Hi all
How I can block (Example:(http://www.facebook.com)) to (ip: 192.168.0.45)
Thanx
Re: Block site to one user
Easy way is to create rule in ip, firewall, filter rules to drop the destination ip 192.168.0.45 This will prevent any data going from your network to ip 192.168.0.45
Re: Block site to one user
/ip firewall filter
add action=drop chain=drop dst-address=192.168.0.45 comment="Established connections" \
connection-state=established disabled=no
Is it that?
but this cut Internet, I need block one site
add action=drop chain=drop dst-address=192.168.0.45 comment="Established connections" \
connection-state=established disabled=no
Is it that?
but this cut Internet, I need block one site
Re: Block site to one user
Only way this will drop internet is if the ip is your gateway ip or maybe DNS./ip firewall filter
add action=drop chain=drop dst-address=192.168.0.45 comment="Established connections" \
connection-state=established disabled=no
Also chain=drop? Probably input or forward, also can omit this. "connection-state=established" Would want to drop data even before a connection is established.
Re: Block site to one user
hello!
Probe these rules i worked (sorry my english is bad)
/ ip firewall address-list
add list=FACEBOOK address=204.74.66.132 comment="" disabled=no
add list=FACEBOOK address=204.74.67.132 comment="" disabled=no
add list=FACEBOOK address=66.220.151.20 comment="" disabled=no
add list=FACEBOOK address=66.220.145.65 comment="" disabled=no
add list=FACEBOOK address=66.220.158.11 comment="" disabled=no
add list=FACEBOOK address=184.27.146.110 comment="" disabled=no
add list=FACEBOOK address=66.220.153.23 comment="" disabled=no
add list=FACEBOOK address=64.208.162.160 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.208.162.154 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=193.108.88.1 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.46.3 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=208.44.108.133 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=64.211.42.193 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=193.108.88.2 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=62.41.78.201 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=96.7.251.131 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=96.17.144.197 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.138 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=209.8.112.112 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.136 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=66.171.227.40 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.135 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.132 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.133 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=64.208.162.144 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.208.162.162 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.212.172.185 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.139 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.147 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.153 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=66.220.153.15 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=69.192.18.110 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=66.220.158.32 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=91.203.99.45 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=66.220.158.18 comment="" disabled=no
add list=FACEBOOK address=96.6.0.0/16 comment="AkamaiNET-96-6-0-0-1" \
disabled=no
add list=FACEBOOK address=69.63.176.0/20 comment="69.63.176.0-69.63.191.255" \
disabled=no
add list=FACEBOOK address=67.159.0.0/18 comment="67.159.0.0/18" disabled=no
add list=FACEBOOK address=69.171.224.0/19 comment="rango \
69.171.224.0-69.171.255.255 " disabled=no
add chain=forward protocol=tcp dst-port=443 dst-address-list=FACEBOOK action=drop comment="Disable FACEBOOK" disabled=no
Probe these rules i worked (sorry my english is bad)
/ ip firewall address-list
add list=FACEBOOK address=204.74.66.132 comment="" disabled=no
add list=FACEBOOK address=204.74.67.132 comment="" disabled=no
add list=FACEBOOK address=66.220.151.20 comment="" disabled=no
add list=FACEBOOK address=66.220.145.65 comment="" disabled=no
add list=FACEBOOK address=66.220.158.11 comment="" disabled=no
add list=FACEBOOK address=184.27.146.110 comment="" disabled=no
add list=FACEBOOK address=66.220.153.23 comment="" disabled=no
add list=FACEBOOK address=64.208.162.160 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.208.162.154 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=193.108.88.1 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.46.3 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=208.44.108.133 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=64.211.42.193 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=193.108.88.2 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=62.41.78.201 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=96.7.251.131 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=96.17.144.197 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.138 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=209.8.112.112 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.136 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=66.171.227.40 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.135 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.132 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=72.246.55.133 comment="s-static.ak.facebook.com" \
disabled=no
add list=FACEBOOK address=64.208.162.144 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.208.162.162 comment="a1697.g.akamai.net" \
disabled=no
add list=FACEBOOK address=64.212.172.185 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.139 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.147 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=64.212.172.153 \
comment="fbcdn-profile-a.akamaihd.net" disabled=no
add list=FACEBOOK address=66.220.153.15 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=69.192.18.110 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=66.220.158.32 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=91.203.99.45 comment="www-11-03-ash2.facebook.com" \
disabled=no
add list=FACEBOOK address=66.220.158.18 comment="" disabled=no
add list=FACEBOOK address=96.6.0.0/16 comment="AkamaiNET-96-6-0-0-1" \
disabled=no
add list=FACEBOOK address=69.63.176.0/20 comment="69.63.176.0-69.63.191.255" \
disabled=no
add list=FACEBOOK address=67.159.0.0/18 comment="67.159.0.0/18" disabled=no
add list=FACEBOOK address=69.171.224.0/19 comment="rango \
69.171.224.0-69.171.255.255 " disabled=no
add chain=forward protocol=tcp dst-port=443 dst-address-list=FACEBOOK action=drop comment="Disable FACEBOOK" disabled=no
Re: Block site to one user
Better way should be activating Web-proxy, and redirect traffic of specified
IP to the webproxy, and then block access to www.facebook.com in webproxy.
One problem with webproxy is that it does not catch https connections and I haven't
tried what happens if one redirect https connections to webproxy
IP to the webproxy, and then block access to www.facebook.com in webproxy.
One problem with webproxy is that it does not catch https connections and I haven't
tried what happens if one redirect https connections to webproxy
Re: Block site to one user
This solution blocks https://www.facebook.com without the webproxy and the https does not work with the webproxy
gnando
gnando
Re: Block site to one user
/ip firewall mangle
add action=mark-connection chain=prerouting content=facebook.com disabled=no \
new-connection-mark=48facebook passthrough=yes src-address=192.168.0.48
/ip firewall filter
add action=drop chain=forward connection-mark=48facebook disabled=no
Put the filter rule at the top so you don't accidentally accept the connection before it gets dropped.
add action=mark-connection chain=prerouting content=facebook.com disabled=no \
new-connection-mark=48facebook passthrough=yes src-address=192.168.0.48
/ip firewall filter
add action=drop chain=forward connection-mark=48facebook disabled=no
Put the filter rule at the top so you don't accidentally accept the connection before it gets dropped.