AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

205

RouterOS v3 Configuration and User Guide

 

 

 

Submenu level: /ip firewall mangle

Standards and Technologies: IP

Hardware usage: Increases with count of mangle rules

RelatedTopics

IP Addresses and ARP

Routes, Equal Cost Multipath Routing, Policy Routing

NAT

Filter

Packet Flow

9.2.2 Mangle

Submenu level: /ip firewall mangle

Description

Mangle is a kind of 'marker' that marks packets for future processing with special marks. Many other facilities in RouterOS make use of these marks, e.g. queue trees and NAT. They identify a packet based on its mark and process it accordingly. The mangle marks exist only within the router, they are not transmitted across the network.

Property Description

action (accept add-dst-to-address-list add-src-to-address-list change-dscp change-mss change-ttl jump log mark-connection mark-packet mark-routing passthrough return set-priority strip- ipv4-options; default: accept) - action to undertake if the packet matches the rule

accept - accept the packet. No action, i.e., the packet is passed through and no more rules are applied to it

add-dst-to-address-list- add destination address of an IP packet to the address list specified by address-listparameter

add-src-to-address-list- add source address of an IP packet to the address list specified by address- list parameter

change-dscp- change Differentiated Services Code Point (DSCP) field value specified by the new-dscpparameter

change-mss- change Maximum Segment Size field value of the packet to a value specified by the new- mss parameter

change-ttl- change Time to Live field value of the packet to a value specified by the new-ttlparameter jump - jump to the chain specified by the value of the jump-targetparameter

log - each match with this action will add a message to the system log

mark-connection- place a mark specified by the new-connection-markparameter on the entire connection that matches the rule

mark-packet- place a mark specified by the new-packet-markparameter on a packet that matches the rule

mark-routing- place a mark specified by the new-routing-markparameter on a packet. This kind of marks is used for policy routing purposes only

passthrough - ignore this rule go on to the next one

return - pass control back to the chain from where the jump took place

set-priority- set priority speciefied by the new-priorityparameter on the packets sent out through a link that is capable of transporting priority (VLAN or WMM-enabled wireless interface) strip-ipv4-options- strip IPv4 option fields from the IP packet

address-list(name) - specify the name of the address list to collect IP addresses from rules having action=add-dst-to-address-listor action=add-src-to-address-listactions. These address lists could be later used for packet matching

address-list-timeout(time; default: 00:00:00) - time interval after which the address will be removed from the address list specified by address-listparameter. Used in conjunction with add-dst-to-address-listor add-src-to-address-listactions

00:00:00 - leave the address in the address list forever

Page 204 Page 206
Page 205
Image 205
Allied Telesis AT-WR4500 manual Mangle, Submenu level /ip firewall mangle, Filter Packet Flow
Page 204 Page 206
Top Page Image Contents