Super helpful. We still don't know how to control the ssh line width. But in my case this worked for me: ssh marmite@gw "/ip/dhcp/lease/print proplist=\"address,host-name\"" When I restrict the output to only those 2 columns, even my very silly hostname wasn't too long. The last ...

I know this is 15 years old, but it was the first result for setting ssh terminal width and it doesn't actually answer the question. Let me explain what the problem is and give a bunch of example data so you can see what the problem is. On a BSD host in my network I ran sudo hostname this-is-a-reall...

It's now very easy to have secure DNS turned on. Mobile OSes have settings to turn them on at the OS level, same with Windows. Every modern web browser now either use secure DNS by default or have setting to turn that on. So, you just have to assume that DNS blocking is useless against someone who ...

You are completely overthinking it your provider gave you 5 /32 gateways and you have no idea if they come from a/24 that is a complete misunderstanding Thanks for the help. "Overthinking it" is almost certainly part of my problem. The instructions from the ISP say to use the address 70.7...

Your info are outdated. Look at this Protocol column when loading the front page of YouTube (and see document/text/html on the Type column beside it). Now, do you know what transport layer HTTP/3 relies on? I get that. That is news to me a little bit, but I don't understand how it is relevant. That...

Now you are making less sense.

I both edited the original post to be clearer, and I've uploaded my full config. Hopefully this makes more sense now.

I get that, but if unbound isn't using port 53, I can block it on my firewall and prevent users on my network from bypassing my piholes, right? How is unbound getting its DNS data? DNS-over-HTTPS (DoH)? Sure, if unbound somehow gets its information without using port 53 and you want to make sure no...

Nowadays, even the SNI field (TLS Host) is often encrypted using ESNI encryption. And Youtube runs over UDP when possible, which "TLS host" does not support. YouTube at most delivers the video stream via UDP after you've found the video you want to watch and started playing it. If you can...

Good info. I use pihole to block youtube on my network as well, but my pihole servers use unbound so they are not querying external DNS servers. Does that mean I can block all traffic on port 53 on my firewall and what does that look like? Thanks. Unbound is the name of the software your servers ru...

I know you're asking how to do this with a Mikrotik router, and I'm about to give you a combination Mikrotik/non-Mikrotik solution. So please forgive me. It is not possible to get all the IP addresses of "youtube.com" and just block them. The layer 7 stuff in the router that you're doing w...

I appreciate your effort to study it and understand and help. The three zones are basically ZoneA: ordinary users doing wifi and ordinary user things. Just a couple publicly-exposed inbound services. Zone B: a group of systems providing typical internet services (mail, DNS, SSH, git). Zone C: a slig...

How do you propose to assign some users to 14, some to 15 and some to 16? It's not "users" that I'm assigning. It's systems. Individual internal IP addresses. I might, for whatever reason, assign 172.30.4.5 to be src-natted to 70.70.70.14 and I might assign 172.30.4.6 to src-nat to 70.70....

I've edited this because my initial write-up wasn't particularly clear. And I want to acknowledge that this topic seems to come up fairly frequently, and yet here I am writing another post. I took a look at this post, which seems to be the definitive VLAN guide , but what I can't seem to get done ri...

You can set your preferred source address for outgoing traffic in the IP route table (in the default route, in this case). I appreciate that suggestion, but in my case I'm struggling to make that happen. Probably because I'm not doing something right. Here's /ip route print : # DST-ADDRESS PREF-SRC...

There are several threads on this problem. I am inadvertently blocking the updates because of how my rules work. I wrote about it on one of the other threads here in the forums. It's possible someone else is doing what I did. https://forum.mikrotik.com/viewtopic.php?f=2&t=111054&p=675438#p67...

I had this same issue with disabling firewall rules in order to get the upgrade to succeed. I posted my data on another thread here in the forums: viewtopic.php?f=2&t=111054&p=675438#p675438

I have some data on this problem. I'm running 6.42.6 on an RB2011iL. I have a Business DSL connection from BT in the UK. I found, like someone else mentioned, that when I disable the "drop everything else" rule at the bottom of my input ruleset the upgrade succeeded. If I leave that rule i...

If you Google or search these forums you'll find lots of people desperate to limit or block Facebook, YouTube, and other bandwidth-hungry web sites. Many of them suggest using Layer7 content matching. I've implemented that with a regexp of (youtube|dailymotion|metacafe|vimeo|facebook|fbcdn|1e100), a...

Hi all. I'm fairly new to RouterOS and setting up a somewhat complex home routing environment. I swear I have searched the forums and the documentation, but I think I am struggling to find the right terms to search on. Here's the deal. I've got BT Infinity for Business, which uses PPPoE. BT has assi...