How to properly configure a firewall on Mikrotik to block resources?

V

Vitaly2017-03-14 17:16:48

Computer networks

Vitaly, 2017-03-14 17:16:48

All the best!
I'm trying to block everything except some resources with the help of Mikrotik, I do it through layer 7 , here's my regular expression: ^.+(mail.google.com|whatsapp|viber).*$ which I called allowed_list , and then in the firewall:

add action=drop chain=forward layer7-protocol=!allowed_list src-address=192.168.88.0/24

And here I don’t quite understand how to make Whatsapp and Viber work correctly .... The fact is that Whatsapp and Viber work on my phone, but here is the voice (only on Whatsapp) and photo (Whatsapp and Viber) don't work :(
Also tried to block all ports except certain ones:
TCP
4244,5222,5223,5228,5242,4244,8700,808,60377,60370,60377,60309,60378,60407,60401
UDP
5243,9785,7985,8700 ,8081,49658,54578,50813,64680,5223,5228,4244,5242,5222
But not like....

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

cssman, 2017-03-14
@cssman

look at the network dump, what is locked and needs to be resolved. video, audio is almost always just udp.
Google says that these voices in Votsap go more often at 59437 - 59581, but they can also be wider at 40283-59581

G

Gregory, 2017-03-15
@Maxlinus

Starting from 6.36, you can enter domain names (for example, mail.ru) into the list address and it will determine their ip by itself.
Add the sites you need to the firewoll > addres list and create the right block for everything except these address sheets