How to add more than 1 IP in Address List?

yudigadget · April 13, 2007, 7:07am

C:\Documents and Settings\Normunds>nslookup myspace.com

Non-authoritative answer:
Name: myspace.com
Addresses: 216.178.32.50, 216.178.32.51, 216.178.32.52, 216.178.32.137
216.178.32.48, 216.178.32.49

for example there are lot of MySpace.com IPs.. how to add them all in single Address List?

I tried use “,” or “;” but doesn’t work…

thanks

pedja · April 13, 2007, 10:15am

Set 216.178.32.0/20

changeip · April 13, 2007, 2:09pm

add each ip separately using the same address-list name. You will end up with a list of ip addresses : )

Sam

yudigadget · April 14, 2007, 1:46am

i already add those IPs in my Address List

then i did:
ip firewall filter print
chain=forward dst-address-list=www.myspace.com action=drop

why i still can access that site?

ok,i tried ping those IP and got request time out…

but once again, why i still can access that site?

is this because i use web-proxy?

uhm..btw which one better? use protection from proxy or firewall?

thanks

dinfotec · April 14, 2007, 1:57am

Hi,

If you are using web-proxy, block myspace.com in web-proxy list. More simply.

Chao.

dinfotec · April 14, 2007, 1:58am

Hi,

If not, ask again and I answer you.

Chao.

yudigadget · April 14, 2007, 2:20am

yes i already do that… i already deny that site in my proxy list.
but for a site (http://www.anything.com), block the http://www.anything.com is not enough.. because client still can access it by type it’s IP to browser
So, i need to add all IPs related to that site in proxy… and i already do that too.. but my proxy list getting big..

so,my question what do you think… do i need firewall filter or just proxy?
because i think in firewall filter, i only need to manage the address list

i just want to learning about creating better management of network configuration

CMIIW

dinfotec · April 14, 2007, 7:33pm

Do this rule in your web-proxy:

/ip web-proxy access add dst-port=80 url="http://www.google.com" action=deny

Work fine, almost in my machine.

Chao.

yudigadget · April 16, 2007, 1:31am

Ok, so you want to block http://www.google.com, i believe if i were your client of your MikroTik router, i still can access http://www.google.com, i will type this 66.249.89.99 or 66.249.89.104 on browser address bar, then google will opened..

i need to block all access to that site

CMIIW

jorj · April 16, 2007, 5:19am

Of course this has nothing to do with address lists, in the end.
To create a list, do this multiple times, in cli, and change relevant fields - address and comment. Or list, if you like.

/ip firewall filter add address=111.222.111.222 comment="Banned address" disabled=no list="banned_ips"

If you want at all costs to block acces to a site, redirect all dns requests to a dns of your own, maybe the same machine the MT is on, and put a static ip address for example:

google.com 127.0.0.1

Even if ip lists should do it.
For lists, just remember to put ALL the ip’s the site uses.