Заблокировать Windows Update с помощью Mikrotik

Для блокировки обновлений с помощью Mikrotik приведу тут 3 способа:

1. RAW

/ip firewall raw
add action=drор chain=prerouting content=update.microsoft.com comment=”Blocking Windows Update”
add action=drор chain=prerouting content=download.microsoft.com
add action=drор chain=prerouting content=download.windowsupdate.com
add action=drор chain=prerouting content=windowsupdate.com
add action=drор chain=prerouting content=wustat.windows.com
add action=drор chain=prerouting content=ntservicepack.microsoft.com
add action=drор chain=prerouting content=stats.microsoft.com
add action=drор chain=prerouting content=wustat.windows.com
add action=drор chain=prerouting content=windowsupdate.microsoft.com

2. ФИЛЬТРЫ

/ip firewall filter
add action=reject chain=forward comment=block_Win_Update content=update.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=download.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=download.windowsupdate.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=wustat.windows.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=stats.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=ntservicepack.microsoft.com reject-with=icmp-network-unreachable
add action=reject chain=forward comment=block_Win_Update content=windowsupdate.com reject-with=icmp-network-unreachable

или так, эти же правила..

/ip firewall filter
add action=reject chain=forward comment=”block_WinUp” content=update.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=download.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=download.windowsupdate.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=wustat.windows.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=ntservicepack.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=stats.microsoft.com disabled=no reject-with=icmp-network-unreachable
add action=reject chain=forward comment=”block_WinUp” content=windowsupdate.com disabled=no reject-with=icmp-network-unreachable

3. REGEXP (уровень 7)

/ip firewall layer7-protocol
add name=”windows update ” regexp=”^.+(http://windowsupdate.microsoft.com|http://.windowsupdate.microsoft.\
com|https://.windowsupdate.microsoft.com|http://.update.microsoft.com|https://.update.microsoft.com|\
http://.windowsupdate.com|http://download.windowsupdate.com|http://download.microsoft.com|http://.dow\
nload.windowsupdate.com).*$”
/ip firewall filter
add action=drор chain=forward comment=”windows update drор” layer7-protocol=”windows update” src-address=192.168.xxx.0/24
add action=drор chain=input dst-port=21-23 protocol=tcp
Поблагодарить
Предыдущая страница: WEB публикации через VPN