2 mangle – Allied Telesis AT-WR4500 User Manual

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

205

RouterOS v3 Configuration and User Guide

Submenu level: /ip firewall mangle
Standards and Technologies:

IP

Hardware usage: Increases with count of mangle rules

Related Topics

•

IP Addresses and ARP

•

Routes, Equal Cost Multipath Routing, Policy Routing

•

NAT

•

Filter

•

Packet Flow

9.2.2

Mangle

Submenu level: /ip firewall mangle

Description

Mangle is a kind of 'marker' that marks packets for future processing with special marks. Many other
facilities in RouterOS make use of these marks, e.g. queue trees and NAT. They identify a packet based
on its mark and process it accordingly. The mangle marks exist only within the router, they are not
transmitted across the network.

Property Description

action (accept | add-dst-to-address-list | add-src-to-address-list | change-dscp | change-mss | change-ttl |
jump | log | mark-connection | mark-packet | mark-routing | passthrough | return | set-priority | strip-
ipv4-options; default: accept) - action to undertake if the packet matches the rule
accept - accept the packet. No action, i.e., the packet is passed through and no more rules are applied to
it
add-dst-to-address-list - add destination address of an IP packet to the address list specified by
address-list parameter
add-src-to-address-list - add source address of an IP packet to the address list specified by address-
list parameter
change-dscp - change Differentiated Services Code Point (DSCP) field value specified by the new-dscp
parameter
change-mss - change Maximum Segment Size field value of the packet to a value specified by the new-
mss parameter
change-ttl - change Time to Live field value of the packet to a value specified by the new-ttl parameter
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
mark-connection - place a mark specified by the new-connection-mark parameter on the entire
connection that matches the rule
mark-packet - place a mark specified by the new-packet-mark parameter on a packet that matches
the rule
mark-routing - place a mark specified by the new-routing-mark parameter on a packet. This kind of
marks is used for policy routing purposes only
passthrough - ignore this rule go on to the next one
return - pass control back to the chain from where the jump took place
set-priority - set priority speciefied by the new-priority parameter on the packets sent out through a
link that is capable of transporting priority (VLAN or WMM-enabled wireless interface)
strip-ipv4-options - strip IPv4 option fields from the IP packet
address-list (name) - specify the name of the address list to collect IP addresses from rules having
action=add-dst-to-address-list or action=add-src-to-address-list actions. These address lists could
be later used for packet matching
address-list-timeout (time; default: 00:00:00) - time interval after which the address will be removed
from the address list specified by address-list parameter. Used in conjunction with add-dst-to-
address-list or add-src-to-address-list actions
00:00:00 - leave the address in the address list forever