Hello friends, I want to limit the speed of facebook, what do you recommend to do ?, I have seen many videos that do it by layer 7, but I would like to do it in another way, someone to guide me. Thank you for your answers.
Nobody limits facebook on your network?
No 
Facebook traffic is not really high and not so bandwidth-consuming as it’s a lot of GET requests with little transfer per request.
I made the experience that limiting sites like this is more labor than you would gain out of it. Limiting sites with big transfers is much more suitable so that a decent amount of your backhaul b/w is still available for other stuff.
If you still feel like limiting facebook traffic, get their current address space with
whois -h whois.radb.net '!gAS32934'
Add all this to an address list.
Mark packets to/from these addresses.
Use the packet marks for your queues.
No Layer7 involved.
Make sure you update the address list on a regular basis.
-Chris
I understand friend, so what traffic do you recommend me to limit or what traffic do you limit?
It strongly depends on your organizational structure and what services your staff is supposed to use.
Everything that syncs back to a cloud (Like Dropbox, iCloud, Google Drive, etc) is a good start to limit - especially as those syncs happen in background, nobody would really notice that the task is taking slightly longer. When using DFS in a distributed Active Directory, that is something that shouldn’t be limited.
If you have a guest WiFi network, that could be rate-limited as well.
I usually schedule Queues - limit at daytime, more b/w during off-office-hours, but strictly limited during the windows we sync our backups against AWS.
When using VoIP, reserving a small amount MBps for SIP traffic makes sense.
With all this - always bare in mind that you could turn a good user experience into a really bad one, so don’t overdo it.
You ideally enabled interface graphing a long time ago - have a look at your WAN graphs, match it against the bandwidth you booked and then consider again if you really have th eneed to limit.
If your overall link saturation is below 75%, I don’t see a reason to limit anything. What is worse? A short period of saturation or a longer period of almost-saturated uplinks?
The sooner a transfer ends, the sooner bandwidth is available to others again.
-Chris
Thanks Chris, I have a CYBER CAFE and this is my connection markup and my package marking in mangle, I want to limit the navigation WEB, facebook, youtube, check it to see and tell me
add action=mark-connection chain=prerouting comment=“-----ICMP (PING)-----”
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=
ICMP passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS-----
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=DNS
passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE-----
new-connection-mark=YOUTUBE_C passthrough=yes port=80,443 protocol=tcp
src-address-list=“YOUTUBE LIST”
add action=mark-connection chain=prerouting new-connection-mark=YOUTUBE_C
passthrough=yes port=80,443 protocol=udp src-address-list=“YOUTUBE LIST”
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C
new-packet-mark=YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK-----
layer7-protocol=FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C
new-packet-mark=FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB-----
connection-mark=!WEB_BIG new-connection-mark=WEB_C passthrough=yes port=
80,443,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG-----
connection-bytes=2496000-0 connection-mark=WEB_C connection-rate=2112k-10240
new-connection-mark=WEB_BIG passthrough=yes src-address-list=“BLOQUEO CYBER”
add action=mark-packet chain=prerouting connection-mark=WEB_BIG new-packet-mark=
WEB-BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=WE
passthrough=no
add action=mark-connection chain=prerouting comment=-----REST-----
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=
REST passthrough=no