Hi! I’ve got a Mikrotik router and wanna to tune it the way to reject traffic of all my devices that try to upgrade Windows OS and Apple iOS. These upgrades need too much traffic and my internet connection is not unlimited. How can I do it?
It’s better to disable the updates on the devices.
They use CDN’s for the data, which makes it very hard to block with firewall rules.
If you know the URL’s that they access, you can use the DNS to block them.
Adding something like this to the static DNS…
/ip dns static
add address=127.0.0.1 name=.*updates.microsoft.com
of course you need to figure out every domain/host that they look for.
Thank you for your fast reply! Could you explain how to set it in RouterOS menu?
Click IP → DNS → Static
Click “+” to add new entry
Name: .*update.microsoft.com
Address: 127.0.0.1
Click Ok
since they employed P2p/peernet/content devivery optimisation tech, which is basically torrent-like thing - blocking only DNS isn’t enough.
so filtering portion of services by IP remain good idea. its easy to google which part of MS/Apple IPv4 pool was belong to what kind of services, make appropriate “adress-list” and then add rule that drop them in “forward” chain.