Community discussions

MikroTik App
  4. RouterOS
  5. General

Layer 7 Protocol

Post Reply
 
User avatar
hyp3R
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Fri Oct 01, 2010 9:19 am
Location: Denmark, Copenhagen
Contact:
Contact hyp3R

Layer 7 Protocol

Tue Aug 28, 2012 1:18 am

Hey guys. Recently I have used one of the guides I found on google to use L7 protocol under firewall to block Facebook/Youtube on the network.
I m curious if there is a rule to allow one IP address on the network to be able to use it ?

So basically everything works great, I just want my director to be able to open FB & YT.
Thanks in advance,
Alex
Top
 
User avatar
sirEgghead
just joined
Posts: 19
Joined: Mon Aug 27, 2012 10:54 pm

Re: Layer 7 Protocol

Tue Aug 28, 2012 5:26 pm

Just exclude the IP address from your drop rule. For instance if you want to allow 192.168.1.105 and drop everything else, you would have the following in the IP address field:
Code: Select all
192.168.1.1-192.168.1.104,192.168.1.106-192.168.1.254
Or you could make a separate rule with the action set to allow and place it ahead of your drop rule
Code: Select all
/ip firewall filter add comment="allow super youtube user" disabled=no chain=forward layer7-protocol="YouTube" src-address=192.168.1.105/32 action=accept
The most efficient (and the easiest to edit later) is to add IP addresses to an address list and exclude them from your rule. For instance, create an address list called YouTube and add 192.168.1.105 to it. Then in your drop rule go to the advanced tab, select your 'YouTube' list for source address list, then check the '!' box to the left of the list.
Code: Select all
/ip firewall address-list add list="YouTube" address=192.168.1.105/32
/ip firewall filter add comment="drop youtube" disabled=no chain=forward layer7-protocol="YouTube" src-address-list=!"YouTube" action=drop
Don't forget your reciprocating rules. I hope this helps


Thomas
Top
Post Reply
  4. RouterOS
  5. General