-->

How to Block Sites on MikroTik Layer 7 Protocol

 How to Block Sites on MikroTik Layer 7 Protocol


MikroTik Layer 7 Protocol


As we know there are various ways on MikroTik to block a site, one of which is using the Layer 7 Protocol feature. This is a method of looking for patterns in ICMP/TCP/UDP streams. For example, we will try to block the Youtube site on MikroTik with layer 7. But before that you must first know what Layer 7.


Also Read: How To Counteract And Overcome NetCut With MikroTik

TABLE OF CONTENTS

1. What is Layer 7

2. Block Sites on MikroTik Layer 7 Protocol

3. Conclusion


What is Layer 7


Layer 7 is the last layer in the OSI Layer-7 model on the Internet. This is also known as the “Application Layer.” This is the top layer of data processing that occurs just below the surface or behind the scenes of the software application that the user interacts with.


In MikroTik itself, how the Layer 7 Protocol works is to match (mathcer) the first 10 connection packets or the first 2KB connection and look for data patterns that match what is available. If this pattern is not found in the available data, the matcher does not check further. And will be considered unknown connections. You have to consider that multiple connections will significantly increase memory usage on your RB or PC Router.


To avoid that add regular firewall matchers (pattern) to reduce the amount of data sent to the layer-7 filter. Layer7 matcher should look at both directions of traffic (incoming and outgoing). To fulfill this requirement, layer 7 rules must be set in the Forward chain. If the rules are in the input/prerouting chain then the same rules must also be set in the output/postrouting chain, otherwise the data may be considered incomplete so the pattern is considered incorrect/matched.


Block Sites in MikroTik Layer 7 Protocol


In this example, we will try to block youtube on MikroTik with the layer 7 protocol.


1. First we go to the IP menu > Firewall then go to the Layer 7 Protocol tab and then click the + icon.


2. In the name section we can fill in anything, but because here we want to block YouTube, we just fill it with Youtube. In the Regexp section, make sure you enter this code correctly and carefully: ^.+(youtube.com).*$ here Regexp is a script that is used by Layer 7 Protocol to block a site.

MikroTik Layer 7 Protocol


3. When finished, we go to the IP menu > Firewall then go to the Filter Rules tab then click the + icon.


4. On the General tab in the Chain section, we fill it with forward and then in the Src section. Address content with the IP client you want to block. If you want to block all clients on a network, the host identifier section is set to 0. For example 192.168.10.0/24.

MikroTik Firewall Rules


5. Then on the advanced tab, we fill the Layer 7 Protocol section with the one we created earlier.

MikroTik Firewall Rules Layer 7 Protocol


6. Next on the Action tab, we fill the action with a drop.

MikroTik Action Drop Firewall Rules


7. Finally, we do the test by opening YouTube in the browser.

Testing MikroTik Layer 7 Protocol


Conclusion


So that's how to block sites with Layer 7 Protocol MikroTik. But actually Layer 7 Protocol is very much consuming Router resources. So we recommend using this feature only for very specific traffic.Â


It's actually not recommended to use Layer 7 Protocol for general traffic, such as to block web pages. It will almost never work correctly and your device will consume resources and will try to capture all traffic. You can use other features to block web pages, such as using the MikroTik transparent proxy.

MikroTik Layer 7 Protocol


3. When finished, we go to the IP menu > Firewall then go to the Filter Rules tab then click the + icon.


4. On the General tab in the Chain section, we fill it with forward and then in the Src section. Address content with the IP client you want to block. If you want to block all clients on a network, the host identifier section is set to 0. For example 192.168.10.0/24.

MikroTik Firewall Rules


5. Then on the advanced tab, we fill the Layer 7 Protocol section with the one we created earlier.

MikroTik Firewall Rules Layer 7 Protocol


6. Next on the Action tab, we fill the action with a drop.

MikroTik Action Drop Firewall Rules


7. Finally, we do the test by opening YouTube in the browser.

Testing MikroTik Layer 7 Protocol


Conclusion


So that's how to block sites with Layer 7 Protocol MikroTik. But actually Layer 7 Protocol is very much consuming Router resources. So we recommend using this feature only for very specific traffic.Â


It's actually not recommended to use Layer 7 Protocol for general traffic, such as to block web pages. It will almost never work correctly and your device will consume resources and will try to capture all traffic. You can use other features to block web pages, such as using the MikroTik transparent proxy.

Hopefully, this article about How to Block Sites on MikroTik Layer 7 Protocol, gives you a little insight. Also, read an article about How to Cancel or Delete a Stuck Print Job on Windows that you may need to know. Thank you.

Related Posts

There is no other posts in this category.