source: viewtopic.php?t=49106
Seeing that each match criteria in a rule is a process... is there an order for each match criteria? for example: if the first thing to compare is "mark-connection", then the rest of the match criteria that the rule has, I do not care for the packages that do not comply with this mark-connection... it is right?/ip firewall mangle
add protocol=tcp dst-port=80 src-address=1.1.1.0/24 out-interface=WAN chain=forward action=mark-packet new-packet-mark=test
add protocol=tcp src-port=80 dst-address=1.1.1.0/24 in-interface=WAN chain=forward action=mark-packet new-packet-mark=test
That would mark all packet that are HTTP traffic between hosts on the 1.1.1.0/24 network and web servers with the packet mark 'test'. However, for each and every single packet you would have to do a lot of work. Is this packet TCP? Yes. Is it going to destination port 80? Yes. Is the source address within 1.1.1.0/24? Yes. Is it going out the WAN interface? No. Oh. OK. Is it a TCP packet? Yes. Is it sourced from port 80? Yes. And so on. Every packet that is traffic to a webserver would require four comparisons, every packet that is traffic from a webserver would require 8 comparions, and every packet that doesn't fit either would also require 8 comparisons, plus whatever happens afterward.