Page 1 of 1
How to add more than 1 IP in Address List?
Posted: Fri Apr 13, 2007 10:07 am
by yudigadget
C:\Documents and Settings\Normunds>nslookup myspace.com
Non-authoritative answer:
Name: myspace.com
Addresses: 216.178.32.50, 216.178.32.51, 216.178.32.52, 216.178.32.137
216.178.32.48, 216.178.32.49
for example there are lot of MySpace.com IPs.. how to add them all in single Address List?
I tried use "," or ";" but doesn't work...
thanks
Posted: Fri Apr 13, 2007 1:15 pm
by pedja
Set 216.178.32.0/20
Posted: Fri Apr 13, 2007 5:09 pm
by changeip
add each ip separately using the same address-list name. You will end up with a list of ip addresses : )
Sam
Posted: Sat Apr 14, 2007 4:46 am
by yudigadget
i already add those IPs in my Address List
then i did:
ip firewall filter print
chain=forward dst-address-list=
www.myspace.com action=drop
why i still can access that site?
ok,i tried ping those IP and got request time out...
but once again, why i still can access that site?
is this because i use web-proxy?
uhm..btw which one better? use protection from proxy or firewall?
thanks
Posted: Sat Apr 14, 2007 4:57 am
by dinfotec
Hi,
If you are using web-proxy, block myspace.com in web-proxy list. More simply.
Chao.
Posted: Sat Apr 14, 2007 4:58 am
by dinfotec
Hi,
If not, ask again and I answer you.
Chao.
Posted: Sat Apr 14, 2007 5:20 am
by yudigadget
yes i already do that... i already deny that site in my proxy list.
but for a site (
http://www.anything.com), block the
http://www.anything.com is not enough.. because client still can access it by type it's IP to browser
So, i need to add all IPs related to that site in proxy... and i already do that too.. but my proxy list getting big..
so,my question what do you think... do i need firewall filter or just proxy?
because i think in firewall filter, i only need to manage the address list
i just want to learning about creating better management of network configuration
CMIIW
Posted: Sat Apr 14, 2007 10:33 pm
by dinfotec
Do this rule in your web-proxy:
===================================
/ip web-proxy access add dst-port=80 url="
http://www.google.com" action=deny
===================================
Work fine, almost in my machine.
Chao.
Posted: Mon Apr 16, 2007 4:31 am
by yudigadget
Do this rule in your web-proxy:
===================================
/ip web-proxy access add dst-port=80 url="
http://www.google.com" action=deny
===================================
Work fine, almost in my machine.
Chao.
Ok, so you want to block
http://www.google.com, i believe if i were your client of your MikroTik router, i still can access
http://www.google.com, i will type this 66.249.89.99 or 66.249.89.104 on browser address bar, then google will opened..
i need to block all access to that site
CMIIW
Posted: Mon Apr 16, 2007 8:19 am
by jorj
Of course this has nothing to do with address lists, in the end.
To create a list, do this multiple times, in cli, and change relevant fields - address and comment. Or list, if you like.
/ip firewall filter add address=111.222.111.222 comment="Banned address" disabled=no list="banned_ips"
If you want at all costs to block acces to a site, redirect all dns requests to a dns of your own, maybe the same machine the MT is on, and put a static ip address for example:
Even if ip lists should do it.
For lists, just remember to put ALL the ip's the site uses.