MikroTik RouterOS v2.9 Reference Manual page 467

new-tos ( max-reliability | max-throughput | min-cost | min-delay | normal | integer ) - specify TOS
value to be used in conjunction with action=change-tos
• max-reliability - maximize reliability (ToS=4)
• max-throughput - maximize throughput (ToS=8)
• min-cost - minimize monetary cost (ToS=2)
• min-delay - minimize delay (ToS=16)
• normal - normal service (ToS=0)
new-ttl ( decrement | increment | set | integer ) - specify the new TTL field value used in
conjunction with action=change-ttl
• decrement - the value of the TTL field will be decremented for value
• increment - the value of the TTL field will be incremented for value
• set: - the value of the TTL field will be set to value
nth ( integer | integer : 0 ..15 | integer ) - match a particular Nth packet received by the rule. One of
16 available counters can be used to count packets
• Every - match every Every+1th packet. For example, if Every=1 then the rule matches every
2nd packet
• Counter - specifies which counter to use. A counter increments each time the rule containing
nth match matches
• Packet - match on the given packet number. The value by obvious reasons must be between 0
and Every. If this option is used for a given counter, then there must be at least Every+1 rules
with this option, covering all values between 0 and Every inclusively.
out-interface ( name ) - match the interface name a packet left the router through
p2p ( all-p2p | bit-torrent | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez | winmx )
- match packets belonging to connections of the above P2P protocols
packet-mark ( name ) - match the packets marked in mangle with specific packet mark
packet-size ( integer : 0 ..65535 | integer : 0 ..65535 ) - matches packet of the specified size or size
range in bytes
• Min - specifies lower boundary of the size range or a standalone value
• Max - specifies upper boundary of the size range
passthrough ( yes | no ; default: yes ) - whether to let the packet to pass further (like action
passthrough) after marking it with a given mark (property only valid if action is mark packet,
connection or routing mark)
phys-in-interface ( name ) - matches the bridge port physical input device added to a bridge
device. It is only useful if the packet has arrived through the bridge
protocol ( ddp | egp | encap | ggp | gre | hmp | icmp | idrp-cmtp | igmp | ipencap | ipip | ipsec-ah |
ipsec-esp | iso-tp4 | ospf | pup | rdp | rspf | st | tcp | udp | vmtp | xns-idp | xtp | integer ) - matches
particular IP protocol specified by protocol name or number. You should specify this setting if you
want to specify ports
psd ( integer | time | integer | integer ) - attempts to detect TCP and UDP scans. It is advised to
assign lower weight to ports with high numbers to reduce the frequency of false positives, such as
from passive mode FTP transfers
• WeightThreshold - total weight of the latest TCP/UDP packets with different destination ports
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 453 of 695