Melhores regras de P2P - MK 2.9.27
Pessoal, hoje infelizmente eu não consigo controlar os p2p na versão 2.9.27, estou bloqueando portas, e não está legal... Gostaria de uma ajuda de vocês para ao invés de bloquear o P2P, controlar, se possível postem suas regras e comentem...
/ ip firewall filter
add chain=forward src-address=192.168.21.0/24 protocol=udp src-port=0 action=drop comment="Controle P2P ARES e \
Semelhantes" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp src-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 p2p=warez action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="Bloqueio de portas UDP \
e TCP" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=1900-2500 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=63000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=1200-1500 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp tcp-flags=syn packet-mark=!semlimite connection-limit=20,32 \
action=drop comment="Limitando a 20 o n mero conexoes simult neas" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="MARK P2P" \
disabled=no
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" \
disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=80 action=mark-packet new-packet-mark=semlimite \
passthrough=yes comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=443 action=mark-packet new-packet-mark=semlimite \
passthrough=yes comment="" disabled=no
/ queue tree
add name="P2P-Down" parent=global-in packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=20000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="P2P-Up" parent=global-out packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=20000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no