SHOW:
|
|
- or go back to the newest paste.
| 1 | /ip firewall address-list | |
| 2 | add address=192.168.0.0/16 list=private_IPv4 | |
| 3 | add address=172.16.0.0/12 list=private_IPv4 | |
| 4 | add address=10.0.0.0/8 list=private_IPv4 | |
| 5 | /ip firewall layer7-protocol | |
| 6 | add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04" | |
| 7 | add name=ZIP regexp="pk\\x03\\x04\\x14" | |
| 8 | add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70" | |
| 9 | add name=RAR regexp="Rar\\x21\\x1a\\x07" | |
| 10 | add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com" | |
| 11 | /ip firewall mangle | |
| 12 | add action=accept chain=prerouting comment="Bypass Local Traffic" dst-address-list=private_IPv4 src-address-list=private_IPv4 | |
| 13 | add action=accept chain=forward dst-address-list=private_IPv4 src-address-list=private_IPv4 | |
| 14 | add action=mark-connection chain=forward comment="Games Traffic" dst-port=39190-39200 new-connection-mark=games passthrough=yes protocol=tcp src-address-list=private_IPv4 | |
| 15 | add action=mark-connection chain=forward dst-port=40000-40010 new-connection-mark=games passthrough=yes protocol=udp src-address-list=private_IPv4 | |
| 16 | add action=mark-packet chain=forward connection-mark=games in-interface="ether1 - Wan" new-packet-mark=games_down passthrough=no | |
| 17 | add action=mark-packet chain=forward connection-mark=games in-interface="ether2 - Lan" new-packet-mark=games_up passthrough=no | |
| 18 | add action=mark-connection chain=forward comment="ICMP Traffic" new-connection-mark=icmp passthrough=yes protocol=icmp src-address-list=private_IPv4 | |
| 19 | add action=mark-packet chain=forward connection-mark=icmp in-interface="ether1 - Wan" new-packet-mark=icmp_down passthrough=no protocol=icmp | |
| 20 | add action=mark-packet chain=forward connection-mark=icmp in-interface="ether2 - Lan" new-packet-mark=icmp_up passthrough=no protocol=icmp | |
| 21 | add action=mark-connection chain=forward comment="DNS Traffic" dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp src-address-list=private_IPv4 | |
| 22 | add action=mark-packet chain=forward connection-mark=dns in-interface="ether1 - Wan" new-packet-mark=dns_down passthrough=no protocol=udp | |
| 23 | add action=mark-packet chain=forward connection-mark=dns in-interface="ether2 - Lan" new-packet-mark=dns_up passthrough=no protocol=udp | |
| 24 | add action=mark-connection chain=forward comment="Remote Traffic" dst-port=22,23,8291,5938,4899 new-connection-mark=remote passthrough=yes protocol=tcp src-address-list=private_IPv4 | |
| 25 | add action=mark-packet chain=forward connection-mark=remote in-interface="ether1 - Wan" new-packet-mark=remote_down passthrough=no | |
| 26 | add action=mark-packet chain=forward connection-mark=remote in-interface="ether2 - Lan" new-packet-mark=remote_up passthrough=no | |
| 27 | add action=mark-connection chain=forward comment="YouTube Traffic" layer7-protocol=youtube new-connection-mark=youtube passthrough=yes src-address-list=private_IPv4 | |
| 28 | add action=mark-packet chain=forward connection-mark=youtube in-interface="ether1 - Wan" new-packet-mark=youtube_down passthrough=no | |
| 29 | add action=mark-packet chain=forward connection-mark=youtube in-interface="ether2 - Lan" new-packet-mark=youtube_up passthrough=no | |
| 30 | add action=mark-connection chain=forward comment="Extension Layer7" layer7-protocol=EXE new-connection-mark=extensi passthrough=yes | |
| 31 | add action=mark-connection chain=forward layer7-protocol=ZIP new-connection-mark=extensi passthrough=yes | |
| 32 | add action=mark-connection chain=forward layer7-protocol=MP3 new-connection-mark=extensi passthrough=yes | |
| 33 | add action=mark-connection chain=forward layer7-protocol=RAR new-connection-mark=extensi passthrough=yes | |
| 34 | add action=mark-packet chain=forward connection-mark=extensi in-interface="ether1 - Wan" new-packet-mark=extensi_down passthrough=no | |
| 35 | add action=mark-packet chain=forward connection-mark=extensi in-interface="ether2 - Lan" new-packet-mark=extensi_up passthrough=no | |
| 36 | add action=mark-connection chain=forward comment="Browsing Traffic" connection-mark=!heavy_traffic new-connection-mark=browsing passthrough=yes src-address-list=private_IPv4 | |
| 37 | add action=mark-connection chain=forward comment="Heavy Traffic" connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=tcp | |
| 38 | add action=mark-connection chain=forward connection-bytes=1024000-0 connection-mark=browsing connection-rate=256k-102400k new-connection-mark=heavy_traffic passthrough=yes protocol=udp | |
| 39 | add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether1 - Wan" new-packet-mark=heavy_browsing_down passthrough=no | |
| 40 | add action=mark-packet chain=forward connection-mark=heavy_traffic in-interface="ether2 - Lan" new-packet-mark=heavy_browsing_up passthrough=no | |
| 41 | add action=mark-packet chain=forward connection-mark=browsing in-interface="ether1 - Wan" new-packet-mark=small_browsing_down passthrough=no | |
| 42 | add action=mark-packet chain=forward connection-mark=browsing in-interface="ether2 - Lan" new-packet-mark=small_browsing_up passthrough=no | |
| 43 | ||
| 44 | ||
| 45 | /queue type | |
| 46 | add kind=pcq name=down_pcq pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64 | |
| 47 | add kind=pcq name=up_pcq pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64 | |
| 48 | /queue tree | |
| 49 | add name="Global Traffic" parent=global queue=default | |
| 50 | add max-limit=3M name=Download parent="Global Traffic" queue=default | |
| 51 | add max-limit=1M name=Upload parent="Global Traffic" | |
| 52 | add limit-at=512k max-limit=3M name="1. Game" packet-mark=games_down parent=Download priority=1 queue=down_pcq | |
| 53 | add limit-at=64k max-limit=3M name="2. Icmp" packet-mark=icmp_down parent=Download priority=1 queue=down_pcq | |
| 54 | add limit-at=64k max-limit=3M name="3. Dns" packet-mark=dns_down parent=Download priority=1 queue=down_pcq | |
| 55 | add max-limit=3M name="5. Download Traffic" parent=Download queue=default | |
| 56 | add max-limit=3M name="1. Small Browsing" packet-mark=small_browsing_down parent="5. Download Traffic" priority=5 queue=down_pcq | |
| 57 | add max-limit=3M name="2. Heavy Browsing" packet-mark=heavy_browsing_down parent="5. Download Traffic" priority=7 queue=down_pcq | |
| 58 | add limit-at=512k max-limit=3M name="4. Remote" packet-mark=remote_down parent=Download priority=3 queue=down_pcq | |
| 59 | add max-limit=3M name="3. YouTube" packet-mark=youtube_down parent="5. Download Traffic" priority=7 queue=down_pcq | |
| 60 | add max-limit=3M name="4. Extensi" packet-mark=extensi_down parent="5. Download Traffic" queue=down_pcq | |
| 61 | add limit-at=256k max-limit=1M name="1. game" packet-mark=games_up parent=Upload priority=1 queue=up_pcq | |
| 62 | add limit-at=32k max-limit=1M name="2. icmp" packet-mark=icmp_up parent=Upload priority=1 queue=up_pcq | |
| 63 | add limit-at=32k max-limit=1M name="3. dns" packet-mark=dns_up parent=Upload priority=1 queue=up_pcq | |
| 64 | add limit-at=256k max-limit=1M name="4. remote" packet-mark=remote_up parent=Upload priority=3 queue=up_pcq | |
| 65 | add max-limit=1M name="5. Upload Traffic" parent=Upload queue=default | |
| 66 | add max-limit=1M name="1. small browsing" packet-mark=small_browsing_up parent="5. Upload Traffic" priority=5 queue=up_pcq | |
| 67 | add max-limit=1M name="2. heavy browsing" packet-mark=heavy_browsing_up parent="5. Upload Traffic" priority=7 queue=up_pcq | |
| 68 | add max-limit=1M name="3. youtube" packet-mark=youtube_up parent="5. Upload Traffic" priority=7 queue=up_pcq | |
| 69 | add max-limit=1M name="4. extensi" packet-mark=extensi_up parent="5. Upload Traffic" queue=up_pcq |
