this may sound too easy for some but its not something i can figure out.
lets say i want to block
windowsupdate.com
or download.windowsupdate.com
or phobos.apple.com
the problem is these sites dont have one ip address. most have 10 or even more and theres no way to figure them all out to drop traffic from one or two ips.
please advise.
if there’s specific ip address for a subdomain, then you can block the IP address from layer 3 filter rules. but if not you could use regular expressions and layer 7 protocols to mark that specific packets and then drop theme from firewall rules.
i tried to mark packets and apply a queue using mangle and content on “au.download.windowsupdate.com” and the mangle rule had hits but it didnt work.
example sites:
ardownload.adobe.com
a1410.phobos.apple.com
au.download.windowsupdate.com
swcdn.apple.com
a474.phobos.apple.com
wl.dlservice.microsoft.com
as you can see from above phobos.apple.com has two links above. and more and more.
my users are literally ignorant. they dont know even basic computer knowledge. and because i set speed limits for their internet access they will complain their connection is slow. little do they know that their computer is running an update in the background sucking the speed thats allowed to them.
Maybe try to use proxy. I’m doing that, and it works
You can do it with DNS also if you have your own (or Mikrotik).