does the firewall work with https .. the essence is this, I am cutting the spam of the server of the mail and Yandex servers of all kinds, but spam is not very slow. I write the rule
chain input protocol tcp content an.yandex.ru action reset reject with tcp reset
1 answer
Neither "content", nor L7 filter, nor native WebProxy works with https. That, in principle, is logical. In your case: in the chain of input traffic intended for the router is filtered, but not transit, for this purpose chain=forward . The best option for you is to create an address-list with ip addresses to block, and hang it on the firewall rules. For example, to block social. networks, a script is compiled, which, based on the specified regular expressions, automatically adds and updates the list of ip addresses of social servers. networks, when trying to access them, and already on this list is blocking. Here this topic was discussed and there are examples of blocking scripts.
Andrew Hobbit Andrew Hobbit
2,879 one 7 sixteen
- Works if sni - eri falls
|