Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
akelsey2015-11-11 23:05:38
Mikrotik
akelsey, 2015-11-11 23:05:38

Mikrotik: Is routing based on layer-7 possible?

I'll make a reservation right away, it's not worth suggesting routing by "Address List", it already works, but I want comfort.
Let me explain, I want to put in layer-7 a list of regular expressions fqdn resources on the Internet that are carefully blocked by my provider by order of you know who, and so that the packets themselves go into the tunnel based on this.
If anyone has implemented it, please share, of course I have vague doubts and I can admit that what was conceived is not feasible, but this, due to the lack of the necessary knowledge, can neither be proved nor refuted.
PS
In extreme cases, there is an idea about the workaround, in the same VPN server, resolve all possible IPs belonging to the list of hosts and take them to Mikrotik in the Address List automatically. But I would like to do everything on Mikrotik, without unnecessary gestures.
Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
L
LESHIY_ODESSA, 2015-11-11
@LESHIY_ODESSA

Yes possible - Manual:IP/Firewall/L7 - MikroTik Wiki
Windows telemetry blocking example:

/ip firewall layer7-protocol
add name="Windows Telemetry" regexp="^.+(data.microsoft.com|telemetry.microsoft.com).*\$"
/ip firewall filter
add action=reject chain=forward comment="Layer7 Protocol WINDOWS Telemetry" in-interface=bridge layer7-protocol="Windows Telemetry" protocol=tcp reject-with=tcp-reset
add action=reject chain=forward layer7-protocol="Windows Telemetry" out-interface=bridge protocol=tcp reject-with=tcp-reset

How to Block torrent 100 %
How to Block torrent 100%? Only 2 lines. It is solved.

Report
A
akelsey, 2015-11-11
@akelsey

Looks like I found an approximate answer to my question here. Knowledge is really not enough, I'll try to search and experiment.

Report
F
Fess, 2015-11-12
@Fess

  • There are already more than 16k urls in the block list.
    I suggest you consider another option for routing closed resources.
    For example, resolve the ip of all hosts, combine them into subnets and import these subnets for routing in Mikrotik.
    The router has ftp, so you can take the complex logic out of it and upload the resulting file to the router for cron feeding.
    You don't need routing of one page like ya.ru/1.html through VPN and ya.ru/2.html through your ISP? This would be incredibly wasteful in terms of CPU resources.

Similar questions
D
DEXPE2021-12-22 09:24:40
How to collect logs from mikrotik in loki grafana (zabbix)? 1Reply
A
ALLIGATOR2020-09-04 09:45:09
How to configure Mikrotik so that the following requirements are met? 2Reply
B
brar2016-05-27 19:54:24
Is the gateway on a different subnet unreachable for tagged traffic? 2Reply
G
gadzhikuliev2020-09-07 17:44:24
MikroTik: how to specify two peers for networks transmitted in an IPSec tunnel? 2Reply
A
Alex Bond2020-09-09 16:38:05
How to connect to mikrotik CLI session? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question