Configuring Mikrotik for Firewall Mangle Part 2

in #network4 years ago

Configure the Mangle Firewall for Part Two

Hello everyone, I will give an explanation of the placement of the mangle firewall on Mikrotik RB750, but you should see my writing in the first section, and can see it here

What is Mangle Firewall ?

Mangle is a kind of 'marker' that marks packets for future processing with special marks. Many other facilities in RouterOS make use of these marks, e.g. queue trees, NAT, routing. They identify a packet based on its mark and process it accordingly. The mangle marks exist only within the router, they are not transmitted across the network.

Next I will display the firewall mangle menu

Firewall.jpg

Then the mangle firewall page will appear, this I have filled in for a particular port path, then I will share the script for the mangle firewall.

111.jpg

Here's how to enter the script for the mangle firewall, you must open a terminal in winbox

112.jpg

The following is a script for the mangle firewall on winbox

/ip firewall mangle add action=accept chain=input dst-address-list=private-lokal \ src-address-list=private-lokal add action=accept chain=prerouting dst-address-list=private-lokal \ src-address-list=private-lokal add action=accept chain=forward dst-address-list=private-lokal \ src-address-list=private-lokal add action=accept chain=postrouting dst-address-list=private-lokal \ src-address-list=private-lokal add action=accept chain=output dst-address-list=private-lokal \ src-address-list=private-lokal add action=jump chain=input comment=qos-down in-interface=ether1 jump-target=\ qos-down add action=jump chain=prerouting comment=qos-down in-interface=ether1 \ jump-target=qos-down add action=jump chain=forward comment=qos-down in-interface=ether1 \ jump-target=qos-down add action=mark-packet chain=qos-down comment=vip-down new-packet-mark=\ vip-down passthrough=no port=53,5353,8291 protocol=tcp add action=mark-packet chain=qos-down comment=vip-down new-packet-mark=\ vip-down passthrough=no port=53,5353,8291 protocol=udp add action=mark-packet chain=qos-down comment=vip-down new-packet-mark=\ vip-down passthrough=no protocol=igmp add action=mark-packet chain=qos-down comment=vip-down new-packet-mark=\ vip-down passthrough=no protocol=icmp add action=mark-packet chain=qos-down comment=port-down new-packet-mark=\ port-down passthrough=no port=\ 21,22,2222,5938,8729,2001,2002,2003,8033,8123 protocol=tcp add action=mark-packet chain=qos-down comment=port-down new-packet-mark=\ port-down passthrough=no port=\ 21,22,2222,5938,8729,2001,2002,2003,8033,8123 protocol=udp add action=mark-packet chain=qos-down comment=patch-game-down \ connection-rate=512k-100M new-packet-mark=patch-game-down passthrough=no \ src-address-list=games add action=mark-packet chain=qos-down comment=streaming-down layer7-protocol=\ streaming new-packet-mark=streaming-down passthrough=no add action=mark-packet chain=qos-down comment=streaming-down new-packet-mark=\ streaming-down passthrough=no port=182,1935,8777 protocol=tcp add action=mark-packet chain=qos-down comment=streaming-down new-packet-mark=\ streaming-down passthrough=no port=182,1935,8777 protocol=udp add action=mark-packet chain=qos-down comment=youtube-down layer7-protocol=\ youtube new-packet-mark=youtube-down passthrough=no add action=mark-packet chain=qos-down comment=con-byte-down connection-rate=\ 512k-100M new-packet-mark=con-byte-down passthrough=no add action=mark-packet chain=qos-down comment=games-down new-packet-mark=\ games-down passthrough=no port=\ !21,22,23,80,81,88,5050,843,443,182,8777,1935,8000-8081 protocol=tcp \ src-address-list=games add action=mark-packet chain=qos-down comment=games-down new-packet-mark=\ games-down passthrough=no port=\ !21,22,23,80,81,88,5050,843,443,182,8777,1935,8000-8081 protocol=udp \ src-address-list=games add action=mark-packet chain=qos-down comment=browsing-down new-packet-mark=\ browsing-down passthrough=no port=80,443,5050,8080 protocol=tcp add action=mark-packet chain=qos-down comment=browsing-down new-packet-mark=\ browsing-down passthrough=no port=80,443,5050,8080 protocol=udp add action=mark-packet chain=qos-down comment=unknown-down new-packet-mark=\ unknown-down passthrough=no add action=return chain=qos-down comment=qos-down add action=jump chain=forward comment=qos-up jump-target=qos-up \ out-interface=ether1 add action=jump chain=postrouting comment=qos-up jump-target=qos-up \ out-interface=ether1 add action=jump chain=output comment=qos-up jump-target=qos-up out-interface=\ ether1 add action=mark-packet chain=qos-up comment=vip-up new-packet-mark=vip-up \ passthrough=no port=53,5353,8291 protocol=tcp add action=mark-packet chain=qos-up comment=vip-up new-packet-mark=vip-up \ passthrough=no port=53,5353,8291 protocol=udp add action=mark-packet chain=qos-up comment=vip-up new-packet-mark=vip-up \ passthrough=no protocol=igmp add action=mark-packet chain=qos-up comment=vip-up new-packet-mark=vip-up \ passthrough=no protocol=icmp add action=mark-packet chain=qos-up comment=port-up new-packet-mark=port-up \ passthrough=no port=21,22,2222,5938,8729,2001,2002,2003,8033,8123 \ protocol=tcp add action=mark-packet chain=qos-up comment=port-up new-packet-mark=port-up \ passthrough=no port=21,22,2222,5938,8729,2001,2002,2003,8033,8123 \ protocol=udp add action=mark-packet chain=qos-up comment=patch-game-up connection-rate=\ 512k-100M dst-address-list=games new-packet-mark=patch-game-up \ passthrough=no add action=mark-packet chain=qos-up comment=streaming-up layer7-protocol=\ streaming new-packet-mark=streaming-up passthrough=no add action=mark-packet chain=qos-up comment=streaming-up new-packet-mark=\ streaming-up passthrough=no port=182,1935,8777 protocol=tcp add action=mark-packet chain=qos-up comment=streaming-up new-packet-mark=\ streaming-up passthrough=no port=182,1935,8777 protocol=udp add action=mark-packet chain=qos-up comment=youtube-up layer7-protocol=\ youtube new-packet-mark=youtube-up passthrough=no add action=mark-packet chain=qos-up comment=con-byte-up connection-rate=\ 512k-100M new-packet-mark=con-byte-up passthrough=no add action=mark-packet chain=qos-up comment=games-up dst-address-list=games \ new-packet-mark=games-up passthrough=no port=\ !21,22,23,80,81,88,5050,843,443,182,8777,1935,8000-8081 protocol=tcp add action=mark-packet chain=qos-up comment=games-up dst-address-list=games \ new-packet-mark=games-up passthrough=no port=\ !21,22,23,80,81,88,5050,843,443,182,8777,1935,8000-8081 protocol=udp add action=mark-packet chain=qos-up comment=browsing-up new-packet-mark=\ browsing-up passthrough=no port=80,443,5050,8080 protocol=tcp add action=mark-packet chain=qos-up comment=browsing-up new-packet-mark=\ browsing-up passthrough=no port=80,443,5050,8080 protocol=udp add action=mark-packet chain=qos-up comment=unknown-up new-packet-mark=\ unknown-up passthrough=no add action=return chain=qos-up comment=qos-up
Enough here, for the next I will review about the next Mikrotik, I hope for support, so I continue to write next, thank you.

My community


3speak.png ||| Actifit.png ||| dBlog.png ||| dbuzz.png ||| dlease.png ||| Ecency.png ||| Hive.png ||| STEMSocial.png ||| PeakD.png ||| Steemit.png ||| Esteem.png ||| Dtube.png

My Social Media


Faceook.png ||| Twitter.png ||| Telegram.png ||| Instagram.png

Don't forget to add me, thank you.
#school #ocd #ulog #dclub #quac #peakd #steemit
4 years ago in #network by
$0.00
    Reply 1
    Sort:  
  • Trending
    • [-]
     4 years ago  

    Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
    https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

    $0.00
      Reply