S
S
squidw2017-04-20 21:48:15
Computer networks
squidw, 2017-04-20 21:48:15

How to use protocol layer 7 on mikrotik?

The organization needs to block access to social networks. I didn't learn how to use Google yesterday. The nets are full of information copied from each other, ala:
/ip firewall layer7-protocol
add name=social regexp="^.+(vk.com|vkontakte|odnoklassniki|odnoklasniki|facebook|fall-in-love|loveplanet|my. mail.ru).*\$"
then
/ip firewall filter
add action=drop chain=forward comment="Block_social" layer7-protocol=social src-address-list=CU_BLOCK_SOCIAL
Firewall mikrotik default settings out of the box. I raise the rule that is set for PL7 to the very top, there is only one rule above it, which for some reason I cannot lower below (the error couldn't move firewall rule <> -cannot move builtin (6)). The rule itself Chain=forward action= passthrouth
No matter how much I tried to set up PL7, it doesn’t work, as if I didn’t add anything, the added rules don’t work out. I tried from the first 5 sites that Google issued to apply the described, it hardly differs everywhere, but the essence is the same everywhere.
I'm not very strong in Mikrotik, so I took from what I found on the net.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
G
Gennady, 2017-04-27
@genana40

You will not be able to block https traffic for you. Only IP addresses can be blocked. There is a script on the Internet that collects the ip addresses of social networks (there are many of them, each social network has them) and adds them to the adresslist, and then you already block by ip

P
Pavkhv, 2017-05-12
@Pavkhv

what about blocking at the local DNS level with a redirect, for example, to 127.0.0.1 ?

T
tala4ka tala4ka, 2017-10-02
@tala4ka

(((https?://)?(www\.)?facebook\.com/))?(.*/)?([a-zA-Z0-9.]*)($|\?.* )

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question