[pdimitar]

Hm, I have to see if Mikrotik has rule syntax for this. I can already force every app who thinks they will use their own DNS server to use mine but not sure how I could do the same with a proxy. Maybe just force ports 80 and 443? But what's stopping these apps to communicate on non-standard ports?

[emidln]

There's no reason to allow arbitrary traffic in either direction other than convenience. If you want a more secure network, you block everything by default and narrowly open as needed.

[pdimitar]

That means I'll stop 99% of all outgoing traffic. Still interested in how to force all traffic to a proxy though.

[denysvitali]

https://docs.mitmproxy.org/stable/howto-transparent/

[pdimitar]

Thanks, I'll give this a thorough read.