This is my script, applicable to the Internet cafe, can well control online games and web surfing and P2P download. If you to me script there are problems or Suggestions, can back to me and I will be very happy. Thank you! My MSN is jq1018@live.cn.
Code: Select all
# jan/28/2011 20:15:08 by RouterOS 2.9.27-4.X
# 给力2011 代号“神马” ︶ㄣprince
#
/ ip firewall address-list
add list="client address" address=192.168.0.0/22 comment="" disabled=no
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 \
comment="change MSS" disabled=no
add chain=forward action=change-ttl new-ttl=set:128 comment="Prevent secondary \
routing" disabled=no
add chain=forward dst-address=192.168.0.0/22 action=change-ttl new-ttl=set:0 \
comment="" disabled=no
add chain=prerouting src-address=192.168.0.232 action=mark-connection \
new-connection-mark=Server_Conn passthrough=yes comment="Server_Conn" \
disabled=no
add chain=prerouting src-address=192.168.0.208 action=mark-connection \
new-connection-mark=Server_Conn passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.207 action=mark-connection \
new-connection-mark=Server_Conn passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=LAN connection-mark=Server_Conn \
action=mark-packet new-packet-mark=Server_Down passthrough=no comment="" \
disabled=no
add chain=forward out-interface=LAN connection-mark=Server_Conn \
action=mark-packet new-packet-mark=Server_Up passthrough=no comment="" \
disabled=no
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=TOS1 passthrough=yes comment="Ping" disabled=no
add chain=prerouting protocol=tcp src-port=53 action=mark-connection \
new-connection-mark=TOS1 passthrough=yes comment="DNS_TCP" disabled=no
add chain=prerouting protocol=udp src-port=53 action=mark-connection \
new-connection-mark=TOS1 passthrough=yes comment="DNS_UDP" disabled=no
add chain=postrouting connection-mark=TOS1 src-address-list="client address" \
action=mark-packet new-packet-mark=TOS1_Up passthrough=no comment="" \
disabled=no
add chain=prerouting connection-mark=TOS1 action=mark-packet \
new-packet-mark=TOS1 passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp src-port=80 connection-bytes=500000-0 \
action=mark-connection new-connection-mark=down_conn passthrough=yes \
comment="Down_Conn" disabled=no
add chain=prerouting protocol=udp src-port=7000 action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.7z action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.avi action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.exe action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.f4v action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.flv action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.iso action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.mov action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.mp3 action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.mp4 action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.mpg action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.pdf action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.rar action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.rmvb action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.rm action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.wav action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.wma action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.zip action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.3gp action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=21 action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="FTP" disabled=no
add chain=prerouting protocol=tcp src-port=22 packet-size=1400-1500 \
action=mark-connection new-connection-mark=down_conn passthrough=yes \
comment="SFTP" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=down_conn passthrough=yes comment="Peer to Peer" \
disabled=no
add chain=postrouting connection-mark=down_conn src-address-list="client \
address" action=mark-packet new-packet-mark=Download_Up passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=down_conn action=mark-packet \
new-packet-mark=Download passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="Online Game \
Services" disabled=no
add chain=prerouting protocol=tcp dst-port=1119 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3724 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=4000 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=6000-6004 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6112 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6299 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6501-6620 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=10060-12190 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8000-8022 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7100-7200 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7341-7351 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7777 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=9090-9100 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=10000-10100 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=12000-12995 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=13735 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=14300-14600 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=15001-15010 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=25505-25530 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27005-27030 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=31414 action=mark-connection \
new-connection-mark=Port_Conn passthrough=yes comment="" disabled=no
add chain=postrouting connection-mark=Port_Conn src-address-list="client \
address" action=mark-packet new-packet-mark=Games_Up passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=Port_Conn action=mark-packet \
new-packet-mark=Games passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp src-port=80 connection-bytes=0-500000 \
action=mark-connection new-connection-mark=http_conn passthrough=yes \
comment="Http_Conn" disabled=no
add chain=prerouting content=.jpg action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.jsp action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.cgi action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.swf action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.js action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.htm action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.html action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.asp action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.aspx action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting content=.php action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=23 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=22 packet-size=0-1400 \
action=mark-connection new-connection-mark=http_conn passthrough=yes \
comment="" disabled=no
add chain=postrouting connection-mark=http_conn src-address-list="client \
address" action=mark-packet new-packet-mark=HTTP_Up passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=HTTP passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=no_mark \
passthrough=yes comment="Unmarked Traffic" disabled=no
add chain=postrouting connection-mark=no_mark src-address-list="client \
address" action=mark-packet new-packet-mark=Unmarked_Up passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=no_mark action=mark-packet \
new-packet-mark=Unmarked passthrough=no comment="" disabled=no
/ queue type
add name="client-up" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=10000
add name="client-down" kind=pcq pcq-rate=4000000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=10000
add name="Down" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name="up" kind=pcq pcq-rate=500000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name="Server_Down" kind=pcq pcq-rate=5000000 pcq-limit=30 \
pcq-classifier=dst-address pcq-total-limit=1000
add name="Server_Up" kind=pcq pcq-rate=3000000 pcq-limit=30 \
pcq-classifier=src-address pcq-total-limit=1000
/ queue tree
add name="upload" parent=global-out packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Priority" parent=global-in packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Lowest Priority" parent=Priority packet-mark=Download \
limit-at=256000 queue=client-down priority=8 max-limit=15000000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="Priority 1" parent=Priority packet-mark=TOS1 limit-at=0 \
queue=client-down priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 2" parent=Priority packet-mark=Games limit-at=0 \
queue=client-down priority=2 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 3" parent=Priority packet-mark=HTTP limit-at=0 \
queue=client-down priority=3 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 6" parent=Priority packet-mark=Unmarked limit-at=0 \
queue=client-down priority=6 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 6_Up" parent=upload packet-mark=Unmarked_Up limit-at=0 \
queue=client-up priority=6 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Lowest Priority_Up" parent=upload packet-mark=Download_Up \
limit-at=128000 queue=up priority=8 max-limit=10000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="Priority 2_Up" parent=upload packet-mark=Games_Up limit-at=0 \
queue=client-up priority=2 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 3_Up" parent=upload packet-mark=HTTP_Up limit-at=0 \
queue=client-up priority=3 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 1_Up" parent=upload packet-mark=TOS1_Up limit-at=0 \
queue=client-up priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Priority 7" parent=Priority packet-mark=Server_Down limit-at=512000 \
queue=Server_Down priority=7 max-limit=8000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="Priority 7_Up" parent=upload packet-mark=Server_Up limit-at=512000 \
queue=Server_Up priority=7 max-limit=8000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
