ainfo 发表于 2008-11-7 16:46:41

7层协议过滤脚本

RouterOS V3.0在防火墙中增加了一个新得功能——7层协议过滤。针对一些应用程序如skype、QQ、MSN、魔兽世界……网络程序做限制和过滤。下面介绍一下具体方法的使用:
7层协议过滤增加在ip firewall中Layer7 Protocols,我们可以在下面的图中看到:
以下是ROS官方Wiki
L7
From MikroTik Wiki
Jump to:navigation,search
layer7-protocolis a method of looking for patterns in connections.

First, add Regexp strings to the protocols menu, to define strings you will be looking for.

/ip firewall layer7-protocol add=Then, use the defined protocols in firewall:

/ip firewall filter add layer7-protocol=RouterOS will look for these strings in all connections passing the firewall rule where you use this. As this is resource intensive, make sure to filter out all good traffic before it hits this rule.

You can download a script. with a list of common programshere(only for RouterOS v3 RC6). Pattern libraries can be found on thelayer7 project pageand on theprotocol wiki.

Retrieved from "http://wiki.mikrotik.com/wiki/L7"


官方脚本下载地址:
http://www.mikrotik.com/download/l7-protos.rsc
封QQ等没有问题,但是p2p的迅雷和Kugoo没有用呀。
页: [1]
查看完整版本: 7层协议过滤脚本