howto block downloads of large files (lets say 5mb or above ) in specific timings (like 8pm-12am).
But the issue is How the router will know the file size before it’s downloaded? The router has no way of knowing how big a connection is… An workaround is to create a Firewall Filter rule that will will allow the first 5MB of a connection through, and once it reaches that, it will start to drop packets. I used it a network, and it worked good.
But do remember that It will also affect streaming, RDP like protocols, VPNs, and any other connection that transfers a large number of bytes.
/ip firewall filter
add action=drop chain=forward comment="downloading of files larger then 5mb (It will break connection after 5mb of transfer) applicable from 8pm till 12am / aboutforworld" connection-bytes=5242880-0 disabled=no protocol=tcp time=\
20h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
But do remember that it will only drop packets for that specific download, user can do another session of download. to prevent this , you can create mangle rule that will add the user in a temporary list (with timeout value of 1 hour or more) and next time the user will try to download , his access to that particular resource will be denied, you can customize this action to be either whole session or specific file like mp3 exe zip etc etc. You can also do a source base or destination base controlling. I would recommend to GO with Queues and mangle rules, this way nothing will gonna be blocked, but scaling back bandwidth based on how much data has passed through the connection to make downloading large files painful for the cable.net user
You can also forward these packets to external proxy like Squid to do the filter base on reply_body_max_size directive. example:
reply_body_max_size 5242880 deny all # in specific timings onlyAs some1 asked, for squid use this:
acl localnet src 100.0.0.0/8
reply_body_max_size 5242880 deny localnet # deny download of 1mb and above,
http_access allow localnet
Post a Comment