There is IMHO a better way.
I do marking in the prerouting chain at the moment for connections, forward for packets.
- First rule connection: If the connection has a mark, return.
- Then I have all the rules assigning connection marks.
Postrouting:
- First rules for all traffi types, more important first. They assign packet marks (used for queues) according to connection mark.
- Last rule: connection no-mark → no action (tracks traffic of that type, which is LITTLE, possibly technial syn etc.).
I keep forward empty due to automatic rules by VPN’s.
I currently struggle with getting nths splits between VPN done at the same time which sadly are address specific. I just wish Mikrotik would have per per connection routing marks.