add action=mark-packet chain=prerouting comment=100bao_p2p disabled=no in-interface=global layer7-protocol=100bao new-packet-mark=100bao_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=100bao new-packet-mark=100bao_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="aim mesenger" disabled=no in-interface=global layer7-protocol=aim new-packet-mark=aim_mesanger_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=aim new-packet-mark=aim_mesanger_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=aim_messenger_web disabled=no in-interface=global layer7-protocol=aimwebcontent new-packet-mark=aim_mesenger_web_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=aimwebcontent new-packet-mark=aim_mesenger_web_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=applejuice_p2p disabled=no in-interface=global layer7-protocol=applejuice new-packet-mark=applejuice_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=applejuice new-packet-mark=applejuice_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=ares_p2p disabled=no in-interface=global layer7-protocol=ares new-packet-mark=ares_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ares new-packet-mark=ares_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=bgp_routing disabled=no in-interface=global layer7-protocol=bgp new-packet-mark=bgp_routing_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=bgp new-packet-mark=bgp_routing_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=bittorent_p2p disabled=no in-interface=global layer7-protocol=bittorrent new-packet-mark=bittorent_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=bittorrent new-packet-mark=bittorent_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=dhcp disabled=no in-interface=global layer7-protocol=dhcp new-packet-mark=dhcp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=dhcp new-packet-mark=dhcp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Direct Connect - P2P filesharing " disabled=no in-interface=global layer7-protocol=directconnect new-packet-mark=DC_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=directconnect new-packet-mark=DC_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="DNS - Domain Name System " disabled=no in-interface=global layer7-protocol=dns new-packet-mark=DNS_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=dns new-packet-mark=DNS_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="eDonkey2000 - P2P filesharing " disabled=no in-interface=global layer7-protocol=edonkey new-packet-mark=edonkey_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=edonkey new-packet-mark=edonkey_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)" disabled=no in-interface=global layer7-protocol=fasttrack new-packet-mark=fasttrack_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=fasttrack new-packet-mark=fasttrack_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="FTP - File Transfer Protocol " disabled=no in-interface=global layer7-protocol=ftp new-packet-mark=ftp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ftp new-packet-mark=ftp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="GnucleusLAN - LAN-only P2P " disabled=no in-interface=global layer7-protocol=gnucleuslan new-packet-mark=gnu_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=gnucleuslan new-packet-mark=gnu_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Gnutella - P2P filesharing" disabled=no in-interface=global layer7-protocol=gnutella new-packet-mark=gnutella_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=gnutella new-packet-mark=gnutella_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="GoBoogy - a Korean P2P protocol" disabled=no in-interface=global layer7-protocol=goboogy new-packet-mark=gobogy_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=goboogy new-packet-mark=gobogy_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="H.323 - Voice over IP" disabled=no in-interface=global layer7-protocol=h323 new-packet-mark=h323_voiceoverip_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=h323 new-packet-mark=h323_voiceoverip_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="RTSP tunneled within HTTP" disabled=no in-interface=global layer7-protocol=http-rtsp new-packet-mark=httprtsp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=http-rtsp new-packet-mark=httprtsp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="www HyperText Transfer Protocol " disabled=no in-interface=global layer7-protocol=http new-packet-mark=http_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=http new-packet-mark=http_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Ident - Identification Protocol - RFC 1413" disabled=no in-interface=global layer7-protocol=ident new-packet-mark=ident_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ident new-packet-mark=ident_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="IMAP - Internet Message Access Protocol (A common e-mail protocol)" disabled=no in-interface=global layer7-protocol=imap new-packet-mark=imap_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=imap new-packet-mark=imap_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="iMesh - the native protocol of iMesh, a P2P application " disabled=no in-interface=global layer7-protocol=imesh new-packet-mark=imesh_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=imesh new-packet-mark=imesh_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="IRC - Internet Relay Chat" disabled=no in-interface=global layer7-protocol=irc new-packet-mark=irc_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=irc new-packet-mark=irc_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="KuGoo - a Chinese P2P program " disabled=no in-interface=global layer7-protocol=kugoo new-packet-mark=koogo_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=kugoo new-packet-mark=koogo_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="MSN (Micosoft Network) Messenger file transfers " disabled=no in-interface=global layer7-protocol=msn-filetransfer new-packet-mark=msnfile_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=msn-filetransfer new-packet-mark=msnfile_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="MSN Messenger " disabled=no in-interface=global layer7-protocol=msnmessenger new-packet-mark=msn_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=msnmessenger new-packet-mark=msn_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="MUTE - P2P filesharing " disabled=no in-interface=global layer7-protocol=mute new-packet-mark=mute_p2p_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=mute new-packet-mark=mute_p2p_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Napster - P2P filesharing" disabled=no in-interface=global layer7-protocol=napster new-packet-mark=napster_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=napster new-packet-mark=napster_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="NetBIOS - Network Basic Input Output System" disabled=no in-interface=global layer7-protocol=netbios new-packet-mark=netbios_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=netbios new-packet-mark=netbios_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="NNTP - Network News Transfer Protocol " disabled=no in-interface=global layer7-protocol=nntp new-packet-mark=nntp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=nntp new-packet-mark=nntp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SNTP - (Simple) Network Time Protocol " disabled=no in-interface=global layer7-protocol=ntp new-packet-mark=ntp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ntp new-packet-mark=ntp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Remote Administrator - remote desktop for MS Windows" disabled=no in-interface=global layer7-protocol=radmin new-packet-mark=radmin_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=radmin new-packet-mark=radmin_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Remote Desktop Protocol (used in Windows Terminal Services)" disabled=no in-interface=global layer7-protocol=rdp new-packet-mark=rdp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=rdp new-packet-mark=rdp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="RTSP - Real Time Streaming Protocol " disabled=no in-interface=global layer7-protocol=rtsp new-packet-mark=rtsp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=rtsp new-packet-mark=rtsp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SIP - Session Initiation Protocol - Internet telephony " disabled=no in-interface=global layer7-protocol=sip new-packet-mark=sip_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=sip new-packet-mark=sip_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Skype to phone - UDP voice call " disabled=no in-interface=global layer7-protocol=skypeout new-packet-mark=skypeout_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=skypeout new-packet-mark=skypeout_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Skype to Skype - UDP voice call " disabled=no in-interface=global layer7-protocol=skypetoskype new-packet-mark=skype2skype_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=skypetoskype new-packet-mark=skype2skype_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="POP3 - Post Office Protocol version 3" disabled=no in-interface=global layer7-protocol=pop3 new-packet-mark=pop3_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=pop3 new-packet-mark=pop3_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SMTP - Simple Mail Transfer Protocol " disabled=no in-interface=global layer7-protocol=smtp new-packet-mark=smtp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=smtp new-packet-mark=smtp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SNMP - Simple Network Management Protocol " disabled=no in-interface=global layer7-protocol=snmp new-packet-mark=snmp_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=snmp new-packet-mark=snmp_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="Soulseek - P2P filesharing " disabled=no in-interface=global layer7-protocol=soulseek new-packet-mark=soulsek_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=soulseek new-packet-mark=soulsek_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SSH - Secure SHell" disabled=no in-interface=global layer7-protocol=ssh new-packet-mark=ssh_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ssh new-packet-mark=ssh_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="SSL and TLS - Secure Socket Layer / Transport Layer Security " disabled=no in-interface=global layer7-protocol=ssl new-packet-mark=ssl_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=ssl new-packet-mark=ssl_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment=vnc disabled=no in-interface=global layer7-protocol=vnc new-packet-mark=vnc_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=vnc new-packet-mark=vnc_out out-interface=global passthrough=yes

add action=mark-packet chain=prerouting comment="TeamSpeak - VoIP application " disabled=no in-interface=global layer7-protocol=teamspeak new-packet-mark=teamspeak_in passthrough=yes

add action=mark-packet chain=postrouting comment="" disabled=no layer7-protocol=teamspeak new-packet-mark=teamspeak_out out-interface=global passthrough=yes