Community discussions

MikroTik App
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Issues with PCQ not kicking in

Tue Dec 22, 2015 10:36 pm

I have an RB2011 hardwired to a cable modem. the modem has 30MB Down/5MB Up performance.

i have a 751U-2HND wifi connected to it, it's a simple AP in bridge mode providing wifi.

I created an elaborate configuration using the 'mother of all qos trees' example off the web (https://www.mikrotik-routeros.com/2014/ ... rees-v6-0/)

Which uses PCQ before going global, which as I understand it that is supposed to mitigate the fact that srcnat routing is
on.

However, whenever a single client does a 'big' download such as downloading a file or something off the internet, that client takes over the network link completely. All other clients quit working, no browsing, no anything.

I've experimented with simple PCQ from various examples, as well as the complex one I use. The behavior is the same.

Below is my configuration for your perusal, I can't seem to find what I'm doing wrong. This version has 18M/2M set for the speeds as I was trying things, but nothing I do seems to stop the single client from disabling the rest of the network until its download is finished.

Example of 'download' would be: Installing Star Citizen. it downloads 27GB of data from the internet via HTTP. The instant that starts, all other clients die. They timeout/will not connect to the internet. If I pause that download from the launcher software, they all come back instantly, restart the download, it dies.

Same if I do a speed test.
[admin@house-router] > export
# dec/22/2015 09:52:17 by RouterOS 6.33.2
# software id = XSVP-9EC1
#
/interface bridge
add admin-mac=D4:CA:6D:1D:12:F3 auto-mac=no mtu=1500 name=LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN lease-time=3d name=\
    team_boucher
/queue tree
add max-limit=18M name=Download_WOW-Silver parent=global priority=1
add max-limit=2M name=Upload_WOW-Silver parent=global priority=1
add limit-at=16M max-limit=18M name=DN_Interactive_WOW-Silver parent=\
    Download_WOW-Silver priority=1
add limit-at=2M max-limit=18M name=DN_NonInteractive_WOW-Silver parent=\
    Download_WOW-Silver
add limit-at=1800k max-limit=2M name=UP_Interactive_WOW-Silver parent=\
    Upload_WOW-Silver priority=1
add limit-at=200k max-limit=2M name=UP_NonInteractive_WOW-Silver parent=\
    Upload_WOW-Silver
/queue type
add kind=pcq name=Download_WOW-Silver pcq-classifier=dst-address \
    pcq-total-limit=25000KiB
add kind=pcq name=Upload_WOW-Silver pcq-classifier=src-address \
    pcq-total-limit=25000KiB
/queue tree
add name=down_p1_interactive_WOW-Silver packet-mark=\
    dn_p1_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=1 \
    queue=Download_WOW-Silver
add name=down_p2_interactive_WOW-Silver packet-mark=\
    dn_p2_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=2 \
    queue=Download_WOW-Silver
add name=down_p3_interactive_WOW-Silver packet-mark=\
    dn_p3_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=3 \
    queue=Download_WOW-Silver
add name=down_p4_interactive_WOW-Silver packet-mark=\
    dn_p4_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=4 \
    queue=Download_WOW-Silver
add name=down_p5_interactive_WOW-Silver packet-mark=\
    dn_p5_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=5 \
    queue=Download_WOW-Silver
add name=down_p6_interactive_WOW-Silver packet-mark=\
    dn_p6_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=6 \
    queue=Download_WOW-Silver
add name=down_p7_interactive_WOW-Silver packet-mark=\
    dn_p7_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver priority=7 \
    queue=Download_WOW-Silver
add name=down_p8_interactive_WOW-Silver packet-mark=\
    dn_p8_interactive_WOW-Silver parent=DN_Interactive_WOW-Silver queue=\
    Download_WOW-Silver
add name=down_p1_noninteractive_WOW-Silver packet-mark=\
    dn_p1_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=1 queue=Download_WOW-Silver
add name=down_p2_noninteractive_WOW-Silver packet-mark=\
    dn_p2_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=2 queue=Download_WOW-Silver
add name=down_p3_noninteractive_WOW-Silver packet-mark=\
    dn_p3_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=3 queue=Download_WOW-Silver
add name=down_p4_noninteractive_WOW-Silver packet-mark=\
    dn_p4_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=4 queue=Download_WOW-Silver
add name=down_p5_noninteractive_WOW-Silver packet-mark=\
    dn_p5_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=5 queue=Download_WOW-Silver
add name=down_p6_noninteractive_WOW-Silver packet-mark=\
    dn_p6_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=6 queue=Download_WOW-Silver
add name=down_p7_noninteractive_WOW-Silver packet-mark=\
    dn_p7_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    priority=7 queue=Download_WOW-Silver
add name=down_p8_noninteractive_WOW-Silver packet-mark=\
    dn_p8_noninteractive_WOW-Silver parent=DN_NonInteractive_WOW-Silver \
    queue=Download_WOW-Silver
add name=up_p1_interactive_WOW-Silver packet-mark=\
    up_p1_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=1 \
    queue=Upload_WOW-Silver
add name=up_p2_interactive_WOW-Silver packet-mark=\
    up_p2_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=2 \
    queue=Upload_WOW-Silver
add name=up_p3_interactive_WOW-Silver packet-mark=\
    up_p3_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=3 \
    queue=Upload_WOW-Silver
add name=up_p4_interactive_WOW-Silver packet-mark=\
    up_p4_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=4 \
    queue=Upload_WOW-Silver
add name=up_p5_interactive_WOW-Silver packet-mark=\
    up_p5_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=5 \
    queue=Upload_WOW-Silver
add name=up_p6_interactive_WOW-Silver packet-mark=\
    up_p6_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=6 \
    queue=Upload_WOW-Silver
add name=up_p7_interactive_WOW-Silver packet-mark=\
    up_p7_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver priority=7 \
    queue=Upload_WOW-Silver
add name=up_p8_interactive_WOW-Silver packet-mark=\
    up_p8_interactive_WOW-Silver parent=UP_Interactive_WOW-Silver queue=\
    Upload_WOW-Silver
add name=up_p1_noninteractive_WOW-Silver packet-mark=\
    up_p1_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=1 queue=Upload_WOW-Silver
add name=up_p2_noninteractive_WOW-Silver packet-mark=\
    up_p2_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=2 queue=Upload_WOW-Silver
add name=up_p3_noninteractive_WOW-Silver packet-mark=\
    up_p3_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=3 queue=Upload_WOW-Silver
add name=up_p4_noninteractive_WOW-Silver packet-mark=\
    up_p4_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=4 queue=Upload_WOW-Silver
add name=up_p5_noninteractive_WOW-Silver packet-mark=\
    up_p5_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=5 queue=Upload_WOW-Silver
add name=up_p6_noninteractive_WOW-Silver packet-mark=\
    up_p6_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=6 queue=Upload_WOW-Silver
add name=up_p7_noninteractive_WOW-Silver packet-mark=\
    up_p7_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    priority=7 queue=Upload_WOW-Silver
add name=up_p8_noninteractive_WOW-Silver packet-mark=\
    up_p8_noninteractive_WOW-Silver parent=UP_NonInteractive_WOW-Silver \
    queue=Upload_WOW-Silver
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether10
add bridge=LAN interface=ether9
add bridge=LAN interface=ether8
add bridge=LAN interface=ether7
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2 \
    network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=WAN use-peer-dns=no
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    208.67.222.222,208.67.220.220 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=10.0.0.0/8 comment="Private Network" list=illegal-addr
add address=172.16.0.0/12 comment="Private Network" list=illegal-addr
add address=169.254.0.0/16 comment="Link Local" list=illegal-addr
add address=127.0.0.0/8 comment=Loopback list=illegal-addr
add address=224.0.0.0/3 comment="Reserved for multicast assignments as specifi\
    ed in RFC 5771.\
    \n233.252.0.0/24 is assigned as \"MCAST-TEST-NET\" for use solely in docum\
    entation and example source code." list=illegal-addr
add address=192.168.88.0/24 comment="my local network, all NATed" list=\
    local-addr
add address=192.168.0.0/16 comment="Private Network" list=illegal-addr
add address=198.18.0.0/15 comment="private network - Used for testing of inter\
    -network communications between two separate subnets as specified in RFC 2\
    544" list=illegal-addr
add address=192.0.2.0/24 comment="Assigned as \"TEST-NET\" in RFC 5737 for use\
    \_solely in documentation and example source code and should not be used p\
    ublicly." list=illegal-addr
add address=100.64.0.0/10 comment="Used for communications between a service p\
    rovider and its subscribers when using a Carrier-grade NAT, as specified b\
    y RFC 6598" list=illegal-addr
add address=192.0.0.0/24 comment="Used for the IANA IPv4 Special Purpose Addre\
    ss Registry as specified by RFC 5736" list=illegal-addr
add address=0.0.0.0/8 comment="Used for broadcast messages to the current (\"t\
    his\") network as specified by RFC 1700" list=illegal-addr
add address=12.129.193.0/24 comment=WoW list=games
add address=12.129.222.0/23 comment=WoW list=games
add address=12.129.225.0/24 comment=WoW list=games
add address=12.129.228.0/24 comment=WoW list=games
add address=12.129.233.0/24 comment=WoW list=games
add address=12.129.252.0/23 comment=WoW list=games
add address=63.241.255.0/24 comment=WoW list=games
add address=72.5.213.0/24 comment=WoW list=games
add address=80.239.149.0/24 comment=WoW list=games
add address=80.239.179.0/24 comment=WoW list=games
add address=80.239.181.0/24 comment=WoW list=games
add address=80.239.185.0/24 comment=WoW list=games
add address=80.239.233.0/24 comment=WoW list=games
add address=192.12.244.0/24 comment=WoW list=games
add address=195.12.246.0/24 comment=WoW list=games
add address=199.107.6.0/23 comment=WoW list=games
add address=199.107.24.0/23 comment=WoW list=games
add address=206.16.118.0/23 comment=WoW list=games
add address=206.16.147.0/24 comment=WoW list=games
add address=206.18.148.0/23 comment=WoW list=games
add address=206.18.98.0/23 comment=WoW list=games
add address=206.16.235.0/24 comment=WoW list=games
add address=206.17.111.0/24 comment=WoW list=games
add address=213.248.123.0/24 comment=WoW list=games
add address=213.248.127.0/24 comment=WoW list=games
add address=202.9.66.0/23 comment=SC2 list=games
add address=12.129.254.0/23 comment=SC2 list=games
add address=12.129.206.0/24 comment=SC2 list=games
add address=12.129.242.0/24 comment="Diablo III" list=games
add address=12.130.245.0/24 comment="Diablo III" list=games
add address=12.130.244.0/24 comment="Diablo III" list=games
add address=12.130.246.0/24 comment="Diablo III" list=games
add address=63.150.138.0/24 comment="Dota 2" list=games
add address=103.10.124.0/24 comment="Dota 2" list=games
add address=103.10.125.0/24 comment="Dota 2" list=games
add address=103.28.54.0/23 comment="Dota 2" list=games
add address=146.66.152.0/23 comment="Dota 2" list=games
add address=146.66.154.0/24 comment="Dota 2" list=games
add address=146.66.155.0/24 comment="Dota 2" list=games
add address=146.66.156.0/23 comment="Dota 2" list=games
add address=146.66.158.0/23 comment="Dota 2" list=games
add address=185.25.180.0/23 comment="Dota 2" list=games
add address=185.25.182.0/24 comment="Dota 2" list=games
add address=192.69.96.0/22 comment="Dota 2" list=games
add address=205.196.6.0/24 comment="Dota 2" list=games
add address=208.64.200.0/24 comment="Dota 2" list=games
add address=208.64.201.0/24 comment="Dota 2" list=games
add address=208.64.202.0/24 comment="Dota 2" list=games
add address=208.64.203.0/24 comment="Dota 2" list=games
add address=208.78.164.0/22 comment="Dota 2" list=games
add address=216.111.123.0/24 comment="Dota 2" list=games
add address=31.186.224.0/24 comment="LoL Europe" list=games
add address=31.186.226.0/24 comment="LoL Europe" list=games
add address=64.7.194.0/24 comment="LoL Europe" list=games
add address=95.172.65.0/24 comment="LoL Europe" list=games
add address=95.172.70.0/24 comment="LoL Europe" list=games
add address=66.150.148.0/24 comment="LoL EU-NE" list=games
add address=192.64.168.0/24 comment="LoL NA" list=games
add address=192.64.169.0/24 comment="LoL NA" list=games
add address=192.64.170.0/24 comment="LoL NA" list=games
add address=216.133.234.0/24 comment="LoL NA" list=games
add address=59.100.95.128/25 comment="LoL Oceania" list=games
add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" list=games
add address=216.240.136.162 comment="Lowerping - US West - Panther 1" list=\
    games
add address=216.240.145.9 comment="Lowerping - US West - Panther 2" list=\
    games
add address=64.69.36.224 comment="Lowerping - US West - Panther 3" list=games
add address=208.70.75.171 comment="Lowerping - US West - Panther 4" list=\
    games
add address=208.70.78.93 comment="Lowerping - US West - Panther 5" list=games
add address=216.240.136.167 comment="Lowerping - US West - Panther 6" list=\
    games
add address=64.56.65.9 comment="Lowerping - US West - Tiger 1" list=games
add address=74.222.8.249 comment="Lowerping - US West - Tiger 2" list=games
add address=216.18.198.2 comment="Lowerping - US West - Fox 1" list=games
add address=173.231.26.242 comment="Lowerping - US West - Fox 2" list=games
add address=66.212.28.128 comment="Lowerping - US West - Lion A1" list=games
add address=66.63.191.237 comment="Lowerping - US West - Lion A2" list=games
add address=72.11.142.216 comment="Lowerping - US West - Lion B1" list=games
add address=72.11.142.217 comment="Lowerping - US West - Lion B2" list=games
add address=96.44.172.186 comment="Lowerping - US West - Lion C1" list=games
add address=96.44.177.26 comment="Lowerping - US West - Lion C2" list=games
add address=96.44.177.27 comment="Lowerping - US West - Lion D1" list=games
add address=72.11.142.218 comment="Lowerping - US West - Lion D2" list=games
add address=64.120.10.178 comment="Lowerping - US West - Panda 1" list=games
add address=72.51.46.93 comment="Lowerping - US West - Rhino 1" list=games
add address=173.245.68.180 comment="Lowerping - US West - Squid 1" list=games
add address=173.245.68.178 comment="Lowerping - US West - Squid 2" list=games
add address=8.17.252.162 comment="Lowerping - US West - Koala 1" list=games
add address=8.17.252.163 comment="Lowerping - US West - Koala 2" list=games
add address=50.23.65.37 comment="Lowerping - US West - Salmon 1" list=games
add address=174.127.96.124 comment="Lowerping - US West - Salmon 2" list=\
    games
add address=174.127.96.127 comment="Lowerping - US West - Salmon 3" list=\
    games
add address=66.109.20.100 comment="Lowerping - US East - Cobra 1" list=games
add address=66.199.235.194 comment="Lowerping - US East - Otter 1" list=games
add address=72.9.100.90 comment="Lowerping - US East - Otter 2" list=games
add address=173.208.45.82 comment="Lowerping - US East - Spider 1" list=games
add address=69.162.127.98 comment="Lowerping - US Central - Frog 1" list=\
    games
add address=174.133.108.202 comment="Lowerping - US Central - Tadpole 1" \
    list=games
add address=174.34.132.50 comment="Lowerping - US Central - Toad 1" list=\
    games
add address=70.32.43.122 comment="Lowerping - Chicago - Macaw 1" list=games
add address=184.154.38.138 comment="Lowerping - Chicago - Jaguar 1" list=\
    games
add address=78.129.220.51 comment="Lowerping - Europe - London 1" list=games
add address=188.138.24.38 comment="Lowerping - Europe - Germany 1" list=games
add address=85.10.193.111 comment="Lowerping - Europe - Germany 3" list=games
add address=94.75.208.164 comment="Lowerping - Europe - Netherlands 1" list=\
    games
add address=62.212.91.21 comment="Lowerping - Europe - Netherlands 2" list=\
    games
add address=91.191.144.94 comment="Lowerping - Europe - Paris 1" list=games
add address=46.21.207.116 comment="Lowerping - Europe - Paris 2" list=games
add address=159.153.0.0/16 comment="SWTOR - USA/EUROPE" list=games
add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=\
    games
add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=\
    games
add address=192.88.99.0/24 comment=\
    "Used by 6to4 anycast relays as specified by RFC 3068" list=illegal-addr
add address=255.255.255.255 comment="Reserved for the \"limited broadcast\" de\
    stination address, as specified by RFC 6890" list=illegal-addr
add address=240.0.0.0/4 comment=\
    "Reserved for future use, as specified by RFC 6890" list=illegal-addr
add address=203.0.113.0/24 comment="Assigned as \"TEST-NET-3\" in RFC 5737 for\
    \_use solely in documentation and example source code and should not be us\
    ed publicly." list=illegal-addr
/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" \
    connection-state=invalid
add chain=input comment="Allow Established Connections" connection-state=\
    established
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input in-interface=!WAN src-address=192.168.88.0/24
add chain=input comment="Click the E to enable Tom's Access" disabled=yes \
    dst-port=22 protocol=tcp
add action=drop chain=input comment="Drop Everything Else"
add chain=forward comment="Allow traffic between clients" in-interface=LAN \
    out-interface=LAN
add action=jump chain=forward comment="Sanity Check Forward" jump-target=\
    sanity-check
add action=jump chain=sanity-check comment="Deny illegal NAT traversal" \
    jump-target=drop packet-mark=nat-traversal
add chain=input comment=\
    "Allow The Router to be visible via Neighbor Discovery to WinBox" \
    dst-address=255.255.255.255 dst-port=5678 in-interface=LAN protocol=udp
add action=add-src-to-address-list address-list=blocked-addr \
    address-list-timeout=1d chain=sanity-check comment="Block port scans" \
    protocol=tcp psd=20,3s,3,1
add action=add-src-to-address-list address-list=blocked-addr \
    address-list-timeout=1d chain=sanity-check comment="Block TCP Null scan" \
    protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=blocked-addr \
    address-list-timeout=1d chain=sanity-check comment="Block TCP Xmas scan" \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=sanity-check jump-target=drop protocol=tcp \
    src-address-list=blocked-addr
add action=jump chain=sanity-check comment="Drop TCP RST" jump-target=drop \
    protocol=tcp tcp-flags=rst
add action=jump chain=sanity-check comment="Drop TCP SYN+FIN" jump-target=\
    drop protocol=tcp tcp-flags=fin,syn
add action=jump chain=sanity-check comment=\
    "Dropping invalid connections at once" connection-state=invalid \
    jump-target=drop
add chain=sanity-check comment="Accepting already established connections" \
    connection-state=established
add chain=sanity-check comment="Also accepting related connections" \
    connection-state=related
add action=jump chain=sanity-check comment=\
    "Drop all traffic that goes to multicast or broadcast addresses" \
    dst-address-type=broadcast,multicast jump-target=drop
add action=jump chain=sanity-check comment=\
    "Drop illegal destination addresses" dst-address-list=illegal-addr \
    dst-address-type=!local in-interface=LAN jump-target=drop
add action=jump chain=sanity-check comment="Drop everything that goes from loc\
    al interface but not from local address" in-interface=LAN jump-target=\
    drop src-address-list=!local-addr
add action=jump chain=sanity-check comment=\
    "Drop all traffic that comes from multicast or broadcast addresses" \
    jump-target=drop src-address-type=broadcast,multicast
add chain=input comment="Allow local traffic (between router applications)" \
    dst-address-type=local src-address-type=local
add action=jump chain=input comment="DHCP protocol would not pass sanity check\
    ing, so enabling it explicitly before other checks" dst-port=67 \
    in-interface=LAN jump-target=dhcp protocol=udp src-port=68
add action=jump chain=input comment="Sanity Check" jump-target=sanity-check
add action=jump chain=input comment="Dropping packets not destined to the rout\
    er itself, including all broadcast traffic" dst-address-type=!local \
    jump-target=drop
add chain=input comment=\
    "Allow pings, but at a very limited rate (5 packets per sec)" \
    icmp-options=8 limit=5,5 protocol=icmp
add action=jump chain=input comment=\
    "Allowing some services to be accessible from the local network" \
    in-interface=LAN jump-target=local-services
add action=jump chain=input jump-target=drop
add chain=dhcp dst-address=255.255.255.255 src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address-list=local-addr
add chain=local-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=local-services comment=DNS dst-port=53 protocol=udp
add chain=local-services dst-port=53 protocol=tcp
add chain=local-services comment="HTTP Proxy (3128/TCP)" dst-port=3128 \
    protocol=tcp
add chain=local-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=\
    tcp
add chain=local-services comment=SNMP dst-port=161 protocol=udp
add chain=local-services comment=FTP dst-port=21 protocol=tcp
add chain=local-services comment=NTP dst-port=123 protocol=udp
add chain=local-services comment="Neighbor discovery" dst-port=5678 protocol=\
    udp
add action=drop chain=local-services
add chain=public-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=public-services comment="PPTP (1723/TCP)" dst-port=1723 protocol=\
    tcp
add chain=public-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=\
    tcp
add chain=public-services comment="GRE for PPTP" protocol=gre
add action=drop chain=public-services
add action=drop chain=known_viruses comment="windows - not EXACTLY a virus" \
    dst-port=135-139 protocol=tcp
add action=drop chain=known_viruses comment="windows - not EXACTLY a virus" \
    dst-port=135-139 protocol=udp
add action=drop chain=known_viruses comment=\
    "winXP netbios not EXACTLY a virus" dst-port=445 protocol=udp
add action=drop chain=known_viruses comment=\
    "winXP netbios not EXACTLY a virus" dst-port=445 protocol=tcp
add action=drop chain=known_viruses comment="msblast worm" dst-port=593 \
    protocol=tcp
add action=drop chain=known_viruses comment="msblast worm" dst-port=4444 \
    protocol=tcp
add action=drop chain=known_viruses comment="WITTY worm" dst-port=4000 \
    protocol=tcp
add action=drop chain=known_viruses comment="SoBig.f worm" dst-port=995-999 \
    protocol=tcp
add action=drop chain=known_viruses comment="SoBig.f worm" dst-port=8998 \
    protocol=tcp
add action=drop chain=known_viruses comment="beagle worm" dst-port=2745 \
    protocol=tcp
add action=drop chain=known_viruses comment="beagle worm" dst-port=4751 \
    protocol=tcp
add action=drop chain=known_viruses comment="SQL Slammer" dst-port=1434 \
    protocol=tcp
/ip firewall mangle
add action=log chain=notes comment=\
    "Start of QoS tree version updated on 12/23/2014"
add chain=prerouting comment=\
    "Accept traffic From QOSCustomerIPs to QOSCustomerIPs" dst-address-list=\
    QOSCustomerIPs src-address-list=QOSCustomerIPs
add action=mark-packet chain=prerouting comment="We should start with marking \
    everything as unknown - dn_p7_interactive WOW-Silver" in-interface=WAN \
    new-packet-mark=dn_p7_interactive_WOW-Silver
add action=mark-packet chain=postrouting comment=\
    "We should start with marking everything as unknown - up_p7_interactive" \
    new-packet-mark=up_p7_interactive_WOW-Silver out-interface=WAN
add action=mark-packet chain=postrouting comment=\
    "Mark all ACK packets p1 for outbound traffic." new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting comment=\
    "Mark all ACK packets p1 for outbound traffic." in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WOW-Silver protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment=\
    "Mark p2p connections first" new-connection-mark=p2p_conn p2p=all-p2p
add action=mark-packet chain=prerouting comment="Identifiable P2P is set at p8\
    _noninteractive with NO PASSTHROUGH. This is the lowest priority we can co\
    nfigure" connection-mark=p2p_conn in-interface=WAN new-packet-mark=\
    dn_p8_noninteractive_WOW-Silver passthrough=no
add action=mark-packet chain=postrouting comment="Identifiable P2P is set at p\
    8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can c\
    onfigure" connection-mark=p2p_conn new-packet-mark=\
    up_p8_noninteractive_WOW-Silver out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment=\
    "Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" \
    in-interface=WAN new-packet-mark=dn_p8_noninteractive_WOW-Silver \
    passthrough=no protocol=tcp src-port=6881
add action=mark-packet chain=postrouting comment=\
    "Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" dst-port=\
    6881 new-packet-mark=up_p8_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Mark ISP as p1_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WOW-Silver passthrough=no \
    src-address-list=ISP
add action=mark-packet chain=postrouting comment=\
    "Mark ISP as p1_interactive with NO PASSTHROUGH" dst-address-list=ISP \
    new-packet-mark=up_p1_interactive_WOW-Silver out-interface=WAN \
    passthrough=no
add action=mark-packet chain=prerouting comment=\
    "BGP as p1_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=179
add action=mark-packet chain=postrouting comment=\
    "BGP as p1_interactive with NO PASSTHROUGH" dst-port=179 new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "OSPF as p1_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WOW-Silver passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment=\
    "OSPF as p1_interactive with NO PASSTHROUGH" new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    ospf
add action=mark-packet chain=postrouting comment="Mark VoIP/ICMP Test (8080 ud\
    p) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=\
    0-1000000 dst-port=8080 new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp\
    ) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=\
    0-1000000 in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=8080
add action=mark-packet chain=prerouting comment=\
    "Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k \
    dst-port=53 in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=\
    "Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k \
    new-packet-mark=up_p1_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp src-port=53
add action=mark-packet chain=postrouting comment=\
    "Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k \
    dst-port=53 new-packet-mark=up_p1_interactive_WOW-Silver out-interface=\
    WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k \
    in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=53
add action=mark-packet chain=postrouting comment=\
    "ICMP is p1_interactive NO PASSTHROUGH" new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    icmp
add action=mark-packet chain=prerouting comment=\
    "ICMP is p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WOW-Silver passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection\
    \_rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    dst-port=3478,4080,5223 new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection \
    rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=3478,4080,5223
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection\
    \_rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    dst-port=16393-16402 new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection \
    rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=16393-16402
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connecti\
    on rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=\
    0-512k dst-port=5060-5061 new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connectio\
    n rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=5060-5061
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connecti\
    on rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=\
    0-512k dst-port=5060-5061 new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connectio\
    n rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k \
    in-interface=WAN new-packet-mark=dn_p1_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=5060-5061
add action=mark-connection chain=prerouting comment=\
    "VOIP - mark DSCP 46 with voip connection mark" dscp=46 \
    new-connection-mark=voip
add action=mark-packet chain=postrouting comment="For the voip connection mark\
    \_- 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=\
    voip connection-rate=0-512k new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="For the voip connection mark \
    - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WOW-Silver passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="For the voip connection mark\
    \_- 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=\
    voip connection-rate=0-512k new-packet-mark=up_p1_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="For the voip connection mark \
    - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WOW-Silver passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "NTP is set at p1_interactive." dst-port=123 in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=123
add action=mark-packet chain=postrouting comment=\
    "NTP is set at p1_interactive." dst-port=123 new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "WINBOX p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WOW-Silver passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=postrouting comment=\
    "WINBOX p1_interactive NO PASSTHROUGH" dst-port=8291 new-packet-mark=\
    up_p1_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment=\
    "### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" \
    dst-address-list=site-specific new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment=\
    "### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" \
    in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no src-address-list=site-specific
add action=mark-packet chain=postrouting comment=\
    "Game Server IPs (games) p2_interactive NO PASSTHROUGH" dst-address-list=\
    games new-packet-mark=up_p2_interactive_WOW-Silver out-interface=WAN \
    passthrough=no
add action=mark-packet chain=prerouting comment=\
    "Game Server IPs (games) p2_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_interactive_WOW-Silver passthrough=no \
    src-address-list=games
add action=mark-packet chain=postrouting comment=\
    "RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=\
    0-1M dst-port=3389,5900 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=\
    0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=3389,5900
add action=mark-packet chain=prerouting comment=\
    "RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=\
    0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=3389,5900
add action=mark-packet chain=postrouting comment=\
    "Steam (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k dst-port=27000-28999 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Steam (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=27000-27015
add action=mark-packet chain=postrouting comment=\
    "Runes of Magic (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k dst-port=21002,16401-16402,16502 new-packet-mark=\
    up_p2_interactive_wan out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Runes of Magic (games) 0-256k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_wan passthrough=no protocol=udp src-port=\
    21002,16401-16402,16502
add action=mark-packet chain=postrouting comment=\
    "GunZ (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k dst-port=7700-7800 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "GunZ (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=7700-7800
add action=mark-packet chain=prerouting comment=\
    "Trickster Online (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=\
    10006,13339,22006
add action=mark-packet chain=postrouting comment=\
    "Trickster Online (games) 0-128k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=10006,13339,22006 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment=\
    "Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=6112-6119 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=\
    6112-6119
add action=mark-packet chain=postrouting comment=\
    "War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k dst-port=3478-3480,20010-20500 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=3478-3480,20010-20500
add action=mark-packet chain=postrouting comment=\
    "War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k dst-port=5222,7850-7854,7800-7802 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=5222,7850-7854,7800-7802
add action=mark-packet chain=postrouting comment=\
    "Warcraft 3 and WoW 0-128k (games) p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=6112-6119 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Warcraft 3 and WoW 0-512k (games) p2_interactive NO PASSTHROUGH" \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=\
    6112-6119
add action=mark-packet chain=postrouting comment=\
    "World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=1119 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=1119
add action=mark-packet chain=prerouting comment=\
    "World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment=\
    "World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=3724 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "EVE Online (games) 0-512k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=26000
add action=mark-packet chain=postrouting comment=\
    "EVE Online (games) 0-512k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=26000 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=1513 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=1513
add action=mark-packet chain=postrouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=7456 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=7456
add action=mark-packet chain=postrouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=8687 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=8687
add action=mark-packet chain=postrouting comment=\
    "Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=2000,2003 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=2000,2003
add action=mark-packet chain=postrouting comment=\
    "PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=3478,3479,3658 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=\
    3478,3479,3658
add action=mark-packet chain=postrouting comment=\
    "PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=5223 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=5223
add action=mark-packet chain=postrouting comment=\
    "Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 \
    new-packet-mark=up_p2_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=3074
add action=mark-packet chain=postrouting comment=\
    "Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 \
    new-packet-mark=up_p2_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=3074
add action=mark-packet chain=postrouting comment=\
    "Guild Wars (games) 0-1024k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-1024k dst-port=6112,6600 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Guild Wars (games) 0-2048k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-2048k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=\
    6112,6600
add action=mark-packet chain=postrouting comment=\
    "Company of Heroes (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=30260 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Company of Heroes (games) 0-128k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=30260
add action=mark-packet chain=postrouting comment=\
    "Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=11235-11335 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=\
    11235-11335
add action=mark-packet chain=postrouting comment=\
    "Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=11031 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=11031
add action=mark-packet chain=postrouting comment=\
    "AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
    dst-port=28004 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
    in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=28004
add action=mark-packet chain=prerouting comment=\
    "World of Warcraft (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment=\
    "World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=3724 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment=\
    "Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=5223,3074 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=\
    5223,3074
add action=mark-packet chain=postrouting comment=\
    "Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=2005,3074,3075 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=\
    2005,3074,3075
add action=mark-packet chain=postrouting comment=\
    "Steam (codMW2) 0-64k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-64k dst-port=1500,3005,3101,28960 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Steam (codMW2) 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-64k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=1500,3005,3101,28960
add action=mark-packet chain=postrouting comment=\
    "BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18390,18395,13505 \
    new-packet-mark=up_p2_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=18390,18395,13505
add action=mark-packet chain=postrouting comment=\
    "BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18395 \
    new-packet-mark=up_p2_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=18395
add action=mark-packet chain=postrouting comment=\
    "Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k dst-port=7110,7230 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=\
    7230,7110
add action=mark-packet chain=postrouting comment=\
    "Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
    dst-port=64100 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k \
    in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=64100
add action=mark-packet chain=prerouting comment=\
    "UT3 (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=7777,3783
add action=mark-packet chain=postrouting comment=\
    "UT3 (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=7777,3783 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment=\
    "Rift (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=6520-6540 new-packet-mark=up_p2_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Rift (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=6520-6540
add action=mark-packet chain=postrouting comment=\
    "Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=4321,6660-6669,28900,29900,2901 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=udp src-port=4321,6660-6669,28900,29900,2901
add action=mark-packet chain=postrouting comment=\
    "Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=6515,6500,13139,27900 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=6515,6500,13139,27900
add action=mark-packet chain=prerouting comment=\
    "Freelancer (games) 0-256k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-256k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=udp src-port=\
    2302-2304
add action=mark-packet chain=postrouting comment=\
    "Freelancer (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=2302-2304 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "Minecraft (games) 0-512k down p2_interactive NO PASSTHROUGH" \
    connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=25565
add action=mark-packet chain=postrouting comment=\
    "Minecraft (games) 0-128k up p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=25565 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment=\
    "SSH 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
    dst-port=22 new-packet-mark=up_p2_interactive_WOW-Silver out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "SSH 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k \
    in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment=\
    "ICQ p2_interactive NO PASSTHROUGH" dst-port=5190 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "ICQ p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=5190
add action=mark-packet chain=postrouting comment=\
    "MSN p2_interactive NO PASSTHROUGH" dst-port=1863 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "MSN p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=1863
add action=mark-packet chain=postrouting comment=\
    "NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k dst-port=5004 new-packet-mark=\
    up_p2_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment=\
    "NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" \
    connection-rate=0-128k in-interface=WAN new-packet-mark=\
    dn_p2_interactive_WOW-Silver passthrough=no protocol=tcp src-port=5004
add action=mark-packet chain=postrouting comment=\
    "telnet 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k \
    dst-port=23 new-packet-mark=up_p2_interactive_WOW-Silver out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "telnet 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k \
    in-interface=WAN new-packet-mark=dn_p2_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=23
add action=mark-packet chain=postrouting comment=\
    "IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" new-packet-mark=\
    up_p3_interactive_WOW-Silver out-interface=WAN protocol=ipsec-esp
add action=mark-packet chain=prerouting comment=\
    "IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p3_interactive_WOW-Silver protocol=ipsec-esp
add action=mark-packet chain=postrouting comment=\
    "IPSEC-AH - Set for p3_interactive with PASSTHROUGH" new-packet-mark=\
    up_p3_interactive_WOW-Silver out-interface=WAN protocol=ipsec-ah
add action=mark-packet chain=prerouting comment=\
    "IPSEC-AH - Set for p3_interactive with PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p3_interactive_WOW-Silver protocol=ipsec-ah
add action=mark-packet chain=postrouting comment=\
    "IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" dst-port=4500 \
    new-packet-mark=up_p3_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p3_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=4500
add action=mark-packet chain=postrouting comment="This will match Hulu and sim\
    ilar streams - p6_interactive NO PASSTHROUGH" dst-port=1935 \
    new-packet-mark=up_p6_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="This will match Hulu and simi\
    lar streams - p6_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p6_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=1935
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming pr\
    otocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 \
    new-packet-mark=up_p6_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming pro\
    tocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p6_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=554
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming pr\
    otocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 \
    new-packet-mark=up_p6_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming pro\
    tocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p6_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=554
add action=mark-packet chain=postrouting comment=\
    "Pop3 - Set at p4_interactive with NO PASSTHROUGH" dst-port=110 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Pop3 - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=110
add action=mark-packet chain=postrouting comment=\
    "SMTP traffic will be p4_interactive by default NO PASSTHROUGH " \
    dst-port=25 new-packet-mark=up_p4_interactive_WOW-Silver out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "SMTP traffic will be p4_interactive by default NO PASSTHROUGH " \
    in-interface=WAN new-packet-mark=dn_p4_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=postrouting comment=\
    "Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" dst-port=465 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" in-interface=\
    WAN new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=\
    tcp src-port=465
add action=mark-packet chain=postrouting comment=\
    "Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" dst-port=485 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=485
add action=mark-packet chain=postrouting comment=\
    "IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=993 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=\
    WAN new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=\
    tcp src-port=993
add action=mark-packet chain=postrouting comment=\
    "IMAP - Set at p4_interactive with NO PASSTHROUGH" dst-port=143 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "IMAP - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=143
add action=mark-packet chain=postrouting comment=\
    "POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=995 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=\
    WAN new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=\
    tcp src-port=995
add action=mark-packet chain=postrouting comment=\
    "Subversion - Set at p4_interactive with NO PASSTHROUGH" dst-port=3690 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Subversion - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=3690
add action=mark-packet chain=postrouting comment=\
    "SNMP set at p4_interactive NO PASSTHROUGH" dst-port=161 new-packet-mark=\
    up_p4_interactive_WOW-Silver out-interface=WAN passthrough=no protocol=\
    udp
add action=mark-packet chain=prerouting comment=\
    "SNMP set at p4_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=161
add action=mark-packet chain=postrouting comment=\
    "OpenVPN set at p4_interactive NO PASSTHROUGH" dst-port=1194 \
    new-packet-mark=up_p4_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=\
    "OpenVPN set at p4_interactive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p4_interactive_WOW-Silver passthrough=no protocol=udp \
    src-port=1194
add action=mark-packet chain=postrouting comment=\
    "Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=\
    0-128k dst-port=27014-27050 new-packet-mark=up_p4_interactive_WOW-Silver \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=\
    0-128k in-interface=WAN new-packet-mark=dn_p4_interactive_WOW-Silver \
    passthrough=no protocol=tcp src-port=27014-27050
add action=mark-packet chain=postrouting comment=\
    "Steam (downloads) p2_noninteractive NO PASSTHROUGH" dst-port=27014-27050 \
    new-packet-mark=up_p2_noninteractive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "Steam (downloads) p2_noninteractive NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p2_noninteractive_WOW-Silver passthrough=no protocol=\
    tcp src-port=27014-27050
add action=mark-packet chain=postrouting comment=\
    "NNTP is set at p7_noninteractive, NO PASSTHROUGH" dst-port=119 \
    new-packet-mark=up_p7_noninteractive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "NNTP is set at p7_noninteractive, NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p7_noninteractive_WOW-Silver passthrough=no protocol=\
    tcp src-port=119
add action=mark-packet chain=postrouting comment=\
    "NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" dst-port=433 \
    new-packet-mark=up_p7_noninteractive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=\
    "NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" in-interface=WAN \
    new-packet-mark=dn_p7_noninteractive_WOW-Silver passthrough=no protocol=\
    tcp src-port=433
add action=mark-packet chain=prerouting comment=\
    "http download will be treated as dn_p3_interactive" in-interface=WAN \
    new-packet-mark=dn_p3_interactive_WOW-Silver passthrough=no protocol=tcp \
    src-port=80,443,8080
add action=mark-packet chain=postrouting comment=\
    "http upload will be treated as up_p3_interactive" dst-port=80,443,8080 \
    new-packet-mark=up_p3_interactive_WOW-Silver out-interface=WAN \
    passthrough=no protocol=tcp
add action=log chain=notes comment="End QoS tree"
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.88.0/24 to-addresses=\
    0.0.0.0
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet disabled=yes
/ip upnp
set enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=WAN type=external
add interface=LAN type=internal
/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=WoW
/ipv6 firewall filter
add chain=input connection-state=related
add chain=input connection-state=established
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=input dst-port=546 protocol=udp
add chain=input protocol=icmpv6
add chain=forward protocol=icmpv6
add action=drop chain=input
add action=drop chain=forward
/ipv6 nd
set [ find default=yes ] advertise-dns=yes other-configuration=yes
/system clock
set time-zone-autodetect=no time-zone-name=America/Chicago
/system identity
set name=house-router
/system ntp client
set enabled=yes primary-ntp=50.22.155.163 secondary-ntp=54.243.43.180
[admin@house-router] > 
 
User avatar
pukkita
Trainer
Trainer
Posts: 3037
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Issues with PCQ not kicking in

Thu Dec 24, 2015 12:57 pm

That setup is thought for residential use, its clearly stated on the blog entry. Is it highly inefficient for a provider QoS.

It seems as the QoS is giving priority to game servers, a download from one of such servers is not being assigned to non-interactive traffic.

Have a look at http://mum.mikrotik.com/presentations/IT14/giordano.pdf and try to build your own QoS; start simple, and once you get the hang of it, add features... you can create a "class" for gaming and use a similar approach by using ports and server's ips used by games.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Re: Issues with PCQ not kicking in

Thu Dec 24, 2015 4:46 pm

/queue simple
add burst-limit=5M/30M burst-threshold=1M/10M burst-time=5s/30s disabled=yes \
max-limit=1M/10M name=pcq-queue queue=\
pcq-upload-default/pcq-download-default target=192.168.88.0/24 \
total-queue=default

I deleted everything, and went to the very most simple design I could.

the above is what I was running.

This stopped almost everything down to 1MB/s or less, mostly less. Clients saw 5-10s delays on simple web pages, and some iOS clients couldn't even connect to things for a while. I'm not 100% certain, but even a printer on the local network took forever to get a print job, and until I disabled that queue wouldn't print.

I seem to be misreading something, because this doesn't seem to work like the presentations and manual indicate. It is not splitting up my bandwidth between each user, but halting almost all traffic.

i have a hotspot in AP Bridge mode between the internet connected 2011 and this device. Would that need some type of queuing as well?

Who is online

Users browsing this forum: Bing [Bot], tamtran2209 and 128 guests