Today I will show you all about How to block facebook, youtube and other website with MikroTiK. MikroTik Firewall is a powerful security tool that can be used to block unwanted websites. If you are a network administrator, sometimes it may be your requirement to block any website like Facebook, YouTube, Pornographic site and so on. To block these types of website, you just need to create Firewall Rules that will drop any connection to these websites through your MikroTik Router. MikroTik Firewall basic concept such as what is MikroTik Firewall, what is MikroTik Firewall Rule, how to implement MikroTik Firewall Rule etc. was discussed in my previous article. If you feel that you need the basic concept on MikroTik Firewall, feel free to spend time to study that article. In this article, I am only going to show how to block unwanted websites using MikroTik Firewall Rules or layer 7.
Block Facebook, YouTube with MikroTik Filter Rule
Now we will create Filter Rule that will block websites like Facebook, YouTube or any other website that you want. Complete process to create a Filter Rule can be divided into two steps.
Step 1: Create Layer7 Protocol
Before creating Filter Rule, we need to create Layer7 Protocol with Regex because this Layer7 Protocol will be used by Filter Rule to match any keyword in URL. The following process will show how to create Layer7 Protocol with Regex.
- Open winbox and login with your login credentials.
- Go to IP > Firewall and then click on Layer7 Protocols
- Click on PLUS SIGN (+) to create a new Layer7 Protocol with Regex. New Firewall L7 Protocol window will appear.
- Put a meaningful name such as Facebook in Name input box.
- Now put ^.+(facebook.com).*$ Regex in Regexp textarea input field if you want to block Facebook.
- Now click Apply and OK
- Similarly, if you want to block YouTube, do step 4, 5 and 6 but change facebook.com with youtube.com like ^.+(youtube.com).*$. You can put any keyword such as sex, porn etc. that you want to block within parenthesis in this Regex.
Step 2: Create Local address
Create your address list to it easy to control the rank of address you want to block
We have created our Layer7 Protocols which will be used in Filter Rule to block our desired sites. Now we will create our Firewall Filter Rule.
Step 3: Create Filter Rule to Block Website
After creating Layer7 Protocol, we will now create Filter Rule that will block our desired website. The following steps will show how to create a Filter Rule to block any website.
- Now click on Filter Rules tab and then click on PLUS SIGN (+) to create a new Filter Rule. New Firewall Rulewindow will appear now.
- In General tab, choose forward from Chain drop down menu.
- We are keeping untouched both Src. Address and Dst. Address because we want to block all users. If you want to block for a specific user, put his/her IP address in Src. Address input box or if you want to block for an IP block, put that IP block in the Src. Address input box.
- Click on Protocol dropdown menu and choose 6(tcp)
- Put port 80,443 in Port input box. Value should be coma separated.
- Click on Advanced tab and then choose your Layer7 Protocol that you created before from Layer7 Protocoldropdown menu.
- Now click on Action tab and choose drop from Action dropdown menu.
- Click Apply and OK
- Do step 1 to 8 if you need to create another Filter Rule for any other website.
Filter Rule to block website has been created. The above rule will block all the users to access our desired website. But sometimes you may need to access this website for a specific user. In this case, you have to create another Filter Rule where user’s IP address has to provide in source address and the Filter action will be accept.
I will block the website below.
- Regexp code Layer7 Protocols : ^.+(facebook.com|youtube|xnxx.com|xvideos.com|porn|sex).*$
- Address List Rang to block : 192.168.1.50-192.168.1.254 (local)
- Extra = Time (07 am – 06 pm)
Days : Monday to Saturday
Action : drop =>ok
Watch Video for More detail: