/ip firewall filter
add chain=forward in-interface=local ttl=equal:127 action=drop
add chain=forward in-interface=local ttl=equal:63 action=drop
/ip firewall layer7-protocol
add name=ya regexp="^.*(ya.ru|yandex.ru).*\$"
add name=all-websites regexp="^.+(.).*\$"
/ip firewall filter
add chain=forward dst-port=80,443 layer7-protocol=ya protocol=tcp
add action=reject chain=forward dst-port=80,443 layer7-protocol=all-websites protocol=tcp reject-with=tcp-reset