Firewall rule is not allowing to accept Facebook in given Mac

RouterOS Beginner Basics
1

Hello,

Below is my rule … in No 1-5 I have allowed mac address to access facebook.
In No 6 Rule I have blocked all other computers within the subnet.

This rule is working for wireless connections but not computers connected on lan …
For example No 2 Mac is my lan computer where Facebook doesnt work when this rule is implemented. However if I disable the Drop rule No 6 then it will work

Please guide me what is wrong with this?

0 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=30:07:4D:12:B9:1E log=no log-prefix=“”

1 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=94:92:BC:C7:15:8A log=no log-prefix=“”

2 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=74:46:A0:BC:F7:86 log=no log-prefix=“”

3 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=F4:09:D8:DD:6A:B5 log=no log-prefix=“”

4 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=AC:72:89:B6:DB:5E log=no log-prefix=“”

5 chain=forward action=accept layer7-protocol=Facebook block
src-mac-address=74:27:EA:4A:F7:AF log=no log-prefix=“”

6 chain=forward action=drop src-address=192.168.1.0/24
layer7-protocol=Facebook block log=no log-prefix=“”

2

why are you using “layer7” parameter? this is for an entirely different purpose. delete this argument from your rules.
layer7 patterns are checked in every packet that goes through your router. it is better to block Facebook by IP address blocks, not by packet content.

3

Hello Normis,

I have following scenario in my network:

  1. I have domain computers connected to windows 2012 r2 through lan + I have laptops that use wireless connection
  2. Lan network is through Windows server and server is connected to mikrotik router. Wireless is direct through Router.

All I need to do is Disable facebook and twitter in all computers except - 2 lan computers - 2 laptops run on wireless and few mobile devices that run on wireless.

I applied layer 7 rule just to achieve this. I created rule no 1-5 to accept connection to these 5 mac addresses and rule no 6 is to drop connection to facebook for entire network.
In this case rule works fine for wireless connections but I cannot access facebook in lan computers connected to domain.

Can you please guide me how I can achieve this doesn’t matter what method i use .. it must work… I am newbie in Mikrotik Router and been learning through tutorials about firewall rules.
Please help