Can I mark youtube, Facebook, Instagram, and WhatsApp to the “dstt address list” with help of RAW..??
which one is the best RAW or Filter tool? for traffic priority etc.
when I marked traffic In Firewall Filter it also add my local network IPs to the " address list" but RAW is not do like same it picks only public IP.
Share your experience
No, the MT router is not useful for the purpose of application blocking.
If you cannot rely on parenting and education, then suggest you get a different appliance as a front edge router that can do the job but be prepared to pay throught the nose for the appliance and for the yearly subscription services.
I dont want to block the traffic.
I just want to provide 200 Mbps bandwidth on Youtube, Facebook, and WhatsApp. Any of my users get Speed on Youtube, Facebook, Whatsapp from 200Mbps which I will mark in Queues.
OK, so it’s not application blocking, it’s application throughput shaping. Actually similar concept …
The point of what @anav wrote is that ROS is not up to precise application identification so you realistically can’t do anything based on identification of application that’s using a particular connection (and this includes both bandwidth shaping and blocking).
check this code
Prioritize Whatsapp, Facebook and Instagram traffics using MikroTik RouterOS
/ip firewall filter
add action=add-dst-to-address-list address-list=Facebook address-list-timeout=4d chain=forward comment=Facebook content=.facebook.com
add action=add-dst-to-address-list address-list=Facebook address-list-timeout=4d chain=forward content=.fbcdn.net
add action=add-dst-to-address-list address-list=Facebook address-list-timeout=4d chain=forward content=.facebook.net
add action=add-dst-to-address-list address-list=Instagram address-list-timeout=4d chain=forward comment=Instagram content=.instagram.com
add action=add-dst-to-address-list address-list=Instagram address-list-timeout=4d chain=forward content=.cdninstagram.com
add action=add-dst-to-address-list address-list=Whatsapp address-list-timeout=4d chain=forward comment=Whatsapp content=whats.com
add action=add-dst-to-address-list address-list=Whatsapp address-list-timeout=4d chain=forward content=whatsapp.net
add action=add-dst-to-address-list address-list=Whatsapp address-list-timeout=4d chain=forward content=wa.me
add action=add-dst-to-address-list address-list=Whatsapp address-list-timeout=4d chain=forward content=whatsapp
add action=add-dst-to-address-list address-list=Whatsapp address-list-timeout=4d chain=forward content=.wa.me
/ip firewall mangle
add action=mark-connection chain=prerouting comment=Facebook dst-address-list=Facebook new-connection-mark=Facebook-Conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Facebook-Conn new-packet-mark=Facebook-Packet passthrough=no
add action=mark-connection chain=prerouting comment=Instagram dst-address-list=Instagram new-connection-mark=Instagram-Conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Instagram-Conn new-packet-mark=Instagram-Packet passthrough=no
add action=mark-connection chain=prerouting comment=Whatsapp dst-address-list=Whatsapp new-connection-mark=Whatsapp-Conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Whatsapp-Conn new-packet-mark=Whatsapp-Packet passthrough=no
/queue simple
add name=queue3 packet-marks=Whatsapp-Packet priority=1/1 target=“”
add name=queue1 packet-marks=Facebook-Packet priority=2/2 target=“”
add name=queue2 packet-marks=Instagram-Packet priority=3/3 target=“”
Those domains and hosts resolve differently every time somebody resolves them. Which means that address list might be current at some moment in time and awfully obsolete some tens of seconds later. For example, www.facebook.com resolves as CNAME (pointer) to some particular host with TTL of 1 hour (I’m not going to wait for an hour to check if it resolves to different CNAME after TTL expires). That particular host resolves into IP address with TTL of 60 seconds. The recipe keeps same IP addresses for 4 days. And then if your clients are not forced to use your router as DNS servers, they may get different answers that Mikrotik has. Do you see the problem yet?
The method would work with some more traditional content providers who don’t use wastly spread content delivery network.
Okay tell me what I do for traffic marking for seprate speed.
Can Mikrotik do this or I need other solutions to forward CDN traffic to my users??
There is hundreds of videis on youtube like how to separate youtube traffic and browsing traffic to separate WAN. WAN1 for Browsing and WAN2 for youtube etc
Well, so far you got opinion of two forum members. Perhaps some other members will still chime in with different opinions in the next few days. At the end of the day it’s up to you to do whatever you decide to do. You can follow those youtube videos and see if that’s gonna help you get work done (but probably you won’t get help with those on this forum). Or you decide to go with our scepticism.
I agree with you,
Now give me the solution or recommend me another hardware or equipment which full fill my need
Thanks in advance
so rude…
What you mean??
That is going to cost you vastly more … Palo Alto FW, Checkpoint, Fortinet, etc (and dozens others) have the required power to identify applications and thus allow you to do something with it (block, shape, etc)
My suggestion for you is Untangle by Arista … can select the appliance plus the software based on your particular need.
https://wiki.edge.arista.com/index.php/NG_Firewall_User_Guide
https://edge.arista.com/shop/q4-appliance/
If you are technical it’s a breeze to learn … but due to the complexity of the various capabilities it takes time to develop a config that you end up liking..
OP:
Once removed the traffic for youtube, Facebook, Instagram, and WhatsApp , what remain?
Other sites must go at 0,5Kbps?
Probably are the most used sites, then use the 200M for all traffic, and you have done…
Follow the @mozerd hint…