-
Notifications
You must be signed in to change notification settings - Fork 1
/
L7-FILTER-SECOND-EDITION
21 lines (18 loc) · 2.14 KB
/
L7-FILTER-SECOND-EDITION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/ip firewall layer7-protocol add name=video regexp="^.+(videoplayback|watch|video|youtube).*\\\$"
#DNS Address List to IP
/ip firewall address-list
add address=googlevideo.com list=Video
add address=youtube.com list=Video
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Video Address List" \ disabled=yes dst-address-list=Video new-connection-mark=video-connection \ passthrough=yes
add action=mark-connection chain=prerouting comment="Video L7" disabled=yes \ layer7-protocol=video new-connection-mark=video-connection passthrough=yes
add action=mark-packet chain=prerouting connection-mark=video-connection \ disabled=yes new-packet-mark=video-packet passthrough=no
add action=mark-connection chain=prerouting comment=Web disabled=yes dst-port=\ 80,8080,20,21,443 new-connection-mark=web-connection passthrough=yes \ protocol=tcp
add action=mark-connection chain=prerouting disabled=yes dst-port=\ 80,8080,20,21,443 new-connection-mark=web-connection passthrough=yes \ protocol=udp
add action=mark-connection chain=prerouting comment="Download more than 3Mb" \ connection-bytes=3000001-0 disabled=yes dst-port=80,8080,20,21,443 \ new-connection-mark=3M-connection passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=3000001-0 disabled=\ yes dst-port=80,8080,20,21,443 new-connection-mark=3M-connection \ passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=3M-connection disabled=\ yes new-packet-mark=3M-packet passthrough=no
add action=mark-packet chain=prerouting connection-mark=web-packet disabled=yes \ new-packet-mark=web-packet passthrough=no
add action=mark-connection chain=prerouting comment=Others disabled=yes \ dst-port=1000-65535 new-connection-mark=others-connection passthrough=yes \ protocol=tcp
add action=mark-connection chain=prerouting disabled=yes dst-port=1000-65535 \ new-connection-mark=others-connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=others-connection \ disabled=yes new-packet-mark=others-packet passthrough=no .