TIME is a small but helpful feature of mikrotik. If you want to implement any rule in specific timings only , then it can quickly help you in this regard.
TIME based filter rule
Just for an Example I want to BLOCK all sort of access for an IP from 1:00pm till 3:00pm, then simply create a Firewall rule that will block traffic from this IP address and and in TIME section, modify the required time, something like below . . .
Change the IP / Time as per your requirement
▼
CLI Code:
/ip firewall filter # INPUT CHAIN add action=drop chain=input comment="Block access for user ZAIB from 1:pm till 3:pm" disabled=no src-address=172.16.0.10 time=\ 13h-15h59m59s,sun,mon,tue,wed,thu,fri,sat # FORWARD CHAIN add action=drop chain=forward comment="Block access for user ZAIB from 1:pm till 3:pm" disabled=no src-address=172.16.0.10 time=\ 13h-15h59m59s,sun,mon,tue,wed,thu,fri,sat
TIME based QUEUE
Allow users to use 1Mbps link at day time starting from 12:00PM till 12:00AM,
then from 12:00AM they can use 2mps till next day 12:00PM.
Example:
/queue simple add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="2Mb from 12:00am till 12:00pm - NIGHT Package" direction=both disabled=no \ interface=all limit-at=0/0 max-limit=2M/2M name="2Mb from 12:00am till 12:00pm - NIGHT Package" packet-marks="" parent=none priority=8 \ queue=default-small/default-small target-addresses=172.16.0.0/24 time=0s-11h59m59s,sun,mon,tue,wed,thu,fri,sat total-queue=default-small add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="1Mb from 12:00pm till 12:00am - DAY Package" direction=both disabled=no \ interface=all limit-at=0/0 max-limit=1M/1M name="1Mb from 12:00pm till 12:00am - DAY Pacakge" packet-marks="" parent=none priority=8 queue=\ default-small/default-small target-addresses=172.16.0.0/24 time=12h-23h59m59s,sun,mon,tue,wed,thu,fri,sat total-queue=default-small
Another example:
Single User 192.168.1.10
Timings:
6:00AM to 6:00PM 512k
6:00PM to 6:00AM 1Mb
/queue simple add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=no interface=all limit-at=0/0 max-limit=512k/512k name="512kb from 06:00 till 18:00 / Zaib" packet-marks="" parent=none \ priority=8 queue=default-small/default-small target-addresses=192.168.1.10/32 time=6h-17h59m59s,sun,mon,tue,wed,thu,fri,sat total-queue=default-small add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=no interface=all limit-at=0/0 max-limit=1M/1M name="1mb from 18:00 till 06:00 / Zaib" packet-marks="" parent=none priority=\ 8 queue=default-small/default-small target-addresses=192.168.1.10/32 time=18h-5h59m59s,sun,mon,tue,wed,thu,fri,sat total-queue=default-small
Another Example:
Allow all users to get maximum 800M (combined for all)
/queue simple add comment="Unlimited Speed for All Users from 2am till 2pm" max-limit=800M/800M name="Unlimited Speed for All Users from 2am till 2pm" target="" time=2h30m-14h30m,sun,mon,tue,wed,thu,fri,sat
Regard’s
Syed Jahanzaib
Hi,
Thanks for this, i am trying to modify it to fit my needs but its not going!
I want to block certain users from 20:00hrs to 0700hrs but it keeps telling me that the end time is smaller than the begining time!
Also i would like to block the same IP on weekends!
Please i would appreciate your assistance.
Thanks
LikeLike
Comment by Ahmed Bello — December 23, 2013 @ 4:11 PM
You cannot add lower hour times with greater value for startup.
Perhaps you have to add two rules to accomplish your task. TIME feature is quick and convenient, otherwise you ahve to use SCHEDULER and scripting to achieve the same . . .
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 23, 2013 @ 5:03 PM
can we make a Que for each user to limit specific domain download which override their original limit by radius ? let’s say a user has 1Mbps limit , i want to give him 3Mbps only to download youtube videos ..
LikeLike
Comment by sadook — December 23, 2013 @ 5:15 PM
Assalam-o-Allaikum,
My questions is regarding time based rule. If I want to close the transmission of any ip from 7pm till 7am, it gives the error the Start time is bigger than End time. in start time i used 19:00:00 and in End time 06:59:59 What the time I can use..
Regards Muhammad Ali
LikeLike
Comment by Muhammad Ali — December 24, 2013 @ 11:19 AM
brother why dont u use it in positive manner.
i.e. allow it 7am to 7pm 🙂
regards,
@Z@M
LikeLike
Comment by nomi — December 27, 2013 @ 12:40 PM
Timings are for example basis only, Everyone have difference requirements 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 30, 2013 @ 8:27 AM
Not effected sir,
LikeLike
Comment by rafi — December 12, 2014 @ 4:06 PM
Hi all,
I found this command very helpful, but how can i apply it for range of IPs?
/ip firewall filter
add action=drop chain=input comment=”Block access for user ZAIB from 1:pm till 3:pm” disabled=no src-address=172.16.0.10 time=\
13h-15h59m59s,sun,mon,tue,wed,thu,fri,sat
LikeLike
Comment by OMAR — February 25, 2015 @ 1:31 PM
There are always different and ‘doable’ methods to accomplish any task.
If you want to block multiple IP addresses and series, then better to create an address list, and then block/allow this address in the Filter rule.
As showed in the example below …
The good part is that you can manage address list from winbox gui by going to IP > FIREWALL > ADDRESS LISTS.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 26, 2015 @ 11:35 AM
AOA
Dear sir,
i am using PPPOE + Hotspot service in mikrotik 200 clients and 100+ active
i have an problem in hotspot my users put device or dhcp on my network witch disturb my hotspot page and ip’s
my hotspot ip is 10.20.30.1
problomatic ip is 192.168.x.xx
mail my ans plz ASAP
m in tens 0315-4646743
LikeLike
Comment by sharaz4113 — August 29, 2015 @ 5:01 PM
Hi,
I want to know how to block internet access to a certain group (per IP for exemple) while keeping them connected to the LAN to communicate with other local network computers in a time interval (9h00-11h00)
LikeLike
Comment by Yannick-Céphas Lobo Ndjango — October 27, 2015 @ 11:45 AM
Hello Sir, please I need your help on this issue. We are faced with a problem where we want all staff are allowed to browse the internet only from 7:00 tiil 16:00, but allow only the Admin/manager unrestricted access to internet. The network is on dhcp while the lan ip address is 178.50.30.0/24 but will use that of Admin/manager pc mac id as the filter. Please your help is needed in this direction as staff now abuse the use of the network because after that time they they use it to do some unimaginable things.
Thanks and God bless you.
LikeLike
Comment by sapanda — April 15, 2016 @ 1:27 PM
there are *many* ways you can block/allow users.
Example:
Create two filter rules,
1st, allow the admin IP or MAC address in forward chain.
2nd , reject requests from all ip series of lan users, and set time in it.
OR
in default NAT rule, you can define time in which you want to allow the ip range.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 15, 2016 @ 2:23 PM
Thanks for your response. Sorry that I do not have a test machine to try this, but can you assist me to create the filter rules with any mac id or use xx:xx: as example and then the 2nd rules.
Thanks and expecting your help
LikeLike
Comment by sapanda — April 15, 2016 @ 2:39 PM
/ip firewall filter
add chain=forward src-mac-address=00:21:5C:4E:11:31
add chain=forward src-mac-address=C0:BD:D1:3F:96:13
add action=drop chain=input comment=\
“Block access for all users from 4pm -9pm” in-interface=bridge1 time=\
13h-22h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=passthrough chain=unused-hs-chain comment=\
“place hotspot rules here” disabled=yes
=================
Have done this as directed but the second mac id is not browsing the internet while the 1st src-mac id browses unhindered. Please note that the network I test this is on hotspot. did i do anything wrong from my setup.
Thanks
LikeLike
Comment by sapanda — June 2, 2016 @ 6:31 PM
Thanks, quite educative.
Pls and to schedule access to youtube say between 9am to 2pm access to youtube should be denied while it should be allowed from 2pm onwards. the network is dhcp and both wireless and cable. your swift response is appreciated. i would be glad if you could add sample codes.
LikeLike
Comment by Alvino — February 14, 2017 @ 3:11 AM