脚本如下：

添加地址列表，多个网段添加一行

 /ip firewall address-list
 add address=192.168.1.0/24 disabled=no list=lan
 add address=192.168.2.0/24 disabled=no list=lan

添加L7识别视频和下载用户

 /ip firewall layer7-protocol
 add name=Tencent_qq regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
 05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
 0B/x7D/x98/x38/xE4.+"
 add name=Tencent_qqgame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
 \\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
 x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
 add name=PPStream regexp="^.\?.\?\\c.+\\c"
 add name=QQMusic regexp=\
 "(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
 add name=QQLive regexp="(^get.+\\video.\?\\qq.+\\flv|^\\xFE.\?.\?.\?.\?\\xD3|^\
 get.+\\video.\?\\qq.+\\mp4)"
 add name=Kugou regexp=\
 "(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
 add name=Http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
 nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
 .[019]"
 add name=Http-img regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
 add name=Http-web regexp=\
 "\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
 add name=NetTV regexp=\
 "^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
 add name=File regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z|\\.gho|\\.pdf\
 |\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
 add name=QQsp regexp="(^\\x03.\?\\xE1\\x8D|^\\x02\\x02|^\\x04\\x1E)"
 add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
 0-9][\\x01-\?a-z]*[\\x02-\\x06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\\\
 x01-\\x10\\x1c][\\x01\\x03\\x04\\xFF]"
 add name=Http-jpg regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"

注：写入源地址列表(服务器不计算在内的话，用“！”排除即可)

/ip firewall filter
 #排除服务器计数
 add action=add-src-to-address-list address-list=icafe address-list-timeout=2m \
 chain=forward comment="[\CD\B3\BC\C6\B7\FE\CE\F1\C6\F7]" disabled=no \
 src-address=192.168.1.39-192.168.1.64
 #引用list:lan,排除服务器
 add action=add-src-to-address-list address-list=wks address-list-timeout=2m \
 chain=forward comment="[\CD\B3\BC\C6\BF\CD\BB\A7\BB\FA]" disabled=no \
 src-address=!192.168.1.39-192.168.1.64 src-address-list=lan

add action=add-src-to-address-list address-list=NetTV address-list-timeout=5m \
 chain=forward comment="[\CD\B3\BC\C6\D4\DA\CF\DF\CA\D3\C6\B5]" disabled=\
 no layer7-protocol=NetTV src-address-list=wks
 add action=add-src-to-address-list address-list=Flies address-list-timeout=5m \
 chain=forward comment="[\CD\B3\BC\C6\BF\CD\BB\A7\BB\FA\CF\C2\D4\D8]" \
 disabled=no layer7-protocol=File src-address-list=wks

#周期写入log
 /system scheduler
 add comment="\D4\DA\CF\DF\C8\CB\CA\FD\D0\C5\CF\A2\D0\B4log" disabled=no \
 interval=1m name=tongji on-event=tongji policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 start-date=dec/16/2012 start-time=01:07:12

/system script
 add name=tongji policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
 source=":global prince [:len [/ip firewall address-list find list=(\"wks\"\
 )]]\r\
 \n:log warning (\"\B5\B1\C7\B0\D7\DC\B9\B2\".\"\$prince\".\"\CC\A8\BB\FA\
 \C6\F7\D4\DA\CF\DF\")\r\
 \n:global prince [:len [/ip firewall address-list find list=(\"NetTV\")]]\
 \r\
 \n:log warning (\"\D3\D0\".\"\$prince\".\"\CC\A8\B9\DB\BF\B4\D4\DA\CF\DF\
 \CA\D3\C6\B5\")\r\
 \n:global prince [:len [/ip firewall address-list find list=(\"Flies\")]]\
 \r\
 \n:log warning (\"\D3\D0\".\"\$prince\".\"\CC\A8\D4\DA\CF\C2\D4\D8\CE\C4\
 \BC\FE\")\r\
 \n:global prince [:len [/ip firewall address-list find list=(\"wks\")]]\r\
 \n:log warning (\"=========================\")"