I am thinking about dynamic mangling of ports to restrict use of P2P clients and need to write a script for dynamic creation of rules for Mangle chart, that would monitor the number of open connections from a port.
Example
Torrent Client uses port 12565 and seeders use this port for connection. If there are more than 10 connections on this port, a script would label this port as p2p port and will create a magle rule for limiting the speed of packets sent/received via this port in QueueTree.
Can anyone help with this?
My code looks like this, limitation works fine, but dynamic port detection is very slow.
:local i "10000";
:local a "1";
:local b "0";
:local c "0";
:local d "0";
:local e "0";
:local max "65535";
:while ( $a <= 6 ) do={
:while ( $b <= 9 ) do={
:while ( $c <= 9 ) do={
:while ( $d <= 9 ) do={
:while ( $e <= 9 && $i <= $max ) do={
if ([ip firewall mangle find dst-port=$i] != "") do={} else={
if ([ip firewall connection print count-only where dst-address~$i]>10) do={
ip firewall mangle add chain=forward protocol=17 dst-port=$i action=mark-packet new-packet-mark=P2P_Download;
ip firewall mangle add chain=forward protocol=6 dst-port=$i action=mark-packet new-packet-mark=P2P_Download;
ip firewall mangle add chain=forward protocol=17 src-port=$i action=mark-packet new-packet-mark=P2P_Upload;
ip firewall mangle add chain=forward protocol=6 src-port=$i action=mark-packet new-packet-mark=P2P_Upload}};
:set i "$a$b$c$d$e";
:set e ($e + 1)};
:set e "0";
:set d ($d + 1)};
:set d "0";
:set c ($c + 1)};
:set c "0";
:set b ($b + 1)};
:set b "0";
:set a ($a + 1);
:log info "Port Scan DONE!"}