Regras para Mangle controle de banda para sites especificos
66 views
Skip to first unread message
Claudinhohw
Dec 20, 2010, 2:16:28 PM12/20/10
to Grupo de estudosmk
/ip firewall mangle
add action=mark-connection chain=prerouting comment=SSH_IN disabled=no
dst-port=22 new-connection-mark=conn_ssh_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_ssh_in disabled=no new-packet-mark=ssh_in passthrough=no
add action=mark-connection chain=postrouting comment=SSH_OUT
disabled=no new-connection-mark=conn_ssh_out passthrough=yes
protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_ssh_out disabled=no new-packet-mark=ssh_out passthrough=no
add action=mark-connection chain=prerouting comment=FTP_IN disabled=no
dst-port=21 new-connection-mark=conn_ftp_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_ftp_in disabled=no new-packet-mark=ftp_in passthrough=no
add action=mark-connection chain=postrouting comment=FTP_IN
disabled=no new-connection-mark=conn_ftp_out passthrough=yes
protocol=tcp src-port=21
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_ftp_out disabled=no new-packet-mark=ftp_out passthrough=no
add action=mark-connection chain=prerouting comment=DNS_IN disabled=no
dst-port=53 new-connection-mark=conn_dns_in passthrough=yes
protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_dns_in disabled=no new-packet-mark=dns_in passthrough=no
add action=mark-connection chain=postrouting comment=DNS_OUT
disabled=no new-connection-mark=conn_dns_out passthrough=yes
protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_dns_out disabled=no new-packet-mark=dns_out passthrough=no
add action=mark-packet chain=prerouting comment="EMAIL IN (POP)"
disabled=no dst-port=110 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="EMAIL SSL IN (POP)"
disabled=no dst-port=995 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP IN" disabled=no
dst-port=143 new-packet-mark=email_in passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP SSL IN"
disabled=no dst-port=993 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=postrouting comment="EMAIL OUT (SMTP)"
disabled=no new-packet-mark=email_out passthrough=yes protocol=tcp src-
port=25
add action=mark-packet chain=postrouting comment="" disabled=no new-
packet-mark=email_out passthrough=yes protocol=udp src-port=25
add action=mark-connection chain=prerouting comment="ORKUT IN"
content=orkut disabled=no new-connection-mark=conn_orkut_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_orkut_in disabled=no new-packet-mark=orkut_in passthrough=no
add action=mark-connection chain=postrouting comment="ORKUT OUT"
content=orkut disabled=no new-connection-mark=conn_orkut_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_orkut_out disabled=no new-packet-mark=orkut_out
passthrough=no
add action=mark-connection chain=prerouting comment="YOUTUBE IN"
content=youtube disabled=no new-connection-mark=conn_youtube_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_youtube_in disabled=no new-packet-mark=youtube_in
passthrough=no
add action=mark-connection chain=postrouting comment="YOUTUBE OUT"
content=youtube disabled=no new-connection-mark=conn_youtube_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_youtube_out disabled=no new-packet-mark=youtube_out
passthrough=no
add action=mark-connection chain=prerouting comment="HOTMAIL IN"
content=hotmail disabled=no new-connection-mark=conn_hotmail_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_hotmail_in disabled=no new-packet-mark=hotmail_in
passthrough=no
add action=mark-connection chain=postrouting comment="HOTMAIL OUT"
content=hotmail disabled=no new-connection-mark=conn_hotmail_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_hotmail_out disabled=no new-packet-mark=hotmail_out
passthrough=no
add action=mark-connection chain=prerouting comment="RANGE IP DO
BRASIL" disabled=no dst-address-list=brasil dst-port=80 new-connection-
mark=conn_brasil_in \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_brasil_in disabled=no new-packet-mark=ip_brasil_in
passthrough=no
add action=mark-connection chain=prerouting comment="HTTP IN"
disabled=no dst-port=80 new-connection-mark=conn_all_http_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_all_http_in disabled=no new-packet-mark=all_http_in
passthrough=no
add action=mark-connection chain=prerouting comment="HTTP OUT"
disabled=no new-connection-mark=conn_all_http_out passthrough=yes
protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_all_http_out disabled=no new-packet-mark=all_http_out
passthrough=no
add action=mark-connection chain=prerouting comment=HTTPS_IN
disabled=no dst-port=443 new-connection-mark=conn_https_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_https_in disabled=no new-packet-mark=https_in passthrough=no
add action=mark-connection chain=postrouting comment=HTTPS_OUT
disabled=no new-connection-mark=conn_https_out passthrough=yes
protocol=tcp src-port=443
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_https_out disabled=no new-packet-mark=https_out
passthrough=no
add action=mark-connection chain=prerouting comment=MSN_IN disabled=no
dst-port=1863 new-connection-mark=conn_msn_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_msn_in disabled=no new-packet-mark=msn_in passthrough=yes
add action=mark-connection chain=prerouting comment="STREAM_IN (tcp)"
disabled=no dst-port=537,554,1736,1755,1790,2979 new-connection-
mark=conn_stream_in \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="STREAM_IN (udp)"
disabled=no dst-port=537,554,1736,1755,1790,2979 new-connection-
mark=conn_stream_in \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_stream_in disabled=no new-packet-mark=stream_in
passthrough=no
add action=mark-connection chain=postrouting comment="STREAM_OUT
(tcp)" disabled=no new-connection-mark=conn_stream_out passthrough=yes
protocol=tcp \
src-port=537,554,1736,1755,1790,2979
add action=mark-connection chain=postrouting comment="STREAM_OUT
(udp)" disabled=no new-connection-mark=conn_stream_out passthrough=yes
protocol=udp \
src-port=537,554,1736,1755,1790,2979
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_stream_out disabled=no new-packet-mark=stream_out
passthrough=no
add action=mark-connection chain=prerouting comment=WINBOX_IN
disabled=no dst-port=8291 new-connection-mark=conn_winbox_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_winbox_in disabled=no new-packet-mark=winbox_in
passthrough=no
add action=mark-connection chain=postrouting comment=WINBOX_OUT
disabled=no new-connection-mark=conn_winbox_out passthrough=yes
protocol=tcp src-port=8291
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_winbox_out disabled=no new-packet-mark=winbox_out
passthrough=no
add action=mark-connection chain=prerouting comment=VOIP_IN
disabled=no dst-port=5060-5061 new-connection-mark=conn_voip_in
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_voip_in disabled=no new-packet-mark=voip_in passthrough=no
add action=mark-connection chain=postrouting comment=VOIP_OUT
disabled=no new-connection-mark=conn_voip_out passthrough=yes
protocol=udp src-port=5060-5061
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_voip_out disabled=no new-packet-mark=voip_out
passthrough=yes
add action=mark-connection chain=prerouting comment=P2P_IN disabled=no
new-connection-mark=conn_p2p_in p2p=all-p2p passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_p2p_in disabled=no new-packet-mark=p2p_in passthrough=no
add action=mark-connection chain=postrouting comment=P2P_OUT
disabled=no new-connection-mark=conn_p2p_out p2p=all-p2p
passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_p2p_out disabled=no new-packet-mark=p2p_out passthrough=yes
add action=change-mss chain=forward comment="" disabled=no new-
mss=1330 out-interface=link protocol=tcp tcp-flags=syn
breve poso o controle de banda queue tree...
add action=mark-connection chain=prerouting comment=SSH_IN disabled=no
dst-port=22 new-connection-mark=conn_ssh_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_ssh_in disabled=no new-packet-mark=ssh_in passthrough=no
add action=mark-connection chain=postrouting comment=SSH_OUT
disabled=no new-connection-mark=conn_ssh_out passthrough=yes
protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_ssh_out disabled=no new-packet-mark=ssh_out passthrough=no
add action=mark-connection chain=prerouting comment=FTP_IN disabled=no
dst-port=21 new-connection-mark=conn_ftp_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_ftp_in disabled=no new-packet-mark=ftp_in passthrough=no
add action=mark-connection chain=postrouting comment=FTP_IN
disabled=no new-connection-mark=conn_ftp_out passthrough=yes
protocol=tcp src-port=21
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_ftp_out disabled=no new-packet-mark=ftp_out passthrough=no
add action=mark-connection chain=prerouting comment=DNS_IN disabled=no
dst-port=53 new-connection-mark=conn_dns_in passthrough=yes
protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_dns_in disabled=no new-packet-mark=dns_in passthrough=no
add action=mark-connection chain=postrouting comment=DNS_OUT
disabled=no new-connection-mark=conn_dns_out passthrough=yes
protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_dns_out disabled=no new-packet-mark=dns_out passthrough=no
add action=mark-packet chain=prerouting comment="EMAIL IN (POP)"
disabled=no dst-port=110 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="EMAIL SSL IN (POP)"
disabled=no dst-port=995 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP IN" disabled=no
dst-port=143 new-packet-mark=email_in passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP SSL IN"
disabled=no dst-port=993 new-packet-mark=email_in passthrough=yes
protocol=tcp
add action=mark-packet chain=postrouting comment="EMAIL OUT (SMTP)"
disabled=no new-packet-mark=email_out passthrough=yes protocol=tcp src-
port=25
add action=mark-packet chain=postrouting comment="" disabled=no new-
packet-mark=email_out passthrough=yes protocol=udp src-port=25
add action=mark-connection chain=prerouting comment="ORKUT IN"
content=orkut disabled=no new-connection-mark=conn_orkut_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_orkut_in disabled=no new-packet-mark=orkut_in passthrough=no
add action=mark-connection chain=postrouting comment="ORKUT OUT"
content=orkut disabled=no new-connection-mark=conn_orkut_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_orkut_out disabled=no new-packet-mark=orkut_out
passthrough=no
add action=mark-connection chain=prerouting comment="YOUTUBE IN"
content=youtube disabled=no new-connection-mark=conn_youtube_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_youtube_in disabled=no new-packet-mark=youtube_in
passthrough=no
add action=mark-connection chain=postrouting comment="YOUTUBE OUT"
content=youtube disabled=no new-connection-mark=conn_youtube_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_youtube_out disabled=no new-packet-mark=youtube_out
passthrough=no
add action=mark-connection chain=prerouting comment="HOTMAIL IN"
content=hotmail disabled=no new-connection-mark=conn_hotmail_in
passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_hotmail_in disabled=no new-packet-mark=hotmail_in
passthrough=no
add action=mark-connection chain=postrouting comment="HOTMAIL OUT"
content=hotmail disabled=no new-connection-mark=conn_hotmail_out
passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_hotmail_out disabled=no new-packet-mark=hotmail_out
passthrough=no
add action=mark-connection chain=prerouting comment="RANGE IP DO
BRASIL" disabled=no dst-address-list=brasil dst-port=80 new-connection-
mark=conn_brasil_in \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_brasil_in disabled=no new-packet-mark=ip_brasil_in
passthrough=no
add action=mark-connection chain=prerouting comment="HTTP IN"
disabled=no dst-port=80 new-connection-mark=conn_all_http_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_all_http_in disabled=no new-packet-mark=all_http_in
passthrough=no
add action=mark-connection chain=prerouting comment="HTTP OUT"
disabled=no new-connection-mark=conn_all_http_out passthrough=yes
protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_all_http_out disabled=no new-packet-mark=all_http_out
passthrough=no
add action=mark-connection chain=prerouting comment=HTTPS_IN
disabled=no dst-port=443 new-connection-mark=conn_https_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_https_in disabled=no new-packet-mark=https_in passthrough=no
add action=mark-connection chain=postrouting comment=HTTPS_OUT
disabled=no new-connection-mark=conn_https_out passthrough=yes
protocol=tcp src-port=443
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_https_out disabled=no new-packet-mark=https_out
passthrough=no
add action=mark-connection chain=prerouting comment=MSN_IN disabled=no
dst-port=1863 new-connection-mark=conn_msn_in passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_msn_in disabled=no new-packet-mark=msn_in passthrough=yes
add action=mark-connection chain=prerouting comment="STREAM_IN (tcp)"
disabled=no dst-port=537,554,1736,1755,1790,2979 new-connection-
mark=conn_stream_in \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="STREAM_IN (udp)"
disabled=no dst-port=537,554,1736,1755,1790,2979 new-connection-
mark=conn_stream_in \
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_stream_in disabled=no new-packet-mark=stream_in
passthrough=no
add action=mark-connection chain=postrouting comment="STREAM_OUT
(tcp)" disabled=no new-connection-mark=conn_stream_out passthrough=yes
protocol=tcp \
src-port=537,554,1736,1755,1790,2979
add action=mark-connection chain=postrouting comment="STREAM_OUT
(udp)" disabled=no new-connection-mark=conn_stream_out passthrough=yes
protocol=udp \
src-port=537,554,1736,1755,1790,2979
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_stream_out disabled=no new-packet-mark=stream_out
passthrough=no
add action=mark-connection chain=prerouting comment=WINBOX_IN
disabled=no dst-port=8291 new-connection-mark=conn_winbox_in
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_winbox_in disabled=no new-packet-mark=winbox_in
passthrough=no
add action=mark-connection chain=postrouting comment=WINBOX_OUT
disabled=no new-connection-mark=conn_winbox_out passthrough=yes
protocol=tcp src-port=8291
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_winbox_out disabled=no new-packet-mark=winbox_out
passthrough=no
add action=mark-connection chain=prerouting comment=VOIP_IN
disabled=no dst-port=5060-5061 new-connection-mark=conn_voip_in
passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_voip_in disabled=no new-packet-mark=voip_in passthrough=no
add action=mark-connection chain=postrouting comment=VOIP_OUT
disabled=no new-connection-mark=conn_voip_out passthrough=yes
protocol=udp src-port=5060-5061
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_voip_out disabled=no new-packet-mark=voip_out
passthrough=yes
add action=mark-connection chain=prerouting comment=P2P_IN disabled=no
new-connection-mark=conn_p2p_in p2p=all-p2p passthrough=yes
protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-
mark=conn_p2p_in disabled=no new-packet-mark=p2p_in passthrough=no
add action=mark-connection chain=postrouting comment=P2P_OUT
disabled=no new-connection-mark=conn_p2p_out p2p=all-p2p
passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="" connection-
mark=conn_p2p_out disabled=no new-packet-mark=p2p_out passthrough=yes
add action=change-mss chain=forward comment="" disabled=no new-
mss=1330 out-interface=link protocol=tcp tcp-flags=syn
breve poso o controle de banda queue tree...
Reply all
Reply to author
Forward
0 new messages