How To Create a Layer 7 Firewall in MikroTik
Layer 7 is the Application layer of the OSI system model and allows the MikroTik router to
analyze each and every packet that enters your network, and decide what to do with it.
The first step is to get a script file with the list of the most common Layer 7 protocols. This
can be obtained from the MikroTik Wiki via the following link:
http://www.mikrotik.com/download/l7-protos.rsc
We can now copy this script file into the MikroTik !Files" list.
Once you have the script file copied into the !Files" window we can now proceed to import
it via the terminal.
To make sure the script file imported properly, head to the !IP" -> !Firewall" menu and go to
the !Layer 7 Protocols" tab. You should now have a list of the most common types of traffic
found within a network.
We can now create a firewall rule to block any type of Layer7 traffic we choose. Go to the
!Filter" tab and add a new firewall rule. Leave the chain set to !forward".
In the !Advanced" tab you may now choose the Layer7 traffic type you would like to block/
allow.
Once the Layer7 traffic type has been selected, proceed to the !Action" tab and define the
action of your choice. Drop is the most common action to stop a certain type of traffic
flowing through your network.
Tutorial by Chris Sutherland
Miro distribution
www.miro.co.za