Заблокировать Windows Update с помощью Mikrotik
Для блокировки обновлений с помощью Mikrotik приведу тут 3 способа:
1. RAW
/ip firewall raw
add action=drор chain=prerouting content=update.microsoft.com comment=”Blocking Windows Update”
add action=drор chain=prerouting content=download.microsoft.com
add action=drор chain=prerouting content=download.windowsupdate.com
add action=drор chain=prerouting content=windowsupdate.com
add action=drор chain=prerouting content=wustat.windows.com
add action=drор chain=prerouting content=ntservicepack.microsoft.com
add action=drор chain=prerouting content=stats.microsoft.com
add action=drор chain=prerouting content=wustat.windows.com
add action=drор chain=prerouting content=windowsupdate.microsoft.com
2. ФИЛЬТРЫ
/ip firewall filter
add action=reject chain=forward comment=block_Win_Update content=update.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=download.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=download.windowsupdate.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=wustat.windows.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=stats.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=ntservicepack.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=windowsupdate.com reject-with=icmp-network-unreachable
или так, эти же правила..
/ip firewall filter
add action=reject chain=forward comment=”block_WinUp” content=update.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=download.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=download.windowsupdate.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=wustat.windows.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=ntservicepack.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=stats.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=windowsupdate.com disabled=no reject-with=icmp-network-unreachable
3. REGEXP (уровень 7)
/ip firewall layer7-protocolПоблагодарить
add name=”windows update ” regexp=”^.+(http://windowsupdate.microsoft.com|http://.windowsupdate.microsoft.\
com|https://.windowsupdate.microsoft.com|http://.update.microsoft.com|https://.update.microsoft.com|\
http://.windowsupdate.com|http://download.windowsupdate.com|http://download.microsoft.com|http://.dow\
nload.windowsupdate.com).*$”
/ip firewall filter
add action=drор chain=forward comment=”windows update drор” layer7-protocol=”windows update” src-address=192.168.xxx.0/24
add action=drор chain=input dst-port=21-23 protocol=tcp