I need to make script for speed limit for web server users.
What I done till now:
Make all nat from wan to web server.
Make web server queue (IP=192.168.11.100)
Code: Select all
/queue simple
add burst-time=10s/10s limit-at=100M/100M max-limit=1G/1G name=debian-server \
priority=3/3 queue=ethernet-default/ethernet-default target=\
192.168.11.100/32 total-priority=3
This works fine.
Code: Select all
/ip firewall layer7-protocol
add name=ssl regexp=\
"^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"
/ip firewall mangle
add action=add-dst-to-address-list address-list=web-server-visitors \
address-list-timeout=1h chain=postrouting comment=\
"web-server-visitors IP add to adress-list " dst-address-list=\
!our-network layer7-protocol=ssl src-address=192.168.11.100
add action=add-dst-to-address-list address-list=web-server-visitors \
address-list-timeout=1h chain=postrouting comment=\
"web-server-visitors IP add to adress-list " dst-address-list=\
!our-network protocol=tcp src-address=192.168.11.100 src-port=443
This looks like this:
Code: Select all
/queue simple add dst=95.168.105.24/32 max-limit=10M/10M name=queue parent=debian-server \
queue=ethernet-default/ethernet-default target=192.168.11.100/32
Now im try to make script which will first remove current users (old users) and add all new user as child queue .
So first line is ok and looks like this:
Code: Select all
/queue simple remove [ find where parent="debian-server" ]
I was try somethig like this but it not working:
Code: Select all
/queue simple add dst={ /ip firewall address-list :foreach x in=[find where="web-server-visitors"] } max-limit=10M/10M name=queue parent=debian-server queue=ethernet-default/ethernet-default target=192.168.11.100/32
edit: Im using v6.49.10 on hex (mmips)