Page 1 of 1

Layer 7

Posted: Fri Oct 05, 2007 9:13 pm
by elkolo23
Would like more info about layer 7 and how could it help us specially for p2p

Re: Layer 7

Posted: Mon Oct 08, 2007 10:13 am
by normis
p2p can be filtered just like that, without using l7. example:
/ip firewall filter add chain=forward p2p=all-p2p action=drop
l7 is for other advanced applications.

Re: Layer 7 - Layer 3 - RouterOS 3.0RC14 Something wrong

Posted: Tue Jan 15, 2008 7:17 pm
by boardman
p2p can be filtered just like that, without using l7. example:
/ip firewall filter add chain=forward p2p=all-p2p action=drop
l7 is for other advanced applications.
In a new-fresh installed RouterOS 3.0RC14 just doing NAT, nothing else configured in it except the obvious IP's for interfaces public and local, and route to gateway, then I put the following code :
/ip firewall filter add chain=forward p2p=all-p2p action=drop
, after that i connected my laptop directly to the router local interface, then I started my Limewire P2P Software, searched for a mp3 song downloaded it at full speed without any restriction. !!!!!

Why? , Is Gnutella (limewire) encrypted? Or is it p2p L3 matchers of RC14 not working?

Jorge Boardman
http://www.laredonet.com

P.D. After that I tried the same with L7 Gnutella Regexp matcher, same deal didn't worked out.

Re: Layer 7

Posted: Wed Jan 16, 2008 12:05 am
by boardman
Anybody?

Re: Layer 7

Posted: Fri Jan 18, 2008 4:53 am
by boardman
Anybody having an explanation for this?

Best

Jorge Boardman

Re: Layer 7

Posted: Fri Jan 18, 2008 7:01 am
by CarulloS
Sure, its because the traffic looks like normal traffic... http transfer, encrypted etc...

L7 rules would help detect this, there are entire websites devoted to layer 7 rules to find particular application layer items.

It is and always will be a constant battle. There are numerous posts about how you may obtain the desired results (whatever they are) by other methods than L7 rules as well.

Scott

Re: Layer 7

Posted: Tue Apr 22, 2008 9:43 pm
by boardman
Yes, but Normis says:

p2p can be filtered just like that, without using l7. example:

Code:
/ip firewall filter add chain=forward p2p=all-p2p action=drop


l7 is for other advanced applications.

Re: Layer 7

Posted: Wed Apr 23, 2008 4:50 am
by CarulloS
There is a lot of p2p traffic that can be caught by l7 that slips right through the built in firewall filter. I would consider any l7 filter an advanced application :)

Scott

Re: Layer 7

Posted: Wed Apr 23, 2008 9:50 pm
by pedja
p2p can be filtered just like that, without using l7. example:
/ip firewall filter add chain=forward p2p=all-p2p action=drop
I have a problem that occasionally plain DC++ connections avoid this filter. No encription and not even any intention to disquise connection. It just does not get filtered.

Re: Layer 7

Posted: Thu Apr 24, 2008 11:55 am
by normis
in that case yes, you can use l7 if my mentioned rule doesn't help. just make a new l7 definition, and then make a firewall rule based on that defition. here is more info:

http://wiki.mikrotik.com/wiki/L7

Re: Layer 7

Posted: Thu Mar 12, 2009 3:19 am
by Jeeva
Want to limit DC++ traffic, running Layer7, but it doesn't detect or catch any packets.... does nothing.

Is there some new REGEX code that I can use?

It is quite crucial, want to limit the DC++ users during certain times.