I have a network with hundreds of users .
I saw many times some of the users use the "Teamviewer software" to connect somewhere outside of the network.
How can I use mikrotik to block it ?

Here's what I just tried, and it worked for me. Assuming all DNS queries go through your router, this should work for you as well.

I created a new Firewall L7 rule called "teamviewer-dns" that has this Regexp: "^.+(teamviewer|dyngate).*$" (without the double quotes).

Then, I created a firewall rule (forward chain) that blocks UDP traffic on port 53 that matches that L7 rule.

Give it a should and report back if it works for you as well.

Cheers,

Shaun

Here's what I just tried, and it worked for me. Assuming all DNS queries go through your router, this should work for you as well.

I created a new Firewall L7 rule called "teamviewer-dns" that has this Regexp: "^.+(teamviewer|dyngate).*$" (without the double quotes).

Then, I created a firewall rule (forward chain) that blocks UDP traffic on port 53 that matches that L7 rule.

Give it a should and report back if it works for you as well.

Cheers,

Shaun

Does not work. Thanks

As firewall rules are executed in order, ensure that the FWD firewall rule is moved high enough to ensure that it takes effect. Once the rule is in place, you should no longer be able to perform a DNS query for teamviewer.com (using NSLOOKUP or any other similar query tools). If you are still able to query teamviewer, there's probably another firewall rule allowing DNS traffic that has a higher priority than the newly created block rule. The packets counter should go up everytime this block rule is executed.

Either that or he has not flushed his DNS cache?