For example you want to limit bandwidth on per user basis for SPECIFIC WEBSITE ONLY. Let’s say 4mb per user for facebook.com
The logic is simple.
1- First create a script that adds the web site ip to an address list.
2- Add scheduler that runs above script after every 5 minutes so that even if the web site ip gets changes, it will update accordingly.
3- Now mark connection and packets for above created address list.
4- Add PCQ queue type (Bandwidth that will be distributed on per user basis using single simple queue)
5- Finally add a simple queue that will distribute bandwidth for marked packets using PCQ for per user basis.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
/system scriptadd name=facebook-list policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="# Script to add Facebook DNS IP addressess \r\\n# Lupael/ support@i4e.com.bd\r\\n:log warning \"Script Started ... Adding Facebook DNS ip's to address list name facebook_dns_ips\"\r\\n:foreach i in=[/ip dns cache find] do={\r\\n:local bNew \"true\";\r\\n:local cacheName [/ip dns cache all get \$i name] ;\r\\n:if ([:find \$cacheName \"facebook\"] != 0) do={\r\\n:local tmpAddress [/ip dns cache get \$i address] ;\r\\n:put \$tmpAddress;\r\\n:if ( [/ip firewall address-list find ] = \"\") do={\r\\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\\n} else={\r\\n:foreach j in=[/ip firewall address-list find ] do={\r\\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\\n:set bNew \"false\";\r\\n}\r\\n}\r\\n:if ( \$bNew = \"true\" ) do={\r\\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\\n}\r\\n}\r\\n}\r\\n}\r\\n# Script Ended..."/system scheduleradd comment="Add Facebook IP's to address list name facebook-list after every 5 minutes / zaib" disabled=no interval=5m name=add_fb_to_list_scheduler_every_5mnts on-event=facebook-list policy=\ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00/ip firewall mangleadd action=mark-connection chain=postrouting comment="Mark Conn for FB Site / lupael" disabled=no dst-address-list=facebook_dns_ips new-connection-mark=FB-conn passthrough=yesadd action=mark-packet chain=postrouting comment="Mark Packtes for FB-CONN / lupael" connection-mark=FB-conn disabled=no new-packet-mark=FB_Packets passthrough=no/queue typeadd kind=pcq name=Download-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000add kind=pcq name=Upload-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000/queue simpleadd burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit FB speed 4mb per user using PCQ / Lupael" direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=\4mb_Limit_For_FB_Per_User packet-marks=FB_Packets parent=none priority=8 queue=Upload-4mb/Download-4mb target-addresses="" total-queue=default-small |
Do remember, its just an example to show you how you can twist things, You can modify it as per your requirements
↓
Some Notes:
The target-address is used to specify the host that you want to shape… target-address is the address of (for example) your client who’s speed you are about to limit.
Destination-address is for more advanced shaping… for example to shape someone’s access to a specific server dst-address is the server to which this client will connect (if you like to limit his speed only when he connects to this one specific server)
Comments
0 comments
Please sign in to leave a comment.