Joined: Wed Dec 16, 2020 11:26 am

How to create simple queue using 3 different mangle ?

Wed Feb 03, 2021 6:25 am

Hi all ,
please help, i need to create simple queue with 3 different mangle : my situation now :

ip wan :
Ip Lan :

1. i have 2 mangle to separate 2 connection :
- Mangle IIX is routing mark packet : connection to .local / domestic ( which ip address in our local country )
- Mangle INT is routing mark packet : connection to outside our country / international connection (except : packet mark local "nice list ip address list " / IIX )

/ip firewall mangle
add action=mark-packet chain=prerouting comment=ICMP new-packet-mark=ICMP \
passthrough=yes protocol=icmp
add action=mark-connection chain=forward comment=INT new-connection-mark=\
Int-Con passthrough=yes protocol=!icmp src-address-list=!nice
add action=mark-connection chain=forward dst-address-list=!nice \
new-connection-mark=Int-Con passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting connection-mark=Int-Con \
new-packet-mark=INT passthrough=yes
add action=mark-connection chain=forward comment=IIX new-connection-mark=\
iix-con passthrough=yes protocol=!icmp src-address-list=nice
add action=mark-connection chain=forward dst-address-list=nice \
new-connection-mark=iix-con passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting connection-mark=iix-con \
new-packet-mark=IIX passthrough=yes

2. my example simple queue for 2 mangle (IIX and INT)

/queue simple
add max-limit=5M/5M name="IIX" packet-marks=IIX target=\
add max-limit=5M/5M name="INT" packet-marks=INT target=\

this simple queue is running normally.

i need to add 1 more mangle to create routing and packet mark for Facebook Connection ( Mangle C ) which i'm sure that some or much facebook ip address list connection also exist in Mangle INT.

the goal is : i have to set no limit to all ip in LAN which connecting to Facebook .

here is my new mangle for grab facebook ip:

/ip firewall layer7-protocol
add name=L7_FB regexp="^(.*)(facebook)(.*)\\\$"

/ip firewall filter
add action=add-dst-to-address-list address-list=FB_List address-list-timeout=\
5m chain=forward layer7-protocol=L7_FB log-prefix=""

/ip firewall mangle
add action=mark-connection chain=forward dst-address-list=FB_List log-prefix=\
"" new-connection-mark=FB_Conn passthrough=yes

add action=mark-packet chain=forward connection-mark=FB_Conn log-prefix="" \
new-packet-mark=FB_Pkt passthrough=no

but i dunno how i create new simple queue or anything, to let my LAN IP is no limit to facebook ip address list.

Please advice .

