Postado originalmente por
schramm
amigo eu uso aqui regras semelhantes as suas e esta funcionando blz...
da uma olhada nelas, pois eu nao notei nenhuma diferença significativa entre as duas
/ queue tree
add name="limitar p2p-r1" parent=global-in packet-mark=p2p-r2 limit-at=0 queue=default priority=8 max-limit=150000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="limitar p2p-r2" parent=global-out packet-mark=p2p-r2 limit-at=0 queue=default priority=8 max-limit=150000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ ip firewall filter
add chain=input in-interface=link protocol=tcp dst-port=8080 action=drop comment="BLOQUEAR PROXY EXTERNO" disabled=no
add chain=input protocol=icmp action=drop comment="BLOQUEAR PING" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp src-port=0 action=drop comment="CONTROLE P2P WAREZ E SEMELHANTES" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp src-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 p2p=warez action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp dst-port=10025-65535 action=drop comment="BLOQUEIO DE PORTAS TCP-UDP" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-r1 passthrough=yes comment="bloquear p2p" disabled=no
add chain=prerouting connection-mark=p2p-r1 action=mark-packet new-packet-mark=p2p-r2 passthrough=yes comment="" disabled=no
qualquer coisa nos de mais detalhes, tipo se em mangle ta contabilizando pacotes na frente dessas regras q vc fez e dados desse tipo...