Community discussions

MikroTik App
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Block facebook

Tue Sep 23, 2008 3:05 pm

Hello!

Did anyone have block facebook.com from firewall rules?
Or maybe in another way except proxy.


Thnx.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Block facebook

Tue Sep 23, 2008 3:10 pm

simplest way - find out all IPs of Facebook servers, and drop access to them.
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Block facebook

Tue Sep 23, 2008 5:39 pm

It use many IPs.
Exist any tools or web address that find all ip addresses for each DNS?

THNX
 
thadem
Member Candidate
Member Candidate
Posts: 115
Joined: Fri Apr 18, 2008 1:40 am

Re: Block facebook

Tue Sep 23, 2008 7:08 pm

i just see two a-records for facebook.com:

69.63.176.140 and 69.63.178.11

but maybe they use something like geo-bgp or some*cast-technology.
 
edward08
newbie
Posts: 35
Joined: Wed Oct 01, 2008 5:43 pm

Re: Block facebook

Wed Oct 01, 2008 11:20 pm

Install a web-proxy server and filter by URL policy, or even by content, depending on the software you decided to install, I think it's the best way to achieve a complete and detailed administration and web logging,

good luck!

Edward
 
sarpkaya
Member Candidate
Member Candidate
Posts: 208
Joined: Sun Mar 09, 2008 9:00 am

Re: Block facebook

Mon Oct 27, 2008 11:45 pm

you can block it by using ur own dns server.
 
pastranini
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Nov 19, 2007 5:48 am

Re: Block facebook

Tue Oct 28, 2008 1:43 am

Add a rule, in firlter forward, in content facebook its a easyway
i resolve that problem with this rule.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Block facebook

Tue Oct 28, 2008 12:10 pm

less cpu stress would be if you set up proxy and using access list there just disallow certain web pages.
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Tue May 12, 2009 7:57 am

i really would like to have mikrotik with blocking url feature without the need to enable web-proxy. it's just like firefox addon procon latte.
 
User avatar
m4rk0
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Feb 16, 2008 8:30 pm
Location: BA
Contact:

Re: Block facebook

Wed Jul 01, 2009 4:51 pm

Just drop or reject in firewall dst-address=69.63.0.0/16 ;)
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Wed Jul 01, 2009 6:14 pm

Just drop or reject in firewall dst-address=69.63.0.0/16 ;)
thanks, i did it couple month ago using ip addresses collected from ns records from robtex.com, the site really helped me out. :)
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Fri Jul 03, 2009 9:19 am

how about if i want to use time based, ex: i want user cannot login from 9.00-18.00 ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Block facebook

Fri Jul 03, 2009 9:22 am

you can make a script that disables these rules, and use the "system scheduler" to run this script at certain times. you will need another script that enables these rules again
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Fri Jul 03, 2009 10:04 am

can you help me for the example ? and i want only a few ip address can access for unlimited and the rest is block by time

thank's
albert
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Fri Jul 03, 2009 11:45 am

how about if i want to use time based, ex: i want user cannot login from 9.00-18.00 ?
type on the terminal: /ip firewall filter add chain=forward action=drop dst-address=a.b.c.d/xy

go to the ip firewall filter, double click the rule you just made, then go to menu extra > time.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Block facebook

Fri Jul 03, 2009 11:50 am

also a good alternative :) but if you want to divide people into facebook and no-facebook groups, you will need to use address lists.
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Fri Jul 03, 2009 11:56 am

can you help me for the example ? and i want only a few ip address can access for unlimited and the rest is block by time

thank's
albert
make a rule to filter the address you want to set unrestricted access to the internet:
/ip firewall filter add chain=forward src-address=a.b.c.d/xy action=add-src-to-address-list address-list=unrestricted
make the rules to block facebook.com:
/ip firewall filter add chain=forward dst-address=69.63.176.0/20 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=69.63.184.0/21 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.15.20.0/22 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.74.66.0/24 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.15.20.0/22 src-address-list=!unrestricted action=drop
the ns records of facebook.com i got from robtex.com. hope this helps. :D
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Fri Jul 03, 2009 5:35 pm

but the address can access unlimited is cannot put on a.b.c.d/x, i explain:
rule 1: only address 10.0.0.5/10/19/27 can access unlimited
rule 2: rest of the address cannot access facebook from 0800-1800

problem 1: i don't understand how to make in address list with random ip because i already try and it's not working
problem 2: if user access facebook from 0750 he/she still can access facebook for the rest of the day until he/she is logout

i already blocking using ip address for facebook with scheduler script and i got a lot of it but it's not working also

now i just doing this in ip/fire/filter rul
13 ;;; drop facebook
chain=input action=drop protocol=tcp src-address-list=disallow facebook
content=facebook time=9h-18h,mon,tue,wed,thu,fri


thank's a lot for helping
albert
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Fri Jul 03, 2009 5:49 pm

but the address can access unlimited is cannot put on a.b.c.d/x, i explain:
rule 1: only address 10.0.0.5/10/19/27 can access unlimited
rule 2: rest of the address cannot access facebook from 0800-1800

problem 1: i don't understand how to make in address list with random ip because i already try and it's not working
problem 2: if user access facebook from 0750 he/she still can access facebook for the rest of the day until he/she is logout

i already blocking using ip address for facebook with scheduler script and i got a lot of it but it's not working also

now i just doing this in ip/fire/filter rul
13 ;;; drop facebook
chain=input action=drop protocol=tcp src-address-list=disallow facebook
content=facebook time=9h-18h,mon,tue,wed,thu,fri


thank's a lot for helping
albert
the configuration i use in my office works well. they won't be able to do something regarding facebook by the time it was turned on from the extra - time submenu. they could not post their status and so on. the link to outside of facebook could be accessed though within facebook if they're logged in before the time activated, since facebook connects to several other server its applications used, ie: pethouse game.

your configuration somehow blocks whenever a "facebook" shows up. try to search for facebook in google.com and you'll notice that the google results where blocked by mikrotik due to "content=facebook" on your filter rule. i've walked the same path as you before i found all the name servers that facebook used.

i'm sorry i don't get your point with the random ip address. did all of them both for the limited and unlimited use dhcp so each time they connect they get dynamic ip address and some of this dynamic ip address should be listed on the unlimited list?
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Fri Jul 03, 2009 5:54 pm

no, all ip is static and only certain ip can access for the unlimited time and rest of the ip is block from 0800-1800.
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Fri Jul 03, 2009 6:16 pm

no, all ip is static and only certain ip can access for the unlimited time and rest of the ip is block from 0800-1800.
the unlimited list could be like this depends on what you need:
102 ;;; src address list unrestricted
chain=forward action=add-src-to-address-list src-address=192.168.0.2
address-list=unrestricted address-list-timeout=0s

103 chain=forward action=add-src-to-address-list src-address=192.168.0.11-192.168.0.20
address-list=unrestricted address-list-timeout=0s

104 chain=forward action=add-src-to-address-list src-address=192.168.0.31-192.168.0.40
address-list=unrestricted address-list-timeout=0s
the block rules should be like this following, it will block all ip address except the unlimited list we set above to facebook servers from 8am to 9pm monday to sunday:
52 ;;; blocked url: facebook.com
chain=forward action=drop dst-address=69.63.176.0/20
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat

53 chain=forward action=drop dst-address=69.63.184.0/21
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat

54 chain=forward action=drop dst-address=204.15.20.0/22
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat

55 chain=forward action=drop dst-address=204.74.66.0/24
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat

56 chain=forward action=drop dst-address=204.74.67.0/24
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
hope this will give you clear picture here. :D
 
doush
Long time Member
Long time Member
Posts: 665
Joined: Thu Jun 04, 2009 3:11 pm

Re: Block facebook

Mon Jul 06, 2009 11:21 pm

you can add a static dns entry for facebook.com, so each time that IP resolves and block it in firewall easly.
 
thadem
Member Candidate
Member Candidate
Posts: 115
Joined: Fri Apr 18, 2008 1:40 am

Re: Block facebook

Tue Jul 07, 2009 2:11 pm

and if your clients are not using your dns-server this is not working :-)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Block facebook

Tue Jul 07, 2009 2:18 pm

why are they not using it? use DST_NAT to force them. if they break rules, disconnect them :)
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Tue Jul 07, 2009 4:17 pm

because it's concern with time rule and different ip address with different rule, but now i cannot test it because the server itself is burn out, if everything is on the track again i will try everything that everybody tell me and i will give the report

thank's for helping
albert
 
albertdal
just joined
Posts: 17
Joined: Sat Apr 11, 2009 1:57 pm

Re: Block facebook

Fri Jul 31, 2009 3:56 pm

sorry chrone but your rule it's not working they still can access facebook, and for normis it's not working also i already use transparent webproxy, any other idea then put a facebook on content ?
 
channelasian
newbie
Posts: 28
Joined: Thu Jun 11, 2009 8:55 am

Re: Block facebook

Sat Nov 28, 2009 12:56 am

i tried all rules but still not work for me.

i try filter forward content. i tried ip proxy access enable still cant block... please help.
 
liridon2001
just joined
Posts: 2
Joined: Sat Mar 06, 2010 8:47 pm

Re: Block facebook

Sat Mar 06, 2010 8:48 pm

HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Mon Mar 08, 2010 9:02 am

HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.
 
liridon2001
just joined
Posts: 2
Joined: Sat Mar 06, 2010 8:47 pm

Re: Block facebook

Mon Mar 08, 2010 11:33 pm

HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.

"chrone" Do you have any idea on how to divide my 40 PC on two groups where one of them is with FCB and others not?
 
User avatar
chrone
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Mar 28, 2008 7:16 am
Location: planet earth

Re: Block facebook

Tue Mar 09, 2010 9:44 am

HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.

"chrone" Do you have any idea on how to divide my 40 PC on two groups where one of them is with FCB and others not?
btw, what is FCB?

you could use address list to divide the PCs, and mangle them with policy routing so that only the specific address list could go with FCB and others not.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: Block facebook

Thu Oct 03, 2013 8:20 am

my webproxy is working just perfect....

but the https://www.facebook.com is just not getting blocked....

its become highly irritating now....

anyone out there with a solution??
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: Block facebook

Fri Oct 04, 2013 4:46 am

bump*** no reply??
 
haik01
Member
Member
Posts: 404
Joined: Sat Mar 23, 2013 10:25 am
Location: Netherlands

Re: Block facebook

Sat Oct 05, 2013 9:15 pm

What IP's are being used by facebook secure?

I can filter *.facebook.*

It will capture all facebook, even the https (I think)....

I use in WebProxy, the access lists.

Set a redirect rule in firewall, that ports 80 and 8080 are redirected to 8080. Switch on web-proxy, and in the access list, add a web proxy list, add *.facebook.* to Action "deny".

I do not know how it will handle SSL traffic (port 443).
 
JanezFord
Member Candidate
Member Candidate
Posts: 270
Joined: Wed May 23, 2012 10:58 am

Re: Block facebook

Sat Oct 05, 2013 10:10 pm

bump*** no reply??
you can set your own dns server and add bogus IP addresses for *.facebook.com or other stuff you really hate (microsoft?)... force your users to use only your dns server and that's it.


JF
 
summercat
just joined
Posts: 2
Joined: Sat Oct 05, 2013 10:33 pm
Location: Voronezh, Russian Federation

Re: Block facebook

Sat Oct 05, 2013 10:48 pm

As for me, i added new firewall rule:
Chain=forward
Src-address=192.168.0.0/24 (my local net)
protocol=tcp
content=Host:facebook.com
Action=reject
Reject with=tcp reset

this rule blocking all requests for facebook.com, including anonymizer services for social networks, and the main reason for using "reject with tcp reset" is: sites, witch included ADS, or links to facebook.com opening faster, 'cause client browser don't wait for facebook.com answer.
 
rekanismaell
just joined
Posts: 1
Joined: Mon Oct 07, 2013 8:42 am

Re: Block facebook

Mon Oct 07, 2013 8:53 am

Hi dear..
off course there is simple Rule filtering Facebook.com

first go to Ip then firewall then filter Rules then click on forward and the Chain must be Forward
and then go to advance in anew tab find Content Click on it Write Facebook .

then go to Action in a new tab make the Action Drop.
and finally say apply and ok and finish.

Note: for your information there is a hard way to make facebook block by nat ing with mangle ....


Regards
Rekan Ismaell
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 773
Joined: Thu Oct 15, 2009 3:52 am

Re: Block facebook

Tue Oct 08, 2013 10:48 am

hey... thanx...

tried it.... and it worked!!! :-)

thanx a ton...

Who is online

Users browsing this forum: No registered users and 4 guests