down limit

beginner16 · January 9, 2017, 8:55pm

Hello people. I have a problem, I use the following rule, I would like to single ip address of this policy does not apply. I would be grateful if you would help me. For example ip 192.168.2.253 this rule does not apply. Thanks

/ip firewall mangle
add action=mark-connection chain=prerouting connection-bytes=
262146-4294967295 in-interface=ether1 new-connection-mark=download
protocol=tcp src-port=21,80
add action=mark-packet chain=prerouting connection-mark=download
in-interface=ether1 new-packet-mark=download passthrough=no

/queue type
add kind=pcq name=shape pcq-classifier=src-address pcq-dst-address6-mask=64
pcq-rate=128k pcq-src-address6-mask=64

/queue tree
add max-limit=128k name=Download packet-mark=download parent=global queue=
shape

Sob · January 10, 2017, 12:12am

If it’s traffic from internet to LAN, then destination address in prerouting chain is not 192.168.2.253 yet, it’s the address on WAN port. But you should be able to move this marking rule to forward chain where the address already changed and then add dst-address=!192.168.2.253.

beginner16 · January 13, 2017, 6:40pm

I tried this way but can not

/ip firewall mangle
add action=mark-connection chain=prerouting connection-bytes=
262146-4294967295 dst-address=!192.168.2.253 in-interface=ether1
new-connection-mark=download protocol=tcp src-port=21,80
add action=mark-packet chain=prerouting connection-mark=download dst-address=
!192.168.2.253 in-interface=ether1 new-packet-mark=download passthrough=
no

Sob · January 13, 2017, 10:39pm

I meant this:

/ip firewall mangle
add action=mark-connection chain=forward connection-bytes=262146-4294967295
in-interface=ether1 dst-address=!192.168.2.253 new-connection-mark=download
protocol=tcp src-port=21,80
add action=mark-packet chain=forward connection-mark=download
in-interface=ether1 new-packet-mark=download passthrough=no

beginner16 · January 14, 2017, 8:53am

Briefly, clearly, this is it. Thank you, Doctor!