Block GMAIL

nishadul · August 20, 2015, 12:12pm

Hello,

I need to block gmail, can u show me how to possible it.

Regards,
Nishadul

bkuhn · August 20, 2015, 5:30pm

Force all clients to use your DNS server. Add static entries for gmail to go nowhere. (127.0.0.1)

JB172 · August 21, 2015, 6:14pm

/ip firewall filter
add action=drop chain=forward comment=“drop gmail” content=mail.google.com

nishadul · August 22, 2015, 3:54am

I have added this firewall rules but gmail not stop

nishadul · September 4, 2015, 1:50pm

Not possible to block gmail with MikroTik ?

gerakon · September 5, 2015, 1:02pm

Have you tired bkuhn’s suggestion? It should work just fine.

JB172 · September 5, 2015, 1:19pm

For me it’s working

freemannnn · September 5, 2015, 1:20pm

Give an example of working rule!

JB172 · September 5, 2015, 1:26pm

/ip firewall filter
add action=drop chain=forward comment=“drop gmail” content=mail.google.com

gerakon · September 5, 2015, 1:50pm

Seems like it should work… I just tried it, moved it to the top of my firewall list and am getting hits on the rule, but I’m still able to login, view email list and view messages. Maybe it’s works by blocking the DNS lookup rather than the HTTPS transfer? If that’s the case, restarting computer or flushing DNS on the computer may help the rule take effect…

Running RouterOS 6.29.1

JB172 · September 5, 2015, 2:20pm

I have try the rule with 2 different browsers and it’s working.
With the rule disabled i login with google chrome to gmail. Then i enable the rule and i don’t have the ability to do anything.
With the rule also enabled i try to go to http://www.gmail.com and the internet explorel refused, and the error it’s in picture in my previous post.

gerakon · September 5, 2015, 2:22pm

Just tried it on another computer that hadn’t visited mail.google.com before the rule was in place and it gave error “Secure Connection Failed” in Firefox… so it looks like it should work.

JB172 · September 5, 2015, 2:25pm

Nice

freemannnn · September 5, 2015, 3:32pm

so whats the problem with the old computer? does it need to clean the cache of browser?
can someone post an example with static dns for gmail block

gerakon · September 6, 2015, 1:47am

Should go something like this

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=127.0.0.1 name=mail.google.com

/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=forward dst-port=53 protocol=tcp src-address=192.168.88.0/24
add action=drop chain=forward dst-port=53 protocol=udp src-address=192.168.88.0/24

replace 8.8.8.8,8.8.4.4 with your DNS servers, or leave them and use googles DNS
replace ether1 with your WAN interface if it is something other than ether1
replace 192.168.88.0/24 with your LAN IP/Mask

gerakon · September 6, 2015, 1:50am

And you’ll have to restart the computer or run the following from the command prompt to clear cached DNS

Vista and Window 7: Click “Start” and type the word “Command” in the Start search field. …
In the open prompt, type “ipconfig /flushdns” (without the quotes).

gerakon · September 6, 2015, 1:55am

I guess I also made the assumption that you are using your router IP address as primary DNS server either statically or configured in your DHCP server.

nishadul · September 7, 2015, 9:40am

Yes, this rule is working after move it to the top of my firewall list. Thanks

JB172 · September 7, 2015, 9:41am

You are welcome !

geosoft1 · September 9, 2015, 5:35am

also you can try this

IP:Firewall:Layer7 Protocols:Add New
Name gmail
Regexp ^.+(mail.google.com).*$

IP:Firewall:Add New
Chain forward
Layer7 Protocol gmail
Action reject
Reject With tcp reset