Hello! Please help me with the task of marking DNS traffic. I have configured torrent traffic blocking using layer7 filters and mangle in the forward chain. But unfortunately, DNS requests get into my filters. I have made two rules and they work for outgoing traffic:My questions:
1. Is there any way to determine the DNS connection other than through the dst port?
2. Is it correct to put my rules into the forward chain or do I need to put them into prerouting?
3. My rules do not mark responses from DNS servers
I will be very grateful for your advice.
PS. RouterBOARD 952Ui-5ac2nD RouterOS 6.49.13
Code:
chain=forward action=mark-connection new-connection-mark=dns_cmark passthrough=yes protocol=udp dst-port=53 log=no log-prefix="" chain=forward action=mark-packet new-packet-mark=dns-pmark passthrough=no connection-mark=dns_cmark log=no log-prefix="" 1. Is there any way to determine the DNS connection other than through the dst port?
2. Is it correct to put my rules into the forward chain or do I need to put them into prerouting?
3. My rules do not mark responses from DNS servers
I will be very grateful for your advice.
PS. RouterBOARD 952Ui-5ac2nD RouterOS 6.49.13
Statistics: Posted by JMLabs — Sun Feb 25, 2024 2:31 pm