Bert-Proesmans · October 28, 2018 21:24
diff --git a/qos-all.mik b/qos-all.mik
 # Date: October 28, 2018
 # Version: 1.3
 # Tested with RouterOS 6.43.4
 #
 # Implement some QoS on outgoing/incoming internet connections.
 #
 # NOTE(28/10/2018): Make sure to await FastTracking up until the necessary amount of bytes per 
 #                   connection have been processed! (about 500kB)
 #
 # TODO(27/10/2018): Figure out Layer-7 detection+marking. Altough with more encryption this becomes
 #                   really difficult..

 :local LASTUPDATE "28/10/2018"

 ## This is the interface to run the QOS on. This is the edge interface before traffic leaves your MikroTik
 :local QOSINTERFACE "Scarlet PPoE"
 :local LANBRIDGE "bridge LAN"
 
 ## This is the name of this interface. Use it to distinguish it from other QOS scripts running
 :local TREE "SPPP"
 
 ## Adjust speeds to match 90% of the download and upload rate for the interface
 # NOTE; k = 1000, M = 1000k -> Used for (connection) rates and byte amount!
 :local PCQDOWNLOD "40M"
 :local PCQUPLOAD "9M"

 ## Priority levels

 # A = realtime priority
 # This includes CS5 and up
 # LEVEL_A_UP - LEVEL_A_DOWN

 # B = normal priority
 # This includes CS1 and up
 # LEVEL_B_UP - LEVEL_B_DOWN

 # C = bulk priority
 # This includes best effort and high bandwidth connections
 # LEVEL_C_UP - LEVEL_C_DOWN


 ## Collect IP ranges for important services ##
 /ip firewall address-list

 # Reset
 :foreach i in=[find list="games"] do={
    remove $i
 }

 # Riot LOL ports
 # 
 # 5000 - 5500 UDP
 # 8393 - 8400 TCP
 # 80    TCP
 # 443   TCP

 add address=31.186.224.0/24 comment="LoL Europe" list=games
 add address=31.186.226.0/24 comment="LoL Europe" list=games
 add address=64.7.194.0/24 comment="LoL Europe" list=games
 add address=95.172.65.0/24 comment="LoL Europe" list=games
 add address=95.172.70.0/24 comment="LoL Europe" list=games
 add address=195.59.150.0/24 comment="LoL Europe" list=games
 add address=141.101.114.0/24 comment="LoL Europe" list=games
 add address=173.194.39.0/25 comment="LoL Europe" list=games
 add address=141.101.115.0/24 comment="LoL Europe" list=games
 add address=23.23.241.0/24 comment="LoL Europe" list=games
 add address=54.186.114.0/24 comment="LoL Europe" list=games
 add address=185.40.66.0/24 comment="LoL Europe" list=games
 add address=185.40.65.0/24 comment="LoL Europe" list=games
 add address=162.249.72.0/24 comment="LoL Europe" list=games

 # Steam ports (AS32590)
 #
 # 27015-27030 UDP+TCP
 # 80    TCP
 # 443   TCP

 add address=146.66.152.0/23 comment="Steam Europe" list=games
 add address=146.66.154.0/24 comment="Steam Europe" list=games
 add address=146.66.155.0/24 comment="Steam Europe" list=games
 add address=146.66.156.0/23 comment="Steam Europe" list=games
 add address=146.66.158.0/23 comment="Steam Europe" list=games
 add address=185.25.180.0/23 comment="Steam Europe" list=games
 add address=185.25.182.0/24 comment="Steam Europe" list=games
 add address=185.25.183.0/24 comment="Steam Europe" list=games
 add address=155.133.224.0/23 comment="Steam Europe" list=games
 add address=155.133.227.0/24 comment="Steam Europe" list=games
 add address=155.133.228.0/23 comment="Steam Europe" list=games
 add address=155.133.230.0/23 comment="Steam Europe" list=games
 add address=155.133.232.0/24 comment="Steam Europe" list=games
 add address=155.133.233.0/24 comment="Steam Europe" list=games
 add address=155.133.234.0/24 comment="Steam Europe" list=games
 add address=155.133.235.0/24 comment="Steam Europe" list=games
 add address=155.133.236.0/23 comment="Steam Europe" list=games
 add address=155.133.238.0/24 comment="Steam Europe" list=games
 add address=155.133.239.0/24 comment="Steam Europe" list=games
 add address=155.133.240.0/23 comment="Steam Europe" list=games
 add address=155.133.242.0/23 comment="Steam Europe" list=games
 add address=155.133.244.0/24 comment="Steam Europe" list=games
 add address=155.133.245.0/24 comment="Steam Europe" list=games
 add address=155.133.246.0/23 comment="Steam Europe" list=games
 add address=155.133.248.0/24 comment="Steam Europe" list=games
 add address=155.133.249.0/24 comment="Steam Europe" list=games
 add address=155.133.250.0/24 comment="Steam Europe" list=games
 add address=155.133.252.0/24 comment="Steam Europe" list=games
 add address=155.133.253.0/24 comment="Steam Europe" list=games
 add address=155.133.254.0/24 comment="Steam Europe" list=games
 add address=155.133.255.0/24 comment="Steam Europe" list=games

 ## Mangle Rules to tag traffic ##

 # DSCP conversion table
 # NOTE: Not all DS field values are used!
 #   -> Try to fill the list with actually used tags. Also because they override any other connection
 #      marking!
 # 
 # | DSCP Name 	    | DS Field Value (Dec) 	| IP Precedence (Description)
 # -----------------------------------------------------------------------
 # | CS0 	        | 0 	                | 0: Best Effort
 # | CS1, AF11-13 	| 8,10,12,14 	        | 1: Priority   (Class 1)
 # | CS2, AF21-23 	| 16,18,20,22 	        | 2: Immediate  (Class 2)
 # | CS3, AF31-33 	| 24,26,28,30 	        | 3: Flash - mainly used for voice signaling(Class 3)
 # | CS4, AF41-43 	| 32,34,36,38 	        | 4: Flash Override                         (Class 4)
 # | CS5, EF 	    | 40,46 	            | 5: Critical - mainly used for voice RTP
 # | CS6 	        | 48 	                | 6: Internetwork Control
 # | CS7 	        | 56 	                | 7: Network Control 

 /ip firewall mangle

 # Reset
 :foreach i in=[find where (action="mark-packet" || action="mark-connection" || comment~"^autoconf:")] do={
    remove $i
 }

 add action=log chain=notes comment=("autoconf: Start of QoS tree. Last update on " . $LASTUPDATE)

 # DSCP comes from the client indicating priority. The provided information will always overrule any other configuration!
 add chain=prerouting action=mark-packet new-packet-mark="DSCP_LowP" dscp=16 passthrough=no comment="autoconf: DSCP"
 add chain=prerouting action=mark-packet new-packet-mark="DSCP_HighP" dscp=40 passthrough=no comment="autoconf:"
 add chain=prerouting action=mark-packet new-packet-mark="DSCP_HighP" dscp=46 passthrough=no comment="autoconf:"
 add chain=prerouting action=mark-packet new-packet-mark="DSCP_Crit" dscp=48 passthrough=no comment="autoconf:"
 # No use in tagging 'Best effort' traffic since anything unclassified will be caught by the matching rules below.
 # add chain=prerouting action=mark-packet new-packet-mark="DSCP_Other" dscp=0 passthrough=yes comment="autoconf:"

 # DNS requests. Mark in pre- and postrouting because DNS is sent out by the router (itself) too.
 add chain=prerouting  action=mark-connection protocol=udp   port=53 connection-state=new new-connection-mark="DNS" comment="autoconf: DNS"
 add chain=postrouting action=mark-connection protocol=udp   port=53 connection-state=new new-connection-mark="DNS" comment="autoconf:"
 add chain=prerouting  action=mark-packet     passthrough=no connection-mark="DNS"        new-packet-mark="DNS" comment="autoconf:"
 add chain=postrouting action=mark-packet     passthrough=no connection-mark="DNS"        new-packet-mark="DNS" comment="autoconf:"

 # ACK traffic.
 add chain=prerouting  action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK" comment="autoconf: ACK"
 add chain=postrouting action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK" comment="autoconf:"

 # Defined game servers
 # NOTE; '_DL' separation only on TCP streams (these are downloads), udp packets are NOT AND SHOULD NOT be limited!
 add chain=prerouting action=mark-connection connection-state=new dst-address-list=games connection-mark=no-mark new-connection-mark="GAMES" comment="autoconf: GAMES"
 add chain=prerouting action=mark-connection protocol=tcp connection-mark="GAMES" connection-bytes=500k-0 connection-rate=200k-1G new-connection-mark="GAMES_DL" comment="autoconf:"
 add chain=prerouting action=mark-packet passthrough=no   connection-mark="GAMES"    new-packet-mark="GAMES"       comment="autoconf:"
 add chain=prerouting action=mark-packet passthrough=no   connection-mark="GAMES_DL" new-packet-mark="GAMES_DL"    comment="autoconf:"

 # Mark all new HTTP(s) connections with "HTTP" if they have not previously been marked as "HTTP_BIG".
 # If the current mark of "HTTP" tranfers more than 0.5MB and at a rate of 200k+ then mark it as "HTTP_BIG" for the duration of the TCP session.
 add chain=prerouting  action=mark-connection protocol=tcp connection-state=new port=80,443 connection-mark=no-mark new-connection-mark="HTTP" comment="autoconf: HTTP"
 add chain=prerouting  action=mark-connection protocol=tcp connection-mark="HTTP" connection-bytes=500k-0 connection-rate=200k-1G new-connection-mark="HTTP_BIG" comment="autoconf:"
 add chain=prerouting  action=mark-packet passthrough=no   connection-mark="HTTP"     new-packet-mark="HTTP"       comment="autoconf:"
 add chain=prerouting  action=mark-packet passthrough=no   connection-mark="HTTP_BIG" new-packet-mark="HTTP_BIG"   comment="autoconf:"

 # P2P - This is a bit tough, there used to be a P2P filter builtin but selecting this traffic became a hard problem recently..
 # add chain=prerouting  action=mark-connection protocol=udp new-connection-mark="P2P" comment="autoconf: P2P"
 # add chain=prerouting  action=mark-packet passthrough=no connection-mark="P2P" new-packet-mark="P2P" comment="autoconf:"
 # add chain=postrouting action=mark-packet passthrough=no connection-mark="P2P" new-packet-mark="P2P" comment="autoconf:"

 #########
 # At the moment not much else can be selected to explicitly prioritize. Most downloading happens over '(HTTP/S) TCP 80/443' and UDP cannot be shaped.
 # Specific IPs/ports + protocol needs to be known.. layer7 filtering could help!
 #########

 # Mark all left over UDP traffic. Mark different UDP streams if you want more granularity.
 add chain=prerouting  action=mark-connection protocol=udp connection-mark=no-mark connection-state=new new-connection-mark="UDP" comment="autoconf: DP"
 add chain=prerouting  action=mark-packet                  connection-mark="UDP" new-packet-mark="UDP"  passthrough=no            comment="autoconf:"

 # Mark everything else that has no mark applied.
 add chain=prerouting action=mark-connection  connection-mark=no-mark connection-state=new new-connection-mark="OTHER" comment="autoconf: OTHER"
 add chain=prerouting action=mark-packet      passthrough=no connection-mark="OTHER"       new-packet-mark="OTHER"     comment="autoconf:"

 ###############################################################################
 # HTB Queue Tree a unidirectional queue
 #
 # Notes:
 # priority means 'drop packets' WHEN needed.
 # When limit-at=0   priority starts when max-limit is reached.
 # When limit-at=123 priority starts when limit-at is reached.
 #
 # The priority option applies to CHILDREN not parents. Parent is for setting
 # overall limits. Therefore use limit-at and max-limit on the children if
 # you want more granularity.
 #
 # max-limit must always be set or priority will not happen.
 #
 # Tips for TCP (not VoIP) SOHO network:
 # limit-at  = Total bandwidth / max hosts 
 # max-limit = Total bandwidth / min hosts 
 #
 /queue tree
 ###############################################################################

 # Reset
 :foreach i in=[find where (name~("^".$TREE) || parent~("^".$TREE))] do={
    remove $i
 }

 # The secret to ensuring VoIP quality (or any UDP traffic) is to put it into
 # a queue that will never be full and thus never prioritize (drop) packets.
 add name=($TREE . "_LEVEL_A_UP")   parent=$QOSINTERFACE  queue=default max-limit=$PCQUPLOAD  
 add name=($TREE . "_LEVEL_A_DOWN") parent=$LANBRIDGE     queue=default max-limit=$PCQDOWNLOD

 # Next, create a queue for high priority traffic.
 add name=($TREE . "_LEVEL_B_UP")   parent=$QOSINTERFACE  queue=default max-limit=$PCQUPLOAD
 add name=($TREE . "_LEVEL_B_DOWN") parent=$LANBRIDGE     queue=default max-limit=$PCQDOWNLOD 

 # Finally, create a queue for traffic that normally exceeds levels.
 add name=($TREE . "_LEVEL_C_UP")   parent=$QOSINTERFACE  queue=default max-limit=$PCQUPLOAD
 add name=($TREE . "_LEVEL_C_DOWN") parent=$LANBRIDGE     queue=default max-limit=$PCQDOWNLOD

 ## A
 add name="DSCP_A_U"     parent=($TREE . "_LEVEL_A_UP")   packet-mark="DSCP_Crit" queue=default priority=1
 add name="DSCP_A_D"     parent=($TREE . "_LEVEL_A_DOWN") packet-mark="DSCP_Crit" queue=default priority=1
 add name="GAMES_U"      parent=($TREE . "_LEVEL_A_UP")   packet-mark="GAMES"     queue=default priority=2
 add name="GAMES_D"      parent=($TREE . "_LEVEL_A_DOWN") packet-mark="GAMES"     queue=default priority=2

 ## B
 add name="DSCP_B_U"     parent=($TREE . "_LEVEL_B_UP")   packet-mark="DSCP_HighP" queue=default priority=1
 add name="DSCP_B_D"     parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DSCP_HighP" queue=default priority=1
 add name="ACK_U"        parent=($TREE . "_LEVEL_B_UP")   packet-mark="ACK"        queue=default priority=2
 add name="ACK_D"        parent=($TREE . "_LEVEL_B_DOWN") packet-mark="ACK"        queue=default priority=2
 add name="DNS_U"        parent=($TREE . "_LEVEL_B_UP")   packet-mark="DNS"        queue=default priority=3
 add name="DNS_D"        parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DNS"        queue=default priority=3
 add name="UDP_U"        parent=($TREE . "_LEVEL_B_UP")   packet-mark="UDP"        queue=default priority=4
 add name="UDP_D"        parent=($TREE . "_LEVEL_B_DOWN") packet-mark="UDP"        queue=default priority=4
 add name="DSCP_B2_U"    parent=($TREE . "_LEVEL_B_UP")   packet-mark="DSCP_LowP"  queue=default priority=5
 add name="DSCP_B2_D"    parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DSCP_LowP"  queue=default priority=5
 add name="ICMP_U"       parent=($TREE . "_LEVEL_B_UP")   packet-mark="ICMP"       queue=default priority=6
 add name="ICMP_D"       parent=($TREE . "_LEVEL_B_DOWN") packet-mark="ICMP"       queue=default priority=6

 ## C
 add name="HTTP_U"       parent=($TREE . "_LEVEL_C_UP")   packet-mark="HTTP"       queue=default priority=1
 add name="HTTP_D"       parent=($TREE . "_LEVEL_C_DOWN") packet-mark="HTTP"       queue=default priority=1
 add name="DSCP_C_U"     parent=($TREE . "_LEVEL_C_UP")   packet-mark="DSCP_Other" queue=default priority=2
 add name="DSCP_C_D"     parent=($TREE . "_LEVEL_C_DOWN") packet-mark="DSCP_Other" queue=default priority=2
 add name="GAMES_DL_U"   parent=($TREE . "_LEVEL_C_UP")   packet-mark="GAMES_DL"   queue=default priority=3
 add name="GAMES_DL_D"   parent=($TREE . "_LEVEL_C_DOWN") packet-mark="GAMES_DL"   queue=default priority=3
 add name="HTTP_BIG_U"   parent=($TREE . "_LEVEL_C_UP")   packet-mark="HTTP_BIG"   queue=default priority=4
 add name="HTTP_BIG_D"   parent=($TREE . "_LEVEL_C_DOWN") packet-mark="HTTP_BIG"   queue=default priority=4
 add name="OTHER_U"      parent=($TREE . "_LEVEL_C_UP")   packet-mark="OTHER"      queue=default priority=5
 add name="OTHER_D"      parent=($TREE . "_LEVEL_C_DOWN") packet-mark="OTHER"      queue=default priority=5
	# Date: October 28, 2018
	# Version: 1.3
	# Tested with RouterOS 6.43.4
	#
	# Implement some QoS on outgoing/incoming internet connections.
	#
	# NOTE(28/10/2018): Make sure to await FastTracking up until the necessary amount of bytes per
	# connection have been processed! (about 500kB)
	#
	# TODO(27/10/2018): Figure out Layer-7 detection+marking. Altough with more encryption this becomes
	# really difficult..

	:local LASTUPDATE "28/10/2018"

	## This is the interface to run the QOS on. This is the edge interface before traffic leaves your MikroTik
	:local QOSINTERFACE "Scarlet PPoE"
	:local LANBRIDGE "bridge LAN"

	## This is the name of this interface. Use it to distinguish it from other QOS scripts running
	:local TREE "SPPP"

	## Adjust speeds to match 90% of the download and upload rate for the interface
	# NOTE; k = 1000, M = 1000k -> Used for (connection) rates and byte amount!
	:local PCQDOWNLOD "40M"
	:local PCQUPLOAD "9M"

	## Priority levels

	# A = realtime priority
	# This includes CS5 and up
	# LEVEL_A_UP - LEVEL_A_DOWN

	# B = normal priority
	# This includes CS1 and up
	# LEVEL_B_UP - LEVEL_B_DOWN

	# C = bulk priority
	# This includes best effort and high bandwidth connections
	# LEVEL_C_UP - LEVEL_C_DOWN


	## Collect IP ranges for important services ##
	/ip firewall address-list

	# Reset
	:foreach i in=[find list="games"] do={
	remove $i
	}

	# Riot LOL ports
	#
	# 5000 - 5500 UDP
	# 8393 - 8400 TCP
	# 80 TCP
	# 443 TCP

	add address=31.186.224.0/24 comment="LoL Europe" list=games
	add address=31.186.226.0/24 comment="LoL Europe" list=games
	add address=64.7.194.0/24 comment="LoL Europe" list=games
	add address=95.172.65.0/24 comment="LoL Europe" list=games
	add address=95.172.70.0/24 comment="LoL Europe" list=games
	add address=195.59.150.0/24 comment="LoL Europe" list=games
	add address=141.101.114.0/24 comment="LoL Europe" list=games
	add address=173.194.39.0/25 comment="LoL Europe" list=games
	add address=141.101.115.0/24 comment="LoL Europe" list=games
	add address=23.23.241.0/24 comment="LoL Europe" list=games
	add address=54.186.114.0/24 comment="LoL Europe" list=games
	add address=185.40.66.0/24 comment="LoL Europe" list=games
	add address=185.40.65.0/24 comment="LoL Europe" list=games
	add address=162.249.72.0/24 comment="LoL Europe" list=games

	# Steam ports (AS32590)
	#
	# 27015-27030 UDP+TCP
	# 80 TCP
	# 443 TCP

	add address=146.66.152.0/23 comment="Steam Europe" list=games
	add address=146.66.154.0/24 comment="Steam Europe" list=games
	add address=146.66.155.0/24 comment="Steam Europe" list=games
	add address=146.66.156.0/23 comment="Steam Europe" list=games
	add address=146.66.158.0/23 comment="Steam Europe" list=games
	add address=185.25.180.0/23 comment="Steam Europe" list=games
	add address=185.25.182.0/24 comment="Steam Europe" list=games
	add address=185.25.183.0/24 comment="Steam Europe" list=games
	add address=155.133.224.0/23 comment="Steam Europe" list=games
	add address=155.133.227.0/24 comment="Steam Europe" list=games
	add address=155.133.228.0/23 comment="Steam Europe" list=games
	add address=155.133.230.0/23 comment="Steam Europe" list=games
	add address=155.133.232.0/24 comment="Steam Europe" list=games
	add address=155.133.233.0/24 comment="Steam Europe" list=games
	add address=155.133.234.0/24 comment="Steam Europe" list=games
	add address=155.133.235.0/24 comment="Steam Europe" list=games
	add address=155.133.236.0/23 comment="Steam Europe" list=games
	add address=155.133.238.0/24 comment="Steam Europe" list=games
	add address=155.133.239.0/24 comment="Steam Europe" list=games
	add address=155.133.240.0/23 comment="Steam Europe" list=games
	add address=155.133.242.0/23 comment="Steam Europe" list=games
	add address=155.133.244.0/24 comment="Steam Europe" list=games
	add address=155.133.245.0/24 comment="Steam Europe" list=games
	add address=155.133.246.0/23 comment="Steam Europe" list=games
	add address=155.133.248.0/24 comment="Steam Europe" list=games
	add address=155.133.249.0/24 comment="Steam Europe" list=games
	add address=155.133.250.0/24 comment="Steam Europe" list=games
	add address=155.133.252.0/24 comment="Steam Europe" list=games
	add address=155.133.253.0/24 comment="Steam Europe" list=games
	add address=155.133.254.0/24 comment="Steam Europe" list=games
	add address=155.133.255.0/24 comment="Steam Europe" list=games

	## Mangle Rules to tag traffic ##

	# DSCP conversion table
	# NOTE: Not all DS field values are used!
	# -> Try to fill the list with actually used tags. Also because they override any other connection
	# marking!
	#
	# \| DSCP Name \| DS Field Value (Dec) \| IP Precedence (Description)
	# -----------------------------------------------------------------------
	# \| CS0 \| 0 \| 0: Best Effort
	# \| CS1, AF11-13 \| 8,10,12,14 \| 1: Priority (Class 1)
	# \| CS2, AF21-23 \| 16,18,20,22 \| 2: Immediate (Class 2)
	# \| CS3, AF31-33 \| 24,26,28,30 \| 3: Flash - mainly used for voice signaling(Class 3)
	# \| CS4, AF41-43 \| 32,34,36,38 \| 4: Flash Override (Class 4)
	# \| CS5, EF \| 40,46 \| 5: Critical - mainly used for voice RTP
	# \| CS6 \| 48 \| 6: Internetwork Control
	# \| CS7 \| 56 \| 7: Network Control

	/ip firewall mangle

	# Reset
	:foreach i in=[find where (action="mark-packet" \|\| action="mark-connection" \|\| comment~"^autoconf:")] do={
	remove $i
	}

	add action=log chain=notes comment=("autoconf: Start of QoS tree. Last update on " . $LASTUPDATE)

	# DSCP comes from the client indicating priority. The provided information will always overrule any other configuration!
	add chain=prerouting action=mark-packet new-packet-mark="DSCP_LowP" dscp=16 passthrough=no comment="autoconf: DSCP"
	add chain=prerouting action=mark-packet new-packet-mark="DSCP_HighP" dscp=40 passthrough=no comment="autoconf:"
	add chain=prerouting action=mark-packet new-packet-mark="DSCP_HighP" dscp=46 passthrough=no comment="autoconf:"
	add chain=prerouting action=mark-packet new-packet-mark="DSCP_Crit" dscp=48 passthrough=no comment="autoconf:"
	# No use in tagging 'Best effort' traffic since anything unclassified will be caught by the matching rules below.
	# add chain=prerouting action=mark-packet new-packet-mark="DSCP_Other" dscp=0 passthrough=yes comment="autoconf:"

	# DNS requests. Mark in pre- and postrouting because DNS is sent out by the router (itself) too.
	add chain=prerouting action=mark-connection protocol=udp port=53 connection-state=new new-connection-mark="DNS" comment="autoconf: DNS"
	add chain=postrouting action=mark-connection protocol=udp port=53 connection-state=new new-connection-mark="DNS" comment="autoconf:"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="DNS" new-packet-mark="DNS" comment="autoconf:"
	add chain=postrouting action=mark-packet passthrough=no connection-mark="DNS" new-packet-mark="DNS" comment="autoconf:"

	# ACK traffic.
	add chain=prerouting action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK" comment="autoconf: ACK"
	add chain=postrouting action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK" comment="autoconf:"

	# Defined game servers
	# NOTE; '_DL' separation only on TCP streams (these are downloads), udp packets are NOT AND SHOULD NOT be limited!
	add chain=prerouting action=mark-connection connection-state=new dst-address-list=games connection-mark=no-mark new-connection-mark="GAMES" comment="autoconf: GAMES"
	add chain=prerouting action=mark-connection protocol=tcp connection-mark="GAMES" connection-bytes=500k-0 connection-rate=200k-1G new-connection-mark="GAMES_DL" comment="autoconf:"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="GAMES" new-packet-mark="GAMES" comment="autoconf:"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="GAMES_DL" new-packet-mark="GAMES_DL" comment="autoconf:"

	# Mark all new HTTP(s) connections with "HTTP" if they have not previously been marked as "HTTP_BIG".
	# If the current mark of "HTTP" tranfers more than 0.5MB and at a rate of 200k+ then mark it as "HTTP_BIG" for the duration of the TCP session.
	add chain=prerouting action=mark-connection protocol=tcp connection-state=new port=80,443 connection-mark=no-mark new-connection-mark="HTTP" comment="autoconf: HTTP"
	add chain=prerouting action=mark-connection protocol=tcp connection-mark="HTTP" connection-bytes=500k-0 connection-rate=200k-1G new-connection-mark="HTTP_BIG" comment="autoconf:"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="HTTP" new-packet-mark="HTTP" comment="autoconf:"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="HTTP_BIG" new-packet-mark="HTTP_BIG" comment="autoconf:"

	# P2P - This is a bit tough, there used to be a P2P filter builtin but selecting this traffic became a hard problem recently..
	# add chain=prerouting action=mark-connection protocol=udp new-connection-mark="P2P" comment="autoconf: P2P"
	# add chain=prerouting action=mark-packet passthrough=no connection-mark="P2P" new-packet-mark="P2P" comment="autoconf:"
	# add chain=postrouting action=mark-packet passthrough=no connection-mark="P2P" new-packet-mark="P2P" comment="autoconf:"

	#########
	# At the moment not much else can be selected to explicitly prioritize. Most downloading happens over '(HTTP/S) TCP 80/443' and UDP cannot be shaped.
	# Specific IPs/ports + protocol needs to be known.. layer7 filtering could help!
	#########

	# Mark all left over UDP traffic. Mark different UDP streams if you want more granularity.
	add chain=prerouting action=mark-connection protocol=udp connection-mark=no-mark connection-state=new new-connection-mark="UDP" comment="autoconf: DP"
	add chain=prerouting action=mark-packet connection-mark="UDP" new-packet-mark="UDP" passthrough=no comment="autoconf:"

	# Mark everything else that has no mark applied.
	add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new new-connection-mark="OTHER" comment="autoconf: OTHER"
	add chain=prerouting action=mark-packet passthrough=no connection-mark="OTHER" new-packet-mark="OTHER" comment="autoconf:"

	###############################################################################
	# HTB Queue Tree a unidirectional queue
	#
	# Notes:
	# priority means 'drop packets' WHEN needed.
	# When limit-at=0 priority starts when max-limit is reached.
	# When limit-at=123 priority starts when limit-at is reached.
	#
	# The priority option applies to CHILDREN not parents. Parent is for setting
	# overall limits. Therefore use limit-at and max-limit on the children if
	# you want more granularity.
	#
	# max-limit must always be set or priority will not happen.
	#
	# Tips for TCP (not VoIP) SOHO network:
	# limit-at = Total bandwidth / max hosts
	# max-limit = Total bandwidth / min hosts
	#
	/queue tree
	###############################################################################

	# Reset
	:foreach i in=[find where (name~("^".$TREE) \|\| parent~("^".$TREE))] do={
	remove $i
	}

	# The secret to ensuring VoIP quality (or any UDP traffic) is to put it into
	# a queue that will never be full and thus never prioritize (drop) packets.
	add name=($TREE . "_LEVEL_A_UP") parent=$QOSINTERFACE queue=default max-limit=$PCQUPLOAD
	add name=($TREE . "_LEVEL_A_DOWN") parent=$LANBRIDGE queue=default max-limit=$PCQDOWNLOD

	# Next, create a queue for high priority traffic.
	add name=($TREE . "_LEVEL_B_UP") parent=$QOSINTERFACE queue=default max-limit=$PCQUPLOAD
	add name=($TREE . "_LEVEL_B_DOWN") parent=$LANBRIDGE queue=default max-limit=$PCQDOWNLOD

	# Finally, create a queue for traffic that normally exceeds levels.
	add name=($TREE . "_LEVEL_C_UP") parent=$QOSINTERFACE queue=default max-limit=$PCQUPLOAD
	add name=($TREE . "_LEVEL_C_DOWN") parent=$LANBRIDGE queue=default max-limit=$PCQDOWNLOD

	## A
	add name="DSCP_A_U" parent=($TREE . "_LEVEL_A_UP") packet-mark="DSCP_Crit" queue=default priority=1
	add name="DSCP_A_D" parent=($TREE . "_LEVEL_A_DOWN") packet-mark="DSCP_Crit" queue=default priority=1
	add name="GAMES_U" parent=($TREE . "_LEVEL_A_UP") packet-mark="GAMES" queue=default priority=2
	add name="GAMES_D" parent=($TREE . "_LEVEL_A_DOWN") packet-mark="GAMES" queue=default priority=2

	## B
	add name="DSCP_B_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="DSCP_HighP" queue=default priority=1
	add name="DSCP_B_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DSCP_HighP" queue=default priority=1
	add name="ACK_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="ACK" queue=default priority=2
	add name="ACK_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="ACK" queue=default priority=2
	add name="DNS_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="DNS" queue=default priority=3
	add name="DNS_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DNS" queue=default priority=3
	add name="UDP_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="UDP" queue=default priority=4
	add name="UDP_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="UDP" queue=default priority=4
	add name="DSCP_B2_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="DSCP_LowP" queue=default priority=5
	add name="DSCP_B2_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="DSCP_LowP" queue=default priority=5
	add name="ICMP_U" parent=($TREE . "_LEVEL_B_UP") packet-mark="ICMP" queue=default priority=6
	add name="ICMP_D" parent=($TREE . "_LEVEL_B_DOWN") packet-mark="ICMP" queue=default priority=6

	## C
	add name="HTTP_U" parent=($TREE . "_LEVEL_C_UP") packet-mark="HTTP" queue=default priority=1
	add name="HTTP_D" parent=($TREE . "_LEVEL_C_DOWN") packet-mark="HTTP" queue=default priority=1
	add name="DSCP_C_U" parent=($TREE . "_LEVEL_C_UP") packet-mark="DSCP_Other" queue=default priority=2
	add name="DSCP_C_D" parent=($TREE . "_LEVEL_C_DOWN") packet-mark="DSCP_Other" queue=default priority=2
	add name="GAMES_DL_U" parent=($TREE . "_LEVEL_C_UP") packet-mark="GAMES_DL" queue=default priority=3
	add name="GAMES_DL_D" parent=($TREE . "_LEVEL_C_DOWN") packet-mark="GAMES_DL" queue=default priority=3
	add name="HTTP_BIG_U" parent=($TREE . "_LEVEL_C_UP") packet-mark="HTTP_BIG" queue=default priority=4
	add name="HTTP_BIG_D" parent=($TREE . "_LEVEL_C_DOWN") packet-mark="HTTP_BIG" queue=default priority=4
	add name="OTHER_U" parent=($TREE . "_LEVEL_C_UP") packet-mark="OTHER" queue=default priority=5
	add name="OTHER_D" parent=($TREE . "_LEVEL_C_DOWN") packet-mark="OTHER" queue=default priority=5