MikroTik

Community discussions
https://forum.mikrotik.com/

Blocking stuff [Help needed]

https://forum.mikrotik.com/viewtopic.php?t=147928

Page 1 of 1

Blocking stuff [Help needed]

Posted: Wed Apr 24, 2019 8:33 pm
by Lebzul
Hi there,

I was trying and testing without success to block the webpage from my modem to a certain range of IPs except my devices.
Is that possible without L7 o marking?
Regards

Re: Blocking stuff [Help needed]

Posted: Wed Apr 24, 2019 11:12 pm
by alejandro29
You can create and account and use OpenDNS Home version for blocking specific or a group of web pages with the same purpose, such as group of web pages labeled as Video Sharing, News, Porn, etc.

I prefer this solution than making a bunch of L7 rules, because in my experience it makes the subnet conection slower to the internet.

You can exempt machines from getting blocked by making a NAT rule that redirects the machines you want (one rule for range of IPs, or several rules for each MAC) to a commonly use dns like 8.8.8.8 (google free DNS) and at the end place the rule that redirects the machines you like to block to the OpenDNS (208.67.222.222) .

Re: Blocking stuff [Help needed]

Posted: Thu Apr 25, 2019 3:51 am
by Lebzul
You can create and account and use OpenDNS Home version for blocking specific or a group of web pages with the same purpose, such as group of web pages labeled as Video Sharing, News, Porn, etc.

I prefer this solution than making a bunch of L7 rules, because in my experience it makes the subnet conection slower to the internet.

You can exempt machines from getting blocked by making a NAT rule that redirects the machines you want (one rule for range of IPs, or several rules for each MAC) to a commonly use dns like 8.8.8.8 (google free DNS) and at the end place the rule that redirects the machines you like to block to the OpenDNS (208.67.222.222) .
It's a good start. I do use DNS cache and web proxy so, how can I merge them in conjunction with OpenDNS through the Mk?

Re: Blocking stuff [Help needed]

Posted: Sun Apr 28, 2019 2:40 am
by Lebzul
Any other suggestions?

Re: Blocking stuff [Help needed]

Posted: Sun Apr 28, 2019 7:45 am
by td32
well you can block access to port 80 to the modem ip from all ips in your subnet and add an allow rule over the drop one only for the ips you want to access it

Re: Blocking stuff [Help needed]

Posted: Mon Apr 29, 2019 2:24 pm
by Lebzul
well you can block access to port 80 to the modem ip from all ips in your subnet and add an allow rule over the drop one only for the ips you want to access it
Thanks for the insight. Could you please give me an example based on the web (192.168.100.1)?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/