I am trying to mark packets of upload and download from/to a particular site using the following script.
Code: Select all
> /ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; SERVER.COM chain=prerouting action=add-dst-to-address-list address-list=server address-list-timeout=none-dynamic in-interface=LAN content=server.com 1 ;;; no-mark chain=forward action=mark-connection new-connection-mark=no-mark passthrough=yes 2 ;;; UPLOAD chain=forward action=mark-connection new-connection-mark=UPLOAD passthrough=yes dst-address-list=server out-interface=WAN 3 ;;; UPLOAD chain=forward action=mark-packet new-packet-mark=UPLOAD passthrough=no connection-mark=UPLOAD 4 ;;; DOWNLOAD chain=forward action=mark-connection new-connection-mark=DOWNLOAD passthrough=yes src-address-list=server in-interface=WAN 5 ;;; DOWNLOAD chain=forward action=mark-packet new-packet-mark=DOWNLOAD passthrough=no connection-mark=DOWNLOAD
1. Could anyone please confirm if the following script should work?
2. If I disable the second (#2) connection marking in the script above, I think the script is not marking packets correctly. I am thinking like this because, I assume a single connection is used for transmitting both upload and download packets and thus, for subsequent upload/download packets, the connection marking remains unchanged.
3. If I use 'connection-state=new' while marking connections in the above script, should the behaviour remain same?
Thanks in advance.