Community discussions

 
sa4351ad
just joined
Topic Author
Posts: 3
Joined: Tue Mar 13, 2018 4:34 pm

layer 7 protocols exception

Tue Mar 13, 2018 4:45 pm

Hi there , I have a comment for block video stream , but I want to make an exception for a PC by MAC address , how can I make it .
Image
You do not have the required permissions to view the files attached to this post.
 
dadaniel
Member Candidate
Member Candidate
Posts: 155
Joined: Fri May 14, 2010 11:51 pm

Re: layer 7 protocols exception

Tue Mar 13, 2018 5:10 pm

You can only do exceptions for IP address, see viewtopic.php?t=120819
 
Sob
Forum Guru
Forum Guru
Posts: 4542
Joined: Mon Apr 20, 2009 9:11 pm

Re: layer 7 protocols exception  [SOLVED]

Tue Mar 13, 2018 6:02 pm

That topic is about list of MAC addresses and RouterOS doesn't have that. But you can use src-mac-address option for one MAC address and it works (for directly connected devices of course).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sa4351ad
just joined
Topic Author
Posts: 3
Joined: Tue Mar 13, 2018 4:34 pm

Re: layer 7 protocols exception

Tue Mar 13, 2018 6:10 pm

That topic is about list of MAC addresses and RouterOS doesn't have that. But you can use src-mac-address option for one MAC address and it works (for directly connected devices of course).
How ?
 
Sob
Forum Guru
Forum Guru
Posts: 4542
Joined: Mon Apr 20, 2009 9:11 pm

Re: layer 7 protocols exception

Tue Mar 13, 2018 6:48 pm

If you have:
/ip firewall filter
add action=drop chain=forward layer7-protocol=streaming <other options>
Then:
a) If you need only one exception, change it to:
/ip firewall filter
add action=drop chain=forward layer7-protocol=streaming <other options> src-mac-address=!<MAC address>
b) If you need more, add rules like this before the original one:
/ip firewall filter
add action=accept chain=forward src-mac-address=<MAC address>
The latter might interfere with other firewall rules, if you have something more complex.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 44 guests