Hi there,
hope that the community can say if i was wrong or is the right way:
According to the Macgaiver post, i set up the two mangle rules with the mangle tags “p2p_packet” and “p2p_connection”. in /ip firewall filter i drop the packets and still here nothing of new,
I create a address list called “p2p_blacklist”, after i code as first rule of my firewall:
/ ip firewall filter add chain=forward src-address=10.1.2.0/24 dst-address=!10.1.2.0/24 packet-mark=p2p_packet action=add-dst-to-address-list address-list=p2p_blacklist address-list-timeout=12h
(assuming that my clients are in 10.1.2.0/24 block and i don’t want add in the p2p_blacklist the dst-address of the local /24 network, the not-dst-address is for this purpose…)
and after again:
/ip firewall filter add chain=forward dst-address-list=p2p_blacklist action=drop
I assume that not all the traffic is encrypted, or maybe is true that the first packed of a crypto connection is marked by ROS, so the dst-address is for sure a P2P source…
.. the dynamic list is growing and maybe i have a solution 
Please experts here judge this and tell me if i’m right… assuming RB532 have enough memory to handle the list
Don’t forget to delete the 0.0.0.0/0 when create the address list, elsewhere IMHO everything is dropped.
Regards,
.:[CRT]:. - old coders never die, just terminate & stay residents.[/code]