Scribd
Upload
172 views2 pages

Queue Tree + Mangle

This document configures traffic shaping and filtering for 40 clients on a MikroTik router. It uses packet and connection marking at different points in the firewall to classify traffic by client, protocol, and application. It then builds a queue tree with different priority levels to apply bandwidth limits and shaping to each traffic class per client. Traffic like downloads, YouTube, and streaming are also subjected to additional connection limiting filters.

Uploaded by

Krisno Pratama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
172 views2 pages

Queue Tree + Mangle

This document configures traffic shaping and filtering for 40 clients on a MikroTik router. It uses packet and connection marking at different points in the firewall to classify traffic by client, protocol, and application. It then builds a queue tree with different priority levels to apply bandwidth limits and shaping to each traffic class per client. Traffic like downloads, YouTube, and streaming are also subjected to additional connection limiting filters.

Uploaded by

Krisno Pratama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

/ip firewall mangle

add action=mark-connection chain=prerouting disabled=no in-interface=ether1-ISP


new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"
add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no n
ew-packet-mark=all-inpkt passthrough=yes comment="UPLOAD"
add action=mark-connection chain=forward disabled=no in-interface=ether2-LAN new
-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new
-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"
/ip firewall mangle
add action=mark-packet chain=prerouting src-address=192.168.170.11 packet-mark=a
ll-inpkt new-packet-mark=client1-pktd passthrough=no comment="CLIENT1-UPSTREAM"
add action....... "CLIENT40-UPSTREAM"
/ip firewall mangle
add action=mark-packet chain=forward dst-address=192.168.170.11 packet-mark=alloutpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1-DOWNSTREAM"
add action...... "CLIENT40-DOWNSTREAM"
/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9]
[1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|r
tf|ppt|ppt).*\$"
add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymoti
on.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=cli
ent1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=c
lient1-dpkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443
passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=t
cp comment=""
add action ..... "CLIENT40 DOWNLOAD"
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=cli
ent1-spkt packet-mark=client1-pktd passthrough=no comment="CLIENT1-VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=c
lient1-spkt packet-mark=client1-pktd passthrough=no comment=""
add action ..... "CLIENT40-VIDEO"
/ip firewall mangle
add action=mark-packet chain=forward src-address=192.168.170.11 packet-mark=allgpkt new-packet-mark=client1-gpkt passthrough=no comment="CLIENT1-GAMES"
add action ..... "CLIENT40-GAMES"
/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443
passthrough=no new-packet-mark=client1-bpkt packet-mark=client1-pktd protocol=tc
p comment="CLIENT1-BROWSING"
add action ..... "CLIENT40-BROWSING"
/queue tree
add name=All-Bandwidth parent=global-out packet-mark=all-inpkt,all-outpkt queue=
default priority=8 max-limit=10M

/queue tree
add name=Client1 parent=All-Bandwidth packet-mark=no-mark queue=default priority
=8 max-limit=1000k
add name=Client40 ......
/queue tree
add name=aClient1-Games parent=Client1 packet-mark=client1-gpkt queue=default pr
iority=1 max-limit=1000k
add name=aClient40-Games .....
/queue tree
add name=bClient1-Browsing parent=Client1 packet-mark=client1-bpkt queue=default
priority=2 max-limit=1000k
add name=bClient40 .....
/queue tree
add name=cClient1-Upload parent=Client1 packet-mark=client1-pktp queue=default p
riority=3 max-limit=1000k
add name=cClient40-Upload .....
/queue tree
add name=dClient1-Download parent=Client1 packet-mark=no-mark queue=default prio
rity=6 max-limit=512k
add name=dClient40-Download .....
/queue tree
add name=eClient1-DownUdf parent=dClient1-Download packet-mark=client1-pktd queu
e=default priority=6
add name=eClient40-DownUdf .....
/queue tree
add name=fClient1-DownExt parent=dClient1-Download packet-mark=client1-dpkt queu
e=default priority=7
add name=fClient40-DownExt .....
/queue tree
add name=gClient1-DownVid parent=dClient1-Download packet-mark=client1-spkt queu
e=default priority=8
add name=gClient40-DownVid .....
/ip firewall filter
add action=drop chain=forward comment="DOWNLOAD HIGH" connection-limit=6,32 disa
bled=no layer7-protocol=high protocol=tcp
add action=drop chain=forward comment="YOUTUBE" connection-limit=6,32 disabled=n
o layer7-protocol=youtube protocol=tcp
add action=drop chain=forward comment="STREAMING" connection-limit=6,32 disabled
=no layer7-protocol=streaming protocol=tcp

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy