Scribd
Upload
30 views6 pages

Ip Firewall Layer7

This document contains firewall rules and queue tree configurations for quality of service (QoS). It defines rules for marking traffic from various applications like YouTube, Facebook, Netflix, games and more. It also creates a queue tree with priorities for downloading and uploading traffic from different applications and services. Packet markings are applied using mangle rules to mark traffic at the connection and packet level for classification in queues.

Uploaded by

Alexander Hernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views6 pages

Ip Firewall Layer7

This document contains firewall rules and queue tree configurations for quality of service (QoS). It defines rules for marking traffic from various applications like YouTube, Facebook, Netflix, games and more. It also creates a queue tree with priorities for downloading and uploading traffic from different applications and services. Packet markings are applied using mangle rules to mark traffic at the connection and packet level for classification in queues.

Uploaded by

Alexander Hernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

/ip firewall layer7-protocol

add name=Youtube regexp=\


"^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=facebook regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|
fbsbx.co\
m|fbcdn.net|fb.com|tfbnw.net).*\$"
add name=NETFLIS regexp=\
"^.+(netflix|nflxext|nflximg|nflxsearch|nflxso|nflxvideo).*\$"

/queue tree
add disabled=yes name=DESCARGA parent=Lan_clientes priority=1
add disabled=yes name=SUBIDA parent=Wan1 priority=1
add disabled=yes name=Dns packet-mark=Dns_Dow_Pk parent=DESCARGA
priority=1
add disabled=yes name=Icmp packet-mark=Icmp_Dow_pk parent=DESCARGA
priority=1
add disabled=yes name="Juegos Dow" parent=DESCARGA priority=2
add disabled=yes name=Dota packet-mark=Dota2_Dow_pk parent="Juegos
Dow" \
priority=1
add disabled=yes name=Fornite packet-mark=fornite_Dow_pk
parent="Juegos Dow" \
priority=2
add disabled=yes name=Lol packet-mark=LoL_Dow_PK parent="Juegos Dow" \
priority=1
add disabled=yes name=Wolftem packet-mark=Wolftem_Dow_Pk
parent="Juegos Dow" \
priority=2
add disabled=yes name="Paginas Dow" parent=DESCARGA priority=4
add disabled=yes name=HttP packet-mark=HttP_Dow_pk parent="Paginas
Dow" \
priority=3
add disabled=yes name=HttpS packet-mark=https_dow:pk parent="Paginas
Dow" \
priority=4
add disabled=yes name=Netflix packet-mark=netflix_dow_pk
parent="Paginas Dow" \
priority=4
add disabled=yes name=Youtube packet-mark=YouTube_PK_Dow* parent=\
"Paginas Dow" priority=4
add disabled=yes name=Facebook packet-mark=Facebook_Pk_Dow parent=\
"Paginas Dow" priority=2
add disabled=yes name="Zxtras Dow" parent=DESCARGA priority=2
add disabled=yes name=Wasaap packet-mark=Wasaap_Dow_Pk parent="Zxtras
Dow" \
priority=1
add disabled=yes name=Correo packet-mark=Correo_Dow_Pk parent="Zxtras
Dow" \
priority=2
add disabled=yes name="PLAY PS3" packet-mark=PlayStation_Dow_Pk
parent=\

JD- +573043865417 Qos C+S


"Zxtras Dow" priority=3
add disabled=yes name="Dns up" packet-mark=Dns_Udp_Pk parent=SUBIDA
priority=\
1
add disabled=yes name="Icmp up" packet-mark=Icmp_Up_Pk parent=SUBIDA \
priority=1
add disabled=yes name="Juegos Up" parent=SUBIDA priority=2
add disabled=yes name="Dota up" packet-mark=dota2_Udp_Pqt
parent="Juegos Up" \
priority=1
add disabled=yes name=Fortine packet-mark=fornite_Udp_pk
parent="Juegos Up" \
priority=2
add disabled=yes name="Lol up" packet-mark=LoL_UP_pk parent="Juegos
Up" \
priority=1
add disabled=yes name="Wolftem up" packet-mark=Wolftem_Udp_pk parent=\
"Juegos Up" priority=2
add disabled=yes name="Paginas up" parent=SUBIDA priority=4
add disabled=yes name="Facebook up" packet-mark=Facebook_Pk_UP**
parent=\
"Paginas up" priority=2
add disabled=yes name="HttP up" packet-mark=Https_Udp_pk
parent="Paginas up" \
priority=3
add disabled=yes name="HttpS up" packet-mark=Https_Udp_pk
parent="Paginas up" \
priority=4
add disabled=yes name="Netflix up" packet-mark=Netflix_Up_pk parent=\
"Paginas up" priority=4
add disabled=yes name="Youtube up" packet-mark=YouTube_Pk_UP parent=\
"Paginas up" priority=4
add disabled=yes name="Zxtras UP" parent=SUBIDA priority=2
add disabled=yes name="PLAY PS3 up" packet-mark=Playstation_Up_Pk
parent=\
"Zxtras UP" priority=3
add disabled=yes name="Wasaap up" packet-mark=Wasasp_Up_Pk
parent="Zxtras UP" \
priority=1
add disabled=yes name="Xbox up" packet-mark=Xbox_Up_pk parent="Zxtras
UP" \
priority=3
add disabled=yes name=Xbox packet-mark=Xbox_Dow_pk parent="Zxtras Dow"
\
priority=3
/queue type
add kind=pcq name=WEB
add kind=pcq name=YOUTUBE pcq-classifier=dst-address pcq-dst-address6-
mask=64 \
pcq-src-address6-mask=64 pcq-total-limit=5000KiB
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0

JD- +573043865417 Qos C+S


/ip firewall mangle
add action=mark-connection chain=prerouting comment="QoS Icmp"
disabled=yes \
new-connection-mark=Icmp_Dow_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-
mark=Icmp_Dow_conn \
disabled=yes new-packet-mark=Icmp_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes \
new-connection-mark=Icmp_Up_Con passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting connection-mark=Icmp_Up_Con \
disabled=yes new-packet-mark=Icmp_Up_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dns"
disabled=yes \
dst-port=53 new-connection-mark=Dns_Udp_conn passthrough=yes
protocol=udp
add action=mark-packet chain=prerouting connection-mark=Dns_Udp_conn \
disabled=yes new-packet-mark=Dns_Udp_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-
port=53 \
new-connection-mark=Dns_Dow_Conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dns_Dow_Conn \
disabled=yes new-packet-mark=Dns_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dota"
disabled=yes \
dst-port=27014-27050,27036,27037,8291 new-connection-
mark=Dota2_Dow_conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dota2_Dow_conn
\
disabled=yes new-packet-mark=Dota2_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
1500,3005,3101,20561,27017-27062,20561,4380,28960,27067 \
new-connection-mark=dota2_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-
mark=dota2_udp_conn \
disabled=yes new-packet-mark=dota2_Udp_Pqt passthrough=no
add action=mark-connection chain=prerouting comment="QoS fornite"
disabled=\
yes dst-port=\
5060,45724,6250,137,138,9008,33234,9008,7862,7862,9012,45762,138 \
new-connection-mark=Fornite_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-
mark=Fornite_udp_conn \
disabled=yes new-packet-mark=fornite_Udp_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5222,5795-5847,1935,3478-3480,3074,6667,12400,28910,29901,29920 \
new-connection-mark=Fornite_Dow_conn passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-
mark=Fornite_Dow_conn \
disabled=yes new-packet-mark=fornite_Dow_pk passthrough=no

JD- +573043865417 Qos C+S


add action=mark-connection chain=prerouting comment="QoS wolftem"
disabled=\
yes dst-
port="307,10,30711,30712,30713,30714,30715,30716,30717,30718,30719\
,30720,30721,30722" new-connection-mark=woltem_dow_Conn
passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-
mark=woltem_dow_Conn \
disabled=yes new-packet-mark=Wolftem_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
40707-40718,20001 new-connection-mark=Wolftem_Udp_conn
passthrough=yes \
protocol=udp
add action=mark-packet chain=postrouting connection-
mark=Wolftem_Udp_conn \
disabled=yes new-packet-mark=Wolftem_Udp_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS LoL"
disabled=yes \
dst-port=2099,5223,5222,8393,8400,8088 new-connection-
mark=LoL_Dow_conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=LoL_Dow_conn \
disabled=yes new-packet-mark=LoL_Dow_PK passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5000,8088,10004 new-connection-mark=LoL_Up_Pk passthrough=yes
protocol=\
udp
add action=mark-packet chain=postrouting connection-mark=LoL_Up_Pk
disabled=\
yes new-packet-mark=LoL_UP_pk passthrough=no
add action=mark-packet chain=forward connection-mark=Propaganda_conn \
disabled=yes new-packet-mark=propagandas passthrough=no
add action=mark-connection chain=prerouting comment=HttpS_QoS
disabled=yes \
dst-port=443 new-connection-mark=HtppS_Dow_conn passthrough=yes
protocol=\
tcp
add action=mark-packet chain=prerouting connection-mark=HtppS_Dow_conn
\
disabled=yes new-packet-mark=https_dow:pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=443
\
new-connection-mark=Https_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-
mark=Https_udp_conn \
disabled=yes new-packet-mark=Https_Udp_pk passthrough=no
add action=mark-connection chain=prerouting comment=Http_QoS
disabled=yes \
dst-port=80,8080,9000 new-connection-mark=HttpP_Dow_conn
passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=HttpP_Dow_conn
\

JD- +573043865417 Qos C+S


disabled=yes new-packet-mark=HttP_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
80,8080,9000 new-connection-mark=HttP_udp_conn passthrough=yes
protocol=\
udp
add action=mark-packet chain=postrouting connection-mark=HttP_udp_conn
\
disabled=yes new-packet-mark=HttP_Udp_Pqt passthrough=no
add action=mark-connection chain=prerouting comment=correo
disabled=yes \
dst-port=110,995,143,993,25,465,587 new-connection-
mark=correo_Dow_Conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-
mark=correo_Dow_Conn \
disabled=yes new-packet-mark=Correo_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS wassapp"
disabled=\
yes dst-port=5222-5228,5242 new-connection-mark=Wasapp_Dow_Conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-
mark=Wasapp_Dow_Conn \
disabled=yes new-packet-mark=Wasaap_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
5222,5223,5228,5242,53,3478 new-connection-mark=Wassapp_Udp_pk \
passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-
mark=Wassapp_Udp_pk \
disabled=yes new-packet-mark=Wasasp_Up_Pk passthrough=no
add action=mark-connection chain=prerouting comment="play station"
disabled=\
yes dst-port=80,443,5223,10070 new-connection-mark=PlayS4_Dow_conn
\
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-
mark=PlayS4_Dow_conn \
disabled=yes new-packet-mark=PlayStation_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
3478,3479,3658,10070 new-connection-mark=PlayStation_Up_conn
passthrough=\
yes protocol=udp
add action=mark-packet chain=postrouting connection-
mark=PlayStation_Up_conn \
disabled=yes new-packet-mark=Playstation_Up_Pk passthrough=no
protocol=\
udp
add action=mark-connection chain=forward comment=netflix
disabled=yes \
dst-port=22,53,80,33001,179,443 layer7-protocol=NETFLIS \
new-connection-mark=netflix_Dow_con passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=netflix_Dow_con \
disabled=yes new-packet-mark=netflix_dow_pk passthrough=no
add action=mark-connection chain=forward disabled=yes dst-
port=33001,53,123 \

JD- +573043865417 Qos C+S


layer7-protocol=NETFLIS new-connection-mark=Netflix_Up_conn
passthrough=\
yes protocol=udp
add action=mark-packet chain=forward connection-mark=Netflix_Up_conn \
disabled=yes new-packet-mark=Netflix_Up_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS xbox"
disabled=yes \
dst-port=3070-3073 new-connection-mark=Xbox_dow_conn
passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-
mark=Xbox_dow_conn \
disabled=yes new-packet-mark=Xbox_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
88,3074,53,500,3544,4500 new-connection-mark=Xbox_UP_conn
passthrough=yes \
protocol=udp
add action=mark-packet chain=postrouting connection-
mark=Xbox_UP_conn \
disabled=yes new-packet-mark=Xbox_Up_pk passthrough=no
add action=mark-connection chain=forward comment="QoS YouTube"
disabled=yes \
in-interface=Wan1 layer7-protocol=Youtube new-connection-mark=\
YouTube_Conn_Dow* passthrough=yes
add action=mark-packet chain=forward connection-mark=YouTube_Conn_Dow*
\
disabled=yes new-packet-mark=YouTube_PK_Dow* passthrough=no
add action=mark-connection chain=forward disabled=yes in-
interface=Lan_clientes \
layer7-protocol=Youtube new-connection-mark=YouTube_Up_Conn*
passthrough=\
yes
add action=mark-packet chain=forward connection-
mark=YouTube_Up_Conn* \
disabled=yes new-packet-mark=YouTube_Pk_UP passthrough=no
add action=mark-connection chain=forward comment="QoS Facebook"
disabled=yes \
in-interface=Wan1 layer7-protocol=facebook new-connection-mark=\
Facebook_Conn_:Doiw** passthrough=yes
add action=mark-packet chain=prerouting connection-
mark=Facebook_Conn_:Doiw** \
disabled=yes new-packet-mark=Facebook_Pk_Dow passthrough=no
add action=mark-connection chain=forward disabled=yes in-
interface=Lan_clientes \
layer7-protocol=facebook new-connection-mark=Facebook_Up_Dow** \
passthrough=yes
add action=mark-packet chain=forward connection-mark=Facebook_Up_Dow**
\
disabled=yes new-packet-mark=Facebook_Pk_UP** passthrough=no

JD- +573043865417 Qos C+S

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy