Hi Forum Gurus, Can you please review my QoS and offer up any suggestions. I am looking to revamp it or make it more efficient.
/queue type
set 0 bfifo-limit=20000 kind=bfifo
set 1 pfifo-limit=200
add kind=pcq name=pcq-upload-P2P pcq-classifier=dst-address pcq-limit=30KiB \
pcq-total-limit=1000KiB
add kind=pcq name=pcq-download-P2P pcq-classifier=src-address pcq-limit=30KiB \
pcq-rate=2M pcq-total-limit=1000KiB
add kind=pcq name=PCQ_IN pcq-classifier=src-address pcq-limit=10KiB \
pcq-total-limit=250KiB
add kind=pcq name=PCQ_OUT pcq-classifier=dst-address pcq-limit=10KiB \
pcq-total-limit=250KiB
add kind=pcq name=WAN_IN pcq-classifier=src-address,src-port \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=WAN_OUT pcq-classifier=dst-address,dst-port \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name="pcq-in 3M" pcq-burst-rate=3100k pcq-burst-threshold=3M \
pcq-classifier=src-address pcq-limit=10KiB pcq-rate=3M pcq-total-limit=\
1000KiB
add kind=pcq name="pcq-out 2M" pcq-burst-time=5s pcq-classifier=dst-address \
pcq-limit=10KiB pcq-rate=2M pcq-total-limit=1000KiB
add kind=pcq name="pcq-in 2900K" pcq-burst-rate=3M pcq-burst-threshold=2900k \
pcq-burst-time=5s pcq-classifier=src-address pcq-limit=10KiB pcq-rate=\
2900k pcq-total-limit=950KiB
add kind=pcq name="pcq-in 1500K" pcq-burst-rate=3M pcq-burst-threshold=1500k \
pcq-burst-time=5s pcq-classifier=src-address pcq-limit=10KiB pcq-rate=\
1500k pcq-total-limit=750KiB
add kind=pcq name="pcq-out 1500K" pcq-burst-rate=2M pcq-burst-threshold=1500k \
pcq-classifier=dst-address pcq-limit=10KiB pcq-rate=1500k \
pcq-total-limit=300KiB
add kind=pcq name="pcq-out 1400K" pcq-burst-rate=2M pcq-burst-threshold=1400k \
pcq-classifier=dst-address pcq-limit=10KiB pcq-rate=1400k \
pcq-total-limit=200KiB
add kind=none name=parent
add kind=mq-pfifo name=queue1
add kind=red name=queue2
add kind=sfq name=queue3
add kind=pcq name="pcq-in 2700K" pcq-burst-rate=3M pcq-burst-threshold=2700k \
pcq-classifier=src-address pcq-limit=10KiB pcq-rate=2700k \
pcq-total-limit=950KiB
add kind=pcq name=queue4 pcq-burst-rate=3M pcq-burst-threshold=1500k \
pcq-classifier=src-address pcq-limit=10KiB pcq-rate=1500k \
pcq-total-limit=750KiB
add kind=pcq name="pcq-in 2950K" pcq-burst-rate=3M pcq-burst-threshold=2950k \
pcq-burst-time=5s pcq-classifier=src-address pcq-limit=10KiB pcq-rate=\
2950k pcq-total-limit=975KiB
add kind=pcq name="pcq-in 2850K" pcq-burst-rate=3M pcq-burst-threshold=2850k \
pcq-burst-time=5s pcq-classifier=src-address pcq-limit=10KiB pcq-rate=\
2850k pcq-total-limit=950KiB
add kind=pcq name="pcq-out 1300K" pcq-burst-rate=2M pcq-burst-threshold=1300k \
pcq-burst-time=5s pcq-classifier=dst-address pcq-limit=10KiB pcq-rate=\
1300k pcq-total-limit=200KiB
add kind=pcq name="pcq-out 1200K" pcq-burst-rate=2M pcq-burst-threshold=1200k \
pcq-burst-time=5s pcq-classifier=dst-address pcq-limit=10KiB pcq-rate=\
1200k pcq-total-limit=200KiB
add kind=bfifo name=Test
/queue tree
add burst-limit=3100k burst-threshold=3M burst-time=10s limit-at=3M \
max-limit=3M name=Download parent=global priority=1 queue="pcq-in 3M"
add limit-at=1500k max-limit=1500k name=Upload parent=global priority=1 \
queue="pcq-out 1500K"
add burst-limit=3M burst-threshold=2500k burst-time=5s limit-at=2900k \
max-limit=2900k name="#3 http_in" packet-mark=http_in parent=Download \
priority=3 queue="pcq-in 2900K"
add burst-limit=2M burst-threshold=1300k burst-time=5s limit-at=1300k \
max-limit=1300k name="#3 http_out" packet-mark=http_out parent=Upload \
priority=3 queue="pcq-out 1300K"
add burst-limit=2M burst-threshold=1400k burst-time=10s limit-at=1400k \
max-limit=1400k name="#1 com_out" packet-mark=com_out parent=Upload \
priority=1 queue="pcq-out 1400K"
add burst-limit=3M burst-threshold=2500k burst-time=10s limit-at=2850k \
max-limit=2850k name="#7 pro_in" packet-mark=pro_in parent=Download \
priority=7 queue="pcq-in 2850K"
add burst-limit=2M burst-threshold=1300k burst-time=5s limit-at=1300k \
max-limit=1300k name="#7 pro_out" packet-mark=pro_out parent=Upload \
priority=7 queue="pcq-out 1300K"
add burst-limit=3M burst-threshold=1500k burst-time=5s limit-at=2850k \
max-limit=2850k name="#4 dwn_in" packet-mark=dwn_in parent=Download \
priority=4 queue="pcq-in 2850K"
add burst-limit=2M burst-threshold=1300k burst-time=5s limit-at=1300k \
max-limit=1300k name="#4 dwn_out" packet-mark=dwn_out parent=Upload \
priority=4 queue="pcq-out 1300K"
add burst-limit=3M burst-threshold=2700k burst-time=10s limit-at=2700k \
max-limit=2700k name="#8 p2p_in" packet-mark=p2p_in parent=Download \
queue="pcq-in 2700K"
add burst-limit=2M burst-threshold=1200k burst-time=5s limit-at=1200k \
max-limit=1200k name="#8 p2p_out" packet-mark=p2p_out parent=Upload \
queue="pcq-out 1200K"
add burst-limit=3M burst-threshold=2500k burst-time=10s limit-at=2850k \
max-limit=2850k name="#5 other_in" packet-mark=other_in parent=Download \
priority=5 queue="pcq-in 2850K"
add burst-limit=2M burst-threshold=1300k burst-time=5s limit-at=1300k \
max-limit=1300k name="#5 other_out" packet-mark=other_out parent=Upload \
priority=5 queue="pcq-out 1300K"
add burst-limit=3M burst-threshold=2500k burst-time=5s limit-at=2900k \
max-limit=2900k name="#2 ur_in" packet-mark=ur_in parent=Download \
priority=2 queue="pcq-in 2900K"
add burst-limit=2M burst-threshold=1300k burst-time=5s limit-at=1300k \
max-limit=1400k name="#2 ur_out" packet-mark=ur_out parent=Upload \
priority=2 queue="pcq-out 1300K"
add burst-limit=3M burst-threshold=2500k burst-time=5s limit-at=2950k \
max-limit=2950k name="#1 com_in" packet-mark=com_in parent=Download \
priority=1 queue="pcq-in 2950K"
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"QoS Mark Connection wan_in" in-interface=1_WAN_1 new-connection-mark=\
wan_in passthrough=yes
add action=mark-connection chain=postrouting comment=\
"QoS Mark Connection wan_out" new-connection-mark=wan_out out-interface=\
1_WAN_1 passthrough=yes
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=prerouting comment="DWN eDonkey2000 " \
connection-mark=wan_in layer7-protocol=edonkey new-packet-mark=dwn_in \
p2p=edonkey passthrough=no
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=edonkey new-packet-mark=p2p_out p2p=edonkey passthrough=\
no
add action=mark-packet chain=prerouting comment="DWN P2P 100bao" \
connection-mark=wan_in layer7-protocol=100bao new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=100bao new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P applejuice" \
connection-mark=wan_in layer7-protocol=applejuice new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=applejuice new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P ares" \
connection-mark=wan_in layer7-protocol=ares new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=ares new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P Direct Connect" \
connection-mark=wan_in layer7-protocol=directconnect new-packet-mark=\
dwn_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=directconnect new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"DWN P2P FastTrack, Kazaa, Morpheus, iMesh, Grokster, etc " \
connection-mark=wan_in layer7-protocol=fasttrack new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=fasttrack new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"DWN P2P GnucleusLAN - LAN-only " layer7-protocol=gnucleuslan \
new-packet-mark=dwn_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=gnucleuslan new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P Gnutella" \
connection-mark=wan_in layer7-protocol=gnutella new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=gnutella new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P GoBoogy - a Korean" \
connection-mark=wan_in layer7-protocol=goboogy new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=goboogy new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"DWN P2P iMesh - the native protocol of iMesh, a P2P application " \
connection-mark=wan_in layer7-protocol=imesh new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=imesh new-packet-mark=p2p_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P KuGoo - a Chinese" \
connection-mark=wan_in layer7-protocol=kugoo new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=kugoo new-packet-mark=dwn_out passthrough=no
add action=mark-packet chain=prerouting comment="DWN P2P MUTE" \
connection-mark=wan_in layer7-protocol=mute new-packet-mark=dwn_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=mute new-packet-mark=dwn_out passthrough=no
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=prerouting comment="DWN P2P Soulseek" \
connection-mark=wan_in layer7-protocol=soulseek new-packet-mark=dwn_in \
p2p=soulseek passthrough=no
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=soulseek new-packet-mark=dwn_out p2p=soulseek \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"UR Blizzard's Battle.net Diablo III" connection-mark=wan_in \
new-packet-mark=ur_in passthrough=no port=1119,6881-6999 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=ur_in passthrough=no port=1119,6881-6999 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"UR Blizzard's Battle.net gaming service and some games" connection-mark=\
wan_in new-packet-mark=ur_in passthrough=no port=6112 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=edonkey new-packet-mark=ur_out passthrough=no port=6112 \
protocol=tcp
add action=mark-packet chain=prerouting comment="UR Google Play, Android Cloud\
\_to Device Messaging Service, Google Cloud Messaging" connection-mark=\
wan_in new-packet-mark=ur_in passthrough=no port=5228 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=edonkey new-packet-mark=ur_out passthrough=no port=5228 \
protocol=tcp
add action=mark-packet chain=prerouting comment="UR Steam Game Client" \
connection-mark=wan_in new-packet-mark=ur_in passthrough=no port=\
27000-27030 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=ur_out passthrough=no port=27000-27015 protocol=udp
add action=mark-packet chain=prerouting comment="UR Steam Download" \
connection-mark=wan_in new-packet-mark=ur_in passthrough=no port=\
27014-27050 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wan_in \
new-packet-mark=ur_in passthrough=no port=27014-27050 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=ur_out passthrough=no port=27014-27050 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=ur_out passthrough=no port=27014-27050 protocol=udp
add action=mark-packet chain=prerouting comment="P2P bittorent" \
connection-mark=wan_in new-packet-mark=p2p_in passthrough=no port=10974 \
protocol=udp
add action=mark-packet chain=prerouting connection-mark=wan_in \
layer7-protocol=bittorrent1 new-packet-mark=p2p_in passthrough=no
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=prerouting connection-mark=wan_in \
new-packet-mark=p2p_in p2p=bit-torrent passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan_in \
layer7-protocol=bittorrent2 new-packet-mark=p2p_in passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan_in \
layer7-protocol=bittorrent3 new-packet-mark=p2p_in passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan_in \
layer7-protocol=bittorrent4 new-packet-mark=p2p_in passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan_in \
new-packet-mark=p2p_in passthrough=no port=6681 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=p2p_out passthrough=no port=10974 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=bittorrent1 new-packet-mark=p2p_out passthrough=no
# p2p matcher is obsolete please use layer7 matcher instead
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=p2p_out p2p=bit-torrent passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=bittorrent2 new-packet-mark=p2p_out passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=bittorrent3 new-packet-mark=p2p_out passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=bittorrent4 new-packet-mark=p2p_out passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=p2p_out passthrough=no port=6881 protocol=udp
add action=mark-packet chain=prerouting comment="DWN HTTP Download" \
connection-bytes=500000-0 connection-mark=wan_in new-packet-mark=dwn_in \
passthrough=no port=80 protocol=tcp
add action=mark-packet chain=postrouting connection-bytes=500000-0 \
connection-mark=wan_out new-packet-mark=dwn_out passthrough=no port=80 \
protocol=tcp
add action=mark-packet chain=prerouting comment="DWN HTTPS Download" \
connection-bytes=500000-0 connection-mark=wan_in new-packet-mark=dwn_in \
passthrough=no port=443 protocol=tcp
add action=mark-packet chain=postrouting connection-bytes=500000-0 \
connection-mark=wan_out new-packet-mark=https_out passthrough=no port=443 \
protocol=tcp
add action=mark-packet chain=prerouting comment="HTTP HTTP Request" \
connection-mark=wan_in new-packet-mark=http_in passthrough=no port=80 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=http_out passthrough=no port=80 protocol=tcp
add action=mark-packet chain=prerouting comment="HTTP HTTPS Request" \
connection-mark=wan_in new-packet-mark=http_in passthrough=no port=443 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=http_out passthrough=no port=443 protocol=tcp
add action=mark-packet chain=prerouting comment="COM whatsapp" \
connection-mark=wan_in new-packet-mark=com_in passthrough=no \
src-address-list=WhatsApp
add action=mark-packet chain=prerouting connection-mark=wan_in \
new-packet-mark=com_in passthrough=no port=5222,5223,5228 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
dst-address-list=WhatsApp new-packet-mark=com_out passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=5222,5223,5228 protocol=tcp
add action=mark-packet chain=prerouting comment="COM Google Hangouts" \
connection-mark=wan_in new-packet-mark=com_in passthrough=no port=\
19302,19303,19304,19305,19306,19307,19308,19309 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=vnc new-packet-mark=com_out passthrough=no port=\
19302,19303,19304,19305,19306,19307,19308,19309 protocol=udp
add action=mark-packet chain=prerouting comment=\
"COM Secure Internet Live Conferencing (SILC) (Official)" \
connection-mark=wan_in new-packet-mark=com_in passthrough=no port=706 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=706 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"COM RDP - Remote Desktop Protocol " connection-mark=wan_in \
new-packet-mark=com_in passthrough=no port=3389 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=3389 protocol=tcp
add action=mark-packet chain=prerouting comment="COM vnc" connection-mark=\
wan_in new-packet-mark=com_in passthrough=no port=5800,5900 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=5800,5900 protocol=tcp
add action=mark-packet chain=prerouting comment="COM winbox" connection-mark=\
wan_in new-packet-mark=com_in passthrough=no port=8291 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=8291 protocol=tcp
add action=mark-packet chain=prerouting comment="COM Teamviewer application " \
connection-mark=wan_in layer7-protocol=Teamviewer new-packet-mark=com_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=Teamviewer new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM Teamviewer1 application " connection-mark=wan_in layer7-protocol=\
Teamviewer1 new-packet-mark=com_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=Teamviewer1 new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM Teamviewer2 application " connection-mark=wan_in new-packet-mark=\
com_in passthrough=no port=5938 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=5938 protocol=tcp
add action=mark-packet chain=prerouting comment="COM MSN Messenger " \
connection-mark=wan_in layer7-protocol=msnmessenger new-packet-mark=\
com_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=msnmessenger new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM MSN (Micosoft Network) Messenger file transfers " connection-mark=\
wan_in layer7-protocol=msn-filetransfer new-packet-mark=com_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=msn-filetransfer new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment="COM aim mesenger" \
connection-mark=wan_in layer7-protocol=aim new-packet-mark=com_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=aim new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM Web service, iTunes Radio streams" connection-mark=wan_in \
new-packet-mark=com_in passthrough=no port=8130 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=aimwebcontent new-packet-mark=com_out passthrough=no \
port=8130 protocol=tcp
add action=mark-packet chain=prerouting comment="COM aim_messenger_web" \
connection-mark=wan_in layer7-protocol=aimwebcontent new-packet-mark=\
com_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=aimwebcontent new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM SIP - Session Initiation Protocol - Internet telephony " \
connection-mark=wan_in connection-type=sip layer7-protocol=sip \
new-packet-mark=com_in passthrough=no
add action=mark-packet chain=output connection-mark=wan_out connection-type=\
sip layer7-protocol=sip new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM Skype to phone - UDP voice call " connection-mark=wan_in \
layer7-protocol=skypeout new-packet-mark=com_in passthrough=no protocol=\
udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=skypeout new-packet-mark=com_out passthrough=no protocol=\
udp
add action=mark-packet chain=prerouting comment=\
"COM Skype to Skype - UDP voice call " connection-mark=wan_in \
layer7-protocol=skypetoskype new-packet-mark=com_in passthrough=no \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=skypetoskype new-packet-mark=com_out passthrough=no \
protocol=udp
add action=mark-packet chain=prerouting comment="COM Skype" connection-mark=\
wan_in new-packet-mark=com_in passthrough=no port=51477,40016 protocol=\
tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=51477,40016 protocol=tcp
add action=mark-packet chain=prerouting comment="COM H.323 - Voice over IP" \
connection-mark=wan_in layer7-protocol=h323 new-packet-mark=com_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=h323 new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM TeamSpeak - VoIP application " connection-mark=wan_in \
layer7-protocol=teamspeak new-packet-mark=com_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=Teamviewer new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM IRC - Internet Relay Chat" connection-mark=wan_in layer7-protocol=\
irc new-packet-mark=com_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=irc new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment="COM FTP" connection-mark=\
wan_in new-packet-mark=com_in passthrough=no port=21 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=21 protocol=udp
add action=mark-packet chain=prerouting comment="COM SSH" connection-mark=\
wan_in layer7-protocol=ssh new-packet-mark=com_in passthrough=no port=22 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=22 protocol=tcp
add action=mark-packet chain=prerouting comment="COM POP, SMTP" \
connection-mark=wan_in new-packet-mark=com_in passthrough=no port=25,110 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=25,110 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"COM POP31 - Post Office Protocol version 3" connection-mark=wan_in \
new-packet-mark=com_in passthrough=no port=995 protocol=tcp
add action=mark-packet chain=output connection-mark=wan_out new-packet-mark=\
com_out passthrough=no port=995 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"COM POP3 - Post Office Protocol version 3" connection-mark=wan_in \
new-packet-mark=com_in passthrough=no port=995 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=995 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"COM IMAP - Internet Message Access Protocol (A common e-mail protocol)" \
connection-mark=wan_in layer7-protocol=imap new-packet-mark=com_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=imap new-packet-mark=com_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"COM DNS - Domain Name System " connection-mark=wan_in new-packet-mark=\
com_in passthrough=no port=53 protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=com_out passthrough=no port=53 protocol=udp
add action=mark-packet chain=prerouting comment="PRO Extensible Messaging and \
Presence Protocol (XMPP) client connection over SSL (Official" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=\
5222-5223 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no port=5222-5223 protocol=tcp
add action=mark-packet chain=prerouting comment="PRO bgp_routing" \
connection-mark=wan_in layer7-protocol=bgp new-packet-mark=pro_in \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=bgp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO RTSP tunneled within HTTP" connection-mark=wan_in layer7-protocol=\
http-rtsp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=http-rtsp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO Ident - Identification Protocol - RFC 1413" connection-mark=wan_in \
layer7-protocol=ident new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=ident new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO RTSP - Real Time Streaming Protocol " connection-mark=wan_in \
layer7-protocol=rtsp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=rtsp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO FTPS Protocol (control): FTP over TLS/SSL (Official)" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=990 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=990 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"PRO Microsoft-DS Active Directory, Windows shares (Official)" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=445 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=445 protocol=tcp
add action=mark-packet chain=prerouting comment="PRO Mailbox Name Nameserver" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=105 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=105 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"PRO BGP (Border Gateway Protocol) (Official)" connection-mark=wan_in \
new-packet-mark=pro_in passthrough=no port=179 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=179 protocol=tcp
add action=mark-packet chain=prerouting comment="PRO Adobe Flash (Official)" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=843 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=843 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"PRO SMTP - Simple Mail Transfer Protocol " connection-mark=wan_in \
layer7-protocol=smtp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=smtp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment="PRO ICMP" connection-mark=\
wan_in new-packet-mark=pro_in passthrough=no protocol=icmp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment=\
"PRO IGMP- Internet Group Management Protocol" connection-mark=wan_in \
new-packet-mark=pro_in passthrough=no protocol=igmp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no protocol=igmp
add action=mark-packet chain=prerouting comment="PRO dhcp" connection-mark=\
wan_in layer7-protocol=dhcp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=dhcp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO NetBIOS - Network Basic Input Output System" connection-mark=wan_in \
layer7-protocol=netbios new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=netbios new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment="PRO dude" new-packet-mark=\
pro_in passthrough=no port=2210 protocol=tcp
add action=mark-packet chain=output connection-mark=wan_out new-packet-mark=\
pro_out passthrough=no port=2210 protocol=tcp
add action=mark-packet chain=prerouting comment="PRO Lite coin Wallet" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=9333 \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no port=9333 protocol=tcp
add action=mark-packet chain=prerouting comment="PRO Microsoft" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=\
49100-49900 protocol=tcp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no port=49100-49900 protocol=tcp
add action=mark-packet chain=prerouting comment=\
"PRO NNTP - Network News Transfer Protocol " connection-mark=wan_in \
layer7-protocol=nntp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=nntp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment=\
"PRO NTP - Network Time Protocol " connection-mark=wan_in \
layer7-protocol=ntp new-packet-mark=pro_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
layer7-protocol=ntp new-packet-mark=pro_out passthrough=no
add action=mark-packet chain=prerouting comment="PRO Teredo tunneling" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=3544 \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_in passthrough=no port=3544 protocol=udp
add action=mark-packet chain=prerouting comment=\
"PRO Mikrotik RouterOS Neighbor Discovery Protocol (MNDP)" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=5678 \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no port=5678 protocol=udp
add action=mark-packet chain=prerouting comment="PRO snmp161" \
connection-mark=wan_in new-packet-mark=pro_in passthrough=no port=161 \
protocol=udp
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=pro_out passthrough=no port=161 protocol=udp
add action=log chain=prerouting connection-mark=wan_in disabled=yes \
log-prefix="prerouting other"
add action=log chain=postrouting connection-mark=wan_out disabled=yes \
log-prefix="postrouting other"
add action=accept chain=prerouting comment="Bypass All LAN Traffic" \
dst-address-list=lan_all src-address-list=lan_all
add action=accept chain=postrouting dst-address-list=lan_all \
src-address-list=lan_all
add action=mark-packet chain=prerouting comment="ALL OTHER" connection-mark=\
wan_in new-packet-mark=other_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=wan_out \
new-packet-mark=other_out passthrough=no
Thanks in advance