Community discussions

MUM Europe 2020
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

block p2p using Layer7-Protocols

Sun Oct 28, 2007 7:37 pm

is this config ok to mark packets in mangle, for being dropped in firewall?
/ip firewall mangle 
add action=mark-connection chain=forward comment="Block ARES" disabled=no \
    layer7-protocol=ares new-connection-mark=blocked_conn passthrough=yes \
    src-address-list=BlockedContent 
add action=mark-connection chain=forward comment="Block eDonkey" disabled=no \
    layer7-protocol=edonkey new-connection-mark=blocked_conn passthrough=yes \
    src-address-list=BlockedContent 
add action=mark-connection chain=forward comment="Block gnutella" disabled=no \
    layer7-protocol=gnutella new-connection-mark=blocked_conn passthrough=yes \
    src-address-list=BlockedContent 
add action=mark-connection chain=forward comment="Block imesh" disabled=no \
    layer7-protocol=imesh new-connection-mark=blocked_conn passthrough=yes \
    src-address-list=BlockedContent 
add action=mark-packet chain=forward comment="[][][][][][][][][][][][] Content \
    Blocked" connection-mark=blocked_conn disabled=no \
    new-packet-mark=Blocked_packets passthrough=no 
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8329
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: block p2p using Layer7-Protocols

Mon Oct 29, 2007 12:14 am

it seems working, if you have people, which should be blocked, in "BlockedContent" address list. otherwise remove "src-address-list=BlockedContent" from your rules
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: block p2p using Layer7-Protocols

Mon Oct 29, 2007 2:36 pm

yes... i have some clients in that address-list...

i read that you should use layer-7 protocols in conjunction with source/destination addresses or ports, or something like that.... in order to reduce the false positives in detection of packets.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5961
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: block p2p using Layer7-Protocols

Mon Oct 29, 2007 2:45 pm

i read that you should use layer-7 protocols in conjunction with source/destination addresses or ports, or something like that.... in order to reduce the false positives in detection of packets.
You are correct. You must use layer7 matching wisely, as it allocates memory until protocol is matched for current traffic. Good setup will use less RAM and also you get less false matches.

Who is online

Users browsing this forum: Bing [Bot], Cvan, Google [Bot], lsettembri and 126 guests