I have had some performance issues that have come to light and trying to figure out what has happened.
My cable modem has been upgraded recently to a 300MB/20MB, and this brought the issue to light as when I wasn’t seeing anywhere close to the DL speed I started testing. Right now, I’m getting roughly 15MB/20MB instead of 300MB/20MB. Before, I had 100/10MB and thought I was just congested, but I was getting the same speed roughly 15-25MB/10MB
Graph from my logging device here:
You can see in about October whatever went wrong went wrong. I to my knowledge haven’t changed my configuration any, in fact I’ve tried tweaking my queues thinking I did something wrong, disabled them completely, and re-enabled them with no performance difference.
export of config below. Basic Firewall/src-nat with some priority queuing. This config has been stable for me for several years. The cable modem has been less stable so I was quick to blame it, but if I bypass the router on ethernet I get 175 - 250MB/s down, if I connect via ethernet through the router I’m getting 15-25MB down at best.
CPU load looks ok, 1-20% at best, maybe some spikes to 40% but nothing more.
Any suggestions?
[admin@galaxy] > export
# feb/12/2016 22:38:09 by RouterOS 6.34.1
# software id = IKL0-U4G5
#
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN
/interface ethernet switch port
set 0 vlan-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
/ip pool
add name=dhcp_pool1 ranges=172.16.0.50-172.16.254.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=yes disabled=no interface=LAN lease-time=3d name=dhcp1
/ipv6 dhcp-server
add address-pool=twc interface=LAN name=server1
/queue tree
add max-limit=20M name=Upload_WAN1 parent=global priority=1
add limit-at=18M max-limit=20M name=UP_Interactive_WAN1 parent=Upload_WAN1 priority=1
add limit-at=2M max-limit=20M name=UP_NonInteractive_WAN1 parent=Upload_WAN1
add max-limit=300M name=Download_WAN1 parent=global priority=1
add limit-at=270M max-limit=300M name=DN_Interactive_WAN1 parent=Download_WAN1 priority=1
add limit-at=30M max-limit=300M name=DN_NonInteractive_WAN1 parent=Download_WAN1
/queue type
add kind=pcq name=Upload_WAN1 pcq-classifier=src-address pcq-rate=20M pcq-total-limit=25000KiB
add kind=pcq name=Download_WAN1 pcq-classifier=dst-address pcq-rate=300M pcq-total-limit=25000KiB
/queue simple
add name=TWC_300 queue=Upload_WAN1/Download_WAN1 target=172.16.0.0/16
/queue tree
add name=up_p1_interactive_WAN1 packet-mark=up_p1_interactive_WAN1 parent=UP_Interactive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_interactive_WAN1 packet-mark=up_p2_interactive_WAN1 parent=UP_Interactive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_interactive_WAN1 packet-mark=up_p3_interactive_WAN1 parent=UP_Interactive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_interactive_WAN1 packet-mark=up_p4_interactive_WAN1 parent=UP_Interactive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_interactive_WAN1 packet-mark=up_p5_interactive_WAN1 parent=UP_Interactive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_interactive_WAN1 packet-mark=up_p6_interactive_WAN1 parent=UP_Interactive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_interactive_WAN1 packet-mark=up_p7_interactive_WAN1 parent=UP_Interactive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_interactive_WAN1 packet-mark=up_p8_interactive_WAN1 parent=UP_Interactive_WAN1 queue=Upload_WAN1
add name=up_p1_noninteractive_WAN1 packet-mark=up_p1_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_noninteractive_WAN1 packet-mark=up_p2_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_noninteractive_WAN1 packet-mark=up_p3_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_noninteractive_WAN1 packet-mark=up_p4_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_noninteractive_WAN1 packet-mark=up_p5_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_noninteractive_WAN1 packet-mark=up_p6_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_noninteractive_WAN1 packet-mark=up_p7_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_noninteractive_WAN1 packet-mark=up_p8_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 queue=Upload_WAN1
add name=down_p1_interactive_WAN1 packet-mark=dn_p1_interactive_WAN1 parent=DN_Interactive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_interactive_WAN1 packet-mark=dn_p2_interactive_WAN1 parent=DN_Interactive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_interactive_WAN1 packet-mark=dn_p3_interactive_WAN1 parent=DN_Interactive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_interactive_WAN1 packet-mark=dn_p4_interactive_WAN1 parent=DN_Interactive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_interactive_WAN1 packet-mark=dn_p5_interactive_WAN1 parent=DN_Interactive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_interactive_WAN1 packet-mark=dn_p6_interactive_WAN1 parent=DN_Interactive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_interactive_WAN1 packet-mark=dn_p7_interactive_WAN1 parent=DN_Interactive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_interactive_WAN1 packet-mark=dn_p8_interactive_WAN1 parent=DN_Interactive_WAN1 queue=Download_WAN1
add name=down_p1_noninteractive_WAN1 packet-mark=dn_p1_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_noninteractive_WAN1 packet-mark=dn_p2_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_noninteractive_WAN1 packet-mark=dn_p3_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_noninteractive_WAN1 packet-mark=dn_p4_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_noninteractive_WAN1 packet-mark=dn_p5_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_noninteractive_WAN1 packet-mark=dn_p6_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_noninteractive_WAN1 packet-mark=dn_p7_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_noninteractive_WAN1 packet-mark=dn_p8_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 queue=Download_WAN1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
/ip address
add address=172.16.0.1/16 interface=LAN network=172.16.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=no
/ip dhcp-server network
add address=172.16.0.0/16 dns-server=208.67.222.222,208.67.220.220 gateway=172.16.0.1 netmask=16 ntp-server=64.90.182.55,216.229.0.179
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.0.0/16 list=illegal-addr
add address=10.0.0.0/8 list=illegal-addr
add address=172.16.0.0/12 disabled=yes list=illegal-addr
add address=169.254.0.0/16 list=illegal-addr
add address=127.0.0.0/8 list=illegal-addr
add address=224.0.0.0/3 comment=multicas list=illegal-addr
add address=223.0.0.0/8 list=illegal-addr
add address=198.18.0.0/15 list=illegal-addr
add address=192.0.2.0/24 list=illegal-addr
add address=185.0.0.0/8 list=illegal-addr
add address=180.0.0.0/6 list=illegal-addr
add address=179.0.0.0/8 list=illegal-addr
add address=176.0.0.0/7 list=illegal-addr
add address=175.0.0.0/8 list=illegal-addr
add address=104.0.0.0/6 list=illegal-addr
add address=100.0.0.0/6 list=illegal-addr
add address=49.0.0.0/8 list=illegal-addr
add address=46.0.0.0/8 list=illegal-addr
add address=42.0.0.0/8 list=illegal-addr
add address=39.0.0.0/8 list=illegal-addr
add address=36.0.0.0/7 list=illegal-addr
add address=31.0.0.0/8 list=illegal-addr
add address=27.0.0.0/8 list=illegal-addr
add address=23.0.0.0/8 list=illegal-addr
add address=14.0.0.0/8 list=illegal-addr
add address=5.0.0.0/8 list=illegal-addr
add address=2.0.0.0/8 list=illegal-addr
add address=0.0.0.0/7 list=illegal-addr
add address=128.0.0.0/16 list=illegal-addr
add address=172.16.0.0/16 comment="my local network, all NATed" list=local-addr
add address=12.129.193.0/24 comment=WoW list=games
add address=12.129.222.0/23 comment=WoW list=games
add address=12.129.225.0/24 comment=WoW list=games
add address=12.129.228.0/24 comment=WoW list=games
add address=12.129.233.0/24 comment=WoW list=games
add address=12.129.252.0/23 comment=WoW list=games
add address=63.241.255.0/24 comment=WoW list=games
add address=72.5.213.0/24 comment=WoW list=games
add address=80.239.149.0/24 comment=WoW list=games
add address=80.239.179.0/24 comment=WoW list=games
add address=80.239.181.0/24 comment=WoW list=games
add address=80.239.185.0/24 comment=WoW list=games
add address=80.239.233.0/24 comment=WoW list=games
add address=192.12.244.0/24 comment=WoW list=games
add address=195.12.246.0/24 comment=WoW list=games
add address=199.107.6.0/23 comment=WoW list=games
add address=199.107.24.0/23 comment=WoW list=games
add address=206.16.118.0/23 comment=WoW list=games
add address=206.16.147.0/24 comment=WoW list=games
add address=206.18.148.0/23 comment=WoW list=games
add address=206.18.98.0/23 comment=WoW list=games
add address=206.16.235.0/24 comment=WoW list=games
add address=206.17.111.0/24 comment=WoW list=games
add address=213.248.123.0/24 comment=WoW list=games
add address=213.248.127.0/24 comment=WoW list=games
add address=202.9.66.0/23 comment=SC2 list=games
add address=12.129.254.0/23 comment=SC2 list=games
add address=12.129.206.0/24 comment=SC2 list=games
add address=12.129.242.0/24 comment="Diablo III" list=games
add address=12.130.245.0/24 comment="Diablo III" list=games
add address=12.130.244.0/24 comment="Diablo III" list=games
add address=12.130.246.0/24 comment="Diablo III" list=games
add address=63.150.138.0/24 comment="Dota 2" list=games
add address=103.10.124.0/24 comment="Dota 2" list=games
add address=103.10.125.0/24 comment="Dota 2" list=games
add address=103.28.54.0/23 comment="Dota 2" list=games
add address=146.66.152.0/23 comment="Dota 2" list=games
add address=146.66.154.0/24 comment="Dota 2" list=games
add address=146.66.155.0/24 comment="Dota 2" list=games
add address=146.66.156.0/23 comment="Dota 2" list=games
add address=146.66.158.0/23 comment="Dota 2" list=games
add address=185.25.180.0/23 comment="Dota 2" list=games
add address=185.25.182.0/24 comment="Dota 2" list=games
add address=192.69.96.0/22 comment="Dota 2" list=games
add address=205.196.6.0/24 comment="Dota 2" list=games
add address=208.64.200.0/24 comment="Dota 2" list=games
add address=208.64.201.0/24 comment="Dota 2" list=games
add address=208.64.202.0/24 comment="Dota 2" list=games
add address=208.64.203.0/24 comment="Dota 2" list=games
add address=208.78.164.0/22 comment="Dota 2" list=games
add address=216.111.123.0/24 comment="Dota 2" list=games
add address=31.186.224.0/24 comment="LoL Europe" list=games
add address=31.186.226.0/24 comment="LoL Europe" list=games
add address=64.7.194.0/24 comment="LoL Europe" list=games
add address=95.172.65.0/24 comment="LoL Europe" list=games
add address=95.172.70.0/24 comment="LoL Europe" list=games
add address=66.150.148.0/24 comment="LoL EU-NE" list=games
add address=192.64.168.0/24 comment="LoL NA" list=games
add address=192.64.169.0/24 comment="LoL NA" list=games
add address=192.64.170.0/24 comment="LoL NA" list=games
add address=216.133.234.0/24 comment="LoL NA" list=games
add address=59.100.95.128/25 comment="LoL Oceania" list=games
add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" list=games
add address=216.240.136.162 comment="Lowerping - US West - Panther 1" list=games
add address=216.240.145.9 comment="Lowerping - US West - Panther 2" list=games
add address=64.69.36.224 comment="Lowerping - US West - Panther 3" list=games
add address=208.70.75.171 comment="Lowerping - US West - Panther 4" list=games
add address=208.70.78.93 comment="Lowerping - US West - Panther 5" list=games
add address=216.240.136.167 comment="Lowerping - US West - Panther 6" list=games
add address=64.56.65.9 comment="Lowerping - US West - Tiger 1" list=games
add address=74.222.8.249 comment="Lowerping - US West - Tiger 2" list=games
add address=216.18.198.2 comment="Lowerping - US West - Fox 1" list=games
add address=173.231.26.242 comment="Lowerping - US West - Fox 2" list=games
add address=66.212.28.128 comment="Lowerping - US West - Lion A1" list=games
add address=66.63.191.237 comment="Lowerping - US West - Lion A2" list=games
add address=72.11.142.216 comment="Lowerping - US West - Lion B1" list=games
add address=72.11.142.217 comment="Lowerping - US West - Lion B2" list=games
add address=96.44.172.186 comment="Lowerping - US West - Lion C1" list=games
add address=96.44.177.26 comment="Lowerping - US West - Lion C2" list=games
add address=96.44.177.27 comment="Lowerping - US West - Lion D1" list=games
add address=72.11.142.218 comment="Lowerping - US West - Lion D2" list=games
add address=64.120.10.178 comment="Lowerping - US West - Panda 1" list=games
add address=72.51.46.93 comment="Lowerping - US West - Rhino 1" list=games
add address=173.245.68.180 comment="Lowerping - US West - Squid 1" list=games
add address=173.245.68.178 comment="Lowerping - US West - Squid 2" list=games
add address=8.17.252.162 comment="Lowerping - US West - Koala 1" list=games
add address=8.17.252.163 comment="Lowerping - US West - Koala 2" list=games
add address=50.23.65.37 comment="Lowerping - US West - Salmon 1" list=games
add address=174.127.96.124 comment="Lowerping - US West - Salmon 2" list=games
add address=174.127.96.127 comment="Lowerping - US West - Salmon 3" list=games
add address=66.109.20.100 comment="Lowerping - US East - Cobra 1" list=games
add address=66.199.235.194 comment="Lowerping - US East - Otter 1" list=games
add address=72.9.100.90 comment="Lowerping - US East - Otter 2" list=games
add address=173.208.45.82 comment="Lowerping - US East - Spider 1" list=games
add address=69.162.127.98 comment="Lowerping - US Central - Frog 1" list=games
add address=174.133.108.202 comment="Lowerping - US Central - Tadpole 1" list=games
add address=174.34.132.50 comment="Lowerping - US Central - Toad 1" list=games
add address=70.32.43.122 comment="Lowerping - Chicago - Macaw 1" list=games
add address=184.154.38.138 comment="Lowerping - Chicago - Jaguar 1" list=games
add address=78.129.220.51 comment="Lowerping - Europe - London 1" list=games
add address=188.138.24.38 comment="Lowerping - Europe - Germany 1" list=games
add address=85.10.193.111 comment="Lowerping - Europe - Germany 3" list=games
add address=94.75.208.164 comment="Lowerping - Europe - Netherlands 1" list=games
add address=62.212.91.21 comment="Lowerping - Europe - Netherlands 2" list=games
add address=91.191.144.94 comment="Lowerping - Europe - Paris 1" list=games
add address=46.21.207.116 comment="Lowerping - Europe - Paris 2" list=games
add address=159.153.0.0/16 comment="SWTOR - USA/EUROPE" list=games
add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
add address=207.244.72.0/24 comment="War Thunder US" list=games
/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add chain=input comment="Allow Established Connections" connection-state=established
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input in-interface=!WAN src-address=172.16.0.0/16
add action=drop chain=input comment="Drop Everything Else"
add chain=forward comment="Allow traffic between clients" in-interface=LAN out-interface=LAN
add action=jump chain=forward comment="Sanity Check Forward" jump-target=sanity-check
add action=jump chain=sanity-check comment="Deny illegal NAT traversal" jump-target=drop packet-mark=nat-traversal
add chain=input comment="Allow The Router to be visible via Neighbor Discovery to WinBox" dst-address=255.255.255.255 dst-port=5678 in-interface=LAN protocol=udp
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block port scans" protocol=tcp psd=20,3s,3,1
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Null scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Xmas scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=sanity-check jump-target=drop protocol=tcp src-address-list=blocked-addr
add action=jump chain=sanity-check comment="Drop TCP RST" jump-target=drop protocol=tcp tcp-flags=rst
add action=jump chain=sanity-check comment="Drop TCP SYN+FIN" jump-target=drop protocol=tcp tcp-flags=fin,syn
add action=jump chain=sanity-check comment="Dropping invalid connections at once" connection-state=invalid jump-target=drop
add chain=sanity-check comment="Accepting already established connections" connection-state=established
add chain=sanity-check comment="Also accepting related connections" connection-state=related
add action=jump chain=sanity-check comment="Drop all traffic that goes to multicast or broadcast addresses" dst-address-type=broadcast,multicast jump-target=drop
add action=jump chain=sanity-check comment="Drop illegal destination addresses" dst-address-list=illegal-addr dst-address-type=!local in-interface=LAN jump-target=drop
add action=jump chain=sanity-check comment="Drop everything that goes from local interface but not from local address" in-interface=LAN jump-target=drop src-address-list=!local-addr
add action=jump chain=sanity-check comment="Drop all traffic that comes from multicast or broadcast addresses" jump-target=drop src-address-type=broadcast,multicast
add chain=input comment="Allow local traffic (between router applications)" dst-address-type=local src-address-type=local
add action=jump chain=input comment="DHCP protocol would not pass sanity checking, so enabling it explicitly before other checks" dst-port=67 in-interface=LAN jump-target=dhcp protocol=udp src-port=68
add action=jump chain=input comment="Sanity Check" jump-target=sanity-check
add action=jump chain=input comment="Dropping packets not destined to the router itself, including all broadcast traffic" dst-address-type=!local jump-target=drop
add chain=input comment="Allow pings, but at a very limited rate (5 packets per sec)" icmp-options=8 limit=5,5:packet protocol=icmp
add action=jump chain=input comment="Allowing some services to be accessible from the local network" in-interface=LAN jump-target=local-services
add action=jump chain=input jump-target=drop
add chain=dhcp dst-address=255.255.255.255 src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address-list=local-addr
add chain=local-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=local-services comment=DNS dst-port=53 protocol=udp
add chain=local-services dst-port=53 protocol=tcp
add chain=local-services comment="HTTP Proxy (3128/TCP)" dst-port=3128 protocol=tcp
add chain=local-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=local-services comment=SNMP dst-port=161 protocol=udp
add chain=local-services comment=FTP dst-port=21 protocol=tcp
add chain=local-services comment=NTP dst-port=123 protocol=udp
add chain=local-services comment="Neighbor discovery" dst-port=5678 protocol=udp
add action=log chain=local-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=local-services disabled=yes
add chain=public-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=public-services comment="PPTP (1723/TCP)" dst-port=1723 protocol=tcp
add chain=public-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=public-services comment="GRE for PPTP" protocol=gre
add action=log chain=public-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=public-services disabled=yes
/ip firewall mangle
add action=log chain=notes comment="Start of QoS tree version updated on 4/4/2014"
add chain=prerouting comment="Accept traffic From QOSCustomerIPs to QOSCustomerIPs" dst-address-list=QOSCustomerIPs src-address-list=QOSCustomerIPs
add action=mark-packet chain=prerouting comment="We should start with marking everything as unknown - dn_p7_interactive WAN1" in-interface=WAN new-packet-mark=dn_p7_interactive_WAN1
add action=mark-packet chain=postrouting comment="We should start with marking everything as unknown - up_p7_interactive" new-packet-mark=up_p7_interactive_WAN1 out-interface=WAN
add action=mark-packet chain=postrouting comment="Mark all ACK packets p1 for outbound traffic." new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting comment="Mark all ACK packets p1 for outbound traffic." in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment="Mark p2p connections first" new-connection-mark=p2p_conn p2p=all-p2p
add action=mark-packet chain=prerouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=p2p_conn in-interface=WAN \
new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no
add action=mark-packet chain=postrouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=p2p_conn new-packet-mark=\
up_p8_noninteractive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no protocol=tcp \
src-port=6881
add action=mark-packet chain=postrouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" dst-port=6881 new-packet-mark=up_p8_interactive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no src-address-list=ISP
add action=mark-packet chain=postrouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" dst-address-list=ISP new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="BGP as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=179
add action=mark-packet chain=postrouting comment="BGP as p1_interactive with NO PASSTHROUGH" dst-port=179 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="OSPF as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="OSPF as p1_interactive with NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 dst-port=8080 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 in-interface=WAN new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=8080
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=\
no protocol=tcp
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp src-port=53
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=\
udp src-port=53
add action=mark-packet chain=postrouting comment="ICMP is p1_interactive NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment="ICMP is p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=3478,4080,5223 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=3478,4080,5223
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=16393-16402 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=16393-16402
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=5060-5061 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=5060-5061
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=5060-5061 new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=5060-5061
add action=mark-connection chain=prerouting comment="VOIP - mark DSCP 46 with voip connection mark" dscp=46 new-connection-mark=voip
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k in-interface=WAN \
new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k new-packet-mark=\
up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k in-interface=WAN \
new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="NTP is set at p1_interactive." dst-port=123 in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=123
add action=mark-packet chain=postrouting comment="NTP is set at p1_interactive." dst-port=123 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="WINBOX p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=postrouting comment="WINBOX p1_interactive NO PASSTHROUGH" dst-port=8291 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" dst-address-list=site-specific new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no
add action=mark-packet chain=prerouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no src-address-list=\
site-specific
add action=mark-packet chain=postrouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" dst-address-list=games new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no src-address-list=games
add action=mark-packet chain=postrouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M dst-port=3389,5900 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=3389,5900
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=3389,5900
add action=mark-packet chain=postrouting comment="Steam (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=27000-28999 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=27000-27015
add action=mark-packet chain=postrouting comment="Runes of Magic (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=21002,16401-16402,16502 new-packet-mark=\
up_p2_interactive_wan out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Runes of Magic (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_wan passthrough=\
no protocol=udp src-port=21002,16401-16402,16502
add action=mark-packet chain=postrouting comment="GunZ (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=7700-7800 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="GunZ (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=7700-7800
add action=mark-packet chain=prerouting comment="Trickster Online (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=10006,13339,22006
add action=mark-packet chain=postrouting comment="Trickster Online (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=10006,13339,22006 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6112-6119 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=6112-6119
add action=mark-packet chain=postrouting comment="Warcraft 3 and WoW 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6112-6119 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Warcraft 3 and WoW 0-512k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=6112-6119
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=1119 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=1119
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="EVE Online (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=\
no protocol=tcp src-port=26000
add action=mark-packet chain=postrouting comment="EVE Online (games) 0-512k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=26000 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=1513 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=1513
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=7456 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=7456
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=8687 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=8687
add action=mark-packet chain=postrouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2000,2003 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=2000,2003
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3478,3479,3658 new-packet-mark=\
up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=udp src-port=3478,3479,3658
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5223 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=5223
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=3074
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3074
add action=mark-packet chain=postrouting comment="Guild Wars (games) 0-1024k up p2_interactive NO PASSTHROUGH" connection-rate=0-1024k dst-port=6112,6600 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Guild Wars (games) 0-2048k down p2_interactive NO PASSTHROUGH" connection-rate=0-2048k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=6112,6600
add action=mark-packet chain=postrouting comment="Company of Heroes (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=30260 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Company of Heroes (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=udp src-port=30260
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=11235-11335 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=udp src-port=11235-11335
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=11031 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=11031
add action=mark-packet chain=postrouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=28004 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
tcp src-port=28004
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5223,3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=5223,3074
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2005,3074,3075 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=2005,3074,3075
add action=mark-packet chain=postrouting comment="Steam (codMW2) 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=1500,3005,3101,28960 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (codMW2) 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=1500,3005,3101,28960
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18390,18395,13505 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=\
18390,18395,13505
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18395 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=18395
add action=mark-packet chain=postrouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=7110,7230 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=7230,7110
add action=mark-packet chain=postrouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=64100 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
src-port=64100
add action=mark-packet chain=prerouting comment="UT3 (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=7777,3783
add action=mark-packet chain=postrouting comment="UT3 (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=7777,3783 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="Rift (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6520-6540 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Rift (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=6520-6540
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=4321,6660-6669,28900,29900,2901 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
udp src-port=4321,6660-6669,28900,29900,2901
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6515,6500,13139,27900 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
tcp src-port=6515,6500,13139,27900
add action=mark-packet chain=prerouting comment="Freelancer (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=\
no protocol=udp src-port=2302-2304
add action=mark-packet chain=postrouting comment="Freelancer (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2302-2304 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Minecraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=25565
add action=mark-packet chain=postrouting comment="Minecraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=25565 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="SSH 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=22 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="SSH 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
src-port=22
add action=mark-packet chain=postrouting comment="ICQ p2_interactive NO PASSTHROUGH" dst-port=5190 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="ICQ p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5190
add action=mark-packet chain=postrouting comment="MSN p2_interactive NO PASSTHROUGH" dst-port=1863 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="MSN p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=1863
add action=mark-packet chain=postrouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5004 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=5004
add action=mark-packet chain=postrouting comment="telnet 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=23 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="telnet 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
src-port=23
add action=mark-packet chain=postrouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN protocol=ipsec-esp
add action=mark-packet chain=prerouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 protocol=ipsec-esp
add action=mark-packet chain=postrouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN protocol=ipsec-ah
add action=mark-packet chain=prerouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 protocol=ipsec-ah
add action=mark-packet chain=postrouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" dst-port=4500 new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 passthrough=no protocol=udp src-port=4500
add action=mark-packet chain=postrouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" dst-port=1935 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
tcp src-port=1935
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
tcp src-port=554
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
udp src-port=554
add action=mark-packet chain=postrouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" dst-port=110 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=postrouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " dst-port=25 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp \
src-port=25
add action=mark-packet chain=postrouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" dst-port=465 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=prerouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=postrouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" dst-port=485 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=485
add action=mark-packet chain=postrouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=993 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=prerouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=993
add action=mark-packet chain=postrouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" dst-port=143 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=143
add action=mark-packet chain=postrouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=995 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=prerouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=postrouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" dst-port=3690 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=prerouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=3690
add action=mark-packet chain=postrouting comment="SNMP set at p4_interactive NO PASSTHROUGH" dst-port=161 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="SNMP set at p4_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=161
add action=mark-packet chain=postrouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" dst-port=1194 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=1194
add action=mark-packet chain=postrouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=27014-27050 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no \
protocol=tcp src-port=27014-27050
add action=mark-packet chain=postrouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" dst-port=27014-27050 new-packet-mark=up_p2_noninteractive_WAN1 out-interface=WAN passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_noninteractive_WAN1 passthrough=no protocol=tcp src-port=\
27014-27050
add action=mark-packet chain=postrouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" dst-port=119 new-packet-mark=up_p7_noninteractive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=119
add action=mark-packet chain=postrouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" dst-port=433 new-packet-mark=up_p7_noninteractive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=433
add action=mark-packet chain=prerouting comment="http download will be treated as dn_p3_interactive" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 passthrough=no protocol=tcp src-port=\
80,443,8080
add action=mark-packet chain=postrouting comment="http upload will be treated as up_p3_interactive" dst-port=80,443,8080 new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
tcp
add action=mark-packet chain=postrouting comment="War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=3478-3480,20010-20500 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=udp src-port=3478-3480,20010-20500
add action=mark-packet chain=postrouting comment="War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=5222,7850-7854,7800-7802 new-packet-mark=up_p2_interactive_WAN1 \
out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
protocol=tcp src-port=5222,7850-7854,7800-7802
add action=log chain=notes comment="End QoS tree"
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.16.0.0/24 to-addresses=0.0.0.0
add action=redirect chain=dstnat disabled=yes dst-address=!172.16.0.1-172.16.0.4 dst-port=80 protocol=tcp to-ports=8080
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set anonymous=yes cache-administrator="" cache-on-disk=yes cache-path=micro-sd max-fresh-time=3h parent-proxy=0.0.0.0 src-address=172.16.0.0
/ip service
set telnet disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=LAN type=internal
add interface=WAN type=external
/ipv6 address
add address=2606:a000:1128:a0a5:: eui-64=yes interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=twc request=prefix
/ipv6 firewall filter
add chain=input connection-state=related
add chain=input connection-state=established
add chain=forward connection-state=established
add chain=input in-interface=LAN
add chain=forward connection-state=related
add chain=input dst-port=546 protocol=udp
add chain=input protocol=icmpv6
add chain=forward protocol=icmpv6
add chain=forward out-interface=WAN
add action=drop chain=input
add action=drop chain=forward
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
/ipv6 nd prefix
add interface=LAN
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/snmp
set contact=trekkie@nomorestars.com location="1722 Lambton Ave"
/system clock
set time-zone-autodetect=no time-zone-name=EST5EDT
/system identity
set name=galaxy
/system logging
add action=disk topics=error,warning
add topics=l2tp
add topics=ipsec
add topics=ovpn
/system ntp client
set enabled=yes primary-ntp=64.90.182.55 secondary-ntp=216.229.0.179
/system script
add name="upgrade script" owner=admin source="/system package update\
\ncheck-for-updates\
\n:delay 1s;\
\n:if ( [get current-version] != [get latest-version]) do={ upgrade }"
/tool graphing interface
add
/tool romon port
add
/tool user-manager database
set db-path=user-manager1