Using prerouting reduce my traffic

Dear friends,

After I creating a bund of mangle rules (or /firewall/raw) using prerouting to collect the IP of social sites (like tiktok, facebook etc.), each domain on one line of rule, my internet traffic was reduced a lot (about 60 Mbps to 40 Mbps for about 10 lines of rule).

Some lines of my rule:

/ip firewall raw
add chain=prerouting content=".tiktok.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".byteoversea.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".byteoversea.net" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".byteimg.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".ibyteimg.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".pstatp.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".sgsnssdk.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".tiktokcdn-in.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".tiktokcdn-us.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".tiktokcdn.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".atomile.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"
add chain=prerouting content=".bytefcdn-oversea.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"

When I disable these rules, the traffic back to normal again.

How can I do this action without reducing too much traffic?

Best regards,

hello.

How can I do this action without reducing too much traffic?

by these examples…

/ip firewall raw
add chain=prerouting content=".tiktok.com" action=add-dst-to-address-list address-list="social-tiktok" comment="social:tiktok"

well, I am afraid you just need to compensate.

those content matchers mean you just activated a deep packet inspection features of the firewall, almost similar to those layer 7 filters. you just need better hardware resources.

COMPLETE WASTE OF TIME.
MT devices are not APP control devices nor are they block access to HTTPS sites either.
Use untangle for the cheapest solution.

I’m not sure OP said block… OP may want to identify the “social media traffic” in a queue or something. But as noted… the identification of such sites chews up CPU, so less packet overall can be processed, thus slower.