CRS125-24G-1S-2HnD (RouterOS 6.40.4) Layer7 site blocking does not work.
Already in the mangle connection without a mark
firewall configuration:
/ ip firewall layer7-protocol add name = BlockSite regexp = “^. * (facebook | yahoo.com). * $”
/ ip firewall mangle add action = mark-connection chain = prerouting connection-mark = no-mark dst-port = 80,443 layer7-protocol = BlockSite new-connection-mark = MarkBlock passthrough = yes protocol = tcp
/ ip firewall filter add action = reject chain = forward message = BlockSites connection-mark = MarkBlock protocol = tcp reject-with = tcp-reset
??? Very weird - maybe the problem is in the hard. Similarly, this blocking scheme works fine in two other places on RB2011UiAS-2HnD (RouterOS 6.40.4).