Would like more info about layer 7 and how could it help us specially for p2p

p2p can be filtered just like that, without using l7. example:
l7 is for other advanced applications.

p2p can be filtered just like that, without using l7. example:

Code: Select all

/ip firewall filter add chain=forward p2p=all-p2p action=drop

l7 is for other advanced applications.

In a new-fresh installed RouterOS 3.0RC14 just doing NAT, nothing else configured in it except the obvious IP's for interfaces public and local, and route to gateway, then I put the following code : , after that i connected my laptop directly to the router local interface, then I started my Limewire P2P Software, searched for a mp3 song downloaded it at full speed without any restriction. !!!!!

Why? , Is Gnutella (limewire) encrypted? Or is it p2p L3 matchers of RC14 not working?

Jorge Boardman
http://www.laredonet.com

P.D. After that I tried the same with L7 Gnutella Regexp matcher, same deal didn't worked out.

Anybody?

Anybody having an explanation for this?

Best

Jorge Boardman

Sure, its because the traffic looks like normal traffic... http transfer, encrypted etc...

L7 rules would help detect this, there are entire websites devoted to layer 7 rules to find particular application layer items.

It is and always will be a constant battle. There are numerous posts about how you may obtain the desired results (whatever they are) by other methods than L7 rules as well.

Scott

Yes, but Normis says:

p2p can be filtered just like that, without using l7. example:

Code:
/ip firewall filter add chain=forward p2p=all-p2p action=drop


l7 is for other advanced applications.

There is a lot of p2p traffic that can be caught by l7 that slips right through the built in firewall filter. I would consider any l7 filter an advanced application

Scott

p2p can be filtered just like that, without using l7. example:

Code: Select all

/ip firewall filter add chain=forward p2p=all-p2p action=drop

I have a problem that occasionally plain DC++ connections avoid this filter. No encription and not even any intention to disquise connection. It just does not get filtered.

in that case yes, you can use l7 if my mentioned rule doesn't help. just make a new l7 definition, and then make a firewall rule based on that defition. here is more info:

http://wiki.mikrotik.com/wiki/L7

Want to limit DC++ traffic, running Layer7, but it doesn't detect or catch any packets.... does nothing.

Is there some new REGEX code that I can use?

It is quite crucial, want to limit the DC++ users during certain times.