
src-address-list=spammer action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 \
limit=50,5 src-address-list=!spammer action=add-src-to-address-list \
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the SMTP outgoing for 1 day ;)


How to prevent NATed access

Sesuai dengan judul diatas,
inti dari kasus ini adalah penyedia jasa tidak ingin BW yang diberikan kepada user di sharing lagi mempergunakan nat-router.

Ilmu baru buat saya, dengan memberikan TTL=1 ?, mmmm aneh sekali.
Read more »

How to limit a user to a given amount of traffic?

Diambil dari http://forum.mikrotik.com/viewtopic.php?f=9&t=20420

:local sum; :local traf;
:set sum 0
/ip firewall rule forward {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum  do={
:set traf [get [find comment=("user" . $i)]
:set traf ($traf/1073741824)
:if ($traf>1) do={:log facility=System-Info \
message=("user" . $i ." exceeded 1Gb limit!")}