detection firewall

kazanova · May 12, 2010, 5:00pm

detection and mark .exe .jbg or address like http://www.hotmail.com http://www.ayhoo.com
in firewall is that possible

Chupaka · May 12, 2010, 9:54pm

only in Proxy. you may try to use L7 matcher, but it’s useless for alive http connections…

kazanova · May 13, 2010, 3:30pm

can someone tell me where there problem
if we use firewall layer7 to specific this extensions and mark it to be unlimited
html|htm|jpg|gif|jpeg|png|xml|php|bmp|ico|css|js

and all file other well be limited like exe zip rar

kazanova · May 13, 2010, 8:20pm

sorry but what that mean

i use l7 in that way is that right
/ip firewall layer7-protocol add comment=“” name=rm regexp=rm

/ip firewall mangle
add action=mark-packet chain=input comment=“” disabled=no layer7-protocol=rm new-packet-mark=limit passthrough=no

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10k/10k name=queue11
packet-marks=limit parent=none priority=1 queue=default-small/default-small total-queue=default-small

Chupaka · May 13, 2010, 9:17pm

when you open webpage in modern browser, connection is not closed after every request, so many files can pass through it. but L7 inspects only first few packets or bytes of connection - so it won’t match second and further files…