Community discussions

 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 8:12 pm

Hi

I'm trying do block thepiratebay with layer 7, but hell no, it refuses to block, but blocking facebook works like a charm!! :shock:

/ip firewall layer7-protocol
add name=block-facebook regexp="^.+(facebook).*\$"
add name=block-thepiratebay regexp="^.+(thepiratebay).*\$"


/ip firewall filter
add action=drop chain=forward comment="Block Facebook" dst-address-list=\
freeusers layer7-protocol=block-facebook
add action=drop chain=forward comment="Block thepiratebay" dst-address-list=\
freeusers layer7-protocol=block-thepiratebay
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 10:00 pm

I think you need to declare freeusers as src-address-list. Also make sure that both rules are on top of the Filter Rule list.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 10:35 pm

I think you need to declare freeusers as src-address-list. Also make sure that both rules are on top of the Filter Rule list.
not going to work, dst-address-list is the end users, not servers, the block facebook works 100%, but me trying to use the exact method to block the other site, does not work at all, and that goes for other random website as well
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 10:50 pm

You're right - I am still missing lots of theory. I left both src-address and dst-address empty and I am unable to open http://thepiratebay.se/ on the whole network. Do a similar test without the address-list and see what it does? I defined regex similar as you did.

add action=drop chain=forward comment="BLOCK FACEBOOK" layer7-protocol=piratebay
add action=drop chain=forward comment="BLOCK FACEBOOK" layer7-protocol=facebook
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 11:03 pm

You're right - I am still missing lots of theory. I left both src-address and dst-address empty and I am unable to open http://thepiratebay.se/ on the whole network. Do a similar test without the address-list and see what it does? I defined regex similar as you did.

add action=drop chain=forward comment="BLOCK FACEBOOK" layer7-protocol=piratebay
add action=drop chain=forward comment="BLOCK FACEBOOK" layer7-protocol=facebook
nope, its not doing jack, I can still access thepiratebay.se and thepiratebay.sx
are you using the same layer 7 rules as I am?

add name=piratebay regexp="^.+(thepiratebay).*\$"
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: blocking thepiratebay with layer 7, no luck

Wed Sep 11, 2013 11:16 pm

the same:

add name=facebook regexp="^.+(facebook).*\$"
add name=piratebay regexp="^.+(thepiratebay).*\$"

the filter rules are #0 and #1 on top of my list. I can see both Bytes and Packets counters increase whenever I click on the piratebay link or enter the url into the browser. It may not work immediately after enabling the rule, but it does after restarting the browser. Apologies that I was of no help to you.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: blocking thepiratebay with layer 7, no luck

Thu Sep 12, 2013 1:01 am

the same:

add name=facebook regexp="^.+(facebook).*\$"
add name=piratebay regexp="^.+(thepiratebay).*\$"

the filter rules are #0 and #1 on top of my list. I can see both Bytes and Packets counters increase whenever I click on the piratebay link or enter the url into the browser. It may not work immediately after enabling the rule, but it does after restarting the browser. Apologies that I was of no help to you.
hmmm the same here, #0 and #1 on top of my list, dammm..are you using v6.3 ?
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: blocking thepiratebay with layer 7, no luck

Thu Sep 12, 2013 8:40 am

6.4 development test version. I doubt if makes a difference.
I am planning to experiment with transparent proxy over the weekend. I think it is a more reliable way to block websites than layer7.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: blocking thepiratebay with layer 7, no luck

Thu Sep 12, 2013 11:47 am

6.4 development test version. I doubt if makes a difference.
I am planning to experiment with transparent proxy over the weekend. I think it is a more reliable way to block websites than layer7.
haha ok, I thought u were using a old stable version, I always have problems when I'm using hotspots with loadbalancing or routing mark for dedicated gateway for certain subnet, its a big screwup and if I disable my hotspot, everything works fine :shock:
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24258
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: blocking thepiratebay with layer 7, no luck

Thu Sep 12, 2013 1:04 pm

why do you assume that this text "thepiratebay" shows up in any of the packets? you must use packet sniffer and check how to block it. L7 is not a keyword blocking system
No answer to your question? How to write posts
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: blocking thepiratebay with layer 7, no luck

Thu Sep 12, 2013 1:12 pm

why do you assume that this text "thepiratebay" shows up in any of the packets? you must use packet sniffer and check how to block it. L7 is not a keyword blocking system
the domain is *.thepiratebay.* So I assume if I block that in layer 7 on the appropriate way, then it will be bye bye for that website, because it worked on facebook, so to me it doesn't make any sense why it cant block other sites on this method but I can block facebook on layer 7, but I'll sniff later

Who is online

Users browsing this forum: No registered users and 129 guests