Layer 7

elkolo23 · October 5, 2007, 6:13pm

Would like more info about layer 7 and how could it help us specially for p2p

normis · October 8, 2007, 7:13am

p2p can be filtered just like that, without using l7. example:

/ip firewall filter add chain=forward p2p=all-p2p action=drop

l7 is for other advanced applications.

boardman · January 15, 2008, 5:17pm

In a new-fresh installed RouterOS 3.0RC14 just doing NAT, nothing else configured in it except the obvious IP’s for interfaces public and local, and route to gateway, then I put the following code :

/ip firewall filter add chain=forward p2p=all-p2p action=drop

, after that i connected my laptop directly to the router local interface, then I started my Limewire P2P Software, searched for a mp3 song downloaded it at full speed without any restriction. !!!

Why? , Is Gnutella (limewire) encrypted? Or is it p2p L3 matchers of RC14 not working?

Jorge Boardman
http://www.laredonet.com

P.D. After that I tried the same with L7 Gnutella Regexp matcher, same deal didn’t worked out.

boardman · January 15, 2008, 10:05pm

Anybody?

boardman · January 18, 2008, 2:53am

Anybody having an explanation for this?

Best

Jorge Boardman

CarulloS · January 18, 2008, 5:01am

Sure, its because the traffic looks like normal traffic… http transfer, encrypted etc…

L7 rules would help detect this, there are entire websites devoted to layer 7 rules to find particular application layer items.

It is and always will be a constant battle. There are numerous posts about how you may obtain the desired results (whatever they are) by other methods than L7 rules as well.

Scott

boardman · April 22, 2008, 6:43pm

Yes, but Normis says:

p2p can be filtered just like that, without using l7. example:

Code:
/ip firewall filter add chain=forward p2p=all-p2p action=drop

l7 is for other advanced applications.

CarulloS · April 23, 2008, 1:50am

There is a lot of p2p traffic that can be caught by l7 that slips right through the built in firewall filter. I would consider any l7 filter an advanced application

Scott

pedja · April 23, 2008, 6:50pm

I have a problem that occasionally plain DC++ connections avoid this filter. No encription and not even any intention to disquise connection. It just does not get filtered.

normis · April 24, 2008, 8:55am

in that case yes, you can use l7 if my mentioned rule doesn’t help. just make a new l7 definition, and then make a firewall rule based on that defition. here is more info:

http://wiki.mikrotik.com/wiki/L7

Jeeva · March 12, 2009, 1:19am

Want to limit DC++ traffic, running Layer7, but it doesn’t detect or catch any packets… does nothing.

Is there some new REGEX code that I can use?

It is quite crucial, want to limit the DC++ users during certain times.