essas aqui caem bem no serve
ip>firewal mangle
10 ;;; WEB PROXY
chain=output protocol=tcp src-port=3126 action=mark-connection new-connection-mark=web proxy passthrough=yes
11 chain=output connection-mark=web proxy action=mark-packet new-packet-mark=web proxy passthrough=no
12 ;;; DOWN-VIA PROXY
chain=output out-interface=bridge wlan dwl 520 dst-address=10.10.10.0/24 action=mark-packet new-packet-mark=test-donw passthrough=no
13 ;;; UP-TRAFFIC
chain=prerouting in-interface=bridge wlan dwl 520 src-address=10.10.10.0/24 action=mark-packet new-packet-mark=test-up passthrough=yes
14 ;;; HTTP[80]
chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http[80] passthrough=yes
15 chain=prerouting connection-mark=http[80] action=mark-packet new-packet-mark=HTTP[80] passthrough=no
16 chain=postrouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http 80 externo passthrough=no
17 chain=prerouting connection-mark=http 80 externo action=mark-packet new-packet-mark=http externo passthrough=no
mais estas regras somadas a queue tree
>queue tree
5 name="http p 80" parent=global-in packet-mark=HTTP[80] limit-at=1000000 queue=HTTP-[80] priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
burst-time=0s
6 name="web proxy" parent=global-out packet-mark=web proxy limit-at=1000000 queue=WEB PROXY priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
burst-time=0s