Community discussions

MikroTik App
 
BlackFate
newbie
Topic Author
Posts: 30
Joined: Fri Aug 10, 2012 2:22 pm

Large Blocklist

Sat Oct 06, 2012 11:06 pm

Hello, i got a large block list with sites i would like to block. There are about 25547 different sites (ads). I own a RB751G-2HnD. Is there any efficient way to block all these sites with mikrotik? Can it even handle so many entries?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Large Blocklist

Sun Oct 07, 2012 12:11 am

Multiple ways to handle this:

Use firewall and block based on site IP.
Use DNS and block by domain names.
Use Web Proxy and block by domain names / site sections etc.

All of these can be done transparently (just do a redirect rule in your firewall)
 
BlackFate
newbie
Topic Author
Posts: 30
Joined: Fri Aug 10, 2012 2:22 pm

Re: Large Blocklist

Sun Oct 07, 2012 1:22 am

and what about the large volume? WIll my router be able to process without issues this large list?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Large Blocklist

Sun Oct 07, 2012 3:39 am

and what about the large volume? WIll my router be able to process without issues this large list?
I personally think if you just want to block a huge list of websites, DNS with a transparent redirect is the best way to go. So I decided to have some fun and try this, since this is pretty interesting. I wrote an AutoIt script to generate a ROS script that adds 25k unique random DNS entries into the "/ip dns static" list. I attached the zipped AutoIt code to this post, so if anyone wants to experiment, try it.

This generates a 1mb .rsc script. I then imported this into a test RB 750GL.
/import DNStest.rsc took about 10 minutes :)

Picture of the DNS static list in winbox also attached to this post.

The 25k DNS entries consume about 8mb in the 750GL's ram. Doing DNS queries to the 750GL works normal, doesnt seem to introduce any load on the routers CPU when just my PC queries for one of these domains. No idea how this is going to perform when a large number of queries hit the router.

So yeah, fun little experiment for saturday evening.
You do not have the required permissions to view the files attached to this post.
 
BlackFate
newbie
Topic Author
Posts: 30
Joined: Fri Aug 10, 2012 2:22 pm

Re: Large Blocklist

Sun Oct 07, 2012 5:07 am

Seriously... i couldn't expect a better answer! thanks a lot! you are champ!

Who is online

Users browsing this forum: Bing [Bot] and 33 guests