Hi everybody,
I try to blocking facebook page at Mikrotik RB951G-2HnD. I used google and I found many manuals but I can not blocking FB. Mikrotik use bridge for ether2-ether5. Eth1 is wan port and using Masquerade. Here is my scripts for blocking web page:
/ip firewall layer7-protocol> add name=facebook7 regexp="^.+(facebook.com).*$"
and
/ip firewall filter> add chain=forward src-address=192.168.0.0/24 layer7-protocol=facebook7 action=drop
Can I ask you for help? Thank you. Azi

If you really must do this, the best way is to block Facebook's IP range.

https://developers.facebook.com/docs/sh ... rs/crawler

I do this whit quit good results, like this:
and .ru => or whatever country you live in .ru => russia .de => germany etc

and after that:
This is quite good and simple solution, that works from 6.37.1 or something like this (when they addred dynamic address list updating)

You're not even close. Facebook has many names
posting.php?mode=quote&f=13&p=586318

I think he is pretty close.

Just use the link in the post and add those name.

HI thank you for your help. I find out my configuration was ok but I don't restart routerboard. After routerboard was blocking fb page.
Regars, Azi

I do this whit quit good results, like this:

Code: Select all

 
 /ip fire address-list add list=Facebook address=facebook.com
 /ip fire address-list add list=Facebook address=facebook.de

and .ru => or whatever country you live in .ru => russia .de => germany etc

and after that:

Code: Select all

/ip firewall filter add chain=forward src-address=LAN-Address dst-address-list=Facebook action=drop

This is quite good and simple solution, that works from 6.37.1 or something like this (when they addred dynamic address list updating)

Thank you very much for having worked perfectly, adding the website to block , dynamically added all the ips of the page in question and then with the rule in filter it is very easy to block an entire domain.

running on 6.40.3 RB951G, greetings from spain

I do not use it to block facebook, but if porn pages, I do not want them to see small children at home (or visitors or public wifi cafe ,ect ), obviously blocking all the pages is impossible, blocking the main ones that come out in the searches I'm still in it xd : - ))

But it is perfect to block a page in question as facebok or youtube in an office so that employees are not distracted

I personally do not work the block by layer 7: - ((((

greetings from Spain. and continue working people )
PD: my first post :-O
Temorizador

1. IP > Firewall >Layer7 Protocols click + ,
write Name Facebook
write Regexp ^.+(facebook.com).*$
2. Address List click + ,
write Name yasak
write Address 192.168.2.20-192.168.2.254

3. Firewall Rule click + ,
Chain forward
in Advanced > Src. Address List choose yasak. in Layer7 Protocol choose facebook.
in Action> Action choose reject. in Reject with choose icmp admin prohibited.


Last İP > POOL 192.168.2.21-192.168.2.254. if you want facebook for some pcs, you can give the ip manuel and lower than 192.168.2.20.
if you want to add youtube etc. repeat 1 and 3. step.

that is bad advice and will:

- not work properly
- will slow down your router

MikroTik wrote a MUM presentation that gives excellent tips on that topic and others. Google "pdf" and "holy crusade".

Basically, just drop dns requests containing key words (facebook, netflix and others). Simpler, faster, cheaper cpu wise.

Funny title but Yanis M. is quite the passionate guy


Regards,

Sent from Tapatalk

That doesn't really work when browsers like Firefox will soon be defaulting to DNS over HTTPS.

Hi
Does anyone know a solution for blocking FB that really works? I found some tips over the Internet, but not working.
@AlainCasault: can you please send me a link or something for your recommendation.
10x

there is not really 100% working solution.
Closest is blocking with TLS-HOST because it works on HTTPS and does not consume too much CPU (at least not as much as L7 filtering which is useless anyway when FB works over HTTPS)


presentation: https://youtu.be/XkKj9rj4quQ?t=1511

Please, keep in mind that many websites use facebook oauth login and with this, you will cripple them. Is it worth it? (That is just rhetorical question, I don't expect answer.)

ip > DNS > static > +

name=facebook.com
address=127.0.0.1

This does not prevent me from setting my own DNS in my host file. But if you at the same time redirect all DNS 53 to your server, it may help some.
But if I install DoH on my PC, I bypass this easily.