Bloquear o limitar youtube por puerto 443

juliobrenis · Junio 17, 2014, 09:59:12 PM

Quizas no sea el lugar adecuado dentro del foro pero alguien me podria ayudar con bloquear o limitar youtube por el puerto 443.
Omitir la regla del MKT con content=youtube
Gracias

robertjs · Junio 18, 2014, 10:06:19 AM

Bueno aqui te comparto esta regla, acomodalo a tu MK y tus intefaces

Código (cpp) [Seleccionar]



/ip firewall layer7-protocol
add name=youtube.com regexp="^.*(get|GET).+(youtube).*\$"
add name=googlevideo.com regexp="^.*(get|GET).+(googlevideo).*\$"


/ip firewall mangle
add action=mark-connection chain=forward comment=Youtube layer7-protocol=youtube.com new-connection-mark=Youtube
add action=mark-connection chain=forward dst-address-type=!local layer7-protocol=googlevideo.com new-connection-mark=Youtube
add action=mark-packet chain=forward connection-mark=Youtube new-packet-mark=Youtube time=7h-20h,sun,mon,tue,wed,thu,fri,sat



/queue tree
add name=DowmloadYoutube parent=LAN queue=default
add name=UploadYoutube parent=wan queue=default
add max-limit=600k name=Youtube packet-mark=Youtube parent=DowmloadYoutube queue=BAJADA
add max-limit=128k name=youtube packet-mark=Youtube parent=UploadYoutube queue=SUBIDA

/queue type
add kind=sfq name=BAJADA sfq-allot=1514 sfq-perturb=5
add kind=sfq name=SUBIDA sfq-allot=1514 sfq-perturb=5

esérp te sirba..

Donde dice 700k es a la velocidad que descargaran... puedes modificarlo.. tanto como subir y bajarlo..

firecold · Junio 18, 2014, 10:45:41 AM

Cita de: robertjs en Junio 18, 2014, 10:06:19 AM
Bueno aqui te comparto esta regla, acomodalo a tu MK y tus intefaces

Código (cpp) [Seleccionar] Expandir
/ip firewall layer7-protocol add name=youtube.com regexp="^.*(get|GET).+(youtube).*\$" add name=googlevideo.com regexp="^.*(get|GET).+(googlevideo).*\$" /ip firewall mangle add action=mark-connection chain=forward comment=Youtube layer7-protocol=youtube.com new-connection-mark=Youtube add action=mark-connection chain=forward dst-address-type=!local layer7-protocol=googlevideo.com new-connection-mark=Youtube add action=mark-packet chain=forward connection-mark=Youtube new-packet-mark=Youtube time=7h-20h,sun,mon,tue,wed,thu,fri,sat /queue tree add name=DowmloadYoutube parent=LAN queue=default add name=UploadYoutube parent=wan queue=default add max-limit=600k name=Youtube packet-mark=Youtube parent=DowmloadYoutube queue=BAJADA add max-limit=128k name=youtube packet-mark=Youtube parent=UploadYoutube queue=SUBIDA

esérp te sirba..

Donde dice 700k es a la velocidad que descargaran... puedes modificarlo.. tanto como subir y bajarlo..

gracias robertjs por tu aporte, siempre es bueno tener nueva documentacion, especialmente de MK, Saludos

robertjs · Junio 18, 2014, 10:52:40 AM

Cita de: firecold en Junio 18, 2014, 10:45:41 AM

gracias robertjs por tu aporte, siempre es bueno tener nueva documentacion, especialmente de MK, Saludos

de nada.. a mi me sirvio bastante.. asi usen el el atubecapcher u otros.. siempre descarga a la velocidad que yo ponga ahy.. asi tambien mis clientes no se saturaran en su servicio!!

PD: me olvide agregar /queue type, ya modifique la publicacion y puse la regla faltante Saludos.
PD2: Apoyo porque aqui me ayudaron y enseñaron algo del raptor claro aun no e podido con el plugins de youtube :v solo queda esperar..

saludos y suerte :)

firecold · Junio 18, 2014, 10:54:23 AM

Si mi amigo lastimosamente es plugin de youtube es muy complicado hasta para mi, esos tan omplicados se los dejo al amigo Joemg6, ya que el es un Master en eso, saludos

btocarmona · Junio 18, 2014, 11:11:57 AM

Puse estas reglas y no me abra youtube demora muchisimo, que diferencia tiene hacerlo por Mangle content

robertjs · Junio 18, 2014, 11:19:38 AM

Cita de: btocarmona en Junio 18, 2014, 11:11:57 AM
Puse estas reglas y no me abra youtube demora muchisimo, que diferencia tiene hacerlo por Mangle content

hola esta regla no bloque la pagina en si.. solo limita las descargas de video..!! yo lo uso y me anda sin problemas..!! por eso los comparto ! si crees que va lento en donde esta 700k subelo a mas! a tu criterio!

juliobrenis · Junio 18, 2014, 09:31:30 PM

Cita de: robertjs en Junio 18, 2014, 10:06:19 AM
Bueno aqui te comparto esta regla, acomodalo a tu MK y tus intefaces

Código (cpp) [Seleccionar] Expandir
/ip firewall layer7-protocol add name=youtube.com regexp="^.*(get|GET).+(youtube).*\$" add name=googlevideo.com regexp="^.*(get|GET).+(googlevideo).*\$" /ip firewall mangle add action=mark-connection chain=forward comment=Youtube layer7-protocol=youtube.com new-connection-mark=Youtube add action=mark-connection chain=forward dst-address-type=!local layer7-protocol=googlevideo.com new-connection-mark=Youtube add action=mark-packet chain=forward connection-mark=Youtube new-packet-mark=Youtube time=7h-20h,sun,mon,tue,wed,thu,fri,sat /queue tree add name=DowmloadYoutube parent=LAN queue=default add name=UploadYoutube parent=wan queue=default add max-limit=600k name=Youtube packet-mark=Youtube parent=DowmloadYoutube queue=BAJADA add max-limit=128k name=youtube packet-mark=Youtube parent=UploadYoutube queue=SUBIDA

/queue type
add kind=sfq name=BAJADA sfq-allot=1514 sfq-perturb=5
add kind=sfq name=SUBIDA sfq-allot=1514 sfq-perturb=5

esérp te sirba..

Donde dice 700k es a la velocidad que descargaran... puedes modificarlo.. tanto como subir y bajarlo..

Gracias por compartir el codigo
Lamento comunicarte que no filtra el puerto 443 que es lo que me interesa... solo marca lo puesto por el puerto 80 y ya que lo tengo en paralelo con el raptor cache no me sirve... en un centro de trabajo siempre existen los sapos que le colocan la "S" en la dirección del navegador para poder saltarse las restricciones.
Espero me puedas ayudar de otra forma... tambien lo he puesto con el puerto de 443 en la regla pero ni aun asi.

robertjs · Junio 20, 2014, 05:00:32 PM

Bueno si quieres filtrar por el puerto 443 usa estas reglas de QoS el cual funciona la perfeccion en marcado y restriccion el puerto 443,
Bloque la descarga en descargas en el puerto 443 pasginas https://

Probe descargando un video en pagina https:// y descarga a la minima velocidad mientras en las demas pagina navegas normal..

Código (cpp) [Seleccionar]


las interfaces se llaman "wan" Y "LAN"

/queue type
add kind=pcq name=WEB pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10
    pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=6
    pcq-limit=50 pcq-rate=512k pcq-src-address-mask=32 pcq-src-address6-mask=6
    pcq-total-limit=5000
add kind=pcq name=YOUTUBE pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=5000




/ip firewall mangle
add action=mark-connection chain=prerouting comment="ICMP (Ping)" disabled=no \
    new-connection-mark=icmp_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conn disabled=no \
    new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=53 \
    new-connection-mark=dns_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conn disabled=no \
    new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting comment="Face Videos" content=\
    scontent disabled=no dst-port=443 new-connection-mark=Face_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Face_conn disabled=no \
    new-packet-mark=Face passthrough=no
add action=mark-connection chain=prerouting comment=Atube content=\
    %2Cip%2Cipbits%2Citag%2Cratebypass%2Csource%2 disabled=no dst-port=80 \
    new-connection-mark=Atube_Conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Atube_Conn disabled=no \
    new-packet-mark=Atube passthrough=no
add action=mark-connection chain=prerouting comment=You content=\
    "videoplayback\?" disabled=no dst-port=80 new-connection-mark=You_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=You_conn disabled=no \
    new-packet-mark=you passthrough=no
add action=mark-connection chain=prerouting comment=You_443 content=googlevideo \
    disabled=no dst-port=443 new-connection-mark=You_443_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=You_443_conn disabled=\
    no new-packet-mark=You_443 passthrough=no
add action=mark-connection chain=prerouting comment=Http connection-bytes=0-53 \
    disabled=no dst-port=80 new-connection-mark=http_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no \
    new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting comment="Http Descarga" \
    connection-bytes=53-5000000 disabled=no dst-port=80 new-connection-mark=\
    http_conn_descarga passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn_descarga \
    disabled=no new-packet-mark=http_descarga passthrough=no
add action=mark-connection chain=prerouting comment=Https disabled=no dst-port=\
    443 new-connection-mark=https_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=https_conn disabled=no \
    new-packet-mark=https passthrough=no
add action=mark-connection chain=prerouting comment=WoW disabled=no dst-port=\
    3724,6112-6114,6881-6999 new-connection-mark=wow_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wow_conn disabled=no \
    new-packet-mark=wow passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=3724 \
    new-connection-mark=wow_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=wow_udp_conn disabled=\
    no new-packet-mark=wow_udp passthrough=no
add action=mark-connection chain=prerouting comment=LoL disabled=no dst-port=\
    2099,5222,5223,8393-8400 new-connection-mark=lol_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=lol_conn disabled=no \
    new-packet-mark=lol passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=5000-5500 \
    new-connection-mark=lol_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=lol_udp_conn disabled=\
    no new-packet-mark=lol_udp passthrough=no
add action=mark-connection chain=prerouting comment=Ventrilo disabled=no \
    dst-port=30572 new-connection-mark=vent_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vent_conn disabled=no \
    new-packet-mark=ventrilo passthrough=no
add action=mark-connection chain=prerouting comment=MSN disabled=no dst-port=\
    1863 new-connection-mark=msn_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=msn_conn disabled=no \
    new-packet-mark=msn passthrough=no
add action=mark-connection chain=prerouting comment=Winbox disabled=no \
    dst-port=8291 new-connection-mark=winbox_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=winbox_conn disabled=no \
    new-packet-mark=winbox passthrough=no
add action=mark-connection chain=prerouting comment="Dragon Nest" disabled=no \
    dst-port=14300,14301,14403,7000,14500 new-connection-mark=dragon_nest_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_conn \
    disabled=no new-packet-mark=dragon_nest passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=15100-15110 \
    new-connection-mark=dragon_nest_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_udp_conn \
    disabled=no new-packet-mark=dragon_nest_udp passthrough=no
add action=mark-connection chain=prerouting comment=Otros disabled=no \
    new-connection-mark=otras_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=otras_conn disabled=no \
    new-packet-mark=other passthrough=no



/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=QoS_down packet-mark="" parent=LAN priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=4500k name=3QoS_down_Web packet-mark="" parent=QoS_down priority=\
    5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2QoS_down_Games packet-mark="" parent=QoS_down priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1QoS_down_VoIP packet-mark="" parent=QoS_down priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=QoS_up packet-mark="" parent=wan priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1QoS_up_VoIP packet-mark="" parent=QoS_up priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2QoS_up_Games packet-mark="" parent=QoS_up priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400k \
    max-limit=512k name=3QoS_up_Web packet-mark="" parent=QoS_up priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="ICMP_(Ping)_up" packet-mark=icmp parent=1QoS_up_VoIP \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=DNS_up packet-mark=dns parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http_up packet-mark=http parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Https_up packet-mark=https parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Otros_up packet-mark=other parent=2QoS_up_Games priority=6 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WinBox packet-mark=winbox parent=1QoS_down_VoIP priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MSN packet-mark=msn parent=3QoS_down_Web priority=5 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=LoL_udp packet-mark=lol_udp parent=2QoS_down_Games \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Ventrilo_up packet-mark=ventrilo parent=1QoS_up_VoIP \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WinBox_up packet-mark=winbox parent=1QoS_up_VoIP priority=\
    2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Dragon Nest" packet-mark=dragon_nest parent=\
    2QoS_down_Games priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MSN_up packet-mark=msn parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Dragon Nest_up" packet-mark=dragon_nest parent=\
    2QoS_up_Games priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Dragon Nest_udp" packet-mark=dragon_nest_udp parent=\
    2QoS_down_Games priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Dragon Nest_udp_up" packet-mark=dragon_nest_udp parent=\
    2QoS_up_Games priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=LoL_up packet-mark=lol parent=2QoS_up_Games priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=LoL_udp_up packet-mark=lol_udp parent=2QoS_up_Games \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WoW_up packet-mark=wow parent=2QoS_up_Games priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WoW_udp_up packet-mark=wow_udp parent=2QoS_up_Games \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http_Descarga packet-mark=http_descarga parent=\
    3QoS_down_Web priority=6 queue=WEB
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="ICMP_(Ping)" packet-mark=icmp parent=1QoS_down_VoIP \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=DNS packet-mark=dns parent=3QoS_down_Web priority=5 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http packet-mark=http parent=3QoS_down_Web priority=5 \
    queue=WEB
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Https packet-mark=https parent=3QoS_down_Web priority=4 \
    queue=WEB
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WoW packet-mark=wow parent=2QoS_down_Games priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WoW_udp packet-mark=wow_udp parent=2QoS_down_Games \
    priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=LoL packet-mark=lol parent=2QoS_down_Games priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Ventrilo packet-mark=ventrilo parent=1QoS_down_VoIP \
    priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Otros packet-mark=other parent=2QoS_down_Games priority=1 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=YouTube_Player_Web packet-mark=you parent=3QoS_down_Web \
    priority=5 queue=YOUTUBE
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=80k name=AtubeCatcher packet-mark=Atube parent=3QoS_down_Web \
    priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=75k name=Atube_up packet-mark=Atube parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Youtube_Up packet-mark=you parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=YouTube_443_Web packet-mark=You_443 parent=3QoS_down_Web \
    priority=5 queue=YOUTUBE
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=FaceVideo_Dow packet-mark=Face parent=3QoS_down_Web \
    priority=5 queue=YOUTUBE

juliobrenis · Junio 21, 2014, 10:57:20 PM

Gracias por tu pronta respuesta lo voy a probar.
Una consulta todos lo marcados para que uso los aplicas, cabinas, games, isp?

juliobrenis · Junio 21, 2014, 10:58:03 PM

Cita de: juliobrenis en Junio 21, 2014, 10:57:20 PM
Gracias por tu pronta respuesta lo voy a probar.
Una consulta todos lo marcados para que uso los aplicas, cabinas, games, isp?

Se me olvida preguntar si lo usas con raptor en paralelo

robertjs · Junio 21, 2014, 11:18:55 PM

si lo uso para todo lo que dices... pero con raptor no probe.. ya que lo desabilite por el motivo que youtube no cachea.. pero ese Qos esta casi completo.. a todo lo qu quieres hacer..

Como veras limita el atubecapcher

y en YouTube_Player_Web es para limitar dscargas de otro programas o paginas ... prueba descargando y mira donde consume ancho de banda y limitas.. a tu criterio.. yo los tengo en 512k .. esas descargas..