This can be done MANGLE/Mark package as (udp, port 53, content=aaa) then block all the packages with this mark.
However, this will block aaabbb.com also.
I tried set content=aaa.com and it does not work.
So I ran wireshark, and figured out that the DNS package was in fact
03 61 62 63 03 63 6f 6d
(len for abc) (hex for abc) (len for com) (hex for com)
So, if I want to block abc.com exactly I need to find some way to set the Content=HEX RAW BYTES
I have tried Content=\03 \61 ..... \6d
or Content=\\03 \\61 ..... \\6d
or Content=0x03 0x61 ..... 0x6d
but none of them works.
Any idea for this ?
SOLVED: Thanks to everyone posting reply here. I finally make it work.
The KEY TRICK to this issue is that, DO NOT enter the content="\03abc\03com" in the WINBOX Dialogs.
Instead, open a TERMINAL and run the command
Thanks to sebastia for pointing this out (From Terminal)
Code: Select all
/ip firewall mangle add action=passthrough chain=prerouting content="cnn\03com" dst-port=53 in-interface=e1_int log=yes log-prefix="DNS catch: " \ protocol=udp