there is no documentation for this subjectfirewall - added "tls-host" firewall matcher
there is no documentation for this subjectfirewall - added "tls-host" firewall matcher
still there is no document on this now ability
This is decorystill there is no document on this now ability
i don't know how to use this for filtering
ME 3Doesn't work for me either. Neither by full name, nor wildcard.
P.S. Also, why is this matcher added to NAT rules? There's no info about TLS hostname in TCP SYN packets
TLS Host does not work in RouterOS 6.41.Doesn't work for me either. Neither by full name, nor wildcard.
P.S. Also, why is this matcher added to NAT rules? There's no info about TLS hostname in TCP SYN packets
work! https://t.me/cgood/208TLS Host does not work in RouterOS 6.41.Doesn't work for me either. Neither by full name, nor wildcard.
P.S. Also, why is this matcher added to NAT rules? There's no info about TLS hostname in TCP SYN packets
Use last RouterOS 6.42rc15 (Release candidate).
There kind of is in recent TLS versions, supported by modern browsers and servers: SNIP.S. Also, why is this matcher added to NAT rules? There's no info about TLS hostname in TCP SYN packets
Well, simple testing shows that the matcher simply doesn't work in NAT rulesI'm guessing that <...> on a match, it terminates the original connection between router and server, and creates a new one to the new destination using the new source (as determined by rules including the matcher).
Whut?..I am not able to make it work on forwarded connections too,
It works for me inWhut?..I am not able to make it work on forwarded connections too,
/ip firewall filter chain=forward
connection-state=new