Hi everyone

i have a very hard time to set my server firewall, and everything must be set into my mikrotik router.

the firewall must block all download and all upload, Except only 1 thing, teamviewer

every dns request *.teamviewer.com can be allowed , everything else ..drop

and from that i need to build a address list to allow my server download and upload from this address list only

*******************************
i have try many other ways but failed because the port 5938 used by teamviewer can also be used by other program


in a simple word i want every answer from dns request -->*.teamviewer.com
going directly into my { ip / firewall / address list / teamviewer }


Thank you for your help in advance :)

Why not set up the Mikrotik as a proxy, configure Teamviewer to use the Mikrotik as a proxy?
So, instead of turning it into a port 5938 problem, you turn it into a proxy configuration issue?
If you truly want DNS for just teamviewer.com, do conditionial DNS forwarding rules.

Oh, Teamviewer can use more than port 5938 -- it'll certainly try port 443 from what I've seen.

Of course, if only Teamviewer is allowed, how does management of the Mikrotik work? OOB?

Assuming you've made your research, and hence you are sure that the Teamviewer application always uses DNS to determine the IP address for the new connection, you have to schedule the following script populating the address list to run periodically, say, every 5 seconds:
Other than that - although outgoing connections to port 5938 are allowed on my firewall, there is no active connection to that port while my Teamviewer application is running and indicating ability to accept incoming connections, and when I establish an outgoing Teamviewer session, a TCP session gets established to port 443.

If I forbid outgoing TCP connections to establish towards port 80 and to port 443, my Teamviewer is unable to establish an outgoing session. And it does not attempt to establish a connection to port 5938 at all.

I have one tiny brain and am no expert but your needs as stated dont make much sense.

The issue is you are stating a configuration request and not a software requirement.
Please describe what you wish to accomplish without any mention of configuration.
Forget about any talk about DNS for example.

What is the use case or are the use cases you are describing.
What do users need to be able to do to carry out the necessary work.

Having context and scope of the problem will more easily either point to a viable configuration solution or indicate that the MT product is not capable of meeting expectations