I would like to restrict a group of clients to only have access to windows updates. They're all in the same network (nothing fancy or complex), behind a MikroTik router. I tried implementing various solutions (using regex, address lists with MS IPs & FQDNs, etc.) but there's always something that is needed and update search / download fails. I guess I should mention that AFTER above mentioned allow rules I placed a block rule for 0.0.0.0/0 via for TCP/80 & TCP/443 -> to block most of the web traffic, as those clients are not meant to have internet access at all times. Another thing worth mentioning is that I am pretty restricted when it comes to the software / hardware I get to use, the whole thing relies on a MikroTik router. Now, is this even doable in a clean way using MikroTik or would I need something else?
Your help would be appreciated!