Scribd
Upload
117 views5 pages

Cript Qos Dinamico

This document contains configuration commands for a router or firewall. It sets up quality of service (QoS) rules to prioritize certain types of traffic for different user connections. It defines scripts to add and remove QoS rules when users connect or disconnect via PPPoE. It also marks traffic like VoIP, email and Skype to assign it a higher priority.

Uploaded by

Hilario Marca C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
117 views5 pages

Cript Qos Dinamico

This document contains configuration commands for a router or firewall. It sets up quality of service (QoS) rules to prioritize certain types of traffic for different user connections. It defines scripts to add and remove QoS rules when users connect or disconnect via PPPoE. It also marks traffic like VoIP, email and Skype to assign it a higher priority.

Uploaded by

Hilario Marca C
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

###################################################################################

##############
En esta parte debes cambiar tu rango de ip

/ip firewall address-list


add address=172.16.10.0/24 list=pppoe_clientes

###################################################################################
##################

/queue type
add kind=pcq name=down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-
address6-mask=64

###################################################################################
###

/ip firewall layer7-protocol


add comment=FACEBOOK name=facebook regexp="^..+\\.(facebook.com|facebook.net|f\
bcdn.com|fbsbx.com|fbcdn.net|fb.com|tfbnw.net).*\$"
add name=QoS regexp="^.+(facebook|fbcdn|akamaihd|youtube|google\\w+|ggpht|\\.i\
d\\|ytimg|google)*\\\$"
add name=QoS-SPEEDTEST regexp="^.+(speedtest|testdevelocidad|test-velocidad|fa\
st|cdnst|nperf|ookla).*\$"

###################################################################################
####

/ip firewall filter


add action=add-dst-to-address-list address-list=classesroom \
address-list-timeout=12h chain=forward comment="classes room" content=\
classroom src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=skype address-list-timeout=\
12h chain=forward comment="Marcado skype" content=skype src-address-list=\
pppoe_clientes
add action=add-dst-to-address-list address-list=zoom address-list-timeout=12h \
chain=forward comment="Marcado zoom" content=zoom.us src-address-list=\
pppoe_clientes
add action=add-dst-to-address-list address-list=zoom address-list-timeout=12h \
chain=forward comment="Marcado zoom" content=zoom src-address-list=\
pppoe_clientes
add action=add-dst-to-address-list address-list=youtube address-list-timeout=\
6h chain=forward comment="Guarda ip Youtube" content=youtube.com \
src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=youtube address-list-timeout=\
6h chain=forward content=googlevideo.com src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=youtube address-list-timeout=\
6h chain=forward content=youtu.be src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=youtube address-list-timeout=\
6h chain=forward content=akamaihd.net src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=netflix address-list-timeout=\
6h chain=forward comment="Marcado de netflix" content=netflix.com \
src-address-list=pppoe_clientes
add action=add-dst-to-address-list address-list=instagram \
address-list-timeout=6h chain=forward comment="Marcado de instagram" \
content=instagram.com src-address-list=pppoe_clientes

###################################################################################
###

/system script
add dont-require-permissions=yes name="pppoe down" owner=admin_roberto \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="/queue tree remove [find where parent=\"QoS_<pppoe-\$user>\"]\r\
\n/queue tree remove [find where name=\"QoS_<pppoe-\$user>\"]\r\
\n:foreach a in=[/queue tree find where invalid] do={ /queue tree remove \
\$a };"
add dont-require-permissions=yes name="pppoe up" owner=admin_roberto policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
foreach i in=[/queue simple find where name=\"<pppoe-\$user>\"] do={\r\
\n :local NamePPP [/queue simple get \$i name];\r\
\n :local RateLimit [/queue simple get \$i max-limit];\r\
\n :local indexExplod [:find \$RateLimit \"/\"];\r\
\n :local lenth [:len \$RateLimit];\r\
\n :local rl [:pick \$RateLimit (\$indexExplod + 1) (\$lenth - 1)];\r\
\n :local RateLimitUn [:pick \$RateLimit (\$lenth - 1) \$lenth];\r\
\n :local BurstLimit [/queue simple get \$i burst-limit];\r\
\n :local indexExplod [:find \$BurstLimit \"/\"];\r\
\n :local lenth [:len \$BurstLimit];\r\
\n :local bl [:pick \$BurstLimit (\$indexExplod + 1) (\$lenth - 1)];\r\
\n :local BurstLimitUn [:pick \$BurstLimit (\$lenth - 1) \$lenth];\r\
\n :local BurstTime [/queue simple get \$i burst-time];\r\
\n :local indexExplod [:find \$BurstTime \"/\"];\r\
\n :local lenth [:len \$BurstTime];\r\
\n :local bt [:pick \$BurstTime (\$indexExplod + 1) (\$lenth - 1)];\r\
\n :local indexExplod [:find \$bt \"m\"];\r\
\n :local lenth [:len \$bt];\r\
\n :local bt0 [:pick \$bt 0];\r\
\n :local bt1 [:pick \$bt (\$indexExplod + 1) \$lenth];\r\
\n :local BurstTh [/queue simple get \$i burst-threshold];\r\
\n :local indexExplod [:find \$BurstTh \"/\"];\r\
\n :local lenth [:len \$BurstTh];\r\
\n :local bth [:pick \$BurstTh (\$indexExplod + 1) (\$lenth - 1)];\r\
\n :local BurstThUn [:pick \$BurstTh (\$lenth - 1) \$lenth];\r\
\n :local cicmp [(\$rl * 23 / 100)];\r\
\n :local credes [(\$rl * 23 / 100)];\r\
\n :local cwww [(\$rl * 23 / 100)];\r\
\n :local cvideos [(\$rl * 23 / 100)];\r\
\n :local cresto [(\$rl * 8 / 100)];\r\
\n :local cBt [((\$bt0 * 60) + \$bt1)];\r\
\n :if ([:len \$bl] != 0) do={\r\
\n :log warning \"QoS ADD === \$NamePPP\";\r\
\n# :log warning \"Com Burst\";\r\
\n# :log warning \"Max Limit === \$rl \$RateLimitUn\";\r\
\n# :log warning \"Burst Limit === \$bl \$BurstLimitUn\";\r\
\n# :log warning \"Burst Thr === \$bth \$BurstThUn\";\r\
\n# :log warning \"Burst Time=== \$cBt\";\r\
\n/queue tree add name=\"QoS_\$NamePPP\" parent=\"\$interface\" queue=\"do\
wn\" max-limit=\"\$(\$rl)\$RateLimitUn\" burst-limit=\"\$(\$bl)\$BurstLimi\
tUn\" burst-time=\"\$cBt\" burst-threshold=\"\$(\$bth)\$BurstThUn\" bucket\
-size=0.20;\r\
\n /queue tree add name=\"1-icmp_\$NamePPP\" parent=\"QoS_\$NamePPP\
\" packet-mark=\"PRIO.1\" queue=\"down\" priority=\"1\" limit-at=\"\$(\$ci\
cmp)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\" burst-limit=\"\$(\
\$bl)\$BurstLimitUn\" burst-time=\"\$cBt\" burst-threshold=\"\$(\$bth)\$Bu\
rstThUn\";\r\
\n /queue tree add name=\"2-redes_\$NamePPP\" parent=\"QoS_\$NamePP\
P\" packet-mark=\"PRIO.2\" queue=\"down\" priority=\"2\" limit-at=\"\$(\$c\
redes)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"3-www_\$NamePPP\" parent=\"QoS_\$NamePPP\
\" packet-mark=\"PRIO.3\" queue=\"down\" priority=\"3\" limit-at=\"\$(\$cw\
ww)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"4-videos_\$NamePPP\" parent=\"QoS_\$NameP\
PP\" packet-mark=\"PRIO.4\" queue=\"down\" priority=\"5\" limit-at=\"\$(\$\
cvideos)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"8-resto_\$NamePPP\" parent=\"QoS_\$NamePP\
P\" packet-mark=\"PRIO.8\" queue=\"down\" priority=\"8\" limit-at=\"\$(\$c\
resto)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n } \\\r\
\n else={\r\
\n :log warning \"QoS ADD === \$NamePPP\";\r\
\n /queue tree add name=\"QoS_\$NamePPP\" parent=\"\$interface\" qu\
eue=\"down\" max-limit=\"\$(\$rl)\$RateLimitUn\" bucket-size=0.20;\r\
\n /queue tree add name=\"1-icmp_\$NamePPP\" parent=\"QoS_\$NamePPP\
\" packet-mark=\"PRIO.1\" queue=\"down\" priority=\"1\" limit-at=\"\$(\$ci\
cmp)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"2-redes_\$NamePPP\" parent=\"QoS_\$NamePP\
P\" packet-mark=\"PRIO.2\" queue=\"down\" priority=\"2\" limit-at=\"\$(\$c\
redes)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"3-www_\$NamePPP\" parent=\"QoS_\$NamePPP\
\" packet-mark=\"PRIO.3\" queue=\"down\" priority=\"3\" limit-at=\"\$(\$cw\
ww)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"4-videos_\$NamePPP\" parent=\"QoS_\$NameP\
PP\" packet-mark=\"PRIO.4\" queue=\"down\" priority=\"5\" limit-at=\
\"\$(\$cvideos)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n /queue tree add name=\"8-resto_\$NamePPP\" parent=\"QoS_\$NamePP\
P\" packet-mark=\"PRIO.8\" queue=\"down\" priority=\"8\" limit-at=\"\$(\$c\
resto)\$RateLimitUn\" max-limit=\"\$(\$rl)\$RateLimitUn\";\r\
\n \r\
\n \r\
\n }\r\
\n}"

###################################################################################
###############

/ip firewall mangle


add action=mark-connection chain=prerouting comment="Maracado Icmp" \
new-connection-mark=icmp.conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp.conn \
new-packet-mark=PRIO.1 passthrough=no
add action=mark-connection chain=prerouting comment="Marcado dns" dst-port=53 \
new-connection-mark=dns.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=53 new-connection-mark=\
dns.conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dns.conn \
new-packet-mark=PRIO.1 passthrough=no
add action=mark-connection chain=prerouting comment="Marcado de correos" \
dst-port=995,465,993,110,25,143,587 new-connection-mark=correos.conn \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=correos.conn \
new-packet-mark=PRIO.1 passthrough=no
add action=mark-connection chain=prerouting comment=VoIP dst-port=5060,5061 \
new-connection-mark=conn-VoIP passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=conn-VoIP \
new-packet-mark=PRIO.1 passthrough=no
add action=mark-connection chain=prerouting comment="Marcado de skype" \
new-connection-mark=skype.conn passthrough=yes src-address-list=skype
add action=mark-packet chain=prerouting connection-mark=skype.conn \
new-packet-mark=PRIO.2 passthrough=no
add action=mark-connection chain=prerouting comment="Marcado de Zoom" \
new-connection-mark=zoom.conn passthrough=yes src-address-list=zoom
add action=mark-packet chain=prerouting connection-mark=zoom.conn \
new-packet-mark=PRIO.2 passthrough=no
add action=mark-packet chain=prerouting comment="Macrado de Classesroom" \
new-packet-mark=PRIO.2 passthrough=no src-address-list=classesroom
add action=mark-connection chain=prerouting comment="Marcado de Whatsapp" \
dst-port=5222,5223,5228,4244,5242,50318,59234 new-connection-mark=\
whatsapp.conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=3478,54395,59234,50318 \
new-connection-mark=whatsapp.conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=whatsapp.conn \
new-packet-mark=PRIO.2 passthrough=no
add action=mark-connection chain=prerouting comment="GAME ONLINE " dst-port=\
10000-11008,7008 new-connection-mark=game.conn passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting dst-port=9000-9099 \
new-connection-mark=game.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=\
7700,1900,17000,65050,7500,65010,8700,3013,7703,7520,7535,7752 \
new-connection-mark=game.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=\
20000-20099,12235,13748,13972,13894,11455,7000-7011 new-connection-mark=\
game.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=\
88,500,3074,3544,4500,3075,4379-4380,27000-27031,27036,7542,7608 \
new-connection-mark=game.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=\
14009-14030,42051-42052,40000-40050,13000-13080 new-connection-mark=\
game.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=\
39190,27780,29000,22100,4300,15001,15002,7341,7451 new-connection-mark=\
game.conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=\
5340-5352,6000-6152,14009-14030,18901-18909 new-connection-mark=game.conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=\
40000,9300,9400,9700,7342,8005-8010,37466,36567,8822 new-connection-mark=\
game.conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=game.conn \
new-packet-mark=PRIO.2 passthrough=no
add action=mark-connection chain=prerouting comment="Marcado de instagram" \
new-connection-mark=instagram.conn passthrough=yes src-address-list=\
instagram
add action=mark-packet chain=prerouting connection-mark=instagram.conn \
new-packet-mark=PRIO.2 passthrough=no
add action=mark-packet chain=prerouting comment="Marcado de Facebook" \
layer7-protocol=facebook new-packet-mark=PRIO.2 passthrough=yes
add action=mark-packet chain=prerouting comment="Marcado de Netflix" \
new-packet-mark=PRIO.4 passthrough=no src-address-list=netflix
add action=mark-packet chain=prerouting comment="Marcado de Youtube" \
new-packet-mark=PRIO.4 passthrough=no src-address-list=youtube
add action=mark-connection chain=prerouting comment="Maracado HTTPS" \
dst-port=443 new-connection-mark=https.conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting dst-port=80,443 \
new-connection-mark=https.conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=https.conn \
new-packet-mark=PRIO.3 passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcado resto de Paquetes" connection-state=new new-connection-mark=\
resto.conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=resto.conn \
new-packet-mark=PRIO.8 passthrough=no

You might also like