Mikrotik – RouterOS Disable FastTrack To Limit Bandwidth

You can read more about FastTrack from the Mikrotik Wiki on FastTrack. The function has it’s advantages by increasing throughout and reducing CPU load. However I wanted to limit bandwidth to clients and FastTrack had to be disabled in order to limit.

From the RouterOS command line move to /ip firewall filter and issue the print command to view all available rules. Rule 4 has what we are looking for which is fasttrack depending on previous changes made to your rules the placement maybe different resulting in a completely different number.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4    ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

Now issue the disable command along with the rule number you wish to disable. Alternatively the rule can be removed completely with the command remove but I rather preserve it in case I needed at a later time.

[admin@HM-R] /ip firewall filter> disable numbers=4

Rule 4 is now disabled as indicated by the capital XI in front of the rule.

[admin@HM-R] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix=""

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""

 4 XI  ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix=""

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

 7    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no
      log-prefix=""

With Fasttrack disabled I can add my 20/20 Megabit symmetrical limit.

[admin@HM-R] /queue simple> add max-limit=20M/20M name=client-arq target=192.168.200.2/32