assume I have router RB450 as a gateway router of my LAN. I have added masquerade for LAN Internet from my RB450. it is working fine. but now I want to allow outlook mail, any desk, TeamViewer, Microsoft teams and some important services and block all other sites. how can i do it
Not a simple task on ROS, when I worked on my mangle rules to add connection marks to some services connection for prioritization in Queues, I had to investigate which ports are using, eg. for MS Teams https://answers.microsoft.com/en-us/mst ... c810bc7a87
, and I identified that service by application src port range, but if used in browser for web app is not the same, I use only app so I did not bother to seek solution for web Teams.
For others you mentioned, depends on service, some combination of dst port and dst ip range or src ports like Teams.
I think when you are blocking like that, It is always best to include dst ip in combination with ports (either is dst or src), because someone can create connection with allowed src port and avoid block if dst ip is not always checked.