L7 Rules

tcpip77 · August 17, 2009, 7:42pm

Ok I have been trying to get a L7 rule to succesfully work for hours now.
Here is what I am trying
Is this all that needs to be set for it to work???

/ip firewall layer7-protocol add name=yahoo-messenger regexp=“^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\C0\80”
/ip firewall filter add chain=forward layer7-protocol=yahoo-messenger action=drop

It seems like no matter what I do this does not block yahoo messnger.
What am I missing?
I am using web proxy with 8080 redirected is there anything else???
I hope that the above code isnt only a small part of how to use L7 and that I am not missing a whole tonne of stuff that needs to be done to use L7 rules

NetworkPro · August 18, 2009, 12:22am

Does your mangle/filter/w/e rule count packets?

Try marking the connection that the packet belongs to and dropping that connection… addding some IP addresses to a temp blacklist …

I personally would block scam sites if anything… and leave the stupid yahoo messenger alone, let the users be free.

tcpip77 · August 18, 2009, 8:42pm

I dont have any mangling happening. I am not even sure how to set that up.

Do you have to have mangling for L7 filters / rules to work?

NetworkPro · August 19, 2009, 12:44am

It seems you do, since its not working this way

normis · August 19, 2009, 7:45am

NetworkPro - no, you do NOT have to have mangle to drop based on L7 rules. The rules of the OP seem fine.

NetworkPro · August 19, 2009, 8:31am

Well does the rule count packets or not?