thanks, i did it couple month ago using ip addresses collected from ns records from robtex.com, the site really helped me out.Just drop or reject in firewall dst-address=69.63.0.0/16
type on the terminal: /ip firewall filter add chain=forward action=drop dst-address=a.b.c.d/xyhow about if i want to use time based, ex: i want user cannot login from 9.00-18.00 ?
make a rule to filter the address you want to set unrestricted access to the internet:can you help me for the example ? and i want only a few ip address can access for unlimited and the rest is block by time
thank's
albert
make the rules to block facebook.com:/ip firewall filter add chain=forward src-address=a.b.c.d/xy action=add-src-to-address-list address-list=unrestricted
the ns records of facebook.com i got from robtex.com. hope this helps./ip firewall filter add chain=forward dst-address=69.63.176.0/20 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=69.63.184.0/21 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.15.20.0/22 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.74.66.0/24 src-address-list=!unrestricted action=drop
/ip firewall filter add chain=forward dst-address=204.15.20.0/22 src-address-list=!unrestricted action=drop
the configuration i use in my office works well. they won't be able to do something regarding facebook by the time it was turned on from the extra - time submenu. they could not post their status and so on. the link to outside of facebook could be accessed though within facebook if they're logged in before the time activated, since facebook connects to several other server its applications used, ie: pethouse game.but the address can access unlimited is cannot put on a.b.c.d/x, i explain:
rule 1: only address 10.0.0.5/10/19/27 can access unlimited
rule 2: rest of the address cannot access facebook from 0800-1800
problem 1: i don't understand how to make in address list with random ip because i already try and it's not working
problem 2: if user access facebook from 0750 he/she still can access facebook for the rest of the day until he/she is logout
i already blocking using ip address for facebook with scheduler script and i got a lot of it but it's not working also
now i just doing this in ip/fire/filter rul
13 ;;; drop facebook
chain=input action=drop protocol=tcp src-address-list=disallow facebook
content=facebook time=9h-18h,mon,tue,wed,thu,fri
thank's a lot for helping
albert
the unlimited list could be like this depends on what you need:no, all ip is static and only certain ip can access for the unlimited time and rest of the ip is block from 0800-1800.
the block rules should be like this following, it will block all ip address except the unlimited list we set above to facebook servers from 8am to 9pm monday to sunday:102 ;;; src address list unrestricted
chain=forward action=add-src-to-address-list src-address=192.168.0.2
address-list=unrestricted address-list-timeout=0s
103 chain=forward action=add-src-to-address-list src-address=192.168.0.11-192.168.0.20
address-list=unrestricted address-list-timeout=0s
104 chain=forward action=add-src-to-address-list src-address=192.168.0.31-192.168.0.40
address-list=unrestricted address-list-timeout=0s
hope this will give you clear picture here.52 ;;; blocked url: facebook.com
chain=forward action=drop dst-address=69.63.176.0/20
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
53 chain=forward action=drop dst-address=69.63.184.0/21
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
54 chain=forward action=drop dst-address=204.15.20.0/22
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
55 chain=forward action=drop dst-address=204.74.66.0/24
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
56 chain=forward action=drop dst-address=204.74.67.0/24
src-address-list=!unrestricted time=8h-21h,sun,mon,tue,wed,thu,fri,sat
nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
btw, what is FCB?nice to hear that. i hope in the future, mikrotik will be able to filter/block hostname, not translated into their real ip address.HI, for me works very wel. But I have problem on how to manage IP adresses from blocking content?
"chrone" Do you have any idea on how to divide my 40 PC on two groups where one of them is with FCB and others not?
you can set your own dns server and add bogus IP addresses for *.facebook.com or other stuff you really hate (microsoft?)... force your users to use only your dns server and that's it.bump*** no reply??