i made a queue tree for youtube, and create mangle and layer7 protocol, but when i go on youtube and waching a video, on the queue doesnt show up traffic.
here my config
# oct/06/2019 14:37:34 by RouterOS 6.44.5
# software id = 4L42-C3TX
#
# model = RB941-2nD
# serial number = A1C30A560349
/interface bridge
add name=bridge-hotspot
add comment="ethernet bridge" name=bridge1
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
mode=ap-bridge nv2-preshared-key=xxxxxxxxxxx nv2-security=enabled ssid=\
"Hot spot Nasa"
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
xxxxxxxxxxxxx wpa2-pre-shared-key=xxxxxxxxxxxxxxx
/ip firewall layer7-protocol
add name="pornsites + facebook" regexp="^..+\\.(pornhub.com|xVideos.com|xHamst\
er.com|xnxx.com|youporn.com|hclips.com|porn.com|tnaflix.com|tube8.com|span\
kbang.com|drtuber.com|vporn.com|myporngay.com|arabianchicks.com).*\$"
add comment="Mikrotik Block Torrent" name=layer7-bittorrent-exp regexp="^(\\x1\
3bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\
\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7\
P\\)[RP]"
add comment="Youtube rule" name=Youtube regexp=\
"^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
/ip hotspot profile
add dns-name=hot.spot hotspot-address=10.10.4.1 login-by=http-chap,mac-cookie \
name=hsprof2
/ip pool
add name=hs-pool-7 ranges=10.10.4.2-10.10.4.254
add comment="pool bridge1 dhcp" name=bridge1pool ranges=10.10.3.2-10.10.3.254
add comment="openVPN pool" name=pool1 ranges=10.10.10.2-10.10.10.255
/ip dhcp-server
add address-pool=hs-pool-7 disabled=no interface=bridge-hotspot lease-time=1h \
name=dhcp1
add address-pool=bridge1pool disabled=no interface=bridge1 name=dhcpbridge1
/ip hotspot
add address-pool=hs-pool-7 addresses-per-mac=1 disabled=no interface=\
bridge-hotspot name=hotspot1 profile=hsprof2
/queue simple
add max-limit=4M/0 name=hotspotQueue target=bridge-hotspot
add disabled=yes max-limit=1M/15M name=client1myphone parent=hotspotQueue \
target=10.10.4.252/32
/queue tree
add max-limit=50M name="All Bandwidth" parent=global priority=1
add max-limit=40M name=Download packet-mark=client-dw-pk parent=\
"All Bandwidth" priority=2 queue=default
add max-limit=4M name=Upload parent="All Bandwidth" queue=default
add max-limit=40M name=http-dw packet-mark=http-dw-pk parent=Download \
priority=1 queue=pcq-download-default
add max-limit=50M name=other-dw packet-mark=other-dw-pk parent=Download \
priority=6 queue=pcq-download-default
add max-limit=1M name=http-up packet-mark=http-up-pk parent=Upload priority=1 \
queue=pcq-upload-default
add max-limit=2M name=Other-up packet-mark=other-up-pk parent=Upload \
priority=6 queue=pcq-upload-default
add max-limit=10M name=p2p-dw packet-mark=p2p-dw-pk parent=Download queue=\
pcq-download-default
add max-limit=1M name=p2p-up packet-mark=p2p-up-pk parent=Upload queue=\
pcq-upload-default
add max-limit=8M name="Youtube download" packet-mark=youtube_dw_pk parent=\
Download queue=pcq-download-default
add max-limit=1M name="Youtube Upload" packet-mark=youtube_up_pk parent=\
Upload queue=pcq-upload-default
/interface bridge port
add bridge=bridge-hotspot interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
/interface bridge settings
set use-ip-firewall=yes
/interface ovpn-server server
set enabled=yes port=443
/ip address
add address=192.168.1.2/24 comment="main subnet router/modem" interface=\
ether1 network=192.168.1.0
add address=10.10.3.1/24 comment=\
"subnet 10.10.3.0 \E4\DF\EA\F4\F5\EF mikrotik" interface=ether2 network=\
10.10.3.0
add address=10.10.4.1/24 comment="ip address assign to bridge" interface=\
bridge-hotspot network=10.10.4.0
/ip dhcp-server lease
add address=10.10.4.15 client-id=1:3c:fa:43:c:c3:e1 mac-address=\
3C:FA:43:0C:C3:E1 server=dhcp1
/ip dhcp-server network
add address=10.10.3.0/24 dns-server=10.10.3.1 gateway=10.10.3.1
add address=10.10.4.0/24 comment="hotspot network" dns-server=\
208.67.222.123,208.67.220.123 gateway=10.10.4.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123
/ip dns static
add address=10.10.4.1 name=hot.spot
/ip firewall address-list
add address=10.10.4.2-10.10.4.255 list=Clients
add address=10.10.3.1 list=router
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" disabled=yes list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
list=Bogons
add address=10.10.3.231 list=support_router
add address=192.168.1.1 list=router_nova1
add address=192.168.1.254 list="router_nova 2"
add address=192.168.1.2 list=Bridges
add address=10.10.3.1 list=Bridges
/ip firewall filter
add action=drop chain=forward comment="KILL P2P OTHER CON" connection-mark=\
other-con disabled=yes layer7-protocol=layer7-bittorrent-exp \
src-address-list="BitTorrent Users"
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=reject chain=forward comment="reject facebook" connection-mark=\
facebook_conn in-interface=bridge-hotspot protocol=tcp reject-with=\
tcp-reset
add action=drop chain=forward comment="kill P2P" dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
src-address-list="BitTorrent Users"
add action=drop chain=forward dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \
src-address-list="BitTorrent Users"
add action=add-src-to-address-list address-list="BitTorrent Users" \
address-list-timeout=5m chain=forward comment=BitTorrentUsers \
in-interface=bridge-hotspot layer7-protocol=layer7-bittorrent-exp \
src-address-list=Clients
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1
add action=drop chain=input comment="router mikrotik first rule" \
dst-address-list=router dst-port=21,22,23,80,8291 protocol=tcp \
src-address-list=!support_router
add action=drop chain=forward comment=\
"block modem first ip except for main pc" dst-address=192.168.1.1 \
dst-port=21,22,23,80,8291 protocol=tcp src-address=!10.10.3.231
add action=drop chain=forward comment=\
"block second ip modem router except from main pc" dst-address=\
192.168.1.254 dst-port=21,22,23,80,8291 protocol=tcp src-address=\
!10.10.3.231
add action=drop chain=forward comment=\
"block winbox on this ip, except ip website hotspot" dst-address=\
10.10.4.1 dst-port=8291,23,22,21 protocol=tcp src-address=!10.10.3.231
/ip firewall mangle
add action=mark-connection chain=prerouting comment="facebook connection" \
in-interface=bridge-hotspot layer7-protocol="pornsites + facebook" \
new-connection-mark=facebook_conn passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=other-con disabled=yes \
new-connection-mark=other-con passthrough=yes
add action=accept chain=prerouting comment=router dst-address-list=router
add action=accept chain=forward comment=DNS port=53 protocol=tcp
add action=accept chain=forward comment=DNS port=53 protocol=udp
add action=mark-connection chain=forward comment="client download" \
in-interface=ether1 new-connection-mark=client-dw-con passthrough=yes
add action=mark-packet chain=forward comment=client-dw-pk connection-mark=\
client-dw-con new-packet-mark=client-dw-pk passthrough=yes
add action=mark-connection chain=prerouting comment=client-up-con \
in-interface=bridge1 new-connection-mark=client-up-con passthrough=yes
add action=mark-packet chain=prerouting comment=client-up-pk connection-mark=\
client-up-con new-packet-mark=client-up-pk passthrough=yes
add action=mark-packet chain=forward comment=http-dw-pk new-packet-mark=\
http-dw-pk packet-mark=client-dw-pk passthrough=no port=\
80,443,5222,5223,5228 protocol=tcp
add action=mark-packet chain=forward comment=http-up-pk new-packet-mark=\
http-up-pk packet-mark=client-up-pk passthrough=no port=\
80,443,5222,5223,5228 protocol=tcp
add action=mark-packet chain=forward comment=p2p-dw-pk disabled=yes \
new-packet-mark=p2p-dw-pk p2p=all-p2p packet-mark=client-dw-pk \
passthrough=no
add action=mark-packet chain=forward comment=p2p-dw-pk layer7-protocol=\
layer7-bittorrent-exp new-packet-mark=p2p-dw-pk packet-mark=client-dw-pk \
passthrough=no
add action=mark-packet chain=forward comment=p2p-up-pk disabled=yes \
new-packet-mark=p2p-up-pk p2p=all-p2p packet-mark=client-up-pk \
passthrough=no
add action=mark-packet chain=forward comment=p2p-up-pk layer7-protocol=\
layer7-bittorrent-exp new-packet-mark=p2p-up-pk packet-mark=client-up-pk \
passthrough=no
add action=mark-packet chain=forward comment=other-dw-pk new-packet-mark=\
other-dw-pk packet-mark=client-dw-pk passthrough=no
add action=mark-packet chain=forward comment=other-up-pk new-packet-mark=\
other-up-pk packet-mark=client-up-pk passthrough=no
add action=mark-connection chain=prerouting comment="facebook connection" \
layer7-protocol="pornsites + facebook" new-connection-mark=facebook_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=\
"youtube download connection" in-interface=ether1 layer7-protocol=Youtube \
new-connection-mark=Youtube_dw_conn passthrough=yes
add action=mark-packet chain=forward comment=youtube_dw_pk connection-mark=\
Youtube_dw_conn new-packet-mark=youtube_dw_pk passthrough=no
add action=mark-connection chain=prerouting comment=youtube_up_conn \
in-interface=bridge1 layer7-protocol=Youtube new-connection-mark=\
youtube_up_conn passthrough=yes
add action=mark-packet chain=forward comment=youtube_up_pk connection-mark=\
youtube_up_conn new-packet-mark=youtube_up_pk passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.10.4.0/24
add action=dst-nat chain=dstnat comment="openDNS block" dst-port=53 \
in-interface=bridge-hotspot protocol=udp to-addresses=208.67.222.123 \
to-ports=53
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=yes src-address=10.10.4.0/24
add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 \
in-interface-list=all protocol=tcp to-addresses=10.10.3.231 to-ports=443
/ip hotspot user
add name=admin password=xxxxxxxxxxxxxxx
add comment="laptop asus" name=AsusLaptop password=xxxxxxxxxxxxxxxxx server=\
hotspot1
add comment="Lenovo Laptop" name=LenovoLaptop password=xxxxxxxxxxxxxxxxx server=\
hotspot1
add comment="markellos phone" name=MarkPhone password=xxxxxxxxxxxxxxxx server=\
hotspot1
add comment="dimitris phone" name=Jimaras password=xxxxxxxxxxxxxx server=\
hotspot1
add comment="Markellos Laptop" name=MarkLaptop password=xxxxxxxxxxxxxxxx server=\
hotspot1
/ip route
add distance=1 gateway=192.168.1.1
add distance=1 dst-address=10.10.10.0/24 gateway=10.10.3.231
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp secret
add name=test1 password=xxxxxxxxxxxxxx
/radius
add address=127.0.0.1 secret="xxxxxxxxxxxxxxxxxx" service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Athens
/system ntp client
set enabled=yes primary-ntp=147.102.255.1 secondary-ntp=193.93.164.194
/system scheduler
add interval=1d name="Config Backup" on-event="/export file=export\r\
\n/tool e-mail send to=\"xxxxxxxxxxxxxxxx@gmail.com\" subject=\"\$[/syst\
em identity get name] export\" \\\r\
\nbody=\" configuration file \$[/system clock get date]\" file=export.rsc" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/05/2019 start-time=16:55:00
add interval=1h name="Email Logs" on-event="/log print file=logs\r\
\ndelay 10\r\
\n/tool e-mail send to=\"xxxxxxxxxxxxxxxx@gmail.com\" subject=\"\$[/syst\
em identity get name] logs\" \\\r\
\nbody=\"\$[/system clock get date] log file\" file=logs.txt" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/05/2019 start-time=17:13:00
/tool e-mail
set address=smtp.gmail.com from=xxxxxxxxxxxxxxxxx@gmail.com password=\
xxxxxxxxxxxxx port=587 start-tls=yes user=xxxxxxxxxxxxxxxxx@gmail.com
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool netwatch
add down-script=":global myVarDownTime\r\
\n:set myVarDownTime \"\$[/system clock get time]\"\r\
\n:log error \"WAN link is down\"" host=8.8.8.8 up-script=":global myVarDo\
wnTime\r\
\n:log error \"WAN link is up again\"\r\
\n/tool e-mail send to=\"xxxxxxxxxxxxxxxxxxxx@gmail.com\" subject=\"\$[/syst\
em identity get name] WAN Link is up on \$[/system clock get time]. Down f\
rom \$myVarDownTime\""