halo suhu2 fyi... saya mau minta tolong review dan koreksinya suhu2 semua.
saya membuat mangle hotspot mikrotik saya untuk bw management nya.

cuma kadang2 saya bingung harus memakai chain apa untuk koneksi browsing, download, upload, dan p2p.

berikut adalah print rule yg udah saya bikin:
ini print filter nya
[admin@MikroTik] > ip firewall filter print detail
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; default configuration
chain=input action=accept protocol=icmp

2 ;;; default configuration
chain=input action=accept connection-state=established
in-interface=ether1

3 ;;; default configuration
chain=input action=accept connection-state=related in-interface=ether1

4 ;;; default configuration
chain=input action=drop protocol=icmp in-interface=pppoe-speedy

5 chain=input action=drop protocol=tcp in-interface=pppoe-speedy
dst-port=8291 src-mac-address=!00:A0Click here to enlarge5:FF:FF:A9

6 chain=hs-input action=add-src-to-address-list protocol=icmp
address-list=kos address-list-timeout=5m

7 chain=input action=drop connection-state=invalid in-interface=pppoe-speed>

8 ;;; Drop Other Proxy
chain=forward action=drop protocol=tcp in-interface=ether2-local-hotspot
src-port=8080

9 X chain=forward action=drop p2p=all-p2p protocol=tcp
src-address=192.168.88.0/24 in-interface=ether2-local-hotspot
dst-port=6881-6999
ini print nat nya
[admin@MikroTik] > ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; default configuration
chain=srcnat action=masquerade out-interface=pppoe-speedy

2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.88.0/24
ini print mangle nya
[admin@MikroTik] > ip firewall mangle print detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=change-mss new-mss=1300 tcp-flags=syn protocol=tcp
out-interface=pppoe-speedy

1 ;;; P2P
chain=forward action=mark-connection new-connection-mark=p2p_conn
passthrough=yes p2p=all-p2p protocol=tcp src-port=!80

2 chain=forward action=mark-packet new-packet-mark=p2p passthrough=no
connection-mark=p2p_conn

3 ;;; Other
chain=forward action=mark-packet new-packet-mark=other passthrough=yes
connection-mark=!p2p_conn

4 ;;; Browsing
chain=postrouting action=mark-connection new-connection-mark=browsing
passthrough=yes protocol=tcp dst-address=192.168.88.0/24
out-interface=ether2-local-hotspot src-port=!8291 port=80
packet-mark=!p2p connection-bytes=0-700000

5 chain=postrouting action=mark-packet new-packet-mark=http-pkt
passthrough=no connection-mark=browsing

6 ;;; Downlink
chain=forward action=mark-connection new-connection-mark=downlink
passthrough=yes protocol=tcp dst-address=192.168.88.0/24
in-interface=pppoe-speedy out-interface=ether2-local-hotspot
connection-mark=!p2p_conn,browsing connection-bytes=700000-0

7 chain=postrouting action=mark-packet new-packet-mark=group1-in
passthrough=no connection-mark=downlink

8 ;;; Uplink
chain=prerouting action=mark-packet new-packet-mark=group1-out
passthrough=no protocol=tcp src-address=192.168.88.0/24
in-interface=ether2-local-hotspot dst-port=!8291
connection-mark=!p2p_conn
ini print queue tree nya
[admin@MikroTik] > queue tree print detail
Flags: X - disabled, I - invalid
0 name="Hotspot-Total-Download" parent=global-out packet-mark=other
limit-at=0 priority=1 max-limit=1100k burst-limit=0 burst-threshold=0
burst-time=0s

1 name="Browsing" parent=Hotspot-Total-Download packet-mark=http-pkt
limit-at=256k queue=http priority=1 max-limit=512k burst-limit=1M
burst-threshold=384k burst-time=20s

2 name="Group1_Total-Upload" parent=global-in packet-mark=group1-out
limit-at=64 queue=upload priority=8 max-limit=310k burst-limit=0
burst-threshold=0 burst-time=0s

3 name="Download" parent=Hotspot-Total-Download packet-mark=group1-in
limit-at=0 queue=download priority=3 max-limit=384k burst-limit=768k
burst-threshold=256k burst-time=20s

4 name="P2P" parent=global-total packet-mark=p2p limit-at=0 queue=download
priority=8 max-limit=128k burst-limit=512k burst-threshold=128k
burst-time=12s
terima kasih atas respon dari suhu2 semua...

Click here to enlargeClick here to enlarge