Page 1 of 1

Whats wrong with my regex expression?

Posted: Fri Mar 02, 2012 1:39 am
by rviteri
Hi all, I am trying to route dns request to a specific server based on an L7 regex expession + packet mark + dst-nat


This works:

\x08facebook\x03com

but this doesn't

\x08twitter\x03com

Ideally I would like to match either or so:

\x08(facebook|twitter)\x03com



This works
/ip firewall layer7-protocol
add name=activedirectory regexp="\\x08facebook\\x03com"

/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=activedirectory new-packet-mark=activedirectory passthrough=yes protocol=udp

/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=activedirectory protocol=udp to-addresses=10.0.40.1 to-ports=53
vs. (which doesn't work and it is driving me mad)
/ip firewall layer7-protocol
add name=dns regexp="\\x08twitter\\x03com"

/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=0.0.0.0/0 dst-port=53 layer7-protocol=dns new-packet-mark=dns passthrough=yes protocol=udp

/ip firewall nat
add action=dst-nat chain=dstnat comment="forward DNS requests" disabled=no dst-port=53 packet-mark=dns protocol=udp to-addresses=10.0.40.1 to-ports=53

Please help me.

PS: I got the idea from
http://brainsuckerna.blogspot.com/2010/ ... ctive.html

I am trying to do the same but matching for multiple domains.

Re: Whats wrong with my regex expression?

Posted: Sat Mar 03, 2012 1:21 pm
by MadEngineer
facebook has 8 letters, twitter does not.

Re: Whats wrong with my regex expression?

Posted: Sun Mar 04, 2012 10:56 am
by rviteri
facebook has 8 letters, twitter does not.
thank you, resolved!