Community discussions

MUM Europe 2020
 
rviteri
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Nov 18, 2011 5:53 pm

Whats wrong with my regex expression?

Fri Mar 02, 2012 1:39 am

Hi all, I am trying to route dns request to a specific server based on an L7 regex expession + packet mark + dst-nat


This works:

\x08facebook\x03com

but this doesn't

\x08twitter\x03com

Ideally I would like to match either or so:

\x08(facebook|twitter)\x03com



This works
/ip firewall layer7-protocol
add name=activedirectory regexp="\\x08facebook\\x03com"

/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=activedirectory new-packet-mark=activedirectory passthrough=yes protocol=udp

/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=activedirectory protocol=udp to-addresses=10.0.40.1 to-ports=53
vs. (which doesn't work and it is driving me mad)
/ip firewall layer7-protocol
add name=dns regexp="\\x08twitter\\x03com"

/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=dns new-packet-mark=dns passthrough=yes protocol=udp

/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=dns protocol=udp to-addresses=10.0.40.1 to-ports=53

Please help me.

PS: I got the idea from
http://brainsuckerna.blogspot.com/2010/ ... ctive.html

I am trying to do the same but matching for multiple domains.
 
User avatar
MadEngineer
Member Candidate
Member Candidate
Posts: 134
Joined: Mon May 02, 2011 10:47 am
Location: New Zealand

Re: Whats wrong with my regex expression?

Sat Mar 03, 2012 1:21 pm

facebook has 8 letters, twitter does not.
MTCNA
 
rviteri
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Nov 18, 2011 5:53 pm

Re: Whats wrong with my regex expression?

Sun Mar 04, 2012 10:56 am

facebook has 8 letters, twitter does not.
thank you, resolved!

Who is online

Users browsing this forum: No registered users and 15 guests