Dear all,
I have configured below code to blocked Facebook by port with Content in Mikrotik and it works find for all clients, but how I can do except some PCs by MAC address, is it can be? or have other ways? please suggest.
chain=forward action=reject reject-with=icmp-net-prohibited protocol=tcp
port=80,443 content=Facebook
Thank in advance,
Suloveoun
You can make a Src Address list with all IPs you want to block the access and assign this list to your firewall. All the remaining ips will have access to facebook. Or you can do it the opposite way, in Src Address list include all the address you want to have access to facebook and tick the cube with ! left to the Src. Address list.
You can also use Layer7 protocol to filter out almost anything, that is not encrypted.
Example for facebook
/ip firewall layer7-protocol
add name=Facebook regexp=“^.+(facebook.com).*$”
In your firewall filter rule
/ip firewall filter
add action=drop chain=forward comment=“Drop facebook” layer7-protocol=Facebook
You can add there any Src. Address list
You must also clear the cache from the internet browsers