block yahoo messenger

amsteen · April 14, 2009, 8:27am

Dear Sir’s

I can block msn messenger from fire wall, but I try that for yahoo messenger
With ports 5050,5000-5010,5001 but I fail.
I am using MK ver 3.
Please help me to block yahoo messenger from firewall.

Thanks Eng. Amgad

normis · April 14, 2009, 8:31am

yahoo messenger will work on any open port, it doesn’t have a specific port.

Try with L7 regexp matching:

/ip firewall layer7-protocol add name=yahoo-messenger regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
/ip firewall filter add chain=forward layer7-protocol=yahoo-messenger action=drop

amsteen · April 14, 2009, 8:40am

yes it is working, and yahoo messenger stops

Thanks again Mr. Normis

Eng. Amgad

amsteen · April 14, 2009, 8:57am

Mr. Normis

It is ok, But when some one put proxy server in yahoo messenger
it work again.

thanks

Eng. Amgad

normis · April 14, 2009, 9:03am

redirect all proxy server ports to your own proxy server, and then make a new rule to block YM in the Output chain:

/ip firewall layer7-protocol add name=yahoo-messenger regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
/ip firewall filter add chain=forward layer7-protocol=yahoo-messenger action=drop

/ip firewall filter add chain=output layer7-protocol=yahoo-messenger action=drop

note that I have added one more rule in the OUTPUT Chain (that’s all traffic coming from the mikrotik proxy to the internet).

the only thing left is to force your users to use your own proxy:

/ip proxy set enabled=yes port=8080
/ip firewall nat chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall nat chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080
/ip firewall nat chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
/ip firewall nat chain=dstnat protocol=tcp dst-port=8081 action=redirect to-ports=8080

action=redirect will intercept any request to the specified ports, and will force it to use the router’s own resources (your proxy).

xploit · May 21, 2009, 9:27am

I am new to MikroTik. How can I enter code to filtering Yahoo Messanger on L7 Protocol on the Firewall.

What should the Max. Client connections and Max. Server Connections value by on the web proxy settings. What is the effect of this value.

I use V3.10

normis · May 21, 2009, 9:33am

second post from above clarifes the exact rules that need to be entered. you should upgrade to v3.23

xploit · May 21, 2009, 12:18pm

Clicking on ‘Layer7 Protocol’ on the menu of the firewall, how do I start to enter the code. Thanks

normis · May 21, 2009, 12:23pm

you don’t need to click anywhere, paste these commands into Terminal:

/ip firewall layer7-protocol add name=yahoo-messenger regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"

/ip firewall filter add chain=forward layer7-protocol=yahoo-messenger action=drop

if you really want to use winbox, click on the + sign and paste this onto the dialog box:

^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80

xploit · May 21, 2009, 2:08pm

Thanks a million. It worked

supermp3 · June 23, 2009, 4:30pm

Please help me to block exefile from firewall！I am new to MikroTik too

Chupaka · June 23, 2009, 9:38pm

what protocol do you want to block? http? ftp? smb? rsync? nfs?

supermp3 · June 24, 2009, 4:34am

How can I enter code to filtering file(exe) on L7 Protocol on the Firewall! Thanks!

Chupaka · June 24, 2009, 8:57am

the “magic number” of an EXE fileif the following: the first byte of the file is 0x4d and the second is 0x5a. that’s too small to detect exe-file in the middle of a stream…

xploit · September 8, 2009, 12:12pm

It works yahoo messanger stops.
But if I need to permit a particular ip or group of ip to access yahoo messanger, how do I dgo about it.

Thank you.
Victor

Chupaka · September 8, 2009, 9:27pm

exclude that group from your blocking rule =)

meno · March 8, 2010, 5:48pm

hello guys, did u try this pattern with yahoo messenger version 10 ? im trying it but it doesnt work, I read how to create layer7 pattern but I dont know exactly how to do it, I tried with wireshark to find a pattern but nothing worked yet

so if u can giveme a hand, I’ll apreciate

thanks

tjhana · March 13, 2010, 3:41pm

I just want to verify the proper way to do the exclusion.

/ip firewall filter print

1 ;;; Block Yahoo Messenger

chain=forward action=drop src-address-list=!Boleh_YM
layer7-protocol=yahoo-messenger

so i just add the excluded IP to “Boleh_YM” address list. please confirm my rules. thanks.

Chupaka · March 13, 2010, 5:07pm

it’s better to add also ‘in-interface=Local’ or ‘src-address=your_ip_pool’, because that rule can match dst-address-list=Boleh_YM

dsosnitsky · December 10, 2010, 7:20pm

Pls help, I have applied this rules but don´t work, the yahoo messenger connect it:

/ip firewall layer7-protocol add name=yahoo-messenger regexp=“^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\C0\80”

/ip firewall filter add chain=forward layer7-protocol=yahoo-messenger action=drop

any ideas?

many thanks!