# ------------------- header ------------------- # Author: Denis Barbazza (denis . barbazza [at] gmail . com) # VERSION=2.3 # http://www.farlock.org/mikrotik/mikrotik-load-balancer-and-failover-and-traffic-prioritization/ # Set of rules to setup a load balancer and failover with mikrotik routeros # # Inspired by: # http://mum.mikrotik.com/presentations/US12/steve.pdf # https://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/ # http://wiki.mikrotik.com/wiki/Failover_Scripting # http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting # http://mum.mikrotik.com/presentations/US12/tomas.pdf # # Search in script rule starting with "### OPTIONAL", here you can enable or disable some features, # based on your needs. # # For more information and details about # this script please visit the wiki page at # http://wiki.mikrotik.com/wiki/Failover_Scripting # ------------------- header ------------------- # setup our interfaces and addresses, adapt it to your interfaces /interface ethernet set 2 name=LAN comment=eth3 set 0 name=ISP_1 comment=eth1 set 1 name=ISP_2 comment=eth2 /ip address add address=192.168.88.1/24 interface=LAN add address=1.1.1.32/24 interface=ISP_1 add address=2.2.2.32/24 interface=ISP_2 # Regole di nat per ciascuna interfaccia verso gli ISP /ip firewall nat add action=masquerade chain=srcnat out-interface=ISP_1 comment="NAT packet going through ISPs" add action=masquerade chain=srcnat out-interface=ISP_2 # Regole di routing con pesi diversi verso ciascun ISP /ip route add gateway=1.1.1.1 distance=10 check-gateway=ping comment="Route to ISPs" add gateway=2.2.2.2 distance=20 check-gateway=ping add gateway=1.1.1.1 routing-mark=ISP1_Route distance=10 comment="Route for marked connection" add gateway=2.2.2.2 routing-mark=ISP2_Route distance=10 # Not mark packet sent to direct connected network (physical and VPN) /ip firewall address-list add address=1.1.1.1/24 list=Connected comment="List of direct connected network" # ISP_1 add address=2.2.2.2/24 list=Connected # ISP_2 add address=192.168.w.0/24 list=Connected # VPN add address=192.168.88.0/24 list=Connected # LAN add address=192.168.88.0/24 list=LAN /ip firewall mangle add chain=prerouting src-address-list=Connected dst-address-list=Connected action=accept comment="Not mark packet directed to direct connected network" ### OPTIONAL ############# # ATTENTION! # Eventually remember to filter the traffic allowed from LAN to other networks! ############# # Mark packet coming through ISP interfaces and put them in the correct routing tables /ip firewall mangle add chain=input connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1 comment="Mark packet coming through ISP interfaces" add chain=input connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2 add chain=output connection-mark=from_ISP1 action=mark-routing new-routing-mark=ISP1_Route comment="Put the outbound reply connection in the correct routing table" add chain=output connection-mark=from_ISP2 action=mark-routing new-routing-mark=ISP2_Route # Now we should take care also of the connection from outside to LAN /ip firewall mangle add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1_to_LAN comment="Mark packet coming through ISP interfaces directed to LAN" add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2_to_LAN add chain=prerouting connection-mark=from_ISP1_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment="Put the reply connection from LAN in the correct routing table" add chain=prerouting connection-mark=from_ISP2_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route # Now you can add the script for Failover under menĂ¹ System->Scripts, name it "Failover" # and then we add a schedule that launch it every 2 minutes, we set the date and unix epoch, just in # case the clock isn't set /system scheduler add name="Check_connectivity" interval=2m on-event=Failover start-date=jan/1/1970 start-time=0:0:0 ### OPTIONAL # Qui possiamo optare per un balance PCC (Per connection Classifier) oppure per balance basato su Traffic Monitor ######################################################################################### # PCC # With PCC you must take care of bandwidth and number of WAN available, example: # - Two equal WAN: we need two PCC mangle rule, one with :2/1 mark for ISP1 and the other with :2/0 mark for ISP2 # - Three equal WAN: three rule, :3/0 mark for ISP1 - :3/1 mark for ISP2 - :3/2 mark for ISP3 # - Two disequal wan, first twice bandwidth of the seconf: three rule, :3/0 mark for ISP1 - :3/1 mark for ISP1 - :3/2 mark for ISP2 # As you can see we need to balance the traffic with PCC rule, more powerful WANs need more rules ;-) /ip firewall mangle add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \ src-address-list=LAN new-connection-mark=to_ISP1 passthrough=yes per-connection-classifier=both-addresses:2/0 comment="Doing PCC Balancing here" add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \ src-address-list=LAN new-connection-mark=to_ISP2 passthrough=yes per-connection-classifier=both-addresses:2/1 # If we want to balance also traffice generated from the mikrotik itself, actually nothing can be do ;-) it's in the TODO list... # Now choose the right route based on connection mark /ip firewall mangle add chain=prerouting action=mark-routing connection-mark=to_ISP1 src-address-list=LAN new-routing-mark=ISP1_Route comment="Mark balanced connection to the right routing table" add chain=prerouting action=mark-routing connection-mark=to_ISP2 src-address-list=LAN new-routing-mark=ISP2_Route ### OPTIONAL # If we use hotspot and we need balancing # /ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth comment="Rule for Hotspot and PCC" # Questa regola va testata.... # Invece modificando le regole di PCC aggiungendo hotspot=auth tutto funziona correttamente: #/ip firewall mangle #add action=mark-connection chain=prerouting comment="Doing PCC Balancing here" connection-mark=no-mark connection-state=new dst-address-type=\ # !local hotspot=auth new-connection-mark=to_ISP1 per-connection-classifier=dst-address:2/0 src-address-list=LAN #add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth \ # new-connection-mark=to_ISP2 per-connection-classifier=dst-address:2/1 src-address-list=LAN ######################################################################################### ### OPTIONAL ######################################################################################### # Automated based on bandwidth, switched by Traffic Monitor (thanks to Tomas Kirnak - t.kirnak @ atris.sk) # Now start marking connection and routing /ip firewall mangle add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!Connected dst-address-type=!local \ action=mark-connection new-connection-mark=from_LAN_to_WAN comment="Mark connection for Load Balancing" add chain=prerouting connection-mark=from_LAN_to_WAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment="Load-Balancing here" # Now we MUST assure that a connection routed to ISP will always stay there /ip firewall mangle add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP1_Route action=mark-connection new-connection-mark=Sticky_ISP1 comment="Mark connections as sticky" add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP2_Route action=mark-connection new-connection-mark=Sticky_ISP2 add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment="sticky connections will always go out through same ISP" add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route # Setup Traffic Monitor /tool traffic-monitor add interface=ISP_1 name=LB_ISP1_above trigger=above on-event=":log debug \"Load-Balance Debug: ISP\ 1 overloaded, switching to ISP2\";\r\ \n/ip firewall mangle set [find comment=\"Load-Balancing here\"] new-routing-mark=ISP2_Route" \ threshold=5242880 traffic=received comment="When ISP1 reaches 5mbit/s switch to ISP2" add interface=ISP_1 name=LB_ISP1_below trigger=below on-event=":log debug \"Load-Balance Debug: ISP\ 1 back to normal\";\r\ \n/ip firewall mangle set [find comment=\"Load-Balancing here\"] new-routing-mark=ISP1_Route" \ threshold=5242880 traffic=received comment="And on less traffic go back again to ISP1" ############################################################################################## ################################################################################### # Traffic Prioritization - thanks to Rick Frey - support @ rickfreyconsulting.com # some modification to original script to work correctly with HTTPS traffic # To act with layer 7 traffic check original script on http://rickfreyconsulting.com /ip firewall mangle add chain=output comment="Section Break - Input prioritize rules" disabled=yes add action=change-dscp chain=input comment="DSCP - 7 - Winbox Port 8291 (Local Management)" dst-port=8291 new-dscp=7 protocol=tcp ############################################################################################################################ #### This section sets priorities for tunneling methods used by the hosts on your LAN. #### ############################################################################################################################ /ip firewall mangle add chain=output comment="Section Break - VPN" disabled=yes add action=change-dscp chain=forward comment="DSCP - 5 - PPTP Port 1723 (LAN Traffic)" new-dscp=5 port=1723 protocol=tcp add action=change-dscp chain=forward comment="DSCP - 5 - GRE Protocol (LAN Traffic)" new-dscp=5 protocol=gre add action=change-dscp chain=forward comment="DSCP - 5 - L2TP UDP Port 500 (LAN Traffic)" new-dscp=5 port=500 protocol=udp add action=change-dscp chain=forward comment="DSCP - 5 - L2TP UDP Port 1701 (LAN Traffic)" new-dscp=5 port=1701 protocol=udp add action=change-dscp chain=forward comment="DSCP - 5 - L2TP UDP Port 4500 (LAN Traffic)" new-dscp=5 port=4500 protocol=udp add action=change-dscp chain=forward comment="DSCP - 5 - OVPN TCP Port 1194 (LAN Traffic)" new-dscp=5 port=1194 protocol=tcp ############################################################################################################################ #### This section sets priorities for VOIP Traffic #### ############################################################################################################################ add chain=output comment="Section Break - Voip" disabled=yes add action=change-dscp chain=postrouting comment="DSCP - 7 - VOIP" disabled=no new-dscp=7 passthrough=yes port=1167,1719,1720,8010 protocol=udp add action=change-dscp chain=postrouting comment="DSCP - 7 - VOIP" disabled=no new-dscp=7 passthrough=yes port=1719,1720,8008,8009 protocol=tcp add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP" disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=tcp add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP" disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=udp add action=change-dscp chain=postrouting comment="DSCP - 7 - SIP 5004" disabled=no new-dscp=7 passthrough=yes port=5004 protocol=udp add action=set-priority chain=postrouting comment="Priority - 7 - Ventrilo VOIP" new-priority=7 port=3784 protocol=tcp add action=set-priority chain=postrouting comment="Priority - 7 - Ventrilo VOIP" new-priority=7 port=3784,3785 protocol=udp add action=set-priority chain=postrouting comment="Priority - 7 - Windows Live Messenger Voice" new-priority=7 port=6901 protocol=tcp add action=set-priority chain=postrouting comment="Priority - 7 - Windows Live Messenger Voice" new-priority=7 port=6901 protocol=udp ############################################################################################################################ #### This section sets priorities for normal LAN Traffic #### ############################################################################################################################ add chain=output comment="Section Break - Normal traffic" disabled=yes add action=set-priority chain=prerouting comment="Priority - 6 - SSH" disabled=no new-priority=6 passthrough=yes port=22 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 6 - Telnet" disabled=no new-priority=6 passthrough=yes port=23 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 6 - ICMP" disabled=no new-priority=6 passthrough=yes protocol=icmp add action=set-priority chain=prerouting comment="Priority - 6 - TCP DNS Requests" disabled=no new-priority=6 passthrough=yes port=53 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 6 - UDP DNS & mDNS Requests" disabled=no new-priority=6 passthrough=yes port=53,5353 protocol=udp add action=set-priority chain=prerouting comment="Priority - 3 - HTTP Requests" connection-bytes=0-2000000 disabled=no dst-port=80 new-priority=3 passthrough=yes protocol=tcp add action=set-priority chain=prerouting comment="Priority - 3 - HTTPS Requests" connection-bytes=0-2000000 disabled=no dst-port=443 new-priority=3 passthrough=yes protocol=tcp add action=set-priority chain=prerouting comment="Priority - 4 - ICQ" disabled=no new-priority=5 passthrough=yes port=5190 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 4 - Yahoo IM" disabled=no new-priority=5 passthrough=yes port=5050 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 4 - AOL, IRC" disabled=no new-priority=4 passthrough=yes port=531,5190,6660-6669,6679,6697 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 4 - AOL, IRC" disabled=no new-priority=4 passthrough=yes port=531 protocol=udp add action=set-priority chain=prerouting comment="Priority - 4 - Time" disabled=no new-priority=4 passthrough=yes port=37 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 4 - Time" disabled=no new-priority=4 passthrough=yes port=37,123 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - SFTP" disabled=no dst-port=22 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - FTP" disabled=no dst-port=20,21 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - HTTP Downloads" connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=80 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - HTTPS Downloads" connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=443 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Mail Services" disabled=no port=110,995,143,993,25,57,109,465,587 new-priority=0 passthrough=yes protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - SNMP" disabled=no new-priority=0 passthrough=yes port=161,162 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - SNMP" disabled=no new-priority=0 passthrough=yes port=162 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - IMAP, IMAPS" disabled=no new-priority=0 passthrough=yes port=220,993 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - IMAP" disabled=no new-priority=0 passthrough=yes port=220 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Doom FPS" disabled=no new-priority=0 passthrough=yes port=666 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - America's Army MMO" disabled=no new-priority=0 passthrough=yes port=1716 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Civilization MMO" disabled=no new-priority=0 passthrough=yes port=2056 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Halo: Combat Evolved MMO" disabled=no new-priority=0 passthrough=yes port=2302 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Dark Ages" disabled=no port=2610 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Xbox Live" disabled=no new-priority=0 passthrough=yes port=3074 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Xbox Live" disabled=no new-priority=0 passthrough=yes port=3074 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Blizzard Games Online" disabled=no new-priority=0 passthrough=yes port=3723,6112 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Blizzard Games Online" disabled=no new-priority=0 passthrough=yes port=3723 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - WoW MMO" disabled=no new-priority=0 passthrough=yes port=3724 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - WoW MMO" disabled=no new-priority=0 passthrough=yes port=3724 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Club Penguin Disney Online" disabled=no new-priority=0 passthrough=yes port=3724,6112,6113,9875 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Diablo II" disabled=no new-priority=0 passthrough=yes port=4000 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Diablo II" disabled=no new-priority=0 passthrough=yes port=4000 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Microsoft Ants MMO" disabled=no new-priority=0 passthrough=yes port=4001 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Google Desktop" disabled=no new-priority=0 passthrough=yes port=4664 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - BZFlag" disabled=no new-priority=0 passthrough=yes port=5154 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - BZFlag" disabled=no new-priority=0 passthrough=yes port=5154 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Freeciv MMO" disabled=no new-priority=0 passthrough=yes port=5556 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Freeciv MMO" disabled=no new-priority=0 passthrough=yes port=5556 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Windows Live Messenger File Transfer" disabled=no new-priority=0 passthrough=yes port=6891-6900 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Enemy Territory: Quake Wars" disabled=no new-priority=0 passthrough=yes port=7133 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Teamspeak" disabled=no new-priority=0 passthrough=yes port=8767-8768 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Teamspeak" disabled=no new-priority=0 passthrough=yes port=9987 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Earthland Relams 2" disabled=no new-priority=0 passthrough=yes port=8888-8889 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Sony Playstation" disabled=no new-priority=0 passthrough=yes port=9293 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield 1942 MMO" disabled=no new-priority=0 passthrough=yes port=14567 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield Vietnam" disabled=no new-priority=0 passthrough=yes port=15567 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Battlefield 2" disabled=no new-priority=0 passthrough=yes port=16567 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Quake" disabled=no new-priority=0 passthrough=yes port=26000 protocol=tcp add action=set-priority chain=prerouting comment="Priority - 0 - Quake" disabled=no new-priority=0 passthrough=yes port=26000,27901,27960 protocol=udp add action=set-priority chain=prerouting comment="Priority - 0 - Call of Duty" disabled=no new-priority=0 passthrough=yes port=28960 protocol=udp add chain=output comment="Section Break" disabled=yes ######################################### #### VOIP #### ######################################### /ip firewall layer7-protocol add name=sip regexp=\ "^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]" add name=h323 regexp=\ "^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05" add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\ \?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\ \05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\ .\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\ \?\t|\ \n.\?.\?.\?.\?.\?.\?.\?.\?\ \n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\ \?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\ \?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\ .\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\ .\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\ \16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\ \?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\ \?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\ \1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\ \?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\ \?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\ .\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\ .\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\ .\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\ \?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\ \?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\ .\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\ \?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\ 7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\ \?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\ .\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\ \?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\ \?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\ .\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\ \?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\ .\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\ \?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\ .\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\ S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\ \?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\ .\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\ .\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\ .\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\ \?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\ .\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\ \?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\ .\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\ k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\ \?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\ .\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\ \?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\ u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\ \?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\ \?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\ \?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\ \?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\ \?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\ \85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\ .\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\ .\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\ \?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\ \?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\ \90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\ \?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\ \?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\ \98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\ .\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\ .\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\ \?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\ \?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\ \A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\ \?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\ \?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\ \AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\ .\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\ .\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\ \?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\ \?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\ \B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\ \?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\ \?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\ \BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\ .\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\ .\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\ \?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\ \?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\ \C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\ \?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\ \?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\ \D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\ .\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\ .\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\ \?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\ \?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\ \DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\ \?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\ \?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\ \E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\ .\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\ .\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\ \?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\ \?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\ \EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\ \?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\ \?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\ \F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\ .\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\ .\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\ \?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)" add name=skypetoskype regexp="^..\02............." add name=teamspeak regexp="^\F4\BE\03.*teamspeak" add name=ventrilo regexp="^..\?v\\\$\CF" add name=stun regexp="^[\01\02]................\?\$" /ip firewall mangle add action=set-priority chain=forward comment="Priority - 5 - VOIP - h323" layer7-protocol=h323 new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - SIP" layer7-protocol=sip new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - Skypeout" layer7-protocol=skypeout new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - skypetoskype" layer7-protocol=skypetoskype new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - STUN" layer7-protocol=stun new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - Teamspeak" layer7-protocol=teamspeak new-priority=5 add action=set-priority chain=forward comment="Priority - 5 - VOIP - Ventrilo" layer7-protocol=ventrilo new-priority=5