Hi all!
I try to mark traffic by type with magle and sort its by priority later, but its works very bad, only one half of p2p traffic marks normally, almost all other traffic marks like OTHER.
here is my firewall export
/ip firewall export
# aug/01/2010 09:54:06 by RouterOS 3.30
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward comment="Access to internet from admin" \
disabled=no src-address=192.168.1.0/24
add action=drop chain=forward comment="Drop invalid connection packets" \
connection-state=invalid disabled=no
add action=accept chain=forward comment="Allow established connections" \
connection-state=established disabled=no
add action=accept chain=forward comment="Allow related connections" \
connection-state=related disabled=no
add action=accept chain=forward comment="Allow UDP" disabled=no protocol=udp
add action=accept chain=forward comment="Allow ICMP Ping" disabled=no \
protocol=icmp
/ip firewall mangle
add action=mark-connection chain=prerouting comment=ICMP disabled=no \
new-connection-mark=icmp passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment=ICMP connection-mark=icmp \
disabled=no new-packet-mark=ICMP passthrough=no
add action=mark-connection chain=prerouting comment=0-bytes connection-bytes=\
1-128000 disabled=no new-connection-mark=0-bytes passthrough=yes port=80 \
protocol=tcp
add action=mark-packet chain=prerouting comment=0-bytes connection-bytes=\
0-128000 connection-mark=0-bytes disabled=no new-packet-mark=0bytes \
passthrough=yes
add action=mark-packet chain=prerouting comment="HTTP 80" connection-mark=\
http disabled=no new-packet-mark=HTTP_80 passthrough=no
add action=mark-packet chain=prerouting comment=POP3 disabled=no \
new-packet-mark=POP3 passthrough=no port=110 protocol=tcp
add action=mark-packet chain=prerouting comment=FTP disabled=no \
new-packet-mark=FTP passthrough=no port=21 protocol=tcp
add action=mark-packet chain=prerouting comment=SMTP disabled=no \
new-packet-mark=SMTP passthrough=no port=25 protocol=tcp
add action=mark-packet chain=prerouting comment=IMAP disabled=no \
new-packet-mark=IMAP passthrough=no port=143 protocol=tcp
add action=mark-packet chain=prerouting comment=SSL disabled=no \
new-packet-mark=SSL passthrough=no port=443 protocol=tcp
add action=mark-packet chain=prerouting comment=P2P disabled=no \
new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-connection chain=prerouting comment=UDP disabled=no \
new-connection-mark=udp passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment=UDP connection-mark=udp \
disabled=no new-packet-mark=udp passthrough=no
add action=mark-connection chain=prerouting comment=OTHER disabled=no \
new-connection-mark=other passthrough=yes
add action=mark-packet chain=prerouting comment=OTHER connection-mark=other \
disabled=no new-packet-mark=other passthrough=no
add action=log chain=forward comment="Check for unmarked traffic" disabled=\
yes log-prefix=""
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=!lan
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no