Hello to all,
I have a problem at a client site. I have configured the router to block Facebook, but unfortunately it is not working. Testing in my lab at home it was working from the start.

I have created a layer 7 protocol rule ( ^.+(facebook.com).*$ ), added a new rule in firewall and moved the rule right on top, just to be sure it is processed first. Looks like it is not. If I look at the packets count it still stays to zero. I really don't know what to do anymore so maybe someone has a clue on how to fix this, since in my lab at home is working.
I even imported the same firewall rules from the client's router to my router, and at home is still working.

Client router 6.43.5
Home lab router 6.45.3 Let me know if you need an export of the firewall rules in txt.

Thanks in advance,
Adrian

Even if you block it using L7, what about the mobile apps ? You block nothing there...
Its not an effective way, it consumes CPU and it causes problems to other sites too...

Thanks for the reply Zacharias, but I don't have mobile apps. My client has just three or four boxes that it wants to filter, so I don't stress about the CPU consumption.
It's just curious tough, that even if the rule is on top it is not hit by any traffic. I taught that rules are processed in order in firewall.

There are several similar topics, you just have to search them.

In case, you can ty this:
Edit: Note that only unencrypted HTTP can be matched.

The regexp is good since it is working in my home lab, the problem at the client site is that the rule is not even hit by any traffic even if it is on top.
I tried yours, but same result.

The most effective way is to block all its IPv4 subnet blocks used... and yes it can be done...
That way you block all the http traffic as well as any mobile application...

Man...don't want to be arrogant or rude here, but what's up with you and the mobile applications? I told you nobody use them in that office.
All I want to know is why the firewall rule that is on top is not applying, since that rule is the one that blocks the social media sites I need.

Man...don't want to be arrogant or rude here

But you are...
Am just saying to you the most effective way to block 100% that site, but obviously you don't care...

Just to know, i can in less than 1 minute connect my tablet or phone through usb on your computer that you think you ve blocked that site and just bypass all what you think you have blocked by just sharing the Computers internet connection... so in terms of blocking everything must be taken into consideration... otherwise you blocked nothing, you think you did...

Anyways, good luck...

Try to disable fastpath.
Mangle and some other advanced firewall options are not compatible with fastpath, and prevents the FW to look
into those packets.
I would give it a try...

I more prefer with ip raw, use content to block whatever you like to block then assign it to new dst address list but remember you also had to make sure dst address list in advanced tab is not your lan ip address, otherwise your lan ip address also included in block list, and the last step is to make dropping rule to get your job done. Good luck

Sent from my Redmi 5 using Tapatalk

If no other rule matches before (e.g. raw, prerouting) than the rule simple dosen't match.
First, do you try from 192.18.10.96? Your rule matches only traffic form this source.
What happen, wenn you set up a passthroug rule with log and only your Layer-7 regex?

Thank you WeWiNet, problem solved. After I disabled fastpath everything started working as it should.
I used the command in this post to disable it. viewtopic.php?t=112127

Thanks a lot again, much apprech.