How to limit p2p traffic, using masquerading and PCQ
Example
Let us consider a situation where the limited network is 192.168.0.0/24. We
will limit the p2p download traffic to 256kbit/s and upload to 128kbit/s
The 192.168.0.0/24 network has to be masquaraded in order to get public
access (it will use the address 10.0.0.217). To do so, we will masquerade this
network.
[admin@MikroTik] ip firewall src-nat> add src-address=192.168.0.0/24
... action=masquerade
[admin@MikroTik] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=192.168.0.0/24 action=masquerade
[admin@MikroTik] ip firewall src-nat>
Then we have to mark download and upload traffic. To do so with masqueraded
traffic, let's add 2 mangle rules - the first one stands for marking the p2p
connection with the mark p2p_con which is comming from the local network
(192.168.0.0/24) , the second one will mark all packets whithin this
connection with mark p2p_limit, which will be used for limiting the
upload and download traffic. [admin@MikroTik] ip firewall mangle>
add src-address=192.168.0.0/24 p2p=all-p2p
... mark-connection=p2p_con action=passthrough
[admin@MikroTik] ip firewall mangle>
add connection=p2p_con action=accept mark-flow=p2p_limit
[admin@MikroTik] ip firewall mangle>
Next, we will make two PCQ types - one for download (pcq-download), and one
for upload (pcq-upload). [admin@MikroTik] queue type> add kind=pcq name=pcq-download
... pcq-rate=256000 pcq-classifier=dst-address
[admin@MikroTik] queue type> add kind=pcq name=pcq-upload
... pcq-rate=128000 pcq-classifier=src-address
[admin@MikroTik] queue type> print
0 name="default" kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier
1 name="ethernet-default" kind=pfifo bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20
sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier
2 name="wireless-default" kind=sfq bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20
sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier
3 name="synchronous-default" kind=red bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20
sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier
4 name="pcq-download" kind=pcq bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address
5 name="pcq-upload" kind=pcq bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address
[admin@MikroTik] queue type>
And finally, add the queue rules. [admin@MikroTik] queue tree> add name=down parent=Local
... flow=p2p_limit queue=pcq-download
[admin@MikroTik] queue tree> add name=up parent=Public
... flow=p2p_limit queue=pcq-upload
[admin@MikroTik] queue tree> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="down" parent=Local flow=p2p_limit limit-at=0
queue=pcq-download priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0
1 name="up" parent=Public flow=p2p_limit limit-at=0 queue=pcq-upload
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
[admin@MikroTik] queue tree> | 
Access Points
