Page 1 of 1
Cannot block specific website
Posted: Wed Aug 15, 2018 1:05 pm
by Jason505
Hey there!
When I want to block specific website in firewall, it'll block every website except the one i want to.
Using Routerboard hAP lite with WinBox 3.17 and RouterBOARD 941-2nD 6.42.6.
Re: Cannot block specific website
Posted: Wed Aug 15, 2018 4:11 pm
by wale
Hi,
to block a certain a site such as
www.facebook.com, apply the command below from the new terminal:
ip firewall filter
add chain=forward action=reject reject-with=tcp-reset\
protocol=tcp content="host:
www.facebook.com"
you can also use google for more steps.
Re: Cannot block specific website
Posted: Wed Aug 15, 2018 4:30 pm
by Steveocee
How are you trying to block it?
You could use the TLS matcher in firewall to block it.
Re: Cannot block specific website
Posted: Wed Aug 15, 2018 4:39 pm
by Cha0s
Another way would be to create an address list, add there the domains you want to block and then create a drop filter rule using that address list as the destination.
I believe this is the less resource hungry solution. No need to open any packet to check anything (TLS or otherwise), and you are actually blocking the IPs those domains resolve to instead of the domain which can be altered using the hosts file.
Re: Cannot block specific website
Posted: Thu Aug 16, 2018 10:06 pm
by poizzon
another way use OpenDNS
Re: Cannot block specific website
Posted: Fri Aug 17, 2018 11:01 am
by Steveocee
Expanding on previous comment. Use static DNS entry and force DNS requests to your MikroTik.