Anda di halaman 1dari 77

Tutorial Lengkap Seting Mikrotik Untuk Warnet, Hotspot

Internal Dan Rt/Rw-Net External Proxy


Disini settingan masing-masing saya batasi Cuma 30 client untuk tambahan bisa ditambahi sendiri.
Setting ini dilengkapi firewall untuk memproteksi keamanan Jaringan dari berbagai gangguan dari internet (virus, hacker), maupun
dari orang jahil yang hendak mencuri hotspot (Anti netcut, mac clonning, port scanner dll), membagi bandwith untuk tiap-tiap client.
Semoga Bermanfaat..
Dan untuk Para Master-master mohon koreksinya jika ada kekurangan..
Hardware :

Mikrotik RB 751U 2HND

Warnet / Jaringan Lokal

Hotspot internal untuk dalam gedung (30 Client)

PC Server

Server Virtualisasi Proxmox

Proxy Ubuntu

Bullet 2HP Sebagai sebagai AP Bridge (untuk 30 Client)

Setting Interface :
/interface ethernet
set 0 comment="Speedy Interface" name=Speedy
set 1 comment="Local Interface" name=Local
set 2 comment="Proxy Interface" name=Proxy
set 3 comment="Rtrwnet Interface" name=Rtrwnet
set 4 comment="hotspot Interface" name=hotspotnet

Setting IP
/ip address
add address=192.168.1.2 netmask=255.255.255.0 inteface=Speedy
comment=ke Speedy
add address=192.168.9.254 netmask=255.255.255.0 inteface=Local
comment=ke Local
add address=192.168.3.1 netmask=255.255.255.0 inteface=Proxy
comment=ke Proxy
add address=192.168.4.1 netmask=255.255.255.0 inteface=Rtrwnet
comment=ke Rtrwnet
add address=192.168.5.1 netmask=255.255.255.0 inteface=Proxy
comment=ke hotspot Internal
Setting DNS

/ip dns

set allow-remote-requests=yes cache-max-ttl=1w cachesize=4096KiB \


max-udp-packet-size=512 servers="176.9.26.139,180.131.144.144"
/ip route
add gateway=192.168.1.1 comment="" disabled=no
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes
port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/system ntp client
set enabled=yes mode=unicast primary-ntp=203.160.128.6
secondary-ntp=\
202.169.224.16
/ip firewall address-list
add address=192.168.3.1/24 comment="" disabled=no
list=ProxyNET
add address=192.168.9.1-192.168.9.254 comment="" disabled=no
list=LocalNet
add address=192.168.4.1-192.168.4.30 comment="" disabled=no
list=RtrwnetNet
add address=192.168.5.1-192.168.5.30 comment="" disabled=no
list=hotspotNet

/ip firewall filter


add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="Port scanners to
list " \
disabled=no protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="NMAP FIN Stealth
scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="SYN/FIN scan"
disabled=no \
protocol=tcp tcp-flags=fin,syn

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="SYN/RST scan"
disabled=no \
protocol=tcp tcp-flags=syn,rst

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="FIN/PSH/URG scan"
disabled=\

no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="ALL/ALL scan"
disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

add action=add-src-to-address-list address-list="port scanners" \


address-list-timeout=2w chain=input comment="NMAP NULL scan"
disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

add action=drop chain=input comment="Dropping port scanners"


disabled=no \
src-address-list="port scanners"
/ip firewall filter
add chain=virus protocol=udp action=drop dst-port=1
comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=2
comment="Death"
add chain=virus protocol=tcp action=drop dst-port=20
comment="Senna Spy FTP server"
add chain=virus protocol=tcp action=drop dst-port=21
comment="Back Construction, \
Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan,
Fore, Invisible \
FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen,
Senna Spy FTP server, \

The Flu, Traitor 21, WebEx, WinCrash"


add chain=virus protocol=tcp action=drop dst-port=23
comment="Fire HacKer, \
Tiny Telnet Server TTS, Truva Atl"
add chain=virus protocol=tcp action=drop dst-port=25
comment="Ajan, Antigen, Barok, \
Email Password Sender EPS, EPS II, Gip, Gris, Happy99, Hpteam
mail, Hybris, I love you, \
Kuang2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email
trojan, Naebi, NewApt worm, \
ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC,
WinSpy"
add chain=virus protocol=tcp action=drop dst-port=30
comment="Agent 40421"
add chain=virus protocol=tcp action=drop dst-port=31
comment="Agent 31, Hackers Paradise, Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=41
comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=48
comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=50
comment="DRAT"
add chain=virus protocol=tcp action=drop dst-port=58
comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=59
comment="DMSetup"
add chain=virus protocol=tcp action=drop dst-port=79
comment="CDK, Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=80
comment="711 trojan, Seven Eleven, AckCmd, \

Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor,


Executor, God Message, God Message Creator, \
Hooker, IISworm, MTX, NCX, Reverse WWW Tunnel Backdoor,
RingZero, Seeker, WAN Remote, Web Server CT, \
WebDownloader"
add chain=virus protocol=tcp action=drop dst-port=81
comment="RemoConChubo"
add chain=virus protocol=tcp action=drop dst-port=99
comment="Hidden Port, NCX"
add chain=virus protocol=tcp action=drop dst-port=110
comment="ProMail trojan"
add chain=virus protocol=tcp action=drop dst-port=113
comment="Invisible Identd Deamon, Kazimas"
add chain=virus protocol=tcp action=drop dst-port=119
comment="Happy99"
add chain=virus protocol=tcp action=drop dst-port=121
comment="Attack Bot, God Message, JammerKillah"
add chain=virus protocol=tcp action=drop dst-port=123
comment="Net Controller"
add chain=virus protocol=tcp action=drop dst-port=133
comment="Farnaz"
add chain=virus protocol=tcp action=drop dst-port=135-139
comment="Blaster worm"
add chain=virus protocol=udp action=drop dst-port=135-139
comment="messenger worm
add chain=virus protocol=tcp action=drop dst-port=142
comment="NetTaxi"
add chain=virus protocol=tcp action=drop dst-port=146
comment="Infector"
add chain=virus protocol=udp action=drop dst-port=146
comment="Infector"

add chain=virus protocol=tcp action=drop dst-port=170


comment="A-trojan"
add chain=virus protocol=tcp action=drop dst-port=334
comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=411
comment="Backage"
add chain=virus protocol=tcp action=drop dst-port=420
comment="Breach, Incognito"
add chain=virus protocol=tcp action=drop dst-port=421
comment="TCP Wrappers trojan"
add chain=virus protocol=tcp action=drop dst-port=445
comment="Blaster worm
add chain=virus protocol=udp action=drop dst-port=445
comment="Blaster worm
add chain=virus protocol=tcp action=drop dst-port=455
comment="Fatal Connections"
add chain=virus protocol=tcp action=drop dst-port=456
comment="Hackers Paradise"
add chain=virus protocol=tcp action=drop dst-port=513
comment="Grlogin"
add chain=virus protocol=tcp action=drop dst-port=514
comment="RPC Backdoor"
add chain=virus protocol=tcp action=drop dst-port=531
comment="Net666, Rasmin"
add chain=virus protocol=tcp action=drop dst-port=555
comment="711 trojan, Seven Eleven, \
Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy"
add chain=virus protocol=tcp action=drop dst-port=605
comment="Secret Service"
add chain=virus protocol=tcp action=drop dst-port=666
comment="Attack FTP, Back Construction, \

BLA trojan, Cain & Abel, NokNok, Satans Back Door SBD, ServU,
Shadow Phyre, th3r1pp3rz Therippers"
add chain=virus protocol=tcp action=drop dst-port=667
comment="SniperNet"
add chain=virus protocol=tcp action=drop dst-port=669
comment="DP trojan"
add chain=virus protocol=tcp action=drop dst-port=692
comment="GayOL"
add chain=virus protocol=tcp action=drop dst-port=777
comment="AimSpy, Undetected"
add chain=virus protocol=tcp action=drop dst-port=808
comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=911
comment="Dark Shadow"
add chain=virus protocol=tcp action=drop dst-port=999
comment="Deep Throat, Foreplay, WinSatan"
add chain=virus protocol=tcp action=drop dst-port=1000
comment="Der Spaeher, Direct Connection"
add chain=virus protocol=tcp action=drop dst-port=1001
comment="Der Spaeher, Le Guardien, Silencer, WebEx"
add chain=virus protocol=tcp action=drop dst-port=1010-1016
comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=1020
comment="Vampire"
add chain=virus protocol=tcp action=drop dst-port=1024
comment="Jade, Latinus, NetSpy"
add chain=virus protocol=tcp action=drop dst-port=1025
comment="Remote Storm"
add chain=virus protocol=udp action=drop dst-port=1025
comment="Remote Storm"

add chain=virus protocol=tcp action=drop dst-port=1035


comment="Multidropper"
add chain=virus protocol=tcp action=drop dst-port=1042
comment="BLA trojan"
add chain=virus protocol=tcp action=drop dst-port=1045
comment="Rasmin"
add chain=virus protocol=tcp action=drop dst-port=1049
comment="sbin initd"
add chain=virus protocol=tcp action=drop dst-port=1050
comment="MiniCommand"
add chain=virus protocol=tcp action=drop dst-port=1053
comment="The Thief"
add chain=virus protocol=tcp action=drop dst-port=1054
comment="AckCmd"
add chain=virus protocol=tcp action=drop dst-port=1080-1083
comment="WinHole"
add chain=virus protocol=tcp action=drop dst-port=1090
comment="Xtreme"
add chain=virus protocol=tcp action=drop dst-port=1095-1098
comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1099
comment="Blood Fest Evolution, Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=1150-1151
comment="Orion"
add chain=virus protocol=tcp action=drop dst-port=1170
comment="Psyber Stream Server PSS, Streaming Audio Server,
Voice"
add chain=virus protocol=udp action=drop dst-port=1200-1201
comment="NoBackO"
add chain=virus protocol=tcp action=drop dst-port=1207
comment="SoftWAR"

add chain=virus protocol=tcp action=drop dst-port=1208


comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=1212
comment="Kaos"
add chain=virus protocol=tcp action=drop dst-port=1234
comment="SubSeven Java client, Ultors Trojan"
add chain=virus protocol=tcp action=drop dst-port=1243
comment="BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles"
add chain=virus protocol=tcp action=drop dst-port=1245
comment="VooDoo Doll"
add chain=virus protocol=tcp action=drop dst-port=1255
comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1256
comment="Project nEXT"
add chain=virus protocol=tcp action=drop dst-port=1269
comment="Matrix"
add chain=virus protocol=tcp action=drop dst-port=1272
comment="The Matrix"
add chain=virus protocol=tcp action=drop dst-port=1313
comment="NETrojan"
add chain=virus protocol=tcp action=drop dst-port=1338
comment="Millenium Worm"
add chain=virus protocol=tcp action=drop dst-port=1349
comment="Bo dll"
add chain=virus protocol=tcp action=drop dst-port=1394
comment="GoFriller, Backdoor G-1"
add chain=virus protocol=tcp action=drop dst-port=1441
comment="Remote Storm"
add chain=virus protocol=tcp action=drop dst-port=1492
comment="FTP99CMP"

add chain=virus protocol=tcp action=drop dst-port=1524


comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=1568
comment="Remote Hack"
add chain=virus protocol=tcp action=drop dst-port=1600
comment="Direct Connection, Shivka-Burka"
add chain=virus protocol=tcp action=drop dst-port=1703
comment="Exploiter"
add chain=virus protocol=tcp action=drop dst-port=1777
comment="Scarab"
add chain=virus protocol=tcp action=drop dst-port=1807
comment="SpySender"
add chain=virus protocol=tcp action=drop dst-port=1966
comment="Fake FTP"
add chain=virus protocol=tcp action=drop dst-port=1967
comment="WM FTP Server"
add chain=virus protocol=tcp action=drop dst-port=1969
comment="OpC BO"
add chain=virus protocol=tcp action=drop dst-port=1981
comment="Bowl, Shockrave"
add chain=virus protocol=tcp action=drop dst-port=1999
comment="Back Door, SubSeven, TransScout"
add chain=virus protocol=tcp action=drop dst-port=2000
comment="Der Spaeher, Insane Network, \
Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=2001
comment="Der Spaeher, Trojan Cow"
add chain=virus protocol=tcp action=drop dst-port=2023
comment="Ripper Pro"
add chain=virus protocol=tcp action=drop dst-port=2080
comment="WinHole"

add chain=virus protocol=tcp action=drop dst-port=2115


comment="Bugs"
add chain=virus protocol=udp action=drop dst-port=2130
comment="Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=2140
comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=2140
comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=2155
comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=2255
comment="Nirvana"
add chain=virus protocol=tcp action=drop dst-port=2283
comment="Hvl RAT"
add chain=virus protocol=tcp action=drop dst-port=2300
comment="Xplorer"
add chain=virus protocol=tcp action=drop dst-port=2311
comment="Studio 54"
add chain=virus protocol=tcp action=drop dst-port=2330-2339
comment="Contact"
add chain=virus protocol=udp action=drop dst-port=2339
comment="Voice Spy"
add chain=virus protocol=tcp action=drop dst-port=2345
comment="Doly Trojan"
add chain=virus protocol=tcp action=drop dst-port=2565
comment="Striker trojan"
add chain=virus protocol=tcp action=drop dst-port=2583
comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=2600
comment="Digital RootBeer"

add chain=virus protocol=tcp action=drop dst-port=2716


comment="The Prayer"
add chain=virus protocol=tcp action=drop dst-port=2773-2774
comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=2801
comment="Phineas Phucker"
add chain=virus protocol=udp action=drop dst-port=2989
comment="Remote Administration Tool RAT"
add chain=virus protocol=tcp action=drop dst-port=3000
comment="Remote Shut"
add chain=virus protocol=tcp action=drop dst-port=3024
comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=3031
comment="Microspy"
add chain=virus protocol=tcp action=drop dst-port=3128
comment="Reverse WWW Tunnel Backdoor, RingZero"
add chain=virus protocol=tcp action=drop dst-port=3129
comment="Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=3150
comment="The Invasor"
add chain=virus protocol=udp action=drop dst-port=3150
comment="Deep Throat, Foreplay, Mini Backlash"
add chain=virus protocol=tcp action=drop dst-port=3456
comment="Terror trojan"
add chain=virus protocol=tcp action=drop dst-port=3459
comment="Eclipse 2000, Sanctuary"
add chain=virus protocol=tcp action=drop dst-port=3700
comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=3777
comment="PsychWard"

add chain=virus protocol=tcp action=drop dst-port=3791-3801


comment="Total Solar Eclypse"
add chain=virus protocol=tcp action=drop dst-port=4000
comment="SkyDance"
add chain=virus protocol=tcp action=drop dst-port=4092
comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=4242
comment="Virtual Hacking Machine VHM"
add chain=virus protocol=tcp action=drop dst-port=4321
comment="BoBo"
add chain=virus protocol=tcp action=drop dst-port=4444
comment="Prosiak, Swift Remote"
add chain=virus protocol=tcp action=drop dst-port=4567
comment="File Nail"
add chain=virus protocol=tcp action=drop dst-port=4590
comment="ICQ Trojan"
add chain=virus protocol=tcp action=drop dst-port=4950
comment="ICQ Trogen Lm"
add chain=virus protocol=tcp action=drop dst-port=5000
comment="Back Door Setup, Blazer5, \
Bubbel, ICKiller, Ra1d, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5001
comment="Back Door Setup, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=5002
comment="cd00r, Shaft"
add chain=virus protocol=tcp action=drop dst-port=5010
comment="Solo"
add chain=virus protocol=tcp action=drop dst-port=5011
comment="One of the Last Trojans OOTLT, \
One of the Last Trojans OOTLT, modified"

add chain=virus protocol=tcp action=drop dst-port=5025


comment="WM Remote KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=5031-5032
comment="Net Metropolitan"
add chain=virus protocol=tcp action=drop dst-port=5321
comment="Firehotcker"
add chain=virus protocol=tcp action=drop dst-port=5333
comment="Backage, NetDemon"
add chain=virus protocol=tcp action=drop dst-port=5343
comment="wCrat WC Remote Administration Tool"
add chain=virus protocol=tcp action=drop dst-port=5400-5402
comment="Back Construction, Blade Runner"
add chain=virus protocol=tcp action=drop dst-port=5512
comment="Illusion Mailer"
add chain=virus protocol=tcp action=drop dst-port=5534
comment="The Flu"
add chain=virus protocol=tcp action=drop dst-port=5550
comment="Xtcp"
add chain=virus protocol=tcp action=drop dst-port=5555
comment="ServeMe"
add chain=virus protocol=tcp action=drop dst-port=5556-5557
comment="BO Facil"
add chain=virus protocol=tcp action=drop dst-port=5569
comment="Robo-Hack"
add chain=virus protocol=tcp action=drop dst-port=5637-5638
comment="PC Crasher"
add chain=virus protocol=tcp action=drop dst-port=5742
comment="WinCrash"
add chain=virus protocol=tcp action=drop dst-port=5760
comment="Portmap Remote Root Linux Exploit"

add chain=virus protocol=tcp action=drop dst-port=5880-5889


comment="Y3K RAT"
add chain=virus protocol=tcp action=drop dst-port=6000
comment="The Thing"
add chain=virus protocol=tcp action=drop dst-port=6006
comment="Bad Blood"
add chain=virus protocol=tcp action=drop dst-port=6272
comment="Secret Service"
add chain=virus protocol=tcp action=drop dst-port=6400
comment="The Thing"
add chain=virus protocol=tcp action=drop dst-port=6661
comment="TEMan, Weia-Meia"
add chain=virus protocol=tcp action=drop dst-port=6666
comment="Dark Connection Inside, NetBus worm"
add chain=virus protocol=tcp action=drop dst-port=6667
comment="Dark FTP, ScheduleAgent, \
SubSeven, Subseven 2.1.4 DefCon 8, Trinity, WinSatan"
add chain=virus protocol=tcp action=drop dst-port=6669
comment="Host Control, Vampire"
add chain=virus protocol=tcp action=drop dst-port=6670
comment="BackWeb Server, Deep Throat, \
Foreplay, WinNuke eXtreame"
add chain=virus protocol=tcp action=drop dst-port=6711
comment="BackDoor-G, SubSeven, VP Killer"
add chain=virus protocol=tcp action=drop dst-port=6712
comment="Funny trojan, SubSeven"
add chain=virus protocol=tcp action=drop dst-port=6713
comment="SubSeven"
add chain=virus protocol=tcp action=drop dst-port=6723
comment="Mstream"

add chain=virus protocol=tcp action=drop dst-port=6771


comment="Deep Throat, Foreplay"
add chain=virus protocol=tcp action=drop dst-port=6776
comment="2000 Cracks, BackDoor-G, SubSeven, VP Killer"
add chain=virus protocol=udp action=drop dst-port=6838
comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=6883
comment="Delta Source DarkStar"
add chain=virus protocol=tcp action=drop dst-port=6912
comment="Shit Heep"
add chain=virus protocol=tcp action=drop dst-port=6939
comment="Indoctrination"
add chain=virus protocol=tcp action=drop dst-port=6969-6970
comment="GateCrasher, IRC 3, \
Net Controller, Priority"
add chain=virus protocol=tcp action=drop dst-port=7000
comment="Exploit Translation Server, \
Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=7001
comment="Freak88, Freak2k"
add chain=virus protocol=tcp action=drop dst-port=7215
comment="SubSeven, SubSeven 2.1 Gold"
add chain=virus protocol=tcp action=drop dst-port=7300-7308
comment="NetMonitor"
add chain=virus protocol=tcp action=drop dst-port=7424
comment="Host Control"
add chain=virus protocol=udp action=drop dst-port=7424
comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=7597
comment="Qaz"

add chain=virus protocol=tcp action=drop dst-port=7626


comment="Glacier"
add chain=virus protocol=tcp action=drop dst-port=7777
comment="God Message, Tini"
add chain=virus protocol=tcp action=drop dst-port=7789
comment="Back Door Setup, ICKiller"
add chain=virus protocol=tcp action=drop dst-port=7891
comment="The ReVeNgEr"
add chain=virus protocol=tcp action=drop dst-port=7983
comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=8787
comment="Back Orifice 2000"
add chain=virus protocol=tcp action=drop dst-port=8988
comment="BacHack"
add chain=virus protocol=tcp action=drop dst-port=8989
comment="Rcon, Recon, Xcon"
add chain=virus protocol=tcp action=drop dst-port=9000
comment="Netministrator"
add chain=virus protocol=udp action=drop dst-port=9325
comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=9400
comment="InCommand"
add chain=virus protocol=tcp action=drop dst-port=9872-9875
comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=9876
comment="Cyber Attacker, Rux"
add chain=virus protocol=tcp action=drop dst-port=9878
comment="TransScout"
add chain=virus protocol=tcp action=drop dst-port=9989
comment="Ini-Killer"

add chain=virus protocol=tcp action=drop dst-port=9999


comment="The Prayer"
add chain=virus protocol=tcp action=drop dst-port=10000-10005
comment="OpwinTRojan"
add chain=virus protocol=udp action=drop dst-port=10067
comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=10085-10086
comment="Syphillis"
add chain=virus protocol=tcp action=drop dst-port=10100
comment="Control Total, Gift trojan"
add chain=virus protocol=tcp action=drop dst-port=10101
comment="BrainSpy, Silencer"
add chain=virus protocol=udp action=drop dst-port=10167
comment="Portal of Doom"
add chain=virus protocol=tcp action=drop dst-port=10520
comment="Acid Shivers"
add chain=virus protocol=tcp action=drop dst-port=10528
comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=10607
comment="Coma"
add chain=virus protocol=udp action=drop dst-port=10666
comment="Ambush"
add chain=virus protocol=tcp action=drop dst-port=11000
comment="Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=11050-11051
comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=11223
comment="Progenic trojan, Secret Agent"
add chain=virus protocol=tcp action=drop dst-port=12076
comment="Gjamer"

add chain=virus protocol=tcp action=drop dst-port=12223


comment="Hack99 KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=12345
comment="Ashley, cron crontab, \
Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic,
NetBus, NetBus Toy, \
NetBus worm, Pie Bill Gates, Whack Job, X-bill"
add chain=virus protocol=tcp action=drop dst-port=12346
comment="Fat Bitch trojan, GabanBus, NetBus, X-bill"
add chain=virus protocol=tcp action=drop dst-port=12349
comment="BioNet"
add chain=virus protocol=tcp action=drop dst-port=12361-12363
comment="Whack-a-mole"
add chain=virus protocol=udp action=drop dst-port=12623
comment="DUN Control"
add chain=virus protocol=tcp action=drop dst-port=12624
comment="ButtMan"
add chain=virus protocol=tcp action=drop dst-port=12631
comment="Whack Job"
add chain=virus protocol=tcp action=drop dst-port=12754
comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=13000
comment="Senna Spy Trojan Generator, \
Senna Spy Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=13010
comment="Hacker Brasil HBR"
add chain=virus protocol=tcp action=drop dst-port=13013-13014
comment="PsychWard"
add chain=virus protocol=tcp action=drop dst-port=13223
comment="Hack99 KeyLogger"

add chain=virus protocol=tcp action=drop dst-port=13473


comment="Chupacabra"
add chain=virus protocol=tcp action=drop dst-port=14500-14503
comment="PC Invader"
add chain=virus protocol=tcp action=drop dst-port=15000
comment="NetDemon"
add chain=virus protocol=tcp action=drop dst-port=15092
comment="Host Control"
add chain=virus protocol=tcp action=drop dst-port=15104
comment="Mstream"
add chain=virus protocol=tcp action=drop dst-port=15382
comment="SubZero"
add chain=virus protocol=tcp action=drop dst-port=15858
comment="CDK"
add chain=virus protocol=tcp action=drop dst-port=16484
comment="Mosucker"
add chain=virus protocol=tcp action=drop dst-port=16660
comment="Stacheldraht"
add chain=virus protocol=tcp action=drop dst-port=16772
comment="ICQ Revenge"
add chain=virus protocol=tcp action=drop dst-port=16959
comment="SubSeven, Subseven 2.1.4 DefCon 8"
add chain=virus protocol=tcp action=drop dst-port=16969
comment="Priority"
add chain=virus protocol=tcp action=drop dst-port=17166
comment="Mosaic"
add chain=virus protocol=tcp action=drop dst-port=17300
comment="Kuang2 the virus"
add chain=virus protocol=tcp action=drop dst-port=17449
comment="Kid Terror"

add chain=virus protocol=tcp action=drop dst-port=17499-17500


comment="CrazzyNet"
add chain=virus protocol=tcp action=drop dst-port=17569
comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=17593
comment="Audiodoor"
add chain=virus protocol=tcp action=drop dst-port=17777
comment="Nephron"
add chain=virus protocol=udp action=drop dst-port=18753
comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=19864
comment="ICQ Revenge"
add chain=virus protocol=tcp action=drop dst-port=20000
comment="Millenium"
add chain=virus protocol=tcp action=drop dst-port=20001
comment="Millenium, Millenium Lm"
add chain=virus protocol=tcp action=drop dst-port=20002
comment="AcidkoR"
add chain=virus protocol=tcp action=drop dst-port=20005
comment="Mosucker"
add chain=virus protocol=tcp action=drop dst-port=20023
comment="VP Killer"
add chain=virus protocol=tcp action=drop dst-port=20034
comment="NetBus 2.0 Pro, \
NetBus 2.0 Pro Hidden, NetRex, Whack Job"
add chain=virus protocol=tcp action=drop dst-port=20203
comment="Chupacabra"
add chain=virus protocol=tcp action=drop dst-port=20331
comment="BLA trojan"
add chain=virus protocol=tcp action=drop dst-port=20432
comment="Shaft"

add chain=virus protocol=udp action=drop dst-port=20433


comment="Shaft"
add chain=virus protocol=tcp action=drop dst-port=21544
comment="GirlFriend, Kid Terror"
add chain=virus protocol=tcp action=drop dst-port=21554
comment="Exploiter, \
Kid Terror, Schwindler, Winsp00fer"
add chain=virus protocol=tcp action=drop dst-port=22222
comment="Donald Dick, \
Prosiak, Ruler, RUX The TIc.K"
add chain=virus protocol=tcp action=drop dst-port=23005-23006
comment="NetTrash"
add chain=virus protocol=tcp action=drop dst-port=23023
comment="Logged"
add chain=virus protocol=tcp action=drop dst-port=23032
comment="Amanda"
add chain=virus protocol=tcp action=drop dst-port=23432
comment="Asylum"
add chain=virus protocol=tcp action=drop dst-port=23456
comment="Evil FTP, Ugly FTP, Whack Job"
add chain=virus protocol=tcp action=drop dst-port=23476
comment="Donald Dick"
add chain=virus protocol=udp action=drop dst-port=23476
comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=23477
comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=23777
comment="InetSpy"
add chain=virus protocol=tcp action=drop dst-port=24000
comment="Infector"

add chain=virus protocol=tcp action=drop dst-port=25685-25982


comment="Moonpie"
add chain=virus protocol=udp action=drop dst-port=26274
comment="Delta Source"
add chain=virus protocol=tcp action=drop dst-port=26681
comment="Voice Spy"
add chain=virus protocol=tcp action=drop dst-port=27374
comment="Bad Blood, Ramen, Seeker, \
SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven
Muie, Ttfloader"
add chain=virus protocol=udp action=drop dst-port=27444
comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=27573
comment="SubSeven"
add chain=virus protocol=tcp action=drop dst-port=27665
comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=28678
comment="Exploit"er
add chain=virus protocol=tcp action=drop dst-port=29104
comment="NetTrojan"
add chain=virus protocol=tcp action=drop dst-port=29369
comment="ovasOn"
add chain=virus protocol=tcp action=drop dst-port=29891
comment="The Unexplained"
add chain=virus protocol=tcp action=drop dst-port=30000
comment="Infector"
add chain=virus protocol=tcp action=drop dst-port=30001
comment="ErrOr32"
add chain=virus protocol=tcp action=drop dst-port=30003
comment="Lamers Death"

add chain=virus protocol=tcp action=drop dst-port=30029


comment="AOL trojan"
add chain=virus protocol=tcp action=drop dst-port=30100-30133
comment="NetSphere"
add chain=virus protocol=udp action=drop dst-port=30103
comment="NetSphere"
add chain=virus protocol=tcp action=drop dst-port=30303
comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=30947
comment="Intruse"
add chain=virus protocol=tcp action=drop dst-port=30999
comment="Kuang2"
add chain=virus protocol=tcp action=drop dst-port=31335
comment="Trinoo"
add chain=virus protocol=tcp action=drop dst-port=31336
comment="Bo Whack, Butt Funnel"
add chain=virus protocol=tcp action=drop dst-port=31337
comment="Back Fire, Back Orifice 1.20 patches, \
Back Orifice Lm, Back Orifice russian, Baron Night, Beeone, BO
client, BO Facil, BO spy, BO2, \
cron crontab, Freak88, Freak2k, icmp_pipe.c, Sockdmini"
add chain=virus protocol=udp action=drop dst-port=31337
comment="Back Orifice, Deep BO"
add chain=virus protocol=tcp action=drop dst-port=31338
comment="Back Orifice, Butt Funnel, NetSpy DK"
add chain=virus protocol=udp action=drop dst-port=31338
comment="Deep BO"
add chain=virus protocol=tcp action=drop dst-port=31339
comment="NetSpy DK"
add chain=virus protocol=tcp action=drop dst-port=31666
comment="BOWhack"

add chain=virus protocol=tcp action=drop dst-port=31785-31792


comment="Hack a Tack"
add chain=virus protocol=udp action=drop dst-port=31791-31792
comment="Hack a Tack"
add chain=virus protocol=tcp action=drop dst-port=32001
comment="Donald Dick"
add chain=virus protocol=tcp action=drop dst-port=32100
comment="Peanut Brittle, Project nEXT"
add chain=virus protocol=tcp action=drop dst-port=32418
comment="Acid Battery"
add chain=virus protocol=tcp action=drop dst-port=33270
comment="Trinity"
add chain=virus protocol=tcp action=drop dst-port=33333
comment="Blakharaz, Prosiak"
add chain=virus protocol=tcp action=drop dst-port=33577-33777
comment="Son of PsychWard"
add chain=virus protocol=tcp action=drop dst-port=33911
comment="Spirit 2000, Spirit 2001"
add chain=virus protocol=tcp action=drop dst-port=34324
comment="Big Gluck, TN"
add chain=virus protocol=tcp action=drop dst-port=34444
comment="Donald Dick"
add chain=virus protocol=udp action=drop dst-port=34555-35555
comment="Trinoo for Windows"
add chain=virus protocol=tcp action=drop dst-port=37237
comment="Mantis"
add chain=virus protocol=tcp action=drop dst-port=37651
comment="Yet Another Trojan YAT"
add chain=virus protocol=tcp action=drop dst-port=40412
comment="The Spy"

add chain=virus protocol=tcp action=drop dst-port=40421


comment="Agent 40421, Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=40422-40426
comment="Masters Paradise"
add chain=virus protocol=tcp action=drop dst-port=41337
comment="Storm"
add chain=virus protocol=tcp action=drop dst-port=41666
comment="Remote Boot Tool RBT, Remote Boot Tool RBT"
add chain=virus protocol=tcp action=drop dst-port=44444
comment="Prosiak"
add chain=virus protocol=tcp action=drop dst-port=44575
comment="Exploiter"
add chain=virus protocol=udp action=drop dst-port=47262
comment="Delta Source"
add chain=virus protocol=tcp action=drop dst-port=49301
comment="OnLine KeyLogger"
add chain=virus protocol=tcp action=drop dst-port=50130
comment="Enterprise"
add chain=virus protocol=tcp action=drop dst-port=50505
comment="Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=50766
comment="Fore, Schwindler"
add chain=virus protocol=tcp action=drop dst-port=51966
comment="Cafeini"
add chain=virus protocol=tcp action=drop dst-port=52317
comment="Acid Battery 2000"
add chain=virus protocol=tcp action=drop dst-port=53001
comment="Remote Windows Shutdown RWS"
add chain=virus protocol=tcp action=drop dst-port=54283
comment="SubSeven, SubSeven 2.1 Gold"

add chain=virus protocol=tcp action=drop dst-port=54320


comment="Back Orifice 2000"
add chain=virus protocol=tcp action=drop dst-port=54321
comment="Back Orifice 2000, School Bus"
add chain=virus protocol=tcp action=drop dst-port=55165
comment="File Manager trojan, \
File Manager trojan, WM Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=55166
comment="WM Trojan Generator"
add chain=virus protocol=tcp action=drop dst-port=57341
comment="NetRaider"
add chain=virus protocol=tcp action=drop dst-port=58339
comment="Butt Funnel"
add chain=virus protocol=tcp action=drop dst-port=60000
comment="Deep Throat, Foreplay, Sockets des Troie"
add chain=virus protocol=tcp action=drop dst-port=60001
comment="Trinity"
add chain=virus protocol=tcp action=drop dst-port=60068
comment="Xzip 6000068"
add chain=virus protocol=tcp action=drop dst-port=60411
comment="Connection"
add chain=virus protocol=tcp action=drop dst-port=61348
comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=61466
comment="TeleCommando"
add chain=virus protocol=tcp action=drop dst-port=61603
comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=63485
comment="Bunker-Hill"
add chain=virus protocol=tcp action=drop dst-port=64101
comment="Taskman"

add chain=virus protocol=tcp action=drop dst-port=65000


comment="Devil, Sockets des Troie, Stacheldraht"
add chain=virus protocol=tcp action=drop dst-port=65390
comment="Eclypse"
add chain=virus protocol=tcp action=drop dst-port=65421
comment="Jade"
add chain=virus protocol=tcp action=drop dst-port=65432
comment="The Traitor th3tr41t0r"
add chain=virus protocol=udp action=drop dst-port=65432
comment="The Traitor th3tr41t0r"
add chain=virus protocol=tcp action=drop dst-port=65534
comment="sbin initd"
add chain=virus protocol=tcp action=drop dst-port=65535
comment="RC1 trojan"
add chain=forward action=jump jump-target=virus comment="jump
to the virus chain"
/ip firewall filter
add action=accept chain=input comment="Allow Established
connections" \
connection-state=established disabled=no
add action=accept chain=input comment="Allow Related
connections" \
connection-state=related disabled=no
add action=accept chain=input comment="Allow ICMP from Local
Network" \
disabled=no protocol=icmp src-address-list=LocalNet
add action=accept chain=input comment="Allow ICMP from PROXY
Network" \
disabled=no protocol=icmp src-address-list=ProxyNET

add action=accept chain=input comment="Allow ICMP from RT RW


NET Network" \
disabled=no protocol=icmp src-address-list=RtrwnetNet
add action=accept chain=input comment="Allow ICMP from
HOTSPOT Network" \
disabled=no protocol=icmp src-address-list=hotspotNet
add action=accept chain=input comment="Allow Input from Local
Network" \
disabled=no src-address-list=LocalNet
add action=accept chain=input comment="Allow Input from PROXY
Network" \
disabled=no src-address-list=ProxyNET
add action=accept chain=input comment="Allow Input from RT RW
NET Network" \
disabled=no src-address-list=RtrwnetNet
add action=accept chain=input comment="Allow Input from
HOTSPOT Network" \
disabled=no src-address-list=hotspotNet
/ip firewall filter
add action=drop chain=input comment="Drop everything else"
disabled=no
add action=jump chain=forward comment="Bad packets filtering"
disabled=no \
jump-target=tcp protocol=tcp
add action=jump chain=forward comment="" disabled=no jumptarget=udp \
protocol=udp
add action=jump chain=forward comment="" disabled=no jumptarget=icmp \

protocol=icmp
add action=drop chain=tcp comment="deny SMTP" disabled=no
dst-port=25 \
protocol=tcp
add action=drop chain=tcp comment="deny TFTP" disabled=no dstport=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper"
disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper"
disabled=no dst-port=\
135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dstport=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dstport=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dstport=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no
dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no
dst-port=20034 \
protocol=tcp

add action=drop chain=tcp comment="deny BackOriffice"


disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no
dst-port=67-68 \
protocol=tcp
add action=drop chain=tcp comment="deny P2P" disabled=no
p2p=all-p2p
add action=drop chain=udp comment="deny TFTP" disabled=no
dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper"
disabled=no dst-port=\
111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper"
disabled=no dst-port=\
135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dstport=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dstport=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice"
disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp

add action=accept chain=icmp comment="limit packets 5/secs"


disabled=no \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no \
icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp comment="limit packets 5/secs"
disabled=no \
icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=icmp comment="Drop other icmp packets"
disabled=no
add action=accept chain=forward comment="Allow Established
connections" \
connection-state=established disabled=no
/ip firewall filter
add action=accept chain=forward comment="Allow Forward from
Local Network" \
disabled=no src-address-list=LocalNet
add action=accept chain=forward comment="Allow Forward from
PROXY Network" \
disabled=no src-address-list=ProxyNET
add action=accept chain=forward comment="Allow Forward from RT
RW NET Network" \

disabled=no src-address-list=RtrwnetNet
add action=accept chain=forward comment="Allow Forward from
HOTSPOT Network" \
disabled=no src-address-list=hotspotNet
/ip firewall nat
add action=masquerade src-address-list=LocalNet chain=srcnat
comment="NAT-Local" disabled=no \
out-interface=Speedy
add action=masquerade src-address-list=ProxyNet chain=srcnat
comment="NAT-PROXY" disabled=no \
out-interface=Speedy
add action=masquerade src-address-list=RtrwnetNet chain=srcnat
comment="NAT-Rtrwnet" disabled=no \
out-interface=Speedy
add action=masquerade src-address-list=hotspotNet chain=srcnat
comment="HOTSPOTnet" disabled=no \
out-interface=Speedy
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY
Local" disabled=no \
src-address=192.168.9.2-192.168.9.30 dst-port=80,8080,3128 ininterface=Local \
protocol=tcp to-addresses=192.168.3.3 to-ports=3128
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY
Rtrwnet" disabled=no \
src-address=192.168.4.1-192.168.4.30 dst-port=80,8080,3128 ininterface=Local \
protocol=tcp to-addresses=192.168.3.3 to-ports=3128

add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY


HOTSPOT" disabled=no \
src-address=192.168.5.1-192.168.5.30 dst-port=80,8080,3128 ininterface=hotspot \
protocol=tcp to-addresses=192.168.3.3 to-ports=3128
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS
LOKAL" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dstport=53 \
in-interface=Local protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS
Rtrwnet" disabled=no \
dst-port=53 in-interface=Rtrwnet protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dstport=53 \
in-interface=Rtrwnet protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS
HOTSPOT" disabled=no \
dst-port=53 in-interface=hotspot protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dstport=53 \
in-interface=hotspot protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dstport=53 \
in-interface=Proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dstport=53 \
in-interface=Proxy protocol=tcp to-ports=53

/ip firewall mangle


add action=mark-packet chain=forward comment="PROXY-HIT-DSCP
12" disabled=no \
dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=change-dscp chain=postrouting comment=CRITICAL
disabled=no \
new-dscp=1 protocol=icmp
add action=change-dscp chain=postrouting comment=""
disabled=no dst-port=53 \
new-dscp=1 protocol=udp
add action=change-dscp chain=postrouting comment=""
disabled=no dst-port=53 \
new-dscp=1 protocol=tcp
add action=mark-connection chain=postrouting comment=""
disabled=no dscp=1 \
new-connection-mark=critical_conn passthrough=yes
add action=mark-packet chain=postrouting comment=""
connection-mark=\
critical_conn disabled=no new-packet-mark=critical_pkt
passthrough=no
add action=mark-connection chain=prerouting comment=MARKALL-CONN disabled=no \
dst-address-list=!LocalNet in-interface=Local new-connectionmark=\
all.pre_conn passthrough=yes
add action=mark-connection chain=prerouting comment=MARKALL-CONN disabled=no \
dst-address-list=!RtrwnetNet in-interface=Rtrwnet new-connectionmark=\

all.pre_conn passthrough=yes
add action=mark-connection chain=prerouting comment=MARKALL-CONN disabled=no \
dst-address-list=!hotspotNet in-interface=hotspot new-connectionmark=\
all.pre_conn passthrough=yes
add action=mark-connection chain=forward comment="Local"
disabled=no \
new-connection-mark=all.post_conn out-interface=Local
passthrough=yes \
src-address-list=!LocalNet
add action=mark-connection chain=forward comment="RT RW NET"
disabled=no \
new-connection-mark=all.post_conn out-interface=Rtrwnet
passthrough=yes \
src-address-list=!RtrwnetNet
add action=mark-connection chain=forward comment="HOTSPOT"
disabled=no \
new-connection-mark=all.post_conn out-interface=hotspot
passthrough=yes \
src-address-list=!hotspotNet
add action=mark-packet chain=prerouting comment="" connectionmark=\
all.pre_conn disabled=no new-packet-mark=all.pre_pkt
passthrough=yes
add action=mark-packet chain=forward comment="" connectionmark=all.post_conn \
disabled=no new-packet-mark=all.post_pkt passthrough=yes

add action=mark-connection chain=prerouting comment=GAMES


connection-mark=\
all.pre_conn disabled=no dst-port=9339,843 new-connectionmark=games_conn \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=""
connection-mark=\
all.pre_conn disabled=no dst-port=40000-40010 new-connectionmark=\
games_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" connectionmark=games_conn \
disabled=no new-packet-mark=games_pkt passthrough=no
add action=mark-connection chain=prerouting comment=HTTPCLIENT \
connection-mark=all.pre_conn disabled=no new-connection-mark=\
browsing_conn packet-size=0-64 passthrough=yes protocol=tcp tcpflags=ack
add action=mark-connection chain=prerouting comment=""
connection-mark=\
all.pre_conn disabled=no dst-port=80,443 new-connection-mark=\
browsing_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=0-131072 \
connection-mark=browsing_conn disabled=no new-packetmark=browsing_pkt \
passthrough=no protocol=tcp
add action=mark-connection chain=prerouting comment=HTTPPROXY disabled=no \

dst-address-list=!LocalNet dst-port=80,443 new-connectionmark=proxy_conn \


passthrough=yes protocol=tcp src-address-list=ProxyNET
add action=mark-connection chain=prerouting comment=HTTPPROXY disabled=no \
dst-address-list=!RtrwnetNet dst-port=80,443 new-connectionmark=proxy_conn \
passthrough=yes protocol=tcp src-address-list=ProxyNET
add action=mark-connection chain=prerouting comment=HTTPPROXY disabled=no \
dst-address-list=!hotspotNet dst-port=80,443 new-connectionmark=proxy_conn \
passthrough=yes protocol=tcp src-address-list=ProxyNET
add action=mark-packet chain=forward comment="" connectionmark=proxy_conn \
disabled=no new-packet-mark=proxy_pkt passthrough=no
add action=mark-connection chain=prerouting comment=REALTIME
connection-mark=\
all.pre_conn disabled=no dst-port=22,179,110,161,8291 \
new-connection-mark=realtime_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=""
connection-mark=\
all.pre_conn disabled=no dst-port=123 new-connectionmark=realtime_conn \
passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="" connectionmark=realtime_conn \
disabled=no new-packet-mark=realtime_pkt passthrough=no

add action=mark-connection chain=prerouting


comment=FILETRANSER \
connection-mark=all.pre_conn disabled=no dst-port=20,21,23 \
new-connection-mark=communication_conn passthrough=yes
protocol=tcp
add action=mark-packet chain=forward comment="" connectionmark=\
communication_conn disabled=no new-packetmark=communication_pkt \
passthrough=no
add action=mark-connection chain=prerouting comment=NORMAL
connection-mark=\
all.pre_conn disabled=no dst-address-list=!ProxyNET newconnection-mark=\
normal_conn passthrough=yes
add action=mark-packet chain=forward comment="" connectionmark=normal_conn \
disabled=no new-packet-mark=normal_pkt passthrough=no
/ip firewall mangle
add action=mark-packet chain=forward comment=DOWNLOAD
connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.1 new-packet-mark=Billing passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=DOWNLOAD
connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.2 new-packet-mark=client1 passthrough=no protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.3 new-packet-mark=client2 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.4 new-packet-mark=client3 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.6 new-packet-mark=client5 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.7 new-packet-mark=client6 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.8 new-packet-mark=client7 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\

192.168.9.9 new-packet-mark=client8 passthrough=no protocol=tcp


add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.10 new-packet-mark=client9 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.11 new-packet-mark=client10 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.12 new-packet-mark=client11 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.13 new-packet-mark=client12 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.14 new-packet-mark=client13 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.15 new-packet-mark=client14 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.16 new-packet-mark=client15 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.17 new-packet-mark=client16 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.18 new-packet-mark=client17 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.19 new-packet-mark=client18 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.20 new-packet-mark=client19 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.21 new-packet-mark=client20 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.22 new-packet-mark=client21 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.23 new-packet-mark=client22 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.24 new-packet-mark=client23 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.25 new-packet-mark=client24 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.26 new-packet-mark=client25 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.27 new-packet-mark=client26 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.28 new-packet-mark=client27 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.29 new-packet-mark=client28 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.9.30 new-packet-mark=client29 passthrough=no
protocol=tcp
/ip firewall mangle
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.2 new-packet-mark=Rtrwnet2 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.3 new-packet-mark=Rtrwnet3 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.4 new-packet-mark=Rtrwnet4 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.5 new-packet-mark=Rtrwnet5 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.6 new-packet-mark=Rtrwnet6 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.7 new-packet-mark=Rtrwnet7 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.8 new-packet-mark=Rtrwnet8 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.9 new-packet-mark=Rtrwnet9 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.10 new-packet-mark=Rtrwnet10 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.11 new-packet-mark=Rtrwnet11 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.12 new-packet-mark=Rtrwnet12 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.13 new-packet-mark=Rtrwnet13 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.14 new-packet-mark=Rtrwnet14 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.15 new-packet-mark=Rtrwnet15 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.16 new-packet-mark=Rtrwnet16 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.17 new-packet-mark=Rtrwnet17 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.18 new-packet-mark=Rtrwnet18 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.19 new-packet-mark=Rtrwnet19 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.20 new-packet-mark=Rtrwnet20 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.21 new-packet-mark=Rtrwnet21 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.22 new-packet-mark=Rtrwnet22 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.23 new-packet-mark=Rtrwnet23 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.24 new-packet-mark=Rtrwnet24 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.25 new-packet-mark=Rtrwnet25 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.26 new-packet-mark=Rtrwnet26 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.27 new-packet-mark=Rtrwnet27 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.28 new-packet-mark=Rtrwnet28 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.29 new-packet-mark=Rtrwnet29 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.30 new-packet-mark=Rtrwnet30 passthrough=no
protocol=tcp
/ip firewall mangle

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.2 new-packet-mark=hotspot2 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.3 new-packet-mark=hotspot3 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.4 new-packet-mark=hotspot4 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.5 new-packet-mark=hotspot5 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.6 new-packet-mark=hotspot6 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.7 new-packet-mark=hotspot7 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.8 new-packet-mark=hotspot8 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.9 new-packet-mark=hotspot9 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.10 new-packet-mark=hotspot10 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.11 new-packet-mark=hotspot11 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.12 new-packet-mark=hotspot12 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.13 new-packet-mark=hotspot13 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.14 new-packet-mark=hotspot14 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.15 new-packet-mark=hotspot15 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.16 new-packet-mark=hotspot16 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.17 new-packet-mark=hotspot17 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.18 new-packet-mark=hotspot18 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.19 new-packet-mark=hotspot19 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.20 new-packet-mark=hotspot20 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.21 new-packet-mark=hotspot21 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.22 new-packet-mark=hotspot22 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.23 new-packet-mark=hotspot23 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.24 new-packet-mark=hotspot24 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.25 new-packet-mark=hotspot25 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.26 new-packet-mark=hotspot26 passthrough=no
protocol=tcp

add action=mark-packet chain=forward comment="" connectionbytes=\


131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.27 new-packet-mark=hotspot27 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.28 new-packet-mark=hotspot28 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.29 new-packet-mark=hotspot29 passthrough=no
protocol=tcp
add action=mark-packet chain=forward comment="" connectionbytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.5.30 new-packet-mark=hotspot30 passthrough=no
protocol=tcp
/queue type
add kind=pcq name=pcq_up pcq-classifier=src-address pcqlimit=200 pcq-rate=0 \
pcq-total-limit=8000
add kind=pcq name=pcq_down pcq-classifier=dst-address pcqlimit=200 pcq-rate=\

0 pcq-total-limit=8000
add kind=pfifo name=pfifo-critical pfifo-limit=10
add kind=pcq name=pcq_critical.up pcq-classifier=src-address,srcport \
pcq-limit=20 pcq-rate=0 pcq-total-limit=500
add kind=pcq name=pcq_critical.down pcq-classifier=dstaddress,dst-port \
pcq-limit=20 pcq-rate=0 pcq-total-limit=500
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="A. PROXY HIT Local" packet-mark=proxy-hit
parent=Local \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="E. PROXY HIT RTRWNET" packet-mark=proxy-hit
parent=Rtrwnet \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="F. PROXY HIT HOTSPOT" packet-mark=proxy-hit
parent=hotspot \
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="B. CRITICAL" packet-mark=critical_pkt
parent=Speedy \
priority=1 queue=pfifo-critical

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=0 name="C. INBOUND" packet-mark=all.post_pkt
parent=global-out \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="D. OUTBOUND" packet-mark=all.pre_pkt
parent=Speedy \
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="A. GAMES" packet-mark=games_pkt parent="C.
INBOUND" \
priority=2 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="B. HTTP" packet-mark=browsing_pkt
parent="C. INBOUND" \
priority=3 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="C. REALTIME" packet-mark=realtime_pkt
parent=\
"C. INBOUND" priority=4 queue=pcq_critical.down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="D. FILETRANS" packetmark=communication_pkt parent=\

"C. INBOUND" priority=5 queue=pcq_down


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="E. NORMAL" packet-mark=normal_pkt
parent=\
"C. INBOUND" priority=6 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=1024k name="F. DOWNCLIENT 1M" parent="C. INBOUND"
priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=1024k name="F. DOWNRTRW 1M" parent="C. INBOUND"
priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=1024k name="F. DOWNHOTSPOT 1M" parent="C.
INBOUND" priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=0 name="G. DOWN 2M" parent="C. INBOUND" priority=8
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Billing packet-mark=Billing parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=Client1 packet-mark=client1 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client2 packet-mark=client2 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client3 packet-mark=client3 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client4 packet-mark=client4 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client5 packet-mark=client5 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client6 packet-mark=client6 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client7 packet-mark=client7 parent=\

"F. DOWNCLIENT 1M" priority=8 queue=pcq_down


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client8 packet-mark=client8 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client9 packet-mark=client9 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client10 packet-mark=client10 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client11 packet-mark=client11 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client12 packet-mark=client12 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client13 packet-mark=client13 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \

max-limit=256k name=Client14 packet-mark=client14 parent=\


"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client15 packet-mark=client15 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client16 packet-mark=client16 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client17 packet-mark=client17 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client18 packet-mark=client18 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client19 packet-mark=client19 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client20 packet-mark=client20 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=Client21 packet-mark=client21 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client22 packet-mark=client22 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client23 packet-mark=client23 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client24 packet-mark=client24 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client25 packet-mark=client25 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client26 packet-mark=client26 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client27 packet-mark=client27 parent=\

"F. DOWNCLIENT 1M" priority=8 queue=pcq_down


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client28 packet-mark=client28 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client29 packet-mark=client29 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Client30 packet-mark=client30 parent=\
"F. DOWNCLIENT 1M" priority=8 queue=pcq_down
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet1 packet-mark=Rtrwnet1 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet2 packet-mark=Rtrwnet2 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet3 packet-mark=Rtrwnet3 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=Rtrwnet4 packet-mark=Rtrwnet4 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet5 packet-mark=Rtrwnet5 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet6 packet-mark=Rtrwnet6 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet7 packet-mark=Rtrwnet7 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet8 packet-mark=Rtrwnet8 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet9 packet-mark=Rtrwnet9 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet10 packet-mark=Rtrwnet10 parent=\

"F. DOWNRTRW 1M" priority=8 queue=pcq_down


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet11 packet-mark=Rtrwnet11 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet12 packet-mark=Rtrwnet12 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet13 packet-mark=Rtrwnet13 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet14 packet-mark=Rtrwnet14 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet15 packet-mark=Rtrwnet15 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet16 packet-mark=Rtrwnet16 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \

max-limit=256k name=Rtrwnet17 packet-mark=Rtrwnet17 parent=\


"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet18 packet-mark=Rtrwnet18 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet19 packet-mark=Rtrwnet19 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet20 packet-mark=Rtrwnet20 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet21 packet-mark=Rtrwnet21 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet22 packet-mark=Rtrwnet22 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet23 packet-mark=Rtrwnet23 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=Rtrwnet24 packet-mark=Rtrwnet24 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet25 packet-mark=Rtrwnet25 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet26 packet-mark=Rtrwnet26 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet27 packet-mark=Rtrwnet27 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet28 packet-mark=Rtrwnet28 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet29 packet-mark=Rtrwnet29 parent=\
"F. DOWNRTRW 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=Rtrwnet30 packet-mark=Rtrwnet30 parent=\

"F. DOWNRTRW 1M" priority=8 queue=pcq_down


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot1 packet-mark=hotspot1 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot2 packet-mark=hotspot2 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot3 packet-mark=hotspot3 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot4 packet-mark=hotspot4 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot5 packet-mark=hotspot5 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot6 packet-mark=hotspot6 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=hotspot7 packet-mark=hotspot7 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot8 packet-mark=hotspot8 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot9 packet-mark=hotspot9 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot10 packet-mark=hotspot10 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot11 packet-mark=hotspot11 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot12 packet-mark=hotspot12 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot13 packet-mark=hotspot13 parent=\

"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot14 packet-mark=hotspot14 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot15 packet-mark=hotspot15 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot16 packet-mark=hotspot16 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot17 packet-mark=hotspot17 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot18 packet-mark=hotspot18 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot19 packet-mark=hotspot19 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \

max-limit=256k name=hotspot20 packet-mark=hotspot20 parent=\


"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot21 packet-mark=hotspot21 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot22 packet-mark=hotspot22 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot23 packet-mark=hotspot23 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot24 packet-mark=hotspot24 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot25 packet-mark=hotspot25 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot26 packet-mark=hotspot26 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=256k name=hotspot27 packet-mark=hotspot27 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot28 packet-mark=hotspot28 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot29 packet-mark=hotspot29 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=256k name=hotspot30 packet-mark=hotspot30 parent=\
"F. DOWNHOTSPOT 1M" priority=8 queue=pcq_down
/ip firewall mangle
add action=mark-packet chain=forward comment=DOWNLOAD-NOLIMIT connection-bytes=\
131072-4294967295 connection-mark=all.post_conn disabled=no
dst-address=\
192.168.4.30 new-packet-mark=APbescomnet passthrough=no
protocol=tcp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name=APbescomnet packet-mark=client16 parent=\
"G. DOWN 2M" priority=8 queue=pcq_down

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no


limit-at=0 \
max-limit=0 name=billing packet-mark=client17 parent=\
"G. DOWN 2M" priority=8 queue=pcq_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=0 \
max-limit=0 name="A. GAMES UP" packet-mark=games_pkt
parent="D. OUTBOUND" \
priority=2 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="B. HTTP UP" packet-mark=proxy_pkt
parent=\
"D. OUTBOUND" priority=3 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=32k \
max-limit=64k name="C. REALTIME UP" packet-mark=realtime_pkt
parent=\
"D. OUTBOUND" priority=4 queue=pcq_critical.up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="D. FILETRANS UP" packetmark=communication_pkt \
parent="D. OUTBOUND" priority=5 queue=pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
limit-at=64k \
max-limit=128k name="E. NORMAL UP" packet-mark=normal_pkt
parent=\
"D. OUTBOUND" priority=6 queue=pcq_up

/ip firewall filter


add chain=forward src-address=192.168.4.30 src-mac-address=!
00:27:19:E8:xx:xx action=drop comment="kunci 192.168.9.30 ke
00:27:22:E8:xx:xx"
add chain=forward src-address=!192.168.4.30 src-macaddress=00:27:19:E8:xx:xx action=drop comment="kunci
192.168.9.30 ke 00:27:22:E8:xx:xx"
Selesai Deh tinggal setting Hotspot : IP > Hotspot >Servers >Hotspot Setup
192.168.4.1-192.168.4.29 ip pool RtrwnetNet
192.168.5.1-192.168.5.30 ip pool Hotspot
Dan Server Squid Tutorial bisa Cari di blog ini....