Guess found a bug here. (Firewall > Filter Rules, Address Lists, Layer 7 Protocols)

RouterOS Beginner Basics
1

Hello, Im looking for an answer that’s is not an urgent problem, i fixed in another way but, the first one seems not to be working as well.

Got 192.168.10.0/24
Mikrotik add: 192.168.10.254
PC Test IP: 192.168.10.32

Address Lists: “Laboratorios” → 192.168.10.0/24
Layer 7 Protocols: “Youtube” → ^.+youtube.$ Tried even with → ^.(youtube).*$
address lists and layer 7 protocol.png
Filter Rule: block from “Laboratorios” address list, with “Youtube” Layer7 Protocol to prevent network 192.168.10.0/24 access youtube
Filter rule.png
The response of Mikrotik is about blocking youtube, and also http://www.google.com (tried with Internet Explorer and Google’s direct IP “189.247.138.88”)
When i disable the filter rulte, all works perfectly accessing all the webpages… and also if i want to block youtube and not google.com i need to remove the “Advanced” → “Src. Address List” and write on “General” → “Src. Address” = 192.168.10.0/24 in order to block youtube and the network have access to google.com

What am I doing wrong?

2

Hi,

If I am correct, Youtube is owned by google, therefore they are in the same IP subnet(At least in my country)

I know this is layer7 protocols but it may be possible that ROS is getting confused between the two and blocking both.

This may be totally incorrect.

I found this piece of code on the MT wiki

 
/ip firewall layer7-protocol
add name=youtube regexp="(GET \\/videoplayback\\\?|GET \\/crossdomain\\.xml)"
3

You should look into OpenDNS as a solution - force all of the LAB networks to use OpenDNS as the DNS resolvers (dst-nat udp port 53 to the OpenDNS servers) and then in your account, specify the sites that you want to allow and block.

Or possibly you could configure HTTP proxy on the Mikrotik, and force client workstations in the lab to use the proxy server, and then you can simply block websites in the proxy server, and this will also work for https sites.

If you also enable the cacheing feature of the http proxy, you’ll also save bandwidth.