I have a Mikrotik hex PoE lite router which I am using for creating a restrictive network for my devices. I want to allow the port numbers 443, 8883, and 9000 that too for specific website URLs (not IP addresses) and block the rest of the others. So, I have created an address list with a list of website URLs I want to allow through my network and I have created rules to accept these websites through port 443, 8883 and 9000. I’m allowing DNS as well so that it can resolve the website address. I followed the below rule
add action=accept chain=forward dst-address=8.8.4.4
add action=accept chain=forward src-address=8.8.4.4
add action=accept chain=forward dst-address-list=storage dst-port=443 protocol=tcp src-address=192.168.88.22
add action=accept chain=forward dst-address-list=bousupdates dst-port=9000 protocol=tcp src-address=192.168.88.22
add action=accept chain=forward dst-address-list=gcr dst-port=443 protocol=tcp src-address=192.168.88.22
add action=accept chain=forward dst-address-list=mqtt dst-port=8883 protocol=tcp src-address=192.168.88.22
add action=drop chain=forward src-address=192.168.88.22
The issue that I am facing here is that I am able to allow these two websites through their respective ports
add action=accept chain=forward dst-address-list=storage dst-port=443 protocol=tcp src-address=192.168.88.22
add action=accept chain=forward dst-address-list=bousupdates dst-port=9000 protocol=tcp src-address=192.168.88.22
But, With the same rules, I am not able to access these below-mentioned websites through allowed ports
add action=accept chain=forward dst-address-list=storage dst-port=443 protocol=tcp src-address=192.168.88.22
add action=accept chain=forward dst-address-list=bousupdates dst-port=9000 protocol=tcp src-address=192.168.88.22
Even when I try to apply the same rule to allow www.google.com through 443 port and block everything else then also I’m not able to access the website. I’m using telnet to test the firewall setup.
I would highly appreciate your help in resolving this issue or else if you have any other way to allow certain website URLs through specific ports and block everything else then please let me know. Thank you!