Its being long time that people like me were trying to block the hotspot shield on their networks using Mikrotik server. I am also victim of that stuff and was unable to control my clients for using stuff like that. After alot of googling and practicing finaly i found a solution. I tested all these settings on Mikrotik 5.18 only. If it did not worked for latest versions or old version i apologize in advance. If it worked for all of you people then just drop me an email of thanks at my email ID qammars1977@gmail.com
Here is the solution.
Detect and Block Hotspot Shield program traffic (vpn application)
/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
/ip firewall filter
add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
src-address-list=HotSpotShieldUsers
---------------------------------------------------------------
Detect and Block UltraSurf program traffic
/ip firewall filter
add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\
443 protocol=tcp src-address-list=UltraSurfUsers
/ip firewall mangle
add action=add-src-to-address-list address-list=UltraSurfUsers \
address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\
no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp
/ip firewall address-list
add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers
add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers
------------------------------------------------
Block DNS
/ip firewall filter
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=udp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=udp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=tcp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=udp
Re: Hotspot Shield Solution for all the Mikrotik Users.
He thanks for that information.
i have a question for you.
why do you accept traffic since 198.153.194.50?
do i have to change this ip by my dns server?
i have a question for you.
why do you accept traffic since 198.153.194.50?
do i have to change this ip by my dns server?
Re: Hotspot Shield Solution for all the Mikrotik Users.
Did anyone try the above rules?
Re: Hotspot Shield Solution for all the Mikrotik Users.
Did anyone try the above rules
working or not work ?
working or not work ?
Who is online
Users browsing this forum: grosnico, pujisetiadi and 28 guests