Hello everbody an happy new year!
I need to make script for speed limit for web server users.
What I done till now:
Make all nat from wan to web server.
Make web server queue (IP=192.168.11.100)Make detect web server visitors and add them IP to list web-server-visitors
This works fine.Then I make torch on simple queue for my web server an manualy add heavy users to child queue:
This looks like this:and is working fine.
Now im try to make script which will first remove current users (old users) and add all new user as child queue .
So first line is ok and looks like this:Well I dont know how to make rest of nedeed part where script add user from my list web-server-visitors.
I was try somethig like this but it not working:Any help is welcome. Thanks.
I need to make script for speed limit for web server users.
What I done till now:
Make all nat from wan to web server.
Make web server queue (IP=192.168.11.100)
Code:
/queue simpleadd burst-time=10s/10s limit-at=100M/100M max-limit=1G/1G name=debian-server \ priority=3/3 queue=ethernet-default/ethernet-default target=\ 192.168.11.100/32 total-priority=3This works fine.
Code:
/ip firewall layer7-protocoladd name=ssl regexp=\ "^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"/ip firewall mangleadd action=add-dst-to-address-list address-list=web-server-visitors \ address-list-timeout=1h chain=postrouting comment=\ "web-server-visitors IP add to adress-list " dst-address-list=\ !our-network layer7-protocol=ssl src-address=192.168.11.100add action=add-dst-to-address-list address-list=web-server-visitors \ address-list-timeout=1h chain=postrouting comment=\ "web-server-visitors IP add to adress-list " dst-address-list=\ !our-network protocol=tcp src-address=192.168.11.100 src-port=443 This looks like this:
Code:
/queue simple add dst=95.168.105.24/32 max-limit=10M/10M name=queue parent=debian-server \ queue=ethernet-default/ethernet-default target=192.168.11.100/32Now im try to make script which will first remove current users (old users) and add all new user as child queue .
So first line is ok and looks like this:
Code:
/queue simple remove [ find where parent="debian-server" ]I was try somethig like this but it not working:
Code:
/queue simple add dst={ /ip firewall address-list :foreach x in=[find where="web-server-visitors"] } max-limit=10M/10M name=queue parent=debian-server queue=ethernet-default/ethernet-default target=192.168.11.100/32Statistics: Posted by bax2 — Thu Jan 04, 2024 2:44 pm