Hi guys, im trying to setup a transparent Layer 7 shaper based on the config here:
http://wiki.mikrotik.com/wiki/Basic_tra ... _protocols

ether 1 (wan) and ether 2 (Lan) are bridged.

I think i may be having issue with the mangle rules...

I have my queue tree rules setup like this:

Main in 8m 7m parent=global in
-priority1_in
---some stuff
-priority2_in
--- some other stuff
Main out 2m 2m parent=global out
-priority1_out
--- some stuff
-priority2_out
--- some other stuff

I seem to be stuck with 2m both ways, it is not falling into the right category for download. its all upload.

I have tried running my mangles with the in and out interfaces as ether 1, bridge1, and also with no in or out interface specified. doesn't seem to matter.

here is an example mangle the way i think it should be for my application:

/ip firewall mangle
add action=mark-packet chain=prerouting comment=100bao_p2p disabled=no \
in-interface=bridge1 layer7-protocol=100bao new-packet-mark=100bao_p2p_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=100bao new-packet-mark=100bao_p2p_out out-interface=bridge1 \

What do you guys think? Is what im doing not possible in a bridge?

This guide here has similar rules, but is using simple queues instead of queue tree's to actually throttle aggrigate data:
http://wiki.mikrotik.com/wiki/TransparentTrafficShaper


can i not use queue tree for this in bridge mode?

Using an exact copy of the guide here: http://wiki.mikrotik.com/wiki/Basic_tra ... _protocols with the two ethernet interfaces used in a bridge doesn't work at all... it doesn't throttle squat.


Here is my config, it sort of works, but it limits all traffic to the upload limit of 2meg for some reason.


/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1524 max-message-age=20s \
mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:BC:2D \
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:BC:2E \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:BC:2F \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:BC:30 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:BC:31 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
switch-all-ports=yes
/ip firewall layer7-protocol
add comment="" name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\
\15\16\18\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\
\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add comment="" name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^\
get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add comment="" name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
\$"
add comment="" name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add comment="" name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect\
/[012]\\.[0-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
..................\?lime)"
add comment="" name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
\n"
add comment="" name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add comment="" name=shoutcast regexp=\
"icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add comment="" name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?\
][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01\
-\10\1C][\01\03\04\FF]"
add comment="" name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add comment="" name=poco regexp="^\80\94\
\n\01....\1F\9E"
add comment="" name=ciscovpn regexp="^\01\F4\01\F4"
add comment="" name=x11 regexp="^[lb].\?\0B"
add comment="" name=xboxlive regexp="^X\80........\F3|^\06XN"
add comment="" name=applejuice regexp="^ajprot\r\
\n"
add comment="" name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add comment="" name=live365 regexp=membername.*session.*player
add comment="" name=rlogin regexp=\
"^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add comment="" name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\
\r -~]*(connection:|content-type:|content-length:|date:)|post [\t-\r -~]* \
http/[01]\\.[019]"
add comment="" name=sip regexp=\
"^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add comment="" name=pop3 regexp="^(\\+ok |-err )"
add comment="" name=smb regexp="\FFsmb[r%]"
add comment="" name=quake1 regexp="^\80\0C\01quake\03"
add comment="" name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
\n.[\01\02\03][\01-\
\n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~\
]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
\n\$"
add comment="" name=mute regexp=\
"^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add comment="" name=ssh regexp="^ssh-[12]\\.[0-9]"
add comment="" name=jabber regexp=\
"<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add comment="" name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get\
/scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
add comment="" name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add comment="" name=tls regexp=\
"^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add comment="" name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add comment="" name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A\
-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]\
[A-P][A-P][A-P][A-P]"
add comment="" name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add comment="" name=subspace regexp="^\01....\11\10........\01\$"
add comment="" name=hotline regexp="^....................TRTPHOTL\01\02"
add comment="" name=doom3 regexp="^\FF\FFchallenge"
add comment="" name=ftp regexp="^220[\t-\r -~]*ftp"
add comment="" name=kugoo regexp="^1..\8E"
add comment="" name=tsp regexp=\
"^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add comment="" name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add comment="" name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~\
]*ssdp:(alive|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssd\
p:discover"
add comment="" name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add comment="" name=ares regexp="^\03[]Z].\?.\?\05\$"
add comment="" name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]\
|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|u\
ser-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xfer\
uid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add comment="" name=qq regexp="^.\?\02.+\03\$"
add comment="" name=100bao regexp="^\01\01\05\
\n"
add comment="" name=aim regexp=\
"^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add comment="" name=unknown regexp=.
add comment="" name=msn-filetransfer regexp=\
"^(ver [ -~]*msnftp\r\
\nver msnftp\r\
\nusr|method msnmsgr:)"
add comment="" name=yahoo regexp=\
"^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add comment="" name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\
\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|g\
te cybertrust root|entrust\\.net limited)"
add comment="" name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?\
.\?.\?.\?.\?.\?.\?[\C6-\FF])"
add comment="" name=gnucleuslan regexp=\
"gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add comment="" name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
\n\$"
add comment="" name=bgp regexp=\
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add comment="" name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add comment="" name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add comment="" name=h323 regexp=\
"^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add comment="" name=finger regexp=\
"^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add comment="" name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\
\t-\r]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
\n|[\r\
\n])\?\$"
add comment="" name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
\n\$"
add comment="" name=hddtemp regexp=\
"^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add comment="" name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\
\01\03].*\05[\01-\08]\?[\01\03]"
add comment="" name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add comment="" name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add comment="" name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add comment="" name=ipp regexp=ipp://
add comment="" name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~\
]*cvr0\r\
\n\$|usr 1 [!-~]+ [0-9. ]+\r\
\n\$|ans 1 [!-~]+ [0-9. ]+\r\
\n\$"
add comment="" name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -\
~]*:[\02-\r -~]*nick[\t-\r -~]*\r\
\n)"
add comment="" name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\
\t[a-z0-9.]*\\.[a-z][a-z].\?.\?\t[1-9]"
add comment="" name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add comment="" name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\
\?\02\01.\?\02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add comment="" name=nntp regexp=\
"^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add comment="" name=aimwebcontent regexp=user-agent:aim/
add comment="" name=rtsp regexp="rtsp/1.0 200 ok"
add comment="" name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\
\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\
\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\
\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\
\?.\?.\?.\?.\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add comment="" name=skypetoskype regexp="^..\02............."
add comment="" name=counterstrike-source regexp=\
"^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add comment="" name=halflife2-deathmatch regexp=\
"^\FF\FF\FF\FF.*hl2mpDeathmatch"
add comment="" name=freenet regexp="^\01[\08\t][\03\04]"
add comment="" name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\
\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add comment="" name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\
\?[0-9]\?[0-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]\
+\")"
add comment="" name=soulseek regexp=\
"^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add comment="" name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add comment="" name=ssl regexp=\
"^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add comment="" name=citrix regexp="2&\85\92X"
add comment="" name=whois regexp="^[ !-~]+\r\
\n\$"
add comment="" name=dayofdefeat-source regexp=\
"^\FF\FF\FF\FF.*dodDay of Defeat"
add comment="" name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add comment="" name=worldofwarcraft regexp="^\06\EC\01"
add comment="" name=ventrilo regexp="^..\?v\\\$\CF"
add comment="" name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-r\
tsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=contro\
l:rtsp://)"
add comment="" name=thecircle regexp=\
"^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add comment="" name=uucp regexp="^\10here="
add comment="" name=pcanywhere regexp="^(nq|st)\$"
add comment="" name=subversion regexp="^\\( success \\( 1 2 \\("
add comment="" name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>.............\
...................</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\
\r -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\
\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\
.\?\02(\01|\02)\83)"
add comment="" name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add comment="" name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
\n"
add comment="" name=stun regexp="^[\01\02]................\?\$"
add comment="" name=tor regexp=TOR1.*<identity>
add comment="" name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add comment="" name=unset regexp=.
add comment="" name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
\n\$"
add comment="" name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.\
9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add comment="" name=armagetron regexp=YCLC_E|CYEL
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=6M name=Main_in parent=global-total priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2M name=Main_out parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority1_in parent=Main_in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority2_in parent=Main_in priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority3_in parent=Main_in priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority4_in parent=Main_in priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority5_in parent=Main_in priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority6_in parent=Main_in priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority7_in parent=Main_in priority=7
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority8_in parent=Main_in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority1_out parent=Main_out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority2_out parent=Main_out priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority3_out parent=Main_out priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority4_out parent=Main_out priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority5_out parent=Main_out priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority6_out parent=Main_out priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority7_out parent=Main_out priority=7
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority8_out parent=Main_out priority=8
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4 \
max-limit=6M name=Main_in parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=Main_out parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority1_in parent=Main_in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority2_in parent=Main_in priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority3_in parent=Main_in priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority4_in parent=Main_in priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority5_in parent=Main_in priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority6_in parent=Main_in priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority7_in parent=Main_in priority=7
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority8_in parent=Main_in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority1_out parent=Main_out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority2_out parent=Main_out priority=2
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority3_out parent=Main_out priority=3
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority4_out parent=Main_out priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority5_out parent=Main_out priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority6_out parent=Main_out priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority7_out parent=Main_out priority=7
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority8_out parent=Main_out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=remaining_in packet-mark=remaining_in parent=\
Priority8_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=remaining_out packet-mark=remaining_out parent=\
Priority8_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=100bao_p2p_in packet-mark=100bao_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesanger_in packet-mark=aim_mesanger_in parent=\
Priority6_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesenger_web_in packet-mark=aim_mesenger_web_in \
parent=Priority6_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=applejuice_in packet-mark=applejuice_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ares_p2p_in packet-mark=ares_p2p_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_in packet-mark=http_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bittorent_in packet-mark=bittorent_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=dhcp_in packet-mark=dhcp_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DC_p2p_in packet-mark=DC_p2p_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DNS_in packet-mark=DNS_in parent=Priority1_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=edonkey_p2p_in packet-mark=edonkey_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=fasttrack_p2p_in packet-mark=fasttrack_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ftp_in packet-mark=ftp_in parent=Priority5_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnu_p2p_in packet-mark=gnu_p2p_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnutella_p2p_in packet-mark=gnutella_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gobogy_p2p_in packet-mark=gobogy_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=h323_voiceoverip_in packet-mark=h323_voiceoverip_in \
parent=Priority4_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=httprtsp_in packet-mark=httprtsp_in parent=Priority5_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ident_in packet-mark=ident_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imap_in packet-mark=imap_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imesh_p2p_in packet-mark=imesh_p2p_in parent=\
Priority7_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=irc_in packet-mark=irc_in parent=Priority5_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msnfile_in packet-mark=msnfile_in parent=Priority6_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=mute_p2p_in packet-mark=mute_p2p_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=napster_in packet-mark=napster_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=netbios_in packet-mark=netbios_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=nntp_in packet-mark=nntp_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=radmin_in packet-mark=radmin_in parent=Priority4_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ntp_in packet-mark=ntp_in parent=Priority2_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rdp_in packet-mark=rdp_in parent=Priority4_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rtsp_in packet-mark=rtsp_in parent=Priority6_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip_in packet-mark=sip_in parent=Priority4_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skypeout_in packet-mark=skypeout_in parent=Priority5_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skype2skype_in packet-mark=skype2skype_in parent=\
Priority5_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=pop3_in packet-mark=pop3_in parent=Priority5_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=smtp_in packet-mark=smtp_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=snmp_in packet-mark=snmp_in parent=Priority2_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=soulsek_in packet-mark=soulsek_in parent=Priority7_in \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssh_in packet-mark=ssh_in parent=Priority3_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssl_in packet-mark=ssl_in parent=Priority2_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=vnc_in packet-mark=vnc_in parent=Priority4_in priority=1 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=teamspeak_in packet-mark=teamspeak_in parent=\
Priority4_in priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=100bao_p2p_out packet-mark=100bao_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesanger_out packet-mark=aim_mesanger_out parent=\
Priority6_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=aim_mesenger_web_out packet-mark=aim_mesenger_web_out \
parent=Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ares_p2p_out packet-mark=ares_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bgp_routing_out packet-mark=bgp_routing_out parent=\
Priority2_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bittorent_out packet-mark=bittorent_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=dhcp_out packet-mark=dhcp_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DC_p2p_out packet-mark=DC_p2p_out parent=Priority7_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=DNS_out packet-mark=DNS_out parent=Priority1_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=edonkey_p2p_out packet-mark=edonkey_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=fasttrack_p2p_out packet-mark=fasttrack_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ftp_out packet-mark=ftp_out parent=Priority5_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnu_p2p_out packet-mark=gnu_p2p_out parent=Priority7_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gnutella_p2p_out packet-mark=gnutella_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=gobogy_p2p_out packet-mark=gobogy_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=h323_voiceoverip_out packet-mark=h323_voiceoverip_out \
parent=Priority4_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=httprtsp_out packet-mark=httprtsp_out parent=\
Priority5_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_out packet-mark=http_out parent=Priority3_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ident_out packet-mark=ident_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imap_out packet-mark=imap_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=imesh_p2p_out packet-mark=imesh_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=irc_out packet-mark=irc_out parent=Priority4_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=koogo_out packet-mark=koogo_out parent=Priority7_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msnfile_out packet-mark=msnfile_out parent=Priority6_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msn_out packet-mark=msn_out parent=Priority5_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=mute_p2p_out packet-mark=mute_p2p_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=napster_out packet-mark=napster_out parent=Priority7_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=netbios_out packet-mark=netbios_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=nntp_out packet-mark=nntp_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ntp_out packet-mark=ntp_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=radmin_out packet-mark=radmin_out parent=Priority4_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rdp_out packet-mark=rdp_out parent=Priority4_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=rtsp_out packet-mark=rtsp_out parent=Priority5_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip_out packet-mark=sip_out parent=Priority4_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skypeout_out packet-mark=skypeout_out parent=\
Priority5_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=skype2skype_out packet-mark=skype2skype_out parent=\
Priority5_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=pop3_out packet-mark=pop3_out parent=Priority4_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=smtp_out packet-mark=smtp_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=snmp_out packet-mark=snmp_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=soulsek_out packet-mark=soulsek_out parent=Priority7_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssh_out packet-mark=ssh_out parent=Priority3_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ssl_out packet-mark=ssl_out parent=Priority2_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=vnc_out packet-mark=vnc_out parent=Priority5_out \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=teamspeak_out packet-mark=teamspeak_out parent=\
Priority5_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=applejuice_out packet-mark=applejuice_out parent=\
Priority7_out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=msn_in packet-mark=msn_in parent=Priority5_in priority=1 \
queue=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
backbone type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
,test,winbox,password,web,sniff,sensitive"
/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=\
0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/interface ethernet switch port
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:3C:68:F4:CA:F1 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=139.142.167.151/32 broadcast=139.142.167.151 comment="" disabled=\
no interface=ether3 network=139.142.167.151
/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=yes \
interface=ether3 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=192.168.8.1,4.2.2.3
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-packet chain=prerouting comment=100bao_p2p disabled=no \
in-interface=bridge1 layer7-protocol=100bao new-packet-mark=100bao_p2p_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=100bao new-packet-mark=100bao_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="aim mesenger" disabled=no \
in-interface=bridge1 layer7-protocol=aim new-packet-mark=aim_mesanger_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=aim new-packet-mark=aim_mesanger_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=aim_messenger_web disabled=no \
in-interface=bridge1 layer7-protocol=aimwebcontent new-packet-mark=\
aim_mesenger_web_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=aimwebcontent new-packet-mark=aim_mesenger_web_out \
out-interface=bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=applejuice_p2p disabled=no \
in-interface=bridge1 layer7-protocol=applejuice new-packet-mark=\
applejuice_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=applejuice new-packet-mark=applejuice_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=ares_p2p disabled=no \
in-interface=bridge1 layer7-protocol=ares new-packet-mark=ares_p2p_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ares new-packet-mark=ares_p2p_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=bgp_routing disabled=no \
in-interface=bridge1 layer7-protocol=bgp new-packet-mark=bgp_routing_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=bgp new-packet-mark=bgp_routing_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=bittorent_p2p disabled=no \
in-interface=bridge1 layer7-protocol=bittorrent new-packet-mark=\
bittorent_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=bittorrent new-packet-mark=bittorent_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=dhcp disabled=no \
in-interface=bridge1 layer7-protocol=dhcp new-packet-mark=dhcp_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=dhcp new-packet-mark=dhcp_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Direct Connect - P2P filesharing " disabled=no in-interface=bridge1 \
layer7-protocol=directconnect new-packet-mark=DC_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=directconnect new-packet-mark=DC_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="DNS - Domain Name System " \
disabled=no in-interface=bridge1 layer7-protocol=dns new-packet-mark=\
DNS_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=dns new-packet-mark=DNS_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"eDonkey2000 - P2P filesharing " disabled=no in-interface=bridge1 \
layer7-protocol=edonkey new-packet-mark=edonkey_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=edonkey new-packet-mark=edonkey_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=\
"FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)" \
disabled=no in-interface=bridge1 layer7-protocol=fasttrack \
new-packet-mark=fasttrack_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=fasttrack new-packet-mark=fasttrack_p2p_out \
out-interface=bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=\
"FTP - File Transfer Protocol " disabled=no in-interface=bridge1 \
layer7-protocol=ftp new-packet-mark=ftp_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ftp new-packet-mark=ftp_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment="GnucleusLAN - LAN-only P2P " \
disabled=no in-interface=bridge1 layer7-protocol=gnucleuslan \
new-packet-mark=gnu_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=gnucleuslan new-packet-mark=gnu_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="Gnutella - P2P filesharing" \
disabled=no in-interface=bridge1 layer7-protocol=gnutella \
new-packet-mark=gnutella_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=gnutella new-packet-mark=gnutella_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=\
"GoBoogy - a Korean P2P protocol" disabled=no in-interface=bridge1 \
layer7-protocol=goboogy new-packet-mark=gobogy_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=goboogy new-packet-mark=gobogy_p2p_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="H.323 - Voice over IP" \
disabled=no in-interface=bridge1 layer7-protocol=h323 new-packet-mark=\
h323_voiceoverip_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=h323 new-packet-mark=h323_voiceoverip_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="RTSP tunneled within HTTP" \
disabled=no in-interface=bridge1 layer7-protocol=http-rtsp \
new-packet-mark=httprtsp_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=http-rtsp new-packet-mark=httprtsp_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment=\
"www HyperText Transfer Protocol " disabled=no in-interface=bridge1 \
layer7-protocol=http new-packet-mark=http_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=http new-packet-mark=http_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Ident - Identification Protocol - RFC 1413" disabled=no in-interface=\
bridge1 layer7-protocol=ident new-packet-mark=ident_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ident new-packet-mark=ident_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"IMAP - Internet Message Access Protocol (A common e-mail protocol)" \
disabled=no in-interface=bridge1 layer7-protocol=imap new-packet-mark=\
imap_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=imap new-packet-mark=imap_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"iMesh - the native protocol of iMesh, a P2P application " disabled=no \
in-interface=bridge1 layer7-protocol=imesh new-packet-mark=imesh_p2p_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=imesh new-packet-mark=imesh_p2p_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment="IRC - Internet Relay Chat" \
disabled=no in-interface=bridge1 layer7-protocol=irc new-packet-mark=\
irc_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=irc new-packet-mark=irc_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"KuGoo - a Chinese P2P program " disabled=no in-interface=bridge1 \
layer7-protocol=kugoo new-packet-mark=koogo_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=kugoo new-packet-mark=koogo_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"MSN (Micosoft Network) Messenger file transfers " disabled=no \
in-interface=bridge1 layer7-protocol=msn-filetransfer new-packet-mark=\
msnfile_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=msn-filetransfer new-packet-mark=msnfile_out \
out-interface=bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="MSN Messenger " disabled=no \
in-interface=bridge1 layer7-protocol=msnmessenger new-packet-mark=msn_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=msnmessenger new-packet-mark=msn_out out-interface=\
bridge1 passthrough=yes
add action=mark-packet chain=prerouting comment="MUTE - P2P filesharing " \
disabled=no in-interface=bridge1 layer7-protocol=mute new-packet-mark=\
mute_p2p_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=mute new-packet-mark=mute_p2p_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment="Napster - P2P filesharing" \
disabled=no in-interface=bridge1 layer7-protocol=napster new-packet-mark=\
napster_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=napster new-packet-mark=napster_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"NetBIOS - Network Basic Input Output System" disabled=no in-interface=\
bridge1 layer7-protocol=netbios new-packet-mark=netbios_in passthrough=\
yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=netbios new-packet-mark=netbios_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"NNTP - Network News Transfer Protocol " disabled=no in-interface=bridge1 \
layer7-protocol=nntp new-packet-mark=nntp_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=nntp new-packet-mark=nntp_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"SNTP - (Simple) Network Time Protocol " disabled=no in-interface=bridge1 \
layer7-protocol=ntp new-packet-mark=ntp_in passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
layer7-protocol=ntp new-packet-mark=ntp_out out-interface=bridge1 \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Remote Administrator - remote desktop for MS Windows" disabled=no \
in-interface=bridge1 layer7-protocol=radmin new-packet-mark=radmin_in \
passthrough=yes
add action=mark-packet chain=postrouting comment="" disabled=no \
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=all memory-limit=10 memory-scroll=no only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

bump

was on 4.17, ive just upgraded to the latest version of ROS 5.

Ok i think i understand the symptom a little better.

whatever i set the max limit to on the main_out queue (parent=global out), it applies that limit to both main-in and main-out.

when i fire up a speedtest and watch the queue, I can see both main-in(global-in) and main-out(global-out) registering the same traffic at the same time.

So, im thinking it probably isn't the mangle rules that are farged.... its the Queue tree.

So the real question is why both queues are activated when one has a perent of global-in and the other has a parent of global-out?

Because global-out fires when the packets leave the router (after all, global-out sees all egress packets by design), and global-in fires when the packets come into the router (after all, global-in sees all ingress packets by design).

Use interface HTBs instead and assign interfaces as queue tree parents at the root. Interface HTBs only see egress packets leaving through that specific interface.

Thank you for the response.

I tried assigning the bridge, without any success, it just did not throttle at all. according to the queue trere it was like the traffic wasnt even there. when i tried setting both parent queues to ether 1, the download was not throttled, but the upload was.

Ok now we are getting somewhere, I thought about what you said and looked at the testing done so far and decided to put the download main queue with a parent of global_in and the upload queue of Ether 1. And i am now seeing proper speed throttleing of both download AND upload. BUT,

during download download queue registers 6meg. during upload test i see 2meg in the download queue AND the upload queue. and all traffic is being classified as "other" now.

My mangle rules are using the bridge as the in/out interface.

suggestions?

I removed

action=mark-packet chain=prerouting comment="Everything else that remains" in-interface=bridge1 new-packet-mark=remaining_in passthrough=no

and
action=mark-packet chain=postrouting new-packet-mark=remaining_out out-interface=bridge1 passthrough=no

and the traffic is being classified as http again like its supposed to.... I guess the "mark traffic as other" mangle rule is broken.

Still seeing download in the download queue and upload in both tho.

bump, any yall got a suggestion that can help clear this last hurdle?

bump

bump! Is this even really a problem? so long as my uploads are less than my downloads it should trottle speeds proper... im concearned about cpu usage being doubled if its in both queues tho. Is this something i should be concearned about?

bump

Ok so the trick here is that since I am transparently bridged, my mangle rules cannot use the bridge interface ethernet interfaces. I have to use src and dst IP addresses.

For example:

36 ;;; www HyperText Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=http_in
passthrough=yes dst-address=10.0.0.0/22 layer7-protocol=http

37 chain=postrouting action=mark-packet new-packet-mark=http_out
passthrough=yes src-address=10.0.0.0/22 layer7-protocol=http

Seems like a dumb mistake after i looked at the routeros diagram. Oh well, thanks to mikrotik support for getting me sorted!

any ideas why it would work with

36 ;;; www HyperText Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=http_in
passthrough=yes dst-address=10.0.0.0/22 layer7-protocol=http

but not address lists?

30 ;;; www HyperText Transfer Protocol
chain=prerouting action=mark-packet new-packet-mark=http_in
passthrough=yes dst-address-list=10.0.0.0/22, 192.168.0.0/22
layer7-protocol=http

Because that's not how address lists work.
http://wiki.mikrotik.com/wiki/Manual:IP ... dress_list
Make a named address list and put the subnets on it, then refer to the address list by name.

oh yeah! forgot how that works... I think ive used it only once before. thx.

I am ready to deploy this sucker into our second phase of testing on a small leg of our network, but something simple has me stumped.

This thing is totally transparent, so how do I assign an administrative IP that would be accessable on the same network?

I just added an IP to the bridge interface and It remained unreachable.

I shouldnt need to add a default route since It is not acting as a gateway right?

help a dummy out guys, Im sure this is something dumb that would be obvious to everyone else. Ive never tried to add an ip address to a fully transparent device before tho.

bump?

free cookie for the answer?

If you're accessing it from the same subnet you don't need a default gateway because same subnet traffic is sent directly. It's got nothing to do with the device not being a router - if you want to access it from a different network, it needs a default gateway so it knows where to send return traffic. Default gateways aren't just for routers, they're also for hosts - and for administrative access purposes your transparent shaper is a host.

Assigning an IP address to the bridge interface should be the right thing to do. If that isn't working for starters post the output of "/ip address print detail", "/interface print detail", "/ip route print detail", "/ip firewall filter export", and a network diagram including the host you're trying to access the shaper from. More info might be needed later.

If IP address of the bridge is from the same subnet as IP addresses of computers connected through the bridge (or any other subnet that is on the same broadcast domain) and you can't reach bridge IP from other networks (e.g. through the Internet) then on the bridge you should add default route (route to 0.0.0.0/0) with gateway set to IP address of default gateway for computers from that subnet (set gateway to default gateway for computers behind bridge) and distance 1.

yeah, i didnt have a default route and im totally on a different subnet. will add the route and check it. thanks!