Blackhold

Priorizando paquetes en mikrotik – Queues

Posted on juny 26th, 2014 by admin

Un scriptillo para tenerlo a mano :P

# CAPA8.NET
# SCRIPT CREATION: 2014-06-26
# AUTHORS: CRAEM + BLACKHOLD
#
## MANGLE SIP # PRIORITY 1
/ip firewall mangle add action=mark-connection chain=prerouting comment=RTP dst-port=10000-20000 new-connection-mark=SIP protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=RTP dst-port=10000-20000 new-connection-mark=SIP protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SIP dst-port=5060 new-connection-mark=SIP protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SIP dst-port=5060 new-connection-mark=SIP protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=VTUN dst-port=5004 new-connection-mark=SIP protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=VTUN dst-port=5004 new-connection-mark=SIP protocol=udp
#
# MANGLE DNS SSH WINBOX ICMP IGMP SNP SNMP TELNET IRC GRE # PRIORITY 2
/ip firewall mangle add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=BGP dst-port=179 new-connection-mark=BGP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=BGP dst-port=179 new-connection-mark=BGP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=WINBOX dst-port=8291 new-connection-mark=WINBOX protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=WINBOX dst-port=8291 new-connection-mark=WINBOX protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SSH dst-port=22 new-connection-mark=SSH protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SSH dst-port=22 new-connection-mark=SSH protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP dst-port=1 new-connection-mark=ICMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=ICMP dst-port=1 new-connection-mark=ICMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP dst-port=58 new-connection-mark=ICMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=ICMP dst-port=58 new-connection-mark=ICMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IGMP dst-port=2 new-connection-mark=IGMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IGMP dst-port=2 new-connection-mark=IGMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SNP dst-port=109 new-connection-mark=SNP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SNP dst-port=109 new-connection-mark=SNP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=TELNET dst-port=23 new-connection-mark=TELNET protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=TELNET dst-port=23 new-connection-mark=TELNET protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6665 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6665 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6666 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6666 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6667 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6667 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6697 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6697 new-connection-mark=IRC protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=GRE new-connection-mark=GRE passthrough=yes protocol=gre
/ip firewall mangle add action=mark-connection chain=postrouting comment=GRE new-connection-mark=GRE passthrough=yes protocol=gre
#
# MANGLE HTTP HTTPS PROXY # PRIORITY 3
/ip firewall mangle add action=mark-connection chain=prerouting comment=HTTP dst-port=80 new-connection-mark=HTTP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=HTTP dst-port=80 new-connection-mark=HTTP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=HTTPS dst-port=443 new-connection-mark=HTTP protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=HTTPS dst-port=443 new-connection-mark=HTTP protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=PROXY dst-port=3128 new-connection-mark=PROXY protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=PROXY dst-port=3128 new-connection-mark=PROXY protocol=tcp
#
#
# MANGLE MARK PRIORITY 1 (SIP)
/ip firewall mangle add action=mark-packet chain=prerouting comment=SIP connection-mark=SIP new-packet-mark=LEVEL1 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=SIP connection-mark=SIP new-packet-mark=LEVEL1 passthrough=no
#
# MANGLE MARK PRIORITY 2
/ip firewall mangle add action=mark-packet chain=prerouting comment=DNS connection-mark=DNS new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=DNS connection-mark=DNS new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=BGP connection-mark=BGP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=BGP connection-mark=BGP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=WINBOX connection-mark=WINBOX new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=WINBOX connection-mark=WINBOX new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=SSH connection-mark=SSH new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=SSH connection-mark=SSH new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP connection-mark=ICMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=ICMP connection-mark=ICMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=IGMP connection-mark=IGMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=IGMP connection-mark=IGMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=SNP connection-mark=SNP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=SNP connection-mark=SNP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=SNMP connection-mark=SNMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=SNMP connection-mark=SNMP new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=TELNET connection-mark=TELNET new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=TELNET connection-mark=TELNET new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=IRC connection-mark=IRC new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=IRC connection-mark=IRC new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=GRE connection-mark=GRE new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=GRE connection-mark=GRE new-packet-mark=LEVEL2 passthrough=no
#
# MANGLE MARK PRIORITY 3
/ip firewall mangle add action=mark-packet chain=prerouting comment=HTTP connection-mark=HTTP new-packet-mark=LEVEL3 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=HTTP connection-mark=HTTP new-packet-mark=LEVEL3 passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=PROXY connection-mark=PROXY new-packet-mark=LEVEL3 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=PROXY connection-mark=PROXY new-packet-mark=LEVEL3 passthrough=no
#
#
# QUEUES
/queue tree add name=LEVEL1 packet-mark=LEVEL1 parent=global-total priority=1 queue=default
/queue tree add name=LEVEL2 packet-mark=LEVEL2 parent=global-total priority=2 queue=default
/queue tree add name=LEVEL3 packet-mark=LEVEL3 parent=global-total priority=3 queue=default
/queue tree add name=LEVEL4 packet-mark=LEVEL4 parent=global-total priority=4 queue=default
#
:log info "Script created by craem + blackhold - capa8.net ::: thanks for using it!" 
/

En algunas RB no está el global-total, pero está global

# QUEUES
/queue tree add name=LEVEL1 packet-mark=LEVEL1 parent=global priority=1 queue=default
/queue tree add name=LEVEL2 packet-mark=LEVEL2 parent=global priority=2 queue=default
/queue tree add name=LEVEL3 packet-mark=LEVEL3 parent=global priority=3 queue=default
/queue tree add name=LEVEL4 packet-mark=LEVEL4 parent=global priority=4 queue=default
#
:log info "Script created by craem + blackhold - capa8.net ::: thanks for using it!" 
/

IPSEC

/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=50 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=50 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=51 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=51 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=tcp
/ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=tcp


/ip firewall mangle add action=mark-packet chain=prerouting comment=IPSEC connection-mark=IPSEC new-packet-mark=LEVEL2 passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting comment=IPSEC connection-mark=IPSEC new-packet-mark=LEVEL2 passthrough=no

MOAR

« »

guy fawkes