I would like to add some rules to the firewall that allow all connected users to navigate only on a specified site and eliminate browsing on the entire internet. Help!! Thank you
layer7 was once used, but now with https it seems its use is not reliable. try putting the site in the address list and from the firewall do a forward that only accepts the traffic destined for that address list and a drop on everything else
Easily bypassed, cannot be done with guaranteed on MT router.
If the site, which should be allowed, is hosted on some “old school” server (i.e. not on some super fancy cloud provider but rather on a server with static IP which is not shared with other sites), then this should be easy. Otherwise it’s next to impossible as others already stated. So it all depends.
If the site you want to allow is the “old school” hosted, then a few rules would do:
/ip/firewall/filter
add chain=forward action=accept connection-state=established,related
add chain=forward action=accept dst-address=<IP of allowed server> dst-port=80,443 protocol=tcp connection-state=new
add chain=forward action=drop