Mangle rule

dominik15 · Wed Jul 04, 2012 3:53 pm

Hello

What you think about this.
Whether the rules are in good order?

/ip firewall mangle
add action=mark-connection chain=prerouting comment=PING disabled=no \
    icmp-options=0:0-255 new-connection-mark=icmp_conn passthrough=yes \
    protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conn disabled=no \
    new-packet-mark=icmp passthrough=no

add action=mark-connection chain=postrouting comment=PING disabled=no \
    icmp-options=0:0-255 new-connection-mark=icmp_conn passthrough=yes \
    protocol=icmp
add action=mark-packet chain=postrouting connection-mark=icmp_conn disabled=\
    no new-packet-mark=icmp passthrough=no

add action=mark-connection chain=prerouting comment=http disabled=yes \
    new-connection-mark=web_conn passthrough=yes protocol=tcp src-port=80
add action=mark-connection chain=prerouting comment=https disabled=yes \
    new-connection-mark=web_conn passthrough=yes protocol=tcp src-port=443
add action=mark-connection chain=prerouting comment=dns disabled=yes \
    new-connection-mark=web_conn passthrough=yes protocol=udp src-port=53
add action=mark-packet chain=prerouting connection-mark=web_conn disabled=yes \
    new-packet-mark=web passthrough=no

add action=mark-connection chain=postrouting comment=http disabled=yes \
    dst-port=80 new-connection-mark=web_conn passthrough=yes protocol=tcp
add action=mark-connection chain=postrouting comment=https disabled=yes \
    dst-port=443 new-connection-mark=web_conn passthrough=yes protocol=tcp
add action=mark-connection chain=postrouting comment=dns disabled=yes \
    dst-port=53 new-connection-mark=web_conn passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=web_conn disabled=\
    yes new-packet-mark=web passthrough=no

add action=mark-connection chain=prerouting comment=All disabled=no \
    new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=\
    no new-packet-mark=other passthrough=no

add action=mark-connection chain=postrouting comment=All disabled=no \
    new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=postrouting connection-mark=other_conn disabled=\
    no new-packet-mark=other passthrough=no

Mangle rule

Mangle rule

Who is online