Hey there!
When I want to block specific website in firewall, it’ll block every website except the one i want to.
Using Routerboard hAP lite with WinBox 3.17 and RouterBOARD 941-2nD 6.42.6.
Hi,
to block a certain a site such as www.facebook.com, apply the command below from the new terminal:
ip firewall filter
add chain=forward action=reject reject-with=tcp-reset
protocol=tcp content=“host:www.facebook.com”
you can also use google for more steps.
How are you trying to block it?
You could use the TLS matcher in firewall to block it.
Another way would be to create an address list, add there the domains you want to block and then create a drop filter rule using that address list as the destination.
I believe this is the less resource hungry solution. No need to open any packet to check anything (TLS or otherwise), and you are actually blocking the IPs those domains resolve to instead of the domain which can be altered using the hosts file.
another way use OpenDNS
Expanding on previous comment. Use static DNS entry and force DNS requests to your MikroTik.