How To Create a Layer 7 Firewall in MikroTik

Layer 7 is the Application layer of the OSI system model and allows the MikroTik router to
analyze each and every packet that enters your network, and decide what to do with it.
The rst step is to get a script le with the list of the most common Layer 7 protocols. This
can be obtained from the MikroTik Wiki via the following link:
http://www.mikrotik.com/download/l7-protos.rsc
We can now copy this script le into the MikroTik !Files" list.
Once you have the script le copied into the !Files" window we can now proceed to import
it via the terminal.
To make sure the script le imported properly, head to the !IP" -> !Firewall" menu and go to
the !Layer 7 Protocols" tab. You should now have a list of the most common types of trafc
found within a network.
We can now create a rewall rule to block any type of Layer7 trafc we choose. Go to the
!Filter" tab and add a new rewall rule. Leave the chain set to !forward".
In the !Advanced" tab you may now choose the Layer7 trafc type you would like to block/
allow.
Once the Layer7 trafc type has been selected, proceed to the !Action" tab and dene the
action of your choice. Drop is the most common action to stop a certain type of trafc
owing through your network.
Tutorial by Chris Sutherland
Miro distribution
www.miro.co.za