i'm sharing how i did block on facebook and youtube
here is how
1-add in firewall Layer7
ip firewall layer7-protocol add name=Blockface&youtube regexp=^.+(facebook.com|youtube).*$
2-add in address list the allow list
ip firewall address-list add address=192.168.1.5 list=allow_face_youtube
3-add in address list the Block list
ip firewall address-list add address=192.168.1.112 list=block_face_youtube
4-mark packet in mangle for allow list
ip firewall mangle add chain=forward src-address-list=allow_face_youtube action=mark-packet new-packet-mark=allow_fb_youtube_mark passthrough=no
5-mark packet in mangel for block list
ip firewall mangle add chain=forward src-address-list=block_face_youtube action=mark-packet new-packet-mark=block_fb_youtube_mark passthrough=no
6-firewall drop in port 80
ip firewall filter add chain=forward protocol=tcp port=80 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
7-firewall drop in port 443
ip firewall filter add chain=forward protocol=tcp port=443 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
and it works perfect for me
-
-
c0d3rSh3ll
Long time Member
- Posts: 557
- Joined:
- Location: [admin@Chile] >
Re: Block Facebook & Youtube on Certain Ips - and it works
thank for the regexp, it work ¡¡
Re: Block Facebook & Youtube on Certain Ips - and it works
this doesnt work, it keeps telling me commands 1,6 and 7 are wrong
Re: Block Facebook & Youtube on Certain Ips - and it works
be aware that pasting these rules will not work. this regext must be pasted in winbox, console will not understand it. just make the l7 rule in winbox with this regex:
ros code
^.+(facebook.com|youtube).*$
Re: Block Facebook & Youtube on Certain Ips - and it works
To add these regexps in console they need to be quoted and all special characters need to be escaped.
For example to add regexp aaa$
you ned to write:
/ip firewall regex add name=example regexp="aa\$"
List of escape characters are listed here
http://wiki.mikrotik.com/wiki/Manual:Sc ... _Sequences
For example to add regexp aaa$
you ned to write:
/ip firewall regex add name=example regexp="aa\$"
List of escape characters are listed here
http://wiki.mikrotik.com/wiki/Manual:Sc ... _Sequences
Re: Block Facebook & Youtube on Certain Ips - and it works
I guess there r some errors in line 6 & 7
1. port type not mentioned
2. error in command
6-firewall drop in port 80
ip firewall filter add chain=forward protocol=tcp port=80 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
7-firewall drop in port 443
ip firewall filter add chain=forward protocol=tcp port=443 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
skipping this blocks each site for me
1. port type not mentioned
2. error in command
6-firewall drop in port 80
ip firewall filter add chain=forward protocol=tcp port=80 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
7-firewall drop in port 443
ip firewall filter add chain=forward protocol=tcp port=443 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop
skipping this blocks each site for me