dpenava
January 14, 2011, 11:13am
1
I need some help, I have 60 computers in LAN network and I want to share an Internet bandwidth between them dynamically, so no one could “kill” internet access with large download, but also to have full bandwidth when no one is using internet. Internet connection speed is 10 Mbit.
Also for some computers I want to set priority (mail server), for some to have guaranteed speed (me
I only managed to limit speed to some of IP’s, but I need more complex configuration.
Thx in advance for help!
nny
January 15, 2011, 4:50am
2
You can setup layer7 then mangle rules then queues for each type of traffic you want to limit. I think simple queues get processed first so you can add simple queue for your pc and 1 for mail server to allow what ever bandwidth you want.
ex:
/ip firewall layer7-protocol
add comment="" name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\
\15\16\18\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\
\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add comment="" name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^\
get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add comment="" name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
\$"
add comment="" name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add comment="" name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect\
/[012]\\.[0-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
..................\?lime)"
add comment="" name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
\n"
add comment="" name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add comment="" name=shoutcast regexp=\
"icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add comment="" name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?\
][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01\
-\10\1C][\01\03\04\FF]"
add comment="" name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add comment="" name=poco regexp="^\80\94\
\n\01....\1F\9E"
add comment="" name=ciscovpn regexp="^\01\F4\01\F4"
add comment="" name=x11 regexp="^[lb].\?\0B"
add comment="" name=xboxlive regexp="^X\80........\F3|^\06XN"
add comment="" name=applejuice regexp="^ajprot\r\
\n"
add comment="" name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add comment="" name=live365 regexp=membername.*session.*player
add comment="" name=rlogin regexp=\
"^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add comment="" name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\
\r -~]*(connection:|content-type:|content-length:|date:)|post [\t-\r -~]* \
http/[01]\\.[019]"
add comment="" name=sip regexp=\
"^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add comment="" name=pop3 regexp="^(\\+ok |-err )"
add comment="" name=smb regexp="\FFsmb[r%]"
add comment="" name=quake1 regexp="^\80\0C\01quake\03"
add comment="" name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
\n.[\01\02\03][\01-\
\n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~\
]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
\n\$"
add comment="" name=mute regexp=\
"^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add comment="" name=ssh regexp="^ssh-[12]\\.[0-9]"
add comment="" name=jabber regexp=\
"<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add comment="" name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get\
\_/scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
add comment="" name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add comment="" name=tls regexp=\
"^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add comment="" name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add comment="" name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A\
-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]\
[A-P][A-P][A-P][A-P]"
add comment="" name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add comment="" name=subspace regexp="^\01....\11\10........\01\$"
add comment="" name=hotline regexp="^....................TRTPHOTL\01\02"
add comment="" name=doom3 regexp="^\FF\FFchallenge"
add comment="" name=ftp regexp="^220[\t-\r -~]*ftp"
add comment="" name=kugoo regexp="^1..\8E"
add comment="" name=tsp regexp=\
"^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add comment="" name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add comment="" name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~\
]*ssdp:(alive|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssd\
p:discover"
add comment="" name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add comment="" name=ares regexp="^\03[]Z].\?.\?\05\$"
add comment="" name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]\
|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|u\
ser-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xfer\
uid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add comment="" name=qq regexp="^.\?\02.+\03\$"
add comment="" name=100bao regexp="^\01\01\05\
\n"
add comment="" name=aim regexp=\
"^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add comment="" name=unknown regexp=.
add comment="" name=msn-filetransfer regexp=\
"^(ver [ -~]*msnftp\r\
\nver msnftp\r\
\nusr|method msnmsgr:)"
add comment="" name=yahoo regexp=\
"^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add comment="" name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\
\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|g\
te cybertrust root|entrust\\.net limited)"
add comment="" name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?\
.\?.\?.\?.\?.\?.\?[\C6-\FF])"
add comment="" name=gnucleuslan regexp=\
"gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add comment="" name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
\n\$"
add comment="" name=bgp regexp=\
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add comment="" name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add comment="" name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add comment="" name=h323 regexp=\
"^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add comment="" name=finger regexp=\
"^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add comment="" name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\
\t-\r]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
\n|[\r\
\n])\?\$"
add comment="" name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
\n\$"
add comment="" name=hddtemp regexp=\
"^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add comment="" name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\
\01\03].*\05[\01-\08]\?[\01\03]"
add comment="" name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add comment="" name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add comment="" name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add comment="" name=ipp regexp=ipp://
add comment="" name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~\
]*cvr0\r\
\n\$|usr 1 [!-~]+ [0-9. ]+\r\
\n\$|ans 1 [!-~]+ [0-9. ]+\r\
\n\$"
add comment="" name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -\
~]*:[\02-\r -~]*nick[\t-\r -~]*\r\
\n)"
add comment="" name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\
\t[a-z0-9.]*\\.[a-z][a-z].\?.\?\t[1-9]"
add comment="" name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add comment="" name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\
\?\02\01.\?\02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add comment="" name=nntp regexp=\
"^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add comment="" name=aimwebcontent regexp=user-agent:aim/
add comment="" name=rtsp regexp="rtsp/1.0 200 ok"
add comment="" name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\
\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\
\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\
\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\
\?.\?.\?.\?.\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add comment="" name=skypetoskype regexp="^..\02............."
add comment="" name=counterstrike-source regexp=\
"^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add comment="" name=halflife2-deathmatch regexp=\
"^\FF\FF\FF\FF.*hl2mpDeathmatch"
add comment="" name=freenet regexp="^\01[\08\t][\03\04]"
add comment="" name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\
\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add comment="" name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\
\?[0-9]\?[0-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]\
+\")"
add comment="" name=soulseek regexp=\
"^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add comment="" name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add comment="" name=ssl regexp=\
"^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add comment="" name=citrix regexp="2&\85\92X"
add comment="" name=whois regexp="^[ !-~]+\r\
\n\$"
add comment="" name=dayofdefeat-source regexp=\
"^\FF\FF\FF\FF.*dodDay of Defeat"
add comment="" name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add comment="" name=worldofwarcraft regexp="^\06\EC\01"
add comment="" name=ventrilo regexp="^..\?v\\\$\CF"
add comment="" name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-r\
tsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=contro\
l:rtsp://)"
add comment="" name=thecircle regexp=\
"^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add comment="" name=uucp regexp="^\10here="
add comment="" name=pcanywhere regexp="^(nq|st)\$"
add comment="" name=subversion regexp="^\\( success \\( 1 2 \\("
add comment="" name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>.............\
...................</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\
\r -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\
\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\
.\?\02(\01|\02)\83)"
add comment="" name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add comment="" name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
\n"
add comment="" name=stun regexp="^[\01\02]................\?\$"
add comment="" name=tor regexp=TOR1.*<identity>
add comment="" name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add comment="" name=unset regexp=.
add comment="" name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
\n\$"
add comment="" name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.\
9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add comment="" name=armagetron regexp=YCLC_E|CYEL
Then you need to setup mangle for interface you want.
/ip firewall mangle
add action=mark-packet chain=prerouting comment=100bao_p2p disabled=no \
in-interface=ether1 layer7-protocol=100bao new-packet-mark=100bao_p2p_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=100bao new-packet-mark=100bao_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment="aim mesenger" disabled=no \
in-interface=ether1 layer7-protocol=aim new-packet-mark=aim_mesanger_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=aim new-packet-mark=aim_mesanger_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=aim_messenger_web disabled=no \
in-interface=ether1 layer7-protocol=aimwebcontent new-packet-mark=\
aim_mesenger_web_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=aimwebcontent new-packet-mark=aim_mesenger_web_out \
out-interface=ether1 passthrough=no
add action=mark-packet chain=prerouting comment=applejuice_p2p disabled=no \
in-interface=ether1 layer7-protocol=applejuice new-packet-mark=\
applejuice_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=applejuice new-packet-mark=applejuice_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=ares_p2p disabled=no \
in-interface=ether1 layer7-protocol=ares new-packet-mark=ares_p2p_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ares new-packet-mark=ares_p2p_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=bgp_routing disabled=no \
in-interface=ether1 layer7-protocol=bgp new-packet-mark=bgp_routing_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=bgp new-packet-mark=bgp_routing_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=bittorent_p2p disabled=no \
in-interface=ether1 layer7-protocol=bittorrent new-packet-mark=\
bittorent_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=bittorrent new-packet-mark=bittorent_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=dhcp disabled=no \
in-interface=ether1 layer7-protocol=dhcp new-packet-mark=dhcp_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=dhcp new-packet-mark=dhcp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"Direct Connect - P2P filesharing " disabled=no in-interface=ether1 \
layer7-protocol=directconnect new-packet-mark=DC_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=directconnect new-packet-mark=DC_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment="DNS - Domain Name System " \
disabled=no in-interface=ether1 layer7-protocol=dns new-packet-mark=\
DNS_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=dns new-packet-mark=DNS_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"eDonkey2000 - P2P filesharing " disabled=no in-interface=ether1 \
layer7-protocol=edonkey new-packet-mark=edonkey_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=edonkey new-packet-mark=edonkey_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)" \
disabled=no in-interface=ether1 layer7-protocol=fasttrack \
new-packet-mark=fasttrack_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=fasttrack new-packet-mark=fasttrack_p2p_out \
out-interface=ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"FTP - File Transfer Protocol " disabled=no in-interface=ether1 \
layer7-protocol=ftp new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ftp new-packet-mark=ftp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="GnucleusLAN - LAN-only P2P " \
disabled=no in-interface=ether1 layer7-protocol=gnucleuslan \
new-packet-mark=gnu_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=gnucleuslan new-packet-mark=gnu_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment="Gnutella - P2P filesharing" \
disabled=no in-interface=ether1 layer7-protocol=gnutella new-packet-mark=\
gnutella_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=gnutella new-packet-mark=gnutella_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"GoBoogy - a Korean P2P protocol" disabled=no in-interface=ether1 \
layer7-protocol=goboogy new-packet-mark=gobogy_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=goboogy new-packet-mark=gobogy_p2p_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment="H.323 - Voice over IP" \
disabled=no in-interface=ether1 layer7-protocol=h323 new-packet-mark=\
h323_voiceoverip_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=h323 new-packet-mark=h323_voiceoverip_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment="RTSP tunneled within HTTP" \
disabled=no in-interface=ether1 layer7-protocol=http-rtsp \
new-packet-mark=httprtsp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=http-rtsp new-packet-mark=httprtsp_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"www HyperText Transfer Protocol " disabled=no in-interface=ether1 \
layer7-protocol=http new-packet-mark=http_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=http new-packet-mark=http_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"Ident - Identification Protocol - RFC 1413" disabled=no in-interface=\
ether1 layer7-protocol=ident new-packet-mark=ident_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ident new-packet-mark=ident_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"IMAP - Internet Message Access Protocol (A common e-mail protocol)" \
disabled=no in-interface=ether1 layer7-protocol=imap new-packet-mark=\
imap_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=imap new-packet-mark=imap_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"iMesh - the native protocol of iMesh, a P2P application " disabled=no \
in-interface=ether1 layer7-protocol=imesh new-packet-mark=imesh_p2p_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=imesh new-packet-mark=imesh_p2p_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="IRC - Internet Relay Chat" \
disabled=no in-interface=ether1 layer7-protocol=irc new-packet-mark=\
irc_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=irc new-packet-mark=irc_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"KuGoo - a Chinese P2P program " disabled=no in-interface=ether1 \
layer7-protocol=kugoo new-packet-mark=koogo_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=kugoo new-packet-mark=koogo_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"MSN (Micosoft Network) Messenger file transfers " disabled=no \
in-interface=ether1 layer7-protocol=msn-filetransfer new-packet-mark=\
msnfile_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=msn-filetransfer new-packet-mark=msnfile_out \
out-interface=ether1 passthrough=no
add action=mark-packet chain=prerouting comment="MSN Messenger " disabled=no \
in-interface=ether1 layer7-protocol=msnmessenger new-packet-mark=msn_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=msnmessenger new-packet-mark=msn_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="MUTE - P2P filesharing " \
disabled=no in-interface=ether1 layer7-protocol=mute new-packet-mark=\
mute_p2p_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=mute new-packet-mark=mute_p2p_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="Napster - P2P filesharing" \
disabled=no in-interface=ether1 layer7-protocol=napster new-packet-mark=\
napster_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=napster new-packet-mark=napster_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"NetBIOS - Network Basic Input Output System" disabled=no in-interface=\
ether1 layer7-protocol=netbios new-packet-mark=netbios_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=netbios new-packet-mark=netbios_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"NNTP - Network News Transfer Protocol " disabled=no in-interface=ether1 \
layer7-protocol=nntp new-packet-mark=nntp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=nntp new-packet-mark=nntp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"SNTP - (Simple) Network Time Protocol " disabled=no in-interface=ether1 \
layer7-protocol=ntp new-packet-mark=ntp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ntp new-packet-mark=ntp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"Remote Administrator - remote desktop for MS Windows" disabled=no \
in-interface=ether1 layer7-protocol=radmin new-packet-mark=radmin_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=radmin new-packet-mark=radmin_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"Remote Desktop Protocol (used in Windows Terminal Services)" disabled=no \
in-interface=ether1 layer7-protocol=rdp new-packet-mark=rdp_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=rdp new-packet-mark=rdp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"RTSP - Real Time Streaming Protocol " disabled=no in-interface=ether1 \
layer7-protocol=rtsp new-packet-mark=rtsp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=rtsp new-packet-mark=rtsp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"SIP - Session Initiation Protocol - Internet telephony " disabled=no \
in-interface=ether1 layer7-protocol=sip new-packet-mark=sip_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=sip new-packet-mark=sip_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"Skype to phone - UDP voice call " disabled=no in-interface=ether1 \
layer7-protocol=skypeout new-packet-mark=skypeout_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=skypeout new-packet-mark=skypeout_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"Skype to Skype - UDP voice call " disabled=no in-interface=ether1 \
layer7-protocol=skypetoskype new-packet-mark=skype2skype_in passthrough=\
no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=skypetoskype new-packet-mark=skype2skype_out \
out-interface=ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"POP3 - Post Office Protocol version 3" disabled=no in-interface=ether1 \
layer7-protocol=pop3 new-packet-mark=pop3_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=pop3 new-packet-mark=pop3_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"SMTP - Simple Mail Transfer Protocol " disabled=no in-interface=ether1 \
layer7-protocol=smtp new-packet-mark=smtp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=smtp new-packet-mark=smtp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"SNMP - Simple Network Management Protocol " disabled=no in-interface=\
ether1 layer7-protocol=snmp new-packet-mark=snmp_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=snmp new-packet-mark=snmp_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="Soulseek - P2P filesharing " \
disabled=no in-interface=ether1 layer7-protocol=soulseek new-packet-mark=\
soulsek_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=soulseek new-packet-mark=soulsek_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment="SSH - Secure SHell" \
disabled=no in-interface=ether1 layer7-protocol=ssh new-packet-mark=\
ssh_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ssh new-packet-mark=ssh_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"SSL and TLS - Secure Socket Layer / Transport Layer Security " disabled=\
no in-interface=ether1 layer7-protocol=ssl new-packet-mark=ssl_in \
passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ssl new-packet-mark=ssl_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=vnc disabled=no in-interface=\
ether1 layer7-protocol=vnc new-packet-mark=vnc_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=vnc new-packet-mark=vnc_out out-interface=ether1 \
passthrough=no
add action=mark-packet chain=prerouting comment=\
"TeamSpeak - VoIP application " disabled=no in-interface=ether1 \
layer7-protocol=teamspeak new-packet-mark=teamspeak_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=teamspeak new-packet-mark=teamspeak_out out-interface=\
ether1 passthrough=no
add action=mark-packet chain=prerouting comment=\
"Everything else that remains" disabled=no in-interface=ether1 \
new-packet-mark=remaining_in passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=remaining_out out-interface=ether1 passthrough=no
Then you need to setup queues
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=10M \
max-limit=11M name=ether1_in parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=100bao_p2p_in packet-mark=100bao_p2p_in parent=ether1_in \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesanger_in packet-mark=aim_mesanger_in parent=\
ether1_in priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesenger_web_in packet-mark=aim_mesenger_web_in \
parent=ether1_in priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=applejuice_in packet-mark=applejuice_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ares_p2p_in packet-mark=ares_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_in packet-mark=http_in parent=ether1_in priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bittorent_in packet-mark=bittorent_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=dhcp_in packet-mark=dhcp_in parent=ether1_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DC_p2p_in packet-mark=DC_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DNS_in packet-mark=DNS_in parent=ether1_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=edonkey_p2p_in packet-mark=edonkey_p2p_in parent=\
ether1_in priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=fasttrack_p2p_in packet-mark=fasttrack_p2p_in parent=\
ether1_in priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ftp_in packet-mark=ftp_in parent=ether1_in priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnu_p2p_in packet-mark=gnu_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnutella_p2p_in packet-mark=gnutella_p2p_in parent=\
ether1_in priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gobogy_p2p_in packet-mark=gobogy_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=h323_voiceoverip_in packet-mark=h323_voiceoverip_in \
parent=ether1_in priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=httprtsp_in packet-mark=httprtsp_in parent=ether1_in \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ident_in packet-mark=ident_in parent=ether1_in priority=\
2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imap_in packet-mark=imap_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imesh_p2p_in packet-mark=imesh_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=irc_in packet-mark=irc_in parent=ether1_in priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msnfile_in packet-mark=msnfile_in parent=ether1_in \
priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=mute_p2p_in packet-mark=mute_p2p_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=napster_in packet-mark=napster_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=netbios_in packet-mark=netbios_in parent=ether1_in \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=nntp_in packet-mark=nntp_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=radmin_in packet-mark=radmin_in parent=ether1_in \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ntp_in packet-mark=ntp_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rdp_in packet-mark=rdp_in parent=ether1_in priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rtsp_in packet-mark=rtsp_in parent=ether1_in priority=6 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip_in packet-mark=sip_in parent=ether1_in priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skypeout_in packet-mark=skypeout_in parent=ether1_in \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skype2skype_in packet-mark=skype2skype_in parent=\
ether1_in priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=pop3_in packet-mark=pop3_in parent=ether1_in priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=smtp_in packet-mark=smtp_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=snmp_in packet-mark=snmp_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=soulsek_in packet-mark=soulsek_in parent=ether1_in \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssh_in packet-mark=ssh_in parent=ether1_in priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssl_in packet-mark=ssl_in parent=ether1_in priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=vnc_in packet-mark=vnc_in parent=ether1_in priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=teamspeak_in packet-mark=teamspeak_in parent=ether1_in \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=11M \
max-limit=11M name=ether1_out parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=100bao_p2p_out packet-mark=100bao_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesanger_out packet-mark=aim_mesanger_out parent=\
ether1_out priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesenger_web_out packet-mark=aim_mesenger_web_out \
parent=ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ares_p2p_out packet-mark=ares_p2p_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bgp_routing_out packet-mark=bgp_routing_out parent=\
ether1_out priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bittorent_out packet-mark=bittorent_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=dhcp_out packet-mark=dhcp_out parent=ether1_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DC_p2p_out packet-mark=DC_p2p_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DNS_out packet-mark=DNS_out parent=ether1_out priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=edonkey_p2p_out packet-mark=edonkey_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=fasttrack_p2p_out packet-mark=fasttrack_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ftp_out packet-mark=ftp_out parent=ether1_out priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnu_p2p_out packet-mark=gnu_p2p_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnutella_p2p_out packet-mark=gnutella_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gobogy_p2p_out packet-mark=gobogy_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=h323_voiceoverip_out packet-mark=h323_voiceoverip_out \
parent=ether1_out priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=httprtsp_out packet-mark=httprtsp_out parent=ether1_out \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_out packet-mark=http_out parent=ether1_out \
priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ident_out packet-mark=ident_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imap_out packet-mark=imap_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imesh_p2p_out packet-mark=imesh_p2p_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=irc_out packet-mark=irc_out parent=ether1_out priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=koogo_out packet-mark=koogo_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msnfile_out packet-mark=msnfile_out parent=ether1_out \
priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msn_out packet-mark=msn_out parent=ether1_out priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=mute_p2p_out packet-mark=mute_p2p_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=napster_out packet-mark=napster_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=netbios_out packet-mark=netbios_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=nntp_out packet-mark=nntp_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ntp_out packet-mark=ntp_out parent=ether1_out priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=radmin_out packet-mark=radmin_out parent=ether1_out \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rdp_out packet-mark=rdp_out parent=ether1_out priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rtsp_out packet-mark=rtsp_out parent=ether1_out \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip_out packet-mark=sip_out parent=ether1_out priority=4 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skypeout_out packet-mark=skypeout_out parent=ether1_out \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skype2skype_out packet-mark=skype2skype_out parent=\
ether1_out priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=pop3_out packet-mark=pop3_out parent=ether1_out \
priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=smtp_out packet-mark=smtp_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=snmp_out packet-mark=snmp_out parent=ether1_out \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=soulsek_out packet-mark=soulsek_out parent=ether1_out \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssh_out packet-mark=ssh_out parent=ether1_out priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssl_out packet-mark=ssl_out parent=ether1_out priority=2 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=vnc_out packet-mark=vnc_out parent=ether1_out priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=teamspeak_out packet-mark=teamspeak_out parent=\
ether1_out priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=applejuice_out packet-mark=applejuice_out parent=\
ether1_out priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msn_in packet-mark=msn_in parent=ether1_in priority=5 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=remaining_in packet-mark=remaining_in parent=ether1_in \
priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=remaining_out packet-mark=remaining_out parent=\
ether1_out priority=4 queue=default
You can add/remove what you do or dont want and set max bandwidth for each type of traffic and such. Good luck.
derr12
January 15, 2011, 6:27pm
3
you should look into pcq limiting, I belive butch evans’s pcq scheam he sells would fit your needs.
), limit P2P traffic and connections, …