Hi.
How can I add http://www.jma.go.jp/jmh/umiinfo.html this website in firewall rule ?

Your question is so broad that we can't answer anything. Is this a website on your LAN, or the internet, or some thing else?
Are you trying g to access this from your LAN, or something else?


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android

Because I have setup firewall rule to block FB & IM & only company mail to access internet.
But now I need also this website to access.
And I cannot find the IP address to put into firewall rule.
I have ping the website but I cannot use that IP go back into website.
I don't know why???

You can also exclude the IP Address of the website on your rule. Ping the website address and you should see the IP address, as long as it doesn't have multiple IP addresses. If it does, you can just add another rule to accept the website, and drop it on to of your previous rule. Thanks. 

<snip>
And I cannot find the IP address to put into firewall rule.
I have ping the website but I cannot use that IP go back into website.
I don't know why???

A given IP address may have many websites on it.  What the web server does with a request for just the IP address is entirely up to how the server was configured.  In the case of my own Apache web server, there are three websites that all have the same IP address.  In my case, if you point to the IP address, you will get a page that says that you got my server by pointing to the IP address rather than one of the URLs.  For the http://www.jma.go.jp address you want to allow, I ping it and get an IP of 23.72.94.19.  Pointing a web browser at that IP gets an Invalid URL error page (which was generated by the destination server).  You should be able to get to your desired web page if you add a rule to allow that IP.  That will allow any page on that server, BTW.

So, Still cannot access the website via ROS.
Because no real IP.

Many websites don't have a non-shared IP address, or address that will go directly to them. You must specify the URL. Based on what I can see, there is nothing you can do to to be able to reach that website by pointing to the IP address because the server is configured to not allow it - you must use the URL. However you can allow the IP address in a firewall rule in your router.


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android

if you update your router board to routeros 6.36 then you can do it.

That website is used on a CDN so it will have different addresses all the time, shared with
many other websites.   To allow that one and block others will require some very clever tricks.

 it is true but in new version of routeros you can import domain name in firewall rule

if you update your router board to routeros 6.36 then you can do it.

I am using 6.30 now.
If I upgrade to 6.36, how to setup ?

if you update your router board to routeros 6.36 then you can do it.

I am using 6.30 now.
If I upgrade to 6.36, how to setup ?

you can add website name in firewall rule then accept it.

if you update your router board to routeros 6.36 then you can do it.

I am using 6.30 now.
If I upgrade to 6.36, how to setup ?

you can add website name in firewall rule then accept it.

Wouldn't this just be a DNS lookup and still be translated into a fixed IP-based rule?
If you want to specifically only allow traffic to that website (not any other shared hosting) and/or you cannot compile an exhaustive list of IP addresses that website is being served from, I think you're looking at an L7 based rule to match the HTTP header. This won't work for SSL traffic though ( because the headers will be encypted) unless you add an SSL proxy (which would be bassically man-in-the-middle and not so nice).

Yes, that is the problem that most people not see...
The DNS lookup for that website will return 2 addresses, but they will be different all the time.
There is little guarantee that the lookup done by the router to populate the address list will return the same addresses
as the lookup by the user to visit the site!
Things can be improved a bit by forcing the user to use the DNS resolver of the router, but that will require redirecting all
his DNS traffic.   E.g. devices by Google (Android, Chromebook) will use the 8.8.8.8 DNS in addition to  the address the
DHCP server has handed them.

In this particular case it is better to use the older trick (also possible in versions before 6.36) to write a script that scans
the DNS cache looking for the particular domain you want to handle, and add/remove blocking rules based on that scan.
This (combined with forcing the user to use the router DNS resolver) at least guarantees you are talking about the same
IP addresses for the host.

if you update your router board to routeros 6.36 then you can do it.

I am using 6.30 now.
If I upgrade to 6.36, how to setup ?

you can add website name in firewall rule then accept it.

Hi, Could you teach me how to add "website" in firewall rule ?
I have add www.jma.go.jp in Dst address but system dont accept that.

*) firewall - allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);

*) firewall - allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);

You mean this address list ? it only accept IP address not domain name.

That is not a domain name, but a URL. 

Domain name is something like "cnn.com" or "toyota.co.uk"

Example of the rule attached

That is not a domain name, but a URL. 

Domain name is something like "cnn.com" or "toyota.co.uk"

Example of the rule attached
screen.jpg

what version are you used ? Why I cannot do like you?

Because you entered "www" and "/" 

Because you entered "www" and "/" 

only 6.36 can accept this domain name rule, 6.30 still ip address

Other posters already told you, here is a quote:

if you update your router board to routeros 6.36 then you can do it.

Click "System -> Packages -> Check for updates" to upgrade to 6.36 

 it is true but in new version of routeros you can import domain name in firewall rule

You meaning in advanced "content" or what the new

Write in run
cmd and press Enter
You look dos screen.
Write
nslookup www.google.com
Press Enter
You look ip's for google website.
In this tutorial you can apply to your website.
nslookup www.jma.go.jp

Write in run
cmd and press Enter
You look dos screen.
Write
nslookup http://www.google.com
Press Enter
You look ip's for google website.
In this tutorial you can apply to your website.
nslookup http://www.jma.go.jp

that is not necessary, you can simply enter the address in the address list, like in my screenshot