This is my mangle :
Code: Select all
/ip firewall mangle
add action=accept chain=prerouting comment=LOCAL dst-address-list=fs-local-ip \
src-address-list=fs-local-ip
add action=accept chain=input dst-address-list=fs-local-ip src-address-list=\
fs-local-ip
add action=accept chain=forward dst-address-list=fs-local-ip \
src-address-list=fs-local-ip
add action=accept chain=output dst-address-list=fs-local-ip src-address-list=\
fs-local-ip
add action=accept chain=postrouting dst-address-list=fs-local-ip \
src-address-list=fs-local-ip
add action=mark-packet chain=prerouting comment=ACK new-packet-mark=\
ack_traffic packet-size=0-123 passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting new-packet-mark=ack_traffic \
packet-size=0-123 passthrough=yes protocol=tcp tcp-flags=ack
add action=change-dscp chain=postrouting new-dscp=46 packet-mark=ack_traffic \
passthrough=no
add action=jump chain=prerouting comment=!LOCAL jump-target=CM
add action=jump chain=prerouting connection-mark=!no-mark jump-target=PM
add action=jump chain=postrouting jump-target=CM
add action=jump chain=postrouting connection-mark=!no-mark jump-target=PM
add action=mark-connection chain=CM comment="ICMP, DNS" connection-mark=\
no-mark new-connection-mark=icmp_conn passthrough=yes protocol=icmp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=dns_conn passthrough=yes port=53,5353,853 protocol=\
tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=dns_conn passthrough=yes port=53,5353,853 protocol=\
udp
add action=mark-connection chain=CM comment=GAME connection-mark=no-mark \
dst-address-list=List-IP-Games new-connection-mark=game_tcp_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark dst-address-list=\
List-IP-Games new-connection-mark=game_udp_conn passthrough=yes protocol=\
udp
add action=mark-connection chain=CM comment=VOIP connection-mark=no-mark \
new-connection-mark=voip_conn passthrough=yes port=\
3478,3479,5060,5061,5090,5091,8801-8810,45395,1167,1719,1720,5004 \
protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=voip_conn passthrough=yes port=3784,3785,10000-20000 \
protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=voip_conn passthrough=yes port=\
3478,3479,5060,5061,5090,5091,8801-8810,45395,1167,1719,1720,5004 \
protocol=udp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=voip_conn passthrough=yes port=3784,3785,10000-20000 \
protocol=udp
add action=mark-connection chain=CM comment=ZOOM connection-mark=no-mark \
dst-address-list=List-IP-Zoom new-connection-mark=zoom_conn passthrough=\
yes
add action=mark-connection chain=CM connection-mark=no-mark dst-address-list=\
List-IP-Zoom new-connection-mark=zoom_conn passthrough=yes port=80,443 \
protocol=tcp
add action=mark-connection chain=CM comment=WHATSAPP connection-mark=no-mark \
new-connection-mark=whatsapp_conn passthrough=yes port=\
4244,5222,5223,5228,5288,5242,5349,34784,50318,59234 protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=whatsapp_conn passthrough=yes port=\
4244,5222,5223,5228,5288,5242,5349,34784,50318,59234 protocol=udp
add action=mark-connection chain=CM connection-mark=no-mark dst-address-list=\
List-IP-Whatsapp new-connection-mark=whatsapp_conn passthrough=yes
add action=mark-connection chain=CM connection-mark=no-mark dst-address-list=\
List-IP-Whatsapp new-connection-mark=whatsapp_conn passthrough=yes port=\
443 protocol=tcp
add action=mark-connection chain=CM comment=VPN connection-mark=no-mark \
new-connection-mark=vpn_conn passthrough=yes port=1723,1701 protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=vpn_conn passthrough=yes port=\
500,1194,1701,4500,51820 protocol=udp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=vpn_conn passthrough=yes protocol=gre
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=vpn_conn passthrough=yes protocol=ipsec-esp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=vpn_conn passthrough=yes protocol=ipsec-ah
add action=mark-connection chain=CM comment=POP3 connection-mark=no-mark \
new-connection-mark=pop3_conn passthrough=yes port=995,465,587 protocol=\
tcp
add action=mark-connection chain=CM comment=HTTP/3 connection-mark=no-mark \
new-connection-mark=http_conn passthrough=yes port=80,443,8080,8443 \
protocol=tcp
add action=mark-connection chain=CM comment=QUIC connection-mark=no-mark \
new-connection-mark=quic_conn passthrough=yes port=80,443 protocol=udp
add action=mark-connection chain=CM comment="OTHERS TCP UDP" connection-mark=\
no-mark new-connection-mark=others_tcp_conn passthrough=yes protocol=tcp
add action=mark-connection chain=CM connection-mark=no-mark \
new-connection-mark=others_udp_conn passthrough=yes protocol=udp
add action=return chain=CM
add action=mark-connection chain=PM connection-mark=game_tcp_conn \
connection-rate=!0-200k new-connection-mark=game_high_tcp_conn \
passthrough=yes
add action=mark-connection chain=PM connection-mark=game_udp_conn \
connection-rate=!0-200k new-connection-mark=game_high_udp_conn \
passthrough=yes
add action=mark-connection chain=PM connection-bytes=1000000-0 \
connection-mark=http_conn connection-rate=!0-200k new-connection-mark=\
http_high_conn passthrough=yes
add action=mark-connection chain=PM connection-bytes=1000000-0 \
connection-mark=quic_conn connection-rate=!0-200k new-connection-mark=\
quic_high_conn passthrough=yes
add action=mark-connection chain=PM connection-bytes=1000000-0 \
connection-mark=others_tcp_conn connection-rate=!0-200k \
new-connection-mark=others_high_tcp_conn passthrough=yes
add action=mark-connection chain=PM connection-bytes=1000000-0 \
connection-mark=others_udp_conn connection-rate=!0-200k \
new-connection-mark=others_high_udp_conn passthrough=yes
add action=mark-packet chain=PM connection-mark=icmp_conn new-packet-mark=\
icmp_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=56 packet-mark=icmp_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=dns_conn new-packet-mark=\
dns_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=48 packet-mark=dns_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=game_tcp_conn \
new-packet-mark=game_traffic packet-mark=no-mark passthrough=yes
add action=mark-packet chain=PM connection-mark=game_udp_conn \
new-packet-mark=game_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=38 packet-mark=game_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=voip_conn new-packet-mark=\
voip_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=46 packet-mark=voip_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=zoom_conn new-packet-mark=\
zoom_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=30 packet-mark=zoom_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=whatsapp_conn \
new-packet-mark=whatsapp_traffic packet-mark=no-mark passthrough=yes
add action=change-dscp chain=PM new-dscp=30 packet-mark=whatsapp_traffic \
passthrough=no
add action=mark-packet chain=PM connection-mark=vpn_conn new-packet-mark=\
vpn_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=pop3_conn new-packet-mark=\
pop3_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=http_conn new-packet-mark=\
http_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=quic_conn new-packet-mark=\
quic_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=others_tcp_conn \
new-packet-mark=others_tcp_udp_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=others_udp_conn \
new-packet-mark=others_tcp_udp_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=game_high_tcp_conn \
new-packet-mark=game_high_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=game_high_udp_conn \
new-packet-mark=game_high_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=http_high_conn \
new-packet-mark=http_high_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=quic_high_conn \
new-packet-mark=quic_high_traffic packet-mark=no-mark passthrough=no
add action=mark-packet chain=PM connection-mark=others_high_tcp_conn \
new-packet-mark=others_high_tcp_udp_traffic packet-mark=no-mark \
passthrough=no
add action=mark-packet chain=PM connection-mark=others_high_udp_conn \
new-packet-mark=others_high_tcp_udp_traffic packet-mark=no-mark \
passthrough=no
add action=return chain=PM
add action=change-ttl chain=postrouting comment="CHANGE TTL HOTSPOT" \
dst-address=172.16.192.0/18 new-ttl=set:1 out-interface=\
bridge1-distribusi passthrough=no
add action=change-ttl chain=forward dst-address=172.16.192.0/18 new-ttl=set:1 \
out-interface=bridge1-distribusi passthrough=no
add action=change-ttl chain=postrouting comment=\
"CHANGE TTL MITRA/AGEN/RESELLER" dst-address=172.16.147.0/24 new-ttl=\
set:1 out-interface=bridge1-distribusi passthrough=no
add action=change-ttl chain=forward dst-address=172.16.147.0/24 new-ttl=set:1 \
out-interface=bridge1-distribusi passthrough=no
Code: Select all
/queue tree
add bucket-size=0.01 comment=-> max-limit=10240M name="-> Download Priority" \
parent=global queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Vpn Download" \
packet-mark=vpn_traffic parent="-> Download Priority" priority=7 queue=\
q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Http/3 Low Download" \
packet-mark=http_traffic parent="-> Download Priority" priority=2 queue=\
q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Pop3 Download" \
packet-mark=pop3_traffic parent="-> Download Priority" queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name=\
"Http/3 High Download" packet-mark=http_high_traffic parent=\
"-> Download Priority" priority=5 queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Quic High Download" \
packet-mark=quic_high_traffic parent="-> Download Priority" priority=5 \
queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name=\
"Others Tcp Udp High Download" packet-mark=others_high_tcp_udp_traffic \
parent="-> Download Priority" priority=3 queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Game High Download" \
packet-mark=game_high_traffic parent="-> Download Priority" priority=3 \
queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="No-Mark Download" \
packet-mark=no-mark parent="-> Download Priority" priority=6 queue=\
q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Whatsapp Download" \
packet-mark=whatsapp_traffic parent="-> Download Priority" priority=1 \
queue=q-download
add bucket-size=0.01 limit-at=512M max-limit=1024M name="Quic Low Download" \
packet-mark=quic_traffic parent="-> Download Priority" priority=2 queue=\
q-download
Is there anything left behind, or can it be made more optimal?
The problem I noticed was the queue tree. when I create a no-mark queue tree with the mark no-mark packet, it continues to run.
Haven't I marked all the connections and packets on my mangle? why no-mark packets are still running in the queue tree?