Hello guys,

i want to block all website access for user but want to give skype/msn or any other messenger access.

i can easily block website using following rule on layer 7


/ip firewall layer7-protocol

add name="BlockAll Website" regexp="^.+(.).*\$"

/ip firewall filter
add action=drop chain=forward comment="blocking rule" disabled=no layer7-protocol="BlockAll Website" src-address-list=BlockedGroup

and giving access for them with following rule

/ip firewall layer7-protocol
add name="Only access" regexp="^.+(yahoo.com|skype.com|teamviewer.com).*\$"

/ip firewall filter
add chain=forward comment="For BlockedGroup" disabled=no layer7-protocol="Only access" src-address-list=BlockedGroup

my this rule working very nice. but problem its being block skype and other massenger. i want to continue this rule but want to give access skype and other massenger. i tried with this rule

/ip firewall filter
add chain=forward comment="port access" dst-port=80,443 protocol=tcp src-address-list=BlockedGroup

but this one making open all website and port.

can anybody please help me about this. its very needed to me please.

Hello guys,

i want to block all website access for user but want to give skype/msn or any other messenger access.

i can easily block website using following rule on layer 7


/ip firewall layer7-protocol

add name="BlockAll Website" regexp="^.+(.).*\$"

/ip firewall filter
add action=drop chain=forward comment="blocking rule" disabled=no layer7-protocol="BlockAll Website" src-address-list=BlockedGroup

and giving access for them with following rule

/ip firewall layer7-protocol
add name="Only access" regexp="^.+(yahoo.com|skype.com|teamviewer.com).*\$"

/ip firewall filter
add chain=forward comment="For BlockedGroup" disabled=no layer7-protocol="Only access" src-address-list=BlockedGroup

my this rule working very nice. but problem its being block skype and other massenger. i want to continue this rule but want to give access skype and other massenger. i tried with this rule

/ip firewall filter
add chain=forward comment="port access" dst-port=80,443 protocol=tcp src-address-list=BlockedGroup

but this one making open all website and port.

can anybody please help me about this. its very needed to me please.

none here to help me

All what I know is - TeamViewer & Skype we can't block in any way. Such rules do not exist. No sense to make exceptions for those softs.
My question is - how to block one entire country using Layer-7 protocol (IP's list exist)? It's possible?

Hello guys,

i want to block all website access for user but want to give skype/msn or any other messenger access.

i can easily block website using following rule on layer 7


/ip firewall layer7-protocol

add name="BlockAll Website" regexp="^.+(.).*\$"

/ip firewall filter
add action=drop chain=forward comment="blocking rule" disabled=no layer7-protocol="BlockAll Website" src-address-list=BlockedGroup

and giving access for them with following rule

/ip firewall layer7-protocol
add name="Only access" regexp="^.+(yahoo.com|skype.com|teamviewer.com).*\$"

/ip firewall filter
add chain=forward comment="For BlockedGroup" disabled=no layer7-protocol="Only access" src-address-list=BlockedGroup

my this rule working very nice. but problem its being block skype and other massenger. i want to continue this rule but want to give access skype and other massenger. i tried with this rule

/ip firewall filter
add chain=forward comment="port access" dst-port=80,443 protocol=tcp src-address-list=BlockedGroup

but this one making open all website and port.

can anybody please help me about this. its very needed to me please.

HI i can't done same as this things..... Is it only access group from filter rule action is accept?
and of course drop rule located below of accept rule right?

Thanks
Dashdorj