Hello
i have problem with filtering 443 web site by tls host
/ip firewall filter add chain=forward dst-port=443 protocol=tcp tls-host=*.google.com action=reject
this is my rule.but i not block google.com
any one have same problem?
Does this new TLS-host firewall feature work with plain HTTP? I want to block *.footprint.net domain (DNS block didn't work out) as it keeps bothering me with blocking windows updates.Google, youtube etc... they are using QUIC (UDP based protocol) instead of normal HTTP/2 (TCP based protocol)
They of course still support old protocols but thats just fallback. If the browser supports QUIC, it will use QUIC.
TLS-host does not work with QUIC as it depends on TCP connection.
thanks for the response. does content matching support regex? like can you use content=*windowsupdate* and even windowsupdate|telemetry|.....that or the "content" packet matching in plain firewall