Block Facebook & Youtube on Certain Ips - and it works

akram · December 19, 2013, 3:22pm

i’m sharing how i did block on facebook and youtube
here is how

1-add in firewall Layer7
ip firewall layer7-protocol add name=Blockface&youtube regexp=^.+(facebook.com|youtube).*$

2-add in address list the allow list
ip firewall address-list add address=192.168.1.5 list=allow_face_youtube

3-add in address list the Block list
ip firewall address-list add address=192.168.1.112 list=block_face_youtube

4-mark packet in mangle for allow list
ip firewall mangle add chain=forward src-address-list=allow_face_youtube action=mark-packet new-packet-mark=allow_fb_youtube_mark passthrough=no

5-mark packet in mangel for block list
ip firewall mangle add chain=forward src-address-list=block_face_youtube action=mark-packet new-packet-mark=block_fb_youtube_mark passthrough=no

6-firewall drop in port 80
ip firewall filter add chain=forward protocol=tcp port=80 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop

7-firewall drop in port 443
ip firewall filter add chain=forward protocol=tcp port=443 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop

and it works perfect for me

c0d3rSh3ll · December 27, 2013, 2:57am

thank for the regexp, it work ¡¡

dally1336 · January 15, 2014, 12:46pm

this doesnt work, it keeps telling me commands 1,6 and 7 are wrong

normis · January 23, 2014, 1:33pm

be aware that pasting these rules will not work. this regext must be pasted in winbox, console will not understand it. just make the l7 rule in winbox with this regex:
^.+(facebook.com|youtube).*$

mrz · January 23, 2014, 1:38pm

To add these regexps in console they need to be quoted and all special characters need to be escaped.

For example to add regexp aaa$

you ned to write:
/ip firewall regex add name=example regexp=“aa$”

List of escape characters are listed here
http://wiki.mikrotik.com/wiki/Manual:Scripting#Constant_Escape_Sequences

mahnet · January 24, 2014, 4:01pm

I guess there r some errors in line 6 & 7

port type not mentioned
error in command

6-firewall drop in port 80
ip firewall filter add chain=forward protocol=tcp port=80 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop

7-firewall drop in port 443
ip firewall filter add chain=forward protocol=tcp port=443 packet-mark=mark-packet new-packet-mark=block_fb_youtube_mark action=drop

skipping this blocks each site for me