● Since Most of the Internet now uses HTTPS, it has become much harder to filter specific WWW content.
● For this reason, RouterOS 6.41 introduces a new firewall option that allows you to block HTTPS websites (TLS traffic).
● Based on the TLS SNI extension, called “TLSHost”. The new parameter supports GLOB-style patterns.
/ip firewall filter
add chain=forward dst-port=443 protocol=tcp tls-host=*.facebook.com action=reject
add chain=forward dst-port=443 protocol=tcp tls-host=*.youtube.com action=reject