Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

Traffic Prioritization Script

Post Reply
 
User avatar
rickfrey
Trainer
Trainer
Topic Author
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:
Contact rickfrey

Traffic Prioritization Script

Thu Aug 22, 2013 1:03 am

Here is a script I created that can be dropped into most any router to change Traffic Priorities. This can be a very useful script in many different ways. Please, try it out and let me know what you think about it. Please, let me know if you have any suggestions. Don't forget to leave Karma :D


#########################################################################################################
# Rick Frey's Basic Traffic Priorities Rev 3.0 #
#########################################################################################################
# Author: Rick Frey #
# email: consulting@iparchitechs.com #
# Username in MikroTik Forum is ssofet #
#########################################################################################################
# License #
# This script has been created for use by the general public and may be used freely. This script may #
# not be sold! #
########################################################################################################
# Features # #
# -Basic Traffic Priotization for VOIP applications #
# -WMM support (When WMM is enabled on the wireless interfaces) #
# -HT AMPDU Priotization (When enabled on the Wireless interfaces) #
#########################################################################################################

############################################################################################################################
#### These Mangle Rules set basic QOS Traffic Priorities for traffic passing through the router and Change the DSCP value ##
#### for certian services.##################################################################################################
############################################################################################################################

/ip firewall mangle

############################################################################################################################
#### Methods used to access the router are given the higest priority. These priorites only affect the router that these ####
#### rules reside on. ####
############################################################################################################################

add chain=output comment="Section Break" disabled=yes
add action=change-dscp chain=input comment="DSCP - 7 - API Port 8728 (Local Management)" dst-port=8728 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - Secure Web Access Port 443 (Local Management)" dst-port=443 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - Web Access Port 80 (Local Management)" dst-port=80 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - Winbox Port 8291 (Local Management)" dst-port=8291 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - Telnet Port 23 (Local Management)" dst-port=23 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - SSH Port 22 (Local Management)" dst-port=22 new-dscp=7 protocol=tcp
add action=change-dscp chain=input comment="DSCP - 7 - FTP Port 21 (Local Management)" dst-port=21 new-dscp=7 protocol=tcp
add chain=output comment="Section Break" disabled=yes


############################################################################################################################
#### Methods used to access other devices on the network are given the higest priority. These priorites only affect the ####
#### access to other devices. Add Network Admins to the "Network Admins" address list. ####
############################################################################################################################

add action=change-dscp chain=forward comment="DSCP - 7 - API Port 8728 (Remote Managemenet)" dst-port=8728 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - Secure Web Access Port 443 (Remote Managemenet)" dst-port=443 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - Web Access Port 80 (Remote Managemenet)" dst-port=80 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - Winbox Port 8291 (Remote Managemenet)" dst-port=8291 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - Telnet Port 23 (Remote Managemenet)" dst-port=23 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - SSH Port 22 (Remote Managemenet)" dst-port=22 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add action=change-dscp chain=forward comment="DSCP - 7 - FTP Port 21 (Remote Managemenet)" dst-port=21 new-dscp=7 protocol=tcp src-address-list="Network Admins"
add chain=output comment="Section Break" disabled=yes

/ip firewall address-list
add address=192.168.1.1 list="Network Admins" disabled=yes comment=Example

############################################################################################################################
#### This section sets priorities for administrative tunneling methods. This will exclude tunneling methods for hosts. ####
#### Add the IP address of the tunnel end point to the "Network Tunnels" address list. ####
############################################################################################################################

/ip firewall mangle
add action=change-dscp chain=prerouting comment="DSCP - 6 - PPTP Port 1723 (Local Management)" new-dscp=6 port=1723 protocol=tcp src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 6 - GRE Protocol (Local Management)" new-dscp=6 protocol=gre src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 6 - L2TP UDP Port 500 (Local Management)" new-dscp=6 port=500 protocol=udp src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 6 - L2TP UDP Port 1701 (Local Management)" new-dscp=6 port=1701 protocol=udp src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 6 - L2TP UDP Port 4500 (Local Management)" new-dscp=6 port=4500 protocol=udp src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 6 - OVPN TCP Port 1194 (Local Management)" new-dscp=6 port=1194 protocol=tcp src-address-list="Network Tunnels"
add action=change-dscp chain=prerouting comment="DSCP - 5 - SSTP TCP Port 443 (Local Management)" new-dscp=5 port=443 protocol=tcp src-address-list="Network Tunnels"
add chain=output comment="Section Break" disabled=yes

/ip firewall address-list
add address=192.168.1.1 list="Network Tunnels" disabled=yes comment=Example
############################################################################################################################
#### This section sets priorities for tunneling methods used by the hosts on your LAN. ####
############################################################################################################################

/ip firewall mangle
add action=change-dscp chain=forward comment="DSCP - 6 - PPTP Port 1723 (LAN Traffic)" new-dscp=5 port=1723 protocol=tcp
add action=change-dscp chain=forward comment="DSCP - 6 - GRE Protocol (LAN Traffic)" new-dscp=5 protocol=gre
add action=change-dscp chain=forward comment="DSCP - 6 - L2TP UDP Port 500 (LAN Traffic)" new-dscp=5 port=500 protocol=udp
add action=change-dscp chain=forward comment="DSCP - 6 - L2TP UDP Port 1701 (LAN Traffic)" new-dscp=5 port=1701 protocol=udp
add action=change-dscp chain=forward comment="DSCP - 6 - L2TP UDP Port 4500 (LAN Traffic)" new-dscp=5 port=4500 protocol=udp
add action=change-dscp chain=forward comment="DSCP - 6 - OVPN TCP Port 1194 (LAN Traffic)" new-dscp=5 port=1194 protocol=tcp
add action=change-dscp chain=forward comment="DSCP - 5 - SSTP TCP Port 443 (LAN Traffic)" new-dscp=5 port=443 protocol=tcp
add chain=output comment="Section Break" disabled=yes


############################################################################################################################
#### This section sets priorities for VOIP Traffic ####
############################################################################################################################

add action=change-dscp chain=postrouting comment="DSCP - 7 - Skype, HTTPS" disabled=no dst-port=443 new-dscp=7 passthrough=yes protocol=tcp
add action=change-dscp chain=postrouting comment="DSCP - 7 - VOIP" disabled=no new-dscp=7 passthrough=yes port=1167,1719,1720,8010 protocol=udp
add action=change-dscp chain=postrouting comment="DSCP - 7 - VOIP" disabled=no new-dscp=7 passthrough=yes port=1719,1720,8008,8009 protocol=tcp
add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP" disabled=no new-dscp=7 passthrough=yes port=5060 protocol=tcp
add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP" disabled=no new-dscp=7 passthrough=yes port=5060 protocol=udp
add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP 5004" disabled=no new-dscp=7 passthrough=yes port=5004 protocol=udp
add action=change-dscp chain=postrouting comment="Priority - 7 - Ventrilo VOIP" disabled=no new-priority=7 passthrough=yes port=3784 protocol=tcp
add action=change-dscp chain=postrouting comment="Priority - 7 - Ventrilo VOIP" disabled=no new-priority=7 passthrough=yes port=3784,3785 protocol=udp
add action=change-dscp chain=postrouting comment="Priority - 7 - Windows Live Messenger Voice" disabled=no new-priority=7 passthrough=yes port=6901 protocol=tcp
add action=change-dscp chain=postrouting comment="Priority - 7 - Windows Live Messenger Voice" disabled=no new-priority=7 passthrough=yes port=6901 protocol=udp
add chain=output comment="Section Break" disabled=yes


############################################################################################################################
#### This section sets priorities for normal LAN Traffic ####
############################################################################################################################

add action=set-priority chain=prerouting comment="Priority - 6 - SSH" disabled=no new-priority=6 passthrough=yes port=22 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 6 - Telnet" disabled=no new-priority=6 passthrough=yes port=23 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 6 - ICMP" disabled=no new-priority=6 passthrough=yes protocol=icmp
add action=set-priority chain=prerouting comment="Priority - 6 - TCP DNS Requests" disabled=no new-priority=6 passthrough=yes port=53 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 6 - UDP DNS & mDNS Requests" disabled=no new-priority=6 passthrough=yes port=53,5353 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 6 - PPTP VPNs" disabled=no new-priority=6 passthrough=yes port=1723 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 6 - PPTP VPNs" disabled=no new-priority=6 passthrough=yes port=1723 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 6 - SSH" disabled=no new-priority=6 passthrough=yes port=22 protocol=udp

add action=set-priority chain=prerouting comment="Priority - 5 - HTTP Requests" connection-bytes=0-5000000 disabled=no dst-port=80 new-priority=5 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 5 - ICQ" disabled=no new-priority=5 passthrough=yes port=5190 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 5 - Yahoo IM" disabled=no new-priority=5 passthrough=yes port=5050 protocol=tcp

add action=set-priority chain=prerouting comment="Priority - 4 - AOL, IRC" disabled=no new-priority=4 passthrough=yes port=531,5190,6660-6669,6679,6697 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 4 - AOL, IRC" disabled=no new-priority=4 passthrough=yes port=531 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 4 - Time" disabled=no new-priority=4 passthrough=yes port=37 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 4 - Time" disabled=no new-priority=4 passthrough=yes port=37,123 protocol=udp

add action=set-priority chain=prerouting comment="Priority - 0 - SFTP" disabled=no dst-port=22 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - FTP" disabled=no dst-port=20,21 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - HTTP Downloads" connection-bytes=5000000-0 disabled=no new-priority=0 passthrough=yes port=80 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Mail Services" disabled=no port=110,995,143,993,25,57,109,465,587 new-priority=0 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - SNMP" disabled=no new-priority=0 passthrough=yes port=161,162 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - SNMP" disabled=no new-priority=0 passthrough=yes port=162 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - IMAP, IMAPS" disabled=no new-priority=0 passthrough=yes port=220,993 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - IMAP" disabled=no new-priority=0 passthrough=yes port=220 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Doom FPS" disabled=no new-priority=0 passthrough=yes port=666 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - America's Army MMO" disabled=no new-priority=0 passthrough=yes port=1716 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Civilization MMO" disabled=no new-priority=0 passthrough=yes port=2056 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Halo: Combat Evolved MMO" disabled=no new-priority=0 passthrough=yes port=2302 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Dark Ages" disabled=no port=2610 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Xbox Live" disabled=no new-priority=0 passthrough=yes port=3074 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Xbox Live" disabled=no new-priority=0 passthrough=yes port=3074 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Blizzard Games Online" disabled=no new-priority=0 passthrough=yes port=3723,6112 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Blizzard Games Online" disabled=no new-priority=0 passthrough=yes port=3723 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - WoW MMO" disabled=no new-priority=0 passthrough=yes port=3724 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - WoW MMO" disabled=no new-priority=0 passthrough=yes port=3724 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Club Penguin Disney Online" disabled=no new-priority=0 passthrough=yes port=3724,6112,6113,9875 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Diablo II" disabled=no new-priority=0 passthrough=yes port=4000 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Diablo II" disabled=no new-priority=0 passthrough=yes port=4000 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Microsoft Ants MMO" disabled=no new-priority=0 passthrough=yes port=4001 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Google Desktop" disabled=no new-priority=0 passthrough=yes port=4664 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - BZFlag" disabled=no new-priority=0 passthrough=yes port=5154 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - BZFlag" disabled=no new-priority=0 passthrough=yes port=5154 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Freeciv MMO" disabled=no new-priority=0 passthrough=yes port=5556 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Freeciv MMO" disabled=no new-priority=0 passthrough=yes port=5556 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Windows Live Messenger File Transfer" disabled=no new-priority=0 passthrough=yes port=6891-6900 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Enemy Territory: Quake Wars" disabled=no new-priority=0 passthrough=yes port=7133 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Teamspeak" disabled=no new-priority=0 passthrough=yes port=8767-8768 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Teamspeak" disabled=no new-priority=0 passthrough=yes port=9987 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Earthland Relams 2" disabled=no new-priority=0 passthrough=yes port=8888-8889 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Sony Playstation" disabled=no new-priority=0 passthrough=yes port=9293 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield 1942 MMO" disabled=no new-priority=0 passthrough=yes port=14567 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield Vietnam" disabled=no new-priority=0 passthrough=yes port=15567 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield 2" disabled=no new-priority=0 passthrough=yes port=16567 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Quake" disabled=no new-priority=0 passthrough=yes port=26000 protocol=tcp
add action=set-priority chain=prerouting comment="Priority - 0 - Quake" disabled=no new-priority=0 passthrough=yes port=26000,27901,27960 protocol=udp
add action=set-priority chain=prerouting comment="Priority - 0 - Call of Duty" disabled=no new-priority=0 passthrough=yes port=28960 protocol=udp
add chain=output comment="Section Break" disabled=yes


############################################################################################################################
#### This section sets priorities for Layer 7 Traffic Matching. This can be extremely CPU intensive!!! ####
############################################################################################################################

#########################################
#### P2p ####
#########################################

/ip firewall layer7-protocol
add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\
\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99\
\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_\
register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
\$"
add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0\
-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
..................\?lime)"
add name=poco regexp="^\80\94\
\n\01....\1F\9E"
add name=applejuice regexp="^ajprot\r\
\n"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\
\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=kugoo regexp="^1..\8E"
add name=ares regexp="^\03[]Z].\?.\?\05\$"
add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ \
-~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: \
kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g\
ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=100bao regexp="^\01\01\05\
\n"
add name=gnucleuslan regexp=\
"gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0\
-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=thecircle regexp=\
"^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>........................\
........</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host:\
\_imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\
\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\
\02)\83)"

/ip firewall mangle
add action=set-priority chain=forward comment="Priority - 0 - File Sharing" p2p=all-p2p
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - 100bao" layer7-protocol=100bao
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Applejuice" layer7-protocol=applejuice
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Ares" layer7-protocol=ares
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Bittorrent" layer7-protocol=bittorrent
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Direct Connect" layer7-protocol=directconnect
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - eDonkey" layer7-protocol=edonkey
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Fasttrack" layer7-protocol=fasttrack
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - gnucleuslan" layer7-protocol=gnucleuslan
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - gnutella" layer7-protocol=gnutella
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Goboogy" layer7-protocol=goboogy
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Hotline" layer7-protocol=hotline
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - iMesh" layer7-protocol=imesh
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Kugoo" layer7-protocol=kugoo
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Mute" layer7-protocol=mute
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Napster" layer7-protocol=napster
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - OpenFT" layer7-protocol=openft
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Poco" layer7-protocol=poco
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Soribada" layer7-protocol=soribada
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Soulseek" layer7-protocol=soulseek
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Tesla" layer7-protocol=tesla
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - The Circle" layer7-protocol=thecircle
add action=set-priority chain=forward comment="Priority - 0 - File Sharing - Xunlei" layer7-protocol=xunlei
add chain=output comment="Section Break" disabled=yes

#########################################
#### VOIP ####
#########################################

/ip firewall layer7-protocol
add name=sip regexp=\
"^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=h323 regexp=\
"^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add name=skypetoskype regexp="^..\02............."
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=stun regexp="^[\01\02]................\?\$"

/ip firewall mangle
add action=set-priority chain=forward comment="Priority - 0 - VOIP - h323" layer7-protocol=h323 new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - SIP" layer7-protocol=sip new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - Skypeout" layer7-protocol=skypeout new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - skypetoskype" layer7-protocol=skypetoskype new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - STUN" layer7-protocol=stun new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - Teamspeak" layer7-protocol=teamspeak new-priority=7
add action=set-priority chain=forward comment="Priority - 0 - VOIP - Ventrilo" layer7-protocol=ventrilo new-priority=7
/
You do not have the required permissions to view the files attached to this post.
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Traffic Prioritization Script

Thu Aug 22, 2013 1:14 am

Nice. Thanks.

Sent from my SCH-I545 using Tapatalk 4
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Traffic Prioritization Script

Wed Sep 04, 2013 3:50 pm

just wondering: do you really understand what "action=set-priority" does?..
Top
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Traffic Prioritization Script

Wed Sep 04, 2013 5:25 pm

ssofet,
Appreciate your efforts. I will study this script. However, I think it can be done a lot simpler and then let people configure it from here. There is no way I would use a regex that big! To see my efforts look at post #3 in this thread. I'm attempting to create a generic script as well. I may utilize your suggestion of connection-bytes. Correct me if I'm wrong but setting DSCP (or Tos values) is only helpful for up or downstream routers and switches in the customer's network. If the MikroTik is the edge device it will not help much to set DSCP on outgoing traffic to a WAN.
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Traffic Prioritization Script

Thu Sep 05, 2013 1:54 am

Correct me if I'm wrong but setting DSCP (or Tos values) is only helpful for up or downstream routers and switches in the customer's network.
the same with 'priority' value - it's just a field in a packet, it changes nothing in packet processing of the current router
Top
 
Rubal
just joined
Posts: 3
Joined: Tue Aug 23, 2011 8:54 am

Re: Traffic Prioritization Script

Thu Oct 10, 2013 4:49 pm

Hi,

I want to disallow Skype for all users on LAN and only allow it for few admins.

How I can do so?
Top
 
User avatar
rickfrey
Trainer
Trainer
Topic Author
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:
Contact rickfrey

Re: Traffic Prioritization Script

Thu Oct 10, 2013 8:29 pm

My intent with the DSCP was to change the priority of traffic from the LAN, passing through the router, to the outside world. I set the DSCP values so that they are backwards compatible with TOS. That has worked pretty well for me. As far as setting the traffic priorities, I change these values on case by case basis, but I prefer them to start as just priorities and not as DSCP/ TOS values. It depends on the situation as to which one is the right choice. Initially, I had rules set for both values and I would disable or enable the set I wanted. That wasn't any less work than just editing one set of rules. The Layer 7 portion, is something that I have been experimenting with. Since my gateway routers are usually pretty powerful, I don't have to overcome that as a problem, but I am still fine tuning this process.
Top
 
hameed
newbie
Posts: 33
Joined: Thu Dec 20, 2012 7:20 am

Re: Traffic Prioritization Script

Wed Oct 30, 2013 12:15 pm

Hi all,

I want help to configure mangle rules.

we are running a network of 300 customers, and i bypassed one ip and created a 10 MB queue for bandwidth management, but due to insufficient bandwidth on our network that customer is getting very low bandwidth.

I want to create a fixed bandwidth of 10 mb for IP's ex:192.168.0.1 , 192.168.0.2, 192.168.0.3 and rest of the bandwidth for others users.

please help to configure.

Thank You
Top
 
ronix
Member Candidate
Member Candidate
Posts: 151
Joined: Thu Nov 17, 2011 6:51 pm

Re: Traffic Prioritization Script

Tue Dec 03, 2013 1:01 am

the same with 'priority' value - it's just a field in a packet, it changes nothing in packet processing of the current router
so what is the meaning of use action=set-priority in mangle ??

please we need more explanation about it...
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Traffic Prioritization Script

Thu Dec 05, 2013 11:33 am

the same with 'priority' value - it's just a field in a packet, it changes nothing in packet processing of the current router
so what is the meaning of use action=set-priority in mangle ??

please we need more explanation about it...
the meaning is that you can set some value, and that value can be visible by the next device, unlike packet mark, etc.
Top
 
ronix
Member Candidate
Member Candidate
Posts: 151
Joined: Thu Nov 17, 2011 6:51 pm

Re: Traffic Prioritization Script

Sat Dec 07, 2013 10:16 pm

the meaning is that you can set some value, and that value can be visible by the next device, unlike packet mark, etc.
noted...

thank you for your help...
Top
 
alger
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Tue Dec 19, 2006 12:35 pm
Location: Russia
Contact:
Contact alger

Re: Traffic Prioritization Script

Thu Sep 08, 2016 7:09 pm

/ip firewall mangle
add action=set-priority chain=forward comment="Priority - 0 - File Sharing" p2p=all-p2p
/
Please explain why you use priority 0. if a valid value is from 1 to 8.
/ip firewall mangle
add action=set-priority chain=forward comment="Priority - 0 - VOIP - SIP" layer7-protocol=sip new-priority=7
/
And why for voip traffic, the lowest priority set 7 instead of 1?
Top
 
umfunix
just joined
Posts: 3
Joined: Tue Apr 25, 2017 5:08 pm

Re: Traffic Prioritization Script

Fri Aug 04, 2017 1:35 pm

Great script, thanks.

I don't need all of them but would like to ask another question.

I have 2 WAN links, one with a set upload bandwidth while the other one is DSL (best effort and lower upload bandwidth).
WAN1 4m up and down
WAN2 10M down, 2M up

I would like to ensure that all uploads go through WAN1. I have these rules already setup - are they efficient as it doesn't look like my uploads go through WAN1 as a priority. WHat I've also noted is, since I've enabled the up and downloads packet marks, my VOIP is not registering anymore :-(
Code: Select all
# aug/04/2017 10:06:42 by RouterOS 6.39.1
#
/ip firewall mangle
add action=accept chain=prerouting comment="WAN2 accept" dst-address=x.x.x.x \
    dst-address-list=Connected in-interface=bridge src-address-list=Connected
add action=accept chain=prerouting comment="WAN1 accept" dst-address=\
    x.x.x.x dst-address-list=Connected in-interface=bridge src-address-list=\
    Connected
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    ether3_WAN1 new-connection-mark=WAN1->inet passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    ether4_WAN2 new-connection-mark=WAN2->inet passthrough=no
add action=mark-routing chain=output comment="to WAN1 " \
    connection-mark=WAN1->inet new-routing-mark=WAN1_Route passthrough=no
add action=mark-routing chain=output comment="to WAN2 " connection-mark=\
    WAN2->inet new-routing-mark=WAN2_Route passthrough=no
add action=mark-connection chain=prerouting comment=WAN2 connection-mark=\
    no-mark dst-address-type=!local in-interface=bridge new-connection-mark=\
    WAN2->inet passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1 src-address-type=""
add action=mark-connection chain=prerouting comment=WAN1 connection-mark=\
    no-mark dst-address-type=!local in-interface=bridge new-connection-mark=\
    WAN1->inet passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0 src-address-type=""
add action=mark-connection chain=prerouting comment="WAN1 to LAN" \
    connection-mark=no-mark in-interface=ether3_WAN1 new-connection-mark=\
    WAN1->LANs passthrough=no
add action=mark-connection chain=prerouting comment="WAN2 to LAN" \
    connection-mark=no-mark in-interface=ether4_WAN2 new-connection-mark=\
    WAN2->LANs passthrough=no
add action=mark-routing chain=prerouting comment="Routing Mark WAN2" \
    connection-mark=WAN2->inet in-interface=bridge new-routing-mark=\
    WAN2_Route passthrough=yes
add action=mark-routing chain=prerouting comment="Routing Mark WAN1" \
    connection-mark=WAN1->inet in-interface=bridge new-routing-mark=\
    WAN1_Route passthrough=yes
add action=mark-connection chain=forward comment="VoIP SIP conn mark" \
    connection-state=new dst-address=0.0.0.0 dst-port=5060 \
    new-connection-mark=VOIP passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="WAN2b VoIP SIP conn mark" \
    connection-state=new dst-address=196.28.95.12 dst-port=5060 \
    new-connection-mark=VOIP passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="VBX VoIP SIP conn mark" \
    connection-state=new dst-address=196.2.147.146 dst-port=5060 \
    new-connection-mark=VOIP passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="VoIP SIP packet mark" \
    connection-mark=VOIP log=yes log-prefix=VoIP new-packet-mark=VOIP_packet \
    passthrough=yes
add action=mark-connection chain=forward comment="VoIP RTP conn mark" \
    connection-state=new dst-address=0.0.0.0 dst-port="" new-connection-mark=\
    RTP passthrough=yes port=10000-20000 protocol=udp
add action=mark-connection chain=forward comment="VoIP1 RTP conn mark" \
    connection-state=new dst-address=x.x.x.x dst-port="" \
    new-connection-mark=RTP passthrough=yes port=10000-20000 protocol=udp
add action=mark-connection chain=forward comment="VoIP2 RTP conn mark" \
    connection-state=new dst-address=x.x.x.x dst-port="" \
    new-connection-mark=RTP passthrough=yes port=10000-20000 protocol=udp
add action=mark-packet chain=forward comment="VoIP RTP packet mark" \
    connection-mark=RTP log=yes log-prefix=RTP_packet new-packet-mark=\
    RTP_packet passthrough=yes
add action=change-dscp chain=postrouting comment="RTP DSCP " new-dscp=46 \
    out-interface=bridge packet-mark=RTP_packet passthrough=yes
add action=mark-packet chain=forward comment="download W1 packets" \
    connection-mark=WAN1->LANs new-packet-mark=download-pk1 passthrough=\
    yes
add action=mark-packet chain=forward comment="download W2 packets" \
    connection-mark=WAN2->LANs new-packet-mark=download-pk2 passthrough=yes
add action=mark-packet chain=prerouting comment="WAN2 Upload-packets" \
    connection-mark=WAN2->inet new-packet-mark=upload-pk2 passthrough=yes \
    per-connection-classifier=dst-address-and-port:2/1
add action=mark-packet chain=prerouting comment="WAN1 Upload-packets" \
    connection-mark=WAN1->inet new-packet-mark=upload-pk1 passthrough=yes \
    per-connection-classifier=dst-address-and-port:2/0
add action=mark-packet chain=forward comment="http download pakcets W1" \
    new-packet-mark=http-dwnld-pk1 packet-mark=download-pk1 passthrough=no \
    port=80,443 protocol=tcp
add action=mark-packet chain=forward comment="http download pakcets W2" \
    new-packet-mark=http-dwnld-pk2 packet-mark=download-pk2 passthrough=no \
    port=80,443 protocol=tcp
add action=mark-packet chain=forward comment="WAN1 http upload pk" \
    new-packet-mark=http-upld1 packet-mark=upload-pk1 passthrough=no port=\
    80,443 protocol=tcp
add action=mark-packet chain=forward comment="WAN2 http upload pk" \
    new-packet-mark=http-upld2 packet-mark=upload-pk2 passthrough=no port=\
    80,443 protocol=tcp
add action=mark-packet chain=forward comment="all other download pkcs W1" \
    new-packet-mark=other-dwnld1 packet-mark=download-pk1 passthrough=no
add action=mark-packet chain=forward comment="all other download pkcs W2" \
    new-packet-mark=other-dwnld2 packet-mark=download-pk2 passthrough=no
add action=mark-packet chain=forward comment=\
    "WAN1 all other upload packets" new-packet-mark=other-upld1 \
    packet-mark=upload-pk1 passthrough=no
add action=mark-packet chain=forward comment="WAN2 all other upload packets" \
    new-packet-mark=other-upld2 packet-mark=upload-pk2 passthrough=no

/queue tree
add comment="VOIP q tree " \
    max-limit=4M name=VoIP_up packet-mark=RTP_packet parent=ether3_WAN1 \
    priority=2 queue=default
add limit-at=1024 max-limit=1024 name=VoIP_RTP packet-mark=RTP_packet parent=\
    VoIP_up priority=2 queue=default
add limit-at=440 max-limit=440 name=VoIP_Sip packet-mark=VOIP_packet parent=\
    VoIP_up priority=2 queue=default
add max-limit=3M name=VoIP_nomark packet-mark=no-mark parent=VoIP_up \
    priority=5 queue=default
add limit-at=4M max-limit=4M name=VoIP_down packet-mark=RTP_packet parent=\
    bridge queue=default
add limit-at=1024 max-limit=1024 name=VoIP_RTP_d packet-mark=RTP_packet \
    parent=VoIP_down priority=2 queue=default
add limit-at=440 max-limit=440 name=VoIP_SIP_d packet-mark=VOIP_packet \
    parent=VoIP_down priority=2 queue=default
add limit-at=10M max-limit=10M name=VoIP_nom_d packet-mark=no-mark parent=\
    VoIP_down priority=5 queue=default
add max-limit=10M name="All Bandwidth" parent=global priority=1 queue=default
add max-limit=4M name="Download W1" packet-mark=download-pk1 parent=\
    "All Bandwidth" priority=3 queue=default
add max-limit=4M name="http download w1" packet-mark=http-dwnld-pk1 parent=\
    "Download W1" priority=3 queue=pcq-download-default
add max-limit=4M name="other dwnld" packet-mark=other-dwnld1 parent=\
    "Download W1" priority=4 queue=pcq-download-default
add max-limit=4M name="Upload WAN1" packet-mark=upload-pk1 parent=\
    "All Bandwidth" priority=3 queue=default
add max-limit=4M name="http upload w1" packet-mark=http-upld1 parent=\
    "Upload WAN1" priority=3 queue=pcq-upload-default
add max-limit=4M name="other upload w1" packet-mark=other-upld1 parent=\
    "Upload WAN1" priority=4 queue=pcq-upload-default
add max-limit=10M name="Download W2" packet-mark=download-pk2 parent=\
    "All Bandwidth" priority=3 queue=default
add max-limit=10M name="http download w2" packet-mark=http-dwnld-pk2 parent=\
    "Download W2" priority=3 queue=pcq-download-default
add max-limit=10M name="other download w2" packet-mark=other-dwnld2 parent=\
    "Download W2" priority=4 queue=pcq-download-default
add comment="WAN2 upload" max-limit=2M name="Upload WAN2" packet-mark=\
    upload-pk2 parent="All Bandwidth" queue=default
add max-limit=2M name="http upload w2" packet-mark=http-upld2 parent=\
    "Upload WAN2" queue=pcq-upload-default
add max-limit=2M name="other upload w2" packet-mark=other-upld2 parent=\
    "Upload WAN2" queue=pcq-upload-default
Thanks.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 75 guests
  4. RouterOS
  5. Scripting