This works:
\x08facebook\x03com
but this doesn't
\x08twitter\x03com
Ideally I would like to match either or so:
\x08(facebook|twitter)\x03com
This works
Code: Select all
/ip firewall layer7-protocol
add name=activedirectory regexp="\\x08facebook\\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=activedirectory new-packet-mark=activedirectory passthrough=yes protocol=udp
/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=activedirectory protocol=udp to-addresses=10.0.40.1 to-ports=53
Code: Select all
/ip firewall layer7-protocol
add name=dns regexp="\\x08twitter\\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=dns new-packet-mark=dns passthrough=yes protocol=udp
/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=dns protocol=udp to-addresses=10.0.40.1 to-ports=53
PS: I got the idea from
http://brainsuckerna.blogspot.com/2010/ ... ctive.html
I am trying to do the same but matching for multiple domains.