I'm not sure if after 7.9.1 update suddenly my mangle rules stopped working. I have 2xWANs and there are some IPs I want to route through 2nd WAN. Normally I used this config to add specific CONTENT name using prerouting to a LIST and later mark routing to second WAN, it was working 100% fine and suddenly it stopped (no changes were made). Anybody has a clue about that?

Mangle rule doesn't add to specific LIST IP addresses defined in CONTENT.

1. Ip-firewall - Filter rules tab, fastrack rule should be disabled!
2. Your mangle rule with adding to address list better works since v7 as RAW rule. Simply do same at the Raw tab.
3. Why do you use address list ? If you want to access some blocked sites by ISP in your region, redirecting foreign traffic thru another wan connection (wireguard vpn?), its easier to do with another way.
There is a list generator:
https://mikrotikconfig.com/firewall/
You can generate your local country list.
Then create Mangle rule which compares, if source is your local nenetwork (e.g. 192.168.0.1/24) and the destination is NOT in IP list of your country - then mark routing thru wireguard vpn.
Important! Do not forget to add to this list:
1.ip of your wireguard vpn, to access it directly, as if it is local.
2. ip range of your local network, e.g. 192.168.0.1/24, to access local network directly, not trying to route thru vpn.

Mid range devices like hex s, or 750 gr3 or hap ac2 make this comparison thru approx 8000 records with no significant cpu usage!

Im using this approach over 1 year, speed over 100 mbit works fine.

Your approach of finding content is very slow.
If you add approx 10 rules, cpu wull be 100%.

*since tls 1.3 this doesnot work anymore*:
If you still want to make it by content, much faster way is to lookup tls header.
See "TLS Host" field, your picture #2.
Fortunately ALL the sites use tls nowdays.
The only drawback - first time you access the site, you must use httpS://

Ps - select protocol at your picture #1 as "6 (tcp)".
Searching the rest for your task is useless.

The user already have one reply...

viewtopic.php?p=1004654#p1004689

Sorry, but now (from 8 May...) Youtube use TLS 1.3..... and not only TCP....
All modern browsers and app use TLS 1.3, so you are unable to mark the traffic.
You just noticed it now, and of course you have to blame RouterOS...

Just if you still use some old browser that doesn't support TLS 1.3, but at most 1.2, it can make you match that rule.
The other domain doesn't know what it is, so I haven't checked it, if it still uses http you can still catch it,
but when that too switches to https, your rules won't be of any use.

https://mikrotikconfig.com/firewall/

*occasional dub post*

The user already have one reply...

viewtopic.php?p=1004654#p1004689

Sorry, but now (from 8 May...) Youtube use TLS 1.3..... and not only TCP....

Indeed, just checked up - tls search for *youtube* works unstable now.
But region ip list still works fine

When the lists are updated...

The first MT AI router, it clearly has a mind of its own, quite independent from the config of the admin..............

When the lists are updated...

Will you please make an advise, how can I find updated lists?
Thank you in advance.

When the lists are updated...

Will you please make an advise, how can I find updated lists?
Thank you in advance.

Precisely...
The "Triple Vomit"™ symbol was precisely because certain means are ridiculous.
Knowing how you can't even have an updated list is a clear indication that the list should be avoided like the plague,
especially now that IPv4 is finished and there is a continuous exchange of IP blocks between countries,
you risk blocking a service it is legitimate that he bought some IPs that perhaps were previously used in india or russia, for example.
Or allowed IPs that beforre are on your country, for example, are buyed on some terrorist manner on another nation, and you allow that IPs because your list is old...
Setting these types of blocks will only slow down your router permanently, rather than just occasionally having a problem.
The "drop all at the end what is not already allowed" rule makes the list completely useless, unless you want to professionally run, say, a webserver.
But in a professional way the list certainly is not downloaded like this from a little site caught by chance on the internet...

The "drop all at the end what is not already allowed" rule makes the list completely useless

My only goal of using lists: to access local addresses directly + to access foreign addresses thru vpn.
(Local isp block my access to foreign sites + Local sites block foreign access , perhaps due to ddos).
Aint gonna drop anything.