IMO, the best thing I've done to my network is switch to a Mikrotik
firewall and prioritize traffic. I friend of mine offered a sample
script whcih I have attached. Obviously, you need to tweak it to fit
your needs.
-RickG
On Mon, Nov 3, 2008 at 10:24 AM, RC <[EMAIL PROTECTED]> wrote:
> When I try and block ptp traffic through my mikrotik router
> customers call in telling us some web pages load some don't.
> Myspace, yahoo, etc.
>
> Anyone know how to block or throttle p2p without affecting
> regular web traffic?
>
>
>
> --------------------------------------------------------------------------------
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> --------------------------------------------------------------------------------
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
/ip firewall mangle
add action=mark-packet chain=prerouting comment=icmp disabled=no
in-interface=wan0 new-packet-mark=icmp_in \
passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=icmp_out out-interface=wan0 \
passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment=SNMP disabled=no
in-interface=wan0 new-packet-mark=SNMP-IN \
passthrough=no protocol=udp src-port=161
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=161
new-packet-mark=SNMP-OUT \
out-interface=wan0 passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=p2p disabled=no
in-interface=wan0 new-packet-mark=p2p_in \
p2p=all-p2p passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=p2p_out out-interface=wan0 \
p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting comment=Game disabled=no
in-interface=wan0 new-packet-mark=Game-IN \
passthrough=no protocol=tcp src-port=27020-27039
add action=mark-packet chain=prerouting comment="" disabled=no
in-interface=wan0 new-packet-mark=Game-IN \
passthrough=no protocol=udp src-port=1200,27000-27100
add action=mark-packet chain=postrouting comment="" disabled=no
dst-port=27020-27039 new-packet-mark=\
Game-OUT out-interface=wan0 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no
dst-port=1200,27000-27100 new-packet-mark=\
Game-OUT out-interface=wan0 passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=pop3 disabled=no
in-interface=wan0 new-packet-mark=pop3_in \
passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110
new-packet-mark=pop3_out \
out-interface=wan0 passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=smtp disabled=no
in-interface=wan0 new-packet-mark=smtp_in \
passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=25
new-packet-mark=smtp_out \
out-interface=wan0 passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=winbox disabled=no
dst-port=8291 in-interface=wan0 \
new-packet-mark=winbox_in passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=winbox_out out-interface=\
wan0 passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=prerouting comment=dns disabled=no
in-interface=wan0 new-packet-mark=dns_in \
passthrough=no protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53
new-packet-mark=dns_out \
out-interface=wan0 passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=www disabled=no
in-interface=wan0 new-packet-mark=www_in \
passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=80
new-packet-mark=www_out \
out-interface=wan0 passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=ssl disabled=no
in-interface=wan0 new-packet-mark=ssl_in \
passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=postrouting comment="" disabled=no dst-port=443
new-packet-mark=ssl_out \
out-interface=wan0 passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=udp disabled=no
in-interface=wan0 new-packet-mark=udp_in \
passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=udp_out out-interface=wan0 \
passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment=tcp disabled=no
in-interface=wan0 new-packet-mark=tcp_in \
passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=tcp_out out-interface=wan0 \
passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment=other disabled=no
in-interface=wan0 new-packet-mark=other_in \
passthrough=no protocol=0
add action=mark-packet chain=postrouting comment="" disabled=no
new-packet-mark=other_out out-interface=wan0 \
passthrough=no
add action=mark-packet chain=prerouting comment=VoIP disabled=no
in-interface=ether1 new-packet-mark=\
VoIP_IN passthrough=no protocol=udp src-port=1000-20000
add action=mark-packet chain=postrouting comment="" disabled=no
dst-port=10000-20000 new-packet-mark=VoIP_OUT \
out-interface=ether1 passthrough=no protocol=udp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=1900000 name=upload_wan1 \
packet-mark="" parent=global-out priority=8 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=winbox_down \
packet-mark=winbox_in parent=global-in priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=winbox_up \
packet-mark=winbox_out parent=global-out priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dns_down \
packet-mark=dns_in parent=global-in priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=dns_up \
packet-mark=dns_out parent=global-out priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=www_up \
packet-mark=www_out parent=upload_wan1 priority=6 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ssl_up \
packet-mark=ssl_out parent=upload_wan1 priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=p2p_up \
packet-mark=p2p_out parent=upload_wan1 priority=8 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=udp_up \
packet-mark=udp_out parent=upload_wan1 priority=3 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=tcp_up \
packet-mark=tcp_out parent=upload_wan1 priority=6 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=other_up \
packet-mark=other_out parent=upload_wan1 priority=4 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=download_wan1 \
packet-mark="" parent=global-in priority=8 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=www_down \
packet-mark=www_in parent=download_wan1 priority=6 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=ssl_down \
packet-mark=ssl_in parent=download_wan1 priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=p2p_down \
packet-mark=p2p_in parent=download_wan1 priority=8 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=udp_down \
packet-mark=udp_in parent=download_wan1 priority=3 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=tcp_down \
packet-mark=tcp_in parent=download_wan1 priority=6 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=other packet-mark=\
other_in parent=download_wan1 priority=4 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=pop3_down \
packet-mark=pop3_in parent=download_wan1 priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=smtp_down \
packet-mark=smtp_in parent=download_wan1 priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=smtp_out \
packet-mark=smtp_out parent=upload_wan1 priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=pop3_up \
packet-mark=pop3_out parent=upload_wan1 priority=2 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=SNMP-IN \
packet-mark=SNMP-IN parent=global-in priority=3 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=SNMP-OUT \
packet-mark=SNMP-OUT parent=global-out priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=icmp-up \
packet-mark=icmp_out parent=global-out priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=icmp-down \
packet-mark=icmp_in parent=global-in priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=Games-IN \
packet-mark=Game-IN parent=download_wan1 priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=Games-OUT \
packet-mark=Game-OUT parent=upload_wan1 priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=VoIP_IN \
packet-mark=VoIP_IN parent=download_wan1 priority=1 queue=wireless-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=VoIP_OUT \
packet-mark=VoIP_OUT parent=upload_wan1 priority=1 queue=wireless-default
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
