Filter
Top Products
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers 209
RouterOS v3 Configuration and User Guide
rst - drop connection
syn - new connection
urg - urgent data
tcp-mss (integer: 0..65535) - matches TCP MSS value of an IP packet
time (time-time,sat | fri | thu | wed | tue | mon | sun{+}) - allows to create filter based on the packets'
arrival time and date or, for locally generated packets, departure time and date
Instead of making two rules if you want to mark a packet, connection or routing-mark and finish mangle
table processing on that event (in other words, mark and simultaneously accept the packet), you may
disable the set by default passthrough property of the marking rule.
Usually routing-mark is not used for P2P, since P2P traffic always is routed over a default getaway.
9.2.3 Application Examples
Description
The following section discusses some examples of using the mangle facility.
Peer-to-Peer Traffic Marking
To ensure the quality of service for network connection, interactive traffic types such as VoIP and HTTP
should be prioritized over non-interactive, such as peer-to-peer network traffic. RouterOS QOS
implementation uses mangle to mark different types of traffic first, and then place them into queues with
different limits.
The following example enforces the P2P traffic will get no more than 1Mbps of the total link capacity
when the link is heavily used by other traffic otherwice expanding to the full link capacity:
[admin@AT-WR4562] > /ip firewall mangle add chain=forward \
\... p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn
[admin@AT-WR4562] > /ip firewall mangle add chain=forward \
\... connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p
[admin@AT-WR4562] > /ip firewall mangle add chain=forward \
\... connection-mark=!p2p_conn action=mark-packet new-packet-mark=other
[admin@AT-WR4562] > /ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn
1 chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p
2 chain=forward packet-mark=!p2p_conn action=mark-packet new-packet-mark=other
[admin@AT-WR4562] >
[admin@AT-WR4562] > /queue tree add parent=Public packet-mark=p2p limit-at=1000000 \
\... max-limit=100000000 priority=8
[admin@AT-WR4562] > /queue tree add parent=Local packet-mark=p2p limit-at=1000000 \
\... max-limit=100000000 priority=8
[admin@AT-WR4562] > /queue tree add parent=Public packet-mark=other limit-at=1000000 \
\... max-limit=100000000 priority=1
[admin@AT-WR4562] > /queue tree add parent=Local packet-mark=other limit-at=1000000 \
\... max-limit=100000000 priority=1
Mark by MAC address
To mark traffic from a known MAC address which goes to the router or through it, do the following:
[admin@AT-WR4562] > / ip firewall mangle add chain=prerouting \
\... src-mac-address=00:01:29:60:36:E7 action=mark-connection new-connection-
mark=known_mac_conn
[admin@AT-WR4562] > / ip firewall mangle add chain=prerouting \
\... connection-mark=known_mac_conn action=mark-packet new-packet-mark=known_mac