script working well with /24 subnet but not with /16

engineertote · Wed May 16, 2012 12:43 am

Hi All

i use the bellow sicript to add mangle rule for download and upload for each IP in the subnet , it was working well with the bellow format with /24 but now i want to do the subnet /16 , i tried to modifiy the script to work on /16 with no success ,, appreciate any help in this :

First mark packets for all users (all IP addresses) For upload:

:for x from=1 to=254 do={ /ip firewall mangle add chain=prerouting src-address="10.0.0.$x" action=mark-packet new-packet-mark="U0_$x" passthrough=no }

For download:

:for x from=1 to=254 do={ /ip firewall mangle add chain=postrouting dst-address="10.0.0.$x" action=mark-packet new-packet-mark="D0_$x" passthrough=no }

c0d3rSh3ll · Wed May 16, 2012 3:48 am

from ipcal

Address:   10.0.0.0            
Netmask:   255.255.0.0 = 16      
Wildcard:  0.0.255.255           

Network:   10.0.0.0/16           
Broadcast: 10.0.255.255          
HostMin:   10.0.0.1              
HostMax:   10.0.255.254          
Hosts/Net: 65534

65535 rules for mangle is crazy but try this...

for x from=1 to=254 do={ 
for y from=0 to=255 do={
/ip firewall mangle add chain=prerouting src-address="10.0.$y.$x" action=mark-packet new-packet-mark="U0_$x" passthrough=no 
}}

engineertote · Wed May 16, 2012 11:02 am

its work ,, thank you

from ipcal

Address:   10.0.0.0            
Netmask:   255.255.0.0 = 16      
Wildcard:  0.0.255.255           

Network:   10.0.0.0/16           
Broadcast: 10.0.255.255          
HostMin:   10.0.0.1              
HostMax:   10.0.255.254          
Hosts/Net: 65534

65535 rules for mangle is crazy but try this...

for x from=1 to=254 do={ 
for y from=0 to=255 do={
/ip firewall mangle add chain=prerouting src-address="10.0.$y.$x" action=mark-packet new-packet-mark="U0_$x" passthrough=no 
}}

ditonet · Wed May 16, 2012 11:38 am

@engineertote
It should be:

new-packet-mark="U0_$y_$x"

And why do you need such huge number of mangle rules???

Regards,

engineertote · Wed May 16, 2012 1:56 pm

yeah i edit this and its work thanks ,, /16 is very huge i reduced it to /23 and its still huge

.. the theory is work but day by day i believe the megis QOS is really the best

@engineertote
It should be:
Code: Select all
new-packet-mark="U0_$y_$x"
And why do you need such huge number of mangle rules???

Regards,

Devil · Wed May 16, 2012 2:35 pm

The heart of Megis QOS solution, is PCQ. you should use PCQ to reduce those mangle rules. you should do w/e it takes to always keep the firewall rules (and other rules as well), to the minimum. or you're going to face some serious resource problems in the future.

czzapik · Thu Aug 18, 2016 2:06 pm

its work ,, thank you

from ipcal

Address:   10.0.0.0            
Netmask:   255.255.0.0 = 16      
Wildcard:  0.0.255.255           

Network:   10.0.0.0/16           
Broadcast: 10.0.255.255          
HostMin:   10.0.0.1              
HostMax:   10.0.255.254          
Hosts/Net: 65534

65535 rules for mangle is crazy but try this...

for x from=1 to=254 do={ 
for y from=0 to=255 do={
/ip firewall mangle add chain=prerouting src-address="10.0.$y.$x" action=mark-packet new-packet-mark="U0_$x" passthrough=no 
}}

how write code php api?
thanks

script working well with /24 subnet but not with /16

script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Re: script working well with /24 subnet but not with /16

Who is online