Allied Telesis AT-WR4500 User Manual
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
205
RouterOS v3 Configuration and User Guide
Submenu level: /ip firewall mangle
Standards and Technologies:
Standards and Technologies:
IP
Hardware usage: Increases with count of mangle rules
Related Topics
•
IP Addresses and ARP
•
Routes, Equal Cost Multipath Routing, Policy Routing
•
NAT
•
Filter
•
Packet Flow
9.2.2
Mangle
Submenu level: /ip firewall mangle
Description
Mangle is a kind of 'marker' that marks packets for future processing with special marks. Many other
facilities in RouterOS make use of these marks, e.g. queue trees and NAT. They identify a packet based
on its mark and process it accordingly. The mangle marks exist only within the router, they are not
transmitted across the network.
facilities in RouterOS make use of these marks, e.g. queue trees and NAT. They identify a packet based
on its mark and process it accordingly. The mangle marks exist only within the router, they are not
transmitted across the network.
Property Description
action (accept | add-dst-to-address-list | add-src-to-address-list | change-dscp | change-mss | change-ttl |
jump | log | mark-connection | mark-packet | mark-routing | passthrough | return | set-priority | strip-
ipv4-options; default: accept) - action to undertake if the packet matches the rule
accept - accept the packet. No action, i.e., the packet is passed through and no more rules are applied to
it
add-dst-to-address-list - add destination address of an IP packet to the address list specified by
address-list parameter
add-src-to-address-list - add source address of an IP packet to the address list specified by address-
list parameter
change-dscp - change Differentiated Services Code Point (DSCP) field value specified by the new-dscp
parameter
change-mss - change Maximum Segment Size field value of the packet to a value specified by the new-
mss parameter
change-ttl - change Time to Live field value of the packet to a value specified by the new-ttl parameter
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
mark-connection - place a mark specified by the new-connection-mark parameter on the entire
connection that matches the rule
mark-packet - place a mark specified by the new-packet-mark parameter on a packet that matches
the rule
mark-routing - place a mark specified by the new-routing-mark parameter on a packet. This kind of
marks is used for policy routing purposes only
passthrough - ignore this rule go on to the next one
return - pass control back to the chain from where the jump took place
set-priority - set priority speciefied by the new-priority parameter on the packets sent out through a
link that is capable of transporting priority (VLAN or WMM-enabled wireless interface)
strip-ipv4-options - strip IPv4 option fields from the IP packet
address-list (name) - specify the name of the address list to collect IP addresses from rules having
action=add-dst-to-address-list or action=add-src-to-address-list actions. These address lists could
be later used for packet matching
address-list-timeout (time; default: 00:00:00) - time interval after which the address will be removed
from the address list specified by address-list parameter. Used in conjunction with add-dst-to-
address-list or add-src-to-address-list actions
00:00:00 - leave the address in the address list forever
jump | log | mark-connection | mark-packet | mark-routing | passthrough | return | set-priority | strip-
ipv4-options; default: accept) - action to undertake if the packet matches the rule
accept - accept the packet. No action, i.e., the packet is passed through and no more rules are applied to
it
add-dst-to-address-list - add destination address of an IP packet to the address list specified by
address-list parameter
add-src-to-address-list - add source address of an IP packet to the address list specified by address-
list parameter
change-dscp - change Differentiated Services Code Point (DSCP) field value specified by the new-dscp
parameter
change-mss - change Maximum Segment Size field value of the packet to a value specified by the new-
mss parameter
change-ttl - change Time to Live field value of the packet to a value specified by the new-ttl parameter
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
mark-connection - place a mark specified by the new-connection-mark parameter on the entire
connection that matches the rule
mark-packet - place a mark specified by the new-packet-mark parameter on a packet that matches
the rule
mark-routing - place a mark specified by the new-routing-mark parameter on a packet. This kind of
marks is used for policy routing purposes only
passthrough - ignore this rule go on to the next one
return - pass control back to the chain from where the jump took place
set-priority - set priority speciefied by the new-priority parameter on the packets sent out through a
link that is capable of transporting priority (VLAN or WMM-enabled wireless interface)
strip-ipv4-options - strip IPv4 option fields from the IP packet
address-list (name) - specify the name of the address list to collect IP addresses from rules having
action=add-dst-to-address-list or action=add-src-to-address-list actions. These address lists could
be later used for packet matching
address-list-timeout (time; default: 00:00:00) - time interval after which the address will be removed
from the address list specified by address-list parameter. Used in conjunction with add-dst-to-
address-list or add-src-to-address-list actions
00:00:00 - leave the address in the address list forever