For example you want to limit bandwidth on per user basis for SPECIFIC WEBSITE ONLY. Let’s say 4mb per user for facebook.com
The logic is simple.
1- First create a script that adds the web site ip to an address list.
2- Add scheduler that runs above script after every 5 minutes so that even if the web site ip gets changes, it will update accordingly.
3- Now mark connection and packets for above created address list.
4- Add PCQ queue type (Bandwidth that will be distributed on per user basis using single simple queue)
5- Finally add a simple queue that will distribute bandwidth for marked packets using PCQ for per user basis.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
/system script add name=facebook-list policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="# Script to add Facebook DNS IP addressess \r\ \n# Lupael/ support@i4e.com.bd\r\ \n:log warning \"Script Started ... Adding Facebook DNS ip's to address list name facebook_dns_ips\"\r\ \n:foreach i in=[/ip dns cache find] do={\r\ \n:local bNew \"true\";\r\ \n:local cacheName [/ip dns cache all get \$i name] ;\r\ \n:if ([:find \$cacheName \"facebook\"] != 0) do={\r\ \n:local tmpAddress [/ip dns cache get \$i address] ;\r\ \n:put \$tmpAddress;\r\ \n:if ( [/ip firewall address-list find ] = \"\") do={\r\ \n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\ \n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\ \n} else={\r\ \n:foreach j in=[/ip firewall address-list find ] do={\r\ \n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\ \n:set bNew \"false\";\r\ \n}\r\ \n}\r\ \n:if ( \$bNew = \"true\" ) do={\r\ \n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\ \n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\ \n}\r\ \n}\r\ \n}\r\ \n}\r\ \n# Script Ended..." /system scheduler add comment="Add Facebook IP's to address list name facebook-list after every 5 minutes / zaib" disabled=no interval=5m name=add_fb_to_list_scheduler_every_5mnts on-event=facebook-list policy=\ ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00 /ip firewall mangle add action=mark-connection chain=postrouting comment="Mark Conn for FB Site / lupael" disabled=no dst-address-list=facebook_dns_ips new-connection-mark=FB-conn passthrough=yes add action=mark-packet chain=postrouting comment="Mark Packtes for FB-CONN / lupael" connection-mark=FB-conn disabled=no new-packet-mark=FB_Packets passthrough=no /queue type add kind=pcq name=Download-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \ pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000 add kind=pcq name=Upload-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \ pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000 /queue simple add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit FB speed 4mb per user using PCQ / Lupael" direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=\ 4mb_Limit_For_FB_Per_User packet-marks=FB_Packets parent=none priority=8 queue=Upload-4mb/Download-4mb target-addresses="" total-queue=default-small |
Do remember, its just an example to show you how you can twist things, You can modify it as per your requirements
↓
Some Notes:
The target-address is used to specify the host that you want to shape… target-address is the address of (for example) your client who’s speed you are about to limit.
Destination-address is for more advanced shaping… for example to shape someone’s access to a specific server dst-address is the server to which this client will connect (if you like to limit his speed only when he connects to this one specific server)
Comments
0 comments
Please sign in to leave a comment.