把几个主流的短视频软件流量抓取了下。顺便分享下在用的QOS策略。
如果发错区了,麻烦版主帮挪下。感谢CHH。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
最开始用的设备是RBD52G-5HacD2HnD,也就是hap ac2。如下图。也用过一个的戴尔的sff机器X86机器,处理器是i3 7100,没有做虚拟机,直接sata接硬盘裸跑RouterOS。但是运行起来要20w,这个ac2才要5w。所以最后也弃用了。
目前在用的方案是拆机海尔19cm*19cm的J3160的拆机主板。主板可能是bios有问腿,裸跑ROS会掉驱驱动。所以是主板pcie上双网口intel pro网卡,功耗在10W左右。
RBD52G-5HacD2HnD.jpg (275.84 KB, 下载次数: 0)
使用环境和QOS规则说明:
1、使用环境的话,也就最多三四个移动设备同时用把。还有一台PC,一台NAS,NAS上挂Debian旁路/透明代理。
2、路由器上做了DNS劫持、IP分流、l2tp,碍于AC2的硬盘大小限制,ac2上就没有做基于DNS污染的广告拦截了。但是x86做了基于DNS劫持和污染的广告拦截。
3、下面LAN网段为192.168.50.0/24,宽带为300M
4、l7规则加上其他的设置,有些费CPU。
5、其实最管用的QOS,就是宽带均分,就是90%的宽带除以设备数就可以了。但是不做流控的宽带均分存在的问题就是,如果设备内某一个流量撑满宽带,那么上网就有问题了,典型的就是如果电脑满速P2P下载,可电脑就无法上网了。这只是理论,但实际情况是现在的下载软件都会只能下载,而且家庭环境里,电脑用的少之又少,大部分使用场景是移动设备了,移动设备的可以理解为没有多任务吧。所以正常单单做一个宽带均分其实够了。以下的纯属交流学习。
6、以下流控的思想是,DNS优先、游戏和小包优先。游戏包分为tcp和udp。我这里就玩一个王者荣耀,所以基于王者测试了后做了优化。ios下王者荣耀大概是使用了udp的5010、8080(游戏开局后可能不适用)、16285、17005、18301,以及一个随机的UDP端口,以及TCP的34087。基本游戏的包大小基本在512左右,速率在80K左右。王者一局游戏半小时左右conn在15M左右。基于以上,用速率、包大小以及coon大小做定位,把游戏包和小包混在一起做优先。p2p包很多也是小速率的小包,所以要用L7优先做标记,其他就是video包、file下载包、大包等看情况用或不用了。
7、先前使用l7确定P2P流后添加dst-addr到list,再mangle标记,但是ip有些多。后来用常用的方式处理了,即用l7定位p2p的LAN-IP,然后确定此ip发出的dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905的conn为p2p的conn。虽然可能存在一定的错误标记概率,但是这里定位P2P不是为了封禁,而只是给低优先,所以还好。
8、以下分享的方案,layer7和mangle的规则是全部放上去了,直接用ac2的话,cpu可能过载重启,目前是x86,cpu性能可以跟上,所以实际使用的话,可以根据情况增减。
Ashampoo_Snap_2021.05.27_20h50m32s_006_.jpg (139.26 KB, 下载次数: 0)
Ashampoo_Snap_2021.05.27_20h50m49s_007_.jpg (155.66 KB, 下载次数: 0)
Ashampoo_Snap_2021.05.27_20h53m25s_011_.jpg (181.74 KB, 下载次数: 0)
Ashampoo_Snap_2021.05.27_20h54m42s_012_.jpg (172.74 KB, 下载次数: 0)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#update_210606_new
#update_2021-06-06_11:02
# may/27/2021 20:17:41 by RouterOS 6.47.10
#
# model = X86
/ip firewall address-list
add address=192.168.50.0/24 list=OnLineClient
add address=www.your-domain-name.com list=MyVPS
add address=www.your-domain-name-1.com list=MyVPS
add address=91.226.212.11 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=114.55.28.216 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=176.103.48.36 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=212.83.184.152 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=176.103.56.135 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=52.14.246.143 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=14.105.93.213 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=80.208.228.241 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=176.103.56.98 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=62.210.28.77 comment=00_p2p_eule_addr list=00_p2p_dst_addr
add address=213.183.51.211 comment=00_p2p_eule_addr list=00_p2p_dst_addr
##用到的一些l7规则,一部分是流传已久的规则,一部分是这两天写的
##QQmusic这个l7会匹配到王者的流量,所以后面mangle规则里把小包和games的标记规则放到了file前面
/ip firewall layer7-protocol
add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
0-9_][\\x01-\?a-z_]*[\\x02-\\x06](io)[\\x01-\\x10\\x1c][\\x01\\x03\\x04\\x\
FF]"
add comment=Xunlei name=layer7-p2p-Xunlei regexp=\
"^[()]...\?.\?.\?(reg|get|query)"
add comment=Torrent name=layer7-p2p-qBit regexp="^(\\x13bittorrent protocol|az\
ver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /clien\
t/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment=Bitcomet name=layer7-p2p-Bitcomet regexp=\
"^.*\\/client\\/bitcomet\\/.*\$"
add name=Http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
.[019]"
add name=PPStream regexp="^.\?.\?\\c.+\\c"
add name=QQLive regexp="(^get.+_.+_.+(\\.mp4|\\.flv)|^get.+(livep.\?.\?.\?)\?\
\\.(now[0-9]\?[0-9]\?|l.\?.\?.\?|wxqcloud)(\\.gtimg|\\.qq)\\.com|^\\xFE.\?\
.\?.\?.\?\\xD3)"
add name=NetTV regexp=\
"^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
add name=Qiyi regexp="^(get|post).+\\qiyi\\.\\com\\/\\player.+\\.swf"
add comment=layer7-BitTorrent name=layer7-bittorrent regexp="^(\\x13bittorrent\
\_protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_has\
h=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=xhs regexp="^get.*(video|live).*\\.xhscdn\\.com.*\$"
add name=byte regexp="^get.+((v|lf|sf)[0-9]\?[0-9]\?|pull|download).*\\.(bd|i)\
*(huoshan|xigua|douyin|pstatp|yangyi[0-9]\?[0-9]\?)(vod|tatic|cdn)*\\.com.\
*\$"
add name=kuaishou regexp="^get.*((ali|js|mov|tx)[0-9]\?[0-9]\?\\.a\\.yximgs\\.\
com|(static|pull)\\.yximgs\\.com|v[0-9]\?[0-9]\?\\.kwaicdn\\.com)"
add name=l7_qqvideo regexp="^get.*(ts|ws|[a-z]\\.\?weishi|qqvideo|shortv|livep\
.\?.\?.\?|ugcyd|(now|dldir)[0-9]\?[0-9]\?)\\.(cdp|tc|now|dldir[0-9]\?[0-9]\
\?|l.\?.\?.\?|wxqcloud)\?\\.(qq|cdntips|gtimg)\\.(com|net)"
add name=File regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z|\\.gho|\\.pdf\
|\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
add name=QQMusic regexp=\
"(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=Tencent_qq regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
0B/x7D/x98/x38/xE4.+"
add name=Tencent_qqgame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
\\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
add name=Http-web regexp=\
"\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
add name=Kugou regexp=\
"(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
add name=Http-img regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
add name=Http-jpg regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"
##filter定位在用p2p的局域网IP,timeout时间暂定为30分钟
/ip firewall filter
add action=add-src-to-address-list address-list=00_p2p_src_addr \
address-list-timeout=2h chain=forward comment="Add src to addr list_P2P" \
disabled=yes dst-address-list=!MyVPS layer7-protocol=layer7-bittorrent \
src-address-list=OnLineClient
add action=add-src-to-address-list address-list=00_p2p_src_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_Bitcomet" disabled=yes dst-address-list=!MyVPS \
layer7-protocol=layer7-p2p-Bitcomet src-address-list=OnLineClient
add action=add-src-to-address-list address-list=00_p2p_src_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_Xunlei" disabled=yes dst-address-list=!MyVPS \
layer7-protocol=layer7-p2p-Xunlei src-address-list=OnLineClient
add action=add-src-to-address-list address-list=00_p2p_src_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_qBit" disabled=yes dst-address-list=!MyVPS \
layer7-protocol=layer7-p2p-qBit src-address-list=OnLineClient
add action=add-dst-to-address-list address-list=00_p2p_dst_addr \
address-list-timeout=1h chain=forward comment=\
"Add L7P2P-dst-addr to list" dst-address-list=!MyVPS layer7-protocol=\
layer7-bittorrent src-address-list=OnLineClient
add action=add-dst-to-address-list address-list=00_p2p_dst_addr \
address-list-timeout=1h chain=forward comment=\
"Add L7Bitcomet-dst-addr to list" dst-address-list=!MyVPS \
layer7-protocol=layer7-p2p-Bitcomet src-address-list=OnLineClient
add action=add-dst-to-address-list address-list=00_p2p_dst_addr \
address-list-timeout=2h chain=forward comment=\
"Add L7Xunlei-dst-addr to list" dst-address-list=!MyVPS layer7-protocol=\
layer7-p2p-Xunlei src-address-list=OnLineClient
add action=add-dst-to-address-list address-list=00_p2p_dst_addr \
address-list-timeout=2h chain=forward comment=\
"Add L7Qbit-dst-addr to list" dst-address-list=!MyVPS layer7-protocol=\
layer7-p2p-qBit src-address-list=OnLineClient
##mangle标记流量和pac
/ip firewall mangle
add action=mark-connection chain=forward comment=\
"01_Start_For_queue_mark :: VIP_con -- your_server_port_12345" new-connection-mark=VIP \
passthrough=yes port=12345 protocol=udp
add action=mark-packet chain=forward comment=VIP_pac_up connection-mark=VIP \
new-packet-mark=VIP_u passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward comment=VIP_pac_down connection-mark=VIP \
new-packet-mark=VIP_d passthrough=no
add action=mark-connection chain=forward comment=\
"DNS\BA\CDICMP_conn: layer7 DNS" layer7-protocol=DNS new-connection-mark=\
dns&icmp passthrough=yes
add action=mark-connection chain=forward comment=\
"DNS\BA\CDICMP_conn: port 53_prerouting" dst-address-list=DNSs dst-port=\
53 new-connection-mark=dns&icmp passthrough=yes protocol=udp
add action=mark-connection chain=output comment=\
"DNS\BA\CDICMP_conn: output layer7 DNS" layer7-protocol=DNS \
new-connection-mark=dns&icmp passthrough=yes
add action=mark-connection chain=output comment=\
"DNS\BA\CDICMP_conn: port 53_output" dst-address-list=DNSs dst-port=53 \
new-connection-mark=dns&icmp passthrough=yes protocol=udp
add action=mark-connection chain=forward comment="DNS\BA\CDICMP_conn: icmp" \
new-connection-mark=dns&icmp passthrough=yes protocol=icmp
add action=mark-packet chain=forward comment="DNS\BA\CDICMP_pac: up" \
connection-mark=dns&icmp new-packet-mark=DNS&ICMP_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="DNS\BA\CDICMP_pac: down" \
connection-mark=dns&icmp new-packet-mark=DNS&ICMP_d passthrough=no
add action=mark-connection chain=forward comment=Honor_of_Kings_conn-udp_5010 \
connection-rate=1-128k dst-port=5010 new-connection-mark=Honor_of_Kings \
passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_16285 connection-rate=1-128k dst-port=16285 \
new-connection-mark=Honor_of_Kings passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_17005 connection-rate=1-128k dst-port=17005 \
new-connection-mark=Honor_of_Kings passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_18301 connection-rate=1-128k dst-port=18301 \
new-connection-mark=Honor_of_Kings passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-tcp_10027 connection-rate=1-128k new-connection-mark=\
Honor_of_Kings passthrough=yes port=10027 protocol=tcp
add action=mark-packet chain=forward comment=Honor_of_Kings_pac_up \
connection-mark=Honor_of_Kings new-packet-mark=Honor_of_Kings_u \
passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward comment=Honor_of_Kings_pac_down \
connection-mark=Honor_of_Kings new-packet-mark=Honor_of_Kings_d \
passthrough=no
add action=mark-connection chain=forward comment=\
"p2p_coon:: p2p_src_addr-tcp" dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 new-connection-mark=p2p \
passthrough=yes protocol=tcp src-address-list=zz_p2p_src_addr
add action=mark-connection chain=forward comment=\
"p2p_coon:: p2p_src_addr-udp" dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 new-connection-mark=p2p \
passthrough=yes protocol=udp src-address-list=zz_p2p_src_addr
add action=mark-connection chain=forward comment=\
"p2p_coon:: p2p_dst_addr-udp" disabled=yes dst-address-list=\
zz_p2p_dst_addr dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 \
new-connection-mark=p2p passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
"p2p_coon:: p2p_dst_addr-tcp" disabled=yes dst-address-list=\
zz_p2p_dst_addr dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 \
new-connection-mark=p2p passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="mark pac_p2p_up" \
connection-mark=p2p new-packet-mark=p2p_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="mark pac_p2p_down" \
connection-mark=p2p new-packet-mark=p2p_d passthrough=no
add action=mark-connection chain=forward comment=all_conn connection-mark=\
!heavy new-connection-mark=all_conn passthrough=yes
add action=mark-connection chain=forward comment=light_udp_traffic_conn \
connection-bytes=1-15000000 connection-mark=all_conn connection-rate=\
1-92k new-connection-mark=light_udp packet-size=1-512 passthrough=yes \
protocol=udp
add action=mark-packet chain=forward comment=light_udp_pac_up \
connection-mark=light_udp new-packet-mark=light_udp_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment=light_udp_pac_down \
connection-mark=light_udp new-packet-mark=light_udp_d passthrough=no
add action=mark-connection chain=forward comment="video_bytexhs_conn: byte" \
connection-mark=all_conn layer7-protocol=byte new-connection-mark=\
video_byte passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: byte" \
connection-mark=video_byte new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: byte" \
connection-mark=video_byte new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="video_bytexhs_conn: xhs" \
connection-mark=all_conn layer7-protocol=xhs new-connection-mark=\
video_xhs passthrough=yes
add action=mark-packet chain=output comment="Video_up_pac:: xhs" \
connection-mark=video_xhs new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac:: xhs" \
connection-mark=video_xhs new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="video_conn: kuaishou" \
connection-mark=all_conn layer7-protocol=kuaishou new-connection-mark=\
video_kuaishou passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: kuaishou" \
connection-mark=video_kuaishou new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: kuaishou" \
connection-mark=video_kuaishou new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment=video_l7qqv_conn \
connection-mark=all_conn layer7-protocol=l7_qqvideo new-connection-mark=\
video_l7qqv passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: l7qqvideo" \
connection-mark=video_l7qqv new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: l7qqvideo" \
connection-mark=video_l7qqv new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="Video_conn: QQlive" \
connection-mark=all_conn layer7-protocol=QQLive new-connection-mark=\
video_QQLive passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: QQlive" \
connection-mark=video_QQLive new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: QQlive" \
connection-mark=video_QQLive new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="Video_conn: Qiyi" \
connection-mark=all_conn layer7-protocol=Qiyi new-connection-mark=\
video_Qiyi passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: Qiyi" \
connection-mark=video_Qiyi new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: Qiyi" \
connection-mark=video_Qiyi new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="vido_conn: baidu" \
connection-mark=all_conn layer7-protocol=baidu_video new-connection-mark=\
video_baidu passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: baidu" \
connection-mark=video_baidu new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: baidu" \
connection-mark=video_baidu new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="vido_conn: NetTV" \
connection-mark=all_conn layer7-protocol=NetTV new-connection-mark=\
video_NetTV passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: NetTV" \
connection-mark=video_NetTV new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: NetTV" \
connection-mark=video_NetTV new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="Video_conn: PPStream" \
connection-mark=all_conn layer7-protocol=PPStream new-connection-mark=\
video_PPStream passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: PPStream" \
connection-mark=video_PPStream new-packet-mark=video_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: PPStream" \
connection-mark=video_PPStream new-packet-mark=video_d passthrough=no
add action=mark-connection chain=forward comment="small pac conn: UDP" \
connection-bytes=1-15000000 connection-mark=all_conn connection-rate=\
1-96k new-connection-mark=small_pac packet-size=1-311 passthrough=yes \
protocol=udp
add action=mark-connection chain=forward comment="small pac conn: TCP" \
connection-bytes=1-15000000 connection-mark=all_conn connection-rate=\
1-80k dst-port=!80,8080 new-connection-mark=small_pac packet-size=1-311 \
passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment=small_pac_u connection-mark=\
small_pac new-packet-mark=small_pac_u passthrough=no src-address-list=\
OnLineClient
add action=mark-packet chain=forward comment=small_pac_d connection-mark=\
small_pac new-packet-mark=small_pac_d passthrough=no
add action=mark-connection chain=forward comment=http_conn_HTTP \
connection-mark=all_conn layer7-protocol=Http new-connection-mark=http \
passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=http_conn_HTTP-web \
connection-mark=all_conn layer7-protocol=DNS new-connection-mark=http \
passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=http_conn_HTTP-jpg \
connection-mark=all_conn layer7-protocol=DNS new-connection-mark=http \
passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=http_conn_HTTP-img \
connection-mark=all_conn layer7-protocol=kuaishou new-connection-mark=\
http passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment=http_pac::http_up \
connection-mark=http new-packet-mark=http_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment=http_pac::http_down \
connection-mark=http dst-address-list=OnLineClient new-packet-mark=http_d \
passthrough=no
add action=mark-connection chain=forward comment=file_conn::file \
connection-mark=all_conn layer7-protocol=File new-connection-mark=file \
passthrough=yes
add action=mark-connection chain=forward comment=file_conn::QQMusic \
connection-mark=all_conn layer7-protocol=QQMusic new-connection-mark=file \
passthrough=yes
add action=mark-connection chain=forward comment=file_conn::Kugou \
connection-mark=all_conn layer7-protocol=layer7-bittorrent \
new-connection-mark=file passthrough=yes
add action=mark-packet chain=forward comment=file_pac::file_down \
connection-mark=file dst-address-list=OnLineClient new-packet-mark=file_d \
passthrough=no
add action=mark-packet chain=forward comment=file_pac::file_up \
connection-mark=file new-packet-mark=file_u passthrough=no \
src-address-list=OnLineClient
add action=mark-connection chain=forward comment=heavy_traffic_conn_TCP \
connection-bytes=16000000-0 connection-mark=all_conn connection-rate=\
251k-300M new-connection-mark=heavy passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=heavy_traffic_conn_UDP \
connection-bytes=16000000-0 connection-mark=all_conn connection-rate=\
251k-300M new-connection-mark=heavy passthrough=yes protocol=udp
add action=mark-packet chain=forward comment=heavy_traffic_pac_UP \
connection-mark=heavy new-packet-mark=heavy_u passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment=heavy_traffic_down \
connection-mark=heavy dst-address-list=OnLineClient new-packet-mark=\
heavy_d passthrough=no
add action=mark-connection chain=forward comment=other_conn connection-mark=\
all_conn new-connection-mark=others passthrough=yes
add action=mark-packet chain=forward comment=other_pac_up connection-mark=\
others new-packet-mark=others_u passthrough=no src-address-list=\
OnLineClient
add action=mark-packet chain=forward comment=\
"\BD\E1\CA\F8\A3\BA other_pac_down" connection-mark=others \
new-packet-mark=others_d passthrough=no
#queue-type、simple-queue和queue-tree设置
/queue type
set 0 kind=bfifo
set 5 pcq-burst-rate=20M pcq-burst-threshold=16M pcq-burst-time=15s pcq-rate=\
15M pcq-total-limit=1000KiB
set 6 pcq-burst-rate=160M pcq-burst-threshold=130M pcq-rate=120M \
pcq-total-limit=1000KiB
/queue simple
add burst-time=20s/0s max-limit=28M/260M name=default queue=\
pcq-upload-default/pcq-download-default target=192.168.50.0/24
add name=child1 parent=default target=192.168.50.0/24
add comment=Bypass-gateway_Broadband max-limit=18M/180M name=child2 parent=\
default target=192.168.50.110/32
add burst-limit=16M/150M burst-threshold=14M/100M burst-time=15s/15s limit-at=\
6M/60M max-limit=12M/80M name=l2tp_ios_sq parent=default priority=\
5/5 target=l2tp-ios
/queue tree
add max-limit=280M name=01_down parent=global queue=pcq-download-default
add max-limit=25M name=01_up parent=pppoe-out1 queue=pcq-upload-default
add burst-limit=40M burst-threshold=30M burst-time=10s limit-at=8M max-limit=\
15M [email protected] packet-mark=DNS&ICMP_down parent=01_down priority=1 \
queue=pcq-download-default
add burst-limit=90M burst-threshold=80M burst-time=10s limit-at=8M max-limit=\
60M name=D5_http packet-mark=http_down parent=01_down priority=5 queue=\
pcq-download-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=10M \
max-limit=80M name=D7_video packet-mark=video_down parent=01_down \
priority=7 queue=pcq-download-default
add burst-limit=100M burst-threshold=80M burst-time=10s limit-at=5M \
max-limit=50M name=D5_file packet-mark=file_down parent=01_down priority=\
5 queue=pcq-download-default
add burst-limit=120M burst-threshold=80M burst-time=10s limit-at=15M \
max-limit=60M name=D4_others packet-mark=others_down parent=01_down \
priority=4 queue=pcq-download-default
add burst-limit=5M burst-threshold=4M burst-time=10s limit-at=1M max-limit=4M \
name=U1_icmp&dns packet-mark=DNS&ICMP_up parent=01_up priority=1 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U5_http packet-mark=http_up parent=01_up priority=5 queue=\
pcq-upload-default
add burst-limit=12M burst-threshold=6M burst-time=15s limit-at=1M max-limit=\
10M name=U7_video packet-mark=video_up parent=01_up priority=7 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=15s limit-at=1M max-limit=\
10M name=U5_file packet-mark=file_up parent=01_up priority=5 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=15s limit-at=2M max-limit=\
10M name=U4_others packet-mark=others_up parent=01_up priority=4 queue=\
pcq-upload-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=8M \
max-limit=80M name=D6_heavy_traffic packet-mark=heavy_traffic_down \
parent=01_down priority=6 queue=pcq-download-default
add burst-limit=160M burst-threshold=120M burst-time=10s limit-at=10M \
max-limit=80M name=D3_small_packet packet-mark=small511_down parent=\
01_down priority=3 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U3_small_packet packet-mark=small511_up parent=01_up priority=3 \
queue=pcq-upload-default
add burst-limit=20M burst-threshold=12M burst-time=15s limit-at=2M max-limit=\
12M name=U6_heavy_traffic packet-mark=heavy_traffic_up parent=01_up \
priority=6 queue=pcq-upload-default
add burst-limit=90M burst-threshold=60M burst-time=10s limit-at=8M max-limit=\
60M name=D2_Honor_of_Kings packet-mark=Honor_of_Kings_down parent=01_down \
priority=2 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U2_Honor_of_Kings packet-mark=Honor_of_Kings_unicom-pac_u \
parent=01_up priority=2 queue=pcq-upload-default
add burst-limit=80M burst-threshold=60M burst-time=10s limit-at=15M \
max-limit=60M name=D2_light_udp_down packet-mark=light_udp_traffic_down \
parent=01_down priority=2 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U2_light_udp_up packet-mark=light_udp_traffic_up parent=01_up \
priority=2 queue=pcq-upload-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=8M \
max-limit=80M name=D3_VIP packet-mark=VIP_pac_down parent=01_down \
priority=3 queue=pcq-download-default
add burst-limit=16M burst-threshold=10M burst-time=15s limit-at=2M max-limit=\
12M name=U3_VIP packet-mark=VIP_pac_up parent=01_up priority=3 queue=\
pcq-upload-default
add burst-limit=100M burst-threshold=80M burst-time=10s limit-at=8M \
max-limit=60M name=D8_p2p_down packet-mark=p2p_down parent=01_down queue=\
pcq-download-default
add burst-limit=6M burst-threshold=4M burst-time=10s limit-at=1M max-limit=5M \
name=U8_p2p_up packet-mark=p2p_up parent=01_up queue=pcq-upload-default
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#旧版
#update_2021-05-29_01:16
# may/27/2021 20:17:41 by RouterOS 6.47.9
#
# model = RBD52G-5HacD2HnD
#NAS群晖自带的下载有电驴,所以先把电驴的一些节点固定了;同时设定LAN addr-list
/ip firewall address-list
add address=192.168.50.0/24 list=OnLineClient
add address=www.your-domain-name.com list=MyVPS
add address=www.your-domain-name-1.com list=MyVPS
add address=91.226.212.11 comment=00_p2p_eule_addr list=00_p2p_addr
add address=114.55.28.216 comment=00_p2p_eule_addr list=00_p2p_addr
add address=176.103.48.36 comment=00_p2p_eule_addr list=00_p2p_addr
add address=212.83.184.152 comment=00_p2p_eule_addr list=00_p2p_addr
add address=176.103.56.135 comment=00_p2p_eule_addr list=00_p2p_addr
add address=52.14.246.143 comment=00_p2p_eule_addr list=00_p2p_addr
add address=14.105.93.213 comment=00_p2p_eule_addr list=00_p2p_addr
add address=80.208.228.241 comment=00_p2p_eule_addr list=00_p2p_addr
add address=176.103.56.98 comment=00_p2p_eule_addr list=00_p2p_addr
add address=62.210.28.77 comment=00_p2p_eule_addr list=00_p2p_addr
add address=213.183.51.211 comment=00_p2p_eule_addr list=00_p2p_addr
#用到的一些l7规则,一部分是流传已久的规则,一部分是这两天写的
/ip firewall layer7-protocol
add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
0-9_][\\x01-\?a-z_]*[\\x02-\\x06](io)[\\x01-\\x10\\x1c][\\x01\\x03\\x04\\x\
FF]"
add comment=Xunlei name=layer7-p2p-Xunlei regexp=\
"^[()]...\?.\?.\?(reg|get|query)"
add comment=Torrent name=layer7-p2p-qBit regexp="^(\\x13bittorrent protocol|az\
ver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /clien\
t/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment=Bitcomet name=layer7-p2p-Bitcomet regexp=\
"^.*\\/client\\/bitcomet\\/.*\$"
add name=Http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
.[019]"
add name=PPStream regexp="^.\?.\?\\c.+\\c"
add name=QQLive regexp="(^get.+_.+_.+\\.(mp4|flv)\
|^\\xFE.\?.\?.\?.\?\\xD3|^(get|connect|http).+(livep.\?.\?.\?)\?\\.(now[0-\
9]\?[0-9]\?|l.\?.\?.\?|wxqcloud)\\.(gtimg|qq)\\.com)"
add name=Http-web regexp=\
"\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
add name=NetTV regexp=\
"^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
add name=Qiyi regexp="^(get|post).+\\qiyi\\.\\com\\/\\player.+\\.swf"
add comment=layer7-BitTorrent name=layer7-bittorrent regexp="^(\\x13bittorrent\
\_protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_has\
h=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=xhs regexp="^(get|connect).*(video|live).*\\.xhscdn\\.com.*\$"
add name=byte regexp="^(get|connect|http).+((v|lf|sf)[0-9]\?[0-9]\?|pull|downl\
oad).*\\.(bd|i)*(huoshan|xigua|douyin|pstatp|yangyi[0-9]\?[0-9]\?)(vod|tat\
ic|cdn)*\\.com.*\$"
add name=kuaishou regexp="^(get|connect).*((ali|js|mov|tx)[0-9]\?[0-9]\?\\.a\\\
.yximgs\\.com|(static|pull)\\.yximgs\\.com|v[0-9]\?[0-9]\?\\.kwaicdn\\.com\
)"
add name=l7_qqvideo regexp="^(get|connect|http).*(ts|ws|[a-z]\\.\?weishi|qqvid\
eo|shortv|livep.\?.\?.\?|ugcyd|(now|dldir)[0-9]\?[0-9]\?)\\.(cdp|tc|now|dl\
dir[0-9]\?[0-9]\?|l.\?.\?.\?|wxqcloud)\?\\.(qq|cdntips|gtimg)\\.(com|net)"
add name=File regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z|\\.gho|\\.pdf\
|\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
add name=QQMusic regexp=\
"(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=Kugou regexp=\
"(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
add name=Tencent_qq regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
0B/x7D/x98/x38/xE4.+"
add name=Tencent_qqgame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
\\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
add name=Http-img regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
add name=Http-jpg regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"
##filter添加p2p地址,timeout时间自己看着办吧,这里是10分钟
/ip firewall filter
add action=add-dst-to-address-list address-list=00_p2p_addr \
address-list-timeout=30m chain=forward comment="Add src to addr list_P2P" \
dst-address-list=!MyVPS layer7-protocol=layer7-bittorrent src-address=\
192.168.50.0/24
add action=add-dst-to-address-list address-list=00_p2p_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_Bitcomet" dst-address-list=!MyVPS layer7-protocol=\
layer7-p2p-Bitcomet src-address=192.168.50.0/24
add action=add-dst-to-address-list address-list=00_p2p_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_Xunlei" dst-address-list=!MyVPS layer7-protocol=\
layer7-p2p-Xunlei src-address=192.168.50.0/24
add action=add-dst-to-address-list address-list=00_p2p_addr \
address-list-timeout=30m chain=forward comment=\
"Add src to addr list_qBit" dst-address-list=!MyVPS layer7-protocol=\
layer7-p2p-qBit src-address=192.168.50.0/24
##mangle打签
/ip firewall mangle
add action=change-ttl chain=forward new-ttl=set:128 passthrough=yes
add action=change-mss chain=forward new-mss=1440 passthrough=yes protocol=tcp \
tcp-flags=syn tcp-mss=1441-65535
add action=set-priority chain=postrouting comment="Respect DSCP tagging" \
disabled=yes new-priority=from-dscp-high-3-bits passthrough=yes
add action=set-priority chain=postrouting comment="Prioritize ACKs" disabled=\
yes new-priority=6 packet-size=0-123 passthrough=yes protocol=tcp \
tcp-flags=ack
add action=mark-connection chain=output comment=ipsec_l2tp_conn_500 \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local new-connection-mark=ipsec_l2tp_conn out-interface-list=\
"WAN Interfaces" passthrough=no protocol=udp src-address-type=local \
src-port=500
add action=accept chain=output comment="Accept L2tp UDP ports_500" \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local log-prefix=local_vip_mark out-interface-list="WAN Interfaces" \
protocol=udp src-address-type=local src-port=500
add action=mark-connection chain=output comment=ipsec_l2tp_conn_1701 \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local new-connection-mark=ipsec_conn out-interface-list="WAN Interfaces" \
passthrough=no protocol=udp src-address-type=local src-port=1701
add action=accept chain=output comment="Accept L2tp UDP ports_1701" \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local log-prefix=local_vip_mark out-interface-list="WAN Interfaces" \
protocol=udp src-address-type=local src-port=1701
add action=mark-connection chain=output comment=ipsec_l2tp_conn_4500 \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local new-connection-mark=ipsec_l2tp_conn out-interface-list=\
"WAN Interfaces" passthrough=no protocol=udp src-address-type=local \
src-port=4500
add action=accept chain=output comment="Accept L2tp UDP ports_4500" \
dst-address=!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=\
!local log-prefix=local_vip_mark out-interface-list="WAN Interfaces" \
protocol=udp src-address-type=local src-port=4500
add action=accept chain=forward comment="Accept traffic that from VPS" \
disabled=yes in-interface-list="LAN Interfaces" src-address-list=MyVPS
add action=accept chain=forward comment="Accept traffic that to VPS" \
disabled=yes dst-address-list=MyVPS in-interface-list="LAN Interfaces"
add action=mark-routing chain=prerouting comment=\
"lan dns to 1111dns001 mark-routing" dst-port=53 layer7-protocol=\
1111dns001 new-routing-mark=lanhot passthrough=yes protocol=udp \
src-address=!192.168.50.110 src-address-list=OnLineClient
add action=mark-routing chain=prerouting comment=\
"lan dns to 1111dns002 mark-routing" dst-port=53 in-interface-list=\
"!WAN Interfaces" layer7-protocol=1111dns002 new-routing-mark=lanhot \
passthrough=yes protocol=udp src-address=!192.168.50.110 \
src-address-list=OnLineClient
add action=mark-routing chain=prerouting comment=\
"lan dns to 1111dns003 mark-routing" dst-port=53 in-interface-list=\
"!WAN Interfaces" layer7-protocol=1111dns003 new-routing-mark=lanhot \
passthrough=yes protocol=udp src-address=!192.168.50.110 \
src-address-list=OnLineClient
add action=mark-routing chain=output comment=\
"local dns to 1111dns001 mark-routing" dst-port=53 layer7-protocol=\
1111dns001 new-routing-mark=localhot passthrough=yes protocol=udp \
src-address-type=local
add action=mark-routing chain=output comment=\
"local dns to 1111dns002 mark-routing" dst-port=53 layer7-protocol=\
1111dns002 new-routing-mark=localhot passthrough=yes protocol=udp \
src-address-type=local
add action=mark-routing chain=output comment=\
"local dns to 1111dns003 mark-routing" dst-port=53 layer7-protocol=\
1111dns003 new-routing-mark=localhot passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
"lan dns to 1111dns001 mark-con" disabled=yes dst-port=53 \
in-interface-list="!WAN Interfaces" layer7-protocol=1111dns001 \
new-connection-mark=to1111dns passthrough=yes protocol=udp src-address=\
!192.168.50.110 src-address-list=OnLineClient
add action=mark-connection chain=forward comment=\
"lan dns to 1111dns002 mark-con" disabled=yes dst-port=53 \
layer7-protocol=1111dns002 new-connection-mark=to1111dns passthrough=yes \
protocol=udp src-address=!192.168.50.110 src-address-list=OnLineClient
add action=mark-connection chain=forward comment=\
"lan dns to 1111dns003 mark-con" disabled=yes dst-port=53 \
layer7-protocol=1111dns003 new-connection-mark=to1111dns passthrough=yes \
protocol=udp src-address=!192.168.50.110 src-address-list=OnLineClient
add action=mark-connection chain=output comment=\
"local dns to 1111dns001 mark-con" disabled=yes dst-port=53 \
layer7-protocol=1111dns001 new-connection-mark=to1111dns passthrough=yes \
protocol=udp src-address-type=local
add action=mark-connection chain=output comment=\
"local dns to 1111dns002 mark-con" disabled=yes dst-port=53 \
layer7-protocol=1111dns002 new-connection-mark=to1111dns passthrough=yes \
protocol=udp src-address-type=local
add action=mark-connection chain=output comment=\
"local dns to 1111dns003 mark-con" disabled=yes dst-port=53 \
layer7-protocol=1111dns003 new-connection-mark=to1111dns passthrough=yes \
protocol=udp src-address-type=local
add action=mark-packet chain=output comment="local dns to 1111 mark-pac" \
connection-mark=to1111dns disabled=yes new-packet-mark=to1111dns \
passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="LAN dns to 1111 mark-pac" \
connection-mark=to1111dns disabled=yes new-packet-mark=to1111dns \
passthrough=no protocol=udp
add action=mark-routing chain=output comment=\
"loacl connection dst-to nonecnip mark-routing for bypass" dst-address=\
!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=!local \
log-prefix=local_vip_mark new-routing-mark=localhot passthrough=yes \
src-address-type=local
add action=mark-routing chain=prerouting comment=\
"LAN connection dst-to nonecnip mark-routing for bypass" dst-address=\
!192.168.50.0/24 dst-address-list=!zzCNIP dst-address-type=!local \
in-interface-list="!WAN Interfaces" ipsec-policy=in,none log-prefix=\
LAN_VIP_mark new-routing-mark=lanhot passthrough=yes src-address=\
!192.168.50.110 src-address-list=OnLineClient
add action=mark-connection chain=forward comment=\
"01_Start_For_queue_mark :: VIP_con -- wg_10386" new-connection-mark=\
VIP_conn passthrough=yes port=10386 protocol=udp
add action=mark-packet chain=forward comment=VIP_pac_up connection-mark=\
VIP_conn new-packet-mark=VIP_pac_up passthrough=no src-address-list=\
OnLineClient
add action=mark-packet chain=forward comment=VIP_pac_down connection-mark=\
VIP_conn new-packet-mark=VIP_pac_down passthrough=no
add action=mark-connection chain=forward comment=\
"DNS\BA\CDICMP_conn: layer7 DNS" layer7-protocol=DNS new-connection-mark=\
dns&icmp passthrough=yes
add action=mark-connection chain=forward comment=\
"DNS\BA\CDICMP_conn: port 53_prerouting" dst-port=53 new-connection-mark=\
dns&icmp passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"DNS\BA\CDICMP_conn: port 53_output" dst-port=53 new-connection-mark=\
dns&icmp passthrough=yes protocol=udp
add action=mark-connection chain=forward comment="DNS\BA\CDICMP_conn: icmp" \
new-connection-mark=dns&icmp passthrough=yes protocol=icmp
add action=mark-packet chain=forward comment="DNS\BA\CDICMP_pac: up" \
connection-mark=dns&icmp new-packet-mark=DNS&ICMP_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="DNS\BA\CDICMP_pac: down" \
connection-mark=dns&icmp new-packet-mark=DNS&ICMP_down passthrough=no
add action=mark-connection chain=forward comment=Honor_of_Kings_conn-udp_5010 \
connection-rate=1-79k disabled=yes dst-port=5010 new-connection-mark=\
Honor_of_Kings_conn passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=Honor_of_Kings_conn-udp_8080 \
connection-rate=1-79k disabled=yes dst-port=8080 new-connection-mark=\
Honor_of_Kings_conn passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_16285 connection-rate=1-79k disabled=yes \
dst-port=16285 new-connection-mark=Honor_of_Kings_conn passthrough=yes \
protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_17005 connection-rate=1-79k disabled=yes \
dst-port=17005 new-connection-mark=Honor_of_Kings_conn passthrough=yes \
protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-udp_18301 connection-rate=1-79k disabled=yes \
dst-port=18301 new-connection-mark=Honor_of_Kings_conn passthrough=yes \
protocol=udp
add action=mark-connection chain=forward comment=\
Honor_of_Kings_conn-tcp_34087 connection-rate=1-79k disabled=yes \
new-connection-mark=Honor_of_Kings_conn passthrough=yes port=34087 \
protocol=tcp
add action=mark-packet chain=forward comment=Honor_of_Kings_pac_up \
connection-mark=Honor_of_Kings_conn disabled=yes new-packet-mark=\
Honor_of_Kings_up passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward comment=Honor_of_Kings_pac_down \
connection-mark=Honor_of_Kings_conn disabled=yes new-packet-mark=\
Honor_of_Kings_down passthrough=no
add action=mark-connection chain=forward comment="p2p_coon:: p2p_addr-tcp" \
dst-address-list=00_p2p_addr dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 new-connection-mark=p2p_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="p2p_coon:: p2p_addr-udp" \
dst-address-list=00_p2p_addr dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 new-connection-mark=p2p_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="mark pac_p2p_up" \
connection-mark=p2p_conn new-packet-mark=p2p_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="mark pac_p2p_down" \
connection-mark=p2p_conn new-packet-mark=p2p_down passthrough=no
add action=mark-connection chain=forward comment=all_conn connection-mark=\
!heavy_traffic_conn new-connection-mark=all_conn passthrough=yes
add action=mark-connection chain=forward comment=video_l7qqv_conn \
connection-mark=all_conn layer7-protocol=l7_qqvideo new-connection-mark=\
video_l7qqv_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: l7qqvideo" \
connection-mark=video_l7qqv_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: l7qqvideo" \
connection-mark=video_l7qqv_conn new-packet-mark=video_down passthrough=\
no
add action=mark-connection chain=forward comment="Video_conn: QQlive" \
connection-mark=all_conn layer7-protocol=QQLive new-connection-mark=\
video_QQLive_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: QQlive" \
connection-mark=video_QQLive_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: QQlive" \
connection-mark=video_QQLive_conn new-packet-mark=video_down passthrough=\
no
add action=mark-connection chain=forward comment="video_bytexhs_conn: byte" \
connection-mark=all_conn layer7-protocol=byte new-connection-mark=\
video_byte_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: byte" \
connection-mark=video_byte_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: byte" \
connection-mark=video_byte_conn new-packet-mark=video_down passthrough=no
add action=mark-connection chain=forward comment="video_bytexhs_conn: xhs" \
connection-mark=all_conn layer7-protocol=xhs new-connection-mark=\
video_xhs_conn passthrough=yes
add action=mark-packet chain=output comment="Video_up_pac:: xhs" \
connection-mark=video_xhs_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac:: xhs" \
connection-mark=video_xhs_conn new-packet-mark=video_down passthrough=no
add action=mark-connection chain=forward comment="video_conn: kuaishou" \
connection-mark=all_conn layer7-protocol=kuaishou new-connection-mark=\
video_kuaishou_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: kuaishou" \
connection-mark=video_kuaishou_conn new-packet-mark=video_up passthrough=\
no src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: kuaishou" \
connection-mark=video_kuaishou_conn new-packet-mark=video_down \
passthrough=no
add action=mark-connection chain=forward comment="Video_conn: Qiyi" \
connection-mark=all_conn layer7-protocol=Qiyi new-connection-mark=\
video_Qiyi_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: Qiyi" \
connection-mark=video_Qiyi_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: Qiyi" \
connection-mark=video_Qiyi_conn new-packet-mark=video_down passthrough=no
add action=mark-connection chain=forward comment="vido_conn: NetTV" \
connection-mark=all_conn layer7-protocol=NetTV new-connection-mark=\
video_NetTV_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: NetTV" \
connection-mark=video_NetTV_conn new-packet-mark=video_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: NetTV" \
connection-mark=video_NetTV_conn new-packet-mark=video_down passthrough=\
no
add action=mark-connection chain=forward comment="Video_conn: PPStream" \
connection-mark=all_conn layer7-protocol=PPStream new-connection-mark=\
video_PPStream_conn passthrough=yes
add action=mark-packet chain=forward comment="Video_up_pac: PPStream" \
connection-mark=video_PPStream_conn new-packet-mark=video_up passthrough=\
no src-address-list=OnLineClient
add action=mark-packet chain=forward comment="Video_down_pac: PPStream" \
connection-mark=video_PPStream_conn new-packet-mark=video_down \
passthrough=no
add action=mark-connection chain=forward comment=heavy_traffic_conn_TCP \
connection-bytes=500000-0 connection-mark=all_conn connection-rate=\
121k-200M new-connection-mark=heavy_traffic_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=forward comment=heavy_traffic_conn_UDP \
connection-bytes=500000-0 connection-mark=all_conn connection-rate=\
121k-200M new-connection-mark=heavy_traffic_conn passthrough=yes \
protocol=udp
add action=mark-packet chain=forward comment=heavy_traffic_pac_UP \
connection-mark=heavy_traffic_conn new-packet-mark=heavy_traffic_up \
passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward comment=heavy_traffic_down \
connection-mark=heavy_traffic_conn dst-address-list=OnLineClient \
new-packet-mark=heavy_traffic_down passthrough=no
add action=mark-connection chain=forward comment=http_conn_HTTP \
connection-mark=all_conn layer7-protocol=Http new-connection-mark=http \
passthrough=yes
add action=mark-connection chain=forward comment=http_conn_HTTP-web \
connection-mark=all_conn layer7-protocol=Http-web new-connection-mark=\
http passthrough=yes
add action=mark-connection chain=forward comment=http_conn_HTTP-jpg \
connection-mark=all_conn layer7-protocol=Http-jpg new-connection-mark=\
http passthrough=yes
add action=mark-connection chain=forward comment=http_conn_HTTP-img \
connection-mark=all_conn layer7-protocol=Http-img new-connection-mark=\
http passthrough=yes
add action=mark-packet chain=forward comment=http_pac::http_down \
connection-mark=http dst-address-list=OnLineClient new-packet-mark=\
http_down passthrough=no
add action=mark-packet chain=forward comment=http_pac::http_dup \
connection-mark=http new-packet-mark=http_up passthrough=no \
src-address-list=OnLineClient
add action=mark-connection chain=forward comment=file_conn::file \
connection-mark=all_conn layer7-protocol=File new-connection-mark=\
file_conn passthrough=yes
add action=mark-connection chain=forward comment=file_conn::QQMusic \
connection-mark=all_conn layer7-protocol=QQMusic new-connection-mark=\
file_conn passthrough=yes
add action=mark-connection chain=forward comment=file_conn::Kugou \
connection-mark=all_conn layer7-protocol=Kugou new-connection-mark=\
file_conn passthrough=yes
add action=mark-packet chain=forward comment=file_pac::file_down \
connection-mark=file_conn dst-address-list=OnLineClient new-packet-mark=\
file_down passthrough=no
add action=mark-packet chain=forward comment=file_pac::file_up \
connection-mark=file_conn new-packet-mark=file_up passthrough=no \
src-address-list=OnLineClient
add action=mark-connection chain=forward comment=\
"\D0\A1\B0\FC 0-511--small-511_conn_TCP" connection-bytes=1-10000000 \
connection-mark=all_conn connection-rate=1-59k dst-port=!80,8080 \
new-connection-mark=small-511_conn packet-size=65-511 passthrough=yes \
protocol=tcp
add action=mark-connection chain=forward comment=small-511_conn_UDP \
connection-bytes=1-10000000 connection-mark=all_conn connection-rate=\
1-59k dst-port=!80,8080 new-connection-mark=small-511_conn packet-size=\
65-511 passthrough=yes protocol=udp
add action=mark-packet chain=forward comment=small511_pac_u connection-mark=\
small-511_conn new-packet-mark=small511_up passthrough=no \
src-address-list=OnLineClient
add action=mark-packet chain=forward comment=small511_pac_d connection-mark=\
small-511_conn new-packet-mark=small511_down passthrough=no
add action=mark-connection chain=forward comment=light_udp_traffic_conn \
connection-bytes=1-15000000 connection-mark=all_conn connection-rate=\
1-69k new-connection-mark=light_udp_traffic_conn packet-size=1-799 \
passthrough=yes protocol=udp
add action=mark-packet chain=forward comment=light_udp_pac_up \
connection-mark=light_udp_traffic_conn new-packet-mark=\
light_udp_traffic_up passthrough=no src-address-list=OnLineClient
add action=mark-packet chain=forward comment=light_udp_pac_down \
connection-mark=light_udp_traffic_conn new-packet-mark=\
light_udp_traffic_down passthrough=no
add action=mark-connection chain=forward comment=other_conn connection-mark=\
all_conn new-connection-mark=others passthrough=yes
add action=mark-packet chain=forward comment=other_pac_up connection-mark=\
others new-packet-mark=others_up passthrough=no src-address-list=\
OnLineClient
add action=mark-packet chain=forward comment=\
"\BD\E1\CA\F8\A3\BA other_pac_down" connection-mark=others \
new-packet-mark=others_down passthrough=no
/queue type
set 0 kind=bfifo
set 5 pcq-burst-rate=20M pcq-burst-threshold=16M pcq-burst-time=15s pcq-rate=\
15M pcq-total-limit=1000KiB
set 6 pcq-burst-rate=160M pcq-burst-threshold=130M pcq-rate=120M \
pcq-total-limit=1000KiB
/queue simple
add burst-time=20s/0s max-limit=28M/260M name=default queue=\
pcq-upload-default/pcq-download-default target=192.168.50.0/24
add name=child1 parent=default target=192.168.50.0/24
add max-limit=26M/200M name=child2 parent=default target=192.168.50.110/32
/queue tree
add max-limit=280M name=01_down parent=global queue=pcq-download-default
add max-limit=28M name=01_up parent=pppoe-out1 queue=pcq-upload-default
add burst-limit=40M burst-threshold=30M burst-time=10s limit-at=8M max-limit=\
15M [email protected] packet-mark=DNS&ICMP_down parent=01_down priority=1 \
queue=pcq-download-default
add burst-limit=90M burst-threshold=80M burst-time=10s limit-at=8M max-limit=\
60M name=D5_http packet-mark=http_down parent=01_down priority=5 queue=\
pcq-download-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=10M \
max-limit=80M name=D7_video packet-mark=video_down parent=01_down \
priority=7 queue=pcq-download-default
add burst-limit=100M burst-threshold=80M burst-time=10s limit-at=5M \
max-limit=50M name=D7_file packet-mark=file_down parent=01_down priority=\
7 queue=pcq-download-default
add burst-limit=120M burst-threshold=80M burst-time=10s limit-at=15M \
max-limit=60M name=D4_others packet-mark=others_down parent=01_down \
priority=4 queue=pcq-download-default
add burst-limit=5M burst-threshold=4M burst-time=10s limit-at=1M max-limit=4M \
name=U1_icmp&dns packet-mark=DNS&ICMP_up parent=01_up priority=1 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U5_http packet-mark=http_up parent=01_up priority=5 queue=\
pcq-upload-default
add burst-limit=12M burst-threshold=6M burst-time=15s limit-at=1M max-limit=\
10M name=U7_video packet-mark=video_up parent=01_up priority=7 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=15s limit-at=1M max-limit=\
10M name=U7_file packet-mark=file_up parent=01_up priority=7 queue=\
pcq-upload-default
add burst-limit=16M burst-threshold=12M burst-time=15s limit-at=2M max-limit=\
10M name=U4_others packet-mark=others_up parent=01_up priority=4 queue=\
pcq-upload-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=8M \
max-limit=80M name=D6_heavy_traffic packet-mark=heavy_traffic_down \
parent=01_down priority=6 queue=pcq-download-default
add burst-limit=160M burst-threshold=120M burst-time=10s limit-at=10M \
max-limit=80M name=D3_small_packet packet-mark=small511_down parent=\
01_down priority=3 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U3_small_packet packet-mark=small511_up parent=01_up priority=3 \
queue=pcq-upload-default
add burst-limit=20M burst-threshold=12M burst-time=15s limit-at=2M max-limit=\
12M name=U6_heavy_traffic packet-mark=heavy_traffic_up parent=01_up \
priority=6 queue=pcq-upload-default
add burst-limit=90M burst-threshold=60M burst-time=10s disabled=yes limit-at=\
8M max-limit=60M name=D2_Honor_of_Kings packet-mark=Honor_of_Kings_down \
parent=01_down priority=2 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s disabled=yes limit-at=\
2M max-limit=10M name=U2_Honor_of_Kings packet-mark=\
Honor_of_Kings_unicom-pac_u parent=01_up priority=2 queue=\
pcq-upload-default
add burst-limit=80M burst-threshold=60M burst-time=10s limit-at=15M \
max-limit=60M name=D2_light_udp_down packet-mark=light_udp_traffic_down \
parent=01_down priority=2 queue=pcq-download-default
add burst-limit=16M burst-threshold=12M burst-time=10s limit-at=2M max-limit=\
10M name=U2_light_udp_up packet-mark=light_udp_traffic_up parent=01_up \
priority=2 queue=pcq-upload-default
add burst-limit=120M burst-threshold=100M burst-time=10s limit-at=8M \
max-limit=80M name=D3_VIP packet-mark=VIP_pac_down parent=01_down \
priority=3 queue=pcq-download-default
add burst-limit=16M burst-threshold=10M burst-time=15s limit-at=2M max-limit=\
12M name=U3_VIP packet-mark=VIP_pac_up parent=01_up priority=3 queue=\
pcq-upload-default
add burst-limit=100M burst-threshold=80M burst-time=10s limit-at=8M \
max-limit=60M name=D8_p2p_down packet-mark=p2p_down parent=01_down queue=\
pcq-download-default
add burst-limit=6M burst-threshold=4M burst-time=10s limit-at=1M max-limit=5M \
name=U8_p2p_up packet-mark=p2p_up parent=01_up queue=pcq-upload-default
#end update_2021-05-29_01:16
评论
问一个问题,L2TP如何强制IPSEC加密,虽然我设置了ipsec加密预共享密钥,但是在win下拨号测试仍可无需密钥即可连接成功
评论
附图看上去是 RB951Ui-2HnD 吧...?
评论
换了个壳子,为了散热
评论
配置时候选上配置就好了?
评论
不开fasttrack的话,ac2能跑多少wan
评论
我这边规则比较多。可以去官网看下测试结果啊。
我这边刚随便跑了下,单线和多线都在150M以内。
评论
看来规则多还是要x86
评论
l7用得多还是x86,但是x86么有fastp。
评论
下午用虚拟跑的,估计有点损耗。直接PC跑多二三十兆
评论
这货入门难度有点高啊
评论
简单家用做主路由的话,直接quick set就好了。应该稳得很
评论
壳子哪里有卖啊?同ac2,类肤质外壳已经很难看了
评论
咸鱼蹲守了下..
评论
PPP - L2TP server里面use IPSEC的框,有选成required么?
评论
感谢,试了一下确实可以了,之前是选的yes,意思就是兼容模式都可以连接。另外问下,我有静态的公网IPv6地址,怎样分配到WAN和LAN,网上都是PPPOE的案例,搞了半天没成功
评论
我用的IPv6也是PPPoE分配的,直配的没试过
理论上应该也是自己在IPv6 - Addresses里面给WAN接口添加一个地址,把分配的公网地址自己填进去
然后IPv6 - Routes里面添加::0从WAN口出去
最后把自己的prefix设置到IPv6 pool里,然后开ND让内网设备自己分地址吧
评论
好的,我在研究一下,感谢
评论
几台机器没必要qos吧?
评论
顶。。。
刚刚入坑ros,简单设置、使用没问题,这货系统资源占用真好,其他不懂很多。。。
评论
那阵子家里远程办公卡卡的才弄的。
评论
另外这里面一些mangle和l7参考,用起来没必要
评论
我也是不懂就去看官方说明
评论
现在宽带起步都是500M以上,然后路由性能配足,20个终端以下基本上都不需要qos。
评论
那就奇怪了,反正我媳妇刷一下抖音我就卡顿一下…可能那会哪里设置有问题
评论
最开始是华硕的ac87u,就有这个问题,没办法才上了ros
评论
有点...复杂OTL
在带宽提到200以后我貌似就完全放弃QoS了
在做了OpenWRT旁路的静态浮动以后我连打标啥的都丢掉了。。。就纯做个NAT+DNS混日子了
评论
哈哈哈,怎么省事儿怎么来。我这瞎折腾
评论
自从宽带上500M,路由器换了er4,就再也没卡过。
评论
感谢分享,这玩意是真的稳,但入门难,先留个记号,谢谢大神!
我这儿就300M.哈哈哈。er4也是好东西。
评论
也是小白。看说明书弄的。欢迎入坑。
评论
使用了几天,优化了下配置。
评论
感谢分享,做个记号,哪天折腾下。
评论
用L7的话,最好x86架构,Mik家自己的路由器,特别是ap系列的,基本扛不住
评论
在用RB450Gx4,x86的体积不够友好啊
评论
450g和关掉ac2的性能好像差不多
评论
留个痕迹 ,最近也准备研究 ros 设备是X86 没想好 代理怎么挂。。。。。。
评论
旁路喽。参考我另一个帖子,基本原理就是,ip分流,dns分流。
评论
设置时候配置上就好了。不过国内用啥ipsec加密啊,没必要。
评论
企业组网,不加密能保证安全?不过最近搞上了openv,发现L2确实弱鸡
评论
哦,企业啊,以为是家用。我这边家用一直没上ipsec 电路 电子 维修 求创维42c08RD电路图 评论 电视的图纸很少见 评论 电视的图纸很少见 评论 创维的图纸你要说 版号,不然无能为力 评论 板号5800-p42ALM-0050 168P-P42CLM-01 电路 电子 维修 我现在把定影部分拆出来了。想换下滚,因为卡纸。但是我发现灯管挡住了。拆不了。不会拆。论坛里的高手拆解过吗? 评论 认真看,认真瞧。果然有收
·日本中文新闻 唐田绘里香为新剧《极恶女王》剃光头 展现演员决心
·日本中文新闻 真子小室夫妇新居引发隐私担忧
·日本中文新闻 前AKB48成员柏木由纪与搞笑艺人交往曝光
·日本学校 {日本国际学校}梅田インターナショナルスクール
·日本学校 LINE:sm287 陳雨菲、20歳、台湾からの留学生、東京に来たばかり
·日本留学生活 出售平成22年走行48000km 代步小车
·日本华人网络交流 円相場 一時1ドル=140円台まで上昇?
·日本华人网络交流 问日本华人一个问题
·日本旅游代购 富山接机
·生活百科 英国转澳大利亚转换插头
·汽车 【求助】修车遇到困难怎么办?