I tried changing the rules for the mark connection but it doesn't seem to affect its mark packet counterpart. Also, it looks like the HTTP/S Downloads is passing through the browsing packet mark since I was also downloading at the time and the download rules didn't get any traffic.
Code: Select all
# oct/09/2018 23:45:12 by RouterOS 6.43.1
# software id = LI9V-2338
#
# model = RouterBOARD 750G r3
# serial number = 6F38088D7F33
/interface bridge
add admin-mac=CC:2D:E0:0D:C4:C5 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/queue type
add kind=pcq name="3Mb PCQ Down" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=3M pcq-src-address6-mask=64
/queue simple
add name=VIP priority=1/1 queue=pcq-upload-default/pcq-download-default target=192.168.88.16/32,192.168.88.17/32
add limit-at=512k/1M max-limit=1M/7M name=Others queue="pcq-upload-default/3Mb PCQ Down" target=192.168.88.0/24
/queue tree
add limit-at=10M max-limit=10M name="Priority 1" parent=global priority=1 queue=default
add name="Online Gaming" packet-mark="Online Gaming Packet" parent="Priority 1" priority=2
add name="Priority 2" parent=global priority=2 queue=default
add name=Browsing packet-mark=pm_http_dl_browsing parent="Priority 2" priority=2
add name="Priority 3" parent=global priority=3 queue=default
add max-limit=10M name=Downstream parent=bridge priority=5 queue=default
add name=0-512 packet-mark=0bytes parent="Priority 1" priority=1
add name=ICMP packet-mark=icmp parent="Priority 1" priority=1
add name=POP3 packet-mark=pop3 parent="Priority 1" priority=1
add name=SMTP packet-mark=smtp parent="Priority 1" priority=1
add name=IMAP packet-mark=imap parent="Priority 1" priority=1
add name=1Mbyte packet-mark=1Mbyte parent="Priority 3" priority=3
add name=3Mbyte packet-mark=3Mbyte parent="Priority 3" priority=4
add name=6Mbyte packet-mark=6Mbyte parent=Downstream priority=5
add name=Infinite packet-mark=Infinite parent=Downstream
add name=GRE packet-mark=gre parent=Downstream
add name=IPSEC-ESP packet-mark=ipsec-esp parent=Downstream
add name=IPSEC-AH packet-mark=ipsec-ah parent=Downstream
add name=P2P packet-mark=p2p parent=Downstream
add name=IPENCAP packet-mark=ipencap parent=Downstream
add name=IPIP packet-mark=ipip parent=Downstream
add name=UDP-100 packet-mark=udp-100 parent="Priority 1" priority=1
add name=UDP-500 packet-mark=upd-500 parent="Priority 1" priority=3
add name=UDP-Other packet-mark=upd-other parent="Priority 2"
add name="HTTP Downloads" packet-mark=pm_http_dl parent=Downstream
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip arp
add address=192.168.88.16 interface=bridge mac-address=60:45:CB:64:7A:2D
add address=192.168.88.17 interface=bridge mac-address=B0:72:BF:DC:17:68
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=128.1.89.118 list="Online Games"
add address=35.227.215.182 list="Online Games"
add address=35.187.151.11 list="Online Games"
add address=35.201.253.210 list="Online Games"
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-connection chain=prerouting comment=Steam new-connection-mark="Online Games Connection" passthrough=yes port=\
27000-27015,27015-27030,27031-27036,4380 protocol=udp
add action=mark-connection chain=prerouting comment="Steam Streaming" new-connection-mark=Streaming passthrough=yes port=27036-27037 protocol=tcp
add action=mark-connection chain=prerouting comment="Online Games" new-connection-mark="Online Games Connection" passthrough=yes src-address-list="Online Games"
add action=mark-connection chain=prerouting dst-address-list="Online Games" new-connection-mark="Online Games Connection" passthrough=yes
add action=mark-packet chain=prerouting connection-mark="Online Games Connection" new-packet-mark="Online Gaming Packet" passthrough=no
add action=mark-connection chain=prerouting comment="HTTP,HTTPS browsing" connection-bytes=0-512000 new-connection-mark=cm_http_dl_browsing passthrough=yes \
protocol=tcp src-port=80,443,8080
add action=mark-packet chain=prerouting connection-mark=cm_http_dl_browsing new-packet-mark=pm_http_dl_browsing passthrough=no
add action=mark-connection chain=prerouting comment="HTTP,HTTPS Download" connection-bytes=512000-0 new-connection-mark=cm_http_dl passthrough=yes protocol=tcp \
src-port=80,443,8080
add action=mark-packet chain=prerouting comment=HTTP_Download connection-mark=cm_http_dl new-packet-mark=pm_http_dl passthrough=no
add action=mark-packet chain=forward comment="UDP 100" new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="UDP 500" new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="UDP Other" new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward comment="0 Bytes" connection-bytes=1-512000 connection-mark=no-mark new-packet-mark=0bytes passthrough=no
add action=mark-packet chain=forward comment=1Mbyte connection-bytes=512000-1000000 connection-mark=no-mark new-packet-mark=1Mbyte passthrough=no
add action=mark-packet chain=forward comment=3Mbyte connection-bytes=1000000-3000000 connection-mark=no-mark new-packet-mark=3Mbyte passthrough=no
add action=mark-packet chain=forward comment=6Mbyte connection-bytes=3000000-6000000 connection-mark=no-mark new-packet-mark=6Mbyte passthrough=no
add action=mark-packet chain=forward comment=Infinite connection-bytes=60000000-0 connection-mark=no-mark new-packet-mark=Infinite passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/Lima
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN