ONLINE

PCC load balancing for equal WANs

Thursday, 15 November 2012

mikrotik how to bloch facebook and youtube....

Tuesday, 13 November 2012

ATURDAY, NOVEMBER 5, 2011

Mikrotik : How to Block Facebook - Youtube and Other sites using L7 (Layer7)

Below i will show you how to block facebook and youtube sites using Mikrotik L7 Protocols (Layer 7). here i use RouterBoardOS RB1100.

STEP 1:
you have to create new Regexp rule at Layer7 Protocols by Press

, and name it as "DENIED" (withoue quote), see details below:

You can Copy & Paste the code above at below:

^.+(facebook.com|youtube).*$

STEP 2:
Now create Filter Rules, as follow:

At General Tabs for Chain, Please Choose : Foward

At Advanced tabs, select 'DENIED' (rule that you have create at step 1) for Layer7 Protocols

Choose Action 'DROP'

And At last, your Filter rule to block facebook and youtube should have effected to your network.

try to access facebook & youtube, and you will see that the two sites will not able to access.

this can be see from the filter rule you have created, it will catch the bytes for denied sites in your network.

Limit download with IDM in Mikrotik

/Ip firewall layer7-protocol add comment = "" name = http-video regexp = \
"Http / (0 \ \ .9 | 1 \ \ .0 | 1 \ \ .1) [\ \ x09-\ \ x0d] [1-5] [0-9] [0-9] [\ \ x09 - \ \ x0d -~]*( content-type: video)"

/Ip firewall mangle
add chain = forward action = mark-connection comment = "limit download" connection-bytes = 1024000-4294967295 in-interface = lan5 new-connection-mark = Action-Download passthrough = yes disabled = no

add action = mark-packet chain = forward comment = "" connection-mark = Action-Download disabled = no in-interface = lan5 new-packet-mark = download_pkt passthrough = yes

add action = mark-packet chain = prerouting comment = "limit video streaming" disabled = no protocol = http layer7-new-video-packet-mark = http-video-up passthrough = yes protocol = tcp

add action = mark-packet chain = prerouting comment = "limit the audio stream" disabled = no protocol = http layer7-audio-new-packet-mark = http-audio-ups passthrough = yes protocol = tcp

/Queue type
add kind = pcq name = pcq-classifier = batasidownload dst-address pcq-limit = 50 pcq-rate = 256000 pcq-total-limit = 2000

/Queue simple
add burst-limit = 0 / 0 burst-threshold = 0 / 0 burst-time = 0s/0s comment = "" direction = Both disabled = no dst-address = 0.0.0.0 / 0 interface = all limit-at = 0 / 8k max-limit = 128k/128k name = "HTTP Video Traffict" packet-marks = http-video-up parent = none priority = 8 queue = default-small/default-small total-queue = default-small

add burst-limit = 0 / 0 burst-threshold = 0 / 0 burst-time = 0s/0s comment = "" direction = Both disabled = no dst-address = 0.0.0.0 / 0 interface = all limit-at = 0 / 0 max-limit = 128k/128k name = "HTTP Video Queue" packet-marks = http-video-up parent = "HTTP Video Traffict" priority = 8 queue = default-small/default-small target-addresses = 0.0.0.0 / 0 total-queue = default-small

/Queue tree
add burst-limit = 0 burst-threshold = 0 burst-time = 0s disabled = no limit-at = 0 max-limit = 256k name = batasidownloadfreebrowsing packet-mark = download_pkt parent = global-out priority = 8 queue = batasidownload

Limit Youtube Video streaming on MikroTik

/ip firewall layer7-protocol add name=http-video regexp="http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)"

/ip frewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" \ disabled=no layer7-protocol=http-video new-packet-mark=http-video \ passthrough=no

/queue simple add max-limit=0/64000 name=http-video packet-marks=http-video

other

/ip firewall layer7-protocol
add comment="" name="YouTube Download" regexp=videoplayback

add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube Download" new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=tcp

/queue type
set default-small kind=pcq name=default-small pcq-classifier=src-address,dst-address,src-port,dst-port pcq-limit=50 pcq-rate=0 pcq-total-limit=2000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=512K name=queue1 packet-mark=youtube parent=global-out priority=8 queue=default-small

load blancer 10 wan 1 lan BY qAmAr

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4
add address=192.168.5.2/24 network=192.168.5.0 broadcast=192.168.5.255 interface=WAN5
add address=192.168.6.2/24 network=192.168.6.0 broadcast=192.168.6.255 interface=WAN6
add address=192.168.7.2/24 network=192.168.7.0 broadcast=192.168.7.255 interface=WAN7
add address=192.168.8.2/24 network=192.168.8.0 broadcast=192.168.8.255 interface=WAN8
add address=192.168.9.2/24 network=192.168.9.0 broadcast=192.168.9.255 interface=WAN9
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=WAN10

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn
add chain=input in-interface=WAN5 action=mark-connection new-connection-mark=WAN5_conn
add chain=input in-interface=WAN6 action=mark-connection new-connection-mark=WAN6_conn
add chain=input in-interface=WAN7 action=mark-connection new-connection-mark=WAN7_conn
add chain=input in-interface=WAN8 action=mark-connection new-connection-mark=WAN8_conn
add chain=input in-interface=WAN9 action=mark-connection new-connection-mark=WAN9_conn
add chain=input in-interface=WAN10 action=mark-connection new-connection-mark=WAN10_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=output connection-mark=WAN5_conn action=mark-routing new-routing-mark=to_WAN5
add chain=output connection-mark=WAN6_conn action=mark-routing new-routing-mark=to_WAN6
add chain=output connection-mark=WAN7_conn action=mark-routing new-routing-mark=to_WAN7
add chain=output connection-mark=WAN8_conn action=mark-routing new-routing-mark=to_WAN8
add chain=output connection-mark=WAN9_conn action=mark-routing new-routing-mark=to_WAN9
add chain=output connection-mark=WAN10_conn action=mark-routing new-routing-mark=to_WAN10

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.6.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.7.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.8.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.9.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.10.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/4 action=mark-connection new-connection-mark=WAN5_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/5 action=mark-connection new-connection-mark=WAN6_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/6 action=mark-connection new-connection-mark=WAN7_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/7 action=mark-connection new-connection-mark=WAN8_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/8 action=mark-connection new-connection-mark=WAN9_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:10/9 action=mark-connection new-connection-mark=WAN10_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting connection-mark=WAN5_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN5
add chain=prerouting connection-mark=WAN6_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN6
add chain=prerouting connection-mark=WAN7_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN7
add chain=prerouting connection-mark=WAN8_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN8
add chain=prerouting connection-mark=WAN9_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN9
add chain=prerouting connection-mark=WAN10_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN10

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-mark=to_WAN5 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.6.1 routing-mark=to_WAN6 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.7.1 routing-mark=to_WAN7 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.8.1 routing-mark=to_WAN8 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.9.1 routing-mark=to_WAN9 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN10 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping

SOFTWARE

DOWNLOAD

mikrotik seting

Monday, 12 November 2012

ip firewall mangle add chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190 comment=”Point Blank”

ip firewall mangle add chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010

ip firewall mangle add chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no connection-mark=Game

ip firewall mangle add chain=prerouting action=jump jump-target=game

queue type add name=”Game” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

queue tree add name=”Game” parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

ip firewall mangle add chain=prerouting protocol=tcp dst-port=9339 connection-state=new action=mark-connection new-connection-mark=poker passthrough=yes comment="poker" disabled=no

ip firewall mangle add chain=prerouting connection-mark=poker action=mark-packet new-packet-mark=poker1 passthrough=no comment="" disabled=no

queue tree add name="poker mania" parent=global-out packet-mark=poker1 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

ip firewall mangle add chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=speedy out-interface=lokal packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment=”BROWSE”

ip firewall mangle add chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http

queue type add name=”Http” kind=pcq pcq-rate=768k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

queue tree add name=”Main_Browse” parent=lokal limit-at=0 priority=8 max-limit=768k burst-limit=0 burst-threshold=0 burst-time=0s

queue tree add name=”Browse” parent=Main_Browse packet-mark=http_pkt limit-at=0 queue=Http priority=8 max-limit=768k burst-limit=0 burst-threshold=0 burst-time=0s

firewall layer7 protocol

http-video
http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)

ip firewall mangle add action=mark-packet chain=prerouting comment="http-video mark-packet" disabled=no layer7-protocol=http-video new-packet-mark=http-video passthrough=no

queue simple add name="youtube" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=http-video direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

ip firewall layer7-protocol add comment="" name="Extension \" .exe \"" regexp="\\.(exe)"
ip firewall layer7-protocol add comment="" name="Extension \" .rar \"" regexp="\\.(rar)"
ip firewall layer7-protocol add comment="" name="Extension \" .zip \"" regexp="\\.(zip)"
ip firewall layer7-protocol add comment="" name="Extension \" .7z \"" regexp="\\.(7z)"
ip firewall layer7-protocol add comment="" name="Extension \" .cab \"" regexp="\\.(cab)"
ip firewall layer7-protocol add comment="" name="Extension \" .asf \"" regexp="\\.(asf)"
ip firewall layer7-protocol add comment="" name="Extension \" .mov \"" regexp="\\.(mov)"
ip firewall layer7-protocol add comment="" name="Extension \" .wmv \"" regexp="\\.(wmv)"

ip firewall layer7-protocol add comment="" name="Extension \" .mpg \"" regexp="\\.(mpg)"
ip firewall layer7-protocol add comment="" name="Extension \" .mpeg \"" regexp="\\.(mpeg)"
ip firewall layer7-protocol add comment="" name="Extension \" .mkv \"" regexp="\\.(mkv)"
ip firewall layer7-protocol add comment="" name="Extension \" .avi \"" regexp="\\.(avi)"
ip firewall layer7-protocol add comment="" name="Extension \" .flv \"" regexp="\\.(flv)"
ip firewall layer7-protocol add comment="" name="Extension \" .wav \"" regexp="\\.(wav)"
ip firewall layer7-protocol add comment="" name="Extension \" .rm \"" regexp="\\.(rm)"

ip firewall layer7-protocol add comment="" name="Extension \" .mp3 \"" regexp="\\.(mp3)"
ip firewall layer7-protocol add comment="" name="Extension \" .mp4 \"" regexp="\\.(mp4)"
ip firewall layer7-protocol add comment="" name="Extension \" .ram \"" regexp="\\.(ram)"
ip firewall layer7-protocol add comment="" name="Extension \" .rmvb \"" regexp="\\.(rmvb)"
ip firewall layer7-protocol add comment="" name="Extension \" .dat \"" regexp="\\.(dat)"

ip firewall layer7-protocol add comment="" name="Extension \" .daa \"" regexp="\\.(daa)"
ip firewall layer7-protocol add comment="" name="Extension \" .iso \"" regexp="\\.(iso)"
ip firewall layer7-protocol add comment="" name="Extension \" .nrg \"" regexp="\\.(nrg)"
ip firewall layer7-protocol add comment="" name="Extension \" .bin \"" regexp="\\.(bin)"
ip firewall layer7-protocol add comment="" name="Extension \" .vcd \"" regexp="\\.(vcd)"

ip firewall mangle add action=mark-connection chain=prerouting comment="7z DOWNS" disabled=no layer7-protocol="Extension \" .7z \"" new-connection-mark="7z DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="7z DOWNS" disabled=no new-packet-mark=7z passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="asf DOWNS" disabled=no layer7-protocol="Extension \" .asf \"" new-connection-mark="asf DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="asf DOWNS" disabled=no new-packet-mark=asf passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="avi DOWNS" disabled=no layer7-protocol="Extension \" .avi \"" new-connection-mark="avi DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="avi DOWNS" disabled=no new-packet-mark=avi passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="bin DOWNS" disabled=no layer7-protocol="Extension \" .bin \"" new-connection-mark="bin DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="bin DOWNS" disabled=no new-packet-mark=bin passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="flv DOWNS" disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" disabled=no new-packet-mark=flv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="flv DOWNS" disabled=no layer7-protocol="Extension \" .flv \"" new-connection-mark="flv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="flv DOWNS" disabled=no new-packet-mark=flv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="iso DOWNS" disabled=no layer7-protocol="Extension \" .iso \"" new-connection-mark="iso DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark= "iso DOWNS" disabled=no new-packet-mark=iso passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mkv DOWNS" disabled=no layer7-protocol="Extension \" .mkv \"" new-connection-mark="mkv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mkv DOWNS" disabled=no new-packet-mark=mkv passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="exe DOWNS" disabled=no layer7-protocol="Extension \" .exe \"" new-connection-mark="exe DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="exe DOWNS" disabled=no new-packet-mark=exe passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mov DOWNS" disabled=no layer7-protocol="Extension \" .mov \"" new-connection-mark="mov DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mov DOWNS" disabled=no new-packet-mark=mov passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mp3 DOWNS" disabled=no layer7-protocol="Extension \" .mp3 \"" new-connection-mark="mp3 DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mp3 DOWNS" disabled=no new-packet-mark=mp3 passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mp4 DOWNS" disabled=no layer7-protocol="Extension \" .mp4 \"" new-connection-mark="mp4 DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mp4 DOWNS" disabled=no new-packet-mark=mp4 passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mpeg DOWNS" disabled=no layer7-protocol="Extension \" .mpeg \"" new-connection-mark="mpeg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mpeg DOWNS" disabled=no new-packet-mark=mpeg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="mpg DOWNS" disabled=no layer7-protocol="Extension \" .mpg \"" new-connection-mark="mpg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="mpg DOWNS" disabled=no new-packet-mark=mpg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="nrg DOWNS" disabled=no layer7-protocol="Extension \" .nrg \"" new-connection-mark="nrg DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="nrg DOWNS" disabled=no new-packet-mark=nrg passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="ram DOWNS" disabled=no layer7-protocol="Extension \" .ram \"" new-connection-mark="ram DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="ram DOWNS" disabled=no new-packet-mark=ram passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="rar DOWNS" disabled=no layer7-protocol="Extension \" .rar \"" new-connection-mark="rar DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rar DOWNS" disabled=no new-packet-mark=rar passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="rm DOWNS" disabled=no layer7-protocol="Extension \" .rm \"" new-connection-mark="rm DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rm DOWNS" disabled=no new-packet-mark=rm passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="rmvb DOWNS" disabled=no layer7-protocol="Extension \" .rmvb \"" new-connection-mark="rmvb DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="rmvb DOWNS" disabled=no new-packet-mark=rmvb passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wav DOWNS" disabled=no layer7-protocol="Extension \" .wav \"" new-connection-mark="wav DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wav DOWNS" disabled=no new-packet-mark=wav passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wma DOWNS" disabled=no layer7-protocol="Extension \" .wma \"" new-connection-mark="wma DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wma DOWNS" disabled=no new-packet-mark=wma passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="wmv DOWNS" disabled=no layer7-protocol="Extension \" .wmv \"" new-connection-mark="wmv DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="wmv DOWNS" disabled=no new-packet-mark=wmv passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="zip DOWNS" disabled=no layer7-protocol="Extension \" .zip \"" new-connection-mark="zip DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="zip DOWNS" disabled=no new-packet-mark=zip passthrough=no protocol=tcp

ip firewall mangle add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=t

/ip firewall mangle add action=mark-connection chain=prerouting comment="daa DOWNS" disabled=no layer7-protocol="Extension \" .daa \"" new-connection-mark="daa DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="daa DOWNS" disabled=no new-packet-mark=daa passthrough=no protocol=tcp

/ip firewall mangle add action=mark-connection chain=prerouting comment="youtube DOWNS" disabled=no layer7-protocol="YouTube " new-connection-mark="youtube DOWNS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=postrouting comment="" connection-mark="youtube DOWNS" disabled=no new-packet-mark=youtube passthrough=no protocol=tcp

queue simple add name="exe" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=exe direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="rar" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rar direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="zip" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=zip direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="7z" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=7z direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="cab" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=cab direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="asf" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=asf direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="mov" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mov direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="wmv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wmv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="mpg" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mpg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="mpeg" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mpeg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="mkv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mkv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="avi" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=avi direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="flv" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=flv direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="wav" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=wav direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="rm" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rm direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="mp3" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp3 direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="mp4" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=mp4 direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="ram" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=ram direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="rmvb" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=rmvb direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="dat" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=dat direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="daa" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=daa direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="iso" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=iso direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small

queue simple add name="nrg" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=nrg direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
queue simple add name="bin" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=bin direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=128k/128k burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small