add action=add-src-to-address-list address-list=p2p_user \
address-list-timeout=5m chain=forward comment=\
"P2P Traffic - Bittorrent and others" connection-state=new out-interface=\
br-WAN p2p=all-p2p
add action=mark-connection chain=forward connection-state=new dst-port=\
1000-65000 new-connection-mark=con_p2p out-interface=br-WAN protocol=tcp \
src-address-list=p2p_user
add action=mark-connection chain=forward connection-state=new dst-port=\
1000-65000 new-connection-mark=con_p2p out-interface=br-WAN protocol=udp \
src-address-list=p2p_user
add action=mark-packet chain=forward connection-mark=con_p2p new-packet-mark=\
mark_out_p2p out-interface=br-WAN passthrough=no src-address-list=\
p2p_user
add action=mark-packet chain=forward connection-mark=con_p2p in-interface=\
br-WAN new-packet-mark=mark_in_p2p passthrough=no src-address-list=\
p2p_user
You will notice the same if the user watches his home security system, listens to a radio station, uses shoutcast, or does a FTP download in non-passive mode. Basically everything else except web browsing, e-mail reading and remote console....
Then I noticed that most P2P traffic uses destination ports > 1000. So I decided ... when someone is on my p2p_user address list and he makes connections to a high port, he is probably downloading a torrent.
...
can u give us the code for this?in my case i prioritize other traffic leaving other traffic with the lower priority
indirectly achieving torrent gets the lower priority
in may case i prioritize first icmp, ack, dude, dns, voip, snmp, vpns, http, http-big, mail, other tcp udp connections moving few traffic.
/queue type
#CREATING RED QUEUES FOR OTHER BIG TRAFFIC RED WORKS BETTER TO CONTAIN BIG RUSH OF TORRENT CONNECTIONS#
add kind=red name=red_download red-avg-packet=1500 red-burst=10 red-limit=40 red-max-threshold=40
add kind=red name=red_upload red-avg-packet=1500 red-burst=5 red-limit=20 red-max-threshold=20 red-min-threshold=5
#MODIFYING DEFAULT PCQ QUEUES FOR BALANCING PER CONNECTION THIS CAN BE TUNED IF YOU WANT TO BALANCE PER IP#
set 10 pcq-classifier=src-address,src-port pcq-total-limit=50000KiB
set 11 pcq-classifier=dst-address,dst-port pcq-total-limit=50000KiB
/queue tree
add max-limit=1800k name=TOTAL_U parent=global queue=default
add max-limit=8250k name=TOTAL_D parent=global queue=default
add limit-at=1500k max-limit=1800k name=1_ACK_U packet-mark=ACK_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_ACK_D packet-mark=ACK_D parent=TOTAL_D priority=1 queue=default
add limit-at=1500k max-limit=1800k name=1_DNS_U packet-mark=DNS_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_DNS_D packet-mark=DNS_D parent=TOTAL_D priority=1 queue=default
add limit-at=1500k max-limit=1800k name=4_DUDE_U packet-mark=DUDE_U parent=TOTAL_U priority=4 queue=pcq-upload-default
add limit-at=4M max-limit=8250k name=4_DUDE_D packet-mark=DUDE_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=1500k max-limit=1800k name=1_ICMP_U packet-mark=ICMP_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_ICMP_D packet-mark=ICMP_D parent=TOTAL_D priority=1 queue=default
add limit-at=100k max-limit=1800k name=5_HTTP_U packet-mark=HTTP_U parent=TOTAL_U priority=5 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=5_HTTP_D packet-mark=HTTP_D parent=TOTAL_D priority=5 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=6_HTTP_U_BIG packet-mark=HTTP_BIG_U parent=TOTAL_U priority=6 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=6_HTTP_D_BIG packet-mark=HTTP_BIG_D parent=TOTAL_D priority=6 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=5_OTHER_U packet-mark=OTHER_U parent=TOTAL_U priority=5 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=5_OTHER_D packet-mark=OTHER_D parent=TOTAL_D priority=5 queue=pcq-download-default
add limit-at=4M max-limit=8250k name=4_IPSEC_D packet-mark=IPSEC_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=1500k max-limit=1800k name=4_IPSEC_U packet-mark=IPSEC_U parent=TOTAL_U priority=4 queue=pcq-upload-default
add limit-at=4M max-limit=8250k name=2_VOIP_D packet-mark=VOIP_D parent=TOTAL_D priority=2 queue=default
add limit-at=1500k max-limit=1800k name=2_VOIP_U packet-mark=VOIP_U parent=TOTAL_U priority=2 queue=default
add limit-at=250k max-limit=8250k name=6_MAIL_D packet-mark=MAIL_D parent=TOTAL_D priority=6 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=6_MAIL_U packet-mark=MAIL_U parent=TOTAL_U priority=6 queue=pcq-upload-default
add limit-at=100k max-limit=1800k name=7_OTHER_BIG_U packet-mark=OTHER_BIG_U parent=TOTAL_U priority=7 queue=red_upload
add limit-at=250k max-limit=8250k name=7_OTHER_D_BIG packet-mark=OTHER_BIG_D parent=TOTAL_D priority=7 queue=red_download
add limit-at=250k max-limit=8250k name=4_RDP_D packet-mark=RDP_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=4_RDP_U packet-mark=RDP_U parent=TOTAL_U priority=4 queue=pcq-upload-default
/ip firewall mangle
#LAYER 2 PRIORITY MARKING FOR SOME LAYER 3 MARKED TRAFFIC#
add action=set-priority chain=postrouting comment="dscp 46" dscp=46 new-priority=6
add action=set-priority chain=postrouting comment="dscp 48" dscp=48 new-priority=6
#MARKING INTERNAL TUNNELS AND INTERNAL VPNS TRAFFIC TO AVOID DOUBLE QUEUING THIS TRAFFIC WILL BE NOT QUEUED#
add action=mark-connection chain=postrouting comment=TUNELS dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=postrouting dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=forward dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=forward dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=output dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=output dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=postrouting new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=forward new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=output new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=prerouting in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=input in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=input in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap
add action=mark-connection chain=input in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap
#MARKING DNS TRAFFIC#
add action=mark-connection chain=output comment=DNS connection-mark=no-mark connection-state=new new-connection-mark=DNS out-interface=ether5 passthrough=no port=53 protocol=udp
add action=mark-connection chain=postrouting connection-mark=no-mark connection-state=new new-connection-mark=DNS out-interface=ether5 passthrough=no port=53 protocol=udp
add action=mark-connection chain=input connection-state=new in-interface=ether5 new-connection-mark=DNS passthrough=no port=53 protocol=udp
add action=set-priority chain=postrouting connection-mark=DNS new-priority=6
add action=change-dscp chain=postrouting connection-mark=DNS new-dscp=48
add action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=DNS_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=DNS in-interface=ether5 new-packet-mark=DNS_D passthrough=no
#MARKING ICMP TRAFFIC#
add action=mark-connection chain=postrouting comment=ICMP connection-state=new new-connection-mark=ICMP passthrough=no protocol=icmp
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=ICMP passthrough=no protocol=icmp
add action=change-dscp chain=postrouting connection-mark=ICMP new-dscp=48
add action=set-priority chain=postrouting connection-mark=ICMP new-priority=6
add action=change-dscp chain=output connection-mark=ICMP new-dscp=48
add action=set-priority chain=output connection-mark=ICMP new-priority=6
add action=mark-packet chain=postrouting connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no
add action=mark-packet chain=forward connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no
add action=mark-packet chain=input connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no
#MARKING TCP ACK TRAFFIC#
add action=change-dscp chain=postrouting comment=ACK new-dscp=48 packet-size=0-123 protocol=tcp tcp-flags=ack
add action=set-priority chain=postrouting new-priority=6 packet-size=0-123 protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=output new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=input in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
#MARKING HTTP TRAFFIC#
add action=mark-connection chain=prerouting comment=HTTP connection-mark=!HTTP_BIG connection-state=new dst-port=80,443,8080,554,8000,81,444,8409 new-connection-mark=HTTP protocol=tcp
add action=mark-connection chain=prerouting connection-mark=!HTTP_BIG connection-state=new dst-port=80,443,8080,554,8000,81,444,8409 new-connection-mark=HTTP protocol=udp
add action=mark-connection chain=prerouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=tcp
add action=mark-connection chain=postrouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=udp
add action=mark-connection chain=postrouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=postrouting connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no
add action=mark-packet chain=input connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no
#MARKING DUDE WINBOX AND OTHER NETWORK MANAGEMENT TRAFFIC#
add action=mark-connection chain=prerouting comment=DUDE connection-state=new dst-port=2210,8291,10008,22,23,222 new-connection-mark=DUDE passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no
add action=mark-packet chain=forward connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no
add action=mark-packet chain=input connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no
#MARKING RDP TRAFFIC#
add action=mark-connection chain=prerouting comment=RDP connection-state=new dst-port=3389 new-connection-mark=RDP passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no
add action=mark-packet chain=forward connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no
add action=mark-packet chain=input connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no
#MARKING MAIL TRAFFIC#
add action=mark-connection chain=prerouting comment=MAIL connection-state=new dst-port=25,110,143,465,585,993,995 new-connection-mark=MAIL passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no
add action=mark-packet chain=forward connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no
add action=mark-packet chain=input connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no
#MARKING IPSEC (VPN) AFTER ENCAPSULATION TRAFFIC TO DO MARKING TAKING IN COUNT ENCAPSULATION OVERHEAD#
add action=mark-connection chain=prerouting comment=IPSEC connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=postrouting connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=forward connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=input connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=output connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=prerouting connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=postrouting connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=forward connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=input connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=output connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no
add action=mark-packet chain=forward connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no
add action=mark-packet chain=input connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no
#MARKING VOIP AND VOIP LIKE TRAFFIC#
add action=mark-connection chain=prerouting comment=VOIP connection-mark=no-mark connection-rate=0-250k new-connection-mark=VOIP passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260
add action=mark-packet chain=forward connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260 passthrough=no
add action=mark-packet chain=output connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260 passthrough=no
add action=change-dscp chain=postrouting new-dscp=48 packet-mark=VOIP_U
add action=set-priority chain=postrouting new-priority=6 packet-mark=VOIP_U passthrough=no
add action=mark-packet chain=prerouting connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=mark-packet chain=input connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=change-dscp chain=postrouting new-dscp=48 packet-mark=VOIP_D
add action=set-priority chain=postrouting new-priority=6 packet-mark=VOIP_D passthrough=no
#MARKING NO VOIP UDP TRAFFIC#
add action=mark-packet chain=postrouting comment="NO VOIP" connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
#MARKING OTHER TCP TRAFFIC#
add action=mark-connection chain=prerouting comment="OTHER TCP" connection-mark=!OTHER_BIG connection-state=new dst-port=!80,443,8080,554,8000,81,444,8409,10008 new-connection-mark=OTHER protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=1000000-0 connection-mark=OTHER dst-port=!80,443,8080,554,8000,81,444,8409,10008 new-connection-mark=OTHER_BIG passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no
add action=mark-packet chain=input connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no
#MARKING OTHER TRAFFIC BIG CONNECTIONS#
add action=mark-packet chain=postrouting connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=output new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=input in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no