Scribd Logo
Upload

Welcome to Scribd!

  • Firewall Mangle

    Uploaded by

    Michael Chable
    5 views3 pages

    Original Title

    Firewall Mangle.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    Firewall Mangle

    Uploaded by

    Michael Chable

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Firewall Mangle

    /ip firewall mangle


    add action=mark-connection chain=prerouting comment=Youtube content=youtube
    disabled=no new-connection-mark=youtube_in passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=youtube_in
    disabled=no new-packet-mark=youtube_in passthrough=no
    add action=mark-connection chain=prerouting comment="Https y Http" disabled=no
    dst-port=443 in-interface=!WAN new-connection-mark=http_up_cnx passthrough=
    yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=80
    in-interface=!WAN new-connection-mark=http_up_cnx passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-
    mark=http_up_cnx disabled=no new-packet-mark=http_up_pkt passthrough=no
    add action=mark-connection chain=prerouting comment="ICMP(Ping)" disabled=no
    new-connection-mark=icmp_conex passthrough=yes protocol=icmp
    add action=mark-packet chain=prerouting comment="" connection-mark=icmp_conex
    disabled=no new-packet-mark=icmp passthrough=no
    add action=mark-connection chain=prerouting comment=DNS disabled=no dst-
    port=53 new-connection-mark=dns_conex passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-port=53
    new-connection-mark=dns_conex passthrough=no protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-mark=dns_conex
    disabled=no new-packet-mark=dns passthrough=no
    add action=mark-connection chain=prerouting comment=Msn disabled=no dst-
    port=1863 in-interface=!WAN new-connection-mark=msn_conex passthrough=yes
    protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=msn_conex
    disabled=no new-packet-mark=msn passthrough=no
    add action=mark-connection chain=prerouting comment=WinBox disabled=no dst-
    port=8292 new-connection-mark=winbox_conex passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment="" disabled=no dst-
    port=20561 new-connection-mark=winbox_conex passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-
    mark=winbox_conex disabled=no new-packet-mark=winbox_pkt passthrough=no
    add action=mark-connection chain=postrouting comment="Winbox 2" connection-
    mark=winbox_conex disabled=no new-connection-mark=winbox_down
    passthrough=yes
    add action=mark-packet chain=postrouting comment="" connection-
    mark=winbox_down disabled=no new-packet-mark=winbox_down_pkt
    passthrough=no
    add action=mark-connection chain=prerouting comment=TeamViewer disabled=no
    dst-port=5938 in-interface=!WAN new-connection-mark=TeamViewer_conex
    passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-
    mark=TeamViewer_conex disabled=no new-packet-mark=teamviewer
    passthrough=no
    add action=mark-connection chain=prerouting comment="Otras UDP connection"
    disabled=no in-interface=!WAN new-connection-mark=otras_udp_cnx
    passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting comment="" connection-
    mark=otras_udp_cnx disabled=no new-packet-mark=otras_udp_pkt passthrough=no
    add action=mark-connection chain=prerouting comment="Otras connection"
    connection-bytes=0-500000 disabled=no in-interface=!WAN new-connection-
    mark=otras_cnx passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting comment="" connection-mark=otras_cnx
    disabled=no new-packet-mark=otras_pkt passthrough=no

    Queue Tree

    Aqui tienen q cambiar el WAN y LAN por las suyas como las tengan configuradas los
    max-limit estan configurados a mi criterio deacuerdo a mi linea de 5M ADSL.
    [ros]

    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=512k name=Subida parent=WAN priority=1
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=4900k name=Bajada parent=LAN priority=1

    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=32k name=Dns_in packet-mark=dns parent=Subida priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=32k name=ICMP_in packet-mark=icmp parent=Subida priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Winbox_in packet-mark=winbox_pkt parent=Subida priority=1
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Msn_in packet-mark=msn parent=Subida priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=512k name=Msn packet-mark=msn parent=Bajada priority=2 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Winbox packet-mark=winbox_down_pkt parent=Bajada priority=1
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=2M name=Youtube packet-mark=youtube_in parent=Bajada priority=4
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name="Http Up" packet-mark=http_up_pkt parent=Subida priority=1
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=2M name=Http packet-mark=http_up_pkt parent=Bajada priority=1
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=512k name="Otras udp" packet-mark=otras_udp_pkt parent=Bajada priority=8
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=600k name="Otras small" packet-mark=otras_pkt parent=Bajada priority=8
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=128k name=Otras packet-mark=otras_pkt parent=Subida priority=8
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Otras_UDP packet-mark=otras_udp_pkt parent=Subida priority=8
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=ICMP packet-mark=icmp parent=Bajada priority=1 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Teanviewer packet-mark=teamviewer parent=Bajada priority=1
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-
    limit=0 name=Teamviewer packet-mark=teamviewer parent=Subida priority=1
    queue=default

    /ip firewall mangle


    add action=mark-connection chain=prerouting comment="ICMP (ping)" new-
    connection-mark=Icmp_C passthrough=yes protocol=icmp
    add action=mark-packet chain=prerouting connection-mark=Icmp_C new-packet-
    mark=Icmp passthrough=no
    add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-
    connection-mark=DNS_C passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-
    mark=DNS passthrough=no
    add action=mark-connection chain=prerouting comment=Youtube new-connection-
    mark=Youtube_C passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=Youtube_C new-packet-
    mark=Youtube passthrough=no
    add action=mark-connection chain=prerouting comment="HTTP WEB" dst-port=80
    new-connection-mark=HTTP_C passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=HTTP_C new-packet-
    mark=HTTP passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting comment=HTTPS dst-port=443 new-
    connection-mark=Facebook_C passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=Facebook_C new-packet-
    mark=Facebook passthrough=yes
    add action=mark-connection chain=prerouting comment=Whatsapp dst-
    port=5222,5223,5228,5242 new-connection-mark=Whatsapp_C passthrough=yes
    protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=Whatsapp_C new-packet-
    mark=Whatsapp passthrough=yes
    add action=mark-connection chain=prerouting comment=Otros new-connection-
    mark=Otros_C passthrough=yes
    add action=mark-packet chain=prerouting connection-mark=Otros_C new-packet-
    mark=Otros passthrough=no

    You might also like