I currently use following setup
/ip firewall mangle
add action=mark-connection chain=forward comment="youtube tls host youtube.com" new-connection-mark=youtube passthrough=yes \
port=443 protocol=tcp tls-host=*.youtube.com
add action=mark-connection chain=forward comment="youtube tls host googlevideo.com" new-connection-mark=youtube passthrough=\
yes port=443 protocol=tcp tls-host=*.googlevideo.com
add action=mark-packet chain=forward comment="youtube packet mark for youtube connections" connection-mark=youtube \
new-packet-mark=youtube passthrough=yes
/queue simple
add max-limit=10M/10M name=youtube packet-marks=youtube target=192.168.0.0/16
quic & http/3 has SNI, too.
I can see
www.youtube.com domain with QUIC in wireshark, But mikrotik does not have matcher for that, yet. maybe one can write L7/content matcher
temporary solution;
/ip firewall filter
add action=reject chain=forward comment="block QUIC & HTTP/3" port=80,443 protocol=udp reject-with=icmp-port-unreachable