The Mother of all QoS Trees – v6.0

Contained in this post is a free copy of my 2013 QoS tree (compatible with v6.0) for anyone to do what they want with, I only ask that if you republish this you include a link to this post.

It is intended to work on a per-interface basis; with you specifying the WAN interface and the speed limit it is to have. You can then use simple-queues for your internal users for a full double-qos solution.

Please note:
1. This does not utilise connection marking so is CPU inefficient
2. This does not use any Layer7 filtering
3. This is highly focused on Residential service offerings (prioritising games etc)

Please feel free to submit your comments, questions or additions in the comments below. I plan on releasing a few new posts in the next month that cover P2P filtering as well as a newer QoS tree dealing with all the traffic below as well as P2P. There are a number of additional things missing from this early attempt that I’d welcome you to try and find, but if you’re new to QoS I feel it’s an excellent starting point 🙂

For your usage you will need to modify line 33 (and/or replicate) to add your own server ranges/admin ranges and things you want to give high priority, while the “site-specific” address list can be used to add servers or IP blocks requested for higher priority by end users (Teamspeak, Mumble and Ventrilo servers are common for this).

You may also wish to modify queue priorities to better match your network requirements (I’m sure someone out there wants to prioritise VPNs over games!)

## This is the interface to run the QOS on. This is the edge interface before traffic leaves your MikroTik
:global QOSINTERFACE "ether1"  

## This is the name of this interface. Use it to distinguish it from other QOS scripts running
:global TREE "WAN1"

## Adjust the queue types speeds to match the download and upload speed for each interface
:global PCQDOWNLOD "50M"
:global PCQUPLOAD "10M"

## Adjust queue tree speeds to match the download and upload speed for each interface.
## MAXDOWNLOAD = MAXDLINT + MAXDLNONINT  where MAXDLINT = ~90% of MAXDOWNLOAD

:global MAXDOWNLOAD "50M"
:global MAXDLINT "40M"
:global MAXDLNONINT "10M"

:global MAXUPLOAD "10M"
:global MAXUPINT "9M"
:global MAXUPNONINT "1M"

####################
############################################There are no more value to change below this line############################################
####################

#IP Address List Entries:
#Add any PPPoE ranges to the "QOSCustomerIPs" list.

/ip firewall address-list
add address=192.168.0.0/16 comment="" disabled=no list=QOSCustomerIPs
add address=10.0.0.0/8 comment="" disabled=no list=QOSCustomerIPs
add address=172.16.0.0/12 comment="" disabled=no list=QOSCustomerIPs
add address=10.0.0.0/24 comment="ISP IP Addresses" disabled=no list=ISP

add address=12.129.193.0/24 comment=WoW disabled=no list=games
add address=12.129.222.0/23 comment=WoW disabled=no list=games
add address=12.129.225.0/24 comment=WoW disabled=no list=games
add address=12.129.228.0/24 comment=WoW disabled=no list=games
add address=12.129.233.0/24 comment=WoW disabled=no list=games
add address=12.129.252.0/23 comment=WoW disabled=no list=games
add address=63.241.255.0/24 comment=WoW disabled=no list=games
add address=72.5.213.0/24 comment=WoW disabled=no list=games
add address=80.239.149.0/24 comment=WoW disabled=no list=games
add address=80.239.179.0/24 comment=WoW disabled=no list=games
add address=80.239.181.0/24 comment=WoW disabled=no list=games
add address=80.239.185.0/24 comment=WoW disabled=no list=games
add address=80.239.233.0/24 comment=WoW disabled=no list=games
add address=192.12.244.0/24 comment=WoW disabled=no list=games
add address=195.12.246.0/24 comment=WoW disabled=no list=games
add address=199.107.6.0/23 comment=WoW disabled=no list=games
add address=199.107.24.0/23 comment=WoW disabled=no list=games
add address=206.16.118.0/23 comment=WoW disabled=no list=games
add address=206.16.147.0/24 comment=WoW disabled=no list=games
add address=206.18.148.0/23 comment=WoW disabled=no list=games
add address=206.18.98.0/23 comment=WoW disabled=no list=games
add address=206.16.235.0/24 comment=WoW disabled=no list=games
add address=206.17.111.0/24 comment=WoW disabled=no list=games
add address=213.248.123.0/24 comment=WoW disabled=no list=games
add address=213.248.127.0/24 comment=WoW disabled=no list=games

add address=202.9.66.0/23 comment=SC2 disabled=no list=games
add address=12.129.254.0/23 comment=SC2 disabled=no list=games
add address=12.129.206.0/24 comment=SC2 disabled=no list=games

add address=12.129.242.0/24 comment="Diablo III" disabled=no list=games
add address=12.130.245.0/24 comment="Diablo III" disabled=no list=games
add address=12.130.244.0/24 comment="Diablo III" disabled=no list=games
add address=12.130.246.0/24 comment="Diablo III" disabled=no list=games

add address=63.150.138.0/24 disabled=no comment="Dota 2" list=games
add address=103.10.124.0/24 disabled=no comment="Dota 2" list=games
add address=103.10.125.0/24 disabled=no comment="Dota 2" list=games
add address=103.28.54.0/23 disabled=no comment="Dota 2" list=games
add address=146.66.152.0/23 disabled=no comment="Dota 2" list=games
add address=146.66.154.0/24 disabled=no comment="Dota 2" list=games
add address=146.66.155.0/24 disabled=no comment="Dota 2" list=games
add address=146.66.156.0/23 disabled=no comment="Dota 2" list=games
add address=146.66.158.0/23 disabled=no comment="Dota 2" list=games
add address=185.25.180.0/23 disabled=no comment="Dota 2" list=games
add address=185.25.182.0/24 disabled=no comment="Dota 2" list=games
add address=192.69.96.0/22 disabled=no comment="Dota 2" list=games
add address=205.196.6.0/24 disabled=no comment="Dota 2" list=games
add address=208.64.200.0/24 disabled=no comment="Dota 2" list=games
add address=208.64.201.0/24 disabled=no comment="Dota 2" list=games
add address=208.64.202.0/24 disabled=no comment="Dota 2" list=games
add address=208.64.203.0/24 disabled=no comment="Dota 2" list=games
add address=208.78.164.0/22 disabled=no comment="Dota 2" list=games
add address=216.111.123.0/24 disabled=no comment="Dota 2" list=games

add address=31.186.224.0/24 comment="LoL Europe" disabled=no list=games
add address=31.186.226.0/24 comment="LoL Europe" disabled=no list=games
add address=64.7.194.0/24 comment="LoL Europe" disabled=no list=games
add address=95.172.65.0/24 comment="LoL Europe" disabled=no list=games
add address=95.172.70.0/24 comment="LoL Europe" disabled=no list=games
add address=66.150.148.0/24 comment="LoL EU-NE" disabled=no list=games
add address=64.7.194.0/24 comment="LoL NA" disabled=no list=games
add address=66.150.148.0/24 comment="LoL NA" disabled=no list=games
add address=192.64.168.0/24 comment="LoL NA" disabled=no list=games
add address=192.64.169.0/24 comment="LoL NA" disabled=no list=games
add address=192.64.170.0/24 comment="LoL NA" disabled=no list=games
add address=216.133.234.0/24 comment="LoL NA" disabled=no list=games
add address=192.64.169.0/24 comment="LoL Oceania" disabled=no list=games
add address=59.100.95.128/25 comment="LoL Oceania" disabled=no list=games
add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" disabled=no list=games

add list=games comment="Lowerping - US West - Panther 1" address=216.240.136.162
add list=games comment="Lowerping - US West - Panther 2" address=216.240.145.9
add list=games comment="Lowerping - US West - Panther 3" address=64.69.36.224
add list=games comment="Lowerping - US West - Panther 4" address=208.70.75.171
add list=games comment="Lowerping - US West - Panther 5" address=208.70.78.93
add list=games comment="Lowerping - US West - Panther 6" address=216.240.136.167
add list=games comment="Lowerping - US West - Tiger 1" address=64.56.65.9
add list=games comment="Lowerping - US West - Tiger 2" address=74.222.8.249
add list=games comment="Lowerping - US West - Fox 1" address=216.18.198.2
add list=games comment="Lowerping - US West - Fox 2" address=173.231.26.242
add list=games comment="Lowerping - US West - Lion A1" address=66.212.28.128
add list=games comment="Lowerping - US West - Lion A2" address=66.63.191.237
add list=games comment="Lowerping - US West - Lion B1" address=72.11.142.216
add list=games comment="Lowerping - US West - Lion B2" address=72.11.142.217
add list=games comment="Lowerping - US West - Lion C1" address=96.44.172.186
add list=games comment="Lowerping - US West - Lion C2" address=96.44.177.26
add list=games comment="Lowerping - US West - Lion D1" address=96.44.177.27
add list=games comment="Lowerping - US West - Lion D2" address=72.11.142.218
add list=games comment="Lowerping - US West - Panda 1" address=64.120.10.178
add list=games comment="Lowerping - US West - Rhino 1" address=72.51.46.93
add list=games comment="Lowerping - US West - Squid 1" address=173.245.68.180
add list=games comment="Lowerping - US West - Squid 2" address=173.245.68.178
add list=games comment="Lowerping - US West - Koala 1" address=8.17.252.162
add list=games comment="Lowerping - US West - Koala 2" address=8.17.252.163
add list=games comment="Lowerping - US West - Salmon 1" address=50.23.65.37
add list=games comment="Lowerping - US West - Salmon 2" address=174.127.96.124
add list=games comment="Lowerping - US West - Salmon 3" address=174.127.96.127
add list=games comment="Lowerping - US East - Cobra 1" address=66.109.20.100
add list=games comment="Lowerping - US East - Otter 1" address=66.199.235.194
add list=games comment="Lowerping - US East - Otter 2" address=72.9.100.90
add list=games comment="Lowerping - US East - Spider 1" address=173.208.45.82
add list=games comment="Lowerping - US Central - Frog 1" address=69.162.127.98
add list=games comment="Lowerping - US Central - Tadpole 1" address=174.133.108.202
add list=games comment="Lowerping - US Central - Toad 1" address=174.34.132.50
add list=games comment="Lowerping - Chicago - Macaw 1" address=70.32.43.122
add list=games comment="Lowerping - Chicago - Jaguar 1" address=184.154.38.138
add list=games comment="Lowerping - Europe - London 1" address=78.129.220.51
add list=games comment="Lowerping - Europe - Germany 1" address=188.138.24.38
add list=games comment="Lowerping - Europe - Germany 3" address=85.10.193.111
add list=games comment="Lowerping - Europe - Netherlands 1" address=94.75.208.164
add list=games comment="Lowerping - Europe - Netherlands 2" address=62.212.91.21
add list=games comment="Lowerping - Europe - Paris 1" address=91.191.144.94
add list=games comment="Lowerping - Europe - Paris 2" address=46.21.207.116

add list=games comment="SWTOR - USA/EUROPE" address=159.153.0.0/16

add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" disabled=no list=games
add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" disabled=no list=games


#Mangle Rules:
/ip firewall mangle
add action=log chain=notes comment="Start of QoS tree version updated on 4/4/2014" disabled=no log-prefix=""
add action=accept chain=prerouting comment="Accept traffic From QOSCustomerIPs to QOSCustomerIPs" disabled=no dst-address-list=QOSCustomerIPs src-address-list=QOSCustomerIPs
add action=mark-packet chain=prerouting comment="We should start with marking everything as unknown - dn_p7_interactive $TREE" disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p7_interactive_".$TREE) passthrough=yes
add action=mark-packet chain=postrouting comment="We should start with marking everything as unknown - up_p7_interactive" disabled=no new-packet-mark=("up_p7_interactive_".$TREE) out-interface=$QOSINTERFACE passthrough=yes
add action=mark-packet chain=postrouting comment="Mark all ACK packets p1 for outbound traffic." disabled=no new-packet-mark=("up_p1_interactive_".$TREE) out-interface=$QOSINTERFACE passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting comment="Mark all ACK packets p1 for outbound traffic." disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=yes protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment="Mark p2p connections first" disabled=no new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH.  This is the lowest priority we can configure" connection-mark=p2p_conn disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p8_noninteractive_".$TREE) passthrough=no
add action=mark-packet chain=postrouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH.  This is the lowest priority we can configure" connection-mark=p2p_conn disabled=no new-packet-mark=("up_p8_noninteractive_".$TREE) out-interface=$QOSINTERFACE passthrough=no
add action=mark-packet chain=prerouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p8_noninteractive_".$TREE) passthrough=no src-port=6881 protocol=tcp
add action=mark-packet chain=postrouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" disabled=no out-interface=$QOSINTERFACE new-packet-mark=("up_p8_interactive_".$TREE) passthrough=no dst-port=6881 protocol=tcp
add action=mark-packet chain=prerouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no src-address-list=ISP
add action=mark-packet chain=postrouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" disabled=no dst-address-list=ISP new-packet-mark=("up_p1_interactive_".$TREE) out-interface=$QOSINTERFACE passthrough=no
add action=mark-packet chain=prerouting comment="BGP as p1_interactive with NO PASSTHROUGH" disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no src-port=179 protocol=tcp
add action=mark-packet chain=postrouting comment="BGP as p1_interactive with NO PASSTHROUGH" disabled=no out-interface=$QOSINTERFACE new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no dst-port=179 protocol=tcp
add action=mark-packet chain=prerouting comment="OSPF as p1_interactive with NO PASSTHROUGH" disabled=no in-interface=$QOSINTERFACE new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="OSPF as p1_interactive with NO PASSTHROUGH" disabled=no out-interface=$QOSINTERFACE new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 disabled=no dst-port=8080 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp src-port=8080 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k disabled=no dst-port=53 new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=tcp in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k disabled=no new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=tcp src-port=53 out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k disabled=no dst-port=53 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp src-port=53 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="ICMP is p1_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=icmp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="ICMP is p1_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=icmp in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no dst-port=3478,4080,5223 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=tcp src-port=3478,4080,5223 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no dst-port=16393-16402 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp src-port=16393-16402 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no dst-port=5060-5061 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=tcp src-port=5060-5061 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no dst-port=5060-5061 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp src-port=5060-5061 in-interface=$QOSINTERFACE
add action=mark-connection chain=prerouting comment="VOIP - mark DSCP 46 with voip connection mark" disabled=no dscp=46 new-connection-mark=voip passthrough=yes
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k disabled=no new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=tcp in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k disabled=no new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="NTP is set at p1_interactive." disabled=no dst-port=123 new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=udp src-port=123 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="NTP is set at p1_interactive." disabled=no new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=udp dst-port=123 out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="WINBOX p1_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p1_interactive_".$TREE) passthrough=no protocol=tcp src-port=8291 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="WINBOX p1_interactive NO PASSTHROUGH" disabled=no dst-port=8291 new-packet-mark=("up_p1_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" disabled=no dst-address-list=site-specific new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no src-address-list=site-specific in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" disabled=no dst-address-list=games new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no src-address-list=games in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M disabled=no dst-port=3389,5900 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=3389,5900 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=3389,5900 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no dst-port=27000-28999 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=27000-27015 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Runes of Magic (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no dst-port=21002,16401-16402,16502 new-packet-mark=up_p2_interactive_wan out-interface=$QOSINTERFACE passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Runes of Magic (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no in-interface=$QOSINTERFACE new-packet-mark=dn_p2_interactive_wan passthrough=no protocol=udp src-port=21002,16401-16402,16502
add action=mark-packet chain=postrouting comment="GunZ (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no dst-port=7700-7800 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="GunZ (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=7700-7800 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Trickster Online (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=10006,13339,22006 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Trickster Online (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=10006,13339,22006 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=6112-6119 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=6112-6119 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Warcraft 3 and WoW 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=6112-6119 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Warcraft 3 and WoW 0-512k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=6112-6119 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=1119 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=1119 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=3724 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=3724 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="EVE Online (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=26000 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="EVE Online (games) 0-512k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=26000 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=1513 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=1513 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=7456 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=7456 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=8687 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=8687 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=2000,2003 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=2000,2003 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=3478,3479,3658 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=3478,3479,3658 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=5223 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=5223 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" disabled=no dst-port=3074 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=3074 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" disabled=no dst-port=3074 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=3074 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Guild Wars (games) 0-1024k up p2_interactive NO PASSTHROUGH" connection-rate=0-1024k disabled=no dst-port=6112,6600 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Guild Wars (games) 0-2048k down p2_interactive NO PASSTHROUGH" connection-rate=0-2048k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=6112,6600 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Company of Heroes (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=30260 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Company of Heroes (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=30260 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=11235-11335 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=11235-11335 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=11031 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=11031 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=28004 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=28004 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=3724 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=3724 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=5223,3074 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=5223,3074 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=2005,3074,3075 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=2005,3074,3075 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (codMW2) 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k disabled=no dst-port=1500,3005,3101,28960 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (codMW2) 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=1500,3005,3101,28960 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" disabled=no dst-port=18390,18395,13505 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=18390,18395,13505 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" disabled=no dst-port=18395 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=18395 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no dst-port=7110,7230 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=7230,7110 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=64100 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=64100 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="UT3 (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=7777,3783 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="UT3 (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=7777,3783 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Rift (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=6520-6540 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Rift (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=6520-6540 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=4321,6660-6669,28900,29900,2901 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=4321,6660-6669,28900,29900,2901 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=6515,6500,13139,27900  new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=6515,6500,13139,27900 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Freelancer (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=udp src-port=2302-2304 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Freelancer (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=2302-2304 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Minecraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=25565 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Minecraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=25565 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="SSH 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no dst-port=22 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="SSH 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=22 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="ICQ p2_interactive NO PASSTHROUGH" disabled=no dst-port=5190 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="ICQ p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=5190 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="MSN p2_interactive NO PASSTHROUGH" disabled=no dst-port=1863 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="MSN p2_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=1863 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=5004 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=5004 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="telnet 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k disabled=no dst-port=23 new-packet-mark=("up_p2_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="telnet 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k disabled=no new-packet-mark=("dn_p2_interactive_".$TREE) passthrough=no protocol=tcp src-port=23 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" disabled=no new-packet-mark=("up_p3_interactive_".$TREE) passthrough=yes protocol=ipsec-esp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" disabled=no new-packet-mark=("dn_p3_interactive_".$TREE) passthrough=yes protocol=ipsec-esp in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" disabled=no new-packet-mark=("up_p3_interactive_".$TREE) passthrough=yes protocol=ipsec-ah out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" disabled=no new-packet-mark=("dn_p3_interactive_".$TREE) passthrough=yes protocol=ipsec-ah in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" disabled=no dst-port=4500 new-packet-mark=("up_p3_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p3_interactive_".$TREE) passthrough=no protocol=udp src-port=4500 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" disabled=no dst-port=1935 new-packet-mark=("up_p6_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p6_interactive_".$TREE) passthrough=no protocol=tcp src-port=1935 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" disabled=no dst-port=554 new-packet-mark=("up_p6_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p6_interactive_".$TREE) passthrough=no protocol=tcp src-port=554 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" disabled=no dst-port=554 new-packet-mark=("up_p6_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p6_interactive_".$TREE) passthrough=no protocol=udp src-port=554 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=110 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=110 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " disabled=no dst-port=25 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=25 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=465 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=465 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=485 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=485 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=993 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=993 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=143 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=143 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=995 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=995 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" disabled=no dst-port=3690 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=3690 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="SNMP set at p4_interactive NO PASSTHROUGH" disabled=no dst-port=161 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="SNMP set at p4_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=udp src-port=161 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" disabled=no dst-port=1194 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=udp src-port=1194 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no dst-port=27014-27050 new-packet-mark=("up_p4_interactive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k disabled=no new-packet-mark=("dn_p4_interactive_".$TREE) passthrough=no protocol=tcp src-port=27014-27050 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" disabled=no dst-port=27014-27050 new-packet-mark=("up_p2_noninteractive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p2_noninteractive_".$TREE) passthrough=no protocol=tcp src-port=27014-27050 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" disabled=no dst-port=119 new-packet-mark=("up_p7_noninteractive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p7_noninteractive_".$TREE) passthrough=no protocol=tcp src-port=119 in-interface=$QOSINTERFACE
add action=mark-packet chain=postrouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" disabled=no dst-port=433 new-packet-mark=("up_p7_noninteractive_".$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" disabled=no new-packet-mark=("dn_p7_noninteractive_".$TREE) passthrough=no protocol=tcp src-port=433 in-interface=$QOSINTERFACE
add action=mark-packet chain=prerouting comment="http download will be treated as dn_p3_interactive" disabled=no src-port=80,443,8080 protocol=tcp in-interface=$QOSINTERFACE new-packet-mark=("dn_p3_interactive_".$TREE) passthrough=no
add action=mark-packet chain=postrouting comment="http upload will be treated as up_p3_interactive" disabled=no dst-port=80,443,8080 protocol=tcp out-interface=$QOSINTERFACE new-packet-mark=("up_p3_interactive_".$TREE) passthrough=no
add action=log chain=notes comment="End QoS tree" disabled=no log-prefix=""

#Queue Type:
/queue type
add kind=pcq name=("Download_".$TREE) pcq-classifier=dst-address pcq-limit=50 pcq-rate=$"PCQDOWNLOD" pcq-total-limit=25000
add kind=pcq name=("Upload_".$TREE) pcq-classifier=src-address pcq-limit=50 pcq-rate=$"PCQUPLOAD" pcq-total-limit=25000

#Queue Tree:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=$"MAXDOWNLOAD" name=("Download_".$TREE) parent=global priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=$"MAXUPLOAD" name=("Upload_".$TREE) parent=global priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=$"MAXDLINT" max-limit=$"MAXDOWNLOAD" name=("DN_Interactive_".$TREE) parent=("Download_".$TREE) priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=$"MAXDLNONINT" max-limit=$"MAXDOWNLOAD" name=("DN_NonInteractive_".$TREE) parent=("Download_".$TREE) priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=$"MAXUPINT" max-limit=$"MAXUPLOAD" name=("UP_Interactive_".$TREE) parent=("Upload_".$TREE) priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=$"MAXUPNONINT" max-limit=$"MAXUPLOAD" name=("UP_NonInteractive_".$TREE) parent=("Upload_".$TREE) priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p1_interactive_".$TREE) packet-mark=("dn_p1_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=1 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p2_interactive_".$TREE) packet-mark=("dn_p2_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=2 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p3_interactive_".$TREE) packet-mark=("dn_p3_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=3 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p4_interactive_".$TREE) packet-mark=("dn_p4_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=4 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p5_interactive_".$TREE) packet-mark=("dn_p5_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=5 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p6_interactive_".$TREE) packet-mark=("dn_p6_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=6 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p7_interactive_".$TREE) packet-mark=("dn_p7_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=7 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p8_interactive_".$TREE) packet-mark=("dn_p8_interactive_".$TREE) parent=("DN_Interactive_".$TREE) priority=8 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p1_noninteractive_".$TREE) packet-mark=("dn_p1_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=1 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p2_noninteractive_".$TREE) packet-mark=("dn_p2_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=2 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p3_noninteractive_".$TREE) packet-mark=("dn_p3_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=3 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p4_noninteractive_".$TREE) packet-mark=("dn_p4_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=4 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p5_noninteractive_".$TREE) packet-mark=("dn_p5_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=5 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p6_noninteractive_".$TREE) packet-mark=("dn_p6_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=6 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p7_noninteractive_".$TREE) packet-mark=("dn_p7_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=7 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("down_p8_noninteractive_".$TREE) packet-mark=("dn_p8_noninteractive_".$TREE) parent=("DN_NonInteractive_".$TREE) priority=8 queue=("Download_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p1_interactive_".$TREE) packet-mark=("up_p1_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=1 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p2_interactive_".$TREE) packet-mark=("up_p2_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=2 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p3_interactive_".$TREE) packet-mark=("up_p3_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=3 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p4_interactive_".$TREE) packet-mark=("up_p4_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=4 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p5_interactive_".$TREE) packet-mark=("up_p5_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=5 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p6_interactive_".$TREE) packet-mark=("up_p6_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=6 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p7_interactive_".$TREE) packet-mark=("up_p7_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=7 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p8_interactive_".$TREE) packet-mark=("up_p8_interactive_".$TREE) parent=("UP_Interactive_".$TREE) priority=8 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p1_noninteractive_".$TREE) packet-mark=("up_p1_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=1 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p2_noninteractive_".$TREE) packet-mark=("up_p2_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=2 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p3_noninteractive_".$TREE) packet-mark=("up_p3_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=3 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p4_noninteractive_".$TREE) packet-mark=("up_p4_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=4 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p5_noninteractive_".$TREE) packet-mark=("up_p5_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=5 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p6_noninteractive_".$TREE) packet-mark=("up_p6_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=6 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p7_noninteractive_".$TREE) packet-mark=("up_p7_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=7 queue=("Upload_".$TREE)
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=("up_p8_noninteractive_".$TREE) packet-mark=("up_p8_noninteractive_".$TREE) parent=("UP_NonInteractive_".$TREE) priority=8 queue=("Upload_".$TREE)

/system script environment
remove [ find name=QOSINTERFACE ]
remove [ find name=TREE ]
remove [ find name=PCQDOWNLOD ]
remove [ find name=PCQUPLOAD ]
remove [ find name=MAXDOWNLOAD ]
remove [ find name=MAXDLINT ]
remove [ find name=MAXDLNONINT ]
remove [ find name=MAXUPLOAD ]
remove [ find name=MAXUPINT ]
remove [ find name=MAXUPNONINT ]

This script uses a nested queue tree breaking all traffic into the following categories.

Download

  • Download Interactive
  • Download Non-Interactive

Upload

  • Upload Interactive
  • Upload Non-Interactive

This breakdown is similar to that found in some netequalizer, packeteer, and other QoS appliances and was first bought to my attention by Butch Evans

This allows the allocation of a top level bandwidth (say 100M) then a breakdown of this bandwidth to an interactive (90M web traffic, skype, things that users are sitting watching/waiting for) traffic queue and a non-interactive (10M torrents, background downloads, windows updates) traffic queue with a lower priority. Using PCQ queues it also permits bandwidth to be equally shared among users and allows the lower priority queues to burst up and make use of the other bandwidth as available.

For the download traffic queues I would recommend setting your values to between 90%-98% of your inbound bandwidth to ensure you are delaying/queuing traffic before it is being queued or policed upstream.

Thank you to Justin Miller for converting the original file into a scripted task.

32 thoughts on “The Mother of all QoS Trees – v6.0

  1. Hi Obinna,

    The section of code included is a CLI script to install the QOS tree; however once it is installed you can review the config by running the following:

    /ip firewall address-list export
    /queue export
    /ip firewall mangle export

    This should give you a copy of the live config on your machine.

    Cheers,
    Andrew

  2. Hey James, it’s intended to be for you to put a list of your ISP sites etc that the customer will always need high priority access too (for paying their bill etc ;-D).

  3. Dear Sir Omega,

    Have you done below yet ?

    “I plan on releasing a few new posts in the next month that cover P2P filtering as well as a newer QoS tree dealing with all the traffic below as well as P2P.:

  4. Dear Omega, I have a Cloud Core 1036. If I have 1500-2000 Hotspot users, can I use the default Hotspot Simple Queue instead of Queue Tree ? Will performance be ok with that number of users ?

  5. No.

    If you want something perfect and ready-to-go you can pay someone for it; this article is provided as a template for people to build up and improve upon. The format is clean but the RouterOS efficiency is missing, I mention this quite clearly in Point 1 and I’ve provided the whole thing for free so you can do with it what you want. Abusing me for doing so is not a helpful option to anyone.

    Kind Regards,
    Omega-00

  6. Hi Joshua,

    This system is designed to work hand-in-hand with simple queues; allowing you to define a per-user rate limit on your hotspot/pppoe services while also prioritising traffic passing over your WAN link.

    Cheers,
    Omega-00

  7. wow. great info. im about to put in my rb750. lets burn it up 🙂 thank you so much . any updates on the way you QOS your mikrotik. it be great.

  8. its alive it works. your WAN its my LAN and Ether1 is my WAN. its weird but now i see packets showing up. also i had to replace the .$WAN” with _WAN” . How do you keep QOS on youtube and brownsing. Im starting this recently and i would like to implement a cache server for youtube video. what advice do you recomend? thank you for sharing this great tool. Much apreciate

  9. Hi,

    First of all, great job!
    I am new in the world of RouterOS and I have a doubt. I have 2 WAN, what changes shall I do to use this script to work with load balancing?

    Thank you in advance!

  10. Hi Omega. what about if we have two or more WANs ? do we need to add mark packets for each of them

  11. Thanks for your hard word. I just have to ask, which of these do I change according to my internet speed. I have 9Mb down and 3Mb up speed?
    ## Adjust the queue types speeds to match the download and upload speed for each interface
    :global PCQDOWNLOD “50M”
    :global PCQUPLOAD “10M”

    ## Adjust queue tree speeds to match the download and upload speed for each interface.
    ## MAXDOWNLOAD = MAXDLINT + MAXDLNONINT where MAXDLINT = ~90% of MAXDOWNLOAD

    :global MAXDOWNLOAD “50M”
    :global MAXDLINT “40M”
    :global MAXDLNONINT “10M”

    :global MAXUPLOAD “10M”
    :global MAXUPINT “9M”
    :global MAXUPNONINT “1M”

  12. Hi Nazeem,

    You’d want to have something like this:

    ## Adjust queue tree speeds to match the download and upload speed for each interface.
    ## MAXDOWNLOAD = MAXDLINT + MAXDLNONINT where MAXDLINT = ~90% of MAXDOWNLOAD

    :global MAXDOWNLOAD “90M”
    :global MAXDLINT “7M”
    :global MAXDLNONINT “2M”

    :global MAXUPLOAD “3M”
    :global MAXUPINT “2M”
    :global MAXUPNONINT “1M”

  13. I studied your script, and noticed you are defining two new PCQ types, but you don’t use them in the queue tree. I thing the Download/Upload main queues (whose parent are global) should have queue=(“Download_”.$TREE) (and same for upload).
    Or did I miss something?

    Thanks!

  14. Hi Jose,

    The script is made so it can be applied with rate limits for each WAN interface; the only thing that is shared is the address-list entries.

    Cheers,
    Andrew

  15. hoi dude, i have a question what if I change QOSINTERFACE (private network) interface to the WAN interface.
    because I have multiple LANs.
    if The Mother of all QoS Trees still working optimally?
    thanks 🙂

  16. Hi –

    The only odd thing I had happen on 6.23 on my routerboard was that it wouldn’t accept the ’18M’ nomenclature and I had to change it out to the full bits amount (18M = 18000000) etc adjusted for my ISP speeds.

    Otherwise, it worked great and now seeing if this resolves some issues I was having when a big patch was being downloaded and the other clients on the wireless network get ‘starved’ for resources.

  17. Also, if I did it right (think I did based on testing) if you play War Thunder these are the lines needed for it:

    In the marking section

    add action=mark-packet chain=postrouting comment=”War Thunder 0-256k down p2_interactive NO PASSTHROUGH” connection-rate=0-256k disabled=no dst-port=3478-3480,20010-20500 new-packet-mark=(“up_p2_interactive_”.$TREE) passthrough=no protocol=udp out-interface=$QOSINTERFACE
    add action=mark-packet chain=prerouting comment=”War Thunder 0-256k up p2_interactive NO PASSTHROUGH” connection-rate=0-256k disabled=no new-packet-mark=(“dn_p2_interactive_”.$TREE) passthrough=no protocol=udp src-port=3478-3480,20010-20500 in-interface=$QOSINTERFACE
    add action=mark-packet chain=postrouting comment=”War Thunder 0-256k down p2_interactive NO PASSTHROUGH” connection-rate=0-256k disabled=no dst-port=5222,7850-7854,7800-7802 new-packet-mark=(“up_p2_interactive_”.$TREE) passthrough=no protocol=tcp out-interface=$QOSINTERFACE
    add action=mark-packet chain=prerouting comment=”War Thunder 0-256k up p2_interactive NO PASSTHROUGH” connection-rate=0-256k disabled=no new-packet-mark=(“dn_p2_interactive_”.$TREE) passthrough=no protocol=tcp src-port=5222,7850-7854,7800-7802 in-interface=$QOSINTERFACE

    In the address list section. I just did a nslookup of the game server, if you have a better way of doing that I’m all ears. Wish you could put DNS names in there in case they change IP addresses.

    add address=207.244.72.0/24 comment=“War Thunder US“ disabled=no list=games

  18. Thanks for the hard work on this.

    All my eth interfaces from my AP’s are bridge called “NAT” would this be classed as the QOSINTERFACE? or would this be the WAN interface to my fibres, i have four WANS so would i need to add 4x the script for each WAN.

  19. Hi!

    The repetition of the same rule, why not put:
    ip firewall mangle add chain = PREROUTING in-interface=wan jump-target
    = QoS-in

    and

    ip firewall mangle add chain = POSTROUTING out-interface=wan jump-targ
    et = QoS-out

    all pre and post let through.
    Is not it better QoS mark connections first then mark packet?
    Is anyone working with QoS on DSCP? *ver<6.24

Leave a Reply