what else do you need syndiDo you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you've posted just the mangle rules.Who guides me in my concern?
At the moment just time. Your L7 rules rely on a couple of domain names to be present in the initial packets of a connection, but something may have changed in how Google names the sites from which the videos are downloaded, and also if your browser supports QUIC, the domain name may not be there in plaintext at all. Such changes may happen any time, that's why I prefer the classification based on traffic characteristics rather than on particular site names.what else do you need syndi
You mentioned your rule already works so why not just skip youtube connections in your WEB marking
connection-mark=!YOUTUBE
First, I am a bit confused about your in-interface=out-interface matching. If out-interface is the name of the WAN interface, then this rule can only match on the response packets from the server, and I hazily remember the server name in plaintext is in the request packet from the client.
Second, there are few services that use UDP and port 443, so unless you want to assign different priority to QUIC streams depending on server name, you may skip matching on layer7-protocol at all?