|
发表于 2008-8-5 19:04:42
|
显示全部楼层
再加上这个就更OK了
/ ip firewall mangle
add chain=prerouting src-address=10.200.0.0/15 protocol=udp \
src-port=1000-65535 packet-size=800-1500 src-address-list=p2p-udp \
action=mark-packet new-packet-mark=P2PUP passthrough=yes comment="P2P-UDP" \
disabled=no
add chain=prerouting src-address=10.200.0.0/16 protocol=!tcp \
connection-limit=15,32 action=add-src-to-address-list address-list=p2p-udp \
address-list-timeout=30s comment="" disabled=no
add chain=prerouting src-address=10.200.0.0/15 protocol=tcp dst-port=!80 \
packet-size=800-1500 src-address-list=p2p-20 action=mark-packet \
new-packet-mark=P2PUP passthrough=yes comment="P2P-TCP" disabled=no
add chain=prerouting src-address=10.200.0.0/15 protocol=tcp dst-port=!80 \
connection-limit=20,32 packet-size=800-1500 action=add-src-to-address-list \
address-list=p2p-20 address-list-timeout=30s comment="" disabled=no
#注意10.200.0.0/15是我内网源地址,你使用前改成你的源.
/ queue simple
add name="P2P-all" dst-address=0.0.0.0/0 interface=ydwan parent=none \
packet-marks=P2PUP direction=download priority=8 queue=Pcq_UP_C/Pcq_UP_C \
limit-at=64000/64000 max-limit=200000/128000 total-queue=default-small \
disabled=no
#queue=Pcq_UP_C 自己建一个PCQ
#interface=ydwan 是ROS出口,我内网全是PPPOE上网,所以只好用出口限制.
#以是只是限制了P2P上传流量,别的限制应该很简单了.
/ ip firewall filter
add chain=forward protocol=udp src-port=10000-65535 \
time=20h-23h,sat,fri,thu,wed,tue,mon,sun src-address-list=p2p-udp \
action=drop comment="P2P-UDP" disabled=no
#再加个drop也很不错 |
|