/ip firewall mangle
add action=mark-connection chain=postrouting comment="Marca com e sem TOS" \
disabled=no dscp=12 new-connection-mark=n-cache passthrough=yes protocol=\
tcp src-port=3128
add action=mark-packet chain=postrouting comment="" connection-mark=n-cache \
disabled=no new-packet-mark=Cache-Packet passthrough=no
add action=mark-connection chain=prerouting comment="Marcar Sa\EDda do Proxy" \
disabled=no dscp=!12 new-connection-mark=squid-out_conexao passthrough=\
yes protocol=tcp src-address=172.16.10.2 src-port=3128
add action=mark-packet chain=prerouting comment="" connection-mark=\
squid-out_conexao disabled=no new-packet-mark=squid-out_pacote \
passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o SSH/TELNET" disabled=no dst-port=22-23 \
new-connection-mark=ssh-telnet_conexao passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
ssh-telnet_conexao disabled=no new-packet-mark=ssh-telnet_pacote \
passthrough=no
add action=mark-connection chain=prerouting comment="Marcar Conex\E3o WinBox" \
disabled=no dst-port=8291 new-connection-mark=winbox_conexao passthrough=\
yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
winbox_conexao disabled=no new-packet-mark=winbox_pacote passthrough=no
add action=mark-connection chain=prerouting comment="Marcar Conex\E3o OSPF" \
disabled=no new-connection-mark=ospf_conexao passthrough=yes protocol=\
ospf
add action=mark-packet chain=prerouting comment="" connection-mark=\
ospf_conexao disabled=no new-packet-mark=ospf_pacote passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o DNS - IN" disabled=no in-interface=WAN \
new-connection-mark=dns-in_conexao passthrough=yes protocol=tcp src-port=\
53
add action=mark-connection chain=prerouting comment="" disabled=no \
in-interface=WAN new-connection-mark=dns-in_conexao passthrough=yes \
protocol=udp src-port=53
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
53 in-interface=!WAN new-connection-mark=dns-in_conexao passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
53 in-interface=!WAN new-connection-mark=dns-in_conexao passthrough=yes \
protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=\
dns-in_conexao disabled=no new-packet-mark=dns-in_pacote passthrough=no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o DNS - OUT" disabled=no dst-port=53 new-connection-mark=\
dns-out_conexao out-interface=WAN passthrough=yes protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no dst-port=\
53 new-connection-mark=dns-out_conexao out-interface=WAN passthrough=yes \
protocol=udp
add action=mark-connection chain=postrouting comment="" disabled=no \
new-connection-mark=dns-out_conexao out-interface=!WAN passthrough=yes \
protocol=tcp src-port=53
add action=mark-connection chain=postrouting comment="" disabled=no \
new-connection-mark=dns-out_conexao out-interface=!WAN passthrough=yes \
protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="" connection-mark=\
dns-out_conexao disabled=no new-packet-mark=dns-out_pacote passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o VPN - IN" disabled=no dst-port=1723 in-interface=WAN \
new-connection-mark=vpn_conexao passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
in-interface=WAN new-connection-mark=vpn_conexao passthrough=yes \
protocol=gre
add action=mark-packet chain=prerouting comment="" connection-mark=\
vpn_conexao disabled=no new-packet-mark=vpn_pacote passthrough=no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o VPN - OUT" disabled=no dst-port=1723 \
new-connection-mark=vpn-out_conexao out-interface=WAN passthrough=yes \
protocol=tcp
add action=mark-connection chain=postrouting comment="" disabled=no \
new-connection-mark=vpn-out_conexao out-interface=WAN passthrough=yes \
protocol=gre
add action=mark-packet chain=postrouting comment="" connection-mark=\
vpn-out_conexao disabled=no new-packet-mark=vpn-out_pacote passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o Ping - IN (WAN)" disabled=no in-interface=WAN \
new-connection-mark=ping-in-wan_conexao passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment="" connection-mark=\
ping-in-wan_conexao disabled=no new-packet-mark=ping-in-wan_pacote \
passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o Ping - IN (LAN)" disabled=no in-interface=!WAN \
new-connection-mark=ping-in-lan_conexao passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment="" connection-mark=\
ping-in-lan_conexao disabled=no new-packet-mark=ping-in-lan_pacote \
passthrough=no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o Ping - OUT (WAN)" disabled=no new-connection-mark=\
ping-WAN_conexao out-interface=WAN passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting comment="" connection-mark=\
ping-WAN_conexao disabled=no new-packet-mark=ping-wan_pacote passthrough=\
no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o Ping - OUT (LAN)" disabled=no new-connection-mark=\
ping-LAN_conexao out-interface=!WAN passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting comment="" connection-mark=\
ping-LAN_conexao disabled=no new-packet-mark=ping-lan_pacote passthrough=\
no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o P2P - IN" disabled=no in-interface=WAN \
new-connection-mark=p2p-in_conexao p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
p2p-in_conexao disabled=no new-packet-mark=p2p-in_pacote passthrough=no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o P2P - OUT" disabled=no new-connection-mark=\
p2p-out_conexao out-interface=WAN p2p=all-p2p passthrough=yes
add action=mark-packet chain=postrouting comment="" connection-mark=\
p2p-out_conexao disabled=no new-packet-mark=p2p-out_pacote passthrough=no
add action=mark-connection chain=prerouting comment=Streaming disabled=no \
in-interface=WAN new-connection-mark=streaming_conexao passthrough=yes \
protocol=tcp src-port=554
add action=mark-connection chain=prerouting comment="" disabled=no \
in-interface=WAN new-connection-mark=streaming_conexao passthrough=yes \
protocol=udp src-port=554,1755,8554
add action=mark-packet chain=prerouting comment="" connection-mark=\
streaming_conexao disabled=no new-packet-mark=streaming_pacote \
passthrough=no
add action=mark-connection chain=prerouting comment=\
"Marcar Conex\E3o FTP - IN" disabled=no in-interface=WAN \
new-connection-mark=ftp_conexao passthrough=yes protocol=tcp src-port=\
20-21
add action=mark-packet chain=prerouting comment="" connection-mark=\
ftp_conexao disabled=no new-packet-mark=ftp_pacote passthrough=no
add action=mark-connection chain=postrouting comment=\
"Marcar Conex\E3o FTP - OUT" disabled=no dst-port=20-21 \
new-connection-mark=ftp-out_conexao out-interface=WAN passthrough=yes \
protocol=tcp
add action=mark-packet chain=postrouting comment="" connection-mark=\
ftp-out_conexao disabled=no new-packet-mark=ftp-out_pacote passthrough=no