Block site to one user

arayes · July 4, 2011, 10:57am

Hi all

How I can block (Example:(http://www.facebook.com)) to (ip: 192.168.0.45)

Thanx

Egate · July 4, 2011, 5:49pm

Easy way is to create rule in ip, firewall, filter rules to drop the destination ip 192.168.0.45 This will prevent any data going from your network to ip 192.168.0.45

arayes · July 5, 2011, 5:54am

/ip firewall filter
add action=drop chain=drop dst-address=192.168.0.45 comment=“Established connections”
connection-state=established disabled=no

Is it that?

but this cut Internet, I need block one site

Egate · July 5, 2011, 6:16am

/ip firewall filter
add action=drop chain=drop dst-address=192.168.0.45 comment=“Established connections”
connection-state=established disabled=no

Only way this will drop internet is if the ip is your gateway ip or maybe DNS.
Also chain=drop? Probably input or forward, also can omit this. “connection-state=established” Would want to drop data even before a connection is established.

gnando · July 20, 2011, 11:20am

hello!

Probe these rules i worked (sorry my english is bad)

/ ip firewall address-list
add list=FACEBOOK address=204.74.66.132 comment=“” disabled=no
add list=FACEBOOK address=204.74.67.132 comment=“” disabled=no
add list=FACEBOOK address=66.220.151.20 comment=“” disabled=no
add list=FACEBOOK address=66.220.145.65 comment=“” disabled=no
add list=FACEBOOK address=66.220.158.11 comment=“” disabled=no
add list=FACEBOOK address=184.27.146.110 comment=“” disabled=no
add list=FACEBOOK address=66.220.153.23 comment=“” disabled=no
add list=FACEBOOK address=64.208.162.160 comment=“a1697.g.akamai.net”
disabled=no
add list=FACEBOOK address=64.208.162.154 comment=“a1697.g.akamai.net”
disabled=no
add list=FACEBOOK address=193.108.88.1 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.46.3 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=208.44.108.133 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=64.211.42.193 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=193.108.88.2 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=62.41.78.201 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=96.7.251.131 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=96.17.144.197 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.55.138 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=209.8.112.112 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.55.136 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=66.171.227.40 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.55.135 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.55.132 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=72.246.55.133 comment=“s-static.ak.facebook.com”
disabled=no
add list=FACEBOOK address=64.208.162.144 comment=“a1697.g.akamai.net”
disabled=no
add list=FACEBOOK address=64.208.162.162 comment=“a1697.g.akamai.net”
disabled=no
add list=FACEBOOK address=64.212.172.185
comment=“fbcdn-profile-a.akamaihd.net” disabled=no
add list=FACEBOOK address=64.212.172.139
comment=“fbcdn-profile-a.akamaihd.net” disabled=no
add list=FACEBOOK address=64.212.172.147
comment=“fbcdn-profile-a.akamaihd.net” disabled=no
add list=FACEBOOK address=64.212.172.153
comment=“fbcdn-profile-a.akamaihd.net” disabled=no
add list=FACEBOOK address=66.220.153.15 comment=“www-11-03-ash2.facebook.com”
disabled=no
add list=FACEBOOK address=69.192.18.110 comment=“www-11-03-ash2.facebook.com”
disabled=no
add list=FACEBOOK address=66.220.158.32 comment=“www-11-03-ash2.facebook.com”
disabled=no
add list=FACEBOOK address=91.203.99.45 comment=“www-11-03-ash2.facebook.com”
disabled=no
add list=FACEBOOK address=66.220.158.18 comment=“” disabled=no
add list=FACEBOOK address=96.6.0.0/16 comment=“AkamaiNET-96-6-0-0-1”
disabled=no
add list=FACEBOOK address=69.63.176.0/20 comment=“69.63.176.0-69.63.191.255”
disabled=no
add list=FACEBOOK address=67.159.0.0/18 comment=“67.159.0.0/18” disabled=no
add list=FACEBOOK address=69.171.224.0/19 comment="rango
69.171.224.0-69.171.255.255 " disabled=no

add chain=forward protocol=tcp dst-port=443 dst-address-list=FACEBOOK action=drop comment=“Disable FACEBOOK” disabled=no

Caci99 · July 20, 2011, 11:41am

Better way should be activating Web-proxy, and redirect traffic of specified
IP to the webproxy, and then block access to www.facebook.com in webproxy.
One problem with webproxy is that it does not catch https connections and I haven’t
tried what happens if one redirect https connections to webproxy

gnando · July 20, 2011, 1:13pm

This solution blocks https://www.facebook.com without the webproxy and the https does not work with the webproxy

gnando

cbrown · July 20, 2011, 1:45pm

/ip firewall mangle
add action=mark-connection chain=prerouting content=facebook.com disabled=no
new-connection-mark=48facebook passthrough=yes src-address=192.168.0.48

/ip firewall filter
add action=drop chain=forward connection-mark=48facebook disabled=no

Put the filter rule at the top so you don’t accidentally accept the connection before it gets dropped.