首页
///////////////////////////////////////////////////////////////////////////////////////////////////////////
HTB部分:
# jan/02/1970 05:08:40 by RouterOS 5.16
# software id = C50V-JBPV
#
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=Class_Down packet-mark="" parent=global-total priority=\
8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name="1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" packet-mark=\
"" parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2M name="2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3M name="3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=Class_Up packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name="3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=128k name="4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
/queue type
add kind=pcq name=PCQ_ACK_Down pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_ACK_Up pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=128k pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.\B7\FE\CE\F1\C6\F7\CA\FD\BE\DD_Down" packet-mark=\
ServerIP parent=Class_Down priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=1.DNS_Down packet-mark=DNS parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.\B7\FE\CE\F1\C6\F7\CA\FD\BE\DD_Up" packet-mark=\
ServerIP_up parent=Class_Up priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=1.DNS_Up packet-mark=DNS_up parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=2.ICMP_Down packet-mark=ICMP parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=2.ICMP_Up packet-mark=ICMP_up parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.SYN_ACK_Down packet-mark=SYN_ACK parent=\
"4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Down" priority=6 queue=PCQ_ACK_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=128k name=1.SYN_ACK_Up packet-mark=SYN_ACK_up parent=\
"4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Up" priority=6 queue=PCQ_ACK_Up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=1.Web_Down packet-mark=Web parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=1.Web_Up packet-mark=Web_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=3.Music_Down packet-mark=Music parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=3.Music_Up packet-mark=Music_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=2.Picture_Down packet-mark=Picture parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=2.Picture_Up packet-mark=Picture_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=4.Video_Down packet-mark=Video parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=4.Video_Up packet-mark=Video_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=1.Game_Down packet-mark=Game parent=\
"2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Down" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.Game_Up packet-mark=Game_up parent=\
"2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Up" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=2.TCP_Down packet-mark=TCP parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=512k name=3.UDP_Down packet-mark=UDP parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=64k name=2.TCP_Up packet-mark=TCP_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=64k name=3.UDP_Up packet-mark=UDP_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.File_Down packet-mark=File parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=128k name=1.File_Up packet-mark=File_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=7 queue=default
***************************************************************************
mangle部分:
# jan/02/1970 05:09:14 by RouterOS 5.16
# software id = C50V-JBPV
#
/ip firewall layer7-protocol
add name=web regexp="\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx"
add name=img regexp="\\.jpg|\\.png|\\.gif|\\.bmp"
add name=video regexp="\\.swf|\\.flv"
add name=music regexp="\\.mp3|\\.wma"
add name=down regexp="\\.exe|\\.zip|\\.rar|\\.7z|\\.mp4|\\.rmvb|\\.rm|\\.mpeg|\
\\.iso|\\.avi|\\.mkv|\\.wmv|\\.flac|\\.ape|\\.msi"
add name=webQQ regexp="(web.qq.com|web2.qq.com)"
add name=QQ2011 regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27|^.\?.\?[\\x02|\\x05]\\x\
22\\x27.+[\\x03|\\x09]\$|^\\x05\\x02.+\\x03\$|^/xFE/x42../x42/x02/x0B/x7D/\
x98/x38/xE4|^.\?.\?\\x02.+\\x03\$"
add name=QQ regexp="^.\?.\?\\x02.+\\x03\$"
add name=kugou regexp="^(\\x64.....\\x76....\\x50\\x37|\\x65.+|\\x69.+)"
add name=wangwang regexp=\
"^\\x88\\x06.+\\x01|^(post|get).*http/1\\.1.*host:.*im.alisoft.com"
add name=Tencent regexp=\
"(^\\xFE.\?.\?.\?.\?\\xDE|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=http regexp="(http:|https:|ftp:|file:|mms:|rtsp:)//.+((\\d{1,3}\\.){3\
}(\\d{1,3})|.net|.com|.com.cn|.cn|.org|.info|.edu|.cc).*"
add name=ppsteam regexp="^.\?.\?\\c.+\\c"
add name=http_down regexp="^get /.+\\.(exe|rar|zip|7z).+\$"
add name=http_video regexp=\
"^get /.+\\.(flv|f4v|mp3|mp4|3gp|mkv|rm|ra|wma|wmv|aac).+\$"
add name=http_hight regexp="^get /.+\\.(swf).+\$"
add name=game_tx_tp regexp="^get /iedsafe/.+\\.dat.+\$"
/ip firewall address-list
add address=192.168.1.2 disabled=no list=ServerIP
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=change-mss chain=forward comment="------------------------ \D6\AA\
\CA\B6\BE\CD\CA\C7\C1\A6\C1\BF\A3\AC\BC\BC\C4\DC\B8\C4\B1\E4\C8\CB\C9\FA |\
\_\BB\B6\D3\AD\BC\D3\C8\EBQQ\C8\BA\A3\BA175671513 -----------------" \
disabled=no new-mss=1440 passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=prerouting disabled=no new-connection-mark=1 \
passthrough=yes per-connection-classifier=both-addresses:3/2 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=1 disabled=no \
new-routing-mark=1 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting disabled=no new-connection-mark=2 \
passthrough=yes per-connection-classifier=both-addresses:3/1 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=2 disabled=no \
new-routing-mark=2 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 \
passthrough=yes per-connection-classifier=both-addresses:3/0 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=3 disabled=no \
new-routing-mark=3 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting comment=\
"\D3\C0\BA\E3\D6\AE\CB\FE" disabled=no dst-port=7777,10241,16763 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\CE\F7\D3\CE" disabled=no dst-port=\
4088,4188,4588,10116,10156,21388,22788 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\AB\C6\E6\CA\C0\BD\E7" disabled=no dst-port=\
7000-7003,7100,7300,7200-7205,7400 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=7000 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="\C5\DD\C5\DD\CC\C3" \
disabled=no dst-port=6868,33567,3838,4848,29865 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
9646,3869,6869,29851-29853,3986,9889,9977 new-connection-mark=game-c \
passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="\D5\F7\B7\FE" disabled=\
no dst-port=5816 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C4\A7\D3\F2" disabled=\
no dst-port=5816,8900 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"QQ\B6\D4\D5\BD\C6\BD\CC\A8" disabled=no dst-port=1671,7000,7100 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="QQ\EC\C5\CE\E8" \
disabled=no dst-port=31414 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=17781,17785 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="QQ\BB\AA\CF\C4" \
disabled=no dst-port=5130 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\C8\FD\B9\FA" \
disabled=no dst-port=6299 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\D2\F4\CB\D9" \
disabled=no dst-port=28008 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\B7\C9\B3\B5" \
disabled=no dst-port=39311,1764,12721,3133,4550,3620,2269,17995 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B7\B4\BF\D6\BE\AB\D3\A2online" disabled=no dst-port=27005-27030 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=8013 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\CE\CA\B5\C0" disabled=\
no dst-port=9010-9014 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\D3\A2\D0\DB\B5\BA" \
disabled=no dst-port=6831-6832,6840-6847 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D6\DA\C9\F1\D6\AE\D5\BD" disabled=no dst-port=7000 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D0\C7\B3\BE\B4\AB\CB\B5" disabled=no dst-port=2347 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D1\B0\CF\C9" disabled=\
no dst-port=7002,15002-15004,3100 new-connection-mark=game-c passthrough=\
yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\C2\CC\C9\AB\D5\F7\CD\BE" disabled=no dst-port=6020,6030 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\C1\FA\D7\E5" disabled=no dst-port=4111 new-connection-mark=\
game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B7\B4\BF\D6\BE\AB\D3\A2online" disabled=no dst-port=\
27005-27030,27005-27030,9028 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
47611,27005,27051 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C8\C8\D1\AA\B4\AB\C6\E6" disabled=no dst-port=\
7000,7100,7200,7440,7491,7204,7400,7401,7500,7300 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\BD\A3\CF\C0\B7\A1\CD\E2\B4\AB" disabled=no dst-port=6040-6050,6661-6663 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B5\D8\CF\C2\B3\C7\D3\C2\CA\BF" disabled=no dst-port=\
10010-10049,7101-7103 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=5063 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B3\C9\BC\AA\CB\BC\BA\B9" disabled=no dst-port=25520-25521,25511 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\BE\A2\CE\E8\CD\C5" \
disabled=no dst-port=17703-17706,25510-25530 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B9\A6\B7\F2\CA\C0\BD\E7" disabled=no dst-port=5052 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B7\EF\CE\E8\CC\EC\BD\BE" connection-rate=0-50k disabled=no dst-port=\
5990-6010 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B3\C9\BC\AA\CB\BC\BA\BA" disabled=no dst-port=8445-8450,17004-17006 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\BB\AA\CF\C4online" \
connection-rate=0-50k disabled=no dst-port=\
1188,1485-1495,5125,5126,5128,5130 new-connection-mark=game-c \
packet-size=32-512 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D5\F7\CD\BE" disabled=\
no dst-port=6020 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D1\B0\CF\C9" \
connection-rate=0-50k disabled=no dst-port=1448,15002 \
new-connection-mark=game-c packet-size=32-512 passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting disabled=no dst-port=8448,15002 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\BE\AA\CC\EC\B6\AF\B5\D8" disabled=no dst-port=38117 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D5\BD\B5\D82" disabled=\
no dst-port=55125-55135 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\CC\EC\CC\C32" disabled=\
no dst-port=2005,4000 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\C3\B0\CF\D5\B5\BA" \
disabled=no dst-port=8585 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="51\EC\C5\CE\E8" \
disabled=no dst-port=8001-8007,8009,8106 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\CE\F7\D3\CE\BC\C7" \
disabled=no dst-port=10002-10003 new-connection-mark=game-c passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\BB\C3\CF\EB\CA\C0\BD\E7" disabled=no dst-port=6621,6631 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\CC\C6\BA\C0\CF\C0" connection-rate=0-50k disabled=no dst-port=\
6400-6500 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D5\BD\B5\D8\D6\AE\CD\F5" disabled=no dst-port=28004 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-rate=0-60k disabled=no \
dst-port=16400-16500 new-connection-mark=game-c passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting comment="\B0\C1\CA\C0" \
connection-rate=0-50k disabled=no dst-port=4301 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C1\FA\D6\AE\B9\C8" \
disabled=no dst-port=83,14300,14400-14406 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
14300,15100-15105 new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\D6\EF\CF\C9" disabled=no dst-port=28993,28994 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D6\EF\CF\C92" disabled=\
no dst-port=29000 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D0\C7\B3\BD\B1\E4" \
connection-rate=0-50k disabled=no dst-port=7001 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C3\CE\C8\FD\B9\FA" \
disabled=no dst-port=8000 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\A9\D4\BD\BB\F0\CF\DF" connection-rate=0-50k disabled=no dst-port=\
12010-12050,12044-12060,12119-12130,12144-12160,12071,12175,12007,29919 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
10008,28012,13006,7101 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D3\A2\D0\DB\C1\AA\C3\CB" disabled=no dst-port=\
2099,5223,5222,2099,5692,8443,8393-8400 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-rate=0-60k disabled=no \
dst-port=33674,5100-5230 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting comment="\CC\EC\D2\ED\BE\F6" \
disabled=no dst-port=43391 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\CC\C6\CE\DE\CB\AB" disabled=no dst-port=9810,10530 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\B4\CA\C0\CE\F7\D3\CE" disabled=no dst-port=20771 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE\D6\AE\D5\BD\B8\E8" disabled=no dst-port=31253 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE" disabled=no dst-port=3488,13388 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE OnineII" disabled=no dst-port=60888,2012,53888 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE3" disabled=no dst-port=19874,13983 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\CE\F7\D3\CE" disabled=no dst-port=22288,54888 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C4\A7\CA\DE\CA\C0\BD\E7" disabled=no dst-port=\
1119,3724,8085-8087,35588,4000,7081,38335,6110-6115,8444,8460 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
9081,9090,9097,9100 new-connection-mark=game-c passthrough=yes protocol=\
tcp
add action=add-dst-to-address-list address-list=Game address-list-timeout=10s \
chain=prerouting comment=Game connection-mark=game-c disabled=no
add action=mark-connection chain=prerouting comment=ServerIP disabled=no \
new-connection-mark=ServerIP passthrough=yes src-address-list=ServerIP
add action=mark-packet chain=prerouting connection-mark=ServerIP disabled=no \
new-packet-mark=ServerIP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
ServerIP_up passthrough=yes src-address-list=ServerIP
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out1 \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out2 \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out3 \
passthrough=no
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
53 new-connection-mark=DNS passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS disabled=no \
new-packet-mark=DNS passthrough=yes
add action=mark-connection chain=postrouting disabled=no dst-port=53 \
new-connection-mark=DNS_up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=ICMP disabled=no \
new-connection-mark=ICMP passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP disabled=no \
new-packet-mark=ICMP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
ICMP_up passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Music disabled=no \
layer7-protocol=music new-connection-mark=Music passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Music disabled=no \
new-packet-mark=Music passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
music new-connection-mark=Music_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Video disabled=no \
layer7-protocol=http_video new-connection-mark=Video passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Video disabled=no \
new-packet-mark=Video passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
http_video new-connection-mark=Video_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Web disabled=no \
layer7-protocol=web new-connection-mark=web passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 \
layer7-protocol=!down new-connection-mark=web passthrough=yes protocol=\
tcp
add action=mark-packet chain=prerouting connection-mark=web disabled=no \
new-packet-mark=Web passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=web \
new-connection-mark=web_up passthrough=yes
add action=mark-connection chain=postrouting disabled=no dst-port=80,443 \
layer7-protocol=!down new-connection-mark=web_up passthrough=yes \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Picture disabled=no \
layer7-protocol=img new-connection-mark=Picture passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Picture disabled=no \
new-packet-mark=Picture passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=img \
new-connection-mark=Picture_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Game disabled=no \
dst-address-list=Game new-connection-mark=Game passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Game disabled=no \
new-packet-mark=Game passthrough=no
add action=mark-connection chain=postrouting disabled=no dst-address-list=\
Game new-connection-mark=Game_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=File disabled=no \
layer7-protocol=down new-connection-mark=File passthrough=yes
add action=mark-packet chain=prerouting connection-mark=File disabled=no \
new-packet-mark=File passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=down \
new-connection-mark=File_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=SYN_ACK disabled=no \
new-connection-mark=SYN_ACK passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
SYN_ACK passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting connection-mark=SYN_ACK disabled=no \
new-packet-mark=SYN_ACK passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
SYN_ACK_up passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
SYN_ACK_up passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=TCP disabled=no \
new-connection-mark=TCP passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=TCP disabled=no \
new-packet-mark=TCP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
TCP_up passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=UDP disabled=no \
new-connection-mark=UDP passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=UDP disabled=no \
new-packet-mark=UDP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
UDP_up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out2
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out3
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
HTB部分:
# jan/02/1970 05:08:40 by RouterOS 5.16
# software id = C50V-JBPV
#
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=Class_Down packet-mark="" parent=global-total priority=\
8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name="1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" packet-mark=\
"" parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2M name="2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3M name="3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" packet-mark="" \
parent=Class_Down priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=Class_Up packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name="2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name="3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=128k name="4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=256k name="5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" packet-mark="" \
parent=Class_Up priority=8
/queue type
add kind=pcq name=PCQ_ACK_Down pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_ACK_Up pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=128k pcq-src-address-mask=\
32 pcq-src-address6-mask=64 pcq-total-limit=2000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.\B7\FE\CE\F1\C6\F7\CA\FD\BE\DD_Down" packet-mark=\
ServerIP parent=Class_Down priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=1.DNS_Down packet-mark=DNS parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="6.\B7\FE\CE\F1\C6\F7\CA\FD\BE\DD_Up" packet-mark=\
ServerIP_up parent=Class_Up priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=1.DNS_Up packet-mark=DNS_up parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=256k name=2.ICMP_Down packet-mark=ICMP parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Down" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=2.ICMP_Up packet-mark=ICMP_up parent=\
"1.\B5\DA\D2\BB\B2\E3\CA\FD\BE\DD_Up" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.SYN_ACK_Down packet-mark=SYN_ACK parent=\
"4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Down" priority=6 queue=PCQ_ACK_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=128k name=1.SYN_ACK_Up packet-mark=SYN_ACK_up parent=\
"4.\B5\DA\CB\C4\B2\E3\CA\FD\BE\DD_Up" priority=6 queue=PCQ_ACK_Up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=1.Web_Down packet-mark=Web parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=1.Web_Up packet-mark=Web_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=3.Music_Down packet-mark=Music parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=3.Music_Up packet-mark=Music_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=2.Picture_Down packet-mark=Picture parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=2.Picture_Up packet-mark=Picture_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=4.Video_Down packet-mark=Video parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Down" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=128k name=4.Video_Up packet-mark=Video_up parent=\
"3.\B5\DA\C8\FD\B2\E3\CA\FD\BE\DD_Up" priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M \
max-limit=2M name=1.Game_Down packet-mark=Game parent=\
"2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Down" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.Game_Up packet-mark=Game_up parent=\
"2.\B5\DA\B6\FE\B2\E3\CA\FD\BE\DD_Up" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k \
max-limit=512k name=2.TCP_Down packet-mark=TCP parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=512k name=3.UDP_Down packet-mark=UDP parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=64k name=2.TCP_Up packet-mark=TCP_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k \
max-limit=64k name=3.UDP_Up packet-mark=UDP_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=1.File_Down packet-mark=File parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Down" priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k \
max-limit=128k name=1.File_Up packet-mark=File_up parent=\
"5.\B5\DA\CE\E5\B2\E3\CA\FD\BE\DD_Up" priority=7 queue=default
***************************************************************************
mangle部分:
# jan/02/1970 05:09:14 by RouterOS 5.16
# software id = C50V-JBPV
#
/ip firewall layer7-protocol
add name=web regexp="\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx"
add name=img regexp="\\.jpg|\\.png|\\.gif|\\.bmp"
add name=video regexp="\\.swf|\\.flv"
add name=music regexp="\\.mp3|\\.wma"
add name=down regexp="\\.exe|\\.zip|\\.rar|\\.7z|\\.mp4|\\.rmvb|\\.rm|\\.mpeg|\
\\.iso|\\.avi|\\.mkv|\\.wmv|\\.flac|\\.ape|\\.msi"
add name=webQQ regexp="(web.qq.com|web2.qq.com)"
add name=QQ2011 regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27|^.\?.\?[\\x02|\\x05]\\x\
22\\x27.+[\\x03|\\x09]\$|^\\x05\\x02.+\\x03\$|^/xFE/x42../x42/x02/x0B/x7D/\
x98/x38/xE4|^.\?.\?\\x02.+\\x03\$"
add name=QQ regexp="^.\?.\?\\x02.+\\x03\$"
add name=kugou regexp="^(\\x64.....\\x76....\\x50\\x37|\\x65.+|\\x69.+)"
add name=wangwang regexp=\
"^\\x88\\x06.+\\x01|^(post|get).*http/1\\.1.*host:.*im.alisoft.com"
add name=Tencent regexp=\
"(^\\xFE.\?.\?.\?.\?\\xDE|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=http regexp="(http:|https:|ftp:|file:|mms:|rtsp:)//.+((\\d{1,3}\\.){3\
}(\\d{1,3})|.net|.com|.com.cn|.cn|.org|.info|.edu|.cc).*"
add name=ppsteam regexp="^.\?.\?\\c.+\\c"
add name=http_down regexp="^get /.+\\.(exe|rar|zip|7z).+\$"
add name=http_video regexp=\
"^get /.+\\.(flv|f4v|mp3|mp4|3gp|mkv|rm|ra|wma|wmv|aac).+\$"
add name=http_hight regexp="^get /.+\\.(swf).+\$"
add name=game_tx_tp regexp="^get /iedsafe/.+\\.dat.+\$"
/ip firewall address-list
add address=192.168.1.2 disabled=no list=ServerIP
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=change-mss chain=forward comment="------------------------ \D6\AA\
\CA\B6\BE\CD\CA\C7\C1\A6\C1\BF\A3\AC\BC\BC\C4\DC\B8\C4\B1\E4\C8\CB\C9\FA |\
\_\BB\B6\D3\AD\BC\D3\C8\EBQQ\C8\BA\A3\BA175671513 -----------------" \
disabled=no new-mss=1440 passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=prerouting disabled=no new-connection-mark=1 \
passthrough=yes per-connection-classifier=both-addresses:3/2 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=1 disabled=no \
new-routing-mark=1 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting disabled=no new-connection-mark=2 \
passthrough=yes per-connection-classifier=both-addresses:3/1 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=2 disabled=no \
new-routing-mark=2 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 \
passthrough=yes per-connection-classifier=both-addresses:3/0 src-address=\
192.168.110.0/24
add action=mark-routing chain=prerouting connection-mark=3 disabled=no \
new-routing-mark=3 passthrough=yes src-address=192.168.110.0/24
add action=mark-connection chain=prerouting comment=\
"\D3\C0\BA\E3\D6\AE\CB\FE" disabled=no dst-port=7777,10241,16763 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\CE\F7\D3\CE" disabled=no dst-port=\
4088,4188,4588,10116,10156,21388,22788 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\AB\C6\E6\CA\C0\BD\E7" disabled=no dst-port=\
7000-7003,7100,7300,7200-7205,7400 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=7000 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="\C5\DD\C5\DD\CC\C3" \
disabled=no dst-port=6868,33567,3838,4848,29865 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
9646,3869,6869,29851-29853,3986,9889,9977 new-connection-mark=game-c \
passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="\D5\F7\B7\FE" disabled=\
no dst-port=5816 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C4\A7\D3\F2" disabled=\
no dst-port=5816,8900 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"QQ\B6\D4\D5\BD\C6\BD\CC\A8" disabled=no dst-port=1671,7000,7100 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="QQ\EC\C5\CE\E8" \
disabled=no dst-port=31414 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=17781,17785 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="QQ\BB\AA\CF\C4" \
disabled=no dst-port=5130 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\C8\FD\B9\FA" \
disabled=no dst-port=6299 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\D2\F4\CB\D9" \
disabled=no dst-port=28008 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="QQ\B7\C9\B3\B5" \
disabled=no dst-port=39311,1764,12721,3133,4550,3620,2269,17995 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B7\B4\BF\D6\BE\AB\D3\A2online" disabled=no dst-port=27005-27030 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=8013 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\CE\CA\B5\C0" disabled=\
no dst-port=9010-9014 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\D3\A2\D0\DB\B5\BA" \
disabled=no dst-port=6831-6832,6840-6847 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D6\DA\C9\F1\D6\AE\D5\BD" disabled=no dst-port=7000 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D0\C7\B3\BE\B4\AB\CB\B5" disabled=no dst-port=2347 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D1\B0\CF\C9" disabled=\
no dst-port=7002,15002-15004,3100 new-connection-mark=game-c passthrough=\
yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\C2\CC\C9\AB\D5\F7\CD\BE" disabled=no dst-port=6020,6030 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\C1\FA\D7\E5" disabled=no dst-port=4111 new-connection-mark=\
game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B7\B4\BF\D6\BE\AB\D3\A2online" disabled=no dst-port=\
27005-27030,27005-27030,9028 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
47611,27005,27051 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C8\C8\D1\AA\B4\AB\C6\E6" disabled=no dst-port=\
7000,7100,7200,7440,7491,7204,7400,7401,7500,7300 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\BD\A3\CF\C0\B7\A1\CD\E2\B4\AB" disabled=no dst-port=6040-6050,6661-6663 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B5\D8\CF\C2\B3\C7\D3\C2\CA\BF" disabled=no dst-port=\
10010-10049,7101-7103 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=5063 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B3\C9\BC\AA\CB\BC\BA\B9" disabled=no dst-port=25520-25521,25511 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\BE\A2\CE\E8\CD\C5" \
disabled=no dst-port=17703-17706,25510-25530 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B9\A6\B7\F2\CA\C0\BD\E7" disabled=no dst-port=5052 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B7\EF\CE\E8\CC\EC\BD\BE" connection-rate=0-50k disabled=no dst-port=\
5990-6010 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B3\C9\BC\AA\CB\BC\BA\BA" disabled=no dst-port=8445-8450,17004-17006 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\BB\AA\CF\C4online" \
connection-rate=0-50k disabled=no dst-port=\
1188,1485-1495,5125,5126,5128,5130 new-connection-mark=game-c \
packet-size=32-512 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D5\F7\CD\BE" disabled=\
no dst-port=6020 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D1\B0\CF\C9" \
connection-rate=0-50k disabled=no dst-port=1448,15002 \
new-connection-mark=game-c packet-size=32-512 passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting disabled=no dst-port=8448,15002 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\BE\AA\CC\EC\B6\AF\B5\D8" disabled=no dst-port=38117 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D5\BD\B5\D82" disabled=\
no dst-port=55125-55135 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\CC\EC\CC\C32" disabled=\
no dst-port=2005,4000 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="\C3\B0\CF\D5\B5\BA" \
disabled=no dst-port=8585 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="51\EC\C5\CE\E8" \
disabled=no dst-port=8001-8007,8009,8106 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\CE\F7\D3\CE\BC\C7" \
disabled=no dst-port=10002-10003 new-connection-mark=game-c passthrough=\
yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\BB\C3\CF\EB\CA\C0\BD\E7" disabled=no dst-port=6621,6631 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\CC\C6\BA\C0\CF\C0" connection-rate=0-50k disabled=no dst-port=\
6400-6500 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D5\BD\B5\D8\D6\AE\CD\F5" disabled=no dst-port=28004 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-rate=0-60k disabled=no \
dst-port=16400-16500 new-connection-mark=game-c passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting comment="\B0\C1\CA\C0" \
connection-rate=0-50k disabled=no dst-port=4301 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C1\FA\D6\AE\B9\C8" \
disabled=no dst-port=83,14300,14400-14406 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
14300,15100-15105 new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\D6\EF\CF\C9" disabled=no dst-port=28993,28994 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D6\EF\CF\C92" disabled=\
no dst-port=29000 new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\D0\C7\B3\BD\B1\E4" \
connection-rate=0-50k disabled=no dst-port=7001 new-connection-mark=\
game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="\C3\CE\C8\FD\B9\FA" \
disabled=no dst-port=8000 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\A9\D4\BD\BB\F0\CF\DF" connection-rate=0-50k disabled=no dst-port=\
12010-12050,12044-12060,12119-12130,12144-12160,12071,12175,12007,29919 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no dst-port=\
10008,28012,13006,7101 new-connection-mark=game-c passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\D3\A2\D0\DB\C1\AA\C3\CB" disabled=no dst-port=\
2099,5223,5222,2099,5692,8443,8393-8400 new-connection-mark=game-c \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-rate=0-60k disabled=no \
dst-port=33674,5100-5230 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting comment="\CC\EC\D2\ED\BE\F6" \
disabled=no dst-port=43391 new-connection-mark=game-c passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\CC\C6\CE\DE\CB\AB" disabled=no dst-port=9810,10530 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\B4\CA\C0\CE\F7\D3\CE" disabled=no dst-port=20771 \
new-connection-mark=game-c passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE\D6\AE\D5\BD\B8\E8" disabled=no dst-port=31253 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE" disabled=no dst-port=3488,13388 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE OnineII" disabled=no dst-port=60888,2012,53888 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\B4\F3\BB\B0\CE\F7\D3\CE3" disabled=no dst-port=19874,13983 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C3\CE\BB\C3\CE\F7\D3\CE" disabled=no dst-port=22288,54888 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"\C4\A7\CA\DE\CA\C0\BD\E7" disabled=no dst-port=\
1119,3724,8085-8087,35588,4000,7081,38335,6110-6115,8444,8460 \
new-connection-mark=game-c passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=\
9081,9090,9097,9100 new-connection-mark=game-c passthrough=yes protocol=\
tcp
add action=add-dst-to-address-list address-list=Game address-list-timeout=10s \
chain=prerouting comment=Game connection-mark=game-c disabled=no
add action=mark-connection chain=prerouting comment=ServerIP disabled=no \
new-connection-mark=ServerIP passthrough=yes src-address-list=ServerIP
add action=mark-packet chain=prerouting connection-mark=ServerIP disabled=no \
new-packet-mark=ServerIP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
ServerIP_up passthrough=yes src-address-list=ServerIP
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out1 \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out2 \
passthrough=no
add action=mark-packet chain=postrouting connection-mark=ServerIP_up \
disabled=no new-packet-mark=ServerIP_up out-inte***ce=pppoe-out3 \
passthrough=no
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
53 new-connection-mark=DNS passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS disabled=no \
new-packet-mark=DNS passthrough=yes
add action=mark-connection chain=postrouting disabled=no dst-port=53 \
new-connection-mark=DNS_up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=DNS_up disabled=no \
new-packet-mark=DNS_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=ICMP disabled=no \
new-connection-mark=ICMP passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP disabled=no \
new-packet-mark=ICMP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
ICMP_up passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=ICMP_up disabled=no \
new-packet-mark=ICMP_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Music disabled=no \
layer7-protocol=music new-connection-mark=Music passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Music disabled=no \
new-packet-mark=Music passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
music new-connection-mark=Music_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Music_up disabled=no \
new-packet-mark=Music_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Video disabled=no \
layer7-protocol=http_video new-connection-mark=Video passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Video disabled=no \
new-packet-mark=Video passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=\
http_video new-connection-mark=Video_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Video_up disabled=no \
new-packet-mark=Video_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Web disabled=no \
layer7-protocol=web new-connection-mark=web passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 \
layer7-protocol=!down new-connection-mark=web passthrough=yes protocol=\
tcp
add action=mark-packet chain=prerouting connection-mark=web disabled=no \
new-packet-mark=Web passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=web \
new-connection-mark=web_up passthrough=yes
add action=mark-connection chain=postrouting disabled=no dst-port=80,443 \
layer7-protocol=!down new-connection-mark=web_up passthrough=yes \
protocol=tcp
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=web_up disabled=no \
new-packet-mark=Web_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Picture disabled=no \
layer7-protocol=img new-connection-mark=Picture passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Picture disabled=no \
new-packet-mark=Picture passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=img \
new-connection-mark=Picture_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Picture_up disabled=\
no new-packet-mark=Picture_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=Game disabled=no \
dst-address-list=Game new-connection-mark=Game passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Game disabled=no \
new-packet-mark=Game passthrough=no
add action=mark-connection chain=postrouting disabled=no dst-address-list=\
Game new-connection-mark=Game_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=Game_up disabled=no \
new-packet-mark=Game_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=File disabled=no \
layer7-protocol=down new-connection-mark=File passthrough=yes
add action=mark-packet chain=prerouting connection-mark=File disabled=no \
new-packet-mark=File passthrough=no
add action=mark-connection chain=postrouting disabled=no layer7-protocol=down \
new-connection-mark=File_up passthrough=yes
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=File_up disabled=no \
new-packet-mark=File_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=SYN_ACK disabled=no \
new-connection-mark=SYN_ACK passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
SYN_ACK passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting connection-mark=SYN_ACK disabled=no \
new-packet-mark=SYN_ACK passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
SYN_ACK_up passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
SYN_ACK_up passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=SYN_ACK_up disabled=\
no new-packet-mark=SYN_ACK_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=TCP disabled=no \
new-connection-mark=TCP passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=TCP disabled=no \
new-packet-mark=TCP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
TCP_up passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=TCP_up disabled=no \
new-packet-mark=TCP_up out-inte***ce=pppoe-out3 passthrough=no
add action=mark-connection chain=prerouting comment=UDP disabled=no \
new-connection-mark=UDP passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=UDP disabled=no \
new-packet-mark=UDP passthrough=no
add action=mark-connection chain=postrouting disabled=no new-connection-mark=\
UDP_up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=UDP_up disabled=no \
new-packet-mark=UDP_up out-inte***ce=pppoe-out3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out2
add action=masquerade chain=srcnat disabled=no out-inte***ce=pppoe-out3
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
