i want to block + redirect sites using firewall ( layer7protocol )
i blocked them but i can't redirect them
this is my config to block
/ip firewall layer7-protocol
add comment="" name="Porn Sites" regexp=porn|tube8
/ip firewall filter
add action=drop chain=forward comment="" disabled=no layer7-protocol=\
"Porn Sites"
so what i have to do to redirect them ?
Re: help with block + redirect sites using firewall ( layer7
Layer 7 protocol filters collect packets until they match. NAT (redirect) has to happen on the first packet. In short, when have found via deep inspection that the packet is web traffic for porn, it's too late to redirect it anywhere via NAT. Layer 7 inspection is also very expensive to do.
Your first option is to proxy everything through the built in web proxy, which can then do the redirecting to an alternative URL when the requested URL matches a rule. The wiki discusses how to do that.
You can also deploy a web filter solution such as Websense. That's expensive.
Additionally, you can use a categorizing DNS server such as OpenDNS to filter categories right at the DNS resolution level before the client even contacts the web server.
Your first option is to proxy everything through the built in web proxy, which can then do the redirecting to an alternative URL when the requested URL matches a rule. The wiki discusses how to do that.
You can also deploy a web filter solution such as Websense. That's expensive.
Additionally, you can use a categorizing DNS server such as OpenDNS to filter categories right at the DNS resolution level before the client even contacts the web server.