I’ve written before about the difficulties of using consumer routers and access points in a situation where the number of devices goes above about 10. My latest project was to set up a wired and wireless network for my church. The challenge was to create a setup where many people (potentially up to about 100) could access the Internet over a WiFi network, whilst the same broadband connection is being used for critical services such as live steaming of the church celebration meetings and live presentation of streaming video e.g. YouTube. I chose to use Mikrotik RouterBoard kit because I’ve become familiar with it, it’s cheap, fast and powerful.

The setup uses two networks: a public WiFi network with a simple password, on 172.18.0.0/16, and a private wired and WiFi network on 172.20.0.0/16. The WiFi network uses CAPsMAN, a Mikrotik feature that allows one device to act as a configuration and management interface for all of the RouterOS WiFi access points. The 172.20 network is setup with traditional WiFi access points that bridge the WiFi side to the ethernet in each access point, so joining the WiFi network is essentially the same as plugging an RJ45 into a wall port. The 172.18 network uses CAPsMAN to setup a secondary network with its own SSID (network name) on each access point which forms a VLAN (Virtual Lan) that isn’t bridged to the private network, but comes back to the main edge router. Client to client forwarding is disabled for this network, so devices can only access the Internet, not each other.

I’ll write another article about my experiences with CAPsMAN – which is very powerful and ideal for this sort of setup. Here I describe the QoS configuration that allows us to set overall rate (bandwidth) limits for the two networks, and also prioritise traffic to/from the Internet for each network so that everyone has a good experience of browsing without compromising the mission-critical traffic such as the live video streaming.

I previously used a RouterOS QoS Script to traffic-shape my home Internet connection. Modifying this was a tempting idea, unfortunately it’s not always easy to determine which network a particular packet is heading to/from, depending on where in the RouterOS packet flow you decide to inspect the packets. Furthermore, using packet inspection and the Queue Tree, I couldn’t find a way to reliably set separate data rate (bandwidth) limits for the two different networks.

After some frustrating trial and error, I’ve put together my own script. It draws heavily on the Mikrotik-RouterOS script for classifying packets, but uses connection tracking to avoid inspecting every packet on its way through the router. Rather than using the Queue Tree, instead it uses Simple Queues. This allows us to create a queue for the WAN (wide area network) interface (in this case a BT Infinity PPPoE connection) with child queues for each network, and further child queues for the different priority packets. In fact, the Simple Queues are far from simple, they’re very powerful indeed, but a lot of the inner workings are hidden. Each queue can be bidirectional, with RouterOS automatically creating queues in the right place in the traffic flow to capture and queue the packets.

So the configuration is:

firewall mangle rules in the prerouting and postrouting chains match certain packet types and jump to special rules that will mark the packet and connection to a priority of 1-8

http traffic that doesn’t match to a special rule gets a generic packet and connection mark of ‘http’

the http traffic is tracked in the forward chain, with connections that have reached a certain byte count marked as ‘http-big’ which is then set to a lower priority

traffic that matches some site-specific IP addresses is excluded from the ‘http-big’ rule – this is to prevent the video streaming being deprioritised

two different chains of simple queues, one for each network, capturing the marked packets and passing them up to a parent queue with the correct priority from 1-8 (1 is highest), with unmarked packets captured in the priority 7 queue

the parent queue for each network set the bandwidth limit for that network and passes its packets up to a parent queue for the entire traffic to/from the WAN

the overall WAN parent queue keeps the overall upload and download rate lower than the bandwidth of the WAN

As it stands, the priority of each different packet type is the same for each network, to keep it simple. It would be easy to modify the script so that packets and connections are marked semantically (e.g. VOIP, email etc.) rather than with a 1-8 priority, then setting multiple packet mark rules in each child queue to assign the semantically marked packets to a priority. This would allow assigning a different priority to the same packet type depending on the network it’s on.

The priority queues use PCQ (Per Connection Queue) so that each device gets a fair share of the bandwidth within each packet/connection priority. The parent queues use small PFIFO queues (the Mikrotik default).

An important difference between the Queue Tree and Simple Queue systems is that Simple Queues are like firewall chains – a packet will join the first queue it matches. Therefore the parent queues must be below the child queues in the list, otherwise the packets will just match and join the parent queue. Interestingly, the concept of “upload” and “download” is reversed from what we expect – because the queues are all targeted to the WAN (“pppoe-out1”) interface, upload from that interface to the router will be a download from the point of view of another network client, and vice versa.

The gallery below shows a snapshot from WebFig interface for the packet parking and queues.

The code for the script is below:

/ip firewall layer7-protocol add comment="^.*netflix.com.*\$" name=Netflix regexp=netflix.com add comment="^.*bbci\?.co.uk.*\$" name="BBC inc iPlayer" regexp="bbci\?.co.uk" add comment="^.*ondemand\?_fcs_vhost.*\$" name="BBC iPlayer" regexp="ondemand\?_fcs_vhost" add name=RTMP regexp="^\\x03.+\\x14.+\\x02.+\\x07.(connect)\?.+(video)\?" add comment="^\\x03.+\\x14.+\\x02.+\\x07.(connect)\?.+(app)\?" name=RTMP2 regexp="^\\x03.+\\x14.+\\x02.+\\x07.(connect)" add comment="Amazon Instant Video" name=amazon regexp="GET /ondemand/" /queue type add kind=pcq name=Private-Down pcq-classifier=src-address pcq-dst-address-mask=0 pcq-dst-address6-mask=64 pcq-src-address-mask=0 pcq-src-address6-mask=64 add kind=pcq name=Private-Up pcq-classifier=dst-address pcq-dst-address-mask=0 pcq-dst-address6-mask=64 pcq-src-address-mask=0 pcq-src-address6-mask=64 add kind=pcq name=Public-Down pcq-classifier=src-address pcq-dst-address-mask=0 pcq-dst-address6-mask=64 pcq-src-address-mask=0 pcq-src-address6-mask=64 add kind=pcq name=Public-Up pcq-classifier=dst-address pcq-dst-address-mask=0 pcq-dst-address6-mask=64 pcq-src-address-mask=0 pcq-src-address6-mask=64 /queue simple add max-limit=60M/20M name="total limiter" priority=1/1 queue=default/default target=pppoe-out1 add dst=172.20.0.0/16 limit-at=40M/15M max-limit=59M/19M name=private-limiter parent="total limiter" priority=1/1 queue=default/default target=pppoe-out1 add dst=172.18.0.0/16 limit-at=20M/5M max-limit=59M/19M name=public-limiter parent="total limiter" priority=2/2 queue=default/default target=pppoe-out1 add comment="NB Upload and download reversed from normal sense as PPP is the \"target\" and the local networks are the \"destination\"" dst=172.20.0.0/16 name=Private1 packet-marks=p1 parent=private-limiter priority=1/1 queue=\ Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private2 packet-marks=p2 parent=private-limiter priority=2/2 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private3 packet-marks=p3 parent=private-limiter priority=3/3 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private4 packet-marks=p4 parent=private-limiter priority=4/4 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private5 packet-marks=p5 parent=private-limiter priority=5/5 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private6 packet-marks=p6 parent=private-limiter priority=6/6 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private7 packet-marks=p7,no-mark parent=private-limiter priority=7/7 queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.20.0.0/16 name=Private8 packet-marks=p8 parent=private-limiter queue=Private-Up/Private-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public1 packet-marks=p1 parent=public-limiter priority=1/1 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public2 packet-marks=p2 parent=public-limiter priority=2/2 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public3 packet-marks=p3 parent=public-limiter priority=3/3 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public4 packet-marks=p4 parent=public-limiter priority=4/4 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public5 packet-marks=p5 parent=public-limiter priority=5/5 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public6 packet-marks=p6 parent=public-limiter priority=6/6 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public7 packet-marks=p7,no-mark parent=public-limiter priority=7/7 queue=Public-Up/Public-Down target=pppoe-out1 add dst=172.18.0.0/16 name=Public8 packet-marks=p8 parent=public-limiter queue=Public-Up/Public-Down target=pppoe-out1 /ip firewall address-list add address=192.168.1.0/24 list=support add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you need this subnet before enable it" list=bogons add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it" disabled=yes list=bogons add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it" list=bogons add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons add address=198.18.0.0/15 comment="NIDB Testing" list=bogons add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this subnet before enable it" list=bogons add address=192.168.1.0/24 disabled=yes list=QOSCustomerIPs add address=86.157.0.0/16 comment="ISP IP Addresses" disabled=yes list=ISP add address=172.16.0.0/16 comment="ISP IP Addresses" disabled=yes list=ISP add address=12.129.193.0/24 comment=WoW list=games add address=12.129.222.0/23 comment=WoW list=games add address=12.129.225.0/24 comment=WoW list=games add address=12.129.228.0/24 comment=WoW list=games add address=12.129.233.0/24 comment=WoW list=games add address=12.129.252.0/23 comment=WoW list=games add address=63.241.255.0/24 comment=WoW list=games add address=72.5.213.0/24 comment=WoW list=games add address=80.239.149.0/24 comment=WoW list=games add address=80.239.179.0/24 comment=WoW list=games add address=80.239.181.0/24 comment=WoW list=games add address=80.239.185.0/24 comment=WoW list=games add address=80.239.233.0/24 comment=WoW list=games add address=192.12.244.0/24 comment=WoW list=games add address=195.12.246.0/24 comment=WoW list=games add address=199.107.6.0/23 comment=WoW list=games add address=199.107.24.0/23 comment=WoW list=games add address=206.16.118.0/23 comment=WoW list=games add address=206.16.147.0/24 comment=WoW list=games add address=206.18.148.0/23 comment=WoW list=games add address=206.18.98.0/23 comment=WoW list=games add address=206.16.235.0/24 comment=WoW list=games add address=206.17.111.0/24 comment=WoW list=games add address=213.248.123.0/24 comment=WoW list=games add address=213.248.127.0/24 comment=WoW list=games add address=202.9.66.0/23 comment=SC2 list=games add address=12.129.254.0/23 comment=SC2 list=games add address=12.129.206.0/24 comment=SC2 list=games add address=12.129.242.0/24 comment="Diablo III" list=games add address=12.130.245.0/24 comment="Diablo III" list=games add address=12.130.244.0/24 comment="Diablo III" list=games add address=12.130.246.0/24 comment="Diablo III" list=games add address=63.150.138.0/24 comment="Dota 2" list=games add address=103.10.124.0/24 comment="Dota 2" list=games add address=103.10.125.0/24 comment="Dota 2" list=games add address=103.28.54.0/23 comment="Dota 2" list=games add address=146.66.152.0/23 comment="Dota 2" list=games add address=146.66.154.0/24 comment="Dota 2" list=games add address=146.66.155.0/24 comment="Dota 2" list=games add address=146.66.156.0/23 comment="Dota 2" list=games add address=146.66.158.0/23 comment="Dota 2" list=games add address=185.25.180.0/23 comment="Dota 2" list=games add address=185.25.182.0/24 comment="Dota 2" list=games add address=192.69.96.0/22 comment="Dota 2" list=games add address=205.196.6.0/24 comment="Dota 2" list=games add address=208.64.200.0/24 comment="Dota 2" list=games add address=208.64.201.0/24 comment="Dota 2" list=games add address=208.64.202.0/24 comment="Dota 2" list=games add address=208.64.203.0/24 comment="Dota 2" list=games add address=208.78.164.0/22 comment="Dota 2" list=games add address=216.111.123.0/24 comment="Dota 2" list=games add address=31.186.224.0/24 comment="LoL Europe" list=games add address=31.186.226.0/24 comment="LoL Europe" list=games add address=64.7.194.0/24 comment="LoL Europe" list=games add address=95.172.65.0/24 comment="LoL Europe" list=games add address=95.172.70.0/24 comment="LoL Europe" list=games add address=66.150.148.0/24 comment="LoL EU-NE" list=games add address=192.64.168.0/24 comment="LoL NA" list=games add address=192.64.169.0/24 comment="LoL NA" list=games add address=192.64.170.0/24 comment="LoL NA" list=games add address=216.133.234.0/24 comment="LoL NA" list=games add address=59.100.95.128/25 comment="LoL Oceania" list=games add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" list=games add address=216.240.136.162 comment="Lowerping - US West - Panther 1" list=games add address=216.240.145.9 comment="Lowerping - US West - Panther 2" list=games add address=64.69.36.224 comment="Lowerping - US West - Panther 3" list=games add address=208.70.75.171 comment="Lowerping - US West - Panther 4" list=games add address=208.70.78.93 comment="Lowerping - US West - Panther 5" list=games add address=216.240.136.167 comment="Lowerping - US West - Panther 6" list=games add address=64.56.65.9 comment="Lowerping - US West - Tiger 1" list=games add address=74.222.8.249 comment="Lowerping - US West - Tiger 2" list=games add address=216.18.198.2 comment="Lowerping - US West - Fox 1" list=games add address=173.231.26.242 comment="Lowerping - US West - Fox 2" list=games add address=66.212.28.128 comment="Lowerping - US West - Lion A1" list=games add address=66.63.191.237 comment="Lowerping - US West - Lion A2" list=games add address=72.11.142.216 comment="Lowerping - US West - Lion B1" list=games add address=72.11.142.217 comment="Lowerping - US West - Lion B2" list=games add address=96.44.172.186 comment="Lowerping - US West - Lion C1" list=games add address=96.44.177.26 comment="Lowerping - US West - Lion C2" list=games add address=96.44.177.27 comment="Lowerping - US West - Lion D1" list=games add address=72.11.142.218 comment="Lowerping - US West - Lion D2" list=games add address=64.120.10.178 comment="Lowerping - US West - Panda 1" list=games add address=72.51.46.93 comment="Lowerping - US West - Rhino 1" list=games add address=173.245.68.180 comment="Lowerping - US West - Squid 1" list=games add address=173.245.68.178 comment="Lowerping - US West - Squid 2" list=games add address=8.17.252.162 comment="Lowerping - US West - Koala 1" list=games add address=8.17.252.163 comment="Lowerping - US West - Koala 2" list=games add address=50.23.65.37 comment="Lowerping - US West - Salmon 1" list=games add address=174.127.96.124 comment="Lowerping - US West - Salmon 2" list=games add address=174.127.96.127 comment="Lowerping - US West - Salmon 3" list=games add address=66.109.20.100 comment="Lowerping - US East - Cobra 1" list=games add address=66.199.235.194 comment="Lowerping - US East - Otter 1" list=games add address=72.9.100.90 comment="Lowerping - US East - Otter 2" list=games add address=173.208.45.82 comment="Lowerping - US East - Spider 1" list=games add address=69.162.127.98 comment="Lowerping - US Central - Frog 1" list=games add address=174.133.108.202 comment="Lowerping - US Central - Tadpole 1" list=games add address=174.34.132.50 comment="Lowerping - US Central - Toad 1" list=games add address=70.32.43.122 comment="Lowerping - Chicago - Macaw 1" list=games add address=184.154.38.138 comment="Lowerping - Chicago - Jaguar 1" list=games add address=78.129.220.51 comment="Lowerping - Europe - London 1" list=games add address=188.138.24.38 comment="Lowerping - Europe - Germany 1" list=games add address=85.10.193.111 comment="Lowerping - Europe - Germany 3" list=games add address=94.75.208.164 comment="Lowerping - Europe - Netherlands 1" list=games add address=62.212.91.21 comment="Lowerping - Europe - Netherlands 2" list=games add address=91.191.144.94 comment="Lowerping - Europe - Paris 1" list=games add address=46.21.207.116 comment="Lowerping - Europe - Paris 2" list=games add address=159.153.0.0/16 comment="SWTOR - USA/EUROPE" list=games add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it" disabled=yes list=bogons add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it" disabled=yes list=bogons add address=86.157.0.0/16 comment="ISP IP Addresses" disabled=yes list=ISP add address=172.16.0.0/16 comment="ISP IP Addresses" disabled=yes list=ISP add address=172.20.0.0/16 list=support add address=172.16.0.0/16 list=QOSCustomerIPs add address=172.18.0.0/16 list=QOSCustomerIPs add address=X.X.X.X/24 comment="live streaming" list=site-specific add address=172.18.0.0/16 list=support /ip firewall mangle add action=mark-packet chain=postrouting comment="Mark all pure ACK packets p1 for outbound traffic." new-packet-mark=p1 out-interface=all-ppp packet-size=0-40 passthrough=no protocol=tcp tcp-flags=ack add action=mark-packet chain=prerouting comment="Mark all pure ACK packets p1 for inbound traffic." in-interface=all-ppp new-packet-mark=p1 packet-size=0-40 passthrough=no protocol=tcp tcp-flags=ack add action=log chain=notes comment="The following set the priorities for each traffic type" add action=mark-packet chain=site new-packet-mark=p1 add action=mark-connection chain=site new-connection-mark=p1 passthrough=no add action=mark-packet chain=proto new-packet-mark=p1 add action=mark-connection chain=proto new-connection-mark=p1 passthrough=no add action=mark-packet chain=streaming-video new-packet-mark=p2 add action=mark-connection chain=streaming-video new-connection-mark=p2 passthrough=no add action=mark-packet chain=voip new-packet-mark=p3 add action=mark-connection chain=voip new-connection-mark=p3 passthrough=no add action=mark-packet chain=http new-packet-mark=p4 add action=mark-connection chain=http new-connection-mark=http passthrough=no add action=mark-packet chain=IM new-packet-mark=p7 add action=mark-connection chain=IM new-connection-mark=p7 passthrough=no add action=mark-packet chain=social new-packet-mark=p6 add action=mark-connection chain=social new-connection-mark=p6 passthrough=no add action=mark-packet chain=dev new-packet-mark=p5 add action=mark-connection chain=dev new-connection-mark=p5 passthrough=no add action=mark-packet chain=email new-packet-mark=p7 add action=mark-connection chain=email new-connection-mark=p7 passthrough=no add action=mark-packet chain=remote new-packet-mark=p6 add action=mark-connection chain=remote new-connection-mark=p6 passthrough=no add action=mark-packet chain=game new-packet-mark=p8 add action=mark-connection chain=game new-connection-mark=p8 passthrough=no add action=mark-packet chain=p2p new-packet-mark=p8 add action=mark-connection chain=p2p new-connection-mark=p8 passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p1" connection-mark=p1 in-interface=all-ppp new-packet-mark=p1 passthrough=no add action=mark-packet chain=postrouting connection-mark=p1 new-packet-mark=p1 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p2" connection-mark=p2 in-interface=all-ppp new-packet-mark=p2 passthrough=no add action=mark-packet chain=postrouting connection-mark=p2 new-packet-mark=p2 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p3" connection-mark=p3 in-interface=all-ppp new-packet-mark=p3 passthrough=no add action=mark-packet chain=postrouting connection-mark=p3 new-packet-mark=p3 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p4" connection-mark=p4 in-interface=all-ppp new-packet-mark=p4 passthrough=no add action=mark-packet chain=postrouting connection-mark=p4 new-packet-mark=p4 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p5" connection-mark=p5 in-interface=all-ppp new-packet-mark=p5 passthrough=no add action=mark-packet chain=postrouting connection-mark=p5 new-packet-mark=p5 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p6" connection-mark=p6 in-interface=all-ppp new-packet-mark=p6 passthrough=no add action=mark-packet chain=postrouting connection-mark=p6 new-packet-mark=p6 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p7" connection-mark=p7 in-interface=all-ppp new-packet-mark=p7 passthrough=no add action=mark-packet chain=postrouting connection-mark=p7 new-packet-mark=p7 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="Already marked connections carry on p8" connection-mark=p8 in-interface=all-ppp new-packet-mark=p8 passthrough=no add action=mark-packet chain=postrouting connection-mark=p8 new-packet-mark=p8 out-interface=all-ppp passthrough=no add action=mark-connection chain=forward comment="Catch any connections DOWN >10Mb (exclude site)" connection-bytes=100000000-0 in-interface=all-ppp new-connection-mark=http-big protocol=tcp src-address-list=!site-specific src-port=\ 80,443,8080 add action=mark-connection chain=forward comment="Catch any connections UP >10Mb (exclude site)" connection-bytes=100000000-0 dst-address-list=!site-specific dst-port=80,443,8080 new-connection-mark=http-big out-interface=all-ppp \ protocol=tcp add action=mark-packet chain=prerouting comment="set priority for http-big connections DOWN" connection-mark=http-big in-interface=all-ppp new-packet-mark=p8 passthrough=no add action=mark-packet chain=postrouting comment="set priority for http-big connections UP" connection-mark=http-big new-packet-mark=p8 out-interface=all-ppp passthrough=no add action=mark-packet chain=prerouting comment="HTTP down connections packet marked" connection-mark=http in-interface=all-ppp new-packet-mark=p4 passthrough=no add action=mark-packet chain=postrouting comment="HTTP up connections packet mark" connection-mark=http new-packet-mark=p7 out-interface=all-ppp passthrough=no add action=log chain=notes comment="Start of QoS tree version updated on 4/4/2014" add chain=prerouting comment="Accept traffic From QOSCustomerIPs to QOSCustomerIPs" dst-address-list=QOSCustomerIPs src-address-list=QOSCustomerIPs add action=jump chain=prerouting comment="P2P Connections" in-interface=all-ppp jump-target=p2p p2p=all-p2p add action=jump chain=postrouting jump-target=p2p out-interface=all-ppp p2p=all-p2p add action=jump chain=prerouting comment="Default Bittorrent" in-interface=all-ppp jump-target=p2p protocol=tcp src-port=6881 add action=jump chain=postrouting comment="Default Bittorrent" dst-port=6881 jump-target=p2p out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Mark ISP" in-interface=all-ppp jump-target=proto_down src-address-list=ISP add action=jump chain=postrouting comment="Mark ISP" dst-address-list=ISP jump-target=proto out-interface=all-ppp add action=jump chain=prerouting comment=BGP in-interface=all-ppp jump-target=proto_down protocol=tcp src-port=179 add action=jump chain=postrouting comment=BGP dst-port=179 jump-target=proto out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=OSPF in-interface=all-ppp jump-target=proto_down protocol=ospf add action=jump chain=postrouting comment=OSPF jump-target=voip out-interface=all-ppp protocol=ospf add action=jump chain=postrouting comment="Mark VoIP/ICMP Test (8080 udp)" connection-bytes=0-1000000 dst-port=8080 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp)" connection-bytes=0-1000000 in-interface=all-ppp jump-target=proto_down protocol=udp src-port=8080 add action=jump chain=prerouting comment="Mark DNS 0-64k" connection-rate=0-64k dst-port=53 in-interface=all-ppp jump-target=proto_down protocol=tcp add action=jump chain=postrouting comment="Mark DNS 0-64k" connection-rate=0-64k jump-target=proto out-interface=all-ppp protocol=tcp src-port=53 add action=jump chain=postrouting comment="Mark DNS 0-64k" connection-rate=0-64k dst-port=53 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Mark DNS 0-64k" connection-rate=0-64k in-interface=all-ppp jump-target=proto_down protocol=udp src-port=53 add action=jump chain=postrouting comment=ICMP jump-target=proto out-interface=all-ppp protocol=icmp add action=jump chain=prerouting comment=ICMP in-interface=all-ppp jump-target=proto_down protocol=icmp add action=jump chain=postrouting comment=FaceTime connection-rate=0-512k dst-port=3478,4080,5223 jump-target=voip out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=FaceTime connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=tcp src-port=3478,4080,5223 add action=jump chain=postrouting comment=FaceTime connection-rate=0-512k dst-port=16393-16402 jump-target=voip out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment=FaceTime connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=udp src-port=16393-16402 add action=jump chain=postrouting comment="VOIP - SIP - 0-512k" connection-rate=0-512k dst-port=5060-5061 jump-target=voip out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="VOIP - SIP - 0-512k" connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=tcp src-port=5060-5061 add action=jump chain=postrouting comment="VOIP - SIP - 0-512k" connection-rate=0-512k dst-port=5060-5061 jump-target=voip out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="VOIP - SIP - 0-512k" connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=udp src-port=5060-5061 add action=jump chain=prerouting comment="VOIP - mark DSCP 46" dscp=46 jump-target=voip add action=jump chain=postrouting comment="For the voip connection mark - 0-512k" connection-mark=voip connection-rate=0-512k jump-target=voip out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="For the voip connection mark - 0-512k " connection-mark=voip connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=tcp add action=jump chain=postrouting comment="For the voip connection mark - 0-512k" connection-mark=voip connection-rate=0-512k jump-target=voip out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="For the voip connection mark - 0-512k" connection-mark=voip connection-rate=0-512k in-interface=all-ppp jump-target=voip protocol=udp add action=jump chain=prerouting comment=NTP. dst-port=123 in-interface=all-ppp jump-target=proto_down protocol=udp src-port=123 add action=jump chain=postrouting comment=NTP. dst-port=123 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="WINBOX " in-interface=all-ppp jump-target=proto_down protocol=tcp src-port=8291 add action=jump chain=postrouting comment="WINBOX " dst-port=8291 jump-target=proto out-interface=all-ppp protocol=tcp add action=jump chain=postrouting comment="### SITE SPECIFIC ADDRESS LIST ###" dst-address-list=site-specific jump-target=site out-interface=all-ppp add action=jump chain=prerouting comment="### SITE SPECIFIC ADDRESS LIST ###" in-interface=all-ppp jump-target=site src-address-list=site-specific add action=jump chain=postrouting comment="RDP/VNC 0-1Mbps" connection-rate=0-1M dst-port=3389,5900 jump-target=remote out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="RDP/VNC 0-1Mbps" connection-rate=0-1M in-interface=all-ppp jump-target=remote protocol=tcp src-port=3389,5900 add action=jump chain=prerouting comment="RDP/VNC 0-1Mbps" connection-rate=0-1M in-interface=all-ppp jump-target=remote protocol=tcp src-port=3389,5900 add action=jump chain=postrouting comment="Steam (codMW2)" connection-rate=0-128k dst-port=5223,3074 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Steam (codMW2)" connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=tcp src-port=5223,3074 add action=jump chain=postrouting comment="Steam (codMW2)" connection-rate=0-128k dst-port=2005,3074,3075 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Steam (codMW2)" connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=2005,3074,3075 add action=jump chain=postrouting comment="Steam (codMW2)" connection-rate=0-64k dst-port=1500,3005,3101,28960 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Steam (codMW2)" connection-rate=0-64k in-interface=all-ppp jump-target=game protocol=udp src-port=1500,3005,3101,28960 add action=jump chain=postrouting comment="SSH 0-256k up" connection-rate=0-256k dst-port=22 jump-target=proto out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="SSH 0-256k down" connection-rate=0-256k in-interface=all-ppp jump-target=proto_down protocol=tcp src-port=22 add action=jump chain=postrouting comment="ICQ " dst-port=5190 jump-target=IM out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="ICQ " in-interface=all-ppp jump-target=IM protocol=tcp src-port=5190 add action=jump chain=postrouting comment="MSN " dst-port=1863 jump-target=IM out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="MSN " in-interface=all-ppp jump-target=IM protocol=tcp src-port=1863 add action=jump chain=postrouting comment="NateON (Messenger) 0-128" connection-rate=0-128k dst-port=5004 jump-target=IM out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="NateON (Messenger) 0-128k" connection-rate=0-128k in-interface=all-ppp jump-target=IM protocol=tcp src-port=5004 add action=jump chain=postrouting comment="telnet 0-64k up " connection-rate=0-64k dst-port=23 jump-target=proto out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="telnet 0-64k down " connection-rate=0-64k in-interface=all-ppp jump-target=proto_down protocol=tcp src-port=23 add action=jump chain=postrouting comment="IPSEC-ESP -" jump-target=proto out-interface=all-ppp protocol=ipsec-esp add action=jump chain=prerouting comment="IPSEC-ESP -" in-interface=all-ppp jump-target=proto_down protocol=ipsec-esp add action=jump chain=postrouting comment="IPSEC-AH -" jump-target=proto out-interface=all-ppp protocol=ipsec-ah add action=jump chain=prerouting comment="IPSEC-AH -" in-interface=all-ppp jump-target=proto_down protocol=ipsec-ah add action=jump chain=postrouting comment="IPSEC NAT-Traversal p3 " dst-port=4500 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="IPSEC NAT-Traversal p3 " in-interface=all-ppp jump-target=proto_down protocol=udp src-port=4500 add action=jump chain=postrouting comment="This will match Hulu and similar streams -" dst-port=1935 jump-target=streaming-video out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="This will match Hulu and similar streams -" in-interface=all-ppp jump-target=streaming-video protocol=tcp src-port=1935 add action=jump chain=postrouting comment="RTSP (Real time streaming protocol) " dst-port=554 jump-target=streaming-video out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="RTSP (Real time streaming protocol) " in-interface=all-ppp jump-target=streaming-video protocol=tcp src-port=554 add action=jump chain=postrouting comment="RTSP (Real time streaming protocol) " dst-port=554 jump-target=streaming-video out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="RTSP (Real time streaming protocol) " in-interface=all-ppp jump-target=streaming-video protocol=udp src-port=554 add action=jump chain=postrouting comment=Pop3 dst-port=110 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=Pop3 in-interface=all-ppp jump-target=email_down protocol=tcp src-port=110 add action=jump chain=postrouting comment="SMTP traffic" dst-port=25 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="SMTP traffic" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=25 add action=jump chain=postrouting comment="Secure SMTP" dst-port=465 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Secure SMTP" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=465 add action=jump chain=postrouting comment="Secure IMAP" dst-port=485 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Secure IMAP" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=485 add action=jump chain=postrouting comment="IMAP over SSL" dst-port=993 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="IMAP over SSL" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=993 add action=jump chain=postrouting comment=IMAP dst-port=143 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=IMAP in-interface=all-ppp jump-target=email_down protocol=tcp src-port=143 add action=jump chain=postrouting comment="POP3 over SSL" dst-port=995 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="POP3 over SSL" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=995 add action=jump chain=postrouting comment=Subversion dst-port=3690 jump-target=dev out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=Subversion in-interface=all-ppp jump-target=dev protocol=tcp src-port=3690 add action=jump chain=postrouting comment=SNMP dst-port=161 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment=SNMP in-interface=all-ppp jump-target=proto_down protocol=udp src-port=161 add action=jump chain=postrouting comment=OpenVPN dst-port=1194 jump-target=proto out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment=OpenVPN in-interface=all-ppp jump-target=proto_down protocol=udp src-port=1194 add action=jump chain=postrouting comment="Steam (login) 0-128k" connection-rate=0-128k dst-port=27014-27050 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Steam (login) 0-128k" connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=27014-27050 add action=jump chain=postrouting comment="Steam (downloads)" dst-port=27014-27050 jump-target=http out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Steam (downloads)" in-interface=all-ppp jump-target=http protocol=tcp src-port=27014-27050 add action=jump chain=postrouting comment=NNTP dst-port=119 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment=NNTP in-interface=all-ppp jump-target=email_down protocol=tcp src-port=119 add action=jump chain=postrouting comment="NNTP - Alt port" dst-port=433 jump-target=email out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="NNTP - Alt port" in-interface=all-ppp jump-target=email_down protocol=tcp src-port=433 add action=jump chain=postrouting comment="Steam (games) 0-256k down " connection-rate=0-256k dst-port=27000-28999 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Steam (games) 0-256k up " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=27000-27015 add action=jump chain=postrouting comment="GunZ (games) 0-256k down " connection-rate=0-256k dst-port=7700-7800 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="GunZ (games) 0-256k up " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=7700-7800 add action=jump chain=prerouting comment="Trickster Online (games) 0-128k up " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=10006,13339,22006 add action=jump chain=postrouting comment="Trickster Online (games) 0-128k down " connection-rate=0-128k dst-port=10006,13339,22006 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=postrouting comment="Battle.net (games) 0-128k " connection-rate=0-128k dst-port=6112-6119 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Battle.net (games) 0-128k " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=6112-6119 add action=jump chain=postrouting comment="Warcraft 3 and WoW 0-128k (games) " connection-rate=0-128k dst-port=6112-6119 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Warcraft 3 and WoW 0-512k (games) " connection-rate=0-512k in-interface=all-ppp jump-target=game protocol=tcp src-port=6112-6119 add action=jump chain=postrouting comment="World of Warcraft (games) 0-128k up " connection-rate=0-128k dst-port=1119 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="World of Warcraft (games) 0-512k down " connection-rate=0-512k in-interface=all-ppp jump-target=game protocol=tcp src-port=1119 add action=jump chain=prerouting comment="World of Warcraft (games) 0-512k down " connection-rate=0-512k in-interface=all-ppp jump-target=game protocol=tcp src-port=3724 add action=jump chain=postrouting comment="World of Warcraft (games) 0-128k up " connection-rate=0-128k dst-port=3724 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="EVE Online (games) 0-512k down " connection-rate=0-512k in-interface=all-ppp jump-target=game protocol=tcp src-port=26000 add action=jump chain=postrouting comment="EVE Online (games) 0-512k up " connection-rate=0-128k dst-port=26000 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=postrouting comment="Garena 0-128k (games) " connection-rate=0-128k dst-port=1513 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Garena 0-128k (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=1513 add action=jump chain=postrouting comment="Garena 0-128k (games) " connection-rate=0-128k dst-port=7456 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Garena 0-128k (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=7456 add action=jump chain=postrouting comment="Garena 0-128k (games) " connection-rate=0-128k dst-port=8687 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Garena 0-128k (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=8687 add action=jump chain=postrouting comment="Lineage 0-128k (games) " connection-rate=0-128k dst-port=2000,2003 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Lineage 0-128k (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=2000,2003 add action=jump chain=postrouting comment="PlayStation Network (games) 0-128k up " connection-rate=0-128k dst-port=3478,3479,3658 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="PlayStation Network (games) 0-256k down " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=3478,3479,3658 add action=jump chain=postrouting comment="PlayStation Network (games) 0-128k up " connection-rate=0-128k dst-port=5223 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="PlayStation Network (games) 0-256k down " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=tcp src-port=5223 add action=jump chain=postrouting comment="Xbox Live (games) " dst-port=3074 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Xbox Live (games) " in-interface=all-ppp jump-target=game protocol=udp src-port=3074 add action=jump chain=postrouting comment="Xbox Live (games) " dst-port=3074 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Xbox Live (games) " in-interface=all-ppp jump-target=game protocol=tcp src-port=3074 add action=jump chain=postrouting comment="Guild Wars (games) 0-1024k up " connection-rate=0-1024k dst-port=6112,6600 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Guild Wars (games) 0-2048k down " connection-rate=0-2048k in-interface=all-ppp jump-target=game protocol=tcp src-port=6112,6600 add action=jump chain=postrouting comment="Company of Heroes (games) 0-128k up " connection-rate=0-128k dst-port=30260 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Company of Heroes (games) 0-128k down " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=30260 add action=jump chain=postrouting comment="Heroes of Newerth (games) 0-128k up " connection-rate=0-128k dst-port=11235-11335 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Heroes of Newerth (games) 0-128k down " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=11235-11335 add action=jump chain=postrouting comment="Heroes of Newerth (games) 0-128k up " connection-rate=0-128k dst-port=11031 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Heroes of Newerth (games) 0-128k down " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=11031 add action=jump chain=postrouting comment="AVA (games) 0-128k " connection-rate=0-128k dst-port=28004 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="AVA (games) 0-128k " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=28004 add action=jump chain=prerouting comment="World of Warcraft (games) 0-256k down " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=tcp src-port=3724 add action=jump chain=postrouting comment="World of Warcraft (games) 0-128k up " connection-rate=0-128k dst-port=3724 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=postrouting comment="Steam (codMW2) PS3 0-128k " connection-rate=0-128k dst-port=5223,3074 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Steam (codMW2) PS3 0-128k " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=tcp src-port=5223,3074 add action=jump chain=postrouting comment="Steam (codMW2) PS3 0-128k " connection-rate=0-128k dst-port=2005,3074,3075 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Steam (codMW2) PS3 0-128k " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=2005,3074,3075 add action=jump chain=postrouting comment="Steam (codMW2) 0-64k down " connection-rate=0-64k dst-port=1500,3005,3101,28960 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Steam (codMW2) 0-64k up " connection-rate=0-64k in-interface=all-ppp jump-target=game protocol=udp src-port=1500,3005,3101,28960 add action=jump chain=postrouting comment="BFBC2 (games) " dst-port=18390,18395,13505 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="BFBC2 (games) " in-interface=all-ppp jump-target=game protocol=tcp src-port=18390,18395,13505 add action=jump chain=postrouting comment="BFBC2 (games) " dst-port=18395 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="BFBC2 (games) " in-interface=all-ppp jump-target=game protocol=udp src-port=18395 add action=jump chain=postrouting comment="Requiem Online 0-256k (games) " connection-rate=0-256k dst-port=7110,7230 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Requiem Online 0-256k (games) " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=tcp src-port=7230,7110 add action=jump chain=postrouting comment="Crysis 2 (games) " connection-rate=0-128k dst-port=64100 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Crysis 2 (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=64100 add action=jump chain=prerouting comment="UT3 (games) 0-128k down " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=7777,3783 add action=jump chain=postrouting comment="UT3 (games) 0-128k up " connection-rate=0-128k dst-port=7777,3783 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=postrouting comment="Rift (games) 0-128k down " connection-rate=0-128k dst-port=6520-6540 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Rift (games) 0-128k up " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=6520-6540 add action=jump chain=postrouting comment="Red Alert 3 (games) " connection-rate=0-128k dst-port=4321,6660-6669,28900,29900,2901 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Red Alert 3 (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=udp src-port=4321,6660-6669,28900,29900,2901 add action=jump chain=postrouting comment="Red Alert 3 (games) " connection-rate=0-128k dst-port=6515,6500,13139,27900 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=prerouting comment="Red Alert 3 (games) " connection-rate=0-128k in-interface=all-ppp jump-target=game protocol=tcp src-port=6515,6500,13139,27900 add action=jump chain=prerouting comment="Freelancer (games) 0-256k down " connection-rate=0-256k in-interface=all-ppp jump-target=game protocol=udp src-port=2302-2304 add action=jump chain=postrouting comment="Freelancer (games) 0-128k up " connection-rate=0-128k dst-port=2302-2304 jump-target=game out-interface=all-ppp protocol=udp add action=jump chain=prerouting comment="Minecraft (games) 0-512k down " connection-rate=0-512k in-interface=all-ppp jump-target=game protocol=tcp src-port=25565 add action=jump chain=postrouting comment="Minecraft (games) 0-128k up " connection-rate=0-128k dst-port=25565 jump-target=game out-interface=all-ppp protocol=tcp add action=jump chain=postrouting comment=Filmon dst-address-list=Filmon jump-target=streaming-video out-interface=all-ppp add action=jump chain=prerouting in-interface=all-ppp jump-target=streaming-video src-address-list=Filmon add action=jump chain=postrouting comment=Netflix jump-target=streaming-video layer7-protocol=Netflix out-interface=all-ppp add action=jump chain=prerouting comment="RTMP e.g. BBC iPlayer" in-interface=all-ppp jump-target=streaming-video layer7-protocol=RTMP add action=jump chain=postrouting jump-target=streaming-video layer7-protocol=RTMP out-interface=all-ppp add action=jump chain=prerouting comment="http download" in-interface=all-ppp jump-target=http protocol=tcp src-port=80,443,8080 add action=jump chain=postrouting comment="http upload" dst-port=80,443,8080 jump-target=http out-interface=all-ppp protocol=tcp add action=log chain=notes comment="End QoS tree"