Un scriptillo para tenerlo a mano :P
# CAPA8.NET # SCRIPT CREATION: 2014-06-26 # AUTHORS: CRAEM + BLACKHOLD # ## MANGLE SIP # PRIORITY 1 /ip firewall mangle add action=mark-connection chain=prerouting comment=RTP dst-port=10000-20000 new-connection-mark=SIP protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=RTP dst-port=10000-20000 new-connection-mark=SIP protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=SIP dst-port=5060 new-connection-mark=SIP protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=SIP dst-port=5060 new-connection-mark=SIP protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=VTUN dst-port=5004 new-connection-mark=SIP protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=VTUN dst-port=5004 new-connection-mark=SIP protocol=udp # # MANGLE DNS SSH WINBOX ICMP IGMP SNP SNMP TELNET IRC GRE # PRIORITY 2 /ip firewall mangle add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=DNS dst-port=53 new-connection-mark=DNS protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=BGP dst-port=179 new-connection-mark=BGP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=BGP dst-port=179 new-connection-mark=BGP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=WINBOX dst-port=8291 new-connection-mark=WINBOX protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=WINBOX dst-port=8291 new-connection-mark=WINBOX protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=SSH dst-port=22 new-connection-mark=SSH protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=SSH dst-port=22 new-connection-mark=SSH protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP dst-port=1 new-connection-mark=ICMP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=ICMP dst-port=1 new-connection-mark=ICMP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP dst-port=58 new-connection-mark=ICMP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=ICMP dst-port=58 new-connection-mark=ICMP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IGMP dst-port=2 new-connection-mark=IGMP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IGMP dst-port=2 new-connection-mark=IGMP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=SNP dst-port=109 new-connection-mark=SNP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=SNP dst-port=109 new-connection-mark=SNP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=161 new-connection-mark=SNMP protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=SNMP dst-port=162 new-connection-mark=SNMP protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=TELNET dst-port=23 new-connection-mark=TELNET protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=TELNET dst-port=23 new-connection-mark=TELNET protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6665 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6665 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6666 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6666 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6667 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6667 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IRC dst-port=6697 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IRC dst-port=6697 new-connection-mark=IRC protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=GRE new-connection-mark=GRE passthrough=yes protocol=gre /ip firewall mangle add action=mark-connection chain=postrouting comment=GRE new-connection-mark=GRE passthrough=yes protocol=gre # # MANGLE HTTP HTTPS PROXY # PRIORITY 3 /ip firewall mangle add action=mark-connection chain=prerouting comment=HTTP dst-port=80 new-connection-mark=HTTP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=HTTP dst-port=80 new-connection-mark=HTTP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=HTTPS dst-port=443 new-connection-mark=HTTP protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=HTTPS dst-port=443 new-connection-mark=HTTP protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=PROXY dst-port=3128 new-connection-mark=PROXY protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=PROXY dst-port=3128 new-connection-mark=PROXY protocol=tcp # # # MANGLE MARK PRIORITY 1 (SIP) /ip firewall mangle add action=mark-packet chain=prerouting comment=SIP connection-mark=SIP new-packet-mark=LEVEL1 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=SIP connection-mark=SIP new-packet-mark=LEVEL1 passthrough=no # # MANGLE MARK PRIORITY 2 /ip firewall mangle add action=mark-packet chain=prerouting comment=DNS connection-mark=DNS new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=DNS connection-mark=DNS new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=BGP connection-mark=BGP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=BGP connection-mark=BGP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=WINBOX connection-mark=WINBOX new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=WINBOX connection-mark=WINBOX new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=SSH connection-mark=SSH new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=SSH connection-mark=SSH new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP connection-mark=ICMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=ICMP connection-mark=ICMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=IGMP connection-mark=IGMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=IGMP connection-mark=IGMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=SNP connection-mark=SNP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=SNP connection-mark=SNP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=SNMP connection-mark=SNMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=SNMP connection-mark=SNMP new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=TELNET connection-mark=TELNET new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=TELNET connection-mark=TELNET new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=IRC connection-mark=IRC new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=IRC connection-mark=IRC new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=GRE connection-mark=GRE new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=GRE connection-mark=GRE new-packet-mark=LEVEL2 passthrough=no # # MANGLE MARK PRIORITY 3 /ip firewall mangle add action=mark-packet chain=prerouting comment=HTTP connection-mark=HTTP new-packet-mark=LEVEL3 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=HTTP connection-mark=HTTP new-packet-mark=LEVEL3 passthrough=no /ip firewall mangle add action=mark-packet chain=prerouting comment=PROXY connection-mark=PROXY new-packet-mark=LEVEL3 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=PROXY connection-mark=PROXY new-packet-mark=LEVEL3 passthrough=no # # # QUEUES /queue tree add name=LEVEL1 packet-mark=LEVEL1 parent=global-total priority=1 queue=default /queue tree add name=LEVEL2 packet-mark=LEVEL2 parent=global-total priority=2 queue=default /queue tree add name=LEVEL3 packet-mark=LEVEL3 parent=global-total priority=3 queue=default /queue tree add name=LEVEL4 packet-mark=LEVEL4 parent=global-total priority=4 queue=default # :log info "Script created by craem + blackhold - capa8.net ::: thanks for using it!" /
En algunas RB no está el global-total, pero está global
# QUEUES /queue tree add name=LEVEL1 packet-mark=LEVEL1 parent=global priority=1 queue=default /queue tree add name=LEVEL2 packet-mark=LEVEL2 parent=global priority=2 queue=default /queue tree add name=LEVEL3 packet-mark=LEVEL3 parent=global priority=3 queue=default /queue tree add name=LEVEL4 packet-mark=LEVEL4 parent=global priority=4 queue=default # :log info "Script created by craem + blackhold - capa8.net ::: thanks for using it!" /
IPSEC
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=50 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=50 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=51 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=51 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=500 new-connection-mark=IPSEC protocol=tcp /ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=udp /ip firewall mangle add action=mark-connection chain=prerouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=tcp /ip firewall mangle add action=mark-connection chain=postrouting comment=IPSEC dst-port=4500 new-connection-mark=IPSEC protocol=tcp /ip firewall mangle add action=mark-packet chain=prerouting comment=IPSEC connection-mark=IPSEC new-packet-mark=LEVEL2 passthrough=no /ip firewall mangle add action=mark-packet chain=postrouting comment=IPSEC connection-mark=IPSEC new-packet-mark=LEVEL2 passthrough=no